I cant fix my computer i tried running my adaware and even download a "winavxx fix" and it didn't work i'll attach my hijackthis log file. Anything that i can do to help would be great!

Attached Files

hijackthis.log (13.9 KB, 1 views)

Hello, and welcome to PCHF.

Please run HijackThis and place a checkmark by the following entries:
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Int ernet Settings,ProxyServer = :0
R3 - URLSearchHook: (no name) - ~CFBFAE00-17A6-11D0-99CB-00C04FD64497} - (no file)
O4 - HKLM\..\Run: [DoNotDelete] C:\WINDOWS\system32\explore.exe
O4 - HKCU\..\Run: [DoNotDelete] C:\WINDOWS\system32\explore.exe
O4 - Startup: info.exe
O4 - Startup: system.exe
O4 - Global Startup: autorun.exe
O4 - Global Startup: info.exe
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O16 - DPF: {DF780F87-FF2B-4DF8-92D0-73DB16A1543A} - http://utu.popcap.com/games/popcaploader_v6.cab
O20 - AppInit_DLLs: C:\WINDOWS\system32\hadjajr.ini
O23 - Service: SupportSoft Sprocket Service (ddoctorv2) (sprtsvc_ddoctorv2) - Unknown owner - C:\Program Files\Comcast\Desktop Doctor\bin\sprtsvc.exe" /service /P ddoctorv2 (file missing)

Check these if you or your system administrator did not set this policy to prevent access to the registry:
O7 - HKCU\Software\Microsoft\Windows\CurrentVersion\Pol icies\System, DisableRegedit=1
O7 - HKLM\Software\Microsoft\Windows\CurrentVersion\Pol icies\System, DisableRegedit=1

Close all other windows except HijackThis and press "Fix Checked". Then close HijackThis and restart the computer.



Now. Click Start, and then click Search. In the Search Companion dialog box, click All files and folders. Type the following filename: info.exe. In the Look in box, click C:\ Then click Search. If the file is found, delete it.

Repeat for these other filenames:
system.exe
autorun.exe




Then navigate to and delete the following files, if found:
C:\WINDOWS\system32\explore.exe
C:\WINDOWS\system32\hadjajr.ini

Restart your computer again.



Now download SmitfraudFix (by S!Ri)
Extract the content (a folder named SmitfraudFix) to your Desktop.

Open the SmitfraudFix folder and double-click smitfraudfix.cmd
Select option #1 - Search by typing 1 and press "Enter"; a text file will appear, which lists infected files (if present).
Please copy/paste the content of that report into your next reply, as well as a new HijackThis log.

Note : process.exe is detected by some antivirus programs (AntiVir, Dr.Web, Kaspersky) as a "RiskTool"; it is not a virus, but a program used to stop system processes. Antivirus programs cannot distinguish between "good" and "malicious" use of such programs, therefore they may alert the user.
http://www.beyondlogic.org/consulting/proc...processutil.htm

Okay so i tried to do it, and when i clicked fix this, it said, Editing registry has been denied by your system admin. To bad thats me and i never did. So i tried to delete the rest and some of i could while others i couldn't because they were still in use. Here are are my two new logs

Attached Files

	rapport.txt (6.0 KB, 1 views)
	hijackthis.log (13.5 KB, 1 views)

Ok forget HijackThis for the moment.

You should print out these instructions, or copy them to a Notepad file for reading while in Safe Mode, because you will not be able to connect to the Internet to read from this site.

Please reboot your computer in Safe Mode by doing the following :

• Restart your computer
• After hearing your computer beep once during startup, but before the Windows icon appears, tap the F8 key continually;
• Instead of Windows loading as normal, a menu with options should appear;
• Select the first option, to run Windows in Safe Mode, then press "Enter".
• Choose your usual account.

Once in Safe Mode, open the SmitfraudFix folder again and double-click smitfraudfix.cmd
Select option #2 - Clean by typing 2 and press "Enter" to delete infected files.

You will be prompted : "Registry cleaning - Do you want to clean the registry ?"; answer "Yes" by typing Y and press "Enter" in order to remove the Desktop background and clean registry keys associated with the infection.

The tool will now check if wininet.dll is infected. You may be prompted to replace the infected file (if found); answer "Yes" by typing Y and press "Enter".


The tool may need to restart your computer to finish the cleaning process; if it doesn't, please restart anyway into normal Windows. A text file will appear onscreen, with results from the cleaning process; please copy/paste the content of that report into your next reply along with a new HijackThis log.
The report can also be found at the root of the system drive, usually at C:\rapport.txt

Warning : running option #2 on a non infected computer may remove your Desktop background..

Okay So i did all of that, it looks better so far, but now i can acess my control pannle. On start i have set program acess and defaults, but i cant even go into to becuase it says it is disabled. But i would like to be able to reach my own control pannel.

Here is my new logs and i would love to know how to fix my new issue.

Edit* I cant even change my desktop.

Attached Files

	rapport.txt (4.3 KB, 1 views)
	hijackthis.log (13.1 KB, 1 views)

Please boot to Safe Mode again. Run HijackThis and place a checkmark by the following entries:
R3 - URLSearchHook: (no name) - ~CFBFAE00-17A6-11D0-99CB-00C04FD64497} - (no file)
O2 - BHO: (no name) - {549B5CA7-4A86-11D7-A4DF-000874180BB3} - (no file)
O2 - BHO: (no name) - {AA58ED58-01DD-4d91-8333-CF10577473F7} - (no file)
O2 - BHO: (no name) - {FDD3B846-8D59-4ffb-8758-209B6AD74ACC} - (no file)
O4 - HKLM\..\Run: [DoNotDelete] C:\WINDOWS\system32\explore.exe
O4 - HKCU\..\Run: [DoNotDelete] C:\WINDOWS\system32\explore.exe
O4 - Startup: info.exe
O4 - Startup: The Matrix_ Path of Neo Registration.lnk = C:\Documents and Settings\David Shetter\Local Settings\Temp\{0B00267A-C065-4198-B95A-D57B5F0929F9}\{E571E8B1-9771-465D-9DE0-3BA2D1BDAE99}\ATR1.exe
O4 - Global Startup: info.exe

Close all other windows except HijackThis and press "Fix Checked". Then close HijackThis and restart the computer.


Still in Safe Mode?

Click Start, and then click Search. In the Search Companion dialog box, click All files and folders. Type the following filename: info.exe. In the Look in box, click C:\ Then click Search. If the file is found, delete it.

Then navigate to and delete the following file again, if found:
C:\WINDOWS\system32\explore.exe


Restart the computer. You should get back to normal mode now. Then run HijackThis and post the new log in your next reply.