Checkup

Saken · Jul 5, 2011

Hey guys, my computer has started running slower these past months and i decided to do a check up.

Could you please review the logs attached to tell me if everything is alright?
The first time i ran Combo Fix, i got a BSOD message, which just flashed past and i didn't get a chance to write down the error code.

Also, RootRepeal crashed three times with an error message, however all i could see was the box with the title 'Error' and the information part of the Error was blank

Kestrel13! · Jul 5, 2011

Before we continue I would like for you to use MSConfig to put this machine back into normal start up mode

Important Notice: A new version of SUPERAntiSpyware is available.

Please uninstall your current version (this is necessary).
Then download this SUPERAntiSpyware
Install this new version. It may tell you that you need to reboot to complete the installation. You must reboot at this time.
After the reboot, run SUPERAntiSpyware and immediately click the Check for Updates button to get more updates for the database.
Now run a new full scan of your system. And attach this log later.

Now we need to use ComboFix

Make sure that combofix.exe that you downloaded while doing the READ & RUN ME is on your Desktop but Do not run it!
- If it is not on your Desktop, the below will not work.
Also make sure you have shut down all protection software (antivirus, antispyware...etc) or they may get in the way of allowing ComboFix to run properly.
If ComboFix tells you it needs to update to a new version, make sure you allow it to update.
Open Notepad and copy/paste the text in the below quote box. Ensure you scroll down to select ALL the lines:

Code:

KILLALL::

DirLook::
c:\windows\system32\log
c:\windows\system32\32bit
C:\Users\Administrator\AppData\Local\{01722C00-3064-46E1-8EE6-CE028781BF62}
C:\Users\Administrator\AppData\Local\{019E4A06-03D3-4273-B813-07C0564B026D}
C:\Users\Administrator\AppData\Local\{02241304-DB76-406D-8717-A5D12E3DA6AB}
C:\Users\Administrator\AppData\Local\{0354D368-6E77-4C31-A0A8-7D9BE14C4D21}
C:\Users\Administrator\AppData\Local\{03F39375-09D4-4967-8BB9-3C1038D32D53}
C:\Users\Administrator\AppData\Local\{0541A419-45E9-4729-AB32-649CB7DFAD5F}
C:\Users\Administrator\AppData\Local\{0693F1F7-8E09-47F8-AA47-2898889AA810}
C:\Users\Administrator\AppData\Local\{074A9A7F-F1BE-4319-99CE-65E99E95028B}
C:\Users\Administrator\AppData\Local\{0AD91ECD-1E1D-4846-AF31-4F1CAFBFCC6E}
C:\Users\Administrator\AppData\Local\{10EB1EF3-F9DE-4EBF-B69C-AC57D0FE18DA}
C:\Users\Administrator\AppData\Local\{1146A746-46C4-45AD-8725-4F187AE7CD92}
C:\Users\Administrator\AppData\Local\{11566115-0856-488F-A46F-E2760DDD0B8B}
C:\Users\Administrator\AppData\Local\{127D8499-A667-4416-AB2A-E4A412835006}
C:\Users\Administrator\AppData\Local\{1922CD76-BDE0-4A36-A001-8675E52F514B}
C:\Users\Administrator\AppData\Local\{193C0417-3FA4-4214-A36A-7C3295C67D6A}
C:\Users\Administrator\AppData\Local\{1B2FA150-9477-44DF-888A-E6CDCA9E724E}
C:\Users\Administrator\AppData\Local\{1C35DEDD-3981-4C07-9700-5709A8F2EB2A}
C:\Users\Administrator\AppData\Local\{1D1FBD3F-CE58-4271-9331-BFDD2EE2B5F1}
C:\Users\Administrator\AppData\Local\{1DFAF1E0-2780-49E9-9CD9-7E4E23B71E8A}
C:\Users\Administrator\AppData\Local\{1FCD7E1B-B327-4143-843F-850EB6EB75B4}
C:\Users\Administrator\AppData\Local\{252EB204-6CEF-4F0B-B172-A4531BDDFA24}
C:\Users\Administrator\AppData\Local\{2BE9075A-58D7-4282-9A9B-5BDD094B5A3E}
C:\Users\Administrator\AppData\Local\{31B79C68-4FC6-46FE-B422-C18B3F9770DA}
C:\Users\Administrator\AppData\Local\{32D7EB27-6D64-4E93-A6BC-D1AB2FBC56B5}
C:\Users\Administrator\AppData\Local\{36C96106-4B7C-4B2D-BABF-BF93D0D19254}
C:\Users\Administrator\AppData\Local\{39D2D11D-CAC1-4759-81BE-3881B3A68C0C}
C:\Users\Administrator\AppData\Local\{3A32C251-A5F3-4A62-AD69-2A408CF69139}
C:\Users\Administrator\AppData\Local\{3ACFAC21-73BC-473A-A98F-0565D19605A6}
C:\Users\Administrator\AppData\Local\{3B423FD0-3335-416F-A97E-13CF44A8863F}
C:\Users\Administrator\AppData\Local\{3B6D4477-C7E6-4568-9E7F-998529A425BE}
C:\Users\Administrator\AppData\Local\{4039DE27-238B-4285-BC69-7001BD309164}
C:\Users\Administrator\AppData\Local\{42286B9D-B104-4F53-9DE9-9BDCC8E80109}
C:\Users\Administrator\AppData\Local\{4731C0C6-984B-4C1D-97D9-D1CBCE312E02}
C:\Users\Administrator\AppData\Local\{4757D3FC-C9A1-47F6-92DA-BEF82E322DFD}
C:\Users\Administrator\AppData\Local\{485CC3F3-1758-4870-B960-B87F2209688D}
C:\Users\Administrator\AppData\Local\{48F0E3FC-A2C4-44C5-8CA7-4597BEEF68DC}
C:\Users\Administrator\AppData\Local\{4AB93283-2FC9-4215-97EC-519A0FCCE78A}
C:\Users\Administrator\AppData\Local\{4B0F4A4E-C58B-45C0-B9EE-3E205F88D48C}
C:\Users\Administrator\AppData\Local\{4FE2AAF6-C9E5-4220-A3D7-44E37DA78593}
C:\Users\Administrator\AppData\Local\{516A245A-4CF1-45F2-B6C1-FFA1668867B9}
C:\Users\Administrator\AppData\Local\{54BF6CD8-EF00-4F05-88AF-BE8A8C7D57F2}
C:\Users\Administrator\AppData\Local\{5A2D7A89-FE12-41DE-B980-2F15DDC59C68}
C:\Users\Administrator\AppData\Local\{5ADC6745-18D5-48D6-A7F6-43B4F6D46270}
C:\Users\Administrator\AppData\Local\{64EF97F3-237E-4909-ADA9-6F691B8C12B7}
C:\Users\Administrator\AppData\Local\{65A3CCA2-A52D-4044-81AA-F5F8FAE87000}
C:\Users\Administrator\AppData\Local\{66730AC5-CA56-4878-B72E-7D1F02C7031D}
C:\Users\Administrator\AppData\Local\{6B4EB875-61C1-41BF-8B32-7263B2F05AA6}
C:\Users\Administrator\AppData\Local\{6BAB8522-1F18-4CEF-813C-87DF274AAA57}
C:\Users\Administrator\AppData\Local\{717CB766-39FA-4306-9E52-50C6AE8B272E}
C:\Users\Administrator\AppData\Local\{722BCC32-E5C6-40EE-A2B7-0A41A34C6651}
C:\Users\Administrator\AppData\Local\{7527EFCD-5DB4-41DB-86A5-E79FD0A1A227}
C:\Users\Administrator\AppData\Local\{75300B5F-7982-44A4-B9B2-0698C4D1116A}
C:\Users\Administrator\AppData\Local\{75A03AD0-2CEB-4192-8B42-A57C5E9B2B5D}
C:\Users\Administrator\AppData\Local\{76093289-3731-4A7D-9FE8-CFFCAB86EF93}
C:\Users\Administrator\AppData\Local\{766759F8-C1FD-4D5F-A42B-B5F9730ED5DF}
C:\Users\Administrator\AppData\Local\{771C199C-5F07-4C20-99BB-AE449E5A8740}
C:\Users\Administrator\AppData\Local\{78BD8308-48B0-4E8C-B554-391E0F18D6D1}
C:\Users\Administrator\AppData\Local\{7ADA1DCE-55B9-475B-BEDB-94727BFDD54F}
C:\Users\Administrator\AppData\Local\{8A0AEE9B-62D0-457A-AC14-FB0B002432FF}
C:\Users\Administrator\AppData\Local\{8A123F00-9F55-4946-86C7-44C0097AFEF9}
C:\Users\Administrator\AppData\Local\{8C4A6FCF-4BD7-49D8-9AA2-72977C16F6A3}
C:\Users\Administrator\AppData\Local\{90792A94-4413-4143-9A9C-9A6AC23E39DE}
C:\Users\Administrator\AppData\Local\{91D1B4ED-AADF-4579-8523-B3495F2EEBDA}
C:\Users\Administrator\AppData\Local\{920DD6A5-69B1-4562-8F33-9D8A0B7FAC8F}
C:\Users\Administrator\AppData\Local\{9247270B-0F32-4E74-A2EB-98149A57CF2A}
C:\Users\Administrator\AppData\Local\{94BFF466-644F-4FF0-B05B-D57D2B1CBA09}
C:\Users\Administrator\AppData\Local\{9A110C86-EE87-4A22-8657-0F0007DB7236}
C:\Users\Administrator\AppData\Local\{9C0CCA38-9F45-48AC-8065-B0190D2D031C}
C:\Users\Administrator\AppData\Local\{9EEC293B-32D3-4965-8298-9869132BE939}
C:\Users\Administrator\AppData\Local\{9F1EAA2B-DBFF-48BC-AB50-0A19AE023E65}
C:\Users\Administrator\AppData\Local\{A213952B-E754-4E4E-A225-5BF25F69B432}
C:\Users\Administrator\AppData\Local\{A2F612B4-0582-4D4A-AFF4-941F13371ACB}
C:\Users\Administrator\AppData\Local\{A3FBD2E1-2892-47B5-86DE-22433395FFCF}
C:\Users\Administrator\AppData\Local\{AA55BA13-EA12-4CC4-9672-1DDCEFED4195}
C:\Users\Administrator\AppData\Local\{B3CE705C-70B1-4CEF-B597-7171DFE44356}
C:\Users\Administrator\AppData\Local\{B4D3AE5E-A3E8-4115-AF12-A22F3D5D429B}
C:\Users\Administrator\AppData\Local\{B579DA69-9FF6-4A6A-962A-7B5108465BAF}
C:\Users\Administrator\AppData\Local\{B5A3B379-5B29-4612-B771-C037C6947C1F}
C:\Users\Administrator\AppData\Local\{B5DC7548-589E-403F-8B95-8F98E4FE183B}
C:\Users\Administrator\AppData\Local\{B5E44752-DF12-4298-96FB-B9A106E4110A}
C:\Users\Administrator\AppData\Local\{B9B032CD-BE37-465F-BA27-C8EA28848543}
C:\Users\Administrator\AppData\Local\{BB53007F-A4E1-4358-B004-2E61464ED4E0}
C:\Users\Administrator\AppData\Local\{BC93551F-029C-49C3-94D3-7A5F9428EB31}
C:\Users\Administrator\AppData\Local\{BE49DB93-4084-4962-A729-C32644BE6FB2}
C:\Users\Administrator\AppData\Local\{C30DF425-2A55-43F8-AAF0-BEB23571ADA7}
C:\Users\Administrator\AppData\Local\{C6B0393A-B50E-427F-9845-5AB2DE79612E}
C:\Users\Administrator\AppData\Local\{C82A7CCB-6DFC-4E05-B410-D3E37BC216F6}
C:\Users\Administrator\AppData\Local\{D1ACA3AB-FA11-4CF4-B312-C98FF5A65EAA}
C:\Users\Administrator\AppData\Local\{D2742A99-9B74-4B5B-949F-3A8529BE7256}
C:\Users\Administrator\AppData\Local\{D2893F87-2525-4EEB-8929-6BA02500223E}
C:\Users\Administrator\AppData\Local\{D42DE484-6FA9-452B-AFD4-ED383E2A502E}
C:\Users\Administrator\AppData\Local\{D4822EE6-FE8D-4AEC-A201-8382F635F99A}
C:\Users\Administrator\AppData\Local\{D4CB809E-564E-4F8A-A069-4E4B77088A75}
C:\Users\Administrator\AppData\Local\{D949FC9A-C85C-4F70-8E4B-F416D3FAFB59}
C:\Users\Administrator\AppData\Local\{DC70B9AA-C501-48C5-9843-1D4FB7474CBC}
C:\Users\Administrator\AppData\Local\{E0767236-DAAE-4FE4-8F42-0A5AC321A796}
C:\Users\Administrator\AppData\Local\{E12F1022-269D-4B8A-A91F-9285096EC7BD}
C:\Users\Administrator\AppData\Local\{E1C95849-4115-4E34-A3E1-B404EAAD3F9C}
C:\Users\Administrator\AppData\Local\{E61C357C-C0D2-4606-B95E-37722351C5BA}
C:\Users\Administrator\AppData\Local\{E92F31F0-C880-4B20-B20C-EFE3B5606D3E}
C:\Users\Administrator\AppData\Local\{EF33BA70-458F-4648-9708-8D5C1DBB17B1}
C:\Users\Administrator\AppData\Local\{EF6B078C-9235-45E3-B23E-79F66B6727CF}
C:\Users\Administrator\AppData\Local\{F38CAFBB-4D2C-4AFA-8A1B-FD1E4E81E239}
C:\Users\Administrator\AppData\Local\{F6EEAA49-0F70-4222-B9E1-A23D21DF05A3}
C:\Users\Administrator\AppData\Local\{F7C9AB99-7621-491A-B5CD-2B54D14E392C}
C:\Users\Administrator\AppData\Local\{F8837D2B-0C66-4BF8-BC0E-01AEEFF2940C}
C:\Users\Administrator\AppData\Local\{F979148D-5334-4481-A044-4B0AEF124389}
C:\Users\Administrator\AppData\Local\{FF57A499-EADA-45DD-88B4-659DB519FB98}

Registry::
[-HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\SearchScopes\{171DEBEB-C3D4-40b7-AC73-056A5EBA4A7E}]

RegLock::
[HKEY_USERS\S-1-5-21-315328295-302378065-2094724118-500\Software\Microsoft\Internet Explorer\Approved Extensions]
@Denied: (2) (Administrator)
"{FF059E31-CC5A-4E2E-BF3B-96E929D65503}"=hex:51,66,7a,6c,4c,1d,3b,1b,21,83,16,
   e3,6e,9d,49,01,aa,35,c9,b7,29,97,13,18
"{BDEADE7F-C265-11D0-BCED-00A0C90AB50F}"=hex:51,66,7a,6c,4c,1d,3b,1b,6f,c3,f9,
   a1,51,93,b7,5e,a9,e3,5f,fe,c9,4b,f3,14
"{18DF081C-E8AD-4283-A596-FA578C2EBDC3}"=hex:51,66,7a,6c,4c,1d,3b,1b,0c,15,cc,
   04,99,b9,e4,0d,b0,98,a5,09,8c,6f,fb,d8
"{53707962-6F74-2D53-2644-206D7942484F}"=hex:51,66,7a,6c,4c,1d,3b,1b,72,64,63,
   4f,40,3e,34,62,33,4a,7f,33,79,03,0e,54
"{9030D464-4C02-4ABF-8ECC-5164760863C6}"=hex:51,66,7a,6c,4c,1d,3b,1b,74,c9,23,
   8c,36,1d,d8,05,9b,c2,0e,3a,76,49,25,dd
"{DBC80044-A445-435B-BC74-9C25C1C588A9}"=hex:51,66,7a,6c,4c,1d,3b,1b,54,1d,db,
   c7,71,f5,3c,0c,a9,7a,c3,7b,c1,84,ce,b2

[HKEY_USERS\S-1-5-21-315328295-302378065-2094724118-500\Software\Microsoft\Internet Explorer\ApprovedExtensionsMigration]
@Denied: (2) (Administrator)
"Timestamp"=hex:5f,e2,85,81,14,f8,cb,01

[HKEY_USERS\S-1-5-21-315328295-302378065-2094724118-500\Software\Microsoft\Internet Explorer\User Preferences]
@Denied: (2) (Administrator)
"88D7D0879DAB32E14DE5B3A805A34F98AFF34F5977"=hex:01,00,00,00,d0,8c,9d,df,01,15,
   d1,11,8c,7a,00,c0,4f,c2,97,eb,01,00,00,00,e8,76,ce,5e,6d,b8,2e,4c,83,4b,9d,\
"2D53CFFC5C1A3DD2E97B7979AC2A92BD59BC839E81"=hex:01,00,00,00,d0,8c,9d,df,01,15,
   d1,11,8c,7a,00,c0,4f,c2,97,eb,01,00,00,00,e8,76,ce,5e,6d,b8,2e,4c,83,4b,9d,\

[HKEY_USERS\S-1-5-21-315328295-302378065-2094724118-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.aif\UserChoice]
@Denied: (2) (Administrator)
"Progid"="WMP11.AssocFile.AIFF"

[HKEY_USERS\S-1-5-21-315328295-302378065-2094724118-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.aifc\UserChoice]
@Denied: (2) (Administrator)
"Progid"="WMP11.AssocFile.AIFF"

[HKEY_USERS\S-1-5-21-315328295-302378065-2094724118-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.aiff\UserChoice]
@Denied: (2) (Administrator)
"Progid"="WMP11.AssocFile.AIFF"

[HKEY_USERS\S-1-5-21-315328295-302378065-2094724118-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.asx\UserChoice]
@Denied: (2) (Administrator)
"Progid"="WMP11.AssocFile.ASX"

[HKEY_USERS\S-1-5-21-315328295-302378065-2094724118-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.au\UserChoice]
@Denied: (2) (Administrator)
"Progid"="WMP11.AssocFile.AU"

[HKEY_USERS\S-1-5-21-315328295-302378065-2094724118-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.avi\UserChoice]
@Denied: (2) (Administrator)
"Progid"="VLC.avi"

[HKEY_USERS\S-1-5-21-315328295-302378065-2094724118-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.cda\UserChoice]
@Denied: (2) (Administrator)
"Progid"="WMP11.AssocFile.CDA"

[HKEY_USERS\S-1-5-21-315328295-302378065-2094724118-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.cdda\UserChoice]
@Denied: (2) (Administrator)
"Progid"="iTunes.cdda"

[HKEY_USERS\S-1-5-21-315328295-302378065-2094724118-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.CFG\UserChoice]
@Denied: (2) (Administrator)
"Progid"="Applications\\notepad.exe"

[HKEY_USERS\S-1-5-21-315328295-302378065-2094724118-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.dat\UserChoice]
@Denied: (2) (Administrator)
"Progid"="Applications\\notepad.exe"

[HKEY_USERS\S-1-5-21-315328295-302378065-2094724118-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.dem\UserChoice]
@Denied: (2) (Administrator)
"Progid"="Applications\\wmplayer.exe"

[HKEY_USERS\S-1-5-21-315328295-302378065-2094724118-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.div\UserChoice]
@Denied: (2) (Administrator)
"Progid"="divx_div_file"

[HKEY_USERS\S-1-5-21-315328295-302378065-2094724118-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.divx\UserChoice]
@Denied: (2) (Administrator)
"Progid"="divx_divx_file"

[HKEY_USERS\S-1-5-21-315328295-302378065-2094724118-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.htm\UserChoice]
@Denied: (2) (Administrator)
"Progid"="FirefoxHTML"

[HKEY_USERS\S-1-5-21-315328295-302378065-2094724118-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.html\UserChoice]
@Denied: (2) (Administrator)
"Progid"="FirefoxHTML"

[HKEY_USERS\S-1-5-21-315328295-302378065-2094724118-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.inf\UserChoice]
@Denied: (2) (Administrator)
"Progid"="inffile"

[HKEY_USERS\S-1-5-21-315328295-302378065-2094724118-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.ipa\UserChoice]
@Denied: (2) (Administrator)
"Progid"="iTunes.ipa"

[HKEY_USERS\S-1-5-21-315328295-302378065-2094724118-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.ipg\UserChoice]
@Denied: (2) (Administrator)
"Progid"="iTunes.ipg"

[HKEY_USERS\S-1-5-21-315328295-302378065-2094724118-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.ipsw\UserChoice]
@Denied: (2) (Administrator)
"Progid"="iTunes.ipsw"

[HKEY_USERS\S-1-5-21-315328295-302378065-2094724118-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.itb\UserChoice]
@Denied: (2) (Administrator)
"Progid"="iTunes.itb"

[HKEY_USERS\S-1-5-21-315328295-302378065-2094724118-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.itl\UserChoice]
@Denied: (2) (Administrator)
"Progid"="iTunes.itl"

[HKEY_USERS\S-1-5-21-315328295-302378065-2094724118-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.itms\UserChoice]
@Denied: (2) (Administrator)
"Progid"="iTunes.itms"

[HKEY_USERS\S-1-5-21-315328295-302378065-2094724118-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.itpc\UserChoice]
@Denied: (2) (Administrator)
"Progid"="iTunes.itpc"

[HKEY_USERS\S-1-5-21-315328295-302378065-2094724118-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.jpg\UserChoice]
@Denied: (2) (Administrator)
"Progid"="jpegfile"

[HKEY_USERS\S-1-5-21-315328295-302378065-2094724118-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.m3u\UserChoice]
@Denied: (2) (Administrator)
"Progid"="WMP11.AssocFile.M3U"

[HKEY_USERS\S-1-5-21-315328295-302378065-2094724118-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.m3u8\UserChoice]
@Denied: (2) (Administrator)
"Progid"="iTunes.m3u8"

[HKEY_USERS\S-1-5-21-315328295-302378065-2094724118-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.m4a\UserChoice]
@Denied: (2) (Administrator)
"Progid"="iTunes.m4a"

[HKEY_USERS\S-1-5-21-315328295-302378065-2094724118-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.m4b\UserChoice]
@Denied: (2) (Administrator)
"Progid"="iTunes.m4b"

[HKEY_USERS\S-1-5-21-315328295-302378065-2094724118-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.m4p\UserChoice]
@Denied: (2) (Administrator)
"Progid"="iTunes.m4p"

[HKEY_USERS\S-1-5-21-315328295-302378065-2094724118-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.m4r\UserChoice]
@Denied: (2) (Administrator)
"Progid"="iTunes.m4r"

[HKEY_USERS\S-1-5-21-315328295-302378065-2094724118-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.m4v\UserChoice]
@Denied: (2) (Administrator)
"Progid"="iTunes.m4v"

[HKEY_USERS\S-1-5-21-315328295-302378065-2094724118-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.mid\UserChoice]
@Denied: (2) (Administrator)
"Progid"="WMP11.AssocFile.MIDI"

[HKEY_USERS\S-1-5-21-315328295-302378065-2094724118-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.midi\UserChoice]
@Denied: (2) (Administrator)
"Progid"="WMP11.AssocFile.MIDI"

[HKEY_USERS\S-1-5-21-315328295-302378065-2094724118-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.mkv\UserChoice]
@Denied: (2) (Administrator)
"Progid"="VLC.mkv"

[HKEY_USERS\S-1-5-21-315328295-302378065-2094724118-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.MOD\UserChoice]
@Denied: (2) (Administrator)
"Progid"="WMP11.AssocFile.MPEG"

[HKEY_USERS\S-1-5-21-315328295-302378065-2094724118-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.mp2\UserChoice]
@Denied: (2) (Administrator)
"Progid"="WMP11.AssocFile.MPEG"

[HKEY_USERS\S-1-5-21-315328295-302378065-2094724118-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.mp3\UserChoice]
@Denied: (2) (Administrator)
"Progid"="WMP11.AssocFile.MP3"

[HKEY_USERS\S-1-5-21-315328295-302378065-2094724118-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.mpa\UserChoice]
@Denied: (2) (Administrator)
"Progid"="WMP11.AssocFile.MPEG"

[HKEY_USERS\S-1-5-21-315328295-302378065-2094724118-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.mpv2\UserChoice]
@Denied: (2) (Administrator)
"Progid"="WMP11.AssocFile.MPEG"

[HKEY_USERS\S-1-5-21-315328295-302378065-2094724118-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.pcast\UserChoice]
@Denied: (2) (Administrator)
"Progid"="iTunes.pcast"

[HKEY_USERS\S-1-5-21-315328295-302378065-2094724118-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.pls\UserChoice]
@Denied: (2) (Administrator)
"Progid"="iTunes.pls"

[HKEY_USERS\S-1-5-21-315328295-302378065-2094724118-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.rmi\UserChoice]
@Denied: (2) (Administrator)
"Progid"="WMP11.AssocFile.MIDI"

[HKEY_USERS\S-1-5-21-315328295-302378065-2094724118-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.rmvb\UserChoice]
@Denied: (2) (Administrator)
"Progid"="Applications\\vlc.exe"

[HKEY_USERS\S-1-5-21-315328295-302378065-2094724118-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.shtml\UserChoice]
@Denied: (2) (Administrator)
"Progid"="FirefoxHTML"

[HKEY_USERS\S-1-5-21-315328295-302378065-2094724118-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.snd\UserChoice]
@Denied: (2) (Administrator)
"Progid"="WMP11.AssocFile.AU"

[HKEY_USERS\S-1-5-21-315328295-302378065-2094724118-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.swf\UserChoice]
@Denied: (2) (Administrator)
"Progid"="Applications\\IExplore.exe"

[HKEY_USERS\S-1-5-21-315328295-302378065-2094724118-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.tix\UserChoice]
@Denied: (2) (Administrator)
"Progid"="divx_tix_file"

[HKEY_USERS\S-1-5-21-315328295-302378065-2094724118-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.w3x\UserChoice]
@Denied: (2) (Administrator)
"Progid"="WorldEdit.ScenarioEx"

[HKEY_USERS\S-1-5-21-315328295-302378065-2094724118-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.wav\UserChoice]
@Denied: (2) (Administrator)
"Progid"="WMP11.AssocFile.WAV"

[HKEY_USERS\S-1-5-21-315328295-302378065-2094724118-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.wave\UserChoice]
@Denied: (2) (Administrator)
"Progid"="iTunes.wave"

[HKEY_USERS\S-1-5-21-315328295-302378065-2094724118-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.wax\UserChoice]
@Denied: (2) (Administrator)
"Progid"="WMP11.AssocFile.WAX"

[HKEY_USERS\S-1-5-21-315328295-302378065-2094724118-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.wm\UserChoice]
@Denied: (2) (Administrator)
"Progid"="WMP11.AssocFile.ASF"

[HKEY_USERS\S-1-5-21-315328295-302378065-2094724118-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.wma\UserChoice]
@Denied: (2) (Administrator)
"Progid"="WMP11.AssocFile.WMA"

[HKEY_USERS\S-1-5-21-315328295-302378065-2094724118-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.wmd\UserChoice]
@Denied: (2) (Administrator)
"Progid"="WMP11.AssocFile.WMD"

[HKEY_USERS\S-1-5-21-315328295-302378065-2094724118-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.wms\UserChoice]
@Denied: (2) (Administrator)
"Progid"="WMP11.AssocFile.WMS"

[HKEY_USERS\S-1-5-21-315328295-302378065-2094724118-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.wmx\UserChoice]
@Denied: (2) (Administrator)
"Progid"="WMP11.AssocFile.ASX"

[HKEY_USERS\S-1-5-21-315328295-302378065-2094724118-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.wmz\UserChoice]
@Denied: (2) (Administrator)
"Progid"="WMP11.AssocFile.WMZ"

[HKEY_USERS\S-1-5-21-315328295-302378065-2094724118-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.wpl\UserChoice]
@Denied: (2) (Administrator)
"Progid"="WMP11.AssocFile.WPL"

[HKEY_USERS\S-1-5-21-315328295-302378065-2094724118-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.wvx\UserChoice]
@Denied: (2) (Administrator)
"Progid"="WMP11.AssocFile.WVX"

[HKEY_USERS\S-1-5-21-315328295-302378065-2094724118-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.xht\UserChoice]
@Denied: (2) (Administrator)
"Progid"="FirefoxHTML"

[HKEY_USERS\S-1-5-21-315328295-302378065-2094724118-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.xhtml\UserChoice]
@Denied: (2) (Administrator)
"Progid"="FirefoxHTML"

[HKEY_USERS\S-1-5-21-315328295-302378065-2094724118-500\Software\SecuROM\!CAUTION! NEVER A OR CHANGE ANY KEY*]
@Allowed: (Read) (RestrictedCode)

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0001\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0002\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000

Save the above as CFscript.txt and make sure you save it to the same location (should be on your Desktop) as ComboFix.exe
At this point, you MUST EXIT ALL BROWSERS NOW before continuing!
You should have both the ComboFix.exe and CFScript.txt icons on your Desktop.
Now use your mouse to drag CFscript.txt on top of ComboFix.exe

http://img.photobucket.com/albums/v666/sUBs/CFScriptB-4.gif
Follow the prompts.
When it finishes, a log will be produced named c:\combofix.txt
I will ask for this log below

Note:

Do not mouseclick combofix's window while it is running. That may cause it to stall.

If after running Combofix you discover none of your programs will open up, and you recieve the following error: "Illegal operation attempted on a registry key that has been marked for deletion". Then the answer is to REBOOT the machine, and all will be corrected.

Now run the C:\MGtools\GetLogs.bat file by double clicking on it. (Right click and run as admin if using Vista or Windows7) Then attach the new C:\MGlogs.zip file that will be created by running this.

Let me know of any problems you may have encountered with the above instructions and also let me know how things are running now!

Saken · Jul 5, 2011

I already have a bit of a problem, it seems that msconfig is already configured to normal startup.

Or maybe there is a problem with that because i use TuneUp Utilities to prevent the startup of some unnecessary things?

Attached is a photo of my msconfig window.

Kestrel13! · Jul 5, 2011

If Tune up Utilities is not paid for then you might as well uninstall it as you can use other third party software to better manage start ups. If it IS paid for, then just skip that step and move on.

Saken · Jul 5, 2011

Thanks for that, however im on my 3ds now and the computer restarted by itself after running combofix, and it is taking a very long time to shut down. It is stuck at the logging off screen, and the blue loading bar next to logging off is not moving (im using vista)

Kestrel13! · Jul 5, 2011

Well, leave it a while longer, 20 mins or something, if it's still hung then you will have to hold in the power button yourself and restart the machine.

Saken · Jul 5, 2011

Hello again
I ended up having to hold the power button as you instructed, and received a new log for combofix.

So far, the computer runs faster than before, there is no delay and large amounts of lag between browsing through folders (even opening up my computer lagged the computer before).

I'll attach the logs also, as you requested.

Kestrel13! · Jul 5, 2011

Now we need to use ComboFix

Make sure that combofix.exe that you downloaded while doing the READ & RUN ME is on your Desktop but Do not run it!
- If it is not on your Desktop, the below will not work.
Also make sure you have shut down all protection software (antivirus, antispyware...etc) or they may get in the way of allowing ComboFix to run properly.
If ComboFix tells you it needs to update to a new version, make sure you allow it to update.
Open Notepad and copy/paste the text in the below quote box. Ensure you scroll down to select ALL the lines:

Code:

KILLALL::

Folder::
C:\Users\Administrator\AppData\Local\{01722C00-3064-46E1-8EE6-CE028781BF62}
C:\Users\Administrator\AppData\Local\{019E4A06-03D3-4273-B813-07C0564B026D}
C:\Users\Administrator\AppData\Local\{02241304-DB76-406D-8717-A5D12E3DA6AB}
C:\Users\Administrator\AppData\Local\{0354D368-6E77-4C31-A0A8-7D9BE14C4D21}
C:\Users\Administrator\AppData\Local\{03F39375-09D4-4967-8BB9-3C1038D32D53}
C:\Users\Administrator\AppData\Local\{0541A419-45E9-4729-AB32-649CB7DFAD5F}
C:\Users\Administrator\AppData\Local\{0693F1F7-8E09-47F8-AA47-2898889AA810}
C:\Users\Administrator\AppData\Local\{074A9A7F-F1BE-4319-99CE-65E99E95028B}
C:\Users\Administrator\AppData\Local\{0AD91ECD-1E1D-4846-AF31-4F1CAFBFCC6E}
C:\Users\Administrator\AppData\Local\{10EB1EF3-F9DE-4EBF-B69C-AC57D0FE18DA}
C:\Users\Administrator\AppData\Local\{1146A746-46C4-45AD-8725-4F187AE7CD92}
C:\Users\Administrator\AppData\Local\{11566115-0856-488F-A46F-E2760DDD0B8B}
C:\Users\Administrator\AppData\Local\{127D8499-A667-4416-AB2A-E4A412835006}
C:\Users\Administrator\AppData\Local\{1922CD76-BDE0-4A36-A001-8675E52F514B}
C:\Users\Administrator\AppData\Local\{193C0417-3FA4-4214-A36A-7C3295C67D6A}
C:\Users\Administrator\AppData\Local\{1B2FA150-9477-44DF-888A-E6CDCA9E724E}
C:\Users\Administrator\AppData\Local\{1C35DEDD-3981-4C07-9700-5709A8F2EB2A}
C:\Users\Administrator\AppData\Local\{1D1FBD3F-CE58-4271-9331-BFDD2EE2B5F1}
C:\Users\Administrator\AppData\Local\{1DFAF1E0-2780-49E9-9CD9-7E4E23B71E8A}
C:\Users\Administrator\AppData\Local\{1FCD7E1B-B327-4143-843F-850EB6EB75B4}
C:\Users\Administrator\AppData\Local\{252EB204-6CEF-4F0B-B172-A4531BDDFA24}
C:\Users\Administrator\AppData\Local\{2BE9075A-58D7-4282-9A9B-5BDD094B5A3E}
C:\Users\Administrator\AppData\Local\{31B79C68-4FC6-46FE-B422-C18B3F9770DA}
C:\Users\Administrator\AppData\Local\{32D7EB27-6D64-4E93-A6BC-D1AB2FBC56B5}
C:\Users\Administrator\AppData\Local\{36C96106-4B7C-4B2D-BABF-BF93D0D19254}
C:\Users\Administrator\AppData\Local\{39D2D11D-CAC1-4759-81BE-3881B3A68C0C}
C:\Users\Administrator\AppData\Local\{3A32C251-A5F3-4A62-AD69-2A408CF69139}
C:\Users\Administrator\AppData\Local\{3ACFAC21-73BC-473A-A98F-0565D19605A6}
C:\Users\Administrator\AppData\Local\{3B423FD0-3335-416F-A97E-13CF44A8863F}
C:\Users\Administrator\AppData\Local\{3B6D4477-C7E6-4568-9E7F-998529A425BE}
C:\Users\Administrator\AppData\Local\{4039DE27-238B-4285-BC69-7001BD309164}
C:\Users\Administrator\AppData\Local\{42286B9D-B104-4F53-9DE9-9BDCC8E80109}
C:\Users\Administrator\AppData\Local\{4731C0C6-984B-4C1D-97D9-D1CBCE312E02}
C:\Users\Administrator\AppData\Local\{4757D3FC-C9A1-47F6-92DA-BEF82E322DFD}
C:\Users\Administrator\AppData\Local\{485CC3F3-1758-4870-B960-B87F2209688D}
C:\Users\Administrator\AppData\Local\{48F0E3FC-A2C4-44C5-8CA7-4597BEEF68DC}
C:\Users\Administrator\AppData\Local\{4AB93283-2FC9-4215-97EC-519A0FCCE78A}
C:\Users\Administrator\AppData\Local\{4B0F4A4E-C58B-45C0-B9EE-3E205F88D48C}
C:\Users\Administrator\AppData\Local\{4FE2AAF6-C9E5-4220-A3D7-44E37DA78593}
C:\Users\Administrator\AppData\Local\{516A245A-4CF1-45F2-B6C1-FFA1668867B9}
C:\Users\Administrator\AppData\Local\{54BF6CD8-EF00-4F05-88AF-BE8A8C7D57F2}
C:\Users\Administrator\AppData\Local\{5A2D7A89-FE12-41DE-B980-2F15DDC59C68}
C:\Users\Administrator\AppData\Local\{5ADC6745-18D5-48D6-A7F6-43B4F6D46270}
C:\Users\Administrator\AppData\Local\{64EF97F3-237E-4909-ADA9-6F691B8C12B7}
C:\Users\Administrator\AppData\Local\{65A3CCA2-A52D-4044-81AA-F5F8FAE87000}
C:\Users\Administrator\AppData\Local\{66730AC5-CA56-4878-B72E-7D1F02C7031D}
C:\Users\Administrator\AppData\Local\{6B4EB875-61C1-41BF-8B32-7263B2F05AA6}
C:\Users\Administrator\AppData\Local\{6BAB8522-1F18-4CEF-813C-87DF274AAA57}
C:\Users\Administrator\AppData\Local\{717CB766-39FA-4306-9E52-50C6AE8B272E}
C:\Users\Administrator\AppData\Local\{722BCC32-E5C6-40EE-A2B7-0A41A34C6651}
C:\Users\Administrator\AppData\Local\{7527EFCD-5DB4-41DB-86A5-E79FD0A1A227}
C:\Users\Administrator\AppData\Local\{75300B5F-7982-44A4-B9B2-0698C4D1116A}
C:\Users\Administrator\AppData\Local\{75A03AD0-2CEB-4192-8B42-A57C5E9B2B5D}
C:\Users\Administrator\AppData\Local\{76093289-3731-4A7D-9FE8-CFFCAB86EF93}
C:\Users\Administrator\AppData\Local\{766759F8-C1FD-4D5F-A42B-B5F9730ED5DF}
C:\Users\Administrator\AppData\Local\{771C199C-5F07-4C20-99BB-AE449E5A8740}
C:\Users\Administrator\AppData\Local\{78BD8308-48B0-4E8C-B554-391E0F18D6D1}
C:\Users\Administrator\AppData\Local\{7ADA1DCE-55B9-475B-BEDB-94727BFDD54F}
C:\Users\Administrator\AppData\Local\{8A0AEE9B-62D0-457A-AC14-FB0B002432FF}
C:\Users\Administrator\AppData\Local\{8A123F00-9F55-4946-86C7-44C0097AFEF9}
C:\Users\Administrator\AppData\Local\{8C4A6FCF-4BD7-49D8-9AA2-72977C16F6A3}
C:\Users\Administrator\AppData\Local\{90792A94-4413-4143-9A9C-9A6AC23E39DE}
C:\Users\Administrator\AppData\Local\{91D1B4ED-AADF-4579-8523-B3495F2EEBDA}
C:\Users\Administrator\AppData\Local\{920DD6A5-69B1-4562-8F33-9D8A0B7FAC8F}
C:\Users\Administrator\AppData\Local\{9247270B-0F32-4E74-A2EB-98149A57CF2A}
C:\Users\Administrator\AppData\Local\{94BFF466-644F-4FF0-B05B-D57D2B1CBA09}
C:\Users\Administrator\AppData\Local\{9A110C86-EE87-4A22-8657-0F0007DB7236}
C:\Users\Administrator\AppData\Local\{9C0CCA38-9F45-48AC-8065-B0190D2D031C}
C:\Users\Administrator\AppData\Local\{9EEC293B-32D3-4965-8298-9869132BE939}
C:\Users\Administrator\AppData\Local\{9F1EAA2B-DBFF-48BC-AB50-0A19AE023E65}
C:\Users\Administrator\AppData\Local\{A213952B-E754-4E4E-A225-5BF25F69B432}
C:\Users\Administrator\AppData\Local\{A2F612B4-0582-4D4A-AFF4-941F13371ACB}
C:\Users\Administrator\AppData\Local\{A3FBD2E1-2892-47B5-86DE-22433395FFCF}
C:\Users\Administrator\AppData\Local\{AA55BA13-EA12-4CC4-9672-1DDCEFED4195}
C:\Users\Administrator\AppData\Local\{B3CE705C-70B1-4CEF-B597-7171DFE44356}
C:\Users\Administrator\AppData\Local\{B4D3AE5E-A3E8-4115-AF12-A22F3D5D429B}
C:\Users\Administrator\AppData\Local\{B579DA69-9FF6-4A6A-962A-7B5108465BAF}
C:\Users\Administrator\AppData\Local\{B5A3B379-5B29-4612-B771-C037C6947C1F}
C:\Users\Administrator\AppData\Local\{B5DC7548-589E-403F-8B95-8F98E4FE183B}
C:\Users\Administrator\AppData\Local\{B5E44752-DF12-4298-96FB-B9A106E4110A}
C:\Users\Administrator\AppData\Local\{B9B032CD-BE37-465F-BA27-C8EA28848543}
C:\Users\Administrator\AppData\Local\{BB53007F-A4E1-4358-B004-2E61464ED4E0}
C:\Users\Administrator\AppData\Local\{BC93551F-029C-49C3-94D3-7A5F9428EB31}
C:\Users\Administrator\AppData\Local\{BE49DB93-4084-4962-A729-C32644BE6FB2}
C:\Users\Administrator\AppData\Local\{C30DF425-2A55-43F8-AAF0-BEB23571ADA7}
C:\Users\Administrator\AppData\Local\{C6B0393A-B50E-427F-9845-5AB2DE79612E}
C:\Users\Administrator\AppData\Local\{C82A7CCB-6DFC-4E05-B410-D3E37BC216F6}
C:\Users\Administrator\AppData\Local\{D1ACA3AB-FA11-4CF4-B312-C98FF5A65EAA}
C:\Users\Administrator\AppData\Local\{D2742A99-9B74-4B5B-949F-3A8529BE7256}
C:\Users\Administrator\AppData\Local\{D2893F87-2525-4EEB-8929-6BA02500223E}
C:\Users\Administrator\AppData\Local\{D42DE484-6FA9-452B-AFD4-ED383E2A502E}
C:\Users\Administrator\AppData\Local\{D4822EE6-FE8D-4AEC-A201-8382F635F99A}
C:\Users\Administrator\AppData\Local\{D4CB809E-564E-4F8A-A069-4E4B77088A75}
C:\Users\Administrator\AppData\Local\{D949FC9A-C85C-4F70-8E4B-F416D3FAFB59}
C:\Users\Administrator\AppData\Local\{DC70B9AA-C501-48C5-9843-1D4FB7474CBC}
C:\Users\Administrator\AppData\Local\{E0767236-DAAE-4FE4-8F42-0A5AC321A796}
C:\Users\Administrator\AppData\Local\{E12F1022-269D-4B8A-A91F-9285096EC7BD}
C:\Users\Administrator\AppData\Local\{E1C95849-4115-4E34-A3E1-B404EAAD3F9C}
C:\Users\Administrator\AppData\Local\{E61C357C-C0D2-4606-B95E-37722351C5BA}
C:\Users\Administrator\AppData\Local\{E92F31F0-C880-4B20-B20C-EFE3B5606D3E}
C:\Users\Administrator\AppData\Local\{EF33BA70-458F-4648-9708-8D5C1DBB17B1}
C:\Users\Administrator\AppData\Local\{EF6B078C-9235-45E3-B23E-79F66B6727CF}
C:\Users\Administrator\AppData\Local\{F38CAFBB-4D2C-4AFA-8A1B-FD1E4E81E239}
C:\Users\Administrator\AppData\Local\{F6EEAA49-0F70-4222-B9E1-A23D21DF05A3}
C:\Users\Administrator\AppData\Local\{F7C9AB99-7621-491A-B5CD-2B54D14E392C}
C:\Users\Administrator\AppData\Local\{F8837D2B-0C66-4BF8-BC0E-01AEEFF2940C}
C:\Users\Administrator\AppData\Local\{F979148D-5334-4481-A044-4B0AEF124389}
C:\Users\Administrator\AppData\Local\{FF57A499-EADA-45DD-88B4-659DB519FB98}
c:\windows\system32\log

Save the above as CFscript.txt and make sure you save it to the same location (should be on your Desktop) as ComboFix.exe
At this point, you MUST EXIT ALL BROWSERS NOW before continuing!
You should have both the ComboFix.exe and CFScript.txt icons on your Desktop.
Now use your mouse to drag CFscript.txt on top of ComboFix.exe

http://img.photobucket.com/albums/v666/sUBs/CFScriptB-4.gif
Follow the prompts.
When it finishes, a log will be produced named c:\combofix.txt
I will ask for this log below

Note:

Do not mouseclick combofix's window while it is running. That may cause it to stall.

If after running Combofix you discover none of your programs will open up, and you recieve the following error: "Illegal operation attempted on a registry key that has been marked for deletion". Then the answer is to REBOOT the machine, and all will be corrected.

Now run the C:\MGtools\GetLogs.bat file by double clicking on it. (Right click and run as admin if using Vista or Windows7) Then attach the new C:\MGlogs.zip file that will be created by running this.

Saken · Jul 5, 2011

I'm having a bit of a problem now, i had to hold the power button again for the computer to shut down, but now it is stuck at the welcome screen when booting up, although the loading bar next to Welcome is moving..

Saken · Jul 5, 2011

I left it on for a while now, and i got a BSOD, and i wrote down the error message:

DRIVER_POWER_STATE_FAILURE

STOP: 0x0000009F (0x00000003, 0x87539AE0, 0x87539AE0, 0x8594FC58)

:S

Sorry for the double post, i couldn't find where to edit my previous post, however, strangely, i can edit this post :|
Please do not take it as a bump, i did not intend for this to be a bump.

Kestrel13! · Jul 6, 2011

Hi can you update me as to what is happening? Are you able to boot at all? Even safe mode?

Saken · Jul 6, 2011

Hi thanks for all the help so far, i tried booting another time and before the windows login i got another bsod it was:

MEMORY_MANAGEMENT
STOP: 0x0000001A

The third time i booted it up and successfully and got the log for combofix, but i have no internet access on the computer now so i cant attach it. I have not run mgtools again, yet as i wanted to post these problems first.

Kestrel13! · Jul 6, 2011

Go ahead and finish my instructions in post #8 after the CF step. Then attach the C:\MGlogs.zip. You'll have to transfer the logs over to a flashdrive or CD and attach here using another computer if yours has no internet access. Hopefully the Combofix log will be included in the MGlogs.zip and I can see if it decided to remove anything that could have cause the loss of your internet connection.

Saken · Jul 6, 2011

Here are the logs

Saken · Jul 6, 2011

Just a quick update, after many hours of trying to fix the internet connection myself, i found that all i simply needed to do was re-type my default gateway into the properties of my IPV4 connection.

However, this may be a temporary solution and am open to any proper solutions

chaslang · Jul 6, 2011

Saken said: ↑

Just a quick update, after many hours of trying to fix the internet connection myself, i found that all i simply needed to do was re-type my default gateway into the properties of my IPV4 connection.
Click to expand...

Yes based on your nwktst.txt log in the MGlogs.zip file, I can see your default gateway was missing. Make sure that your PC is properly setup to use DHCP also make sure that your router is working properly to serve DHCP info. You should not have to enter this unless you are using static addressing and based on your log, you have DHCP disabled which is likely not what you want.

Kestrel13! · Jul 6, 2011

What issues remain?

Saken · Jul 6, 2011

In response to chaslang, i am using static addressing, however i have no idea what this DHCP business is about, could you elaborate?

The computer is running faster now, and based on the final logs given, could you guys tell me if i should run the final steps now?

chaslang · Jul 6, 2011

Saken said: ↑

In response to chaslang, i am using static addressing, however i have no idea what this DHCP business is about, could you elaborate?
Click to expand...

Why would you do this? Normal home applications would almost always use DHCP. See the below for a reasonable description.

http://en.wikipedia.org/wiki/Dynamic_Host_Configuration_Protocol

Saken · Jul 6, 2011

Ah, i see, initially i thought i had to use static addressing to properly port-forward a few ports in order to host a few games online.

I'm not sure why DHCP is disabled, that's probably the reason i couldn't host in the first place :|

Should I re-enable it? Or will it mess up my ability to host because i have a static address? Also how would i re-enable it again?

chaslang · Jul 6, 2011

I cannot help you with your gaming but I don't think you need to disable DHCP to use games. Routers have port forwarding capabilities. If you are hosting something to others on the internet and need your IP to be static, you will need to get your ISP to give you a static address and this is not normal for a home user. Putting a static address on your PC for you side of the router, does not put a static address on the internet side.

Go into your Networks Connections and change the Internet Protocal (TCP/IP) settings so that you Obtain an IP address automatically. The same should be set for your DNS server.

Saken · Jul 6, 2011

http://portforward.com/english/routers/port_forwarding/Netgear/DG834PN/Warcraft_III.htm

This is what i followed to make my address static, as it specifically stated that the only way to port forward on my router was to make my IP static.

chaslang · Jul 6, 2011

Okay then in order to allow this on your computer's side of the router, you will have to keep your computer setup for a static connection but this means you will have to always keep track to make sure your settings do not get modified like they were this time.

Note that this only changes your local address ( on your side of the router ) to be static. This allows the port forwarding feature of your router to know which PC to send the packets to for the ports being forwarded.

Saken · Jul 6, 2011

Thanks for that, chaslang
Am I in the clear to do the final steps of the clean up?

chaslang · Jul 6, 2011

You're welcome. Yes you can complete the below.

If you are not having any other malware problems, it is time to do our final steps:

We recommend you keep SUPERAntiSpyware and Malwarebytes Anti-Malware for scanning/removal of malware. Unless you purchase them, they provide no protection. They do not use any significant amount of resources ( except a little disk space ) until you run a scan.

If we had you use ComboFix, uninstall ComboFix (This uninstall will only work as written if you installed ComboFix on your Desktop like we requested.)

Click START then RUN and enter the below into the run box and then click OK. Note the quotes are required

"%userprofile%\Desktop\combofix" /uninstall

Notes: The space between the combofix" and the /uninstall, it must be there.

This will uninstall ComboFix and also reset hidden files and folders settings back to Windows defaults.

Go back to step 6 oof the READ ME and renable your Disk Emulation software with Defogger if you had disabled it.

Any other miscellaneous tools we may have had you install or download can be uninstalled and deleted.

If we had you download any registry patches like fixme.reg or fixWLK.reg (or any others), you can delete these files now.

If running Vista or Win 7, it is time to make sure you have reenabled UAC by double clicking on the C:\MGtools\enableUAC.reg file and allowing it to be added to the registry.

Go to add/remove programs and uninstall HijackThis.

Goto the C:\MGtools folder and find the MGclean.bat file. Double click on this file to run this cleanup program that will remove files and folders
related to MGtools and some other items from our cleaning procedures.

If you are running Win 7, Vista, Windows XP or Windows ME, do the below:

Refer to the cleaning procedures pointed to by step 7 of the READ ME
for your Window version and see the instructions to Disable System Restore which will flush your Restore Points.

Then reboot and Enable System Restore to create a new clean Restore Point.

After doing the above, you should work thru the below link:

How to Protect yourself from malware!

Saken · Jul 6, 2011

Thanks again chaslang and Kestrel13! for all the help

Kestrel13! mentioned a third party startup manager that i might be interested in, could you recommend me one?

chaslang · Jul 6, 2011

You're welcome.

Saken said: ↑

Kestrel13! mentioned a third party startup manager that i might be interested in, could you recommend me one?
Click to expand...

From step 4 of the READ & RUN ME.

Dealing with Startup Process

Checkup

Saken Private E-2

Attached Files:

Kestrel13! Super Malware Fighter - Major Dilemma Staff Member

Saken Private E-2

Attached Files:

Kestrel13! Super Malware Fighter - Major Dilemma Staff Member

Saken Private E-2

Kestrel13! Super Malware Fighter - Major Dilemma Staff Member

Saken Private E-2

Attached Files:

Kestrel13! Super Malware Fighter - Major Dilemma Staff Member

Saken Private E-2

Saken Private E-2

Kestrel13! Super Malware Fighter - Major Dilemma Staff Member

Saken Private E-2

Kestrel13! Super Malware Fighter - Major Dilemma Staff Member

Saken Private E-2

Attached Files:

Saken Private E-2

chaslang MajorGeeks Admin - Master Malware Expert Staff Member

Kestrel13! Super Malware Fighter - Major Dilemma Staff Member

Saken Private E-2

chaslang MajorGeeks Admin - Master Malware Expert Staff Member

Saken Private E-2

chaslang MajorGeeks Admin - Master Malware Expert Staff Member

Saken Private E-2

chaslang MajorGeeks Admin - Master Malware Expert Staff Member

Saken Private E-2

chaslang MajorGeeks Admin - Master Malware Expert Staff Member

Saken Private E-2

chaslang MajorGeeks Admin - Master Malware Expert Staff Member

Useful Searches