Need Desparate help with HJT Log!!!

Hi I am attaching my HJT log file after completing each and every step described in this thread

http://forums.majorgeeks.com/showthread.php?t=35407

I need desparate help with this log so i can remove harmful process.
Thanks in anticipation.

 

Welcome to MajorGeeks.com!

You have skipped several steps

Please follow our standard cleaning procedures which are necessary for us to provide you support. Also there are steps included for installing, running, and posting HijackThis logs as attachments.

- Run ALL the steps in this Sticky thread READ & RUN ME FIRST Before Asking for Support

• Make sure you check version numbers and get all updates.

After doing ALL of the above you still have a problem make sure you have booted to normal mode and run the steps in the below link to properly use HijackThis:

Downloading, Installing, and Running HijackThis

When you return to make your next post, make sure you attach the following logs and that you have run these scans in the following order too (these scans are covered in steps 6 & 7 of the READ & RUN ME sticky)

• Bitdefender
• Panda Scan
• HijackThis

 

I wanted to do as you said but now i can not open any window on my pc... and that includes almost all of the spyware/malware removal programs. I think some spyware/malware program has deleted cruicial windows registry files... AGAIN thats what i think based on the performance of the pc right now...and i may be wrong..... when i double click on any program....it just doesn't open. i can only open control panel and when i click on add/remove icon..it doesnt open also...

anyone know what could be the problem
thanks

 

I boot the pc into safe mode and tried to run the programs to remove spyware..but i can not run any program or open any program in safe mode . I tried with "safe mode with networking" and also with "safe mode withere out networking"... i dont think my problem is spyware anymore..its some cruicial files that were deleted during the steps.
I am attaching bdscan and pandascan log from my earlier scans.....may be that can help determine the problem.
thanks.

 

Our procedures don't delete/remove critical system files. They have been used, successfully, hundreds of times.

Please post a HijackThis log.

 

I didnt say that the procedures advocated on this forum remove critical system files. I have used the procedures twice before to clean my pc and theyorked fine and were successful. It may have been due to my mistake or something else. I will try to run Hijackthis and see if i can get it to run. I have already posted a Hijackthis log in my first post in this thread. I will try to run HJT again on my pc but not sure if i can do that because i cant seem to open and run anything on my pc.
thanks

 

If HijackThis won't run, let me know.

 

I am unable to run HiJackThis on my pc....
Need help now... my PC is of no use to me if i cant run any program on it...now that sucks...Help Needed here..

 

Download to your Desktop
- [FONT=Arial, Arial, Helvetica]EXE File Association Fix

Extract the contents xp_exe_fix.zip to your desktop

Double-click xp_exe_fix.reg and answer 'Yes' when asked if you want to merge with teh registry.

REBOOT

Will HijackThis run now?
[/FONT]

 

Yes i can run HJT now and i did a scan with HJT....i am attaching the log file just in case you wanna see what is up with the system.
thanks in advance

 

Rename hijackthis.exe to xyz.exe. Do this before proceeding further.

<< The installed version of Java on this compter is out-dated. Install Java Runtime Environment (JRE) 5.0 Update 7 available from http://java.sun.com/javase/downloads/index.jsp. Uninstall all older versions of Java on your computer, before installing the latest version of Java. >>

Download
- Pocket Killbox

Run HijackThis. Click the 'Do a system scan only' button. Place a checkmark in the box next to the following lines:

Click on the 'Fix checked' button. Wait for HijackThis to finish; close HijackThis.

Now run Pocket Killbox:

Choose Tools -> Delete Temp Files and click the RED X.

Run Killbox.exe. Paste the below filenames into KILL BOX one at a time. Check mark the box that says "Delete on Reboot" and checkmark the box "Unregister DLL" (If available) Click the RED X and it will ask you to confirm the file for deletion say YES and when the next box opens prompting you to reboot now...click NO...and proceed with the next file. Once you get to the last one click YES and it will reboot. Note many of the file list below may not exist but we need to check for them anyway.

If Killbox does not reboot or you get a Pending Operations type error message just reboot your PC yourself.

Now boot into SAFE MODE

Open ExplorerXP navigate to and DELETE the following: (Some of these may have already been deleted by Pocket Killbox)
Be very careful when doing this step. Delete only the files I indicate in the folders I indicated. Don't delete any other file that may look like the file, just the file I indicated.

Now run CCleaner. If you have Windows XP delete the contents of C:\WINDOWS\Prefetch.

Then, as an added precaution, Go to Start -> Run and type: cleanmgr and then click OK. Make sure the boxes for these are checked:
Temporary Files
Temporary Internet Files
Recycle Bin

And Click OK.

REBOOT to Normal Mode.

Did you install WinVNC?

Post a fresh HijackThis log.

 

^ I did exactly what you instructed me to do in your post. I am attaching a fresh HiJackThis Log.
About VNC: Yes, I have installed it myself because i need to access my computer while im away or at school.

Thanks

 

Run HijackThis. Click the 'Do a system scan only' button. Place a checkmark in the box next to the following lines:

Click on the 'Fix checked' button. Wait for HijackThis to finish; close HijackThis.

You may want to check your installation of WinVNC. The O23 NT Service line shows File Missing.

Post a fresh HijackThis log.

 

Hi
First of all , thanks for ur continued help.
I am attaching a fresh HiJackThis Log after fixing those two things .
I have also uninstalled VNC from my computer.
thanks

 

Everything appears to be gone.

How is your computer running?

 

My computer is running fine.

I want to thank you and everyone else at majorgeeks forums who support novice users fight spyware/malware. Without you, i would never have been able to clean it ....thanks alot

 

You're welcome.

Lets flush all your restore points and create a new clean one for your system.

Disable And Enable System Restore
How to Protect yourself from malware!

Safe surfing.

 

I did the first step..... one more problem NOW ....i cant turn off windows firewall... i wanna turn it off coz i share a few folders on my pc with my other computers on this network. When i click on Windows Firewall in control panel, it says, "For your security, some settings are controlled by Group Policy."

What does that mean?


Also can you explain why i couldnt open HiJackthis and other programs on my pc before adding that file to my registry.
thanks

 

The file association for EXE files was broken. The registry patch restored the file association.

Many things on your computer can be control using Group Policies. Something has changed some of the settings on your computer.

For the Firewall issue, you may want to post in Software. There are several sharp peeps over there, and they should be able to sort it out in short oreder.