Topic: Exception Processing Message - ready to throw computer at brick wall
View Single Post
  #32  
Old January 9th, 2008, 10:37 PM
Jintan's Avatar
Jintan Jintan is offline
Cyber Tech Help Moderator
  
Join Date: Dec 2004
Posts: 52,284
Very non-standard changes have been made there. I can never keep on top of which of those online gambling gaming programs are on the up and up, but I do know it is a very, very short list indeed. And you have a very many showing as installed there - more than most I have seen. I would recommend at some point uninstalling the lot, then slowly and carefully choose which to use again based on thorough web search info.


Code:
REGEDIT4

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer]
"ClearRecentDocsOnExit"=-

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\{533C5B84-EC70-11D2-9505-00C04F79DEAF}]
@=""
Open Notepad and copy and paste the above text (inside the box) into the text file. Now go to File > Save As and call it fixer.reg. Where it says "Files of Type", select All Files and click on Save. Exit Notepad, double-click on the file and ok the prompt asking if you wish to merge the file with your registry.

-------------------------------

Then let's make another run at these bad services and files- the logs show many running processes "hooked" but some other hidden function so far.

Open Notepad (Start-Run, type notepad and then OK) and copy the following text into a new file:

Code:
@echo off
net start gmer
gmer.exe -del service NATServices
gmer.exe -del service roawiy
gmer.exe -del service snhuqt
gmer.exe -del reg "HKLM\SYSTEM\CurrentControlSet\Services\NATServices"
gmer.exe -del reg "HKLM\SYSTEM\CurrentControlSet\Services\roawiy"
gmer.exe -del reg "HKLM\SYSTEM\CurrentControlSet\Services\snhuqt"
gmer.exe -del file "C:\WINDOWS\system32\mschkdsk.exe"
gmer.exe -del file "C:\Program Files\Internet Explorer\3776.EXE"
gmer.exe -reboot
Save the file to the desktop as remg.bat and make sure the "Save as type" field says "All files".

================================

Reboot into Safe Mode (at startup tap the F8 key and select Safe Mode).


Then click on the remg.bat file you created earlier. If you get error popups just okay each one. When the fix completes the computer will reboot.

------------------------

After the reboot run the same CFScript as provided earlier again, and if successful post back that ComboFix.txt log. If you get the same truncated log file run ComboFix after without using CFScript and post it instead please.