[evilfantasy]

OK lets try the Smitfraud removal again. Be sure you run it in Safe Mode. We will work on getting your settings back after this is gone.

Please do the following...
Download SmitfraudFix (by S!Ri) to your Desktop.
http://siri.urz.free.fr/Fix/SmitfraudFix.zip
Extract all the files to your Destop. A folder named SmitfraudFix will be created on your Desktop.

Reboot your computer in Safe Mode.
If the computer is running, shut down Windows, and then turn off the power.
Wait 30 seconds, and then turn the computer on.
Start tapping the F8 key. The Windows Advanced Options Menu appears. If you begin tapping the F8 key too soon, some computers display a "keyboard error" message. To resolve this, restart the computer and try again.
Ensure that the Safe Mode option is selected.
Press Enter. The computer then begins to start in Safe mode.
Login on your usual account.

Open the SmitfraudFix Folder, then double-click smitfraudfix.cmd file to start the tool.
Select option #2 - Clean by typing 2 and press Enter.
Wait for the tool to complete and disk cleanup to finish.
You will be prompted : "Registry cleaning - Do you want to clean the registry ?" answer Yes by typing Y and hit Enter.
The tool will also check if wininet.dll is infected. If a clean version is found, you will be prompted to replace wininet.dll. Answer Yes to the question "Replace infected file ?" by typing Y and hit Enter.

A reboot may be needed to finish the cleaning process, if you computer does not restart automatically please do it yourself manually.
The tool will create a log named rapport.txt in the root of your drive, eg: Local Disk C: or partition where your operating system is installed. Please post that log along with all others requested in your next reply.

Run CCleaner.
Do a fresh HJT scan and post a new HJT log along with a rapport.txt log
(2 attatchments)

[waynestep]

Hi,

I've run smitfraud in safe mode - it didn't prompt that wininet.dll was infected, and the rapport txt file attached.

Also ran CCleaner and HJT and the log file for latter is attached,

Kind regards

Wayne

[evilfantasy]

Have you gotten any of the controls back?

[waynestep]

No- still no control panel and when iIclick on the system program access and defaults I get the same restrictions messages.

Not looking good?

Wayne

[evilfantasy]

Run HJT and select Do a system scan only. Check and remove these entries.
O2 - BHO: IEHlprObj Class - {ABCDECF0-4B15-11D1-ABED-709549C10000} - C:\WINDOWS\system32\vtr159.dll
O20 - AppInit_DLLs: C:\WINDOWS\system32\hrum348.txt
Close all windows before fixing.

Install and run this SUPERAntispyware Free Edition
When you have SAS open click the preferences.
General and Startup tab Only have checked
Show splash screen on startup
Use XP style menus
Check for program updates when the application starts
Do not scan when SuperAntiSpyware starts
Realtime Protection Tab
Uncheck everything there
Then scan your computer
Have it fix what it finds.
If anything other then cookies are found then please save the log.
From SUPERAntispyware start page click Preferences>Statistics/Logs Tab>Highlight The Log>View Log
Add the log in the next post.

[waynestep]

Hi,

done everything you said and the superspyware log attached. Following re-boot, I still have no control panel and continue to get same restrictions messages when trying the set programme access and defaults.

Bit of a swine this one - thanks for your help so far.

I'm off to bed now, another early start in the morning,

Regards

Wayne

[evilfantasy]

Yes this is where we start having fun.

Download this. Open it and check all of the boxes as it will not hurt anything. Dial-a-fix

Then go to Windows Update just to be sure nothing is missing.

If you get any error messages from anything at all. I need to know the exact message word for word/number.

Let us know if this helps.

Also a fresh HJT log.

[waynestep]

Hi,

Have done as requested - no error messages, but the dail a fix scan was interrupted right at the start stating there were restrictions on the computer and it could not scan - it related to the adjust date and time check box. After clicking OK it started to scan the other areas - I've attached the log on the dial a fix scan if it helps.

Also HJT log attached.

Regards

Wayne

[evilfantasy]

Download this file - Link removed at posters request.
2. Double click combofix.exe & follow the prompts.
3. When finished, it will produce a log for you. Attach this log to your next reply

Note:

Do not mouseclick combofix's window while it is running. That may cause it to stall.

[waynestep]

Hi,

Combo fix log attached

regards

Wayne