Missing control panel

Question

My control panel is missing from my start menu. Please help, I get a message that says ' this operation has been cancelled due to restrictions in effect on this computer. please contact your system administrator. Model of Dell: Demension 2400 OS Version: 5.1.2600 Service Pack 2 biuld 2600 Microsoft Windows XP Home Edition   Logfile of Trend Micro HijackThis v2.0.2 Scan saved at 10:02:38 AM, on 1/17/2008 Platform: Windows XP SP2 (WinNT 5.01.2600) MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180) Boot mode: Normal Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\system32\svchost.exe C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe C:\Program Files\Common Files\Symantec Shared\AppCore\AppSvc32.exe C:\WINDOWS\system32\spoolsv.exe C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\Explorer.EXE C:\WINDOWS\system32\fxssvc.exe C:\WINDOWS\system32\hkcmd.exe C:\WINDOWS\BCMSMMSG.exe C:\Program Files\Dell\Media Experience\PCMService.exe C:\Program Files\QuickTime\qttask.exe C:\PROGRA~1\MUSICM~1\MUSICM~2\mm_tray.exe C:\Program Files\BroadJump\Client Foundation\CFD.exe C:\PROGRA~1\Yahoo!\browser\ybrwicon.exe C:\Program Files\MUSICMATCH\MUSICMATCH Jukebox\mim.exe C:\Program Files\Lexmark 2400 Series\lxcrmon.exe C:\Program Files\Lexmark 2400 Series\ezprint.exe C:\Program Files\MUSICMATCH\MUSICMATCH Jukebox\MMDiag.exe C:\Program Files\Ulead Systems\Ulead Photo Express 5 SE\calcheck.exe C:\Program Files\Ulead Systems\Ulead Photo Explorer 8.0 SE Basic\Monitor.exe C:\PROGRA~1\Yahoo!\YOP\yop.exe C:\Program Files\Common Files\Symantec Shared\ccApp.exe C:\PROGRA~1\Yahoo!\browser\ycommon.exe C:\Program Files\Philips\Philips Device Manager\Bin\DeviceManager.exe C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe C:\PROGRA~1\Yahoo!\MESSEN~1\YAHOOM~1.EXE C:\Program Files\Windows Media Player\WMPNSCFG.exe C:\WINDOWS\system32\lxcrcoms.exe C:\PROGRA~1\Yahoo!\YOP\SSDK02.exe C:\Program Files\Yahoo!\Yahoo! Music Jukebox\ymetray.exe C:\Program Files\TrueSwitchAT&TYahoo\TrueWizard.exe C:\Program Files\SBC Self Support Tool\bin\mpbtn.exe C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe C:\PROGRA~1\Yahoo!\browser\ybrowser.exe C:\Program Files\Trend Micro\HijackThis\HijackThis.exe R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.dell4me.com/myway R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com/ R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.yahoo.com/ R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://red.clientapps.yahoo.com/customize/ie/defaults/sb/sbcydsl/*http://www.yahoo.com/search/ie.html R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com/ R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://www.solpalmeras.org/?ID=11 R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = 127.0.0.1 R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\PROGRA~1\Yahoo!\Companion\Installs\cpn0\yt.dll O2 - BHO: &Yahoo! Toolbar Helper - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\PROGRA~1\Yahoo!\Companion\Installs\cpn0\yt.dll O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll O3 - Toolbar: (no name) - {BA52B914-B692-46c4-B683-905236F6F655} - (no file) O3 - Toolbar: Lexmark Toolbar - {1017A80C-6F09-4548-A84D-EDD6AC9525F0} - C:\Program Files\Lexmark Toolbar	oolband.dll O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\PROGRA~1\Yahoo!\Companion\Installs\cpn0\yt.dll O4 - HKLM\..\Run: [IgfxTray] C:\WINDOWS\system32\igfxtray.exe O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\system32\hkcmd.exe O4 - HKLM\..\Run: [BCMSMMSG] BCMSMMSG.exe O4 - HKLM\..\Run: [PCMService] 'C:\Program Files\Dell\Media Experience\PCMService.exe' O4 - HKLM\..\Run: [QuickTime Task] 'C:\Program Files\QuickTime\qttask.exe' -atboottime O4 - HKLM\..\Run: [MimBoot] C:\PROGRA~1\MUSICM~1\MUSICM~2\mimboot.exe O4 - HKLM\..\Run: [MMTray] C:\PROGRA~1\MUSICM~1\MUSICM~2\mm_tray.exe O4 - HKLM\..\Run: [BJCFD] C:\Program Files\BroadJump\Client Foundation\CFD.exe O4 - HKLM\..\Run: [YBrowser] C:\PROGRA~1\Yahoo!\browser\ybrwicon.exe O4 - HKLM\..\Run: [Motive SmartBridge] C:\PROGRA~1\SBCSEL~1\SMARTB~1\MotiveSB.exe O4 - HKLM\..\Run: [lxcrmon.exe] 'C:\Program Files\Lexmark 2400 Series\lxcrmon.exe' O4 - HKLM\..\Run: [EzPrint] 'C:\Program Files\Lexmark 2400 Series\ezprint.exe' O4 - HKLM\..\Run: [FaxCenterServer] 'C:\Program Files\Lexmark Fax Solutions\fm3032.exe' /s O4 - HKLM\..\Run: [LXCRCATS] rundll32 C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\LXCRtime.dll,_RunDLLEntry@16 O4 - HKLM\..\Run: [Ulead Photo Express Calendar Checker] C:\Program Files\Ulead Systems\Ulead Photo Express 5 SE\calcheck.exe O4 - HKLM\..\Run: [Ulead AutoDetector] C:\Program Files\Ulead Systems\Ulead Photo Explorer 8.0 SE Basic\Monitor.exe O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] 'C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe' O4 - HKLM\..\Run: [YOP] C:\PROGRA~1\Yahoo!\YOP\yop.exe /autostart O4 - HKLM\..\Run: [ccApp] 'C:\Program Files\Common Files\Symantec Shared\ccApp.exe' O4 - HKLM\..\Run: [osCheck] 'C:\PROGRA~1\Symantec\osCheck.exe' O4 - HKLM\..\Run: [PhilipsDM] 'C:\Program Files\Philips\Philips Device Manager\Bin\DeviceManager.exe' O4 - HKLM\..\Run: [SunJavaUpdateSched] 'C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe' O4 - HKLM\..\Run: [Symantec PIF AlertEng] 'C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe' /a /m 'C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\AlertEng.dll' O4 - HKLM\..\Run: [!AVG Anti-Spyware] 'C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe' /minimized O4 - HKCU\..\Run: [Yahoo! Pager] 'C:\PROGRA~1\Yahoo!\MESSEN~1\YAHOOM~1.EXE' -quiet O4 - HKCU\..\Run: [MSMSGS] 'C:\Program Files\Messenger\msmsgs.exe' /background O4 - HKCU\..\Run: [MoneyAgent] 'C:\Program Files\Microsoft Money\System\mnyexpr.exe' O4 - HKCU\..\Run: [Registry Cleaner] 'C:\Program Files\Registry Cleaner Trial\Regclean.exe'  -startminimize O4 - HKCU\..\Run: [updateMgr] C:\Program Files\Adobe\Acrobat 7.0\Reader\AdobeUpdateManager.exe AcRdB7_0_0 O4 - HKCU\..\Run: [WMPNSCFG] C:\Program Files\Windows Media Player\WMPNSCFG.exe O4 - Startup: TrueAssistant.lnk = C:\Program Files\TrueSwitchAT&TYahoo\TrueWizard.exe O4 - Global Startup: AT&T Self Support Tool.lnk = C:\Program Files\SBC Self Support Tool\bin\matcli.exe O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office\OSA9.EXE O4 - Global Startup: ymetray.lnk = C:\Program Files\Yahoo!\Yahoo! Music Jukebox\ymetray.exe O7 - HKCU\Software\Microsoft\Windows\CurrentVersion\Policies\System, DisableRegedit=1 O7 - HKLM\Software\Microsoft\Windows\CurrentVersion\Policies\System, DisableRegedit=1 O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll O9 - Extra button: AT&T Yahoo! Services - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\PROGRA~1\Yahoo!\Common\yiesrvc.dll O9 - Extra button: (no name) - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - (no file) O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O10 - Unknown file in Winsock LSP: c:\windows\system32
wprovau.dll O16 - DPF: {05CA9FB0-3E3E-4B36-BF41-0E3A5CAA8CD8} (Office Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=58813 O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204 O16 - DPF: {30528230-99F7-4BB4-88D8-FA1D4F56A2AB} (Installation Support) - C:\Program Files\Yahoo!\Common\Yinsthelper20073151.dll O16 - DPF: {406B5949-7190-4245-91A9-30A17DE16AD0} (Snapfish Activia) - http://photos.walmart.com/WalmartActivia.cab O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1128107919656 O16 - DPF: {A17E30C4-A9BA-11D4-8673-60DB54C10000} (Yahoo! MailTo) - http://us.dl1.yimg.com/download.yahoo.com/dl/installs/yse/ymmapi_416.dll O17 - HKLM\System\CS1\Services\Tcpip\Parameters: SearchList = sagu.local O17 - HKLM\System\CS2\Services\Tcpip\Parameters: SearchList = sagu.local O17 - HKLM\System\CCS\Services\Tcpip\Parameters: SearchList = sagu.local O20 - AppInit_DLLs: skuns.dat O23 - Service: Automatic LiveUpdate Scheduler - Symantec Corporation - C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe O23 - Service: AVG Anti-Spyware Guard - GRISOFT s.r.o. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe O23 - Service: Symantec Lic NetConnect service (CLTNetCnService) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe O23 - Service: COM Host (comHost) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\VAScanner\comHost.exe O23 - Service: DSBrokerService - Unknown owner - C:\Program Files\DellSupport\brkrsvc.exe O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe O23 - Service: iPod Service (iPodService) - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe O23 - Service: Symantec IS Password Validation (ISPwdSvc) - Symantec Corporation - C:\PROGRA~1\Symantec\isPwdSvc.exe O23 - Service: LiveUpdate - Symantec Corporation - C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE O23 - Service: LiveUpdate Notice Service Ex (LiveUpdate Notice Ex) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe O23 - Service: LiveUpdate Notice Service - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe O23 - Service: lxcr_device -   - C:\WINDOWS\system32\lxcrcoms.exe O23 - Service: Symantec Core LC - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe O23 - Service: Symantec AppCore Service (SymAppCore) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\AppCore\AppSvc32.exe O23 - Service: YPCService - Yahoo! Inc. - C:\WINDOWS\SYSTEM32\YPCSER~1.EXE -- End of file - 11101 bytes

zbestwun2001 · Answer

Please download SmitfraudFix (by S!Ri) to your Desktop. Double-click Smitfraudfix.exe Select option #1 - Search by typing 1 and press ' Enter'; a text file will appear, which lists infected files (if present). Please copy/paste the content of that report into your next reply. IMPORTANT: Do NOT run any other options until you are asked to do so! Note : process.exe is detected by some antivirus programs (AntiVir, Dr.Web, Kaspersky) as a 'RiskTool';it is not a virus, but a program used to stop system processes. Antivirus programs cannot distinguish between 'good' and 'malicious' use of such programs, therefore they may alert the user. http://www.beyondlogic.org/consulting/proc...processutil.htm ************************* zb1

lyd6930 · Answer

I did as you said and this is what I got!! Thanks for your help!!

SmitFraudFix v2.274

Scan done at 11:51:52.85, Thu 01/17/2008
Run from C:\Documents and Settings\Lesby\SmitfraudFix
OS: Microsoft Windows XP [Version 5.1.2600] - Windows_NT
The filesystem type is NTFS
Fix run in normal mode

»»»»»»»»»»»»»»»»»»»»»»»» Process

C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
C:\Program Files\Common Files\Symantec Shared\AppCore\AppSvc32.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\fxssvc.exe
C:\WINDOWS\system32\hkcmd.exe
C:\WINDOWS\BCMSMMSG.exe
C:\Program Files\Dell\Media Experience\PCMService.exe
C:\Program Files\QuickTime\qttask.exe
C:\PROGRA~1\MUSICM~1\MUSICM~2\mm_tray.exe
C:\Program Files\BroadJump\Client Foundation\CFD.exe
C:\PROGRA~1\Yahoo!\browser\ybrwicon.exe
C:\Program Files\MUSICMATCH\MUSICMATCH Jukebox\mim.exe
C:\Program Files\Lexmark 2400 Series\lxcrmon.exe
C:\Program Files\Lexmark 2400 Series\ezprint.exe
C:\Program Files\MUSICMATCH\MUSICMATCH Jukebox\MMDiag.exe
C:\Program Files\Ulead Systems\Ulead Photo Express 5 SE\calcheck.exe
C:\Program Files\Ulead Systems\Ulead Photo Explorer 8.0 SE Basic\Monitor.exe
C:\PROGRA~1\Yahoo!\YOP\yop.exe
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\PROGRA~1\Yahoo!\browser\ycommon.exe
C:\Program Files\Philips\Philips Device Manager\Bin\DeviceManager.exe
C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe
C:\Program Files\Windows Media Player\WMPNSCFG.exe
C:\WINDOWS\system32\lxcrcoms.exe
C:\PROGRA~1\Yahoo!\YOP\SSDK02.exe
C:\Program Files\Yahoo!\Yahoo! Music Jukebox\ymetray.exe
C:\Program Files\TrueSwitchAT&TYahoo\TrueWizard.exe
C:\Program Files\SBC Self Support Tool\bin\mpbtn.exe
C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
C:\PROGRA~1\Yahoo!\MESSEN~1\ymsgr_tray.exe
C:\PROGRA~1\Yahoo!\browser\ybrowser.exe
C:\WINDOWS\system32\cmd.exe

»»»»»»»»»»»»»»»»»»»»»»»» hosts

hosts file corrupted !

192.168.200.3 download.microsoft.com
192.168.200.3 downloads.microsoft.com
192.168.200.3 go.microsoft.com
192.168.200.3 msdn.microsoft.com
192.168.200.3 office.microsoft.com
192.168.200.3 support.microsoft.com
192.168.200.3 windowsupdate.microsoft.com
192.168.200.3 www.microsoft.com
192.168.200.3 www.pandasoftware.com

»»»»»»»»»»»»»»»»»»»»»»»» C:\

»»»»»»»»»»»»»»»»»»»»»»»» C:\WINDOWS

»»»»»»»»»»»»»»»»»»»»»»»» C:\WINDOWS\system

»»»»»»»»»»»»»»»»»»»»»»»» C:\WINDOWS\Web

»»»»»»»»»»»»»»»»»»»»»»»» C:\WINDOWS\system32

C:\WINDOWS\system32\ace16win.dll FOUND !
C:\WINDOWS\system32\msole32.exe FOUND !

»»»»»»»»»»»»»»»»»»»»»»»» C:\WINDOWS\system32\LogFiles

»»»»»»»»»»»»»»»»»»»»»»»» C:\Documents and Settings\Lesby

»»»»»»»»»»»»»»»»»»»»»»»» C:\Documents and Settings\Lesby\Application Data

»»»»»»»»»»»»»»»»»»»»»»»» Start Menu

»»»»»»»»»»»»»»»»»»»»»»»» C:\DOCUME~1\Lesby\FAVORI~1

»»»»»»»»»»»»»»»»»»»»»»»» Desktop

»»»»»»»»»»»»»»»»»»»»»»»» C:\Program Files

»»»»»»»»»»»»»»»»»»»»»»»» Corrupted keys

»»»»»»»»»»»»»»»»»»»»»»»» Desktop Components

»»»»»»»»»»»»»»»»»»»»»»»» IEDFix
!!!Attention, following keys are not inevitably infected!!!

IEDFix.exe by S!Ri

»»»»»»»»»»»»»»»»»»»»»»»» Sharedtaskscheduler
!!!Attention, following keys are not inevitably infected!!!

SrchSTS.exe by S!Ri
Search SharedTaskScheduler's .dll

»»»»»»»»»»»»»»»»»»»»»»»» AppInit_DLLs
!!!Attention, following keys are not inevitably infected!!!

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]
"AppInit_DLLs"="skuns.dat"

»»»»»»»»»»»»»»»»»»»»»»»» Winlogon.System
!!!Attention, following keys are not inevitably infected!!!

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon]
"System"=""

»»»»»»»»»»»»»»»»»»»»»»»» Rustock

»»»»»»»»»»»»»»»»»»»»»»»» DNS

Description: Broadcom 440x 10/100 Integrated Controller - Packet Scheduler Miniport
DNS Server Search Order: 192.168.0.1
DNS Server Search Order: 192.168.0.1

HKLM\SYSTEM\CCS\Services\Tcpip\..\{E09171F9-24B0-48D1-933F-408AA65929FD}: DhcpNameServer=192.168.0.1 192.168.0.1
HKLM\SYSTEM\CS1\Services\Tcpip\..\{E09171F9-24B0-48D1-933F-408AA65929FD}: DhcpNameServer=192.168.0.1 192.168.0.1
HKLM\SYSTEM\CS2\Services\Tcpip\..\{E09171F9-24B0-48D1-933F-408AA65929FD}: DhcpNameServer=192.168.0.1 192.168.0.1
HKLM\SYSTEM\CCS\Services\Tcpip\Parameters: DhcpNameServer=192.168.0.1 192.168.0.1
HKLM\SYSTEM\CS1\Services\Tcpip\Parameters: DhcpNameServer=192.168.0.1 192.168.0.1
HKLM\SYSTEM\CS2\Services\Tcpip\Parameters: DhcpNameServer=192.168.0.1 192.168.0.1

»»»»»»»»»»»»»»»»»»»»»»»» Scanning for wininet.dll infection

»»»»»»»»»»»»»»»»»»»»»»»» End

lyd6930 · Answer

I forgot to mention when I did the process you told me to do before I got to copy and paste the info I put on here there was a warning that read: REGISTRY EDITING HAS BEEN DISABLED BY YOUR ADMINISTRATOR.  Thanks again!!!

zbestwun2001 · Answer

Please print out these instructions, or copy them to a Notepad file for reading while in Safe Mode, because you will not be able to connect to the Internet to read from this site.

Please reboot your computer in Safe Mode by doing the following :

Restart your computer
After hearing your computer beep once during startup, but before the Windows icon appears, tap the F8 key continually;
Instead of Windows loading as normal, a menu with options should appear;
Select the first option, to run Windows in Safe Mode, then press "Enter".
Choose your usual account.

Once in Safe Mode, double-click on SmitfraudFix.exe again.
Select option #2 - Clean by typing 2 and press " Enter" to delete infected files.

You will be prompted : "Registry cleaning - Do you want to clean the registry ?"; answer "Yes" by typing Y and press "Enter" in order to remove the Desktop background and clean registry keys associated with the infection.

The tool will now check if wininet.dll is infected. You may be prompted to replace the infected file (if found); answer "Yes" by typing Y and press "Enter".

The tool may need to restart your computer to finish the cleaning process; if it doesn't, please restart anyway into normal Windows.
A text file will appear onscreen, with results from the cleaning process; please copy/paste the content of that report along with all others into your next reply along with a new HijackThis log.
The report can also be found at the root of the system drive, usually at C:\rapport.txt

Warning : Running option #2 on a non-infected computer will remove your Desktop background.

____________________________________________________________

Clean out your Temporary Internet files. Proceed like this:

Quit Internet Explorer and quit any instances of Windows Explorer.
Click Start, click Control Panel, and then double-click Internet Options.
On the General tab, click Delete Files under Temporary Internet Files.
In the Delete Files dialog box, tick the Delete all offline content check box , and then click OK.
On the General tab, click Delete Cookies under Temporary Internet Files, and then click OK.
Click on the Programs tab then click the Reset Web Settings button. Click Apply then OK.
Click OK.

Next Click Start, click Control Panel and then double-click Display.
Click on the Desktop tab, then click the Customize Desktop button. Click on the Web tab. Under Web Pages you should see a checked entry called Security info or something similar. If it is there, select that entry and click the Delete button. Click Ok then Apply and Ok.
Empty the Recycle Bin by right-clicking the Recycle Bin icon on your Desktop, and then clicking Empty Recycle Bin
______________________________

Close ALL open Windows / Programs / Folders.

While in Safe Mode, launch AVG Anti-Spyware by double-clicking the icon on your desktop.
Select the "Scanner" icon at the top and then the "Scan" tab then click on "Complete System Scan".
AVG AS will now begin the scanning process, be patient this may take a little time.
Once the scan is complete do the following:
If you have any infections you will prompted, then select "Apply all actions"
Next select the "Reports" icon at the top.
Select the "Save report as" button in the lower left hand of the screen and save it to a text file on your system (make sure to remember where you saved that file, this is important).
Close AVG AS and reboot your system back into Normal Mode.

In your next reply please include:

1. The report from SmitfraudFix found here: C:\rapport.txt
2. The report from AVG AS
3. A fresh HijackThis log

You may need several replies to post the requested logs; otherwise they might get cut off.

****************
zb1

lyd6930 · Answer

The report from smitfraudfix:

SmitFraudFix v2.274

Scan done at 20:38:27.90, Thu 01/17/2008
Run from C:\Documents and Settings\Lesby\Desktop\SmitfraudFix
OS: Microsoft Windows XP [Version 5.1.2600] - Windows_NT
The filesystem type is NTFS
Fix run in safe mode

»»»»»»»»»»»»»»»»»»»»»»»» SharedTaskScheduler Before SmitFraudFix
!!!Attention, following keys are not inevitably infected!!!

SrchSTS.exe by S!Ri
Search SharedTaskScheduler's .dll

»»»»»»»»»»»»»»»»»»»»»»»» Killing process

»»»»»»»»»»»»»»»»»»»»»»»» hosts

192.168.200.3 ad.doubleclick.net
192.168.200.3 ad.fastclick.net
192.168.200.3 ads.fastclick.net
192.168.200.3 ar.atwola.com
192.168.200.3 atdmt.com
192.168.200.3 awaps.net
192.168.200.3 banner.fastclick.net
192.168.200.3 banners.fastclick.net
192.168.200.3 click.atdmt.com
192.168.200.3 clicks.atdmt.com
192.168.200.3 engine.awaps.net
192.168.200.3 fastclick.net
192.168.200.3 ftp.avp.ch
192.168.200.3 ftp.downloads1.kaspersky-labs.com
192.168.200.3 ftp.downloads2.kaspersky-labs.com
192.168.200.3 ftp.downloads3.kaspersky-labs.com
192.168.200.3 ftp.f-secure.com
192.168.200.3 ftp.kasperskylab.ru
192.168.200.3 ftp.sophos.com
192.168.200.3 ids.kaspersky-labs.com
192.168.200.3 media.fastclick.net
192.168.200.3 norton.com
192.168.200.3 phx.corporate-ir.net
192.168.200.3 spd.atdmt.com
192.168.200.3 viruslist.com
192.168.200.3 viruslist.ru
192.168.200.3 virusscan.jotti.org
192.168.200.3 virustotal.com
192.168.200.3 www.avp.ch
192.168.200.3 www.avp.ru
192.168.200.3 www.awaps.net
192.168.200.3 www.fastclick.net
192.168.200.3 www.grisoft.com
192.168.200.3 www.kaspersky-labs.com
192.168.200.3 www.kaspersky.ru
192.168.200.3 www.viruslist.ru
192.168.200.3 www.virustotal.com
192.168.200.3 www3.ca.com

»»»»»»»»»»»»»»»»»»»»»»»» Winsock2 Fix

S!Ri's WS2Fix: LSP not Found.

»»»»»»»»»»»»»»»»»»»»»»»» Generic Renos Fix

GenericRenosFix by S!Ri

»»»»»»»»»»»»»»»»»»»»»»»» Deleting infected files

C:\WINDOWS\system32\ace16win.dll Deleted
C:\WINDOWS\system32\msole32.exe Deleted

»»»»»»»»»»»»»»»»»»»»»»»» IEDFix

IEDFix.exe by S!Ri

»»»»»»»»»»»»»»»»»»»»»»»» DNS

HKLM\SYSTEM\CCS\Services\Tcpip\..\{E09171F9-24B0-48D1-933F-408AA65929FD}: DhcpNameServer=192.168.0.1 192.168.0.1
HKLM\SYSTEM\CS1\Services\Tcpip\..\{E09171F9-24B0-48D1-933F-408AA65929FD}: DhcpNameServer=192.168.0.1 192.168.0.1
HKLM\SYSTEM\CS2\Services\Tcpip\..\{E09171F9-24B0-48D1-933F-408AA65929FD}: DhcpNameServer=192.168.0.1 192.168.0.1
HKLM\SYSTEM\CCS\Services\Tcpip\Parameters: DhcpNameServer=192.168.0.1 192.168.0.1
HKLM\SYSTEM\CS1\Services\Tcpip\Parameters: DhcpNameServer=192.168.0.1 192.168.0.1
HKLM\SYSTEM\CS2\Services\Tcpip\Parameters: DhcpNameServer=192.168.0.1 192.168.0.1

»»»»»»»»»»»»»»»»»»»»»»»» Deleting Temp Files

»»»»»»»»»»»»»»»»»»»»»»»» Winlogon.System
!!!Attention, following keys are not inevitably infected!!!

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon]
"System"=""

»»»»»»»»»»»»»»»»»»»»»»»» Registry Cleaning

Registry Cleaning done.

»»»»»»»»»»»»»»»»»»»»»»»» SharedTaskScheduler After SmitFraudFix
!!!Attention, following keys are not inevitably infected!!!

SrchSTS.exe by S!Ri
Search SharedTaskScheduler's .dll

»»»»»»»»»»»»»»»»»»»»»»»» End

lyd6930 · Answer

Report from AVG AS:

---------------------------------------------------------
AVG Anti-Spyware - Scan Report
---------------------------------------------------------

+ Created at: 10:48:32 PM 1/17/2008

+ Scan result:

HKU\S-1-5-21-1316890692-857265532-3585338434-1009\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{944864A5-3916-46E2-96A9-A2E84F3F1208} -> Adware.Accoona : Ignored.
HKU\S-1-5-21-1316890692-857265532-3585338434-1009\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{1ADBCCE8-CF84-441E-9B38-AFC7A19C06A4} -> Adware.ActivShopper : Ignored.
HKU\S-1-5-21-1316890692-857265532-3585338434-1009\Software\Microsoft\Active Setup\Installed Components\{Y479C6D0-OTRW-U5GH-S1EE-E0AC10B4E666} -> Adware.Generic : Ignored.
HKU\S-1-5-21-1316890692-857265532-3585338434-1009\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{C5AF2622-8C75-4DFB-9693-23AB7686A456} -> Adware.Generic : Ignored.
C:\Program Files\p2pnetworks -> Adware.MediaPipe : Ignored.
C:\Program Files\p2pnetworks\amp2pl.exe -> Adware.MediaPipe : Ignored.
C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP637\A0137813.dll -> Backdoor.Small.cls : Ignored.
C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP638\A0137820.dll -> Backdoor.Small.cls : Ignored.
C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP643\A0138835.dll -> Backdoor.Small.cls : Ignored.
C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP692\A0151174.dll -> Downloader.VB.bpr : Ignored.
C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP636\A0134786.exe -> Not-A-Virus.Downloader.Win32.WinFixer.z : Ignored.
C:\Documents and Settings\Joshua\Application Data\Sun\Java\Deployment\cache\6.0\7\142b7007-7bbef220/NewURLClassLoader.class -> Not-A-Virus.Exploit.ByteVerify : Cleaned with backup (quarantined).
C:\Documents and Settings\Joshua\Application Data\Sun\Java\Deployment\cache\6.0\7\28779c47-7020f2ff/NewURLClassLoader.class -> Not-A-Virus.Exploit.ByteVerify : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP630\A0132623.exe -> Not-A-Virus.Hoax.Win32.Fera.z : Ignored.
C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP630\A0132624.exe -> Not-A-Virus.Hoax.Win32.Fera.z : Ignored.
C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP630\A0132625.exe -> Not-A-Virus.Hoax.Win32.Fera.z : Ignored.
C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP631\A0132634.exe -> Not-A-Virus.Hoax.Win32.Fera.z : Ignored.
C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP631\A0132635.exe -> Not-A-Virus.Hoax.Win32.Fera.z : Ignored.
C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP631\A0132636.exe -> Not-A-Virus.Hoax.Win32.Fera.z : Ignored.
C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP633\A0132665.exe -> Not-A-Virus.Hoax.Win32.Fera.z : Ignored.
C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP633\A0132666.exe -> Not-A-Virus.Hoax.Win32.Fera.z : Ignored.
C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP633\A0132667.exe -> Not-A-Virus.Hoax.Win32.Fera.z : Ignored.
C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP634\A0132689.exe -> Not-A-Virus.Hoax.Win32.Fera.z : Ignored.
C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP634\A0132690.exe -> Not-A-Virus.Hoax.Win32.Fera.z : Ignored.
C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP634\A0132691.exe -> Not-A-Virus.Hoax.Win32.Fera.z : Ignored.
C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP635\A0132715.exe -> Not-A-Virus.Hoax.Win32.Fera.z : Ignored.
C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP635\A0132716.exe -> Not-A-Virus.Hoax.Win32.Fera.z : Ignored.
C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP635\A0132717.exe -> Not-A-Virus.Hoax.Win32.Fera.z : Ignored.
C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP635\A0133715.exe -> Not-A-Virus.Hoax.Win32.Fera.z : Ignored.
C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP635\A0133716.exe -> Not-A-Virus.Hoax.Win32.Fera.z : Ignored.
C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP635\A0133717.exe -> Not-A-Virus.Hoax.Win32.Fera.z : Ignored.
C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP635\A0134715.exe -> Not-A-Virus.Hoax.Win32.Fera.z : Ignored.
C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP635\A0134716.exe -> Not-A-Virus.Hoax.Win32.Fera.z : Ignored.
C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP635\A0134717.exe -> Not-A-Virus.Hoax.Win32.Fera.z : Ignored.
C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP636\A0134787.exe -> Not-A-Virus.Hoax.Win32.Fera.z : Ignored.
C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP636\A0134816.exe -> Not-A-Virus.Hoax.Win32.Fera.z : Ignored.
C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP636\A0134831.exe -> Not-A-Virus.Hoax.Win32.Fera.z : Ignored.
C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP636\A0134832.exe -> Not-A-Virus.Hoax.Win32.Fera.z : Ignored.
C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP637\A0134837.exe -> Not-A-Virus.Hoax.Win32.Fera.z : Ignored.
C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP637\A0134838.exe -> Not-A-Virus.Hoax.Win32.Fera.z : Ignored.
C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP637\A0134839.exe -> Not-A-Virus.Hoax.Win32.Fera.z : Ignored.
C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP637\A0134847.exe -> Not-A-Virus.Hoax.Win32.Fera.z : Ignored.
C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP637\A0135798.exe -> Not-A-Virus.Hoax.Win32.Fera.z : Ignored.
C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP637\A0135799.exe -> Not-A-Virus.Hoax.Win32.Fera.z : Ignored.
C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP637\A0135800.exe -> Not-A-Virus.Hoax.Win32.Fera.z : Ignored.
C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP637\A0136799.exe -> Not-A-Virus.Hoax.Win32.Fera.z : Ignored.
C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP637\A0136800.exe -> Not-A-Virus.Hoax.Win32.Fera.z : Ignored.
C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP637\A0136801.exe -> Not-A-Virus.Hoax.Win32.Fera.z : Ignored.
C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP637\A0137803.exe -> Not-A-Virus.Hoax.Win32.Fera.z : Ignored.
C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP637\A0137804.exe -> Not-A-Virus.Hoax.Win32.Fera.z : Ignored.
C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP637\A0137805.exe -> Not-A-Virus.Hoax.Win32.Fera.z : Ignored.
C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP640\A0137853.exe -> Not-A-Virus.Hoax.Win32.Fera.z : Ignored.
C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP640\A0137854.exe -> Not-A-Virus.Hoax.Win32.Fera.z : Ignored.
C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP640\A0137855.exe -> Not-A-Virus.Hoax.Win32.Fera.z : Ignored.
C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP640\A0137861.exe -> Not-A-Virus.Hoax.Win32.Fera.z : Ignored.
C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP641\A0137877.exe -> Not-A-Virus.Hoax.Win32.Fera.z : Ignored.
C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP641\A0137878.exe -> Not-A-Virus.Hoax.Win32.Fera.z : Ignored.
C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP641\A0137879.exe -> Not-A-Virus.Hoax.Win32.Fera.z : Ignored.
C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP643\A0138803.exe -> Not-A-Virus.Hoax.Win32.Fera.z : Ignored.
C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP643\A0138804.exe -> Not-A-Virus.Hoax.Win32.Fera.z : Ignored.
C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP643\A0138805.exe -> Not-A-Virus.Hoax.Win32.Fera.z : Ignored.
C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP643\A0138811.exe -> Not-A-Virus.Hoax.Win32.Fera.z : Ignored.
C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP644\A0139811.exe -> Not-A-Virus.Hoax.Win32.Fera.z : Ignored.
C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP644\A0139812.exe -> Not-A-Virus.Hoax.Win32.Fera.z : Ignored.
C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP645\A0140799.exe -> Not-A-Virus.Hoax.Win32.Fera.z : Ignored.
C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP645\A0140800.exe -> Not-A-Virus.Hoax.Win32.Fera.z : Ignored.
C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP645\A0140801.exe -> Not-A-Virus.Hoax.Win32.Fera.z : Ignored.
C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP646\A0140823.exe -> Not-A-Virus.Hoax.Win32.Fera.z : Ignored.
C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP646\A0140824.exe -> Not-A-Virus.Hoax.Win32.Fera.z : Ignored.
C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP646\A0140825.exe -> Not-A-Virus.Hoax.Win32.Fera.z : Ignored.
C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP646\A0140831.exe -> Not-A-Virus.Hoax.Win32.Fera.z : Ignored.
C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP647\A0140851.exe -> Not-A-Virus.Hoax.Win32.Fera.z : Ignored.
C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP647\A0140852.exe -> Not-A-Virus.Hoax.Win32.Fera.z : Ignored.
C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP647\A0140853.exe -> Not-A-Virus.Hoax.Win32.Fera.z : Ignored.
C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP648\A0140859.exe -> Not-A-Virus.Hoax.Win32.Fera.z : Ignored.
C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP648\A0140860.exe -> Not-A-Virus.Hoax.Win32.Fera.z : Ignored.
C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP648\A0140861.exe -> Not-A-Virus.Hoax.Win32.Fera.z : Ignored.
C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP651\A0140909.exe -> Not-A-Virus.Hoax.Win32.Fera.z : Ignored.
C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP651\A0140910.exe -> Not-A-Virus.Hoax.Win32.Fera.z : Ignored.
C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP651\A0140911.exe -> Not-A-Virus.Hoax.Win32.Fera.z : Ignored.
C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP651\A0140957.exe -> Not-A-Virus.Hoax.Win32.Fera.z : Ignored.
C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP651\A0141802.exe -> Not-A-Virus.Hoax.Win32.Fera.z : Ignored.
C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP652\A0141811.exe -> Not-A-Virus.Hoax.Win32.Fera.z : Ignored.
C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP652\A0141812.exe -> Not-A-Virus.Hoax.Win32.Fera.z : Ignored.
C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP652\A0141813.exe -> Not-A-Virus.Hoax.Win32.Fera.z : Ignored.
C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP653\A0141843.exe -> Not-A-Virus.Hoax.Win32.Fera.z : Ignored.
C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP653\A0141844.exe -> Not-A-Virus.Hoax.Win32.Fera.z : Ignored.
C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP653\A0141845.exe -> Not-A-Virus.Hoax.Win32.Fera.z : Ignored.
C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP653\A0144836.exe -> Not-A-Virus.Hoax.Win32.Fera.z : Ignored.
C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP653\A0144837.exe -> Not-A-Virus.Hoax.Win32.Fera.z : Ignored.
C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP653\A0144838.exe -> Not-A-Virus.Hoax.Win32.Fera.z : Ignored.
C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP654\A0145839.exe -> Not-A-Virus.Hoax.Win32.Fera.z : Ignored.
C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP654\A0145840.exe -> Not-A-Virus.Hoax.Win32.Fera.z : Ignored.
C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP654\A0145841.exe -> Not-A-Virus.Hoax.Win32.Fera.z : Ignored.
C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP654\A0145848.exe -> Not-A-Virus.Hoax.Win32.Fera.z : Ignored.
C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP655\A0145866.exe -> Not-A-Virus.Hoax.Win32.Fera.z : Ignored.
C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP655\A0145867.exe -> Not-A-Virus.Hoax.Win32.Fera.z : Ignored.
C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP655\A0145868.exe -> Not-A-Virus.Hoax.Win32.Fera.z : Ignored.
C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP655\A0146837.exe -> Not-A-Virus.Hoax.Win32.Fera.z : Ignored.
C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP655\A0146838.exe -> Not-A-Virus.Hoax.Win32.Fera.z : Ignored.
C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP655\A0146839.exe -> Not-A-Virus.Hoax.Win32.Fera.z : Ignored.
C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP656\A0146856.exe -> Not-A-Virus.Hoax.Win32.Fera.z : Ignored.
C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP656\A0146857.exe -> Not-A-Virus.Hoax.Win32.Fera.z : Ignored.
C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP656\A0146858.exe -> Not-A-Virus.Hoax.Win32.Fera.z : Ignored.
C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP656\A0147869.exe -> Not-A-Virus.Hoax.Win32.Fera.z : Ignored.
C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP656\A0147870.exe -> Not-A-Virus.Hoax.Win32.Fera.z : Ignored.
C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP656\A0147871.exe -> Not-A-Virus.Hoax.Win32.Fera.z : Ignored.
C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP657\A0147898.exe -> Not-A-Virus.Hoax.Win32.Fera.z : Ignored.
C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP657\A0147899.exe -> Not-A-Virus.Hoax.Win32.Fera.z : Ignored.
C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP657\A0147900.exe -> Not-A-Virus.Hoax.Win32.Fera.z : Ignored.
C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP659\A0147939.exe -> Not-A-Virus.Hoax.Win32.Fera.z : Ignored.
C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP659\A0147940.exe -> Not-A-Virus.Hoax.Win32.Fera.z : Ignored.
C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP659\A0147941.exe -> Not-A-Virus.Hoax.Win32.Fera.z : Ignored.
C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP659\A0147942.exe -> Not-A-Virus.Hoax.Win32.Fera.z : Ignored.
C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP662\A0147987.exe -> Not-A-Virus.Hoax.Win32.Fera.z : Ignored.

lyd6930 · Answer

Do I need to do anything else now. I did get my control panel. Is there anymore trojans or viruses that you see that I need to get rid of. Once again thankyou for your help. Thx

lyd6930 · Answer

This is the rest from the AVG AS report: It didn't fit in one post, Thanks

C:\Documents and Settings\Joshua\Cookies\joshua@2o7[1].txt -> TrackingCookie.2o7 : Ignored.
C:\Documents and Settings\Joshua\Cookies\joshua@albertoculver.122.2o7[1].txt -> TrackingCookie.2o7 : Ignored.
C:\Documents and Settings\Joshua\Cookies\joshua@brightcove.112.2o7[1].txt -> TrackingCookie.2o7 : Ignored.
C:\Documents and Settings\Joshua\Cookies\joshua@costargroup.112.2o7[1].txt -> TrackingCookie.2o7 : Ignored.
C:\Documents and Settings\Joshua\Cookies\joshua@cupolaventures.112.2o7[1].txt -> TrackingCookie.2o7 : Ignored.
C:\Documents and Settings\Joshua\Cookies\joshua@equityresidential.122.2o7[1].txt -> TrackingCookie.2o7 : Ignored.
C:\Documents and Settings\Joshua\Cookies\joshua@ford.112.2o7[1].txt -> TrackingCookie.2o7 : Ignored.
C:\Documents and Settings\Joshua\Cookies\joshua@homestore.122.2o7[1].txt -> TrackingCookie.2o7 : Ignored.
C:\Documents and Settings\Joshua\Cookies\joshua@iuniverse.112.2o7[1].txt -> TrackingCookie.2o7 : Ignored.
C:\Documents and Settings\Joshua\Cookies\joshua@marketlive.122.2o7[1].txt -> TrackingCookie.2o7 : Ignored.
C:\Documents and Settings\Joshua\Cookies\joshua@mcclatchy.112.2o7[1].txt -> TrackingCookie.2o7 : Ignored.
C:\Documents and Settings\Joshua\Cookies\joshua@meetupcom.122.2o7[1].txt -> TrackingCookie.2o7 : Ignored.
C:\Documents and Settings\Joshua\Cookies\joshua@microsoftwga.112.2o7[1].txt -> TrackingCookie.2o7 : Ignored.
C:\Documents and Settings\Joshua\Cookies\joshua@msnportal.112.2o7[1].txt -> TrackingCookie.2o7 : Ignored.
C:\Documents and Settings\Joshua\Cookies\joshua@pentonmedia.122.2o7[1].txt -> TrackingCookie.2o7 : Ignored.
C:\Documents and Settings\Joshua\Cookies\joshua@sharewellgroup.112.2o7[1].txt -> TrackingCookie.2o7 : Ignored.
C:\Documents and Settings\Joshua\Cookies\joshua@ulta.122.2o7[1].txt -> TrackingCookie.2o7 : Ignored.
C:\Documents and Settings\Joshua\Cookies\joshua@adbrite[1].txt -> TrackingCookie.Adbrite : Ignored.
C:\Documents and Settings\Joshua\Cookies\joshua@ads.adbrite[1].txt -> TrackingCookie.Adbrite : Ignored.
C:\Documents and Settings\Joshua\Cookies\joshua@bridge.admarketplace[1].txt -> TrackingCookie.Admarketplace : Ignored.
C:\Documents and Settings\Joshua\Cookies\joshua@roi.admarketplace[1].txt -> TrackingCookie.Admarketplace : Ignored.
C:\Documents and Settings\Joshua\Cookies\joshua@adrevolver[2].txt -> TrackingCookie.Adrevolver : Ignored.
C:\Documents and Settings\Joshua\Cookies\joshua@media.adrevolver[2].txt -> TrackingCookie.Adrevolver : Ignored.
C:\Documents and Settings\Joshua\Cookies\joshua@advertising[2].txt -> TrackingCookie.Advertising : Ignored.
C:\Documents and Settings\Joshua\Cookies\joshua@atdmt[2].txt -> TrackingCookie.Atdmt : Ignored.
C:\Documents and Settings\Joshua\Cookies\joshua@bluestreak[1].txt -> TrackingCookie.Bluestreak : Ignored.
C:\Documents and Settings\Joshua\Cookies\joshua@ads.bridgetrack[2].txt -> TrackingCookie.Bridgetrack : Ignored.
C:\Documents and Settings\Joshua\Cookies\joshua@citi.bridgetrack[2].txt -> TrackingCookie.Bridgetrack : Ignored.
C:\Documents and Settings\Joshua\Cookies\joshua@burstnet[1].txt -> TrackingCookie.Burstnet : Ignored.
C:\Documents and Settings\Joshua\Cookies\joshua@www.burstnet[1].txt -> TrackingCookie.Burstnet : Ignored.
C:\Documents and Settings\Joshua\Cookies\joshua@casalemedia[2].txt -> TrackingCookie.Casalemedia : Ignored.
C:\Documents and Settings\Joshua\Cookies\joshua@clickbank[2].txt -> TrackingCookie.Clickbank : Ignored.
C:\Documents and Settings\Joshua\Cookies\joshua@data.coremetrics[1].txt -> TrackingCookie.Coremetrics : Ignored.
C:\Documents and Settings\Joshua\Cookies\joshua@stat.dealtime[1].txt -> TrackingCookie.Dealtime : Ignored.
C:\Documents and Settings\Joshua\Cookies\joshua@doubleclick[2].txt -> TrackingCookie.Doubleclick : Ignored.
C:\Documents and Settings\Joshua\Cookies\joshua@enhance[1].txt -> TrackingCookie.Enhance : Ignored.
C:\Documents and Settings\Joshua\Cookies\joshua@adopt.euroclick[2].txt -> TrackingCookie.Euroclick : Ignored.
C:\Documents and Settings\Joshua\Cookies\joshua@fastclick[1].txt -> TrackingCookie.Fastclick : Ignored.
C:\Documents and Settings\Joshua\Cookies\joshua@findwhat[1].txt -> TrackingCookie.Findwhat : Ignored.
C:\Documents and Settings\Joshua\Cookies\joshua@goclick[2].txt -> TrackingCookie.Goclick : Ignored.
C:\Documents and Settings\Joshua\Cookies\joshua@ehg-allegisgroup.hitbox[1].txt -> TrackingCookie.Hitbox : Ignored.
C:\Documents and Settings\Joshua\Cookies\joshua@ehg-daveandbusters.hitbox[1].txt -> TrackingCookie.Hitbox : Ignored.
C:\Documents and Settings\Joshua\Cookies\joshua@ehg-dig.hitbox[2].txt -> TrackingCookie.Hitbox : Ignored.
C:\Documents and Settings\Joshua\Cookies\joshua@ehg-moneymanagement.hitbox[1].txt -> TrackingCookie.Hitbox : Ignored.
C:\Documents and Settings\Joshua\Cookies\joshua@ehg-nestlewaters.hitbox[2].txt -> TrackingCookie.Hitbox : Ignored.
C:\Documents and Settings\Joshua\Cookies\joshua@ehg-traderpublishing.hitbox[2].txt -> TrackingCookie.Hitbox : Ignored.
C:\Documents and Settings\Joshua\Cookies\joshua@ehg-youtube.hitbox[2].txt -> TrackingCookie.Hitbox : Ignored.
C:\Documents and Settings\Joshua\Cookies\joshua@hitbox[2].txt -> TrackingCookie.Hitbox : Ignored.
C:\Documents and Settings\Joshua\Cookies\joshua@searchportal.information[1].txt -> TrackingCookie.Information : Ignored.
C:\Documents and Settings\Joshua\Cookies\joshua@sales.liveperson[2].txt -> TrackingCookie.Liveperson : Ignored.
C:\Documents and Settings\Joshua\Cookies\joshua@server.iad.liveperson[1].txt -> TrackingCookie.Liveperson : Ignored.
C:\Documents and Settings\Joshua\Cookies\joshua@mediaplex[1].txt -> TrackingCookie.Mediaplex : Ignored.
C:\Documents and Settings\Joshua\Cookies\joshua@auto.search.msn[2].txt -> TrackingCookie.Msn : Ignored.
C:\Documents and Settings\Joshua\Cookies\joshua@www.myaffiliateprogram[2].txt -> TrackingCookie.Myaffiliateprogram : Ignored.
C:\Documents and Settings\Joshua\Cookies\joshua@overture[1].txt -> TrackingCookie.Overture : Ignored.
C:\Documents and Settings\Joshua\Cookies\joshua@perf.overture[1].txt -> TrackingCookie.Overture : Ignored.
C:\Documents and Settings\Joshua\Cookies\joshua@ads.pointroll[1].txt -> TrackingCookie.Pointroll : Ignored.
C:\Documents and Settings\Joshua\Cookies\joshua@pro-market[1].txt -> TrackingCookie.Pro-market : Ignored.
C:\Documents and Settings\Joshua\Cookies\joshua@questionmarket[2].txt -> TrackingCookie.Questionmarket : Ignored.
C:\Documents and Settings\Joshua\Cookies\joshua@realmedia[1].txt -> TrackingCookie.Realmedia : Ignored.
C:\Documents and Settings\Joshua\Cookies\joshua@revenue[1].txt -> TrackingCookie.Revenue : Ignored.
C:\Documents and Settings\Joshua\Cookies\joshua@revsci[1].txt -> TrackingCookie.Revsci : Ignored.
C:\Documents and Settings\Joshua\Cookies\joshua@.serving-sys[2].txt -> TrackingCookie.Serving-sys : Ignored.
C:\Documents and Settings\Joshua\Cookies\joshua@serving-sys[1].txt -> TrackingCookie.Serving-sys : Ignored.
C:\Documents and Settings\Joshua\Cookies\joshua@site.skype[1].txt -> TrackingCookie.Skype : Ignored.
C:\Documents and Settings\Joshua\Cookies\joshua@skype[1].txt -> TrackingCookie.Skype : Ignored.
C:\Documents and Settings\Joshua\Cookies\joshua@statcounter[2].txt -> TrackingCookie.Statcounter : Ignored.
C:\Documents and Settings\Joshua\Cookies\joshua@anad.tacoda[1].txt -> TrackingCookie.Tacoda : Ignored.
C:\Documents and Settings\Joshua\Cookies\joshua@tacoda[2].txt -> TrackingCookie.Tacoda : Ignored.
C:\Documents and Settings\Joshua\Cookies\joshua@login.tracking101[1].txt -> TrackingCookie.Tracking101 : Ignored.
C:\Documents and Settings\Joshua\Cookies\joshua@trafficmp[1].txt -> TrackingCookie.Trafficmp : Ignored.
C:\Documents and Settings\Joshua\Cookies\joshua@tribalfusion[1].txt -> TrackingCookie.Tribalfusion : Ignored.
C:\Documents and Settings\Joshua\Cookies\joshua@valueclick[1].txt -> TrackingCookie.Valueclick : Ignored.
C:\Documents and Settings\Joshua\Cookies\joshua@m.webtrends[2].txt -> TrackingCookie.Webtrends : Ignored.
C:\Documents and Settings\Joshua\Cookies\joshua@statse.webtrendslive[2].txt -> TrackingCookie.Webtrendslive : Ignored.
C:\Documents and Settings\Joshua\Cookies\joshua@yadro[2].txt -> TrackingCookie.Yadro : Ignored.
C:\Documents and Settings\Joshua\Cookies\joshua@ad.yieldmanager[2].txt -> TrackingCookie.Yieldmanager : Ignored.
C:\Documents and Settings\Joshua\Cookies\joshua@zedo[1].txt -> TrackingCookie.Zedo : Ignored.
C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP638\A0137819.exe -> Trojan.Qhost.a : Ignored.
C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP637\A0135792.exe -> Trojan.Qhost.vu : Ignored.
C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP637\A0135793.exe -> Trojan.Qhost.vu : Ignored.
C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP637\A0135794.exe -> Trojan.Qhost.vu : Ignored.
C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP637\A0136803.exe -> Trojan.Qhost.vu : Ignored.
C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP637\A0136804.exe -> Trojan.Qhost.vu : Ignored.
C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP637\A0136805.exe -> Trojan.Qhost.vu : Ignored.
C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP640\A0137860.exe -> Trojan.Qhost.vu : Ignored.
C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP641\A0137880.exe -> Trojan.Qhost.vu : Ignored.
C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP641\A0137881.exe -> Trojan.Qhost.vu : Ignored.
C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP643\A0138799.exe -> Trojan.Qhost.vu : Ignored.
C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP643\A0138800.exe -> Trojan.Qhost.vu : Ignored.
C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP643\A0138801.exe -> Trojan.Qhost.vu : Ignored.
C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP643\A0138813.exe -> Trojan.Qhost.vu : Ignored.
C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP643\A0138839.exe -> Trojan.Qhost.vu : Ignored.
C:\Documents and Settings\Lesby\Shared\Steven Spielberg gets a hilarious prank phone call.wma -> Trojan.Wimad.a : Ignored.

::Report end

zbestwun2001 · Answer

Please disable AVG Anti-Spyware's Guard so it does not interfere with the rest of our fix.

Open AVG Anti-Spyware. The main "Status" menu will appear. Select "Change state" to inactivate 'Resident Shield' and 'Automatic Updates'. Right-click on AVG AS in the system tray and uncheck "Start with Windows".
Go to Start > Run and type: services.msc
Press "OK".
In Services, click the "Extended tab" and scroll down the list to find AVG Anti-Spyware Guard.
When you find the guard service, double-click on it.
In the Properties Window > General Tab that opens, click the "Stop" button.
From the drop-down menu next to "Startup Type", click on "Manual".
Now click "Apply", then "OK" and close the Services window.

Download HostsXpert

And Save it to your Desktop
Rt Click Hoster.zip->>Extract all->>Extract it to your Desktop (or your C:\ drive)
Open The Hoster folder->>Double Click HostsXpert.exe
When the program Opens Click The "Restore MS Hosts File" button in the left pane.
Then select "Restore Original Hosts" when prompted.
Close the Hoster program when complete
Note: If you were using a custom Hosts file you will need to replace any of those entries yourself.

Following that, go to Add/Remove Programs and remove Registry Cleaner if listed.
Please launch Hijackthis and place a checkmark next to these:

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://red.clientapps.yahoo.com/customize/ie/defaults/sb/sbcydsl/*http://www.yahoo.com/search/ie.html
O3 - Toolbar: (no name) - {BA52B914-B692-46c4-B683-905236F6F655} - (no file)
O4 - HKCU\..\Run: [Registry Cleaner] "C:\Program Files\Registry Cleaner Trial\Regclean.exe" -startminimize
O7 - HKCU\Software\Microsoft\Windows\CurrentVersion\Policies\System, DisableRegedit=1
O7 - HKLM\Software\Microsoft\Windows\CurrentVersion\Policies\System, DisableRegedit=1
O9 - Extra button: (no name) - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - (no file)
O20 - AppInit_DLLs: skuns.dat

This Office entry is optional to fix because running office at Startup is using Resources. If you would prefer to open it manually, fix this:
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office\OSA9.EXE

Close all windows except HijackThis and click "Fix Checked".

Delete this folder in your Program Files::
Registry Cleaner Trial

Reboot.

Download and scan with SUPERAntiSpyware Free for Home Users

Double-click SUPERAntiSpyware.exe and use the default settings for installation.
An icon will be created on your desktop. Double-click that icon to launch the program.
If asked to update the program definitions, click "Yes". If not, update the definitions before scanning by selecting "Check for Updates". (If you encounter any problems while downloading the updates, manually download and unzip them from here.)
Under "Configuration and Preferences", click the Preferences button.
Click the Scanning Control tab.
Under Scanner Options make sure the following are checked (leave all others unchecked):
- Close browsers before scanning.
- Scan for tracking cookies.
- Terminate memory threats before quarantining.
Click the "Close" button to leave the control center screen.
Back on the main screen, under "Scan for Harmful Software" click Scan your computer.
On the left, make sure you check C:\Fixed Drive.
On the right, under "Complete Scan", choose Perform Complete Scan.
Click "Next" to start the scan. Please be patient while it scans your computer.
After the scan is complete, a Scan Summary box will appear with potentially harmful items that were detected. Click "OK".
Make sure everything has a checkmark next to it and click "Next".
A notification will appear that "Quarantine and Removal is Complete". Click "OK" and then click the "Finish" button to return to the main menu.
If asked if you want to reboot, click "Yes".
To retrieve the removal information after reboot, launch SUPERAntispyware again.
- Click Preferences, then click the Statistics/Logs tab.
- Under Scanner Logs, double-click SUPERAntiSpyware Scan Log.
- If there are several logs, click the current dated log and press View log. A text file will open in your default text editor.
- Please copy and paste the Scan Log results in your next reply.
Click Close to exit the program.

Please include a fresh HijackThis log a s well. Let me know how things are running.

***********************

zb1

lyd6930 · Answer

After doing this, my computer seems to be running good and I still have a control panel. What is the next step?

SUPERAntiSpyware Scan Log
http://www.superantispyware.com

Generated 01/18/2008 at 09:15 PM

Application Version : 3.9.1008

Core Rules Database Version : 3382
Trace Rules Database Version: 1376

Scan type : Complete Scan
Total Scan Time : 02:13:03

Memory items scanned      : 612
Memory threats detected   : 0
Registry items scanned    : 6077
Registry threats detected : 33
File items scanned        : 73017
File threats detected     : 153

Trojan.Downloader-FakeRX
HKLM\Software\Classes\CLSID\{026B5895-3E8E-49A9-8EEE-B52A326DA962}
HKCR\CLSID\{026B5895-3E8E-49A9-8EEE-B52A326DA962}
HKCR\CLSID\{026B5895-3E8E-49A9-8EEE-B52A326DA962}
HKCR\CLSID\{026B5895-3E8E-49A9-8EEE-B52A326DA962}\Implemented Categories
HKCR\CLSID\{026B5895-3E8E-49A9-8EEE-B52A326DA962}\Implemented Categories\{40FC6ED5-2438-11CF-A3DB-080036F12502}
HKCR\CLSID\{026B5895-3E8E-49A9-8EEE-B52A326DA962}\InprocServer32
HKCR\CLSID\{026B5895-3E8E-49A9-8EEE-B52A326DA962}\InprocServer32#ThreadingModel
HKCR\CLSID\{026B5895-3E8E-49A9-8EEE-B52A326DA962}\ProgID
HKCR\CLSID\{026B5895-3E8E-49A9-8EEE-B52A326DA962}\Programmable
HKCR\CLSID\{026B5895-3E8E-49A9-8EEE-B52A326DA962}\TypeLib
HKCR\CLSID\{026B5895-3E8E-49A9-8EEE-B52A326DA962}\VERSION
C:\WINDOWS\SYSTEM32\QIAWPBJJ.DLL
C:\SYSTEM VOLUME INFORMATION\_RESTORE{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP692\A0151174.DLL

Trojan.Downloader-Smith/MS
HKLM\Software\Classes\CLSID\{EF3446E8-FC32-4E55-9C56-0B8DA015FC10}
HKCR\CLSID\{EF3446E8-FC32-4E55-9C56-0B8DA015FC10}
HKCR\CLSID\{EF3446E8-FC32-4E55-9C56-0B8DA015FC10}
HKCR\CLSID\{EF3446E8-FC32-4E55-9C56-0B8DA015FC10}\InprocServer32
HKCR\CLSID\{EF3446E8-FC32-4E55-9C56-0B8DA015FC10}\InprocServer32#ThreadingModel
C:\WINDOWS\SYSTEM32\GE.DLL

Adware.Tracking Cookie
C:\Documents and Settings\Lesby\Cookies\lesby@specificclick[1].txt
C:\Documents and Settings\Lesby\Cookies\lesby@trafficmp[1].txt
C:\Documents and Settings\Lesby\Cookies\lesby@richmedia.yahoo[1].txt
C:\Documents and Settings\Lesby\Cookies\lesby@atdmt[2].txt
C:\Documents and Settings\Lesby\Cookies\lesby@media.adrevolver[1].txt
C:\Documents and Settings\Lesby\Cookies\lesby@ad.yieldmanager[2].txt
C:\Documents and Settings\Lesby\Cookies\lesby@ads.pointroll[1].txt
C:\Documents and Settings\Lesby\Cookies\lesby@msnportal.112.2o7[1].txt
C:\Documents and Settings\Lesby\Cookies\lesby@2o7[2].txt
C:\Documents and Settings\Lesby\Cookies\lesby@advertising[1].txt
C:\Documents and Settings\Lesby\Cookies\lesby@adopt.euroclick[2].txt
C:\Documents and Settings\Lesby\Cookies\lesby@doubleclick[1].txt
C:\Documents and Settings\Joshua\Cookies\joshua@2o7[1].txt
C:\Documents and Settings\Joshua\Cookies\joshua@67.15.239[1].txt
C:\Documents and Settings\Joshua\Cookies\joshua@67.15.239[2].txt
C:\Documents and Settings\Joshua\Cookies\joshua@67.15.239[4].txt
C:\Documents and Settings\Joshua\Cookies\joshua@ad.yieldmanager[2].txt
C:\Documents and Settings\Joshua\Cookies\joshua@adbrite[1].txt
C:\Documents and Settings\Joshua\Cookies\joshua@adecn[2].txt
C:\Documents and Settings\Joshua\Cookies\joshua@adinterax[1].txt
C:\Documents and Settings\Joshua\Cookies\joshua@adlegend[2].txt
C:\Documents and Settings\Joshua\Cookies\joshua@adopt.euroclick[2].txt
C:\Documents and Settings\Joshua\Cookies\joshua@adopt.specificclick[1].txt
C:\Documents and Settings\Joshua\Cookies\joshua@adrevolver[2].txt
C:\Documents and Settings\Joshua\Cookies\joshua@adrevolver[3].txt
C:\Documents and Settings\Joshua\Cookies\joshua@ads.adbrite[1].txt
C:\Documents and Settings\Joshua\Cookies\joshua@ads.as4x.tmcs[1].txt
C:\Documents and Settings\Joshua\Cookies\joshua@ads.associatedcontent[2].txt
C:\Documents and Settings\Joshua\Cookies\joshua@ads.bridgetrack[2].txt
C:\Documents and Settings\Joshua\Cookies\joshua@ads.expedia[1].txt
C:\Documents and Settings\Joshua\Cookies\joshua@ads.joite.co[2].txt
C:\Documents and Settings\Joshua\Cookies\joshua@ads.monster[2].txt
C:\Documents and Settings\Joshua\Cookies\joshua@ads.pointroll[1].txt
C:\Documents and Settings\Joshua\Cookies\joshua@adserver[1].txt
C:\Documents and Settings\Joshua\Cookies\joshua@advertising[2].txt
C:\Documents and Settings\Joshua\Cookies\joshua@albertoculver.122.2o7[1].txt
C:\Documents and Settings\Joshua\Cookies\joshua@anad.tacoda[1].txt
C:\Documents and Settings\Joshua\Cookies\joshua@apmebf[1].txt
C:\Documents and Settings\Joshua\Cookies\joshua@atdmt[2].txt
C:\Documents and Settings\Joshua\Cookies\joshua@atwola[1].txt
C:\Documents and Settings\Joshua\Cookies\joshua@blizzardtracker[1].txt
C:\Documents and Settings\Joshua\Cookies\joshua@bluestreak[1].txt
C:\Documents and Settings\Joshua\Cookies\joshua@bridge.admarketplace[1].txt
C:\Documents and Settings\Joshua\Cookies\joshua@brightcove.112.2o7[1].txt
C:\Documents and Settings\Joshua\Cookies\joshua@.serving-sys[2].txt
C:\Documents and Settings\Joshua\Cookies\joshua@burstnet[1].txt
C:\Documents and Settings\Joshua\Cookies\joshua@casalemedia[2].txt
C:\Documents and Settings\Joshua\Cookies\joshua@citi.bridgetrack[2].txt
C:\Documents and Settings\Joshua\Cookies\joshua@clickbank[2].txt
C:\Documents and Settings\Joshua\Cookies\joshua@clicksor[1].txt
C:\Documents and Settings\Joshua\Cookies\joshua@costargroup.112.2o7[1].txt
C:\Documents and Settings\Joshua\Cookies\joshua@cupolaventures.112.2o7[1].txt
C:\Documents and Settings\Joshua\Cookies\joshua@doubleclick[2].txt
C:\Documents and Settings\Joshua\Cookies\joshua@ehg-allegisgroup.hitbox[1].txt
C:\Documents and Settings\Joshua\Cookies\joshua@ehg-daveandbusters.hitbox[1].txt
C:\Documents and Settings\Joshua\Cookies\joshua@ehg-dig.hitbox[2].txt
C:\Documents and Settings\Joshua\Cookies\joshua@ehg-moneymanagement.hitbox[1].txt
C:\Documents and Settings\Joshua\Cookies\joshua@ehg-nestlewaters.hitbox[2].txt
C:\Documents and Settings\Joshua\Cookies\joshua@ehg-traderpublishing.hitbox[2].txt
C:\Documents and Settings\Joshua\Cookies\joshua@ehg-youtube.hitbox[2].txt
C:\Documents and Settings\Joshua\Cookies\joshua@enhance[1].txt
C:\Documents and Settings\Joshua\Cookies\joshua@equityresidential.122.2o7[1].txt
C:\Documents and Settings\Joshua\Cookies\joshua@fastclick[1].txt
C:\Documents and Settings\Joshua\Cookies\joshua@finditfinder[1].txt
C:\Documents and Settings\Joshua\Cookies\joshua@findsearchhere[1].txt
C:\Documents and Settings\Joshua\Cookies\joshua@findwhatyousearch[1].txt
C:\Documents and Settings\Joshua\Cookies\joshua@findwhat[1].txt
C:\Documents and Settings\Joshua\Cookies\joshua@ford.112.2o7[1].txt
C:\Documents and Settings\Joshua\Cookies\joshua@gethairapymedia[1].txt
C:\Documents and Settings\Joshua\Cookies\joshua@goclick[2].txt
C:\Documents and Settings\Joshua\Cookies\joshua@hitbox[2].txt
C:\Documents and Settings\Joshua\Cookies\joshua@homestore.122.2o7[1].txt
C:\Documents and Settings\Joshua\Cookies\joshua@iacas.adbureau[1].txt
C:\Documents and Settings\Joshua\Cookies\joshua@indexstats[1].txt
C:\Documents and Settings\Joshua\Cookies\joshua@interclick[1].txt
C:\Documents and Settings\Joshua\Cookies\joshua@iuniverse.112.2o7[1].txt
C:\Documents and Settings\Joshua\Cookies\joshua@kanoodle[1].txt
C:\Documents and Settings\Joshua\Cookies\joshua@keywordmax[1].txt
C:\Documents and Settings\Joshua\Cookies\joshua@klik.klikadvertising[1].txt
C:\Documents and Settings\Joshua\Cookies\joshua@login.tracking101[1].txt
C:\Documents and Settings\Joshua\Cookies\joshua@marketlive.122.2o7[1].txt
C:\Documents and Settings\Joshua\Cookies\joshua@mcclatchy.112.2o7[1].txt
C:\Documents and Settings\Joshua\Cookies\joshua@media.adrevolver[2].txt
C:\Documents and Settings\Joshua\Cookies\joshua@media6degrees[1].txt
C:\Documents and Settings\Joshua\Cookies\joshua@mediaplex[1].txt
C:\Documents and Settings\Joshua\Cookies\joshua@meetupcom.122.2o7[1].txt
C:\Documents and Settings\Joshua\Cookies\joshua@microsoftwga.112.2o7[1].txt
C:\Documents and Settings\Joshua\Cookies\joshua@msnportal.112.2o7[1].txt
C:\Documents and Settings\Joshua\Cookies\joshua@nextag[1].txt
C:\Documents and Settings\Joshua\Cookies\joshua@overture[1].txt
C:\Documents and Settings\Joshua\Cookies\joshua@partner2profit[1].txt
C:\Documents and Settings\Joshua\Cookies\joshua@pentonmedia.122.2o7[1].txt
C:\Documents and Settings\Joshua\Cookies\joshua@perf.overture[1].txt
C:\Documents and Settings\Joshua\Cookies\joshua@pro-market[1].txt
C:\Documents and Settings\Joshua\Cookies\joshua@questionmarket[2].txt
C:\Documents and Settings\Joshua\Cookies\joshua@rbanner[2].txt
C:\Documents and Settings\Joshua\Cookies\joshua@realmedia[1].txt
C:\Documents and Settings\Joshua\Cookies\joshua@revenue[1].txt
C:\Documents and Settings\Joshua\Cookies\joshua@revsci[1].txt
C:\Documents and Settings\Joshua\Cookies\joshua@richmedia.yahoo[1].txt
C:\Documents and Settings\Joshua\Cookies\joshua@roi.admarketplace[1].txt
C:\Documents and Settings\Joshua\Cookies\joshua@roiservice[2].txt
C:\Documents and Settings\Joshua\Cookies\joshua@sales.liveperson[2].txt
C:\Documents and Settings\Joshua\Cookies\joshua@server.iad.liveperson[1].txt
C:\Documents and Settings\Joshua\Cookies\joshua@server2.bkvtrack[2].txt
C:\Documents and Settings\Joshua\Cookies\joshua@serving-sys[1].txt
C:\Documents and Settings\Joshua\Cookies\joshua@sharewellgroup.112.2o7[1].txt
C:\Documents and Settings\Joshua\Cookies\joshua@specificclick[2].txt
C:\Documents and Settings\Joshua\Cookies\joshua@stat.dealtime[1].txt
C:\Documents and Settings\Joshua\Cookies\joshua@statcounter[2].txt
C:\Documents and Settings\Joshua\Cookies\joshua@statse.webtrendslive[2].txt
C:\Documents and Settings\Joshua\Cookies\joshua@tacoda[2].txt
C:\Documents and Settings\Joshua\Cookies\joshua@toseeka[2].txt
C:\Documents and Settings\Joshua\Cookies\joshua@tracking.dsmmadvantage[2].txt
C:\Documents and Settings\Joshua\Cookies\joshua@traffic.buyservices[1].txt
C:\Documents and Settings\Joshua\Cookies\joshua@trafficmp[1].txt
C:\Documents and Settings\Joshua\Cookies\joshua@tribalfusion[1].txt
C:\Documents and Settings\Joshua\Cookies\joshua@ulta.122.2o7[1].txt
C:\Documents and Settings\Joshua\Cookies\joshua@upspiral[2].txt
C:\Documents and Settings\Joshua\Cookies\joshua@valueclick[1].txt
C:\Documents and Settings\Joshua\Cookies\joshua@www.burstnet[1].txt
C:\Documents and Settings\Joshua\Cookies\joshua@www.freshpornmpegs[2].txt
C:\Documents and Settings\Joshua\Cookies\joshua@www.upspiral[1].txt
C:\Documents and Settings\Joshua\Cookies\joshua@yadro[2].txt
C:\Documents and Settings\Joshua\Cookies\joshua@zedo[1].txt
C:\Documents and Settings\LocalService\Cookies\system@hotbar[1].txt

Registry Cleaner Trial
HKU\S-1-5-21-1316890692-857265532-3585338434-1009\Software\SoftwareOnline.com

Adware.HotBar/SpamBlockerUtility (Low Risk)
C:\Program Files\SpamBlockerUtility_Icons\RegistryDefender_2.ico
C:\Program Files\SpamBlockerUtility_Icons\Software_Online_8.ico
C:\Program Files\SpamBlockerUtility_Icons\wallpapere1.ico
C:\Program Files\SpamBlockerUtility_Icons
HKCR\SpamBlockerUtility.TravelCompareBar.1
HKCR\SpamBlockerUtility.TravelCompareBar.1\CLSID
HKU\.DEFAULT\Software\SpamBlockerUtility
HKU\S-1-5-18\Software\SpamBlockerUtility
HKLM\Software\SpamBlockerUtility
HKLM\Software\SpamBlockerUtility\SpamBlockerUtility
HKLM\Software\SpamBlockerUtility\SpamBlockerUtility\Install
HKLM\Software\SpamBlockerUtility\SpamBlockerUtility\Install#StartInstall
HKLM\Software\SpamBlockerUtility\SpamBlockerUtility\Install#IID
HKLM\Software\SpamBlockerUtility\SpamBlockerUtility\Install#IID_prv
HKLM\Software\SpamBlockerUtility\SpamBlockerUtility\MachineInfo
HKLM\Software\SpamBlockerUtility\SpamBlockerUtility\MachineInfo#CID
HKLM\Software\SpamBlockerUtility\SpamBlockerUtility\MachineInfo#CID_prv
HKLM\Software\SpamBlockerUtility\SpamBlockerUtility\PI
HKLM\Software\SpamBlockerUtility\SpamBlockerUtility\PI\3.2
HKLM\Software\SpamBlockerUtility\SpamBlockerUtility\PI\3.2#PID00

Adware.AdBreak
C:\WINDOWS\FHFMM-UNINSTALLER.EXE
C:\WINDOWS\FHFMM.EXE
C:\WINDOWS\HCWPRN.EXE
C:\WINDOWS\KKCOMP.DLL
C:\WINDOWS\KKCOMP.EXE
C:\WINDOWS\KVNAB.DLL
C:\WINDOWS\KVNAB.EXE
C:\WINDOWS\LIQAD.DLL
C:\WINDOWS\LIQAD.EXE
C:\WINDOWS\LIQUI-UNINSTALLER.EXE
C:\WINDOWS\LIQUI.DLL
C:\WINDOWS\LIQUI.EXE
C:\WINDOWS\PBSYSIE.DLL
C:\WINDOWS\SETTN.DLL
C:\WINDOWS\WBECHECK.EXE
C:\WINDOWS\XADBRK.DLL
C:\WINDOWS\XADBRK.EXE
C:\WINDOWS\XADBRK_.EXE

Trojan.FakeDrop-PBar
C:\WINDOWS\PBAR.DLL

Unclassified.Unknown Origin/System
C:\WINDOWS\SYSTEM32\ESHOPEE.EXE

zbestwun2001 · Answer

If this folder still exists, delete it:
C:\Program Files\ p2pnetworks

Please delete HostsXpert and SmitfraudFix along with its reports.
Super Antispyware would be good to keep updated and use for on-demand scanning every so often, because as you can see, it finds things that AVG doesn't.

Run Disk Cleanup in each user's profile:
Click "Start > Programs > Accessories > System Tools > Disk Cleanup"
Please make sure only the following are checked:
-- Downloaded Program Files
-- Temporary Internet Files
-- Recycle Bin
-- Temporary Files
Click "OK" and Disk Cleanup will delete those files for you.

Your Java is out of date. Older versions have vulnerabilities that malware can use to infect your system. It is possible that you may be running Java code in your applications that absolutely require a specific version of the JRE to run. Please follow these steps to remove older version Java components and update.

Updating Java:

Download the latest version of Java Runtime Environment (JRE) 6.
Scroll down to where it says "Java Runtime Environment (JRE) 6u4 allows end-users to run Java applications".
Click the "Download" button to the right.
Check the box that says: "Accept License Agreement".
The page will refresh.
Click on the link to download Windows Offline Installation with or without Multi-language and save to your desktop.
Close any programs you may have running - especially your web browser.
Go to Start > Control Panel double-click on Add/Remove programs and remove all older versions of Java.
Check any item with Java Runtime Environment (JRE or J2SE) in the name.
Click the Remove or Change/Remove button.
Repeat as many times as necessary to remove each of the Java versions.
Reboot your computer once all Java components are removed.
Then from your desktop double-click on jre-6u4-windows-i586-p.exe to install the newest version.

Official JAVA Installation Instructions if needed.

***********************

zb1

Virus & Spyware

Missing control panel

Was this post helpful?