@ash!, I strongly recommend that you follow CastleCops' Malware Removal and Prevention procedure, a system CastleCops devised to enable users to either partially, or fully clean their systems without the direct aid of an expert.

Please read these instructions carefully. You will find the Malware Removal and Prevention Procedure here:

http://wiki.castlecops.com/Malware_Removal_and_Prevention:_Introduction

If that doesn't fix the problem, then go to this Forum, read the instructions at the top of the page carefully:

/f67-Hijackthis_Spyware_Viruses_Worms_Trojans_Oh_My.html

Follow these instructions:

/t102301-Hijackthis_Guidelines_Read_Before_Posting.html

and one of CC's trained 1st Responders or Security Experts will help you.

Note to everyone: You must be a CastleCops member to post for help in the HJT forum.

kk thanks, im gonna try it rite now

i cant seem to make this work, i also have this redirection error for internet explorer. Every link i put it redirects me to sum www.dns4error.com, any suggestions. i fixed the desktop part tho

Thats My log file, can anyone tell me wat to fix, im stumped, im tryin to fix a redirection virus in internet explorer, it goes to dns4error.com or somethin, i could use some help thanx

Running processes:
I:\WINDOWS\System32\smss.exe
I:\WINDOWS\system32\csrss.exe
I:\WINDOWS\system32\winlogon.exe
I:\WINDOWS\system32\services.exe
I:\WINDOWS\system32\lsass.exe
I:\WINDOWS\system32\svchost.exe
I:\WINDOWS\system32\svchost.exe
I:\Program Files\Windows Defender\MsMpEng.exe
I:\WINDOWS\System32\svchost.exe
I:\WINDOWS\system32\svchost.exe
I:\WINDOWS\system32\svchost.exe
I:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
I:\WINDOWS\system32\spoolsv.exe
I:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
I:\Program Files\COMODO\Firewall\cmdagent.exe
I:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
I:\Program Files\Spyware Doctor\svcntaux.exe
I:\WINDOWS\Explorer.EXE
I:\Program Files\Spyware Doctor\swdsvc.exe
I:\Program Files\ANI\ANIWZCS2 Service\WZCSLDR2.exe
I:\Program Files\Java\jre1.6.0_03\bin\jusched.exe
I:\WINDOWS\SOUNDMAN.EXE
I:\WINDOWS\system32\regsvr32.exe
I:\Program Files\COMODO\Firewall\cfp.exe
I:\Program Files\Microsoft IntelliType Pro\type32.exe
I:\Program Files\D-Link\AirPlus XtremeG\AirPlusCFG.exe
I:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe
I:\Program Files\Spyware Doctor\SDTrayApp.exe
I:\WINDOWS\system32\ctfmon.exe
I:\Program Files\Windows Defender\MSASCui.exe
I:\Program Files\DAEMON Tools Pro\DTProAgent.exe
I:\Program Files\LimeWire\LimeWire.exe
I:\WINDOWS\System32\alg.exe
I:\Program Files\Mozilla Firefox\firefox.exe
I:\Program Files\DAP\DAP.EXE
I:\Documents and Settings\Ashwin.ASHWINS-PC\Desktop\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
O2 - BHO: (no name) - {30BAA4DF-E0AB-4AFD-B6D8-FFAA032D0468} - I:\WINDOWS\system32\mljkljk.dll (file missing)
O2 - BHO: BitComet ClickCapture - {39F7E362-828A-4B5A-BCAF-5B79BFDFEA60} - I:\Program Files\BitComet\tools\BitCometBHO_1.1.5.19.dll
O2 - BHO: (no name) - {62780D18-D103-03D3-323A-01F43008B839} - I:\Program Files\Sbfvnlfg\xljhicco.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - I:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O3 - Toolbar: (no name) - {D0943516-5076-4020-A3B5-AEFAF26AB263} - (no file)
O4 - HKLM\..\Run: [ANIWZCS2Service] I:\Program Files\ANI\ANIWZCS2 Service\WZCSLDR2.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "I:\Program Files\Java\jre1.6.0_03\bin\jusched.exe"
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [hahqpyrw] regsvr32 /u "I:\Documents and Settings\All Users.WINDOWS\Application Data\hahqpyrw.dll"
O4 - HKLM\..\Run: [Printer] I:\WINDOWS\system32\printer.exe
O4 - HKLM\..\Run: [COMODO Firewall Pro] "I:\Program Files\COMODO\Firewall\cfp.exe" -s
O4 - HKLM\..\Run: [smgr] mgrs.exe
O4 - HKLM\..\Run: [type32] "I:\Program Files\Microsoft IntelliType Pro\type32.exe"
O4 - HKLM\..\Run: [DownloadAccelerator] "I:\Program Files\DAP\DAP.EXE" /STARTUP
O4 - HKLM\..\Run: [D-Link AirPlus XtremeG] I:\Program Files\D-Link\AirPlus XtremeG\AirPlusCFG.exe
O4 - HKLM\..\Run: [!AVG Anti-Spyware] "I:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" /minimized
O4 - HKLM\..\Run: [SDTray] "I:\Program Files\Spyware Doctor\SDTrayApp.exe"
O4 - HKLM\..\Run: [Windows Defender] "I:\Program Files\Windows Defender\MSASCui.exe" -hide
O4 - HKCU\..\Run: [Windows update loader] C:\Windows\xpupdate.exe
O4 - HKCU\..\Run: [MsnMsgr] "I:\Program Files\MSN Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [Mhsr] "I:\WINDOWS\WNSXS~1\wowexec.exe" -vt ndrv
O4 - HKCU\..\Run: [DAEMON Tools Pro Agent] "I:\Program Files\DAEMON Tools Pro\DTProAgent.exe"
O4 - HKCU\..\Run: [ctfmon.exe] I:\WINDOWS\system32\ctfmon.exe
O4 - Startup: .protected
O4 - Startup: LimeWire On Startup.lnk = I:\Program Files\LimeWire\LimeWire.exe
O4 - Global Startup: .protected
O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKLM\Software\Microsoft\Windows\CurrentVersion\Policies\System, DisableRegedit=1
O8 - Extra context menu item: &D&ownload &with BitComet - res://I:\Documents and Settings\Ashwin.ASHWINS-PC\Desktop\BitComet.exe/AddLink.htm
O8 - Extra context menu item: &D&ownload all video with BitComet - res://I:\Documents and Settings\Ashwin.ASHWINS-PC\Desktop\BitComet.exe/AddVideo.htm
O8 - Extra context menu item: &D&ownload all with BitComet - res://I:\Documents and Settings\Ashwin.ASHWINS-PC\Desktop\BitComet.exe/AddAllLink.htm
O8 - Extra context menu item: &Download with &DAP - I:\Program Files\DAP\dapextie.htm
O8 - Extra context menu item: Download &all with DAP - I:\Program Files\DAP\dapextie2.htm
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - I:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - I:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - I:\PROGRA~1\MICROS~3\OFFICE11\REFIEBAR.DLL
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - I:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - I:\Program Files\Messenger\msmsgs.exe
O11 - Options group: [INTERNATIONAL] International*
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - I:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - I:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O20 - AppInit_DLLs: I:\WINDOWS\system32\guard32.dll
O20 - Winlogon Notify: mljkljk - mljkljk.dll (file missing)
O20 - Winlogon Notify: winpsa32 - winpsa32.dll (file missing)
O21 - SSODL: E404Helper - {8211ed08-4668-48e7-805f-28d843e76071} - e404d.dll (file missing)
O21 - SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - I:\WINDOWS\system32\WPDShServiceObj.dll
O23 - Service: Ad-Aware 2007 Service (aawservice) - Lavasoft AB - I:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
O23 - Service: AVG Anti-Spyware Guard - GRISOFT s.r.o. - I:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
O23 - Service: COMODO Firewall Pro Helper Service (cmdAgent) - COMODO - I:\Program Files\COMODO\Firewall\cmdagent.exe
O23 - Service: LiveUpdate - Symantec Corporation - I:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE
O23 - Service: PC Tools Auxiliary Service (sdAuxService) - PC Tools - I:\Program Files\Spyware Doctor\svcntaux.exe
O23 - Service: PC Tools Security Service (sdCoreService) - PC Tools - I:\Program Files\Spyware Doctor\swdsvc.exe

@Ash! - Please read PCBruiser's instructions above. We only read logs in the HiJackThis forum. To post in this forum you need to register first (registering is free).

Once you have registered, follow the instructions in the Malware Removal and Prevention procedure and post your initial and final logs to that forum.

I dont know about msconfig but I asume the answer is similar to this one. I have however discovered the reg key that these viruses are using to disable the control panel and task manager.

First go to the key below:

HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer

Then delete the values listed below:

NoControlPanel
NoDriveTypeAutoRun

then go to this key:

HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\System

and delete this value:

DisableTaskMgr

This will have to be done once for every account on your computer that is affected by this problem. And must be done from that account.

Those can also be changed via the Group Policy Editor....