Can't do Win update, Network not connecting automatically.. need HELP!!!

Solar · Aug 17, 2011

Hi guys!

Before reading, I already have the same post in the "Software" section and someone suggested me to post it here instead. I'm gonna go try and delete the other one.

How are you doing? I'm writing you today because I have a very weird problem. It's a little time now that my little Old laptop (that was working fantastic before, running Win 7) and still running Win7 but it's been like two months that the problem occur and suddenly, I do not really recall what cause this, but suddenly I was not (still not) able to do any Windows update (and use to be able before) i'm gettint Error (followed with numbers)...
So I searched thu the net with these Code Number Error to find a solution and followed the solutions and Nada.
I'm not even able to start Live Messenger and to ace it all, my internect Wifi connection that I had configured and put the Code that my laptop use to connect automatically when I arrive home or at work, since then I have to go and manually connect my Wifi.

So I'm coming here because I know here is the Best place and asking for help and what would be the steps that I should start by to follow and be able to regain all these things I use to do before?

Thank you very much for any assistance. Appreciate in advance,

Regards,

L

Solar · Aug 17, 2011

Please find attached my SuperAntispyware Log results.

I will be posting more while following all the steps with all the Softwares I have to install.

Thank you guys in advance for your help

Solar · Aug 18, 2011

Here is my Malwarebytes Log

dr.moriarty · Aug 18, 2011

Hello, Solar

Because our work queue actually works the oldest threads first, you are actually delaying receiving help by making multiple posts.

Please complete the steps in the READ & RUN ME FIRST. Malware Removal Guide and attach ALL of the remaining requested logs in your next reply.

Thanks!
dr.m

Solar · Aug 18, 2011

@dr.moriarty THank you for the notice and advice.

Here I am, I did follow all the Read&RunME note and steps till the end and I'm attaching here all the results.

Although, ONLY MGtools did NOT work and I of course made sure I had UAC off, all Antivirus and Firewall OFF... everything possible. Everytime I run Mgtool, I see that DOS window appear and disappear very quickly. I even followed the step to Run as Admin of course the "GetLogs.Bat" and still same thing, quick DOS window appear and disappear.

SO I think there is a problem indeed. Also note that when I went to Run "RootRepeal", there was a problem and you will see in the log. I was NOT able to do the SCAN. See in log file

Please find attached here the other logs.

Thank you for your precious time and help

dr.moriarty · Aug 19, 2011

Hello, Solar

Step 1:
Please click Start, All Program, Accessories and you will see ( among other things ) a Command Prompt entry. Enter the below commands at the command prompt each followed by the enter key. The bold black are commands. The purple is merely informational.

Right click the Command Prompt entry and select Run As Administrator.

It is critical that you run it this way.

If you do this properly, a command prompt window will open with a title of Administrator Command Prompt.

Enter the below commands at the command prompt each followed by the enter key. The bold black are commands. The purple/brown is merely informational.

cd \MGtools <-- this changes to the MGtools folder and the prompt should change to C:\MGtools>

nwktst<-- this will try to run all one scan from MGtools. Tell me what error messages, if any, you see.

GetRunKey <-- this will try to run all one scan from MGtools. Tell me what error messages, if any, you see.

ShowNew <-- this will try to run all another scan from MGtools. Tell me what error messages, if any, you see.

analyse <-- this attempts to run HijackThis. Be sure to click the Accept button twice in the license agreement popup or it will just sit there and wait.

Now look for the C:\MGlogs.zip file and attach it no matter what happened while doing the above.

* If you still unable to get a C:\MGlogs.zip, then do this:

Step 2:
Please download OTL by OldTimer, saving it to your desktop:

Close all open windows on the Task Bar. Double-click the OTL icon to start the program and let it run uninterrupted.

When the windows appears, underneath Output at the top - change it to Minimal Output.

Under the Standard Registry box, change it to All.

Check the boxes beside LOP Check and Purity Check.

Now click the Run Scan button at Top left and let the program run - the scan may take 5-10 minutes.

Do not TOUCH your keyboard until the scan completes!

It will produce two (2) logs on your desktop, one will pop up called OTL.txt and the other - Extras.txt. These logs are saved normally directly under your C:/ directory.

Now exit Notepad.

Exit OTL by clicking the [X] at top right.

Attach both OTListIt.txt and Extras.txt logs to your next reply.

Step 3:
Please download SystemLook from one of the links below and save it to your Desktop.
Download Mirror #1
Download Mirror #2
Double-click SystemLook.exe to run it.
Copy the content of the following codebox into the main textfield:
Code:
[b]:file
%systemroot%\regedit.exe[/b]
Click the Look button to start the scan.

When finished, a notepad window will open with the results of the scan. Please attach this log in your next reply.
Note: The log can also be found on your Desktop entitled SystemLook.txt

Please attach the below logs:

C:\MGlogs.zip

OTListIt.txt and Extras.txt logs <-- IF no MGlogs.zip was produced

SystemLook.txt

* Make sure you tell me if you had any problems running this procedure

dr.m

Solar · Aug 20, 2011

@dr.moriarty

How are you doing? Thank you for your support and please find here the first attached the MGlogs.zip as I'm following each step of your instructions k!

NOw i'm going to follow the other steps.

Thank you

Solar · Aug 20, 2011

Here please find the OTL & Systemlook attached files

Also, how can I edit a Post so I can attach everything in one thread? THank you

Also I followed and applied all these steps with these softwares without any ISSUE or Problem or Error.

Thank you again for your precious time

Regards,

thisisu · Aug 24, 2011

Hi Solar,

dr.m has been tied up at work and has asked that I post for him during his absence. He will review the next set of logs.
______________________________________________________________

From Programs and Features (via Control Panel), please uninstall the following:

Java(TM) 6 Update 26

Did you run Defogger as requested in Step #6 of the READ and RUN Me First?
There is no defogger.exe on your desktop and I see some traces of Daemon Tools Lite. Please complete this step and then proceed with the following:

Now we need to fix a couple of things with OTL

Double-click OTL.exe to run (Vista and Win7 right click and select Run as Administrator)

When OTL opens, copy the text in the code box below and paste it into the http://img14.imageshack.us/img14/66/otlcustomfix.png text-field.

Code:

:otl
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Security Risk Page = about:SecurityRisk
O2 - BHO: (no name) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - No CLSID value found.

Now click the http://img3.imageshack.us/img3/407/otlrunfix.png button.
OTL may ask to reboot the machine. Please do so if asked.
Click the OK button.
A report will open.
A log will be located at C:\_OTL\MovedFiles\mmddyyyy_hhmmss.log, where mmddyyyy_hhmmss is the date of the tool run.
Attach this log to your next message. (How to attach items to your post)

Now we need to make use of ComboFix by sUBs

Make sure that ComboFix.exe that you downloaded while doing the READ & RUN ME is on your desktop but do not run it!
- If it is not on your desktop, the below will not work.
Shut down all protection software (antivirus, antispyware...etc) or they may get in the way of allowing ComboFix to run properly.
Open Notepad and copy/paste the text in the below code box into Notepad:

Code:

KillAll::

File::
C:\Windows\_o5a50~1
C:\Windows\_8871~1
DirLook::
C:\ProgramData\desktop7utility
C:\ProgramData\Windows Genuine Advantage
C:\2c181247b11e990e6514db0bc0
C:\333883bd80216b7010373104
C:\aaaadb901b6b4d3b1da56c
C:\c2call
C:\e79d6185cc15b6c901ce14e456a71f29
C:\extensions
FileLook::
c:\windows\System32\mswsock.dll
Folder::
C:\Users\Administrator\Local Settings\Application Data\{02161583-67D3-4874-8193-34787FD2C81B}
C:\Users\Administrator\Local Settings\Application Data\{0389DB4B-0E23-41BC-BF3A-319B8816B4F6}
C:\Users\Administrator\Local Settings\Application Data\{04E2DA35-7906-46BC-A994-79D26EBB2775}
C:\Users\Administrator\Local Settings\Application Data\{05D629C5-E966-44C0-95BC-63A010289111}
C:\Users\Administrator\Local Settings\Application Data\{08DC522C-89E5-48BD-89BD-C458E7F0F8EC}
C:\Users\Administrator\Local Settings\Application Data\{09D704A9-ECE1-4B6A-8EDC-9F752C58E7AE}
C:\Users\Administrator\Local Settings\Application Data\{0F235371-37C5-44D8-BB8F-9C71A8A12837}
C:\Users\Administrator\Local Settings\Application Data\{0F29FE32-9692-48B0-A6B8-B06228569DDD}
C:\Users\Administrator\Local Settings\Application Data\{0F68A6D2-E822-4C65-9340-DCA76985FD30}
C:\Users\Administrator\Local Settings\Application Data\{116FE5C0-8E1E-428F-8628-4AF22044891D}
C:\Users\Administrator\Local Settings\Application Data\{11BCE8C4-A173-4081-8864-D2C2C564DD36}
C:\Users\Administrator\Local Settings\Application Data\{120CE897-AB2E-4FE8-BDF5-7634922E3F54}
C:\Users\Administrator\Local Settings\Application Data\{1268E561-97C3-424B-BD31-CC457D4297C0}
C:\Users\Administrator\Local Settings\Application Data\{12C002BD-E2FF-4FB1-A27B-67EE1AD4BE06}
C:\Users\Administrator\Local Settings\Application Data\{14DC444E-A2A8-4911-8CFE-E94D842CD8AC}
C:\Users\Administrator\Local Settings\Application Data\{1606AFE3-49B3-4FFA-80DA-10E8FC2E0849}
C:\Users\Administrator\Local Settings\Application Data\{175F6EEC-512B-4D25-A060-58AD318D110A}
C:\Users\Administrator\Local Settings\Application Data\{1B5A8529-1989-4FFD-BF85-FFD73C257D7C}
C:\Users\Administrator\Local Settings\Application Data\{1B99F923-0244-43AB-B1C6-D46DF9B8F24C}
C:\Users\Administrator\Local Settings\Application Data\{1E432AB8-D19A-4099-B7D4-4E16687D36DD}
C:\Users\Administrator\Local Settings\Application Data\{21135757-4B13-47F6-A7CC-79DA8E34C42C}
C:\Users\Administrator\Local Settings\Application Data\{23D5AF33-28E8-4600-9EBF-86A85C0B2527}
C:\Users\Administrator\Local Settings\Application Data\{2469BDD0-0783-4971-B23B-1280A321F9DA}
C:\Users\Administrator\Local Settings\Application Data\{24FA150E-8BBB-4C69-B14D-B373455C1832}
C:\Users\Administrator\Local Settings\Application Data\{2585A14A-DA90-4E26-8BB8-0A79B82190DA}
C:\Users\Administrator\Local Settings\Application Data\{27309AD2-77F0-4022-BC80-4F95B383D9D3}
C:\Users\Administrator\Local Settings\Application Data\{2942830E-FFE1-4EFD-BC06-32A081386A95}
C:\Users\Administrator\Local Settings\Application Data\{2AB56B17-C925-4D74-9A05-9299A72920C9}
C:\Users\Administrator\Local Settings\Application Data\{2C66389E-92E5-4D2D-98F5-E08D007A682F}
C:\Users\Administrator\Local Settings\Application Data\{2EA2875B-FD8C-49C5-85EF-5F714B5C348D}
C:\Users\Administrator\Local Settings\Application Data\{2F5F6887-621B-4451-B831-7488FCCEB19B}
C:\Users\Administrator\Local Settings\Application Data\{2FF8E1AB-1D22-435C-A02F-B58354775DF9}
C:\Users\Administrator\Local Settings\Application Data\{309B67EA-F7DE-423F-A5A9-C0837ED92C5D}
C:\Users\Administrator\Local Settings\Application Data\{31200FBA-5BEA-4BE5-9A85-41C24AED77D3}
C:\Users\Administrator\Local Settings\Application Data\{331E05B7-8DAD-4CCD-A48F-85AEA724A45D}
C:\Users\Administrator\Local Settings\Application Data\{33B31413-8DE0-4082-8B66-247AF88EBB74}
C:\Users\Administrator\Local Settings\Application Data\{33F6DF66-16C4-40C8-977B-DDA795F50521}
C:\Users\Administrator\Local Settings\Application Data\{38426081-A6FA-4EF4-A42D-E7B5FF8BA145}
C:\Users\Administrator\Local Settings\Application Data\{3AFC7B1A-9A2B-4F3A-8186-A45A0807616D}
C:\Users\Administrator\Local Settings\Application Data\{3B8309C0-B88D-44A8-9006-899E2EB3E3D0}
C:\Users\Administrator\Local Settings\Application Data\{3C700349-6171-48AD-B6BB-30C3AC6DB6D6}
C:\Users\Administrator\Local Settings\Application Data\{3D1CCA99-10E2-44A6-BF4A-0E06510D7769}
C:\Users\Administrator\Local Settings\Application Data\{3D6F0A27-58C0-4B37-BE63-0BF141DBF93F}
C:\Users\Administrator\Local Settings\Application Data\{3FD837FE-C13A-4494-822D-716681F31595}
C:\Users\Administrator\Local Settings\Application Data\{3FDFC434-1DE8-4651-9BA4-68B0976869CD}
C:\Users\Administrator\Local Settings\Application Data\{421F1B66-A2A3-4A5B-8EF5-69EC7354F6AA}
C:\Users\Administrator\Local Settings\Application Data\{42BEEA04-5886-4D64-812B-F0008FADA596}
C:\Users\Administrator\Local Settings\Application Data\{46E1D6B7-BBE9-4729-BB99-09B992262A04}
C:\Users\Administrator\Local Settings\Application Data\{482E0BC5-4670-48B0-896C-9C8B59C696CD}
C:\Users\Administrator\Local Settings\Application Data\{48E2FBB9-0944-4C46-8B6A-5B2C2B150BD4}
C:\Users\Administrator\Local Settings\Application Data\{49D44D1B-2FF0-4FA1-AB8E-B1A98FAE509E}
C:\Users\Administrator\Local Settings\Application Data\{4AC7B2E5-DFE5-4053-A1ED-C610148F1C2C}
C:\Users\Administrator\Local Settings\Application Data\{4B2CD125-7914-4FA4-9D76-ECE5714FFA6C}
C:\Users\Administrator\Local Settings\Application Data\{4B9BD1F8-AD88-4240-AB2E-35F8CE48F4B4}
C:\Users\Administrator\Local Settings\Application Data\{4C881731-2600-4146-AA29-0D3B3831626E}
C:\Users\Administrator\Local Settings\Application Data\{4CF83AC7-3E04-4806-8946-FC18F10938C9}
C:\Users\Administrator\Local Settings\Application Data\{4D4BC5F7-48AB-4B31-B4C5-11D1E5E2988C}
C:\Users\Administrator\Local Settings\Application Data\{4F1A0B3F-DC68-4BFA-9C93-9D5926358AD2}
C:\Users\Administrator\Local Settings\Application Data\{4F4B9513-E451-428A-953F-1E57C202874F}
C:\Users\Administrator\Local Settings\Application Data\{504FE896-8905-4FAF-A3B0-6537827F8EBF}
C:\Users\Administrator\Local Settings\Application Data\{5058BCAD-E22B-4E8B-91A6-4BC54359026C}
C:\Users\Administrator\Local Settings\Application Data\{50BA85FB-5E13-4CFF-968B-C9EFFC05D427}
C:\Users\Administrator\Local Settings\Application Data\{532AA4D0-5108-4919-970A-455871E84D5D}
C:\Users\Administrator\Local Settings\Application Data\{541967BE-95CB-498D-8E46-AFE981CB0FF3}
C:\Users\Administrator\Local Settings\Application Data\{54BF9A3C-678E-46FD-9406-93B162BA2E96}
C:\Users\Administrator\Local Settings\Application Data\{5736B47A-A6B1-413D-8359-152F387394B5}
C:\Users\Administrator\Local Settings\Application Data\{57419E1C-566B-4F43-AE4A-F00B1846DE6A}
C:\Users\Administrator\Local Settings\Application Data\{58131FC1-A9A5-48A2-A91E-DAE0FABEEFB7}
C:\Users\Administrator\Local Settings\Application Data\{5B509780-0420-4564-9194-53D6ACB7F1B2}
C:\Users\Administrator\Local Settings\Application Data\{5BC08AFA-771A-4FF7-B9C9-D51BDF08FAAF}
C:\Users\Administrator\Local Settings\Application Data\{5C4DA2FF-FF39-423F-A7AD-0CA73DE8619A}
C:\Users\Administrator\Local Settings\Application Data\{5D888453-A8B7-4CA1-A880-C05D55B8B1B4}
C:\Users\Administrator\Local Settings\Application Data\{5EC3980D-673B-40D0-B060-D31F3127111A}
C:\Users\Administrator\Local Settings\Application Data\{5FF7838E-5066-447B-A31F-7216C5483751}
C:\Users\Administrator\Local Settings\Application Data\{6369D4B7-2766-457B-AFE4-BB7D4FE058D4}
C:\Users\Administrator\Local Settings\Application Data\{65B1C99B-61DE-401E-8091-BC9C75FFA696}
C:\Users\Administrator\Local Settings\Application Data\{6609F3B8-EB63-4BE8-85BF-A4CE2472C659}
C:\Users\Administrator\Local Settings\Application Data\{6807FC95-97FE-4159-9E18-23147D4C5F9C}
C:\Users\Administrator\Local Settings\Application Data\{680BE2BA-64BC-4645-8A73-04ED8F7152ED}
C:\Users\Administrator\Local Settings\Application Data\{692C65AC-5847-4404-BD0E-7BED810E97B6}
C:\Users\Administrator\Local Settings\Application Data\{69667757-0F94-4B43-AEBA-62BBF88815BD}
C:\Users\Administrator\Local Settings\Application Data\{69FA73CE-472B-44C9-BD26-D7AE13AC51BC}
C:\Users\Administrator\Local Settings\Application Data\{6A5576F9-DB73-4852-A542-8AB4E968431E}
C:\Users\Administrator\Local Settings\Application Data\{71358B06-031E-46A8-B25E-B709C1393130}
C:\Users\Administrator\Local Settings\Application Data\{75F3A090-6A3A-4D52-863E-7A5CD6DA6B52}
C:\Users\Administrator\Local Settings\Application Data\{79149452-16B5-4C85-9E20-CDE687D55E21}
C:\Users\Administrator\Local Settings\Application Data\{7969C7E3-4C11-41A1-BD90-B52E8600EA1E}
C:\Users\Administrator\Local Settings\Application Data\{7A49883B-FD69-4467-B9C6-9452A0573B86}
C:\Users\Administrator\Local Settings\Application Data\{7A79AD71-8E55-4624-A619-741041F2DB84}
C:\Users\Administrator\Local Settings\Application Data\{8278FED1-F246-487D-A4A6-2EA12639B36D}
C:\Users\Administrator\Local Settings\Application Data\{82A6DB51-6CC1-4EFA-B3E3-ED93ABC8649F}
C:\Users\Administrator\Local Settings\Application Data\{82D3E3C1-57CA-4C51-B5E0-7347E5980B44}
C:\Users\Administrator\Local Settings\Application Data\{844D2017-E9A3-4198-A0B0-369A7B614D5A}
C:\Users\Administrator\Local Settings\Application Data\{851AE67D-F820-4E03-8E8F-871A93F571BB}
C:\Users\Administrator\Local Settings\Application Data\{85523895-E81D-464B-986E-B17B53DAB4EE}
C:\Users\Administrator\Local Settings\Application Data\{86EBF164-DACB-41B0-BBD9-EE5C6601BF07}
C:\Users\Administrator\Local Settings\Application Data\{882832EF-6C23-475E-91F8-620E1A94C1BF}
C:\Users\Administrator\Local Settings\Application Data\{8870064D-8B14-4876-B37C-4B2E23B24051}
C:\Users\Administrator\Local Settings\Application Data\{8A0E8F5F-CB3A-4D52-99C1-9527104D4448}
C:\Users\Administrator\Local Settings\Application Data\{8A3489BF-087B-47BC-8120-829A4D29FE50}
C:\Users\Administrator\Local Settings\Application Data\{8AABA67D-C422-42FC-BF36-E3EB33A368FC}
C:\Users\Administrator\Local Settings\Application Data\{8C0FC504-1FC3-46B5-BA2F-641C7C1788B8}
C:\Users\Administrator\Local Settings\Application Data\{8D3325C0-CD01-48A2-8C66-3CDC32C56A04}
C:\Users\Administrator\Local Settings\Application Data\{8F4E5706-705C-4829-8580-CCAE76D544B4}
C:\Users\Administrator\Local Settings\Application Data\{9038DCFD-F600-4950-804A-76608A25F713}
C:\Users\Administrator\Local Settings\Application Data\{90B0D3CB-3B51-4D4F-BC86-FDB9DDBC40BA}
C:\Users\Administrator\Local Settings\Application Data\{94EFBB42-4579-4403-85EF-F42E784B0FA5}
C:\Users\Administrator\Local Settings\Application Data\{9580B4EA-8666-412C-802C-2639EE84A452}
C:\Users\Administrator\Local Settings\Application Data\{974A6B17-77AF-487E-9535-696EBAB70EAC}
C:\Users\Administrator\Local Settings\Application Data\{98957ACE-EC18-476B-8651-07B4F95A0178}
C:\Users\Administrator\Local Settings\Application Data\{9A35BAAE-04D7-47F2-9329-E0728FDF5DCF}
C:\Users\Administrator\Local Settings\Application Data\{9AAD6149-88F6-48A7-B64B-EF81BDEA5B99}
C:\Users\Administrator\Local Settings\Application Data\{9B21775E-A432-4142-80C2-F66BF9FD20B7}
C:\Users\Administrator\Local Settings\Application Data\{9B5DB560-E886-4816-A8FD-8A44203EF89D}
C:\Users\Administrator\Local Settings\Application Data\{9BA38A26-FEF7-4DE4-A7DF-F95C573E91CB}
C:\Users\Administrator\Local Settings\Application Data\{9C6B6518-D7FE-411F-9927-E94D26F5C6F8}
C:\Users\Administrator\Local Settings\Application Data\{9C958805-DF29-49A9-A4C9-2FDBC0050B87}
C:\Users\Administrator\Local Settings\Application Data\{9CB99E11-1B1C-40FA-8BCE-F859ECC5F667}
C:\Users\Administrator\Local Settings\Application Data\{9FD294B4-D1D4-4AC9-88E2-2A277D925776}
C:\Users\Administrator\Local Settings\Application Data\{A1CD4F4A-F6A0-446E-9F5D-1954B95C53A7}
C:\Users\Administrator\Local Settings\Application Data\{A1F13A1A-BFF1-4D5F-9F73-94A9BA59F151}
C:\Users\Administrator\Local Settings\Application Data\{A50E5CC3-E704-45AF-968C-014A07B9BE3F}
C:\Users\Administrator\Local Settings\Application Data\{A5FF6B9B-B15D-43AF-95FB-74EF10068858}
C:\Users\Administrator\Local Settings\Application Data\{A63724EB-45EF-490A-8CA4-59C922069064}
C:\Users\Administrator\Local Settings\Application Data\{A8E69D30-9EE1-4BD7-9AAD-64FE0CDE329B}
C:\Users\Administrator\Local Settings\Application Data\{A943AEC2-F055-49F4-8307-E471217824E7}
C:\Users\Administrator\Local Settings\Application Data\{AD9D16EC-BE86-49EB-8822-C218AA81BBDD}
C:\Users\Administrator\Local Settings\Application Data\{ADE8CCB2-4EC7-42D3-824B-5869A8156307}
C:\Users\Administrator\Local Settings\Application Data\{B0062775-8937-46BB-8C7B-752D779BFCF7}
C:\Users\Administrator\Local Settings\Application Data\{B04D49A8-0D89-4BBA-99A3-ABB054DC2572}
C:\Users\Administrator\Local Settings\Application Data\{B1D3F0C1-BFAB-42BA-955C-D8ABED481E7B}
C:\Users\Administrator\Local Settings\Application Data\{B1FD72EC-CB6A-46CB-9A7D-D00AD3195A8B}
C:\Users\Administrator\Local Settings\Application Data\{B3B05D88-A8F2-403D-BBD9-8CCC94C042C2}
C:\Users\Administrator\Local Settings\Application Data\{B7845D2A-DD50-45FB-ADD1-3548F3D11F68}
C:\Users\Administrator\Local Settings\Application Data\{B890D00C-24C3-485B-8CC0-261032A8CA4B}
C:\Users\Administrator\Local Settings\Application Data\{BAF6CF3C-8472-4AE8-80D8-AE51B56F9286}
C:\Users\Administrator\Local Settings\Application Data\{BBA8428E-62B5-4725-B7A7-4FED2776E3C1}
C:\Users\Administrator\Local Settings\Application Data\{BBD0476F-1EE8-4673-BA7E-6F77F11BBE7F}
C:\Users\Administrator\Local Settings\Application Data\{BC8CB230-0F30-4757-A3C5-A04BEE4CE1F5}
C:\Users\Administrator\Local Settings\Application Data\{BE3957DF-B8B4-4472-9193-BD363F22B0FD}
C:\Users\Administrator\Local Settings\Application Data\{BECA7D37-7A7C-4D08-9B39-853E43723DD1}
C:\Users\Administrator\Local Settings\Application Data\{C02AE2BA-A799-48B9-965C-75F390CD2053}
C:\Users\Administrator\Local Settings\Application Data\{C2024992-29B8-4E9B-BE10-0D01112E1CA3}
C:\Users\Administrator\Local Settings\Application Data\{C3BF9ACF-F182-44A2-A5C6-F8D6F9C4800E}
C:\Users\Administrator\Local Settings\Application Data\{C4732F90-9E11-49FA-8651-C4C9D56F288F}
C:\Users\Administrator\Local Settings\Application Data\{C68FA0FE-AB0F-4D6A-BA3D-F8A9F5B986AF}
C:\Users\Administrator\Local Settings\Application Data\{C6E0D3FA-D139-4FEF-90E6-C8BA253C82AD}
C:\Users\Administrator\Local Settings\Application Data\{C6F483C8-CB70-49DD-ADAD-2314F2F402C4}
C:\Users\Administrator\Local Settings\Application Data\{C87EB702-AA04-4216-819C-3E06F37C4856}
C:\Users\Administrator\Local Settings\Application Data\{C93A8AFE-869E-4AF0-BFC4-B8CE70941306}
C:\Users\Administrator\Local Settings\Application Data\{CB3E8B8D-3845-4E90-9176-F346B4D0FF45}
C:\Users\Administrator\Local Settings\Application Data\{CBA7A27D-9FEF-4576-B0CD-E030EE3B27A9}
C:\Users\Administrator\Local Settings\Application Data\{CBD1340A-1B3F-4ADB-AFA9-D4B1AEF26A6D}
C:\Users\Administrator\Local Settings\Application Data\{CD9C12B3-1458-45BB-93D9-E04D2B6AB1D0}
C:\Users\Administrator\Local Settings\Application Data\{CDEC6A47-6464-44C0-9C2B-CC425F02210B}
C:\Users\Administrator\Local Settings\Application Data\{CF365747-D1F3-4414-B55D-CBD9DC118FE6}
C:\Users\Administrator\Local Settings\Application Data\{CF623410-72C1-415D-B02A-7B3FEC86017B}
C:\Users\Administrator\Local Settings\Application Data\{D027C370-D4CA-460C-8B37-9B01EA522643}
C:\Users\Administrator\Local Settings\Application Data\{D04CB581-BFAC-4053-A3C0-0A7998D02A34}
C:\Users\Administrator\Local Settings\Application Data\{D06D4C78-3597-4255-8EA8-5A5FF57794A8}
C:\Users\Administrator\Local Settings\Application Data\{D3280B69-0D8B-4FF6-BE4C-AE06035C6C11}
C:\Users\Administrator\Local Settings\Application Data\{D39519BE-D223-4006-B26C-A1B50EEE9687}
C:\Users\Administrator\Local Settings\Application Data\{D3F82A73-2F6C-49CD-BEB4-40ACA970FB36}
C:\Users\Administrator\Local Settings\Application Data\{D402D381-3A42-4256-96F7-BC2CDEAFF39A}
C:\Users\Administrator\Local Settings\Application Data\{D49827FE-AAC8-480B-907D-D146463EAB6E}
C:\Users\Administrator\Local Settings\Application Data\{D6CCA2E1-3C96-476B-820C-6EC218D428E5}
C:\Users\Administrator\Local Settings\Application Data\{D79A8ED2-3647-436F-B13E-1787131244E1}
C:\Users\Administrator\Local Settings\Application Data\{D852DE89-005B-4F12-9B02-5C16B8E3FEFE}
C:\Users\Administrator\Local Settings\Application Data\{D8CAE197-8125-43E3-8004-0F197EA30F44}
C:\Users\Administrator\Local Settings\Application Data\{D91C4602-BE9F-4E2D-97A6-44BB5D52AD19}
C:\Users\Administrator\Local Settings\Application Data\{DAB0FD0A-42DD-4612-8746-C5CBA9709E0C}
C:\Users\Administrator\Local Settings\Application Data\{DB513268-8718-4C52-A802-26866665B0D7}
C:\Users\Administrator\Local Settings\Application Data\{DBF240AD-1C05-4889-8A76-B968308D4773}
C:\Users\Administrator\Local Settings\Application Data\{DD92E57F-B58F-4F2E-9358-085EC70B1517}
C:\Users\Administrator\Local Settings\Application Data\{DED312F4-A632-4F0E-993D-2FA9A8384FCC}
C:\Users\Administrator\Local Settings\Application Data\{DED6CE61-DB1A-49BC-8A96-918232C7D5D7}
C:\Users\Administrator\Local Settings\Application Data\{DF8D96EC-207F-46D1-918C-4B67B4FA7AC0}
C:\Users\Administrator\Local Settings\Application Data\{E2C0E523-150B-4712-AC99-69429FA32E74}
C:\Users\Administrator\Local Settings\Application Data\{E3CCC1A2-6AD5-4EE3-BE5D-ACA4A7E55CF3}
C:\Users\Administrator\Local Settings\Application Data\{E5DB9C31-BC81-4DF5-9ABF-88A14F159B5A}
C:\Users\Administrator\Local Settings\Application Data\{ED2B3AF3-4AD5-448D-9840-C66018D34D75}
C:\Users\Administrator\Local Settings\Application Data\{ED3D447A-4BAC-421C-B33F-71912D791EFB}
C:\Users\Administrator\Local Settings\Application Data\{EE2F65E2-8AE0-4A86-91B6-45FD1ADF4CDD}
C:\Users\Administrator\Local Settings\Application Data\{EFAD746B-A42D-4714-B504-D6A188A99A3A}
C:\Users\Administrator\Local Settings\Application Data\{F0F1D025-17E8-46B0-A6E0-602D9F960082}
C:\Users\Administrator\Local Settings\Application Data\{F2C02AE8-8B22-4875-AF0B-B0C554909616}
C:\Users\Administrator\Local Settings\Application Data\{FB07393F-22A4-4D53-8631-74DBF3654C9D}
C:\Users\Administrator\Local Settings\Application Data\{FB26E530-E683-4A19-8F7E-0402A570B994}
C:\Users\Administrator\AppData\Local\{5C4DA2FF-FF39-423F-A7AD-0CA73DE8619A}
C:\Users\Administrator\AppData\Local\{5D888453-A8B7-4CA1-A880-C05D55B8B1B4}
C:\Users\Administrator\AppData\Local\{DED312F4-A632-4F0E-993D-2FA9A8384FCC}
RegLock::
[HKEY_USERS\S-1-5-21-2720669510-196759589-1415227905-500\Software\Microsoft\Internet Explorer\Approved Extensions]
@Denied: (2) (Administrator)
"{02478D38-C3F9-4EFB-9B51-7695ECA05670}"=hex:51,66,7a,6c,4c,1d,3b,1b,28,91,52,
   19,ce,96,92,0a,82,5b,34,d5,ed,ea,15,6b
"{9030D464-4C02-4ABF-8ECC-5164760863C6}"=hex:51,66,7a,6c,4c,1d,3b,1b,74,c8,25,
   8b,35,19,d6,0e,97,c6,13,24,77,42,20,dd
"{DBC80044-A445-435B-BC74-9C25C1C588A9}"=hex:51,66,7a,6c,4c,1d,3b,1b,54,1c,dd,
   c0,72,f1,32,07,a5,7e,de,65,c0,8f,cb,b2
"{FDAD4DA1-61A2-4FD8-9C17-86F7AC245081}"=hex:51,66,7a,6c,4c,1d,3b,1b,b1,51,b8,
   e6,95,34,b1,0b,85,1d,c4,b7,ad,6e,13,9a
"{EF99BD32-C1FB-11D2-892F-0090271D4F88}"=hex:51,66,7a,6c,4c,1d,3b,1b,22,a1,8c,
   f4,cc,94,bb,55,90,25,42,d0,26,57,0c,93
"{2A541AE1-5BF6-4665-A8A3-CFA9672E4291}"=hex:51,66,7a,6c,4c,1d,3b,1b,f1,06,41,
   31,c1,0e,0c,02,b1,a9,8d,e9,66,64,01,8a
[HKEY_USERS\S-1-5-21-2720669510-196759589-1415227905-500\Software\Microsoft\Internet Explorer\ApprovedExtensionsMigration]
@Denied: (2) (Administrator)
"Timestamp"=hex:f9,83,80,0f,2e,f0,cb,01
[HKEY_USERS\S-1-5-21-2720669510-196759589-1415227905-500\Software\Microsoft\Internet Explorer\User Preferences]
@Denied: (2) (Administrator)
"88D7D0879DAB32E14DE5B3A805A34F98AFF34F5977"=hex:01,00,00,00,d0,8c,9d,df,01,15,
   d1,11,8c,7a,00,c0,4f,c2,97,eb,01,00,00,00,af,af,a9,7d,46,2c,64,44,b1,e4,3a,\
"2D53CFFC5C1A3DD2E97B7979AC2A92BD59BC839E81"=hex:01,00,00,00,d0,8c,9d,df,01,15,
   d1,11,8c,7a,00,c0,4f,c2,97,eb,01,00,00,00,af,af,a9,7d,46,2c,64,44,b1,e4,3a,\
[HKEY_USERS\S-1-5-21-2720669510-196759589-1415227905-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.3g2\UserChoice]
@Denied: (2) (Administrator)
"Progid"="WMP11.AssocFile.3G2"
[HKEY_USERS\S-1-5-21-2720669510-196759589-1415227905-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.3gp\UserChoice]
@Denied: (2) (Administrator)
"Progid"="WMP11.AssocFile.3GP"
[HKEY_USERS\S-1-5-21-2720669510-196759589-1415227905-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.3gp2\UserChoice]
@Denied: (2) (Administrator)
"Progid"="WMP11.AssocFile.3G2"
[HKEY_USERS\S-1-5-21-2720669510-196759589-1415227905-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.3gpp\UserChoice]
@Denied: (2) (Administrator)
"Progid"="WMP11.AssocFile.3GP"
[HKEY_USERS\S-1-5-21-2720669510-196759589-1415227905-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.AAC\UserChoice]
@Denied: (2) (Administrator)
"Progid"="WMP11.AssocFile.ADTS"
[HKEY_USERS\S-1-5-21-2720669510-196759589-1415227905-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.ADT\UserChoice]
@Denied: (2) (Administrator)
"Progid"="WMP11.AssocFile.ADTS"
[HKEY_USERS\S-1-5-21-2720669510-196759589-1415227905-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.ADTS\UserChoice]
@Denied: (2) (Administrator)
"Progid"="WMP11.AssocFile.ADTS"
[HKEY_USERS\S-1-5-21-2720669510-196759589-1415227905-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.aif\UserChoice]
@Denied: (2) (Administrator)
"Progid"="WMP11.AssocFile.AIFF"
[HKEY_USERS\S-1-5-21-2720669510-196759589-1415227905-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.aifc\UserChoice]
@Denied: (2) (Administrator)
"Progid"="WMP11.AssocFile.AIFF"
[HKEY_USERS\S-1-5-21-2720669510-196759589-1415227905-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.aiff\UserChoice]
@Denied: (2) (Administrator)
"Progid"="WMP11.AssocFile.AIFF"
[HKEY_USERS\S-1-5-21-2720669510-196759589-1415227905-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.asf\UserChoice]
@Denied: (2) (Administrator)
"Progid"="WMP11.AssocFile.ASF"
[HKEY_USERS\S-1-5-21-2720669510-196759589-1415227905-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.asx\UserChoice]
@Denied: (2) (Administrator)
"Progid"="WMP11.AssocFile.ASX"
[HKEY_USERS\S-1-5-21-2720669510-196759589-1415227905-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.au\UserChoice]
@Denied: (2) (Administrator)
"Progid"="WMP11.AssocFile.AU"
[HKEY_USERS\S-1-5-21-2720669510-196759589-1415227905-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.avi\UserChoice]
@Denied: (2) (Administrator)
"Progid"="WMP11.AssocFile.AVI"
[HKEY_USERS\S-1-5-21-2720669510-196759589-1415227905-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.cda\UserChoice]
@Denied: (2) (Administrator)
"Progid"="WMP11.AssocFile.CDA"
[HKEY_USERS\S-1-5-21-2720669510-196759589-1415227905-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.htm\UserChoice]
@Denied: (2) (Administrator)
"Progid"="ChromeHTML"
[HKEY_USERS\S-1-5-21-2720669510-196759589-1415227905-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.html\UserChoice]
@Denied: (2) (Administrator)
"Progid"="ChromeHTML"
[HKEY_USERS\S-1-5-21-2720669510-196759589-1415227905-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.m1v\UserChoice]
@Denied: (2) (Administrator)
"Progid"="WMP11.AssocFile.MPEG"
[HKEY_USERS\S-1-5-21-2720669510-196759589-1415227905-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.m2t\UserChoice]
@Denied: (2) (Administrator)
"Progid"="WMP11.AssocFile.M2TS"
[HKEY_USERS\S-1-5-21-2720669510-196759589-1415227905-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.m2ts\UserChoice]
@Denied: (2) (Administrator)
"Progid"="WMP11.AssocFile.M2TS"
[HKEY_USERS\S-1-5-21-2720669510-196759589-1415227905-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.m2v\UserChoice]
@Denied: (2) (Administrator)
"Progid"="WMP11.AssocFile.MPEG"
[HKEY_USERS\S-1-5-21-2720669510-196759589-1415227905-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.m3u\UserChoice]
@Denied: (2) (Administrator)
"Progid"="WMP11.AssocFile.m3u"
[HKEY_USERS\S-1-5-21-2720669510-196759589-1415227905-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.m4a\UserChoice]
@Denied: (2) (Administrator)
"Progid"="WMP11.AssocFile.M4A"
[HKEY_USERS\S-1-5-21-2720669510-196759589-1415227905-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.m4v\UserChoice]
@Denied: (2) (Administrator)
"Progid"="WMP11.AssocFile.MP4"
[HKEY_USERS\S-1-5-21-2720669510-196759589-1415227905-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.mht\UserChoice]
@Denied: (2) (Administrator)
"Progid"="Opera.HTML"
[HKEY_USERS\S-1-5-21-2720669510-196759589-1415227905-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.mhtml\UserChoice]
@Denied: (2) (Administrator)
"Progid"="Opera.HTML"
[HKEY_USERS\S-1-5-21-2720669510-196759589-1415227905-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.mid\UserChoice]
@Denied: (2) (Administrator)
"Progid"="WMP11.AssocFile.MIDI"
[HKEY_USERS\S-1-5-21-2720669510-196759589-1415227905-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.midi\UserChoice]
@Denied: (2) (Administrator)
"Progid"="WMP11.AssocFile.MIDI"
[HKEY_USERS\S-1-5-21-2720669510-196759589-1415227905-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.mkv\UserChoice]
@Denied: (2) (Administrator)
"Progid"="VLC.mkv"
[HKEY_USERS\S-1-5-21-2720669510-196759589-1415227905-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.mod\UserChoice]
@Denied: (2) (Administrator)
"Progid"="WMP11.AssocFile.MPEG"
[HKEY_USERS\S-1-5-21-2720669510-196759589-1415227905-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.mov\UserChoice]
@Denied: (2) (Administrator)
"Progid"="VLC.mov"
[HKEY_USERS\S-1-5-21-2720669510-196759589-1415227905-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.mp2\UserChoice]
@Denied: (2) (Administrator)
"Progid"="WMP11.AssocFile.MP3"
[HKEY_USERS\S-1-5-21-2720669510-196759589-1415227905-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.mp2v\UserChoice]
@Denied: (2) (Administrator)
"Progid"="WMP11.AssocFile.MPEG"
[HKEY_USERS\S-1-5-21-2720669510-196759589-1415227905-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.mp3\UserChoice]
@Denied: (2) (Administrator)
"Progid"="VLC.mp3"
[HKEY_USERS\S-1-5-21-2720669510-196759589-1415227905-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.mp4\UserChoice]
@Denied: (2) (Administrator)
"Progid"="WMP11.AssocFile.MP4"
[HKEY_USERS\S-1-5-21-2720669510-196759589-1415227905-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.mp4v\UserChoice]
@Denied: (2) (Administrator)
"Progid"="WMP11.AssocFile.MP4"
[HKEY_USERS\S-1-5-21-2720669510-196759589-1415227905-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.mpa\UserChoice]
@Denied: (2) (Administrator)
"Progid"="WMP11.AssocFile.MPEG"
[HKEY_USERS\S-1-5-21-2720669510-196759589-1415227905-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.mpe\UserChoice]
@Denied: (2) (Administrator)
"Progid"="WMP11.AssocFile.MPEG"
[HKEY_USERS\S-1-5-21-2720669510-196759589-1415227905-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.mpeg\UserChoice]
@Denied: (2) (Administrator)
"Progid"="WMP11.AssocFile.MPEG"
[HKEY_USERS\S-1-5-21-2720669510-196759589-1415227905-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.mpg\UserChoice]
@Denied: (2) (Administrator)
"Progid"="VLC.mpg"
[HKEY_USERS\S-1-5-21-2720669510-196759589-1415227905-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.mpv2\UserChoice]
@Denied: (2) (Administrator)
"Progid"="WMP11.AssocFile.MPEG"
[HKEY_USERS\S-1-5-21-2720669510-196759589-1415227905-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.mts\UserChoice]
@Denied: (2) (Administrator)
"Progid"="WMP11.AssocFile.M2TS"
[HKEY_USERS\S-1-5-21-2720669510-196759589-1415227905-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.nfo\UserChoice]
@Denied: (2) (Administrator)
"Progid"="Applications\\notepad.exe"
[HKEY_USERS\S-1-5-21-2720669510-196759589-1415227905-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.plist\UserChoice]
@Denied: (2) (Administrator)
"Progid"="Applications\\notepad.exe"
[HKEY_USERS\S-1-5-21-2720669510-196759589-1415227905-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.rmi\UserChoice]
@Denied: (2) (Administrator)
"Progid"="WMP11.AssocFile.MIDI"
[HKEY_USERS\S-1-5-21-2720669510-196759589-1415227905-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.shtml\UserChoice]
@Denied: (2) (Administrator)
"Progid"="ChromeHTML"
[HKEY_USERS\S-1-5-21-2720669510-196759589-1415227905-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.snd\UserChoice]
@Denied: (2) (Administrator)
"Progid"="WMP11.AssocFile.AU"
[HKEY_USERS\S-1-5-21-2720669510-196759589-1415227905-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.ts\UserChoice]
@Denied: (2) (Administrator)
"Progid"="WMP11.AssocFile.TTS"
[HKEY_USERS\S-1-5-21-2720669510-196759589-1415227905-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.tts\UserChoice]
@Denied: (2) (Administrator)
"Progid"="WMP11.AssocFile.TTS"
[HKEY_USERS\S-1-5-21-2720669510-196759589-1415227905-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.wav\UserChoice]
@Denied: (2) (Administrator)
"Progid"="WMP11.AssocFile.WAV"
[HKEY_USERS\S-1-5-21-2720669510-196759589-1415227905-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.wax\UserChoice]
@Denied: (2) (Administrator)
"Progid"="WMP11.AssocFile.WAX"
[HKEY_USERS\S-1-5-21-2720669510-196759589-1415227905-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.wm\UserChoice]
@Denied: (2) (Administrator)
"Progid"="WMP11.AssocFile.ASF"
[HKEY_USERS\S-1-5-21-2720669510-196759589-1415227905-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.wma\UserChoice]
@Denied: (2) (Administrator)
"Progid"="WMP11.AssocFile.WMA"
[HKEY_USERS\S-1-5-21-2720669510-196759589-1415227905-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.wmd\UserChoice]
@Denied: (2) (Administrator)
"Progid"="WMP11.AssocFile.WMD"
[HKEY_USERS\S-1-5-21-2720669510-196759589-1415227905-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.wms\UserChoice]
@Denied: (2) (Administrator)
"Progid"="WMP11.AssocFile.WMS"
[HKEY_USERS\S-1-5-21-2720669510-196759589-1415227905-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.wmv\UserChoice]
@Denied: (2) (Administrator)
"Progid"="WMP11.AssocFile.WMV"
[HKEY_USERS\S-1-5-21-2720669510-196759589-1415227905-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.wmx\UserChoice]
@Denied: (2) (Administrator)
"Progid"="WMP11.AssocFile.ASX"
[HKEY_USERS\S-1-5-21-2720669510-196759589-1415227905-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.wmz\UserChoice]
@Denied: (2) (Administrator)
"Progid"="WMP11.AssocFile.WMZ"
[HKEY_USERS\S-1-5-21-2720669510-196759589-1415227905-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.wpl\UserChoice]
@Denied: (2) (Administrator)
"Progid"="WMP11.AssocFile.WPL"
[HKEY_USERS\S-1-5-21-2720669510-196759589-1415227905-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.wvx\UserChoice]
@Denied: (2) (Administrator)
"Progid"="WMP11.AssocFile.WVX"
[HKEY_USERS\S-1-5-21-2720669510-196759589-1415227905-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.xht\UserChoice]
@Denied: (2) (Administrator)
"Progid"="ChromeHTML"
[HKEY_USERS\S-1-5-21-2720669510-196759589-1415227905-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.xhtm\UserChoice]
@Denied: (2) (Administrator)
"Progid"="Opera.HTML"
[HKEY_USERS\S-1-5-21-2720669510-196759589-1415227905-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.xhtml\UserChoice]
@Denied: (2) (Administrator)
"Progid"="ChromeHTML"
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
"MSCurrentCountry"=dword:000000b5
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0001\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)

Save the above as CFScript.txt and make sure you save it to the same location (should be on your desktop) as ComboFix.exe
At this point, you must exit all browsers now before continuing!
You should have both the ComboFix.exe and CFScript.txt icons on your desktop.
Now use your mouse to drag CFScript.txt on top of ComboFix.exe.
http://img.photobucket.com/albums/v666/sUBs/CFScriptB-4.gif
This shall launch ComboFix.
Note: Do not mouse-click ComboFix's window while it is running. That may cause it to stall.
Allow ComboFix to update itself if prompted.
When it finishes, a log will be produced at C:\ComboFix.txt
Note: If after running ComboFix you discover none of your programs will open up because you receive the following error: Illegal operation attempted on a registry key that has been marked for deletion then you will need to reboot your computer which will normally fix this problem.
Attach this log to your next message. (How to attach items to your post)

Now we need to run TDSSKiller by Kaspersky
Follow the instructions here and attach your log when you are finished. (How to attach items to your post)

Please download MBRCheck by GeeksToGo to your desktop.
See the download links under this icon http://forums.majorgeeks.com/chaslang/images/MGDownloadLoc.gif

Double click MBRCheck.exe to run (Vista and Win7 right click and select Run as Administrator)
It will show a Black screen with some information that will contain either the below line if no problem is found:
- Done! Press ENTER to exit...
Or you will see more information like below if a problem is found:
- Found non-standard or infected MBR.
- Enter 'Y' and hit ENTER for more options, or 'N' to exit:
Either way, just choose to exit the program at this point since we want to see only the scan results to begin with.
MBRCheck will create a log named similar to MBRCheck_07.16.10_00.32.33.txt which is random based on date and time.
Attach this log to your next message. (How to attach items to your post)

Now install the current version of Sun Java from: Sun Java Runtime Environment

Now we need to get a new OTL log.

Double-click OTL.exe to run (Vista and Win7 right click and select Run as Administrator)
When OTL opens, change the Output (at the top-right portion of the program) to Minimal Output.
Put check-marks in LOP Check and Purity Check.
Now click the http://img171.imageshack.us/img171/2405/runscanotl.png button.

When the scan is complete, a log entitled OTL.txt will be created on your desktop.
Attach this log to your next message. (How to attach items to your post)

Now run C:\MGtools\GetLogs.bat by double-clicking it (Vista and Win7 right-click and select Run as Administrator)
Then attach C:\MGlogs.zip to your next message. (How to attach items to your post)
Notes:

This will automatically update all the logs inside MGlogs.zip
Make sure you click Accept on the License Agreement from Trend Micro HiJackThis - v2.0.4 twice if prompted.

*** Let me know how the PC is running after you have completed these steps! ***

Solar · Aug 26, 2011

@thisisu

Thank you very much. I'm going to follow all the steos starting now and will report back.

Thank you again for the great support,

Appreciate

Solar · Aug 26, 2011

Solar said: ↑

@thisisu

Thank you very much. I'm going to follow all the steos starting now and will report back.

Thank you again for the great support,

Appreciate
Click to expand...

Edit: I have a situation problem here. After I finished the ComboFix Script steps, it asked me to Reboot my computer and I did. Once Logged back in, every browser on my desktop such as Chrome, Firefox, IE can not Start, I get the following msg " Illegal operation attempted on a registry key that has been marked for Deletion".
Then after I tried to go to Next Step with running "TDSSKiller.exe" and when I tried to run this one as Admin, I got the same msg above.
I then tried to rename it (123...com) and run it and Hit run and Got the same msg above.

So before I go on to other steps, I prefer to report this here and wait for further procedures.

Thank you again for All

dr.moriarty · Aug 26, 2011

Hello, Solar

Once Logged back in, every browser on my desktop such as Chrome, Firefox, IE can not Start, I get the following msg " Illegal operation attempted on a registry key that has been marked for Deletion".
Click to expand...

*If after running Combofix you discover none of your programs will open up, and you receive the following error: "Illegal operation attempted on a registry key that has been marked for deletion", then you will need to reboot your computer which will normally fix this problem.

Then continue on with the remaining steps that thisisu gave.

dr.m

Solar · Aug 26, 2011

Hello @dr.moriarty

Again before anything, thank you for the great support and patience.

PLease find here attached all the .LOG files of the latest steps I had to follow posted by @thisisu from you.

I will be of course uploading the last two missing Will after reboot my system and will report back how its working, if my network connection is working as supposed to and remembering the ID and if I can log into Live messenger and if I can do Windows Updates etc..

Thank you again for ALL

Solar · Aug 26, 2011

Solar said: ↑

Hello @dr.moriarty

Again before anything, thank you for the great support and patience.

PLease find here attached all the .LOG files of the latest steps I had to follow posted by @thisisu from you.

I will be of course uploading the last two missing Will after reboot my system and will report back how its working, if my network connection is working as supposed to and remembering the ID and if I can log into Live messenger and if I can do Windows Updates etc..

Thank you again for ALL
Click to expand...

PLease find here the two missing files.

Also I want to say that I just rebooted my computer after following ALL these steps and My Wifi connection did NOT connected itself. I had to put the password manually for it to connect. I'm gonna try to restart the computer again and see if it will work. And after Will try to see if "Live messenger and updates are working " etc... ok!

Thanx

Solar · Aug 26, 2011

There we go....

After rebooting after finishing the latest steps I attached the logs here, my computer still is NOT able to automatically connect itself to the Wifi as it use to do before. Even when I go to update my Microsoft Security and or try to Troubleshoot the Wifi issue, i'm getting these msg:

There was a problem starting werconcpl.dll (specified module could not be found)

Here is msg i get when I try to Update My Microsoft Security Essentials
" Security Essentials Count not complete the virus & spyware definitions update due to an Internet or network connectivity issue"

But remember, the internet wifi works when I manually put the password and I can access Chrome or firefox but can not Update anything that has to do with Microsoft, Live messenger or when I start my computer its not connecting automatically the Wifi as it used to do.

Hope these will help out as infos

Thank you again

dr.moriarty · Aug 30, 2011

Hello, Solar

Is this file something you created? c:\c2call\startup.bat

Using Add/Remove - uninstall
Messenger Plus <--- should have been uninstalled in Step 5 of the R&R ME FIRST guide

Now we need to use ComboFix.

Make sure that combofix.exe that you downloaded while doing the READ & RUN ME is on your Desktop but Do not run it!

If it is not on your Desktop, the below will not work.

Make sure you have shut down all protection software (antivirus, antispyware, firewall...etc) programs so they do not interfere with the running of ComboFix. *Remember to re-start them before coming back online.

If ComboFix tells you it needs to update to a new version, make sure you allow it to update.

Open Notepad and copy/paste the text inside of the below code box into it (make sure you scroll all the way down in the code box to get all lines selected ):

KILLALL::

Driver::
NDISKIO
nsak

File::
c:\users\ADMINI~1\AppData\Local\Temp\00000cd5.nmc\nse\bin\ndiskio.sys
c:\users\ADMINI~1\AppData\Local\Temp\00000879.nmc\nse\bin\nsak.sys
c:\extensions\engine@conduit.com\setup.ini
c:\extensions\engine@conduit.com\version.txt
c:\extensions\engine@conduit.com\searchplugin\conduit.xml
c:\extensions\engine@conduit.com\searchplugin\conduit.src
c:\extensions\engine@conduit.com\searchplugin\conduit.PNG
c:\extensions\engine@conduit.com\searchplugin\conduit.ico
c:\extensions\engine@conduit.com\searchplugin\conduit.gif
c:\extensions\engine@conduit.com\lib\xpcom.js
c:\extensions\engine@conduit.com\install.rdf
c:\extensions\engine@conduit.com\defaults\unsharedAppsContextMenu.xml
c:\extensions\engine@conduit.com\defaults\postAppsContextMenu.xml
c:\extensions\engine@conduit.com\defaults\toolbarContextMenu.xml
c:\extensions\engine@conduit.com\defaults\getAppsContextMenu.xml
c:\extensions\engine@conduit.com\defaults\fbAlert.js
c:\extensions\engine@conduit.com\defaults\engineSettings.json
c:\extensions\engine@conduit.com\defaults\engineContextMenu.xml
c:\extensions\engine@conduit.com\defaults\appContextMenu.xml
c:\extensions\engine@conduit.com\defaults\alertSettingsComponent.xml
c:\extensions\engine@conduit.com\components\RadioWMPCoreGecko19.dll
c:\extensions\engine@conduit.com\components\RadioWMPCore.xpt
c:\extensions\engine@conduit.com\components\RadioWMPCore.dll
c:\extensions\engine@conduit.com\components\ConduitToolbar.xpt
c:\extensions\engine@conduit.com\components\ConduitToolbar.js
c:\extensions\engine@conduit.com\components\ConduitToolbar.idl
c:\extensions\engine@conduit.com\components\ConduitAutoCompleteSearch.xpt
c:\extensions\engine@conduit.com\components\ConduitAutoCompleteSearch.js
c:\extensions\engine@conduit.com\chrome.manifest
c:\extensions\engine@conduit.com\chrome\conduitengine.jar
c:\extensions\engine@conduit.com\META-INF\zigbert.sf
c:\extensions\engine@conduit.com\META-INF\zigbert.rsa
c:\extensions\engine@conduit.com\META-INF\manifest.mf
c:\extensions\engine@conduit.com\DualPackage\install.rdf

Folder::
c:\extensions
Click to expand...

Save the above as CFscript.txt and make sure you save it to the same location (should be on your Desktop) as ComboFix.exe

At this point, you MUST EXIT ALL BROWSERS NOW before continuing!

You should have both the ComboFix.exe and CFScript.txt icons on your Desktop.
If it asks you to overide the previous file with the same name, click YES.

Now use your mouse to drag CFscript.txt on top of ComboFix.exe
http://img.photobucket.com/albums/v666/sUBs/CFScriptB-4.gif

Follow the prompts.

When it finishes, a log will be produced named c:\combofix.txt

Notes:
Do not mouseclick combofix's window while it is running. That may cause it to stall.

*If after running Combofix you discover none of your programs will open up, and you receive the following error: "Illegal operation attempted on a registry key that has been marked for deletion", then you will need to reboot your computer which will normally fix this problem.

Please run this online scanner and attach the results.

Using ESET's Online Scanner

Then run the C:\MGtools\GetLogs.bat file by double clicking on it (Note: if using Vista or Windows 7, use right click and select Run As Administrator).

Please attach the new C:\MGlogs.zip file and the ESETscan.txt to your next reply.

* Make sure you tell me if you had any problems running this procedure; and answer this - "What malware problems are you still experiencing?"

dr.m

Solar · Aug 30, 2011

@dr.m

"Is this file something you created? c:\c2call\startup.bat" about this file, I haven't created nothing and don't know how this file arrived in my system.

I'm going to follow your new steps procedure and will report everything back.

Thank you again,

Solar · Aug 30, 2011

Solar said: ↑

@dr.m

"Is this file something you created? c:\c2call\startup.bat" about this file, I haven't created nothing and don't know how this file arrived in my system.

I'm going to follow your new steps procedure and will report everything back.

Thank you again,
Click to expand...

Edit: I just finished the first steps with Combo Fix etc... now I downloaded EST Online Scanner and started it and My Wifi (internet connection is working I know because I can run Chrome or Firefox) but Now that I'm running ESET OS is, its at Step 2 and its saying "Can not get update. Is Proxy configured?"

What should I do from here? Thank @dr.m

Solar · Aug 30, 2011

@dr.m

Here I am finally. First i'd like to know how do Erase a Post if i happen to have a double or something?

Now please find here the results of the latest steps procedure you asked me to do. I need to let you know that during the procedure, I had 1 error message about "Microsoft .Net Framework" and the message goes like this:

" Unhandled exception has occured in your application. Process with ID of 1950 is not running" something like this. But I was able to continue and finish all the procedure you asked me to do.

YOu will attached the results. after this I'm gonna go and restart my computer and see if the Automatic Wifi problem still there and or if I can do any update to my Windows and so on.

Once again, thank you for your time and patience.

Regards,

Solar · Aug 30, 2011

@dr.m

Here I am after restarting my computer from the procedure I followed that I posted the result above.

First thing, when I restarted my computer, My Wifi could not connect automatically like it used to do.

So I decided to do a normal troubleshoot so I can send you a screenshot of the result.

Also I tried to do a normal MS Essential update and as you can see in the screenshot attached, not possible because of Network problem.

Note that I do can Connect Manually my Wifi and it works. What I mean by it works, I can use Chrome, Firefox etc.... matter of fact i'm using the computer with these problem to write you and upload you the attached files.

Hope this will help

Thank you

thisisu · Sep 4, 2011

Hi Solar,

Thanks for being so patient. I will help you until dr.m is available again.

It looks like Microsoft Security Essentials is corrupted as your ComboFix log doesn't even show that it is functioning (Disabled or Enabled). So this next fix below will also include removing any traces of MSE. I will have you reinstall it in a later step below.

First, uninstall MSE from Programs and Features (via Control Panel)

Now download MicrosoftFixit50535.msi to your desktop. -- This will remove more traces of MSE.

Run MicrosoftFixit50535.msi from Normal Mode by right-mouse clicking it and selecting Run as administrator.

Follow the prompts.

If asked to reboot, please do so now.

Now we need to make use of ComboFix by sUBs

Make sure that ComboFix.exe that you downloaded while doing the READ & RUN ME is on your desktop but do not run it!

If it is not on your desktop, the below will not work.

Shut down all protection software (antivirus, antispyware...etc) or they may get in the way of allowing ComboFix to run properly.

Open Notepad and copy/paste the text in the below code box into Notepad:
Code:
KillAll::
File::
c:\program files\Microsoft Security Client\Antimalware\MsMpEng.exe
c:\program files\Microsoft Security Client\msseces.exe
c:\windows\system32\MpEngineStore\MpKsl051a76d6.sys
c:\windows\system32\MpEngineStore\MpKsl24837564.sys
c:\windows\system32\MpEngineStore\MpKsl384e793a.sys
c:\windows\system32\MpEngineStore\MpKsl4e2a1738.sys
c:\windows\system32\MpEngineStore\MpKsl6be4d0f1.sys
c:\windows\system32\MpEngineStore\MpKsle9796dc7.sys
c:\windows\system32\DRIVERS\MpNWMon.sys
c:\windows\system32\MpEngineStore\MpKsl3c0c7f49.sys
c:\windows\system32\MpEngineStore\MpKslb1ccf686.sys
c:\windows\system32\DRIVERS\NisDrvWFP.sys
c:\program files\Microsoft Security Client\Antimalware\NisSrv.exe
c:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\{6DF60D85-190A-4F42-926B-4B0781428306}\mpengine.dll
Folder::
C:\c2call
c:\ProgramData\Microsoft\Microsoft Antimalware
c:\program files\Microsoft Security Client
FileLook::
C:\Windows\en-US\regedit.exe.mui
C:\Windows\Prefetch\REGEDIT.EXE-90FEEA06.pf
C:\Windows\winsxs\x86_microsoft-windows-r..ry-editor.resources_31bf3856ad364e35_6.1.7600.16385_en-us_faa7931f6412d619\regedit.exe.mui
C:\Windows\winsxs\x86_microsoft-windows-registry-editor.resources_31bf3856ad364e35_6.1.7600.16385_en-us_faa7931f6412d619\regedit.exe.mui
Registry::
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"MSC"=-
Driver::
MpKsl051a76d6
MpKsl24837564
MpKsl384e793a
MpKsl4e2a1738
MpKsl6be4d0f1
MpKsle9796dc7
MpNWMon
MpKsl3c0c7f49
MpKslb1ccf686
NisSrv
NisDrv
RegLock::
[HKEY_USERS\S-1-5-21-2720669510-196759589-1415227905-500\Software\Microsoft\Internet Explorer\Approved Extensions]
@Denied: (2) (Administrator)
"{DBC80044-A445-435B-BC74-9C25C1C588A9}"=hex:51,66,7a,6c,4c,1d,3b,1b,54,1c,dd,
   c0,72,f1,32,07,a5,7e,de,65,c0,8f,cb,b2
"{2A541AE1-5BF6-4665-A8A3-CFA9672E4291}"=hex:51,66,7a,6c,4c,1d,3b,1b,f1,06,41,
   31,c1,0e,0c,02,b1,a9,8d,e9,66,64,01,8a
Save the above as CFScript.txt and make sure you save it to the same location (should be on your desktop) as ComboFix.exe

At this point, you must exit all browsers now before continuing!

You should have both the ComboFix.exe and CFScript.txt icons on your desktop.

Now use your mouse to drag CFScript.txt on top of ComboFix.exe.
http://img.photobucket.com/albums/v666/sUBs/CFScriptB-4.gif

This shall launch ComboFix.
Note: Do not mouse-click ComboFix's window while it is running. That may cause it to stall.

Allow ComboFix to update itself if prompted.

When it finishes, a log will be produced at C:\ComboFix.txt
Note: If after running ComboFix you discover none of your programs will open up because you receive the following error: Illegal operation attempted on a registry key that has been marked for deletion then you will need to reboot your computer which will normally fix this problem.

Attach this log to your next message. (How to attach items to your post)

Now go to the Microsoft Security Essentials website

Click the orange Download it free* today > button.
If asked to choose your operating system, select Windows Vista/Windows 7 32-bit

Download this to your desktop.

Run mseinstall_x86_vista_7.exe by right-mouse clicking and selecting Run as administrator.

If you still have trouble updating it (it should try to update on its own right after installation).
Download this if you are having trouble >> Latest Virus Definitions for MSE (mpam-fe.exe)

Save this to your desktop.

Run mpam-fe.exe

Follow the prompts

MSE should now be green/good/ready.

Now answer the following:

What program are you using to pick up wireless signals / to connect to wireless.

Are you using any other than the default Windows 7 wireless configuration?

The picture below is the default interface:
http://www.maximumpc.com/files/u21826/W7-Wireless01.png

Let me know what problems you are still having in your next message.

Solar · Sep 6, 2011

@thisisu

Thank you so much for taking the time to help me out. And I will be patient. I'm going to proceed and follow the new steps you've suggested me to do and will report back.

Thank you again all of you

Appreciate

Solar · Sep 6, 2011

thisisu said: ↑
Hi Solar,

Thanks for being so patient. I will help you until dr.m is available again.

It looks like Microsoft Security Essentials is corrupted as your ComboFix log doesn't even show that it is functioning (Disabled or Enabled). So this next fix below will also include removing any traces of MSE. I will have you reinstall it in a later step below.

First, uninstall MSE from Programs and Features (via Control Panel)

Now download MicrosoftFixit50535.msi to your desktop. -- This will remove more traces of MSE.

Run MicrosoftFixit50535.msi from Normal Mode by right-mouse clicking it and selecting Run as administrator.

Follow the prompts.

If asked to reboot, please do so now.

Now we need to make use of ComboFix by sUBs

Make sure that ComboFix.exe that you downloaded while doing the READ & RUN ME is on your desktop but do not run it!

If it is not on your desktop, the below will not work.

Shut down all protection software (antivirus, antispyware...etc) or they may get in the way of allowing ComboFix to run properly.

Open Notepad and copy/paste the text in the below code box into Notepad:
Code:
KillAll::
File::
c:\program files\Microsoft Security Client\Antimalware\MsMpEng.exe
c:\program files\Microsoft Security Client\msseces.exe
c:\windows\system32\MpEngineStore\MpKsl051a76d6.sys
c:\windows\system32\MpEngineStore\MpKsl24837564.sys
c:\windows\system32\MpEngineStore\MpKsl384e793a.sys
c:\windows\system32\MpEngineStore\MpKsl4e2a1738.sys
c:\windows\system32\MpEngineStore\MpKsl6be4d0f1.sys
c:\windows\system32\MpEngineStore\MpKsle9796dc7.sys
c:\windows\system32\DRIVERS\MpNWMon.sys
c:\windows\system32\MpEngineStore\MpKsl3c0c7f49.sys
c:\windows\system32\MpEngineStore\MpKslb1ccf686.sys
c:\windows\system32\DRIVERS\NisDrvWFP.sys
c:\program files\Microsoft Security Client\Antimalware\NisSrv.exe
c:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\{6DF60D85-190A-4F42-926B-4B0781428306}\mpengine.dll
Folder::
C:\c2call
c:\ProgramData\Microsoft\Microsoft Antimalware
c:\program files\Microsoft Security Client
FileLook::
C:\Windows\en-US\regedit.exe.mui
C:\Windows\Prefetch\REGEDIT.EXE-90FEEA06.pf
C:\Windows\winsxs\x86_microsoft-windows-r..ry-editor.resources_31bf3856ad364e35_6.1.7600.16385_en-us_faa7931f6412d619\regedit.exe.mui
C:\Windows\winsxs\x86_microsoft-windows-registry-editor.resources_31bf3856ad364e35_6.1.7600.16385_en-us_faa7931f6412d619\regedit.exe.mui
Registry::
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"MSC"=-
Driver::
MpKsl051a76d6
MpKsl24837564
MpKsl384e793a
MpKsl4e2a1738
MpKsl6be4d0f1
MpKsle9796dc7
MpNWMon
MpKsl3c0c7f49
MpKslb1ccf686
NisSrv
NisDrv
RegLock::
[HKEY_USERS\S-1-5-21-2720669510-196759589-1415227905-500\Software\Microsoft\Internet Explorer\Approved Extensions]
@Denied: (2) (Administrator)
"{DBC80044-A445-435B-BC74-9C25C1C588A9}"=hex:51,66,7a,6c,4c,1d,3b,1b,54,1c,dd,
   c0,72,f1,32,07,a5,7e,de,65,c0,8f,cb,b2
"{2A541AE1-5BF6-4665-A8A3-CFA9672E4291}"=hex:51,66,7a,6c,4c,1d,3b,1b,f1,06,41,
   31,c1,0e,0c,02,b1,a9,8d,e9,66,64,01,8a
Save the above as CFScript.txt and make sure you save it to the same location (should be on your desktop) as ComboFix.exe

At this point, you must exit all browsers now before continuing!

You should have both the ComboFix.exe and CFScript.txt icons on your desktop.

Now use your mouse to drag CFScript.txt on top of ComboFix.exe.
http://img.photobucket.com/albums/v666/sUBs/CFScriptB-4.gif

This shall launch ComboFix.
Note: Do not mouse-click ComboFix's window while it is running. That may cause it to stall.

Allow ComboFix to update itself if prompted.

When it finishes, a log will be produced at C:\ComboFix.txt
Note: If after running ComboFix you discover none of your programs will open up because you receive the following error: Illegal operation attempted on a registry key that has been marked for deletion then you will need to reboot your computer which will normally fix this problem.

Attach this log to your next message. (How to attach items to your post)

Now go to the Microsoft Security Essentials website

Click the orange Download it free* today > button.
If asked to choose your operating system, select Windows Vista/Windows 7 32-bit

Download this to your desktop.

Run mseinstall_x86_vista_7.exe by right-mouse clicking and selecting Run as administrator.

If you still have trouble updating it (it should try to update on its own right after installation).
Download this if you are having trouble >> Latest Virus Definitions for MSE (mpam-fe.exe)

Save this to your desktop.

Run mpam-fe.exe

Follow the prompts

MSE should now be green/good/ready.

Now answer the following:

What program are you using to pick up wireless signals / to connect to wireless.

Are you using any other than the default Windows 7 wireless configuration?

The picture below is the default interface:
http://www.maximumpc.com/files/u21826/W7-Wireless01.png

Let me know what problems you are still having in your next message.
Click to expand...
@thisisu

Here I am back with the results. Find attached the ComboFix log. Also wanted to mentioned to you that I tried to install back MSE after uninstalling it as you suggested etc.. and check the error I got in the attached screnshot.

And regarding my wireless, been always (before even the problem started) using Windows 7 wireless configuration

Please let me know if any other steps we need to do be able to fix these issues.

Much appreciated

thisisu · Sep 6, 2011

Hi Solar,

Well all I can tell you at this point is that this is not a malware related issue.

I looked up the latest error code you received and thought you should check these links out if you haven't already:

http://support.microsoft.com/kb/976982 - FixIt Tool included.

http://computingondemand.com/error-code0x80070643-when-installing-mse

http://answers.microsoft.com/en-us/...ror-code/6e32fbe4-da39-460b-b27b-05018c937a39

The wireless not connecting should be a setting in Network Connections

http://compnetworking.about.com/od/wirelesshotspots/qt/noautoconnect.htm

http://answers.microsoft.com/en-us/...-network/fa63592b-d821-48a5-a6fa-9b06a575c194

http://www.7tutorials.com/how-connect-wireless-networks

If you are not having any other malware problems, it is time to do our final steps:

We recommend you keep SUPERAntiSpyware and Malwarebytes Anti-Malware for scanning/removal of malware. Unless you purchase them, they provide no protection. They do not use any significant amount of resources ( except a little disk space ) until you run a scan.

If we had you use ComboFix, uninstall ComboFix (This uninstall will only work as written if you installed ComboFix on your Desktop like we requested.)

Click START then RUN and enter the below into the run box and then click OK. Note the quotes are required

"%userprofile%\Desktop\combofix" /uninstall

Notes: The space between the combofix" and the /uninstall, it must be there.

This will uninstall ComboFix and also reset hidden files and folders settings back to Windows defaults.

Go back to step 6 oof the READ ME and renable your Disk Emulation software with Defogger if you had disabled it.

Any other miscellaneous tools we may have had you install or download can be uninstalled and deleted.

If we had you download any registry patches like fixme.reg or fixWLK.reg (or any others), you can delete these files now.

If running Vista, it is time to make sure you have reenabled UAC by double clicking on the C:\MGtools\enableUAC.reg file and allowing it to be added to the registry.

Go to add/remove programs and uninstall HijackThis if it present

Goto the C:\MGtools folder and find the MGclean.bat file. Double click on this file to run this cleanup program that will remove files and folders
related to MGtools and some other items from our cleaning procedures.

If you are running Win 7, Vista, Windows XP or Windows ME, do the below:

Refer to the cleaning procedures pointed to by step 7 of the READ ME
for your Window version and see the instructions to Disable System Restore which will flush your Restore Points.

Then reboot and Enable System Restore to create a new clean Restore Point.

After doing the above, you should work thru the below link:

How to Protect yourself from malware!

Can't do Win update, Network not connecting automatically.. need HELP!!!

Solar Private First Class

Solar Private First Class

Attached Files:

Solar Private First Class

Attached Files:

dr.moriarty Malware Super Sleuth Staff Member

Solar Private First Class

Attached Files:

dr.moriarty Malware Super Sleuth Staff Member

Solar Private First Class

Attached Files:

Solar Private First Class

Attached Files:

thisisu Malware Consultant

Solar Private First Class

Solar Private First Class

dr.moriarty Malware Super Sleuth Staff Member

Solar Private First Class

Attached Files:

Solar Private First Class

Attached Files:

Solar Private First Class

dr.moriarty Malware Super Sleuth Staff Member

Solar Private First Class

Solar Private First Class

Solar Private First Class

Attached Files:

Solar Private First Class

Attached Files:

thisisu Malware Consultant

Solar Private First Class

Solar Private First Class

Attached Files:

thisisu Malware Consultant

Useful Searches