this operation has been canceled due to restrictions in effect on this computer

Welcome to Majorgeeks!

Start by downloading a tool we will need - Pocket KillBox

Save it to its own folder somewhere that you will be able to locate it later.

Run HijackThis and select the following lines but DO NOT CLICK FIX until you exit all browser sessions including the one you are reading in right now:

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.sex.com
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
R3 - Default URLSearchHook is missing
O4 - HKLM\..\Run: [KernelFaultCheck] -
O4 - HKLM\..\Run: [svchost] \svchost.exe
O4 - HKLM\..\Run: [smss] \smss.exe
O4 - HKLM\..\Run: [NAV] \TaskManager.exe
O4 - HKLM\..\Run: [Zone Labs Client] C:\Windows\system32\win32dll.exe
O4 - HKLM\..\Run: [Windows Update] C:\Windows\kdb34894234.exe
O4 - HKLM\..\Run: [Win Services] C:\Windows\Services32.exe
O4 - HKLM\..\RunServices: [Services] C:\Windows\Services.exe

After clicking Fix, exit HJT.

Copy the bold text below to notepad. Save it as fixME.reg to your desktop. Be sure the "Save as" type is set to "all files" Once you have saved it double click it and allow it to merge with the registry.

Now run Pocket Killbox by doubleclicking on killbox.exe

• select File, Cleanup, Delete All Backups
• Choose Tools > Delete Temp Files and click Delete Selected Temp Files.
• Then after it deletes the files click the Exit (Save Settings) button.

NOTE: Pocket Killbox will only list the added files it is able to find on the system. So when you do the below, if some files do not show in the list after pasting them in, just continue.

Select:

• Delete on Reboot
• then Click on the All Files button.
• Please copy the file paths below to the clipboard by highlighting ALL of them and pressing CTRL + C (or, after highlighting, right-click and choose copy):

C:\svchost.exe
C:\smss.exe
C:\TaskManager.exe
C:\Windows\system32\win32dll.exe
C:\Windows\kdb34894234.exe
C:\Windows\Services32.exe
C:\Windows\Services.exe
C:\Autoexec.exe
C:\Calculator.exe
C:\ctfmng.exe
C:\Me ****ing a 17 Year Old Sexy Bitch VIDEO.exe
C:\WINDOWS\I HATE THAT BITCH!!!.exe
C:\WINDOWS\kb913800.exe

• Return to Killbox, go to the File menu, and choose Paste from Clipboard.
• Click the red-and-white Delete File button. Click Yes at the Delete on Reboot prompt.

If you receive a PendingFileRenameOperations prompt, just click OK to continue (But please let me know if you receive this message!).

If Killbox does not reboot just reboot your PC yourself.

You may have to manually delete the below since our filters are editing the curse word out of the below:
C:\Me ****ing a 17 Year Old Sexy Bitch VIDEO.exe

You know what it should say. Just delete this file.

Now run Ccleaner!

Now attach the below new logs and tell me how the above steps went.

1. GetRunKey
2. ShowNew
3. HJT

Make sure you tell me how things are working now!

Please don't attach anymore ZIP files. Your last one was infected with a Trojan and has been deleted.

 

None of those are files that windows needs to operate. They are all trojans. Valid copies of smss.exe, svchost.exe and sevices.exe would be in c:\windows\system32 and no place else. Everything in the above list is not valid.

You need to follow those instructions while logged into whatever account you posted the logs for.

 

And after looking back at your logs, the account you posted logs for was as3952

 

I repeat! You need to be logged into the account you posted logs for. That was not the Administator account. The account you posted logs for was as3952 and that is the account we are cleaning. The other accounts all need to be cleaned separately. In additon, unless we say to work in safe mode, you should be in normal boot mode.

 

I'm going to give you a new registry patch below anyway to try. If you cannot get it to add into the registry by double clicking on it, then run the Registry Editor and click File, Import. Then navigate to where you saved the new patch and select it and see if it adds into the registry this way.

Now Copy the bold text below to notepad. Save it as fixME.reg to your desktop. Be sure the "Save as" type is set to "all files" Once you have saved it double click it and allow it to merge with the registry.

You seem to have done a pretty good job a messing up your OS. I'm not sure if we can fix everything. You may have to do a reinstall. Time will tell. Also you seem to be missing many necessary applications. Like an antivirus, firewall, and antispyware. Did you have any of these installed previously?

Run HijackThis and select the following lines but DO NOT CLICK FIX until you exit all browser sessions including the one you are reading in right now:

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page =
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
R3 - Default URLSearchHook is missing
O4 - HKLM\..\Run: [zlclient] \zlclient.exe
O4 - HKLM\..\Run: [AluScheduler] \AluScheduler.exe
O15 - ProtocolDefaults: '@ivt' protocol is in My Computer Zone, should be Intranet Zone
O15 - ProtocolDefaults: 'file' protocol is in My Computer Zone, should be Internet Zone
O15 - ProtocolDefaults: 'ftp' protocol is in My Computer Zone, should be Internet Zone
O15 - ProtocolDefaults: 'http' protocol is in My Computer Zone, should be Internet Zone
O15 - ProtocolDefaults: 'https' protocol is in My Computer Zone, should be Internet Zone

After clicking Fix, exit HJT.

Now we need to Reset Web Settings:

1. If you have an Internet Explorer icon on your Desktop, goto step 2. If not, skip to step 3.
2. Now right click on your desktop Internet Explorer icon and select Properties. Then click the Programs tab and then click "Reset Web Settings". Now go back to the General tab and set your home page address to something useful like www.majorgeeks.com. Click Apply. Click Delete Cookies, Click Delete Files and select Delete all Offline content too, Click OK. When it finishes Click OK. Then skip step 3.
3. If you do not have an Internet Explorer icon on your Desktop, click Start, Control Panel (for some systems it may be Start, Settings, Control Panel), Internet Options, Programs tab and then click "Reset Web Settings". Now go back to the General tab and set your home page address to something useful like www.majorgeeks.com. Click Apply. Click Delete Cookies, Click Delete Files and select Delete all Offline content too, Click OK. When it finishes Click OK.

Note for IE 7 users: You need to select Internet Options then the Advanced tab and then Reset Internet Explorer Settings!

Now reboot in normal mode

Now goto the following site and do a file scan of the below file on your PC: http://virusscan.jotti.org/

C:\WINDOWS\explorer.exe

This is your Windows Explorer shell and I want to make sure it is not infected. Attach the log from the online scans!

Now attach the below new logs and tell me how the above steps went.

1. GetRunKey
2. ShowNew
3. HJT

Make sure you tell me how things are working now!

 

You listed a Task Manager processes list not files! System Idle Process is a fake Task Manager item shown to represent your CPU's idle time. And what do you mean they are on your D drive? How did they even get there? Did you install a new/second drive on your system?

I'm really starting to think you should just format and reinstall. I have no idea what you have done to your system but it goes way beyond malware problems.

 

It's your decision on how you want to proceed. If you with to continue the cleaning, just work thru the steps in message # 11 and we will go from there.