Control Panel In My Start Menu Missing Help

Joined
Aug 30, 2007
Messages
8
Reaction score
0
RESPECTED ADMINISTRATOR

TWO DAYS BACK AS I WAS BROWSING I FOUND THAT MY SYSTEM IS BECOMING VERY SLOW . SO WHEN I CLICKED MY START MENU THERE WAS NO CONTROL PANEL MENU AND THEN I TRIED TO OPEN MY COMPUTER AND IN IT I CLICKED ADD OR REMOVE PROGRAM BUT I WAS DENIED ACCESS AND A MESSAGE CAME STATING THAT "THIS OPERATION HAS BEEN CANCELLED DUE TO RESTRICTIONS IN EFFECT IN THIS COMPUTER. PLEASE CONTACT YOUR SYSTEM ADMINISTRATOR".

OPERATING SYSTEM -WINDOWS XP
ANTI VIRUS SOFTWARE -AVG
ANTI SPYWARE SOFTWARE-SPYBOT
NET CONNECTION-56K
OS Name Microsoft Windows XP Professional
Version 5.1.2600 Build 2600
OS Manufacturer Microsoft Corporation


System Type X86-based PC
Processor x86 Family 6 Model 8 Stepping 1 AuthenticAMD ~1470 Mhz
BIOS Version/Date Award Software, Inc. ASUS A7N266-VM ACPI BIOS Rev 1005, 19/11/2002
SMBIOS Version 2.3
Windows Directory D:\WINDOWS
System Directory D:\WINDOWS\System32
Boot Device \Device\HarddiskVolume1
Locale United States
Hardware Abstraction Layer Version = "5.1.2600.0 (xpclient.010817-1148)"
User Name SUJITH\SUJITH M S
Time Zone India Standard Time
Total Physical Memory 128.00 MB
Available Physical Memory 10.11 MB
Total Virtual Memory 894.32 MB
Available Virtual Memory 594.27 MB
Page File Space 798.98 MB
Page File C:\pagefile.sys

AFTER THAT I RAN HIJACKTHIS ON MY COMPUTER AND THE LOG I AM POSTING BELOW.
PLEASE HELP ME SOLVE MY PROBLEM.

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 23:45:00, on 30/08/2007
Platform: Windows XP (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 (6.00.2600.0000)
Boot mode: Normal

Running processes:
D:\WINDOWS\System32\smss.exe
D:\WINDOWS\system32\winlogon.exe
D:\WINDOWS\system32\services.exe
D:\WINDOWS\system32\lsass.exe
D:\WINDOWS\system32\svchost.exe
D:\WINDOWS\System32\svchost.exe
D:\WINDOWS\system32\spoolsv.exe
D:\WINDOWS\System32\nvsvc32.exe
D:\WINDOWS\Explorer.exe
D:\WINDOWS\System32\spool\drivers\w32x86\3\hpztsb05.exe
D:\WINDOWS\System32\NVATray.exe
D:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
D:\Documents and Settings\All Users\Start Menu\Programs\Startup\autorun.exe
D:\Program Files\Internet Explorer\IEXPLORE.EXE
D:\Program Files\Internet Explorer\IEXPLORE.EXE
D:\Program Files\Google\Google Talk\googletalk.exe
D:\Program Files\Internet Explorer\iexplore.exe
D:\Program Files\Internet Explorer\iexplore.exe
D:\Program Files\Internet Explorer\iexplore.exe
D:\Documents and Settings\SUJITH M S\Desktop\hijackthis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page =
F2 - REG:system.ini: Shell=Explorer.exe D:\WINDOWS\System32\printer.exe
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - d:\program files\google\googletoolbar1.dll
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - D:\WINDOWS\System32\msdxm.ocx
O4 - HKLM\..\Run: [HPDJ Taskbar Utility] D:\WINDOWS\System32\spool\drivers\w32x86\3\hpztsb05.exe
O4 - HKLM\..\Run: [Microsoft Startup Manager] D:\WINDOWS\System32\sysservice.exe
O4 - HKLM\..\Run: [Easy-PrintToolBox] D:\Program Files\Canon\Easy-PrintToolBox\BJPSMAIN.EXE /logon
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE NvQTwk,NvCplDaemon initialize
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [WinAVX] D:\WINDOWS\System32\WinAvXX.exe
O4 - HKLM\..\Run: [NVIDIA nForce APU1 Utilities] NVATray.exe
O4 - HKLM\..\Run: [googletalk] D:\Program Files\Google\Google Talk\googletalk.exe /autostart
O4 - HKCU\..\Run: [swg] D:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
O4 - HKCU\..\Run: [WinAVX] D:\WINDOWS\System32\WinAvXX.exe
O4 - Startup: system.exe
O4 - Global Startup: Adobe Gamma Loader.lnk = D:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Global Startup: autorun.exe
O7 - HKCU\Software\Microsoft\Windows\CurrentVersion\Policies\System, DisableRegedit=1
O7 - HKLM\Software\Microsoft\Windows\CurrentVersion\Policies\System, DisableRegedit=1
O8 - Extra context menu item: E&xport to Microsoft Excel - res://D:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O8 - Extra context menu item: Easy-WebPrint Add To Print List - res://D:\Program Files\Canon\Easy-WebPrint\Resource.dll/RC_AddToList.html
O8 - Extra context menu item: Easy-WebPrint High Speed Print - res://D:\Program Files\Canon\Easy-WebPrint\Resource.dll/RC_HSPrint.html
O8 - Extra context menu item: Easy-WebPrint Preview - res://D:\Program Files\Canon\Easy-WebPrint\Resource.dll/RC_Preview.html
O8 - Extra context menu item: Easy-WebPrint Print - res://D:\Program Files\Canon\Easy-WebPrint\Resource.dll/RC_Print.html
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - D:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: Enable / Disable Yoomba - {BAE22299-19C5-4f46-94A7-6D7A27212707} - D:\WINDOWS\System32\shdocvw.dll (HKCU)
O12 - Plugin for .spop: D:\Program Files\Internet Explorer\Plugins\NPDocBox.dll
O16 - DPF: {0D41B8C5-2599-4893-8183-00195EC8D5F9} (asusTek_sysctrl Class) - http://support.asus.com/common/asusTek_sys_ctrl.cab
O16 - DPF: {EECC2B58-FDE7-4F3A-B933-B25BE90F1D37} (CTXAXSetupCtl Object) - http://download.yoomba.com/YoombaActivation.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{63656B50-9DC7-441C-8978-4A1AC0A38350}: NameServer = 218.248.255.145 218.248.240.23
O17 - HKLM\System\CS1\Services\Tcpip\..\{63656B50-9DC7-441C-8978-4A1AC0A38350}: NameServer = 218.248.255.145 218.248.240.23
O20 - AppInit_DLLs: D:\WINDOWS\System32\hadjajr.ini
O22 - SharedTaskScheduler: fagging - {94524218-9af3-4643-9687-cbc2880e54da} - (no file)
O23 - Service: NVIDIA Driver Helper Service (NVSvc) - NVIDIA Corporation - D:\WINDOWS\System32\nvsvc32.exe
O24 - Desktop Component 0: (no name) - file:///D:/DOCUME~1/SUJITH~1/LOCALS~1/Temp/msohtml1/01/clip_image002.gif

--
End of file - 4488 bytes
 
Last edited:
Hmmm, strange ... despite what you say you have, there is NO antivirus running, or, it could well have been turned of by one of the numerous nasties effecting your PC ... you will also need to update to the latest SP.


I suggest a Clean Re-Install of XP.


:user:
 
message to mucshifter

sorry super moderator
actually i uninstalled the antivirus for trying some other antivirus but it was no help so then i removed all the antivirus and took the hijackthis log but now i have installed avg antivirus and spybot antispyware and below is the new log of hijackthis
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 10:20:58, on 31/08/2007
Platform: Windows XP (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 (6.00.2600.0000)
Boot mode: Normal
Running processes:
D:\WINDOWS\System32\smss.exe
D:\WINDOWS\system32\winlogon.exe
D:\WINDOWS\system32\services.exe
D:\WINDOWS\system32\lsass.exe
D:\WINDOWS\system32\svchost.exe
D:\WINDOWS\System32\svchost.exe
D:\WINDOWS\system32\spoolsv.exe
D:\WINDOWS\Explorer.exe
D:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
D:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
D:\WINDOWS\System32\nvsvc32.exe
D:\WINDOWS\System32\spool\drivers\w32x86\3\hpztsb05.exe
D:\WINDOWS\System32\WinAvXX.exe
D:\WINDOWS\System32\NVATray.exe
D:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe
D:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
D:\Program Files\Internet Explorer\IEXPLORE.EXE
D:\Program Files\Internet Explorer\IEXPLORE.EXE
D:\Documents and Settings\SUJITH M S\Desktop\hijackthis.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page =
F2 - REG:system.ini: Shell=Explorer.exe D:\WINDOWS\System32\printer.exe
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - D:\Program Files\Spybot - Search & Destroy\SDHelper.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - d:\program files\google\googletoolbar1.dll
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - D:\WINDOWS\System32\msdxm.ocx
O4 - HKLM\..\Run: [HPDJ Taskbar Utility] D:\WINDOWS\System32\spool\drivers\w32x86\3\hpztsb05.exe
O4 - HKLM\..\Run: [Microsoft Startup Manager] D:\WINDOWS\System32\sysservice.exe
O4 - HKLM\..\Run: [Easy-PrintToolBox] D:\Program Files\Canon\Easy-PrintToolBox\BJPSMAIN.EXE /logon
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE NvQTwk,NvCplDaemon initialize
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [WinAVX] D:\WINDOWS\System32\WinAvXX.exe
O4 - HKLM\..\Run: [NVIDIA nForce APU1 Utilities] NVATray.exe
O4 - HKLM\..\Run: [googletalk] D:\Program Files\Google\Google Talk\googletalk.exe /autostart
O4 - HKLM\..\Run: [AVG7_CC] D:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe /STARTUP
O4 - HKCU\..\Run: [swg] D:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
O4 - HKCU\..\Run: [WinAVX] D:\WINDOWS\System32\WinAvXX.exe
O4 - HKUS\S-1-5-19\..\Run: [AVG7_Run] D:\PROGRA~1\Grisoft\AVGFRE~1\avgw.exe /RUNONCE (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [AVG7_Run] D:\PROGRA~1\Grisoft\AVGFRE~1\avgw.exe /RUNONCE (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-18\..\Run: [AVG7_Run] D:\PROGRA~1\Grisoft\AVGFRE~1\avgw.exe /RUNONCE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [AVG7_Run] D:\PROGRA~1\Grisoft\AVGFRE~1\avgw.exe /RUNONCE (User 'Default user')
O4 - Startup: system.exe
O4 - Global Startup: Adobe Gamma Loader.lnk = D:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Global Startup: autorun.exe
O7 - HKCU\Software\Microsoft\Windows\CurrentVersion\Policies\System, DisableRegedit=1
O7 - HKLM\Software\Microsoft\Windows\CurrentVersion\Policies\System, DisableRegedit=1
O8 - Extra context menu item: E&xport to Microsoft Excel - res://D:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O8 - Extra context menu item: Easy-WebPrint Add To Print List - res://D:\Program Files\Canon\Easy-WebPrint\Resource.dll/RC_AddToList.html
O8 - Extra context menu item: Easy-WebPrint High Speed Print - res://D:\Program Files\Canon\Easy-WebPrint\Resource.dll/RC_HSPrint.html
O8 - Extra context menu item: Easy-WebPrint Preview - res://D:\Program Files\Canon\Easy-WebPrint\Resource.dll/RC_Preview.html
O8 - Extra context menu item: Easy-WebPrint Print - res://D:\Program Files\Canon\Easy-WebPrint\Resource.dll/RC_Print.html
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - D:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: Enable / Disable Yoomba - {BAE22299-19C5-4f46-94A7-6D7A27212707} - D:\WINDOWS\System32\shdocvw.dll (HKCU)
O12 - Plugin for .spop: D:\Program Files\Internet Explorer\Plugins\NPDocBox.dll
O16 - DPF: {0D41B8C5-2599-4893-8183-00195EC8D5F9} (asusTek_sysctrl Class) - http://support.asus.com/common/asusTek_sys_ctrl.cab
O16 - DPF: {EECC2B58-FDE7-4F3A-B933-B25BE90F1D37} (CTXAXSetupCtl Object) - http://download.yoomba.com/YoombaActivation.cab
O20 - AppInit_DLLs: D:\WINDOWS\System32\hadjajr.ini
O22 - SharedTaskScheduler: fagging - {94524218-9af3-4643-9687-cbc2880e54da} - (no file)
O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - D:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - D:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
O23 - Service: NVIDIA Driver Helper Service (NVSvc) - NVIDIA Corporation - D:\WINDOWS\System32\nvsvc32.exe
O24 - Desktop Component 0: (no name) - file:///D:/DOCUME~1/SUJITH~1/LOCALS~1/Temp/msohtml1/01/clip_image002.gif
--
End of file - 4974 bytes
i would like to solve the problem without re installing windows xp
also i would like to know how i could learn to analyse hijackthis log .
please help me sir waiting for a response from u
i think u would not disappointment me
 
You have several bad nasties, I cannot guarantee we can clean your system ... but, if you want to try then;


Download ComboFix to your Desktop.

Reboot to Safe mode:

Restart your computer and begin tapping the F8 key on your keyboard just before Windows starts to load. If done properly a Windows Advanced Options menu will appear. Select the Safe Mode option and press Enter.

Perform the following actions in Safe Mode.
  • Double click combofix.exe and follow the prompts.
  • When finished, it will produce a log for you. Post that log and a new HijackThis log in your next reply
Note: Do not mouseclick combofix's window while it's running as that may cause it to stall

This is only step one.

:user:
 
muckshifter said:
You have several bad nasties, I cannot guarantee we can clean your system ... but, if you want to try then;


Download ComboFix to your Desktop.

Reboot to Safe mode:

Restart your computer and begin tapping the F8 key on your keyboard just before Windows starts to load. If done properly a Windows Advanced Options menu will appear. Select the Safe Mode option and press Enter.

Perform the following actions in Safe Mode.
  • Double click combofix.exe and follow the prompts.
  • When finished, it will produce a log for you. Post that log and a new HijackThis log in your next reply
Note: Do not mouseclick combofix's window while it's running as that may cause it to stall

This is only step one.

:user:
hello sir ,
as u have adivised me to run combofix in safe mode i have done so after that i got my control panel back but now my problem is that when i open my control panel in the add/remove programs nothing is visible but if we check the properties we can see that there are programs inside, by the memory size. as u have said i am posting my hijackthis and combofix log below
please help me
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 17:37:49, on 31/08/2007
Platform: Windows XP (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 (6.00.2600.0000)
Boot mode: Normal

Running processes:
D:\WINDOWS\System32\smss.exe
D:\WINDOWS\system32\winlogon.exe
D:\WINDOWS\system32\services.exe
D:\WINDOWS\system32\lsass.exe
D:\WINDOWS\system32\svchost.exe
D:\WINDOWS\System32\svchost.exe
D:\WINDOWS\system32\spoolsv.exe
D:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
D:\WINDOWS\Explorer.exe
D:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
D:\WINDOWS\System32\nvsvc32.exe
D:\WINDOWS\System32\spool\drivers\w32x86\3\hpztsb0 5.exe
D:\WINDOWS\System32\NVATray.exe
D:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe
D:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNo tifier.exe
D:\WINDOWS\system32\notepad.exe
D:\WINDOWS\system32\NOTEPAD.EXE
D:\Documents and Settings\SUJITH M S\Desktop\hijackthis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page =
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - d:\program files\google\googletoolbar1.dll
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - D:\WINDOWS\System32\msdxm.ocx
O4 - HKLM\..\Run: [HPDJ Taskbar Utility] D:\WINDOWS\System32\spool\drivers\w32x86\3\hpztsb0 5.exe
O4 - HKLM\..\Run: [Microsoft Startup Manager] D:\WINDOWS\System32\sysservice.exe
O4 - HKLM\..\Run: [Easy-PrintToolBox] D:\Program Files\Canon\Easy-PrintToolBox\BJPSMAIN.EXE /logon
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE NvQTwk,NvCplDaemon initialize
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [NVIDIA nForce APU1 Utilities] NVATray.exe
O4 - HKLM\..\Run: [googletalk] D:\Program Files\Google\Google Talk\googletalk.exe /autostart
O4 - HKLM\..\Run: [AVG7_CC] D:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe /STARTUP
O4 - HKCU\..\Run: [swg] D:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNo tifier.exe
O4 - HKUS\S-1-5-19\..\Run: [AVG7_Run] D:\PROGRA~1\Grisoft\AVGFRE~1\avgw.exe /RUNONCE (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [AVG7_Run] D:\PROGRA~1\Grisoft\AVGFRE~1\avgw.exe /RUNONCE (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-18\..\Run: [AVG7_Run] D:\PROGRA~1\Grisoft\AVGFRE~1\avgw.exe /RUNONCE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [AVG7_Run] D:\PROGRA~1\Grisoft\AVGFRE~1\avgw.exe /RUNONCE (User 'Default user')
O4 - Global Startup: Adobe Gamma Loader.lnk = D:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O8 - Extra context menu item: E&xport to Microsoft Excel - res://D:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O8 - Extra context menu item: Easy-WebPrint Add To Print List - res://D:\Program Files\Canon\Easy-WebPrint\Resource.dll/RC_AddToList.html
O8 - Extra context menu item: Easy-WebPrint High Speed Print - res://D:\Program Files\Canon\Easy-WebPrint\Resource.dll/RC_HSPrint.html
O8 - Extra context menu item: Easy-WebPrint Preview - res://D:\Program Files\Canon\Easy-WebPrint\Resource.dll/RC_Preview.html
O8 - Extra context menu item: Easy-WebPrint Print - res://D:\Program Files\Canon\Easy-WebPrint\Resource.dll/RC_Print.html
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - D:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: Enable / Disable Yoomba - {BAE22299-19C5-4f46-94A7-6D7A27212707} - D:\WINDOWS\System32\shdocvw.dll (HKCU)
O12 - Plugin for .spop: D:\Program Files\Internet Explorer\Plugins\NPDocBox.dll
O16 - DPF: {0D41B8C5-2599-4893-8183-00195EC8D5F9} (asusTek_sysctrl Class) - http://support.asus.com/common/asusTek_sys_ctrl.cab
O16 - DPF: {EECC2B58-FDE7-4F3A-B933-B25BE90F1D37} (CTXAXSetupCtl Object) - http://download.yoomba.com/YoombaActivation.cab
O20 - AppInit_DLLs: D:\WINDOWS\System32\hadjajr.ini
O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - D:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - D:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
O23 - Service: NVIDIA Driver Helper Service (NVSvc) - NVIDIA Corporation - D:\WINDOWS\System32\nvsvc32.exe
O24 - Desktop Component 0: (no name) - file:///D:/DOCUME~1/SUJITH~1/LOCALS~1/Temp/msohtml1/01/clip_image002.gif

--
End of file - 4273 bytes
ComboFix 07-08-30.3 - "SUJITH M S" 2007-08-31 17:23:02.1 - FAT32x86 MINIMAL
Microsoft Windows XP Professional 5.1.2600.0.1252.1.1033.18.26 [GMT 5.5:30]


((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))


D:\DOCUME~1\ADMINI~1\STARTM~1\PROGRAMS\STARTUP\sys tem.exe
D:\DOCUME~1\ALLUSE~1\STARTM~1\Programs\Startup.\au torun.exe
D:\DOCUME~1\SUJITH~1\DESKTOP\internet explorer.lnk
D:\DOCUME~1\SUJITH~1\err.log
D:\DOCUME~1\SUJITH~1\STARTM~1\PROGRAMS\STARTUP\sys tem.exe
D:\Program Files\Common Files\Companion Wizard
D:\Program Files\Common Files\WinAntiVirus Pro 2007
D:\Program Files\VirusProtectPro 3.3 3.3
D:\WINDOWS\system32\printer.exe
D:\WINDOWS\system32\WinAvXX.exe


((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))


-------\LEGACY_FOPN


((((((((((((((((((((((((( Files Created from 2007-07-28 to 2007-08-31 )))))))))))))))))))))))))))))))


2007-08-31 16:30 51,200 --a------ D:\WINDOWS\nircmd.exe
2007-08-30 01:23 <DIR> d--h----- D:\WINDOWS\system32\GroupPolicy
2007-08-29 01:05 <DIR> d-------- D:\DOCUME~1\ALLUSE~1\APPLIC~1\Spybot - Search & Destroy
2007-08-29 00:42 <DIR> d-------- D:\Program Files\Free Window Registry Repair
2007-08-28 16:04 <DIR> d--hs---- D:\FOUND.003
2007-08-27 23:27 <DIR> d-------- D:\Program Files\Symantec
2007-08-27 23:26 <DIR> d-------- D:\Program Files\Common Files\Symantec Shared
2007-08-27 16:51 89,088 --a------ D:\WINDOWS\system32\atl71.dll
2007-08-27 16:51 8,704 --a------ D:\WINDOWS\system32\SpOrder.dll
2007-08-27 16:51 24,064 --a------ D:\WINDOWS\system32\msxml3a.dll
2007-08-27 15:58 8,223 --a------ D:\WINDOWS\system32\dllcache\npwmsdrm.dll
2007-08-27 15:58 73,728 --a------ D:\WINDOWS\system32\dllcache\icwtutor.exe
2007-08-27 15:58 61,440 --a------ D:\WINDOWS\system32\dllcache\icwres.dll
2007-08-27 15:58 57,344 --a------ D:\WINDOWS\system32\dllcache\icwconn.dll
2007-08-27 15:58 45,056 --a------ D:\WINDOWS\system32\dllcache\icwutil.dll
2007-08-27 15:58 40,960 --a------ D:\WINDOWS\system32\dllcache\trialoc.dll
2007-08-27 15:58 24,576 --a------ D:\WINDOWS\system32\dllcache\icwrmind.exe
2007-08-27 15:58 157,696 --a------ D:\WINDOWS\system32\dllcache\npdrmv2.dll
2007-08-27 15:58 155,648 --a------ D:\WINDOWS\system32\dllcache\icwhelp.dll
2007-08-27 15:56 113,944 --a------ D:\WINDOWS\system32\wuauclt.exe
2007-08-27 15:56 113,944 --a------ D:\WINDOWS\system32\dllcache\wuauclt.exe
2007-08-27 15:56 1,081,112 --a------ D:\WINDOWS\system32\wuaueng.dll
2007-08-27 15:56 1,081,112 --a------ D:\WINDOWS\system32\dllcache\wuaueng.dll
2007-08-27 15:50 24,661 --a------ D:\WINDOWS\system32\spxcoins.dll
2007-08-27 15:50 24,661 --a------ D:\WINDOWS\system32\dllcache\spxcoins.dll
2007-08-27 15:50 13,312 --a------ D:\WINDOWS\system32\irclass.dll
2007-08-27 15:50 13,312 --a------ D:\WINDOWS\system32\dllcache\irclass.dll
2007-08-27 00:24 73,728 --a------ D:\WINDOWS\system32\dllcache\nmcom.dll
2007-08-27 00:24 727,040 --a------ D:\WINDOWS\system32\dllcache\helpctr.exe
2007-08-27 00:24 364,544 --a------ D:\WINDOWS\system32\dllcache\callcont.dll
2007-08-27 00:24 253,952 --a------ D:\WINDOWS\system32\dllcache\mst120.dll
2007-08-27 00:03 218,624 --a------ D:\WINDOWS\system32\srrstr.dll
2007-08-27 00:03 218,624 --a------ D:\WINDOWS\system32\dllcache\srrstr.dll
2007-08-26 23:56 26,112 --a------ D:\WINDOWS\system32\xpsp1hfm.exe
2007-08-26 23:56 <DIR> d-------- D:\WINDOWS\$xpsp1hfm$
2007-08-26 15:35 <DIR> d-------- D:\WINDOWS\system32\bits
2007-08-26 15:08 7,680 --------- D:\WINDOWS\system32\bitsprx2.dll
2007-08-26 15:08 7,168 --------- D:\WINDOWS\system32\bitsprx3.dll
2007-08-26 15:08 331,776 --a------ D:\WINDOWS\system32\winhttp.dll
2007-08-26 15:08 17,408 --a------ D:\WINDOWS\system32\qmgrprxy.dll
2007-08-26 15:08 17,408 --a------ D:\WINDOWS\system32\dllcache\qmgrprxy.dll
2007-08-26 15:08 158,720 --------- D:\WINDOWS\system32\xpob2res.dll
2007-08-26 14:52 549,720 --a------ D:\WINDOWS\system32\wuapi.dll
2007-08-26 14:52 33,624 --a------ D:\WINDOWS\system32\wups.dll
2007-08-26 14:52 325,976 --a------ D:\WINDOWS\system32\wucltui.dll
2007-08-26 14:52 203,096 --a------ D:\WINDOWS\system32\wuweb.dll
2007-08-26 14:52 186,136 --a------ D:\WINDOWS\system32\wuaueng1.dll
2007-08-26 14:52 167,704 --a------ D:\WINDOWS\system32\wuauclt1.exe
2007-08-25 12:02 <DIR> d--hs---- D:\FOUND.002
2007-08-18 08:09 1,901 --a------ D:\WINDOWS\panose.bin
2007-07-30 19:19 43,352 --a------ D:\WINDOWS\system32\wups2.dll
2007-07-28 10:33 <DIR> d--hs---- D:\FOUND.001
2007-07-26 09:51 40,960 --a------ D:\WINDOWS\system32\flccodec32.dll
2007-07-26 09:51 24,064 --a------ D:\WINDOWS\system32\aasc32.dll
2007-07-26 09:51 16,896 --a------ D:\WINDOWS\system32\flcfile32.dll
2007-07-26 09:51 1,423 --a------ D:\WINDOWS\FLCNT.REG
2007-07-25 16:53 <DIR> d--hs---- D:\FOUND.000
2007-07-20 15:57 23,600 --a------ D:\WINDOWS\system32\drivers\TVICHW32.SYS
2007-07-19 17:43 <DIR> d-------- D:\Program Files\ASUS
2007-07-17 22:31 <DIR> d-------- D:\DOCUME~1\SUJITH~1\APPLIC~1\TypingMaster7
2007-07-16 10:31 <DIR> d-------- D:\DOCUME~1\SUJITH~1\APPLIC~1\Yoomba
2007-07-15 12:29 <DIR> d-------- D:\Program Files\QuickTime
2007-07-15 09:33 10,872 --a------ D:\WINDOWS\system32\drivers\AvgAsCln.sys
2007-07-15 01:01 <DIR> d-------- D:\WINDOWS\McAfee.com
2007-07-15 00:26 2,226 --a------ D:\WINDOWS\system32\tmp.reg
2007-07-15 00:25 53,248 --a------ D:\WINDOWS\system32\Process.exe
2007-07-15 00:25 51,200 --a------ D:\WINDOWS\system32\dumphive.exe
2007-07-15 00:25 288,417 --a------ D:\WINDOWS\system32\SrchSTS.exe
2007-07-10 22:34 76,560 --a------ D:\WINDOWS\system32\drivers\tmcomm.sys
2007-07-04 00:35 <DIR> d-------- D:\DOCUME~1\SUJITH~1\APPLIC~1\Symantec
2007-07-04 00:35 <DIR> d-------- D:\DOCUME~1\ALLUSE~1\APPLIC~1\Symantec
2007-07-04 00:19 <DIR> d-------- D:\Program Files\Yahoo!
2007-07-03 23:35 <DIR> d-------- D:\DOCUME~1\ALLUSE~1\APPLIC~1\TEMP


(((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))) ))

2007-07-12 18:49 399 --a------ D:\WINDOWS\system32\sysservice.dll
2007-06-18 11:43 46976 --a------ D:\WINDOWS\BricoPackUninst.cmd
2007-06-18 11:43 2165 --a------ D:\WINDOWS\BricoPackFoldersDelete.cmd
2004-10-01 15:00 40960 --a------ D:\Program Files\Uninstall_CDS.exe


((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))


*Note* empty entries & legit default entries are not shown

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\Curr entVersion\Run]
"HPDJ Taskbar Utility"="D:\WINDOWS\System32\spool\drivers\w32x86\3\hpztsb0 5.exe" [2002-07-11 23:33]
"Microsoft Startup Manager"="D:\WINDOWS\System32\sysservice.exe" []
"Easy-PrintToolBox"="D:\Program Files\Canon\Easy-PrintToolBox\BJPSMAIN.exe" [2004-01-14 06:40]
"NvCplDaemon"="NvQTwk" []
"nwiz"="nwiz.exe" [2002-05-24 10:12 D:\WINDOWS\system32\nwiz.exe]
"NVIDIA nForce APU1 Utilities"="NVATray.exe" [2002-06-18 11:55 D:\WINDOWS\system32\NVATray.exe]
"googletalk"="D:\Program Files\Google\Google Talk\googletalk.exe" [2007-01-02 02:52]
"AVG7_CC"="D:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe" [2007-08-31 08:03]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\Curre ntVersion\Run]
"swg"="D:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNo tifier.exe" [2007-06-14 12:53]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]
"appinit_dlls"=D:\WINDOWS\System32\hadjajr.ini

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\D:^Documents and Settings^All Users^Start Menu^Programs^Startup^WinZip Quick Pick.lnk]
backup=D:\WINDOWS\pss\WinZip Quick Pick.lnkCommon Startup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\!AVG Anti-Spyware]
"D:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" /minimized

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ASUS Probe]
C:\Program Files\ASUS\Probe\AsusProb.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AVG7_CC]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AVG7_EMC]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\googletalk]
D:\Program Files\Google\Google Talk\googletalk.exe /autostart

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MSMSGS]
"D:\Program Files\Messenger\msmsgs.exe" /background

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NeroFilterCheck]
D:\WINDOWS\system32\NeroCheck.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\swg]
D:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNo tifier.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\TkBellExe]
"D:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\WinampAgent]
"D:\Program Files\Winamp3\winampa.exe"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\services]
"gusvc"=3 (0x3)
"Avg7UpdSvc"=2 (0x2)
"Avg7Alrt"=2 (0x2)
"AVG Anti-Spyware Guard"=2 (0x2)

S3 ASUSHWIO;ASUSHWIO;\??\D:\WINDOWS\System32\drivers\ ASUSHWIO.sys


Contents of the 'Scheduled Tasks' folder
2007-08-31 11:58:50 D:\WINDOWS\Tasks\Symantec NetDetect.job - D:\Program Files\Symantec\LiveUpdate\NDETECT.EXE

************************************************** ************************

catchme 0.3.1061 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2007-08-31 17:29:38
Windows 5.1.2600 FAT NTAPI

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

************************************************** ************************

Completion time: 2007-08-31 17:33:31 - machine was rebooted
D:\ComboFix-quarantined-files.txt ... 2007-08-31 17:33

--- E O F ---
 
Run HJT and get it to fix;

O20 - AppInit_DLLs: D:\WINDOWS\System32\hadjajr.ini

Then;

Please download the following program;


http://siri.urz.free.fr/Fix/SmitfraudFix.exe

Then;

Reboot your computer in Safe Mode (before the Windows icon appears, tap the F8 key continually)

Double-click SmitfraudFix.exe

Select 2 and hit Enter to delete infect files.

You will be prompted: Do you want to clean the registry ? answer Y (yes) and hit Enter in order to remove the Desktop background and clean registry keys associated with the infection.

The tool will now check if wininet.dll is infected. You may be prompted to replace the infected file (if found): Replace infected file ? answer Y (yes) and hit Enter to restore a clean file.

A reboot may be needed to finish the cleaning process. The report can be found at the root of the system drive, usually at C:\rapport.txt

Note:
This program may be detected by some antivirus programs (AntiVir, Dr.Web, Kaspersky) as a "RiskTool". It is not a virus, but a program used to stop system processes. Antivirus programs cannot distinguish between "good" and "malicious" use of such programs, therefore they may alert the user.

Please post another HJT log when done.

:user:
 
muckshifter said:
Run HJT and get it to fix;

O20 - AppInit_DLLs: D:\WINDOWS\System32\hadjajr.ini

Then;

Please download the following program;


http://siri.urz.free.fr/Fix/SmitfraudFix.exe

Then;

Reboot your computer in Safe Mode (before the Windows icon appears, tap the F8 key continually)

Double-click SmitfraudFix.exe

Select 2 and hit Enter to delete infect files.

You will be prompted: Do you want to clean the registry ? answer Y (yes) and hit Enter in order to remove the Desktop background and clean registry keys associated with the infection.

The tool will now check if wininet.dll is infected. You may be prompted to replace the infected file (if found): Replace infected file ? answer Y (yes) and hit Enter to restore a clean file.

A reboot may be needed to finish the cleaning process. The report can be found at the root of the system drive, usually at C:\rapport.txt

Note:
This program may be detected by some antivirus programs (AntiVir, Dr.Web, Kaspersky) as a "RiskTool". It is not a virus, but a program used to stop system processes. Antivirus programs cannot distinguish between "good" and "malicious" use of such programs, therefore they may alert the user.

Please post another HJT log when done.

user.gif





sir
as u have said i fix the hjt file u have said and downlaoded smitfraudfix and ran it in safe mode and enter the 2 option in smitfraudfix but after a few seconds the computer became idle and i repeated the step one more time and the same thing happened
then i restarted the computer in normal mode and ran smitfraudfix and selected the 1 option and i got the log
i am here by posting the hjt log and the smitfraudfix log below
please look

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 16:05:38, on 06/09/2007
Platform: Windows XP (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 (6.00.2600.0000)
Boot mode: Normal
Running processes:
D:\WINDOWS\System32\smss.exe
D:\WINDOWS\system32\winlogon.exe
D:\WINDOWS\system32\services.exe
D:\WINDOWS\system32\lsass.exe
D:\WINDOWS\system32\svchost.exe
D:\WINDOWS\System32\svchost.exe
D:\WINDOWS\system32\spoolsv.exe
D:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
D:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
D:\WINDOWS\Explorer.EXE
D:\WINDOWS\System32\nvsvc32.exe
D:\WINDOWS\System32\spool\drivers\w32x86\3\hpztsb05.exe
D:\WINDOWS\System32\NVATray.exe
D:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
D:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE
D:\WINDOWS\system32\rundll32.exe
D:\Program Files\Trend Micro\HijackThis\HijackThis.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - d:\program files\google\googletoolbar1.dll
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - D:\WINDOWS\System32\msdxm.ocx
O4 - HKLM\..\Run: [HPDJ Taskbar Utility] D:\WINDOWS\System32\spool\drivers\w32x86\3\hpztsb05.exe
O4 - HKLM\..\Run: [Microsoft Startup Manager] D:\WINDOWS\System32\sysservice.exe
O4 - HKLM\..\Run: [Easy-PrintToolBox] D:\Program Files\Canon\Easy-PrintToolBox\BJPSMAIN.EXE /logon
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE NvQTwk,NvCplDaemon initialize
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [NVIDIA nForce APU1 Utilities] NVATray.exe
O4 - HKLM\..\Run: [googletalk] D:\Program Files\Google\Google Talk\googletalk.exe /autostart
O4 - HKLM\..\Run: [AVG7_CC] D:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe /STARTUP
O4 - HKCU\..\Run: [swg] D:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
O4 - HKUS\S-1-5-19\..\Run: [AVG7_Run] D:\PROGRA~1\Grisoft\AVGFRE~1\avgw.exe /RUNONCE (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [AVG7_Run] D:\PROGRA~1\Grisoft\AVGFRE~1\avgw.exe /RUNONCE (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-18\..\Run: [AVG7_Run] D:\PROGRA~1\Grisoft\AVGFRE~1\avgw.exe /RUNONCE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [AVG7_Run] D:\PROGRA~1\Grisoft\AVGFRE~1\avgw.exe /RUNONCE (User 'Default user')
O4 - Global Startup: Adobe Gamma Loader.lnk = D:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O8 - Extra context menu item: E&xport to Microsoft Excel - res://D:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O8 - Extra context menu item: Easy-WebPrint Add To Print List - res://D:\Program Files\Canon\Easy-WebPrint\Resource.dll/RC_AddToList.html
O8 - Extra context menu item: Easy-WebPrint High Speed Print - res://D:\Program Files\Canon\Easy-WebPrint\Resource.dll/RC_HSPrint.html
O8 - Extra context menu item: Easy-WebPrint Preview - res://D:\Program Files\Canon\Easy-WebPrint\Resource.dll/RC_Preview.html
O8 - Extra context menu item: Easy-WebPrint Print - res://D:\Program Files\Canon\Easy-WebPrint\Resource.dll/RC_Print.html
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - D:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: Related - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - D:\WINDOWS\web\related.htm
O9 - Extra 'Tools' menuitem: Show &Related Links - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - D:\WINDOWS\web\related.htm
O9 - Extra button: Enable / Disable Yoomba - {BAE22299-19C5-4f46-94A7-6D7A27212707} - D:\WINDOWS\System32\shdocvw.dll (HKCU)
O12 - Plugin for .spop: D:\Program Files\Internet Explorer\Plugins\NPDocBox.dll
O16 - DPF: {0D41B8C5-2599-4893-8183-00195EC8D5F9} (asusTek_sysctrl Class) - http://support.asus.com/common/asusTek_sys_ctrl.cab
O16 - DPF: {EECC2B58-FDE7-4F3A-B933-B25BE90F1D37} (CTXAXSetupCtl Object) - http://download.yoomba.com/YoombaActivation.cab
O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - D:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - D:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
O23 - Service: NVIDIA Driver Helper Service (NVSvc) - NVIDIA Corporation - D:\WINDOWS\System32\nvsvc32.exe
O24 - Desktop Component 0: (no name) - file:///D:/DOCUME~1/SUJITH~1/LOCALS~1/Temp/msohtml1/01/clip_image002.gif
--
End of file - 4442 bytes



SmitFraudFix v2.221
Scan done at 16:07:18.48, 06/09/2007
Run from D:\SmitfraudFix
OS: Microsoft Windows XP [Version 5.1.2600] - Windows_NT
The filesystem type is FAT32
Fix run in normal mode
»»»»»»»»»»»»»»»»»»»»»»»» Process
D:\WINDOWS\System32\smss.exe
D:\WINDOWS\system32\winlogon.exe
D:\WINDOWS\system32\services.exe
D:\WINDOWS\system32\lsass.exe
D:\WINDOWS\system32\svchost.exe
D:\WINDOWS\System32\svchost.exe
D:\WINDOWS\system32\spoolsv.exe
D:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
D:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
D:\WINDOWS\Explorer.EXE
D:\WINDOWS\System32\nvsvc32.exe
D:\WINDOWS\System32\spool\drivers\w32x86\3\hpztsb05.exe
D:\WINDOWS\System32\NVATray.exe
D:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
D:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE
D:\WINDOWS\system32\cmd.exe
»»»»»»»»»»»»»»»»»»»»»»»» hosts

»»»»»»»»»»»»»»»»»»»»»»»» D:\

»»»»»»»»»»»»»»»»»»»»»»»» D:\WINDOWS

»»»»»»»»»»»»»»»»»»»»»»»» D:\WINDOWS\system

»»»»»»»»»»»»»»»»»»»»»»»» D:\WINDOWS\Web

»»»»»»»»»»»»»»»»»»»»»»»» D:\WINDOWS\system32
D:\WINDOWS\system32\hadjajr.ini FOUND !
»»»»»»»»»»»»»»»»»»»»»»»» D:\Documents and Settings\SUJITH M S

»»»»»»»»»»»»»»»»»»»»»»»» D:\Documents and Settings\SUJITH M S\Application Data

»»»»»»»»»»»»»»»»»»»»»»»» Start Menu

»»»»»»»»»»»»»»»»»»»»»»»» D:\DOCUME~1\SUJITH~1\FAVORI~1

»»»»»»»»»»»»»»»»»»»»»»»» Desktop

»»»»»»»»»»»»»»»»»»»»»»»» D:\Program Files

»»»»»»»»»»»»»»»»»»»»»»»» Corrupted keys

»»»»»»»»»»»»»»»»»»»»»»»» Desktop Components

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Desktop\Components\0]
"Source"="file:///D:/DOCUME~1/SUJITH~1/LOCALS~1/Temp/msohtml1/01/clip_image002.gif"
"SubscribedURL"="file:///D:/DOCUME~1/SUJITH~1/LOCALS~1/Temp/msohtml1/01/clip_image002.gif"
"FriendlyName"=""

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Desktop\Components\1]
"Source"="About:Home"
"SubscribedURL"="About:Home"
"FriendlyName"="My Current Home Page"
»»»»»»»»»»»»»»»»»»»»»»»» Sharedtaskscheduler
!!!Attention, following keys are not inevitably infected!!!
SrchSTS.exe by S!Ri
Search SharedTaskScheduler's .dll

»»»»»»»»»»»»»»»»»»»»»»»» AppInit_DLLs
!!!Attention, following keys are not inevitably infected!!!
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]
"AppInit_DLLs"=""

»»»»»»»»»»»»»»»»»»»»»»»» Winlogon.System
!!!Attention, following keys are not inevitably infected!!!
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon]
"System"=""

»»»»»»»»»»»»»»»»»»»»»»»» Rustock

»»»»»»»»»»»»»»»»»»»»»»»» DNS

»»»»»»»»»»»»»»»»»»»»»»»» Scanning for wininet.dll infection

»»»»»»»»»»»»»»»»»»»»»»»» End
SmitFraudFix v2.221
Scan done at 16:09:02.28, 06/09/2007
Run from D:\SmitfraudFix
OS: Microsoft Windows XP [Version 5.1.2600] - Windows_NT
The filesystem type is FAT32
Fix run in normal mode
»»»»»»»»»»»»»»»»»»»»»»»» SharedTaskScheduler Before SmitFraudFix
!!!Attention, following keys are not inevitably infected!!!
SrchSTS.exe by S!Ri
Search SharedTaskScheduler's .dll
»»»»»»»»»»»»»»»»»»»»»»»» Killing process

»»»»»»»»»»»»»»»»»»»»»»»» hosts
127.0.0.1 localhost
»»»»»»»»»»»»»»»»»»»»»»»» Generic Renos Fix
GenericRenosFix by S!Ri

»»»»»»»»»»»»»»»»»»»»»»»» Deleting infected files

»»»»»»»»»»»»»»»»»»»»»»»» DNS

»»»»»»»»»»»»»»»»»»»»»»»» Deleting Temp Files

»»»»»»»»»»»»»»»»»»»»»»»» Winlogon.System
!!!Attention, following keys are not inevitably infected!!!
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon]
"System"=""
 
Your log is clean of any nasties I or it can see ... :thumb:


However, please visit Windows Update Site as you are not up-to-date especially with Internet Explorer ... Check Windowsupdate to update the Internet Explorer. The latest version is IE7

Check you have the latest version of SBS&D ... use the immunize button to add further "protection" against nasties being installed.

Also consider installing a second anti-malware program, such as, SuperAntiSpyware and run it as a backup to SBS&D ... :thumb:



:user:
 
muckshifter said:
Your log is clean of any nasties I or it can see ... :thumb:


However, please visit Windows Update Site as you are not up-to-date especially with Internet Explorer ... Check Windowsupdate to update the Internet Explorer. The latest version is IE7

Check you have the latest version of SBS&D ... use the immunize button to add further "protection" against nasties being installed.

Also consider installing a second anti-malware program, such as, SuperAntiSpyware and run it as a backup to SBS&D ... :thumb:



user.gif


respected sir,

thankyou for ur help but i still have a problem when i open add /remove programs in the controlpanel i am not able see anything so that if i want to remove some programs i am not able to but all the programs are working .
what should i do.
if u don't mint please comment.
 
Try this:
  1. Click Start, and then click Run.
  2. In the Open box, type cmd, and then press ENTER.
  3. In the Command window, type regsvr32 mshtml.dll, and then press ENTER.
  4. Click OK to confirm that the registry entry has been added.
  5. In the Command window, type regsvr32 shdocvw.dll -i, and then press ENTER.
  6. Click OK to confirm that the registry entry has been added.
  7. In the Command window, type regsvr32 shell32.dll -i, and then press ENTER.
  8. Click OK to confirm that the registry entry has been added.
  9. Close the Command window.
:thumb:
 
muckshifter said:
Try this:
  1. Click Start, and then click Run.
  2. In the Open box, type cmd, and then press ENTER.
  3. In the Command window, type regsvr32 mshtml.dll, and then press ENTER.
  4. Click OK to confirm that the registry entry has been added.
  5. In the Command window, type regsvr32 shdocvw.dll -i, and then press ENTER.
  6. Click OK to confirm that the registry entry has been added.
  7. In the Command window, type regsvr32 shell32.dll -i, and then press ENTER.
  8. Click OK to confirm that the registry entry has been added.
  9. Close the Command window.
:thumb:

sir
i have tried the way u have adviced me but nothing happened.
 
Bloody strange, I hate computers ...


OK, try ...

go to Start Button\Run and type appwiz.cpl and click OK


If it does not launch then appwiz is corrupted or missing from the windows\system32 directory and you will need to try SFC

For SFC ...

go to Start Button\Run and type sfc /scannow and click OK

You will need to insert your XP CD into the drive to continue ... and this will take some time to finish.

If that works, please visit Windows Update Site to check/reinstall for the latest patches.


If that fails ... then you are in more trouble than I thought. :(

You will need to then try and follow these instructions ...
http://support.microsoft.com/kb/266668

Good Luck!

:user:
 
thankyou sir for ur invaluable help u have given me .
sorry to waste ur time
persons like u r very rare in this world
in my opnion persons who help others without expecting anthing can be called as god. i think every person in this world has a god in them but they r not knowing it
thanks again for ur valuable comments.
 
the name is ... muckshifter

I'm no Sir, our Queen hasn't knighted me (yet), and I'm definitely no God ... but thanks anyway. ;)

If all else fails ... you will need to reinstall Windows. :(


:user:
 
muckshifter said:
I'm no Sir, our Queen hasn't knighted me (yet), and I'm definitely no God ... but thanks anyway. ;)

If all else fails ... you will need to reinstall Windows. :(


user.gif



once again thankyou sir.
bye.
 
Back
Top