I have the same problem although I was hit with some viruses before I realized it but somehow I am no longer the system administrator and the control panel tab is gone cannot access even in safe mode and cannot install or uninstall programs and it's killing me because I think my PC has been hijacked and do not know what to do please HELP. Every Microsoft page I have found says go to control panel????? I would if I could . I would love to just wipe my PC clean and start over. Any ideas on how to fix. I have windows xp.

Hi,Denied access to administrative tools is a general tell-tale sign for malware infection.Can you try right-clicking on Computer > select Manage. Does that work?You can also try scanning with MBAM: http://www.besttechie.net/tools/mbam-setup.exe and post here the log.

Malwarebytes' Anti-Malware 1.31 Database version: 1507 Windows 5.1.2600 Service Pack 2 12/16/2008 1:51:08 PM log121608 Scan type: Full Scan (C:\|) Objects scanned: 78285 Time elapsed: 20 minute(s), 24 second(s) Memory Processes Infected: 4 Memory Modules Infected: 1 Registry Keys Infected: 15 Registry Values Infected: 10 Registry Data Items Infected: 21 Folders Infected: 10 Files Infected: 35 Memory Processes Infected: C:\Program Files\Common Files\WinAntiSpyware 2007\WAS7Mon.exe (Rogue.WinAntiSpyware) -> No action taken. C:\Program Files\Common Files\WinAntiSpyware 2007\uwas7cw.exe (Rogue.WinAntiSpyware) -> No action taken. C:\Program Files\XP Antivirus\xpa.exe (Rogue.XPantivirus) -> No action taken. C:\Documents and Settings\All Users\Start Menu\Programs\Startup\autos.exe (Trojan.FakeAlert) -> No action taken. Memory Modules Infected: C:\WINDOWS\system32\bronto.dll (Trojan.FakeAlert) -> No action taken. Registry Keys Infected: HKEY_CLASSES_ROOT\CLSID\{d27987b8-7244-4de0-ae10-39b826b492f1} (Trojan.FakeAlert) -> No action taken. HKEY_CLASSES_ROOT\AppID\{d27987b8-7244-4de0-ae10-39b826b492f1} (Trojan.FakeAlert) -> No action taken. HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{d27987b8-7244-4de0-ae10-39b826b492f1} (Trojan.FakeAlert) -> No action taken. HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{d27987b8-7244-4de0-ae10-39b826b492f1} (Trojan.FakeAlert) -> No action taken. HKEY_CLASSES_ROOT\CLSID\{29c5a3b6-9a8d-4fa0-b5ad-3e20f4aa5c00} (Trojan.Zlob) -> No action taken. HKEY_CLASSES_ROOT\CLSID\{45C2FDBE-1D46-B98E-F9A9-9D44B93A9D52} (Trojan.Zlob) -> No action taken. HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{3aa42713-5c1e-48e2-b432-d8bf420dd31d} (Rogue.Antivirus2008) -> No action taken. HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{014da6c1-189f-421a-88cd-07cfe51cff10} (Adware.MyWebSearch) -> No action taken. HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{29c5a3b6-9a8d-4fa0-b5ad-3e20f4aa5c00} (Trojan.Zlob) -> No action taken. HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{014da6c9-189f-421a-88cd-07cfe51cff10} (Adware.MyWebSearch) -> No action taken. HKEY_CURRENT_USER\SOFTWARE\Security Tools (Trojan.Zlob) -> No action taken. HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\ntio256 (Rootkit.Agent) -> No action taken. HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\IExplorer Security Plug-in (Trojan.Zlob) -> No action taken. HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Internet Explorer Secure Bar (Trojan.Zlob) -> No action taken. HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Messenger Service (Trojan.Zlob) -> No action taken. Registry Values Infected: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\salestart (Rogue.WinAntiSpyware) -> No action taken. HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\uwas7cw (Rogue.WinAntiSpyware) -> No action taken. HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar\{29c5a3b6-9a8d-4fa0-b5ad-3e20f4aa5c00} (Trojan.Zlob) -> No action taken. HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Toolbar\WebBrowser\{29c5a3b6-9a8d-4fa0-b5ad-3e20f4aa5c00} (Trojan.Zlob) -> No action taken. HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\08316860017115874333320621574120 (Rogue.XPantivirus) -> No action taken. HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\virusprotectpro 3.3 (Rogue.VirusProtect) -> No action taken. HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\virusprotectpro (Rogue.VirusProtect) -> No action taken. HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\undefined (Trojan.FakeAlert) -> No action taken. HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\undefined (Trojan.FakeAlert) -> No action taken. HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run\user32.dll (Trojan.Zlob) -> No action taken. Registry Data Items Infected: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\System (Rootkit.DNSChanger.H) -> Data: kdmtu.exe -> No action taken. HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows\AppInit_DLLs (Trojan.FakeAlert) -> Data: c:\windows\system32\skuns.dat -> No action taken. HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows\AppInit_DLLs (Trojan.FakeAlert) -> Data: system32\skuns.dat -> No action taken. HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Shell (Trojan.FakeAlert) -> Data: c:\windows\system32\proper.exe -> No action taken. HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Shell (Trojan.FakeAlert) -> Data: system32\proper.exe -> No action taken. HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\DisableTaskMgr (Hijack.TaskManager) -> Bad: (1) Good: (0) -> No action taken. HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters\NameServer (Trojan.DNSChanger) -> Data: 85.255.115.30 85.255.112.184 -> No action taken. HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters\Interfaces\{2b7e2d06-af41-4ce1-8441-7a5e581c6b3a}\NameServer (Trojan.DNSChanger) -> Data: 85.255.115.30,85.255.112.184 -> No action taken. HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters\Interfaces\{5c62851e-4033-47f1-9666-6629721e4a4e}\DhcpNameServer (Trojan.DNSChanger) -> Data: 85.255.115.30,85.255.112.184 -> No action taken. HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters\Interfaces\{9c5b807a-482e-4847-8c06-92c07a3b1e6b}\DhcpNameServer (Trojan.DNSChanger) -> Data: 85.255.115.30,85.255.112.184 -> No action taken. HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters\Interfaces\{9c5b807a-482e-4847-8c06-92c07a3b1e6b}\NameServer (Trojan.DNSChanger) -> Data: 85.255.115.30,85.255.112.184 -> No action taken. HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\Tcpip\Parameters\NameServer (Trojan.DNSChanger) -> Data: 85.255.115.30 85.255.112.184 -> No action taken. HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\Tcpip\Parameters\Interfaces\{2b7e2d06-af41-4ce1-8441-7a5e581c6b3a}\NameServer (Trojan.DNSChanger) -> Data: 85.255.115.30,85.255.112.184 -> No action taken. HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\Tcpip\Parameters\Interfaces\{5c62851e-4033-47f1-9666-6629721e4a4e}\DhcpNameServer (Trojan.DNSChanger) -> Data: 85.255.115.30,85.255.112.184 -> No action taken. HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\Tcpip\Parameters\Interfaces\{9c5b807a-482e-4847-8c06-92c07a3b1e6b}\DhcpNameServer (Trojan.DNSChanger) -> Data: 85.255.115.30,85.255.112.184 -> No action taken. HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\Tcpip\Parameters\Interfaces\{9c5b807a-482e-4847-8c06-92c07a3b1e6b}\NameServer (Trojan.DNSChanger) -> Data: 85.255.115.30,85.255.112.184 -> No action taken. HKEY_LOCAL_MACHINE\SYSTEM\ControlSet003\Services\Tcpip\Parameters\NameServer (Trojan.DNSChanger) -> Data: 85.255.115.30 85.255.112.184 -> No action taken. HKEY_LOCAL_MACHINE\SYSTEM\ControlSet003\Services\Tcpip\Parameters\Interfaces\{2b7e2d06-af41-4ce1-8441-7a5e581c6b3a}\NameServer (Trojan.DNSChanger) -> Data: 85.255.115.30,85.255.112.184 -> No action taken. HKEY_LOCAL_MACHINE\SYSTEM\ControlSet003\Services\Tcpip\Parameters\Interfaces\{5c62851e-4033-47f1-9666-6629721e4a4e}\DhcpNameServer (Trojan.DNSChanger) -> Data: 85.255.115.30,85.255.112.184 -> No action taken. HKEY_LOCAL_MACHINE\SYSTEM\ControlSet003\Services\Tcpip\Parameters\Interfaces\{9c5b807a-482e-4847-8c06-92c07a3b1e6b}\DhcpNameServer (Trojan.DNSChanger) -> Data: 85.255.115.30,85.255.112.184 -> No action taken. HKEY_LOCAL_MACHINE\SYSTEM\ControlSet003\Services\Tcpip\Parameters\Interfaces\{9c5b807a-482e-4847-8c06-92c07a3b1e6b}\NameServer (Trojan.DNSChanger) -> Data: 85.255.115.30,85.255.112.184 -> No action taken. Folders Infected: C:\Program Files\Common Files\WinAntiSpyware 2007 (Rogue.WinAntiSpyware) -> No action taken. C:\Program Files\XP Antivirus (Rogue.XPantivirus) -> No action taken. C:\Documents and Settings\All Users\Application Data\SalesMonitor (Rogue.Multiple) -> No action taken. C:\Documents and Settings\All Users\Application Data\SalesMonitor\Data (Rogue.Multiple) -> No action taken. C:\Documents and Settings\Sanderson\Start Menu\Programs\VirusProtectPro (Rogue.VirusProtectPro) -> No action taken. C:\Documents and Settings\All Users\Application Data\WinAntiSpyware 2007 (Rogue.WinAntiSpyware) -> No action taken. C:\Documents and Settings\All Users\Application Data\WinAntiSpyware 2007\Data (Rogue.WinAntiSpyware) -> No action taken. C:\Documents and Settings\Sanderson\Application Data\WinAntiSpyware 2007 (Rogue.WinAntiSpyware) -> No action taken. C:\Documents and Settings\Sanderson\Application Data\WinAntiSpyware 2007\Logs (Rogue.WinAntiSpyware) -> No action taken. C:\Documents and Settings\Sanderson\Start Menu\XP Antivirus 2008 (Rogue.XPAntivirus) -> No action taken. Files Infected: C:\WINDOWS\system32\kdmtu.exe (Rootkit.DNSChanger.H) -> No action taken. C:\Documents and Settings\Sanderson\Local Settings\Application Data\koywg_navps.dat (Adware.Navipromo.H) -> No action taken. C:\Documents and Settings\Sanderson\Local Settings\Application Data\koywg_nav.dat (Adware.Navipromo.H) -> No action taken. C:\Documents and Settings\Sanderson\Local Settings\Application Data\koywg.dat (Adware.Navipromo.H) -> No action taken. C:\Documents and Settings\Sanderson\Local Settings\Application Data\koywg.exe (Adware.Navipromo.H) -> No action taken. C:\Program Files\Common Files\WinAntiSpyware 2007\WAS7Mon.exe (Rogue.WinAntiSpyware) -> No action taken. C:\Program Files\Common Files\WinAntiSpyware 2007\uwas7cw.exe (Rogue.WinAntiSpyware) -> No action taken. C:\WINDOWS\system32\bronto.dll (Trojan.FakeAlert) -> No action taken. C:\Documents and Settings\Sanderson\Application Data\winantispyware2007freeinstall[1].exe (Rogue.Installer) -> No action taken. C:\Documents and Settings\Sanderson\My Documents\AntvrsInstall.exe (Rogue.Installer) -> No action taken. C:\WINDOWS\wetre.exe (Trojan.Proxy) -> No action taken. C:\WINDOWS\0x57.exe (Trojan.Proxy) -> No action taken. C:\WINDOWS\system32\poof (Trojan.Proxy) -> No action taken. C:\WINDOWS\system32\scui.cpl (Trojan.FakeAlert) -> No action taken. C:\WINDOWS\system32\skuns.dat (Trojan.FakeAlert) -> No action taken. C:\WINDOWS\system32\koos.exe (Trojan.Proxy) -> No action taken. C:\WINDOWS\system32\kprof (Trojan.Proxy) -> No action taken. C:\WINDOWS\system32\drivers\FOPN.sys (Rogue.WinAntiSpyware) -> No action taken. C:\Program Files\Common Files\WinAntiSpyware 2007\err.log (Rogue.WinAntiSpyware) -> No action taken. C:\Program Files\XP Antivirus\xpa.exe (Rogue.XPantivirus) -> No action taken. C:\Documents and Settings\Sanderson\Start Menu\Programs\VirusProtectPro\VirusProtectPro 3.3 Website.lnk (Rogue.VirusProtectPro) -> No action taken. C:\Documents and Settings\All Users\Application Data\WinAntiSpyware 2007\Data\Abbr (Rogue.WinAntiSpyware) -> No action taken. C:\Documents and Settings\All Users\Application Data\WinAntiSpyware 2007\Data\ProductCode (Rogue.WinAntiSpyware) -> No action taken. C:\Documents and Settings\Sanderson\Application Data\WinAntiSpyware 2007\Logs\update.log (Rogue.WinAntiSpyware) -> No action taken. C:\Documents and Settings\Sanderson\Start Menu\XP Antivirus 2008\Uninstall XP Antivirus 2008.lnk (Rogue.XPAntivirus) -> No action taken. C:\Documents and Settings\Sanderson\Start Menu\XP Antivirus 2008\XP Antivirus 2008.lnk (Rogue.XPAntivirus) -> No action taken. C:\WINDOWS\system32\proper.exe (Trojan.FakeAlert) -> No action taken. C:\WINDOWS\system32\winter.exe (Trojan.FakeAlert) -> No action taken. C:\Documents and Settings\Aaron\Start Menu\Programs\Startup\infos.exe (Trojan.FakeAlert) -> No action taken. C:\WINDOWS\system32\nvs2.inf (Adware.EGDAccess) -> No action taken. C:\Documents and Settings\All Users\Start Menu\Programs\Startup\autos.exe (Trojan.FakeAlert) -> No action taken. C:\Documents and Settings\Sanderson\Start Menu\Programs\Startup\infos.exe (Trojan.FakeAlert) -> No action taken. C:\Documents and Settings\Sanderson\Favorites\Online Security Test.url (Rogue.Link) -> No action taken. C:\Documents and Settings\All Users\Start Menu\Online Security Guide.url (Rogue.Link) -> No action taken. C:\Documents and Settings\All Users\Start Menu\Security Troubleshooting.url (Rogue.Link) -> No action taken

here is the log after removing items. Malwarebytes' Anti-Malware 1.31Database version: 1507Windows 5.1.2600 Service Pack 2 12/16/2008 2:11:08 PMmbam-log-2008-12-16 (14-11-08).txt Scan type: Full Scan (C:\|)Objects scanned: 78285Time elapsed: 20 minute(s), 24 second(s) Memory Processes Infected: 4Memory Modules Infected: 1Registry Keys Infected: 15Registry Values Infected: 10Registry Data Items Infected: 21Folders Infected: 10Files Infected: 35 Memory Processes Infected:C:\Program Files\Common Files\WinAntiSpyware 2007\WAS7Mon.exe (Rogue.WinAntiSpyware) -> Unloaded process successfully.C:\Program Files\Common Files\WinAntiSpyware 2007\uwas7cw.exe (Rogue.WinAntiSpyware) -> Unloaded process successfully.C:\Program Files\XP Antivirus\xpa.exe (Rogue.XPantivirus) -> Unloaded process successfully.C:\Documents and Settings\All Users\Start Menu\Programs\Startup\autos.exe (Trojan.FakeAlert) -> Unloaded process successfully. Memory Modules Infected:C:\WINDOWS\system32\bronto.dll (Trojan.FakeAlert) -> Delete on reboot. Registry Keys Infected:HKEY_CLASSES_ROOT\CLSID\{d27987b8-7244-4de0-ae10-39b826b492f1} (Trojan.FakeAlert) -> Quarantined and deleted successfully.HKEY_CLASSES_ROOT\AppID\{d27987b8-7244-4de0-ae10-39b826b492f1} (Trojan.FakeAlert) -> Quarantined and deleted successfully.HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{d27987b8-7244-4de0-ae10-39b826b492f1} (Trojan.FakeAlert) -> Quarantined and deleted successfully.HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{d27987b8-7244-4de0-ae10-39b826b492f1} (Trojan.FakeAlert) -> Quarantined and deleted successfully.HKEY_CLASSES_ROOT\CLSID\{29c5a3b6-9a8d-4fa0-b5ad-3e20f4aa5c00} (Trojan.Zlob) -> Quarantined and deleted successfully.HKEY_CLASSES_ROOT\CLSID\{45C2FDBE-1D46-B98E-F9A9-9D44B93A9D52} (Trojan.Zlob) -> Quarantined and deleted successfully.HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{3aa42713-5c1e-48e2-b432-d8bf420dd31d} (Rogue.Antivirus2008) -> Quarantined and deleted successfully.HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{014da6c1-189f-421a-88cd-07cfe51cff10} (Adware.MyWebSearch) -> Quarantined and deleted successfully.HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{29c5a3b6-9a8d-4fa0-b5ad-3e20f4aa5c00} (Trojan.Zlob) -> Quarantined and deleted successfully.HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{014da6c9-189f-421a-88cd-07cfe51cff10} (Adware.MyWebSearch) -> Quarantined and deleted successfully.HKEY_CURRENT_USER\SOFTWARE\Security Tools (Trojan.Zlob) -> Quarantined and deleted successfully.HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\ntio256 (Rootkit.Agent) -> Quarantined and deleted successfully.HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\IExplorer Security Plug-in (Trojan.Zlob) -> Quarantined and deleted successfully.HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Internet Explorer Secure Bar (Trojan.Zlob) -> Quarantined and deleted successfully.HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Messenger Service (Trojan.Zlob) -> Quarantined and deleted successfully. Registry Values Infected:HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\salestart (Rogue.WinAntiSpyware) -> Quarantined and deleted successfully.HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\uwas7cw (Rogue.WinAntiSpyware) -> Quarantined and deleted successfully.HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar\{29c5a3b6-9a8d-4fa0-b5ad-3e20f4aa5c00} (Trojan.Zlob) -> Quarantined and deleted successfully.HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Toolbar\WebBrowser\{29c5a3b6-9a8d-4fa0-b5ad-3e20f4aa5c00} (Trojan.Zlob) -> Quarantined and deleted successfully.HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\08316860017115874333320621574120 (Rogue.XPantivirus) -> Quarantined and deleted successfully.HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\virusprotectpro 3.3 (Rogue.VirusProtect) -> Quarantined and deleted successfully.HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\virusprotectpro (Rogue.VirusProtect) -> Quarantined and deleted successfully.HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\undefined (Trojan.FakeAlert) -> Quarantined and deleted successfully.HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\undefined (Trojan.FakeAlert) -> Quarantined and deleted successfully.HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run\user32.dll (Trojan.Zlob) -> Quarantined and deleted successfully. Registry Data Items Infected:HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\System (Rootkit.DNSChanger.H) -> Data: kdmtu.exe -> Quarantined and deleted successfully.HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows\AppInit_DLLs (Trojan.FakeAlert) -> Data: c:\windows\system32\skuns.dat -> Delete on reboot.HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows\AppInit_DLLs (Trojan.FakeAlert) -> Data: system32\skuns.dat -> Delete on reboot.HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Shell (Trojan.FakeAlert) -> Data: c:\windows\system32\proper.exe -> Quarantined and deleted successfully.HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Shell (Trojan.FakeAlert) -> Data: system32\proper.exe -> Quarantined and deleted successfully.HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\DisableTaskMgr (Hijack.TaskManager) -> Bad: (1) Good: (0) -> Quarantined and deleted successfully.HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters\NameServer (Trojan.DNSChanger) -> Data: 85.255.115.30 85.255.112.184 -> Quarantined and deleted successfully.HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters\Interfaces\{2b7e2d06-af41-4ce1-8441-7a5e581c6b3a}\NameServer (Trojan.DNSChanger) -> Data: 85.255.115.30,85.255.112.184 -> Quarantined and deleted successfully.HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters\Interfaces\{5c62851e-4033-47f1-9666-6629721e4a4e}\DhcpNameServer (Trojan.DNSChanger) -> Data: 85.255.115.30,85.255.112.184 -> Quarantined and deleted successfully.HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters\Interfaces\{9c5b807a-482e-4847-8c06-92c07a3b1e6b}\DhcpNameServer (Trojan.DNSChanger) -> Data: 85.255.115.30,85.255.112.184 -> Quarantined and deleted successfully.HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters\Interfaces\{9c5b807a-482e-4847-8c06-92c07a3b1e6b}\NameServer (Trojan.DNSChanger) -> Data: 85.255.115.30,85.255.112.184 -> Quarantined and deleted successfully.HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\Tcpip\Parameters\NameServer (Trojan.DNSChanger) -> Data: 85.255.115.30 85.255.112.184 -> Quarantined and deleted successfully.HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\Tcpip\Parameters\Interfaces\{2b7e2d06-af41-4ce1-8441-7a5e581c6b3a}\NameServer (Trojan.DNSChanger) -> Data: 85.255.115.30,85.255.112.184 -> Quarantined and deleted successfully.HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\Tcpip\Parameters\Interfaces\{5c62851e-4033-47f1-9666-6629721e4a4e}\DhcpNameServer (Trojan.DNSChanger) -> Data: 85.255.115.30,85.255.112.184 -> Quarantined and deleted successfully.HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\Tcpip\Parameters\Interfaces\{9c5b807a-482e-4847-8c06-92c07a3b1e6b}\DhcpNameServer (Trojan.DNSChanger) -> Data: 85.255.115.30,85.255.112.184 -> Quarantined and deleted successfully.HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\Tcpip\Parameters\Interfaces\{9c5b807a-482e-4847-8c06-92c07a3b1e6b}\NameServer (Trojan.DNSChanger) -> Data: 85.255.115.30,85.255.112.184 -> Quarantined and deleted successfully.HKEY_LOCAL_MACHINE\SYSTEM\ControlSet003\Services\Tcpip\Parameters\NameServer (Trojan.DNSChanger) -> Data: 85.255.115.30 85.255.112.184 -> Quarantined and deleted successfully.HKEY_LOCAL_MACHINE\SYSTEM\ControlSet003\Services\Tcpip\Parameters\Interfaces\{2b7e2d06-af41-4ce1-8441-7a5e581c6b3a}\NameServer (Trojan.DNSChanger) -> Data: 85.255.115.30,85.255.112.184 -> Quarantined and deleted successfully.HKEY_LOCAL_MACHINE\SYSTEM\ControlSet003\Services\Tcpip\Parameters\Interfaces\{5c62851e-4033-47f1-9666-6629721e4a4e}\DhcpNameServer (Trojan.DNSChanger) -> Data: 85.255.115.30,85.255.112.184 -> Quarantined and deleted successfully.HKEY_LOCAL_MACHINE\SYSTEM\ControlSet003\Services\Tcpip\Parameters\Interfaces\{9c5b807a-482e-4847-8c06-92c07a3b1e6b}\DhcpNameServer (Trojan.DNSChanger) -> Data: 85.255.115.30,85.255.112.184 -> Quarantined and deleted successfully.HKEY_LOCAL_MACHINE\SYSTEM\ControlSet003\Services\Tcpip\Parameters\Interfaces\{9c5b807a-482e-4847-8c06-92c07a3b1e6b}\NameServer (Trojan.DNSChanger) -> Data: 85.255.115.30,85.255.112.184 -> Quarantined and deleted successfully. Folders Infected:C:\Program Files\Common Files\WinAntiSpyware 2007 (Rogue.WinAntiSpyware) -> Quarantined and deleted successfully.C:\Program Files\XP Antivirus (Rogue.XPantivirus) -> Quarantined and deleted successfully.C:\Documents and Settings\All Users\Application Data\SalesMonitor (Rogue.Multiple) -> Quarantined and deleted successfully.C:\Documents and Settings\All Users\Application Data\SalesMonitor\Data (Rogue.Multiple) -> Quarantined and deleted successfully.C:\Documents and Settings\Sanderson\Start Menu\Programs\VirusProtectPro (Rogue.VirusProtectPro) -> Quarantined and deleted successfully.C:\Documents and Settings\All Users\Application Data\WinAntiSpyware 2007 (Rogue.WinAntiSpyware) -> Quarantined and deleted successfully.C:\Documents and Settings\All Users\Application Data\WinAntiSpyware 2007\Data (Rogue.WinAntiSpyware) -> Quarantined and deleted successfully.C:\Documents and Settings\Sanderson\Application Data\WinAntiSpyware 2007 (Rogue.WinAntiSpyware) -> Quarantined and deleted successfully.C:\Documents and Settings\Sanderson\Application Data\WinAntiSpyware 2007\Logs (Rogue.WinAntiSpyware) -> Quarantined and deleted successfully.C:\Documents and Settings\Sanderson\Start Menu\XP Antivirus 2008 (Rogue.XPAntivirus) -> Quarantined and deleted successfully. Files Infected:C:\WINDOWS\system32\kdmtu.exe (Rootkit.DNSChanger.H) -> Quarantined and deleted successfully.C:\Documents and Settings\Sanderson\Local Settings\Application Data\koywg_navps.dat (Adware.Navipromo.H) -> Quarantined and deleted successfully.C:\Documents and Settings\Sanderson\Local Settings\Application Data\koywg_nav.dat (Adware.Navipromo.H) -> Quarantined and deleted successfully.C:\Documents and Settings\Sanderson\Local Settings\Application Data\koywg.dat (Adware.Navipromo.H) -> Quarantined and deleted successfully.C:\Documents and Settings\Sanderson\Local Settings\Application Data\koywg.exe (Adware.Navipromo.H) -> Quarantined and deleted successfully.C:\Program Files\Common Files\WinAntiSpyware 2007\WAS7Mon.exe (Rogue.WinAntiSpyware) -> Quarantined and deleted successfully.C:\Program Files\Common Files\WinAntiSpyware 2007\uwas7cw.exe (Rogue.WinAntiSpyware) -> Quarantined and deleted successfully.C:\WINDOWS\system32\bronto.dll (Trojan.FakeAlert) -> Delete on reboot.C:\Documents and Settings\Sanderson\Application Data\winantispyware2007freeinstall[1].exe (Rogue.Installer) -> Quarantined and deleted successfully.C:\Documents and Settings\Sanderson\My Documents\AntvrsInstall.exe (Rogue.Installer) -> Quarantined and deleted successfully.C:\WINDOWS\wetre.exe (Trojan.Proxy) -> Quarantined and deleted successfully.C:\WINDOWS\0x57.exe (Trojan.Proxy) -> Quarantined and deleted successfully.C:\WINDOWS\system32\poof (Trojan.Proxy) -> Delete on reboot.C:\WINDOWS\system32\scui.cpl (Trojan.FakeAlert) -> Quarantined and deleted successfully.C:\WINDOWS\system32\skuns.dat (Trojan.FakeAlert) -> Quarantined and deleted successfully.C:\WINDOWS\system32\koos.exe (Trojan.Proxy) -> Delete on reboot.C:\WINDOWS\system32\kprof (Trojan.Proxy) -> Delete on reboot.C:\WINDOWS\system32\drivers\FOPN.sys (Rogue.WinAntiSpyware) -> Quarantined and deleted successfully.C:\Program Files\Common Files\WinAntiSpyware 2007\err.log (Rogue.WinAntiSpyware) -> Quarantined and deleted successfully.C:\Program Files\XP Antivirus\xpa.exe (Rogue.XPantivirus) -> Quarantined and deleted successfully.C:\Documents and Settings\Sanderson\Start Menu\Programs\VirusProtectPro\VirusProtectPro 3.3 Website.lnk (Rogue.VirusProtectPro) -> Quarantined and deleted successfully.C:\Documents and Settings\All Users\Application Data\WinAntiSpyware 2007\Data\Abbr (Rogue.WinAntiSpyware) -> Quarantined and deleted successfully.C:\Documents and Settings\All Users\Application Data\WinAntiSpyware 2007\Data\ProductCode (Rogue.WinAntiSpyware) -> Quarantined and deleted successfully.C:\Documents and Settings\Sanderson\Application Data\WinAntiSpyware 2007\Logs\update.log (Rogue.WinAntiSpyware) -> Quarantined and deleted successfully.C:\Documents and Settings\Sanderson\Start Menu\XP Antivirus 2008\Uninstall XP Antivirus 2008.lnk (Rogue.XPAntivirus) -> Quarantined and deleted successfully.C:\Documents and Settings\Sanderson\Start Menu\XP Antivirus 2008\XP Antivirus 2008.lnk (Rogue.XPAntivirus) -> Quarantined and deleted successfully.C:\WINDOWS\system32\proper.exe (Trojan.FakeAlert) -> Quarantined and deleted successfully.C:\WINDOWS\system32\winter.exe (Trojan.FakeAlert) -> Quarantined and deleted successfully.C:\Documents and Settings\Aaron\Start Menu\Programs\Startup\infos.exe (Trojan.FakeAlert) -> Quarantined and deleted successfully.C:\WINDOWS\system32\nvs2.inf (Adware.EGDAccess) -> Quarantined and deleted successfully.C:\Documents and Settings\All Users\Start Menu\Programs\Startup\autos.exe (Trojan.FakeAlert) -> Quarantined and deleted successfully.C:\Documents and Settings\Sanderson\Start Menu\Programs\Startup\infos.exe (Trojan.FakeAlert) -> Quarantined and deleted successfully.C:\Documents and Settings\Sanderson\Favorites\Online Security Test.url (Rogue.Link) -> Quarantined and deleted successfully.C:\Documents and Settings\All Users\Start Menu\Online Security Guide.url (Rogue.Link) -> Quarantined and deleted successfully.C:\Documents and Settings\All Users\Start Menu\Security Troubleshooting.url (Rogue.Link) -> Quarantined and deleted successfully.

Hi kr6sand, regarding virus infection issue, I suggest you first try a free online virus scan on the following site: http://safety.live.com Meanwhile, if you need more help with virus-related issues, please contact Microsoft Product Support Services. For support within the United States and Canada, call toll-free (866) PCSAFETY (727-2338). For support outside the United States and Canada, visit the Product Support Services Web page (http://support.microsoft.com/?pr=SecurityHome ). Hope this helps! Sean Zhu - MSFT