HELP PLEASE!!!! hijackthis report included

hello all i am a new member followed the stickied post to remove viruses and clean up your system and no luck i have trie almost every antivirus and spyware removal tool out there in and not in safe mode the virus is even active in safe mode :*(*********

here is my hijack this report please for the love of god someone help me

if anyone at all can help me i'de love you forever !!!!!!!!!!!

 

Welcome to Majorgeeks!

Please follow our standard cleaning procedures which are necessary for us to provide you support. Also there are steps included for installing, running, and posting HijackThis logs as attachments.

• Run ALL the steps in this Sticky thread READ & RUN ME FIRST Before Asking for Support
• Make sure you check version numbers and get all updates.
• Very Important: Make sure you tell us the results from running the tutorial...was anything found? Were you unable to complete any of the scans?...Were you unable to download any of the tools?...Did you do the on-line scans as suggested? etc.

• After doing ALL of the above you still have a problem make sure you have booted to normal mode and run the steps in the below link to properly use HijackThis and attach a log:

Downloading, Installing, and Running HijackThis

​

• When you return to make your next post, make sure you attach the following logs and that you have run these scans in the following order too:
  • runkeys.txt - the log from GetRunKey.bat
  • newfiles.txt - the log from ShowNew.bat[/B]
  • CounterSpy - ONLY IF you were not able to run Windows Defender
  • Bitdefender - from step 6
  • Panda Scan - from step 6
  • HijackThis

NOTE: You can only attach 3 files in a single message so it will require that you use two messages to attach all of these logs!

 

i uploaded the 3 files lemme see if i can upload the rest here is the bit defender hijack this report and one of the bat reports

 

here is the last one i was able to do the windows defender never gave me a report so i could not aqquire one and the pandascan for some reason wont load on my pc so i couldn't aquire that either someone please help me my computer is almost unusable

 

bump someone help me please

 

Please don't be impatient. We work through the threads from oldest to newest here so by 'bumping' your thread you are moving your thread back in the queue

Yes you are infected with malware but there are other issues here which probably arn't helping..

You have at least 3 resident AV programs running, Uninstal 2 of the following:

• AVG Free
• Avast
• Antivir Personal

​

While you are in Add/Remove programs also uninstall the following.

• J2SE Runtime Environment 5.0 Update 1
• J2SE Runtime Environment 5.0 Update 2
• Java 2 Runtime Environment Standard Edition v1.3.1_04

​

Install Sun Java Runtime Environment 5.0 Update 8

Your version of bitdefender is also out of date, the current version is 1.4

Tell me: Have you paid for any of the security applications on your computer ?

You have HijackThis installed incorrectly:

You have it here --> C:\Documents and Settings\Owner\Desktop\HijackThis.exe


This is exactly where we specify not to put it. The instructions indicate:

- not a temp folder
- not on the Desktop
- no sub folder of C:\Documents and Settings

You have also not renamed it as indicated in the instructions.

Please install it where recommended so that the backups created by HJT are in a safe location.

This is important as some malware hides from hijackthis unless it is renamed.

C:\Program Files\HJT\analyze.exe

DO ALL OF THE ABOVE BEFORE CONTINUING

Goto Start --> Run and type in services.msc and hit enter

In the list of services find the one called JDH and double click on it.

In the resulting dialog click stop and set the startup type to disabled

In the list of services find the one called AJYWTZ and double click on it.

In the resulting dialog click stop and set the startup type to disabled

Click apply and exit back to your desktop.

Run HiJackThis

CLick Open the Misc Tools section

Click Delete an NT service

Type in JDH and click ok.

Click Delete an NT service

Type in AJYWTZ and click ok.

Let me know what happens for both of these.

Exit HijackThis

Now rerun HiJackThis and click Do a system scan and save a logfile and post the log here.

 

thank you for the help i was unaware of the fact you had to do all the required above thank you though for helping me out i did all the above and to answer your question

CLick Open the Misc Tools section

Click Delete an NT service

Type in JDH and click ok.

Click Delete an NT service

Type in AJYWTZ and click ok

it found both of them and prompted me to deleate them

Tell me: Have you paid for any of the security applications on your computer ?

no i have not why is this relavent?

and it would not alow me to remove Java 2 Runtime Environment Standard Edition v1.3.1_04

said it is corrust or incorrect path

anyways here is the new hijackthis report i followed all directions cloosely renamed and relocated HJT and here is the new report thank you again for your help you are a life saver

UPDATE its not alowing me to upload the HJT report it says i can only have one in a post

 

there we go i attached it finally after some renaming and relocating the actual log file here it is hopefully this will help

 

You do not have newfiles installed correctly and it is an old version. please download the latest version and make sure you extract all the files in the zip to a folder before running the .bat file.

Using ShowNew

 

Try using Your Uninstaller! 2006 5.0.0.235

I just wondered whether you had paid subscriptions to some of them, some security programs are not great unless you buy the full version

Bitdefender has deleted one of the files to do with one of your mIRC scripts as it was a flooder, the rest of the files bitdefender shows are files that have been qurantined by AVG, empty the avg vault to remove them.

Download

- Pocket KillBox

Extract to its own folder somewhere that you will be able to locate later.

Run HijackThis. Click the 'Do a system scan only' button. Place a checkmark in the box next to the following lines:

Click on the 'Fix checked' button. Wait for HijackThis to finish; close HijackThis.

Now run Pocket Killbox:

Choose Tools -> Delete Temp Files and click the RED X.

Run Killbox.exe. Paste the below filenames into KILL BOX one at a time. Check mark the box that says "Delete on Reboot" and checkmark the box "Unregister DLL" (If available) Click the RED X and it will ask you to confirm the file for deletion say YES and when the next box opens prompting you to reboot now...click NO...and proceed with the next file. Once you get to the last one click YES and it will reboot.

If Killbox does not reboot or you get a Pending Operations type error message just reboot your PC yourself.

Now boot into SAFE MODE

Open Windows Explorer navigate to and DELETE the following: (Some of these may have already been deleted by Pocket Killbox)

If you have Windows XP delete the contents of C:\WINDOWS\Prefetch.

REBOOT to Normal Mode.

YOu don't really appear to have any malware in the new HJT log, and I am not expecting the pmnll.dll file to exist but we need to check.

I will check the shownew log when you post it

Let me know how things are running now

 

okay it still seems to be there what logs should i post now? it was running finie for the first few minutes then it ran like crap virus is shutting all browsers down again and makin it go crazy disabling my mouse driver

so what logs should i post now i followed everything to a T so

 

I still need the shownew log that I asked for

 

here is the show new and the bat file for ya virus is gettin worse and worse

 

Shownew is still not working correctly

Please download it again from the link above as the version you have is 5 versions behind and ensure you are extracting all files from the zip file to a folder and then rerun the batch file and post the log.

You say 'it is still there', what is? you say you have a virus in your first post but no more than that, what symptoms are you experiencing ?

 

ok here is the new shownew file and my symptoms are as follows

mouse seems to not move at all and stop working as if mouse driver gets disabled same symptoms. and all browsers either close or re alocate in size. mouse sparatically moves around screen opening and closeing programs. and sometimes all desktop icons and toolbars disapear and only backdrop apears. cannot use at all when active due to the fact it randomly opens and closes various files

 

When you ran shownew what did it say ? Its still not running properly.

Please tell me exactly what you did to run it.

Does any of the security applications you are running include a rule based firewall that has program control ? The symptoms you described sound to me like a remote access appplication. A properly configured firewall would prevent this.

 

no i just run avg and thats it and when i run shownew it says
c:\windows\system32\cmd.exe
c:\windows\system32\autoexec.nt. the system files is not suitable for rinning ms-dos and microsoft windows applications. choose 'close' to terminate the application

and its says close or ignore as options and prompts me about 10 times everytime i click ignore and then builds a log afterwards

 

The Using Shownew page explains this error and provides details to fix it.

 

here it is the updated fixed version

 

my pc is getting exetremely bad can you please help more i uploaded the new fixed versions for you

 

you STILL havn't run shownew correctly.

This folder should also contain the other programs from the zip file grep.exe and locate.com and time.exe

Please extract ALL the files from the zip file to that location and rerun it.

I really need a full shownew log as it will give me a list of programs that are installed on your computer so I can see if there is a known remote access program installed.

You really should be running a software firewall, a properly configured firewall would probably have prevented the problems you are having now.

Please download and install Zone Alarm Free

When you install it it will give you a tutorial on how to use it and how to choose what programs you allow access to the internet.

 

hi sorry i was away on business but i am back now to the terror of my pc i downloaded zonealarm and it didn't help here is the show new as you requested

 

Sorry for the delay. Please could you upload a new HJT log. I think because of the time thats lapsed it would be best if I looked at new logs.

 

here ya go

 

Your HJT log is showing no evidence of malware.

Lets check for rootkits!

Please follow the instructions here and post the log when you have completed it.

Using Sophos Anti-Rootkit

 

i noticed a while back when i was trying to remove the virus i saw something called afxrootkit

but i dunno if this is it i never could remove it

but i dont even know if thats whats causing this

 

OK that didn't find anything either.

Please describe in as much detail as possible what symptoms of malware you are having.

 

okay when i am using windows xp my mouse will go crazy and close any windows i.e browser notepad limewire ect i have open or it sometimes opens things off the desktop if im not doing anything and i cant use my mouse because its too busy going crazy all over the place and left and right clicking things rapidly. when i see this happen the mouse pointer is very sparatic it doesn't have a set path visually it just goes everywhere when i try and move it. if i do not try and move the mouse everything is fine but its when i move the mouse it also makes the left and right click on the mouse reverse until i close one program then it goes back to normail it also disables the mouse completely sometimes so i have to reboot to get the functionality of the mouse back the only way i have seemed to find to stop it is click alt cntrl del and end one program then it temporarily goes away (this does not work sometimes) it also happens in safe mode sometimes as well. and it doesn't matter what i have open it will still be active and it clicks things rapidly to open then or cause certain actions

 

Did you install zonealarm as I requested? Please give me a list of programs which you have allowed access.

 

yes i installed zone alarm i gave no programs access except for my internet explorer so i could use the net.
and it still was very active the virus it was still always there i didn't allow zone alarm to let anything through just to see if it would fix it and it didnt

 

yup i just bought a new mouse today and it fixed the problem it was the mouse lao after all that work it was the stupidest thing well thank

 

I guess I should have looked for the simpler problem first!

Glad your up and running now. Happy surfing!