Hi.
I got an access denied when I attempted to enable all items in his startup menu in MSCONFIG.
Not a problem I think, in this instance it may have just been that Norton Internt Security attempted to hinder the changes as apparently this can occur with XP and the aforementioned installed/active etc.
Backup the Registry:
Modifying the Registry can create unforeseen problems, so it always wise to create a backup before doing so.
Click on Start >> Run...(or the Windows key and R together) to bring up the Run box and and copy and paste in:
Code:
"C:\Program Files\ERUNT\ERUNT.EXE" %SystemRoot%\ERDNT\SN-Backup2
And then click on OK.
Custom OTL Script:
- Double-click OTL.exe to start the program.
- Copy the lines from the codebox to the clipboard by highlighting ALL of them and pressing CTRL + C (or, after highlighting, right-click and choose Copy):
Code:
:Commands
[CreateRestorePoint]
:Reg
[-HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\CTFMON.EXE]
[-HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\HotKeysCmds]
[-HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\IgfxTray]
[-HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\KernelFaultCheck]
[-HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\Persistence]
[-HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\SigmatelSysTrayApp]
[-HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\TkBellExe]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"APSDaemonl"=-
"hpqSRMon"=-
"HPUsageTrackingLEDM"=-
"ITSecMng"=-
"LogitechCommunicationsManager"=-
"LogitechQuickCamRibbon"=-
"MaxMenuMgr"=-
"vProt"=-
[HKEY_USERS\S-1-5-21-1229272821-1500820517-682003330-1003\Run]
"MediaGet2"=-
:Files
C:\Program Files\AVG
C:\Program Files\AVG Secure Search
C:\Program Files\MediaGet2
C:\WINDOWS\tasks\ROC_JAN2013_TB_rmv.job
C:\Documents and Settings\Dan Kamin\Local Settings\Application Data\MediaGet2
:Commands
[ResetHosts]
[EmptyTemp]
- Return to OTL, right-click in the Custom Scans/Fixes window (under the cyan bar) and choose Paste.
- Then click the red Run Fix button.
- Let the program run unhindered.
- If OTL asks to reboot your computer, allow it to do so. The report should appear in Notepad after the reboot.
Note: The logfile can also be located C: >> _OTL >> MovedFiles >> DD/DD/DD TT/TT.txt <-- denotes date/time log created.
Malwarebytes Anti-Malware:
- Launch the application, Check for Updates >> Perform quick scan.
- When the scan is complete, click OK, then Show Results to view the results.
- Be sure that everything is checked, and click Remove Selected.
- When completed, a log will open in Notepad. please copy and paste the log into your next reply.
Note: If MBAM encounters a file that is difficult to remove, you will be presented with 1 of 2 prompts, click OK to either and let MBAM proceed with the disinfection process, if asked to restart the computer, please do so immediately. Failure to reboot will prevent MBAM from removing all the malware.
Scan with TDSSKiller:
Please download TDSSKiller to the desktop.
- Double-click on TDSSKiller.exe to launch it.
- When the window opens, click on Change Parameters
- Under Additional options, select both Verify driver digital signatures & Detect TDLFS File System >> OK
- Click on Start Scan, the scan will run.
- When the scan has finished, if it finds anything please click on the drop down arrow next to Cure and select Skip
- A Report will have been created by TDSSKiller in the root directory C:\
- To find the log go to Start >> My Computer > C:
- Post the contents of that log in your next reply please.
Note: Do not have TDSSKiller remove anything if found at this point in time!
Next:
When completed the above, please post back the following in the order asked for:
- How is the computer performing now, any further symptoms and or problems encountered?
- OTL Log from the Custom Script.
- Malwarebytes Anti-Malware Log.
- TDSSKiller Log.