Disabled internet, no volume, windows classic theme

Please put ComboFix directly on your desktop!! It needs to be run from there.

Please disable all anti-virus and anti-spyware programs while we do the following (re-enable when you are finished):

* Make sure that combofix.exe that you downloaded while doing the READ & RUN ME is on your Desktop but Do not run it!
If it is not on your Desktop, the below will not work.
* Also make sure you have shut down all protection software (antivirus, antispyware...etc) or they may get in the way of allowing ComboFix to run properly.
* If ComboFix tells you it needs to update to a new version, make sure you allow it to update.
* Open Notepad and copy/paste the text in the below code box into it (make sure you scroll all the way down in the code box to get all lines selected ):

Code:

KILLALL::

File::
C:\Windows\1cUWTTc4e
C:\Windows\1euCH41Y2
C:\Windows\1fQKO
C:\Windows\1Vi1Y22E
C:\Windows\2Qvsv
C:\Windows\3tvJyeq
C:\Windows\4IWYB
C:\Windows\5hJOk1N
C:\Windows\5pmmsMdNFo
C:\Windows\74eKv
C:\Windows\7msMUWiACu
C:\Windows\7TtKhaDt2e
C:\Windows\8nngEoL
C:\Windows\8UHe2P
C:\Windows\8xuuEFl
C:\Windows\a1PWcH
C:\Windows\ABrHyOQF
C:\Windows\AHDL41
C:\Windows\bMgNPtp6
C:\Windows\bnGVMejdQS
C:\Windows\csaYl7Vra4
C:\Windows\CVkCg6GGje
C:\Windows\dTU6n3qcO
C:\Windows\dVgu63
C:\Windows\dWmqNQboc
C:\Windows\eDFchX7Gu
C:\Windows\eVOOvF
C:\Windows\FtuUKI7tLO
C:\Windows\GcCSso
C:\Windows\GDfBH3qm
C:\Windows\GJX5lU7
C:\Windows\Gniqh2
C:\Windows\gUu2n5
C:\Windows\hkwRCVmf3P
C:\Windows\Hvo7kUU
C:\Windows\hwvfAj
C:\Windows\Iul4M
C:\Windows\k1atV
C:\Windows\l2X358N
C:\Windows\lnE1ok7SVo
C:\Windows\mrq5K4P
C:\Windows\Mv8FNpV2hK
C:\Windows\mYDaRfcd
C:\Windows\nJtf64j
C:\Windows\NxQK1
C:\Windows\oemKQGlTS
C:\Windows\oHjigD3tfi
C:\Windows\OmW4hGUmrl
C:\Windows\pA8P1O
C:\Windows\pyxFWS2S
C:\Windows\qRgYu374
C:\Windows\r7WdPkmtN
C:\Windows\RCLHfsoVKo
C:\Windows\Sg8JQhcb
C:\Windows\sGVbix
C:\Windows\SL4Gxd
C:\Windows\SnAF2h
C:\Windows\sXQAwehfl
C:\Windows\tfHvVM
C:\Windows\tNbbFn
C:\Windows\TOx3x5Y
C:\Windows\uhbYm
C:\Windows\VfboROYGFY
C:\Windows\VQjKpNoC
C:\Windows\VQJPHi
C:\Windows\W2CS2
C:\Windows\wkxxch3S
C:\Windows\WtQPnivy6
C:\Windows\WXtYjgGvWB
C:\Windows\XJ5lf4C
C:\Windows\Y4uGYpB

RegLock::
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)

* Save the above as CFscript.txt and make sure you save it to the same location (should be on your Desktop) as ComboFix.exe
* At this point, you MUST EXIT ALL BROWSERS NOW before continuing!
* You should have both the ComboFix.exe and CFScript.txt icons on your Desktop.
If it asks you to overide the previous file with the same name, click YES.
* Now use your mouse to drag CFscript.txt on top of ComboFix.exe
http://img.photobucket.com/albums/v666/sUBs/CFScriptB-4.gif
* Follow the prompts.
* When it finishes, a log will be produced named c:\combofix.txt
* I will ask for this log below

Note:

Do not mouseclick combofix's window while it is running. That may cause it to stall.

Note: If after running Combofix you discover none of your programs will open up, and you recieve the following error: "Illegal operation attempted on a registry key that has been marked for deletion". Then the answer is to REBOOT the machine, and all will be corrected.

Now run the C:\MGtools\GetLogs.bat file by double clicking on it (Note: if using Vista, don't double click, use right click and select Run As Administrator).

Then attach the below logs:

* C:\ComboFix.txt
* C:\MGlogs.zip

 

Not a problem. Hope it goes well.

 

That's why we often try to fix and rid you of the malware since doing a reinstall can sometimes create more problems than doing the malware removal.

 

Good luck, if you run into problems, do post in the software forum.