Registry tampered with Help!!

Hi everyone
Didnt get much help on the forums you kindly gave me for analysing Hijack.
On further investigation it would appear that i have some kind of virus. When windows starts up it seems thete is a file loading just before the panda antivirus. It removes all links to my .exe files. cant start regedit, configsys etc. from information i have gathered over the internet it looks like the sircam32 virus it removed the "%1\"%" entries from my classes\root\.
I saw a posting on here which i followed the instruction and downloaded the regfix file. i entered it into my registry after scanning with panda. it corrected the missing entries. restarted machine still no .exe files I have checked everything that is running with security task manager i cant see anything that should not be running. I have also run adaware and spybot. can anyone advise me..
Thanks
Chris

 

Will Panda run in Safe Mode?

Cheers

 

Hi blackspear
I cant run safe mode either still get the same problem. I ran the Panda through BartSE. I have also run online scanner. It seems just before The antivirus loads on boot up i get this window it wont let me log on unless i press ok.

 

Can you get into Windows at all? If you can you could try placing your Windows CD in the drive, click start> run type in CMD, when the black window opens type in "sfc /scannow" (without the quotation marks) SFC (System File Checker, a part of Windows File Protection) will replace any changed/damaged system files with a clean copy. SFC may not solve every problem, but it's a good start that anyone can do.

Failing this you could try a Windows Repair by booting off your Windows CD.

Cheers

 

If you have access to another Clean computer with an up-to-date Anti-virus, you could slave your hard drive off that system and run a scan. This will remove any viruses, then it's a matter of installing Windows over the top of itself...

Cheers

 

Hi thanks for the advice. Run online scanner and found 6 viruses. Why pandas all singing all dancing protection didnt see it or indeed stop it on entry i dont know. anyway is there anyway of installing over the top keeping existing settings etc

 

Sometimes the malware nails the AV before the AV can nail the malware; that might be what happened here.

 

See post number 4 above

Cheers