odd Services cannot del->legacy reg entries

[timetoplay1]

hi there,

I have 3 services (JHCNJ, MHZ, MKCLDZOI) I can disable but cannot remove from the registry due to them being listed as legacy entries. Problems with computer are:

-Computer running very slow when logged in normal (safe mode everything runs fine)
-any favorites added to the regedit are gone upon reboot.
-processes appear to be opening NT/Authority and denying me from changing any permissions on them.
-cant install any anti-virus/anti-spyware software.
-will not allow me to access group or local policies.
-firewall appears to be there but doing nothing but bothering me. Allows LOTS of random connections in/out to my computer.
-internet will not stay connect in normal mode for more then a min and will not load videos. Works fine in safemode.

This has been on going for awhile and I believe it continues to infect other hard drives, which i have removed now. So hopefully when you guys figure out the problem ( i have high hopes in yah)that you can let me know how to plug those internal and external drives in without getting the same problems.

Its great you guys are around to help out people like me who cant fix it and end up screwing it, completely! Thanks

[Rene-gad]

Database was last updated 8/21/2009
??? it is necessary to update the database (via File - Database update)

System booted in Safe Mode with Networking

Pls. provide all further activities only in NORMAL MODE!

Switch off/Disable:
- Antivirus and and, if you have - Firewall.
- System Restore

- Execute following script in Manual disinfection

Код:

begin
SearchRootkit(true, true);
SetAVZGuardStatus(True);
ClearQuarantine;
 QuarantineFile('C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\MKCLDKZOI.exe','');
 QuarantineFile('C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\MHZ.exe','');
 QuarantineFile('C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\JHCNJ.exe','');
 StopService('MKCLDKZOI');
 DeleteService('MKCLDKZOI');
 BC_DeleteSvc('MKCLDKZOI');
 StopService('MHZ');
 StopService('JHCNJ');
 DeleteService('MHZ');
 BC_DeleteSvc('MHZ');
 DeleteService('JHCNJ');
 BC_DeleteSvc('JHCNJ');
 QuarantineFile('c:\program files\tall emu\online armor\oahlp.exe','');
 DeleteFile('C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\MKCLDKZOI.exe');
 DeleteFile('C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\MHZ.exe');
 DeleteFile('C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\JHCNJ.exe');
BC_ImportAll;
ExecuteSysClean;
BC_Activate;
SetAVZPMStatus(True);
RebootWindows(true);
end.

After reboot execute following script in Manual disinfection

Код:

begin
CreateQurantineArchive('C:\quarantine.zip');
end.

and upload the C:\quarantine.zip over the link Upload quarantined files on the top of this page.
- Your System is extremely vulnerable!!! Install Service Pack 3 +all subsequent updates + Internet Explorer 8
- Make and attach 3 new logs as in the message 1.

[timetoplay1]

thanks for quick reply..
the reason no sp3 is due to every time i install it, my computer will always stop responding after one week max. These virus on here i think are on going. i have done many formats, low level formats, but these same problems persist. And it seems to fallow the same type of patterns. Starts with NT authority problems...3 weeks later its dead. and i start all over again.

Now, i am at the stage where i can not shutdown my computer what so ever. i click shutdown or restart and and it just sits on a black screen after appearing to only log out. And it just stays black.
Also permissions have now blocked me from opening anything on my desktop or start menu. No matter if it is .exe file or a .txt... says i am not an admin.

[Rene-gad]

the reason no sp3 is due to every time i install it, my computer will always stop responding after one week max.

Possibly the hardware of your PC is too fragile, but SP3 is a minimum of security level.
Your logs doesn't contain suspicious items now.