REMOVING viruses,trojans-its removed my control panel

[CBMatt]

Yeah, most of the things unlovedwarrior suspects are fairly bad.  I hope you moved HijackThis to a permanent location like he suggested.  This is important.

Now, let's see what we can do here for you...  Once we start, you won't have access to this post anymore, so I recommend that you print out this post or save it to a Notepad file.  Open HijackThis and scan again.  Check the following entries, but don't do anything to them yet...

R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = wmplayer.exe //ICWLaunch

F2 - REG:system.ini: Shell=Explorer.exe C:\WINDOWS\System32\printer.exe

O4 - HKLM\..\Run: [WinAVX] C:\WINDOWS\System32\WinAvXX.exe
O4 - HKCU\..\Run: [WinAVX] C:\WINDOWS\System32\WinAvXX.exe  (There are two of this one.)
O4 - Startup: system.exe
O4 - Global Startup: autorun.exe

O9 - Extra button: Related - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\WINDOWS\web\related.htm
O9 - Extra 'Tools' menuitem: Show &Related Links - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\WINDOWS\web\related.htm

O16 - DPF: {AF2E62B6-F9E1-4D4F-A10A-9DC8E6DCBCC0} (VideoEgg ActiveX Loader) - http://update.videoegg.com/Install/Windows/Initial/VideoEggPublisher.exe

O20 - AppInit_DLLs: C:\WINDOWS\System32\hrum161.txt

Now, close all windows (including this one) besides HijackThis, then click Fix Checked.  Close HijackThis and reboot into Safe Mode and enable hidden files and folders.

Go to Start > Settings > Control Panel > Add/Remove Programs and remove the following (if present)...

Alexa

Please note any other programs that you dont recognize in that list in your next response.

Navigate to and delete the following file(s) if present...

C:\WINDOWS\System32\autorun.exe
C:\WINDOWS\System32\printer.exe
C:\WINDOWS\System32\system.exe
C:\WINDOWS\System32\WinAvXX.exe
C:\WINDOWS\web\related.htm

Once you've done all of this, reboot into Normal Mode and post a new HijackThis log so we can see if there's any other junk we need to clean up.  Let me know how everything's running now and if you had any problems following my steps.

Also...go ahead and download ComboFix and save it to your desktop.  Run the program and read its disclaimer (it's fairly short) and make sure you really pay attention to what it says.  Follow the prompts and when finished, it will produce a log at C:\ComboFix.txt.  Go ahead and post that here.  Note: Don't click on the window while it's running; this may cause stalls.

[unlovedwarrior]

sweet i was right

[ras90]

SmitFraudFix v2.207

Scan done at 19:56:37.21, 03/08/2007
Run from C:\Documents and Settings\Simpson\My Documents\My Received Files\SmitfraudFix
OS: Microsoft Windows XP [Version 5.1.2600] - Windows_NT
The filesystem type is FAT32
Fix run in normal mode

»»»»»»»»»»»»»»»»»»»»»»»» SharedTaskScheduler Before SmitFraudFix
!!!Attention, following keys are not inevitably infected!!!

SrchSTS.exe by S!Ri
Search SharedTaskScheduler's .dll

»»»»»»»»»»»»»»»»»»»»»»»» Killing process


»»»»»»»»»»»»»»»»»»»»»»»» hosts

127.0.0.1 localhost      #***Inserted By STOPzilla***

127.0.0.1 0websearch.com      # ***Inserted By STOPzilla***
127.0.0.1 2005-search.com      # ***Inserted By STOPzilla***
127.0.0.1 600pics.com      # ***Inserted By STOPzilla***
127.0.0.1 a1.interclick.com      # ***Inserted By STOPzilla***
127.0.0.1 absolutepics.net      # ***Inserted By STOPzilla***
127.0.0.1 ad.yieldmanager.com      # ***Inserted By STOPzilla***
127.0.0.1 alex.fileburst.com      # ***Inserted By STOPzilla***
127.0.0.1 all-tgp.org      # ***Inserted By STOPzilla***
127.0.0.1 all-websearch.com      # ***Inserted By STOPzilla***
127.0.0.1 apps.deskwizz.com      # ***Inserted By STOPzilla***
127.0.0.1 awmdabest.com      # ***Inserted By STOPzilla***
127.0.0.1 bailefunk.com      # ***Inserted By STOPzilla***
127.0.0.1 barteros.net      # ***Inserted By STOPzilla***
127.0.0.1 best4all.net      # ***Inserted By STOPzilla***
127.0.0.1 besthardcore.net      # ***Inserted By STOPzilla***
127.0.0.1 best-targeted-traffic.com      # ***Inserted By STOPzilla***
127.0.0.1 bins.elitemediagroup.net      # ***Inserted By STOPzilla***
127.0.0.1 bn.i-ru.net      # ***Inserted By STOPzilla***
127.0.0.1 brazauskas.info      # ***Inserted By STOPzilla***
127.0.0.1 bundleware.com      # ***Inserted By STOPzilla***
127.0.0.1 burnsrecyclinginc.com      # ***Inserted By STOPzilla***
127.0.0.1 campaigns.interclick.com      # ***Inserted By STOPzilla***
127.0.0.1 centralgate.biz      # ***Inserted By STOPzilla***
127.0.0.1 clickfast.biz      # ***Inserted By STOPzilla***
127.0.0.1 code.jcash.biz      # ***Inserted By STOPzilla***
127.0.0.1 code.trasferimento.biz      # ***Inserted By STOPzilla***
127.0.0.1 command.adservs.com      # ***Inserted By STOPzilla***
127.0.0.1 content.dollarrevenue.com      # ***Inserted By STOPzilla***
127.0.0.1 content.exetraffic.com      # ***Inserted By STOPzilla***
127.0.0.1 content2.dollarrevenue.com      # ***Inserted By STOPzilla***
127.0.0.1 coolwebsearch.com      # ***Inserted By STOPzilla***
127.0.0.1 cumhereteens.com      # ***Inserted By STOPzilla***
127.0.0.1 cyber-search.biz      # ***Inserted By STOPzilla***
127.0.0.1 ddh24.com      # ***Inserted By STOPzilla***
127.0.0.1 dedmazai.com      # ***Inserted By STOPzilla***
127.0.0.1 dnv-counter.com      # ***Inserted By STOPzilla***
127.0.0.1 download.abetterinternet.com      # ***Inserted By STOPzilla***
127.0.0.1 download.accessmedia.tv      # ***Inserted By STOPzilla***
127.0.0.1 download.jupitersatellites.biz      # ***Inserted By STOPzilla***
127.0.0.1 exeloads.info      # ***Inserted By STOPzilla***
127.0.0.1 faccesborrate.com      # ***Inserted By STOPzilla***
127.0.0.1 flavinha.com      # ***Inserted By STOPzilla***
127.0.0.1 forlink.biz      # ***Inserted By STOPzilla***
127.0.0.1 freevideo24.com      # ***Inserted By STOPzilla***
127.0.0.1 fullbizzone.com      # ***Inserted By STOPzilla***
127.0.0.1 game4all.biz      # ***Inserted By STOPzilla***
127.0.0.1 get-access.host.sk      # ***Inserted By STOPzilla***
127.0.0.1 go-pic.com      # ***Inserted By STOPzilla***
127.0.0.1 granjerascachondas.com      # ***Inserted By STOPzilla***
127.0.0.1 greatgoodsex.com      # ***Inserted By STOPzilla***
127.0.0.1 heretofind.com      # ***Inserted By STOPzilla***
127.0.0.1 hqthumbz.com      # ***Inserted By STOPzilla***
127.0.0.1 it.online-more.com      # ***Inserted By STOPzilla***
127.0.0.1 its.justcount.net      # ***Inserted By STOPzilla***
127.0.0.1 krovalidajop.com      # ***Inserted By STOPzilla***
127.0.0.1 l.mezzicodec.net      # ***Inserted By STOPzilla***
127.0.0.1 lust-mature.com      # ***Inserted By STOPzilla***
127.0.0.1 mikos.paraisoasiatico.com      # ***Inserted By STOPzilla***
127.0.0.1 mmm.elitemediagroup.net      # ***Inserted By STOPzilla***

[ras90]

127.0.0.1 more-pages.com      # ***Inserted By STOPzilla***
127.0.0.1 morteen.net      # ***Inserted By STOPzilla***
127.0.0.1 moviecsodecs.com      # ***Inserted By STOPzilla***
127.0.0.1 ms-counter.com      # ***Inserted By STOPzilla***
127.0.0.1 msmn.com      # ***Inserted By STOPzilla***
127.0.0.1 musah.info      # ***Inserted By STOPzilla***
127.0.0.1 netincap.com      # ***Inserted By STOPzilla***
127.0.0.1 newsh.com      # ***Inserted By STOPzilla***
127.0.0.1 niuqennaois.com      # ***Inserted By STOPzilla***
127.0.0.1 nnew-adult.info      # ***Inserted By STOPzilla***
127.0.0.1 *censored*-teen-bodies.com      # ***Inserted By STOPzilla***
127.0.0.1 onlyhotlinks.com      # ***Inserted By STOPzilla***
127.0.0.1 on-search.com      # ***Inserted By STOPzilla***
127.0.0.1 picshunter.us      # ***Inserted By STOPzilla***
127.0.0.1 picslab.com      # ***Inserted By STOPzilla***
127.0.0.1 prevedtraf.biz      # ***Inserted By STOPzilla***
127.0.0.1 promo.dollarrevenue.com      # ***Inserted By STOPzilla***
127.0.0.1 redirect.msupdate.net      # ***Inserted By STOPzilla***
127.0.0.1 rogalik.net      # ***Inserted By STOPzilla***
127.0.0.1 search4www.com      # ***Inserted By STOPzilla***
127.0.0.1 search-biz.biz      # ***Inserted By STOPzilla***
127.0.0.1 searchforit.com      # ***Inserted By STOPzilla***
127.0.0.1 searchx.cc      # ***Inserted By STOPzilla***
127.0.0.1 sex-pics.biz      # ***Inserted By STOPzilla***
127.0.0.1 sexyfaceplace.com      # ***Inserted By STOPzilla***
127.0.0.1 snow410.info      # ***Inserted By STOPzilla***
127.0.0.1 software.topinstalls.com      # ***Inserted By STOPzilla***
127.0.0.1 sp2admin.biz      # ***Inserted By STOPzilla***
127.0.0.1 surubanet.com      # ***Inserted By STOPzilla***
127.0.0.1 teadis.net      # ***Inserted By STOPzilla***
127.0.0.1 teen-biz.com      # ***Inserted By STOPzilla***
127.0.0.1 teen-fantazi.com      # ***Inserted By STOPzilla***
127.0.0.1 teenygirlshome.com      # ***Inserted By STOPzilla***
127.0.0.1 traff5all.biz      # ***Inserted By STOPzilla***
127.0.0.1 traffbest.biz      # ***Inserted By STOPzilla***
127.0.0.1 traffbucks.biz      # ***Inserted By STOPzilla***
127.0.0.1 traffmoney.biz      # ***Inserted By STOPzilla***
127.0.0.1 ukstories.net      # ***Inserted By STOPzilla***
127.0.0.1 ultra-search.biz      # ***Inserted By STOPzilla***
127.0.0.1 uniq-soft.com      # ***Inserted By STOPzilla***
127.0.0.1 vivisexy.com      # ***Inserted By STOPzilla***
127.0.0.1 wearehosters.com      # ***Inserted By STOPzilla***
127.0.0.1 www.0websearch.com      # ***Inserted By STOPzilla***
127.0.0.1 www.600pics.com      # ***Inserted By STOPzilla***
127.0.0.1 www.abetterstart.com      # ***Inserted By STOPzilla***
127.0.0.1 www.all-tgp.org      # ***Inserted By STOPzilla***
127.0.0.1 www.all-websearch.com      # ***Inserted By STOPzilla***
127.0.0.1 www.axmediaproject.com      # ***Inserted By STOPzilla***
127.0.0.1 www.bailefunk.com      # ***Inserted By STOPzilla***
127.0.0.1 www.best4all.net      # ***Inserted By STOPzilla***
127.0.0.1 www.besthardcore.net      # ***Inserted By STOPzilla***
127.0.0.1 www.bundleware.com      # ***Inserted By STOPzilla***
127.0.0.1 www.burnsrecyclinginc.com      # ***Inserted By STOPzilla***
127.0.0.1 www.coolwebsearch.com      # ***Inserted By STOPzilla***
127.0.0.1 www.dedmazai.com      # ***Inserted By STOPzilla***
127.0.0.1 www.flavinha.com      # ***Inserted By STOPzilla***
127.0.0.1 www.granjerascachondas.com      # ***Inserted By STOPzilla***
127.0.0.1 www.heretofind.com      # ***Inserted By STOPzilla***
127.0.0.1 www.hqthumbz.com      # ***Inserted By STOPzilla***
127.0.0.1 www.jtreeproperties.com      # ***Inserted By STOPzilla***
127.0.0.1 www.lattefresco.biz      # ***Inserted By STOPzilla***
127.0.0.1 www.lust-mature.com      # ***Inserted By STOPzilla***
127.0.0.1 www.mikos.paraisoasiatico.com      # ***Inserted By STOPzilla***
127.0.0.1 www.more-pages.com      # ***Inserted By STOPzilla***
127.0.0.1 www.msmn.com      # ***Inserted By STOPzilla***
127.0.0.1 www.msnwm.com      # ***Inserted By STOPzilla***
127.0.0.1 www.newsh.com      # ***Inserted By STOPzilla***
127.0.0.1 www.*censored*-teens-bodies.com      # ***Inserted By STOPzilla***
127.0.0.1 www.onli-ne.com      # ***Inserted By STOPzilla***
127.0.0.1 www.onlyhotlinks.com      # ***Inserted By STOPzilla***
127.0.0.1 www.on-search.com      # ***Inserted By STOPzilla***
127.0.0.1 www.picshunter.us      # ***Inserted By STOPzilla***
127.0.0.1 www.picslab.com      # ***Inserted By STOPzilla***
127.0.0.1 www.procounter.biz      # ***Inserted By STOPzilla***
127.0.0.1 www.search4www.com      # ***Inserted By STOPzilla***
127.0.0.1 www.searchforit.com      # ***Inserted By STOPzilla***
127.0.0.1 www.searchx.cc      # ***Inserted By STOPzilla***
127.0.0.1 www.sex-pics.biz      # ***Inserted By STOPzilla***
127.0.0.1 www.sp2admin.biz      # ***Inserted By STOPzilla***
127.0.0.1 www.spamcatchero.biz      # ***Inserted By STOPzilla***
127.0.0.1 www.surubanet.com      # ***Inserted By STOPzilla***
127.0.0.1 www.teen-biz.com      # ***Inserted By STOPzilla***
127.0.0.1 www.teen-fantazi.com      # ***Inserted By STOPzilla***
127.0.0.1 www.teenygirlshome.com      # ***Inserted By STOPzilla***
127.0.0.1 www.traff4ppc.biz      # ***Inserted By STOPzilla***
127.0.0.1 www.ufixer.com      # ***Inserted By STOPzilla***
127.0.0.1 www.vivisexy.com      # ***Inserted By STOPzilla***
127.0.0.1 www.voghp.com      # ***Inserted By STOPzilla***
127.0.0.1 www.wearehosters.com      # ***Inserted By STOPzilla***
127.0.0.1 www.ysbweb.com      # ***Inserted By STOPzilla***
127.0.0.1 www.zgallery.us      # ***Inserted By STOPzilla***
127.0.0.1 www.zonebest.com      # ***Inserted By STOPzilla***
127.0.0.1 ybbwxlxytz.biz      # ***Inserted By STOPzilla***
127.0.0.1 yepjnddqpq.biz      # ***Inserted By STOPzilla***
127.0.0.1 yhvoo.eseconsult.info      # ***Inserted By STOPzilla***
127.0.0.1 yougoodheer.com      # ***Inserted By STOPzilla***
127.0.0.1 ysbweb.com      # ***Inserted By STOPzilla***
127.0.0.1 z-advertise.com      # ***Inserted By STOPzilla***
127.0.0.1 zchxsikpgz.biz      # ***Inserted By STOPzilla***
127.0.0.1 zgallery.us      # ***Inserted By STOPzilla***
127.0.0.1 zonebest.com      # ***Inserted By STOPzilla***

»»»»»»»»»»»»»»»»»»»»»»»» Generic Renos Fix

GenericRenosFix by S!Ri


»»»»»»»»»»»»»»»»»»»»»»»» Deleting infected files


»»»»»»»»»»»»»»»»»»»»»»»» DNS

Description: WAN (PPP/SLIP) Interface
DNS Server Search Order: 205.188.146.145

HKLM\SYSTEM\CCS\Services\Tcpip\..\{FB5BB8B7-9AA3-41C1-B582-779DFB8CCFFD}: NameServer=205.188.146.145
HKLM\SYSTEM\CS1\Services\Tcpip\..\{FB5BB8B7-9AA3-41C1-B582-779DFB8CCFFD}: NameServer=205.188.146.145


»»»»»»»»»»»»»»»»»»»»»»»» Deleting Temp Files


»»»»»»»»»»»»»»»»»»»»»»»» Winlogon.System
!!!Attention, following keys are not inevitably infected!!!

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon]


»»»»»»»»»»»»»»»»»»»»»»»» Registry Cleaning
 
Registry Cleaning done.
 
»»»»»»»»»»»»»»»»»»»»»»»» SharedTaskScheduler After SmitFraudFix
!!!Attention, following keys are not inevitably infected!!!

SrchSTS.exe by S!Ri
Search SharedTaskScheduler's .dll


»»»»»»»»»»»»»»»»»»»»»»»» End

[CBMatt]

Did you follow the instructions in my post???