1. Computer problem? Tech Support Guy is completely free -- paid for by advertisers and donations. Click here to join today! If you're new to Tech Support Guy, we highly recommend that you visit our Guide for New Members.

Removed virus but still no control panel and can't update windows. Help!!

Discussion in 'Virus & Other Malware Removal' started by stevemack, Oct 22, 2007.

Thread Status:
Not open for further replies.
Advertisement
  1. stevemack

    stevemack Thread Starter

    Joined:
    Oct 22, 2007
    Messages:
    7
    I was having a problem with a number of viruses and a worm which I think I fixed with the help of Combofix, SmitfraudFix and super anti spyware. Unfortunately I'm still not able to access the control panel and update the time due to a access restriction pop up. I have scanned the computer with Avast! and there are not any viruses found at this time. I can still access the control panel from the main user account but not from the account which acquired the virus. Here is my HiJack this log and Mwav log. Any help will be greatly appreciated.

    Stephen

    Logfile of Trend Micro HijackThis v2.0.2
    Scan saved at 9:19:41 AM, on 10/22/2007
    Platform: Windows XP SP2 (WinNT 5.01.2600)
    MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
    Boot mode: Normal

    Running processes:
    C:\WINDOWS\System32\smss.exe
    C:\WINDOWS\system32\winlogon.exe
    C:\WINDOWS\system32\services.exe
    C:\WINDOWS\system32\lsass.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\System32\svchost.exe
    C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
    C:\Program Files\Alwil Software\Avast4\ashServ.exe
    C:\WINDOWS\system32\LEXBCES.EXE
    C:\WINDOWS\system32\LEXPPS.EXE
    C:\WINDOWS\system32\spoolsv.exe
    C:\WINDOWS\Explorer.EXE
    C:\WINDOWS\System32\svchost.exe
    C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
    C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
    C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
    C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
    C:\WINDOWS\system32\taskmgr.exe
    C:\Program Files\Internet Explorer\iexplore.exe
    C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

    R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.dell4me.com/mywaybiz
    R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Dr. Sohn's Internet Explorer
    R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
    O3 - Toolbar: (no name) - {BA52B914-B692-46c4-B683-905236F6F655} - (no file)
    O3 - Toolbar: (no name) - {4982D40A-C53B-4615-B15B-B5B5E98D167C} - (no file)
    O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar3.dll
    O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
    O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
    O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
    O8 - Extra context menu item: &AOL Toolbar search - res://C:\Program Files\AOL Toolbar\toolbar.dll/SEARCH.HTML
    O8 - Extra context menu item: &Search - ?p=ZK
    O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\j2re1.4.2_03\bin\npjpi142_03.dll
    O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\j2re1.4.2_03\bin\npjpi142_03.dll
    O9 - Extra button: Messenger - {4528BBE0-4E08-11D5-AD55-00010333D0AD} - C:\Program Files\Yahoo!\Messenger\yhexbmes0521.dll
    O9 - Extra 'Tools' menuitem: Yahoo! Messenger - {4528BBE0-4E08-11D5-AD55-00010333D0AD} - C:\Program Files\Yahoo!\Messenger\yhexbmes0521.dll
    O9 - Extra button: AOL Toolbar - {4982D40A-C53B-4615-B15B-B5B5E98D167C} - (no file)
    O9 - Extra 'Tools' menuitem: AOL Toolbar - {4982D40A-C53B-4615-B15B-B5B5E98D167C} - (no file)
    O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\System32\Shdocvw.dll
    O9 - Extra button: MUSICMATCH MX Web Player - {d81ca86b-ef63-42af-bee3-4502d9a03c2d} - http://wwws.musicmatch.com/mmz/openWebRadio.html (file missing)
    O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
    O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
    O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
    O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
    O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?LinkId=39204&clcid=0x409
    O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://by108fd.bay108.hotmail.msn.com/resources/MsnPUpld.cab
    O20 - Winlogon Notify: !SASWinLogon - C:\Program Files\SUPERAntiSpyware\SASWINLO.dll
    O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
    O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe
    O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
    O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
    O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
    O23 - Service: LexBce Server (LexBceS) - Lexmark International, Inc. - C:\WINDOWS\system32\LEXBCES.EXE
    O23 - Service: OneStep Search Service - OneStepSearch.net, Inc. - C:\Program Files\OneStepSearch\onestep.exe

    --
    End of file - 4749 bytes

    File C:\Documents and Settings\Admin\Desktop\smitfraud\SmitfraudFix\Reboot.exe tagged as not-a-virus:RiskTool.Win32.Reboot.f. No Action Taken.
    File C:\Documents and Settings\Admin\Desktop\SmitfraudFix.zip tagged as not-a-virus:RiskTool.Win32.Reboot.f. No Action Taken.
    File C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP945\A0030820.dll tagged as not-a-virus:AdWare.Win32.OneStep.a. No Action Taken.
    File C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP951\A0032128.DLL tagged as not-a-virus:AdTool.Win32.MyWebSearch.as. No Action Taken.
    File C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP951\A0032129.dll tagged as not-a-virus:AdTool.Win32.MyWebSearch.au. No Action Taken.
    File C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP951\A0032130.scr tagged as not-a-virus:AdTool.Win32.MyWebSearch. No Action Taken.
    File C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP951\A0032137.DLL tagged as not-a-virus:AdTool.Win32.MyWebSearch.at. No Action Taken.
    File C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP951\A0032139.DLL tagged as not-a-virus:AdTool.Win32.MyWebSearch.bc. No Action Taken.
    File C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP951\A0032140.DLL tagged as not-a-virus:AdTool.Win32.MyWebSearch. No Action Taken.
    File C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP951\A0032141.DLL tagged as not-a-virus:AdTool.Win32.MyWebSearch.l. No Action Taken.
    File C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP951\A0032142.DLL tagged as not-a-virus:AdTool.Win32.MyWebSearch.af. No Action Taken.
    File C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP951\A0032143.DLL tagged as not-a-virus:AdTool.Win32.MyWebSearch.au. No Action Taken.
    File C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP951\A0032144.DLL tagged as not-a-virus:AdTool.Win32.MyWebSearch.au. No Action Taken.
    File C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP951\A0032145.SCR tagged as not-a-virus:AdTool.Win32.MyWebSearch. No Action Taken.
    File C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP951\A0032146.DLL tagged as not-a-virus:AdTool.Win32.MyWebSearch.au. No Action Taken.
    File C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP951\A0032147.DLL tagged as not-a-virus:AdTool.Win32.MyWebSearch. No Action Taken.
    File C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP951\A0032148.EXE tagged as not-a-virus:AdTool.Win32.MyWebSearch.a. No Action Taken.
    File C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP951\A0032149.DLL tagged as not-a-virus:AdTool.Win32.MyWebSearch.an. No Action Taken.
    File C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP951\A0032150.DLL tagged as not-a-virus:AdTool.Win32.MyWebSearch.aq. No Action Taken.
    File C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP951\A0032151.DLL tagged as not-a-virus:AdTool.Win32.MyWebSearch. No Action Taken.
    File C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP951\A0032153.DLL tagged as not-a-virus:AdTool.Win32.MyWebSearch.bc. No Action Taken.
    File C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP951\A0032154.DLL tagged as not-a-virus:AdTool.Win32.MyWebSearch.ax. No Action Taken.
    File C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP951\A0032156.DLL tagged as not-a-virus:AdTool.Win32.MyWebSearch.bc. No Action Taken.
    File C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP951\A0032158.DLL tagged as not-a-virus:AdTool.Win32.MyWebSearch. No Action Taken.
    File C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP951\A0032159.DLL tagged as not-a-virus:AdTool.Win32.MyWebSearch.as. No Action Taken.
    File C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP951\A0032160.DLL tagged as not-a-virus:AdTool.Win32.MyWebSearch.ad. No Action Taken.
    File C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP951\A0032162.EXE tagged as not-a-virus:AdTool.Win32.MyWebSearch.au. No Action Taken.
    File C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP951\A0032163.EXE tagged as not-a-virus:AdTool.Win32.MyWebSearch.au. No Action Taken.
    File C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP951\A0032164.DLL tagged as not-a-virus:AdTool.Win32.MyWebSearch.au. No Action Taken.
    File C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP951\A0032165.DLL tagged as not-a-virus:AdTool.Win32.MyWebSearch.i. No Action Taken.
    File C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP951\A0032169.DLL tagged as not-a-virus:AdTool.Win32.MyWebSearch.bc. No Action Taken.
    File C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP951\A0032170.EXE tagged as not-a-virus:AdTool.Win32.MyWebSearch. No Action Taken.
    File C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP951\A0032171.DLL tagged as not-a-virus:AdTool.Win32.MyWebSearch. No Action Taken.
    File C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP951\A0032567.dll tagged as not-a-virus:AdTool.Win32.MyWebSearch.bc. No Action Taken.
     
  2. MFDnNC

    MFDnNC

    Joined:
    Sep 7, 2004
    Messages:
    49,014
    Download http://downloads.andymanchesta.com/RemovalTools/SDFix.exe and save it to your Desktop.

    Double click SDFix.exe and it will extract the files to %systemdrive%
    (Drive that contains the Windows Directory, typically C:\SDFix)

    Please then reboot your computer in Safe Mode by doing the following :
    · Restart your computer
    · After hearing your computer beep once during startup, but before the Windows icon appears, tap the F8 key continually;
    · Instead of Windows loading as normal, the Advanced Options Menu should appear;
    · Select the first option, to run Windows in Safe Mode, then press Enter.
    · Choose your usual account.
    · Open the extracted SDFix folder and double click RunThis.bat to start the script.
    · Type Y to begin the cleanup process.
    · It will remove any Trojan Services and Registry Entries that it finds then prompt you to press any key to Reboot.
    · Press any Key and it will restart the PC.
    · When the PC restarts the Fixtool will run again and complete the removal process then display Finished, press any key to end the script and load your desktop icons.
    · Once the desktop icons load the SDFix report will open on screen and also save into the SDFix folder as Report.txt
    (Report.txt will also be copied to Clipboard ready for posting back on the forum).
    · Finally paste the contents of the Report.txt back on the forum with a new HijackThis log
     
  3. stevemack

    stevemack Thread Starter

    Joined:
    Oct 22, 2007
    Messages:
    7
    Thanks for your help with my issues. As you requested the files are below. tHE SDfix file was too big so I attatched it below.

    Logfile of Trend Micro HijackThis v2.0.2
    Scan saved at 6:09:03 AM, on 10/23/2007
    Platform: Windows XP SP2 (WinNT 5.01.2600)
    MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
    Boot mode: Normal

    Running processes:
    C:\WINDOWS\System32\smss.exe
    C:\WINDOWS\system32\winlogon.exe
    C:\WINDOWS\system32\services.exe
    C:\WINDOWS\system32\lsass.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\System32\svchost.exe
    C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
    C:\Program Files\Alwil Software\Avast4\ashServ.exe
    C:\WINDOWS\system32\LEXBCES.EXE
    C:\WINDOWS\system32\spoolsv.exe
    C:\WINDOWS\system32\LEXPPS.EXE
    C:\WINDOWS\System32\svchost.exe
    C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
    C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
    C:\WINDOWS\Explorer.EXE
    C:\WINDOWS\system32\wuauclt.exe
    C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
    C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
    C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

    R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.dell4me.com/mywaybiz
    R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Dr. Sohn's Internet Explorer
    R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
    O3 - Toolbar: (no name) - {BA52B914-B692-46c4-B683-905236F6F655} - (no file)
    O3 - Toolbar: (no name) - {4982D40A-C53B-4615-B15B-B5B5E98D167C} - (no file)
    O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar3.dll
    O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
    O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
    O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
    O8 - Extra context menu item: &AOL Toolbar search - res://C:\Program Files\AOL Toolbar\toolbar.dll/SEARCH.HTML
    O8 - Extra context menu item: &Search - ?p=ZK
    O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\j2re1.4.2_03\bin\npjpi142_03.dll
    O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\j2re1.4.2_03\bin\npjpi142_03.dll
    O9 - Extra button: Messenger - {4528BBE0-4E08-11D5-AD55-00010333D0AD} - C:\Program Files\Yahoo!\Messenger\yhexbmes0521.dll
    O9 - Extra 'Tools' menuitem: Yahoo! Messenger - {4528BBE0-4E08-11D5-AD55-00010333D0AD} - C:\Program Files\Yahoo!\Messenger\yhexbmes0521.dll
    O9 - Extra button: AOL Toolbar - {4982D40A-C53B-4615-B15B-B5B5E98D167C} - (no file)
    O9 - Extra 'Tools' menuitem: AOL Toolbar - {4982D40A-C53B-4615-B15B-B5B5E98D167C} - (no file)
    O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\System32\Shdocvw.dll
    O9 - Extra button: MUSICMATCH MX Web Player - {d81ca86b-ef63-42af-bee3-4502d9a03c2d} - http://wwws.musicmatch.com/mmz/openWebRadio.html (file missing)
    O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
    O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
    O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
    O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
    O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?LinkId=39204&clcid=0x409
    O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://by108fd.bay108.hotmail.msn.com/resources/MsnPUpld.cab
    O20 - Winlogon Notify: !SASWinLogon - C:\Program Files\SUPERAntiSpyware\SASWINLO.dll
    O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
    O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe
    O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
    O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
    O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
    O23 - Service: LexBce Server (LexBceS) - Lexmark International, Inc. - C:\WINDOWS\system32\LEXBCES.EXE
    O23 - Service: OneStep Search Service - OneStepSearch.net, Inc. - C:\Program Files\OneStepSearch\onestep.exe

    --
    End of file - 4700 bytes
     

    Attached Files:

  4. stevemack

    stevemack Thread Starter

    Joined:
    Oct 22, 2007
    Messages:
    7
    I guess the attachment is keeping my problem from getting worked on. Should I divide it up and make 7 replies out of it?
     
  5. MFDnNC

    MFDnNC

    Joined:
    Sep 7, 2004
    Messages:
    49,014
    Attachment was fine

    How is it now?
     
  6. stevemack

    stevemack Thread Starter

    Joined:
    Oct 22, 2007
    Messages:
    7
    Unfortunately I still don't have a control panel, can't update my Avast! and can't change the time and date settings due to restrictions. Is there anything else I can do? Thanks for your help thus far.

    Stephen
     
  7. MFDnNC

    MFDnNC

    Joined:
    Sep 7, 2004
    Messages:
    49,014
    Run SDFix again - boot the system
     
  8. stevemack

    stevemack Thread Starter

    Joined:
    Oct 22, 2007
    Messages:
    7
    OK here is the SDFix attachment and HiJack This report.

    Logfile of Trend Micro HijackThis v2.0.2
    Scan saved at 7:03:50 AM, on 10/25/2007
    Platform: Windows XP SP2 (WinNT 5.01.2600)
    MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
    Boot mode: Normal

    Running processes:
    C:\WINDOWS\System32\smss.exe
    C:\WINDOWS\system32\winlogon.exe
    C:\WINDOWS\system32\services.exe
    C:\WINDOWS\system32\lsass.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\System32\svchost.exe
    C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
    C:\Program Files\Alwil Software\Avast4\ashServ.exe
    C:\WINDOWS\system32\LEXBCES.EXE
    C:\WINDOWS\system32\LEXPPS.EXE
    C:\WINDOWS\system32\spoolsv.exe
    C:\WINDOWS\Explorer.EXE
    C:\WINDOWS\System32\svchost.exe
    C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
    C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
    C:\WINDOWS\system32\wscntfy.exe
    C:\WINDOWS\system32\wuauclt.exe
    C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
    C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
    C:\Program Files\Trend Micro\HijackThis\HijackThis.exe
    C:\Program Files\Alwil Software\Avast4\setup\setup.ovr

    R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
    O3 - Toolbar: (no name) - {BA52B914-B692-46c4-B683-905236F6F655} - (no file)
    O3 - Toolbar: (no name) - {4982D40A-C53B-4615-B15B-B5B5E98D167C} - (no file)
    O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar3.dll
    O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
    O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
    O4 - HKCU\..\Run: [SUPERAntiSpyware] C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
    O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\j2re1.4.2_03\bin\npjpi142_03.dll
    O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\j2re1.4.2_03\bin\npjpi142_03.dll
    O9 - Extra button: Messenger - {4528BBE0-4E08-11D5-AD55-00010333D0AD} - C:\Program Files\Yahoo!\Messenger\yhexbmes0521.dll
    O9 - Extra 'Tools' menuitem: Yahoo! Messenger - {4528BBE0-4E08-11D5-AD55-00010333D0AD} - C:\Program Files\Yahoo!\Messenger\yhexbmes0521.dll
    O9 - Extra button: AOL Toolbar - {4982D40A-C53B-4615-B15B-B5B5E98D167C} - (no file)
    O9 - Extra 'Tools' menuitem: AOL Toolbar - {4982D40A-C53B-4615-B15B-B5B5E98D167C} - (no file)
    O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\System32\Shdocvw.dll
    O9 - Extra button: MUSICMATCH MX Web Player - {d81ca86b-ef63-42af-bee3-4502d9a03c2d} - http://wwws.musicmatch.com/mmz/openWebRadio.html (file missing)
    O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
    O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
    O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
    O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
    O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?LinkId=39204&clcid=0x409
    O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://by108fd.bay108.hotmail.msn.com/resources/MsnPUpld.cab
    O20 - Winlogon Notify: !SASWinLogon - C:\Program Files\SUPERAntiSpyware\SASWINLO.dll
    O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
    O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe
    O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
    O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
    O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
    O23 - Service: LexBce Server (LexBceS) - Lexmark International, Inc. - C:\WINDOWS\system32\LEXBCES.EXE
    O23 - Service: OneStep Search Service - OneStepSearch.net, Inc. - C:\Program Files\OneStepSearch\onestep.exe

    --
    End of file - 4408 bytes
     

    Attached Files:

  9. stevemack

    stevemack Thread Starter

    Joined:
    Oct 22, 2007
    Messages:
    7
    I ran it again as you can see but I still can't update Avast! or adjust the time and date settings due to restrictions. I'm at a loss. The thing I do notice is that when I boot into safe mode the account that has problems is not an option to log into. I log into the admin account to run SDFix and then into the infected account to finish running SDFix after the reboot. Please let me know if there is anything else I can do. Thanks again.

    Stephen
     
  10. MFDnNC

    MFDnNC

    Joined:
    Sep 7, 2004
    Messages:
    49,014
    Log into the admin account after the boot
     
  11. MFDnNC

    MFDnNC

    Joined:
    Sep 7, 2004
    Messages:
    49,014
    To enable control panel in the registry,go to Start/Run/type:regedit /ok

    then find -

    HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\E xplorer

    Look in the right pane if you can see the dword value "NoControlPanel" then your right click and modify change the value data to "0" or you can delete that dword value
     
  12. stevemack

    stevemack Thread Starter

    Joined:
    Oct 22, 2007
    Messages:
    7
    The control panel is back! Thank you for your help. The only thing now is that I can't update Avast! This is the error I get when trying to update.

    Information about current update:
    Last encountered error: Cannot connect to download13.avast.com (unknown:80).

    Total time: 5:39


    Any ideas?
     
  13. Sponsor

As Seen On
As Seen On...

Welcome to Tech Support Guy!

Are you looking for the solution to your computer problem? Join our site today to ask your question. This site is completely free -- paid for by advertisers and donations.

If you're not already familiar with forums, watch our Welcome Guide to get started.

Join over 733,556 other people just like you!

Loading...
Thread Status:
Not open for further replies.

Short URL to this thread: https://techguy.org/641862

  1. This site uses cookies to help personalise content, tailor your experience and to keep you logged in if you register.
    By continuing to use this site, you are consenting to our use of cookies.
    Dismiss Notice