Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Google Redirect Virus with Firefox


  • This topic is locked This topic is locked
26 replies to this topic

#1 broman55

broman55

  • Members
  • 14 posts
  • OFFLINE
  •  
  • Local time:10:31 PM

Posted 01 September 2010 - 04:31 PM

I've had some trouble trying to get rid of this virus with no luck. Here is the DDS log. I've had trouble running GMER, it crashed under normal operation (blue screen of death while scanning) so I ran it in safe mode. Any and all help would be appreciated, thank you!

DDS Log

DDS (Ver_10-03-17.01) - NTFSx86
Run by broman55 at 0:45:27.88 on Wed 09/01/2010
Internet Explorer: 7.0.6000.17037
AV: AVG Anti-Virus Free *On-access scanning enabled* (Updated) {17DDD097-36FF-435F-9E1B-52D74245D6BF}
SP: AVG Anti-Virus Free *enabled* (Updated) {17DDD097-36FF-435F-9E1B-52D74245D6BF}
SP: Windows Defender *disabled* (Updated) {D68DDC3A-831F-4FAE-9E44-DA132C1ACF46}

============== Running Processes ===============


============== Pseudo HJT Report ===============

uStart Page = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=EN_US&c=71&bd=Pavilion&pf=laptop
mStart Page = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=EN_US&c=71&bd=Pavilion&pf=laptop
mDefault_Page_URL = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=EN_US&c=71&bd=Pavilion&pf=laptop
uInternet Settings,ProxyOverride = <local>
uInternet Settings,ProxyServer = http=127.0.0.1:5555
uURLSearchHooks: AVG Security Toolbar BHO: {a3bc75a2-1f87-4686-aa43-5347d756017c} - c:\program files\avg\avg8\toolbar\IEToolbar.dll
BHO: Adobe PDF Reader Link Helper: {06849e9f-c8d7-4d59-b87d-784b7d6be0b3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelper.dll
BHO: AVG Safe Search: {3ca2f312-6f6e-4b53-a66e-4e65e497c8c0} - c:\program files\avg\avg8\avgssie.dll
BHO: SSVHelper Class: {761497bb-d6f0-462c-b6eb-d4daf1d92d43} - c:\program files\java\jre1.6.0\bin\ssv.dll
BHO: AVG Security Toolbar BHO: {a3bc75a2-1f87-4686-aa43-5347d756017c} - c:\program files\avg\avg8\toolbar\IEToolbar.dll
TB: AVG Security Toolbar: {ccc7a320-b3ca-4199-b1a6-9f516dd69829} - c:\program files\avg\avg8\toolbar\IEToolbar.dll
uRun: [Sidebar] c:\program files\windows sidebar\sidebar.exe /autoRun
uRun: [AdobeUpdater] "c:\program files\common files\adobe\updater5\AdobeUpdater.exe"
uRun: [Google Update] "c:\users\steve handy\appdata\local\google\update\GoogleUpdate.exe" /c
mRun: [Windows Defender] %ProgramFiles%\Windows Defender\MSASCui.exe -hide
mRun: [WAWifiMessage] %ProgramFiles%\Hewlett-Packard\HP Wireless Assistant\WiFiMsg.exe
mRun: [hpWirelessAssistant] %ProgramFiles%\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe
mRun: [SunJavaUpdateSched] "c:\program files\java\jre1.6.0\bin\jusched.exe"
mRun: [IgfxTray] c:\windows\system32\igfxtray.exe
mRun: [HotKeysCmds] c:\windows\system32\hkcmd.exe
mRun: [Persistence] c:\windows\system32\igfxpers.exe
mRun: [SynTPEnh] c:\program files\synaptics\syntp\SynTPEnh.exe
mRun: [AVG8_TRAY] c:\progra~1\avg\avg8\avgtray.exe
mRun: [nmctxth] "c:\program files\common files\pure networks shared\platform\nmctxth.exe"
mRun: [nmapp] "c:\program files\pure networks\network magic\nmapp.exe" -autorun -nosplash
mRun: [QuickTime Task] "c:\program files\quicktime\QTTask.exe" -atboottime
mRun: [iTunesHelper] "c:\program files\itunes\iTunesHelper.exe"
mRun: [MSConfig] "c:\windows\system32\msconfig.exe" /auto
StartupFolder: c:\users\steveh~1\appdata\roaming\micros~1\windows\startm~1\programs\startup\onenot~1.lnk - c:\program files\microsoft office\office12\ONENOTEM.EXE
StartupFolder: c:\users\steveh~1\appdata\roaming\micros~1\windows\startm~1\programs\startup\openof~1.lnk - c:\program files\openoffice.org 2.2\program\quickstart.exe
mPolicies-system: EnableLUA = 0 (0x0)
IE: E&xport to Microsoft Excel - c:\progra~1\micros~3\office12\EXCEL.EXE/3000
IE: {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - {CAFEEFAC-0016-0000-0000-ABCDEFFEDCBC} - c:\program files\java\jre1.6.0\bin\ssv.dll
IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - c:\progra~1\micros~3\office12\ONBttnIE.dll
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\micros~3\office12\REFIEBAR.DLL
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0000-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0-windows-i586.cab
DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} - hxxp://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
DPF: {E06E2E99-0AA1-11D4-ABA6-0060082AA75C} -
DPF: {F27237D7-93C8-44C2-AC6E-D6057B9A918F} - hxxps://juniper.net/dana-cached/sc/JuniperSetupClient.cab
Handler: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - c:\program files\avg\avg8\avgpp.dll
Handler: pure-go - {4746C79A-2042-4332-8650-48966E44ABA8} - c:\program files\common files\pure networks shared\platform\puresp4.dll
Notify: igfxcui - igfxdev.dll
Hosts: 192.168.0.1 avira.com
Hosts: 192.168.0.2 bitdefender.com
Hosts: 192.168.0.3 pandasecurity.com
Hosts: 192.168.0.4 kaspersky.com
Hosts: 192.168.0.5 drweb.com

Note: multiple HOSTS entries found. Please refer to Attach.txt

================= FIREFOX ===================

FF - ProfilePath - c:\users\steveh~1\appdata\roaming\mozilla\firefox\profiles\v494mox8.default\
FF - component: c:\program files\avg\avg8\firefox\components\avgssff.dll
FF - plugin: c:\program files\java\jre1.6.0\bin\npjpi160.dll
FF - plugin: c:\program files\mozilla firefox\plugins\NPTURNMED.dll
FF - plugin: c:\program files\veetle\player\npvlc.dll
FF - plugin: c:\program files\veetle\plugins\npVeetle.dll
FF - plugin: c:\program files\veetle\vlcbroadcast\npvbp.dll
FF - plugin: c:\users\steve handy\appdata\local\google\update\1.2.183.29\npGoogleOneClick8.dll
FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\microsoft.net\framework\v3.5\windows presentation foundation\dotnetassistantextension\
FF - HiddenExtension: XULRunner: {8FE2F96D-2F74-41D7-9FF6-CB9838C7E23A} - c:\users\steve handy\appdata\local\{8FE2F96D-2F74-41D7-9FF6-CB9838C7E23A}

---- FIREFOX POLICIES ----
c:\program files\mozilla firefox\greprefs\all.js - pref("ui.use_native_colors", true);
c:\program files\mozilla firefox\greprefs\all.js - pref("ui.use_native_popup_windows", false);
c:\program files\mozilla firefox\greprefs\all.js - pref("browser.enable_click_image_resizing", true);
c:\program files\mozilla firefox\greprefs\all.js - pref("accessibility.browsewithcaret_shortcut.enabled", true);
c:\program files\mozilla firefox\greprefs\all.js - pref("javascript.options.mem.high_water_mark", 32);
c:\program files\mozilla firefox\greprefs\all.js - pref("javascript.options.mem.gc_frequency", 1600);
c:\program files\mozilla firefox\greprefs\all.js - pref("network.IDN.whitelist.lu", true);
c:\program files\mozilla firefox\greprefs\all.js - pref("network.IDN.whitelist.nu", true);
c:\program files\mozilla firefox\greprefs\all.js - pref("network.IDN.whitelist.nz", true);
c:\program files\mozilla firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgbaam7a8h", true);
c:\program files\mozilla firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgberp4a5d4ar", true);
c:\program files\mozilla firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--p1ai", true);
c:\program files\mozilla firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgbayh7gpa", true);
c:\program files\mozilla firefox\greprefs\all.js - pref("network.IDN.whitelist.tel", true);
c:\program files\mozilla firefox\greprefs\all.js - pref("network.auth.force-generic-ntlm", false);
c:\program files\mozilla firefox\greprefs\all.js - pref("network.proxy.type", 5);
c:\program files\mozilla firefox\greprefs\all.js - pref("network.buffer.cache.count", 24);
c:\program files\mozilla firefox\greprefs\all.js - pref("network.buffer.cache.size", 4096);
c:\program files\mozilla firefox\greprefs\all.js - pref("dom.ipc.plugins.timeoutSecs", 45);
c:\program files\mozilla firefox\greprefs\all.js - pref("svg.smil.enabled", false);
c:\program files\mozilla firefox\greprefs\all.js - pref("ui.trackpoint_hack.enabled", -1);
c:\program files\mozilla firefox\greprefs\all.js - pref("browser.formfill.debug", false);
c:\program files\mozilla firefox\greprefs\all.js - pref("browser.formfill.agedWeight", 2);
c:\program files\mozilla firefox\greprefs\all.js - pref("browser.formfill.bucketSize", 1);
c:\program files\mozilla firefox\greprefs\all.js - pref("browser.formfill.maxTimeGroupings", 25);
c:\program files\mozilla firefox\greprefs\all.js - pref("browser.formfill.timeGroupingSize", 604800);
c:\program files\mozilla firefox\greprefs\all.js - pref("browser.formfill.boundaryWeight", 25);
c:\program files\mozilla firefox\greprefs\all.js - pref("browser.formfill.prefixWeight", 5);
c:\program files\mozilla firefox\greprefs\all.js - pref("accelerometer.enabled", true);
c:\program files\mozilla firefox\greprefs\all.js - pref("html5.enable", false);
c:\program files\mozilla firefox\greprefs\security-prefs.js - pref("security.ssl.allow_unrestricted_renego_everywhere__temporarily_available_pref", true);
c:\program files\mozilla firefox\greprefs\security-prefs.js - pref("security.ssl.renego_unrestricted_hosts", "");
c:\program files\mozilla firefox\greprefs\security-prefs.js - pref("security.ssl.treat_unsafe_negotiation_as_broken", false);
c:\program files\mozilla firefox\greprefs\security-prefs.js - pref("security.ssl.require_safe_negotiation", false);
c:\program files\mozilla firefox\greprefs\security-prefs.js - pref("security.ssl3.rsa_seed_sha", true);
c:\program files\mozilla firefox\defaults\pref\firefox-branding.js - pref("app.update.download.backgroundInterval", 600);
c:\program files\mozilla firefox\defaults\pref\firefox-branding.js - pref("app.update.url.manual", "http://www.firefox.com");
c:\program files\mozilla firefox\defaults\pref\firefox-branding.js - pref("browser.search.param.yahoo-fr-ja", "mozff");
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("extensions.{972ce4c6-7e08-4474-a285-3208198ce6fd}.name", "chrome://browser/locale/browser.properties");
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("extensions.{972ce4c6-7e08-4474-a285-3208198ce6fd}.description", "chrome://browser/locale/browser.properties");
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("xpinstall.whitelist.add", "addons.mozilla.org");
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("xpinstall.whitelist.add.36", "getpersonas.com");
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("lightweightThemes.update.enabled", true);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("browser.allTabs.previews", false);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("plugins.hide_infobar_for_outdated_plugin", false);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("plugins.update.notifyUser", false);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("toolbar.customization.usesheet", false);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("dom.ipc.plugins.enabled.nptest.dll", true);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("dom.ipc.plugins.enabled.npswf32.dll", true);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("dom.ipc.plugins.enabled.npctrl.dll", true);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("dom.ipc.plugins.enabled.npqtplugin.dll", true);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("dom.ipc.plugins.enabled", false);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("browser.taskbar.previews.enable", false);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("browser.taskbar.previews.max", 20);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("browser.taskbar.previews.cachetime", 20);

============= SERVICES / DRIVERS ===============


=============== Created Last 30 ================

2010-09-01 00:32:21 0 d-----w- c:\program files\CCleaner
2010-08-28 06:37:55 34560 ----a-w- c:\windows\system32\drivers\Normandy.sys
2010-08-27 21:50:16 0 d-----w- c:\users\steve handy\{b248232c-2288-4262-a4e1-5b3bc023f557}
2010-08-27 21:50:07 77824 ----a-w- c:\windows\system32\drvsign.exe
2010-08-27 21:50:07 3387 ----a-w- c:\windows\system32\ndisrd.inf
2010-08-27 21:50:07 20480 ----a-w- c:\windows\system32\ndisrd.sys
2010-08-27 21:50:07 1400 ----a-w- c:\windows\system32\ndisrd_m.inf
2010-08-27 21:50:07 13824 ----a-w- c:\windows\system32\snetcfg.exe
2010-08-27 21:49:55 0 d-----w- c:\users\steveh~1\appdata\roaming\56DD2F176D84C7768E88761B7336CCF4
2010-08-19 21:52:22 0 d-----w- c:\users\steveh~1\appdata\roaming\Wireshark
2010-08-19 02:40:40 0 d-----w- c:\program files\WinPcap
2010-08-19 02:39:41 0 d-----w- c:\program files\Wireshark
2010-08-08 02:21:15 0 d-----w- c:\program files\Veetle
2010-08-07 19:01:51 8310 ----a-w- c:\users\steve handy\morgan-freeman-god.jpg

==================== Find3M ====================

2010-09-01 00:46:29 16968 ----a-w- c:\windows\system32\drivers\hitmanpro35.sys
2010-06-25 17:07:40 96784 ----a-w- c:\windows\system32\Packet.dll
2010-06-25 17:07:24 281104 ----a-w- c:\windows\system32\wpcap.dll
2010-06-25 17:03:12 53299 ----a-w- c:\windows\system32\pthreadVC.dll
2010-01-09 16:55:34 51200 ----a-w- c:\windows\inf\infpub.dat
2010-01-09 16:55:33 86016 ----a-w- c:\windows\inf\infstor.dat
2010-01-09 16:55:32 86016 ----a-w- c:\windows\inf\infstrng.dat
2008-12-10 08:22:09 174 --sha-w- c:\program files\desktop.ini
2008-06-12 08:16:10 665600 ----a-w- c:\windows\inf\drvindex.dat
2006-11-02 12:42:02 30674 ----a-w- c:\windows\inf\perflib\0409\perfd.dat
2006-11-02 12:42:02 30674 ----a-w- c:\windows\inf\perflib\0409\perfc.dat
2006-11-02 12:42:02 287440 ----a-w- c:\windows\inf\perflib\0409\perfi.dat
2006-11-02 12:42:02 287440 ----a-w- c:\windows\inf\perflib\0409\perfh.dat
2006-11-02 09:20:21 287440 ----a-w- c:\windows\inf\perflib\0000\perfi.dat
2006-11-02 09:20:21 287440 ----a-w- c:\windows\inf\perflib\0000\perfh.dat
2006-11-02 09:20:19 30674 ----a-w- c:\windows\inf\perflib\0000\perfd.dat
2006-11-02 09:20:19 30674 ----a-w- c:\windows\inf\perflib\0000\perfc.dat
2010-05-23 23:55:02 16384 --sha-w- c:\windows\serviceprofiles\localservice\appdata\local\microsoft\windows\history\history.ie5\index.dat
2010-05-23 23:55:02 32768 --sha-w- c:\windows\serviceprofiles\localservice\appdata\local\microsoft\windows\temporary internet files\content.ie5\index.dat
2010-05-23 23:55:02 16384 --sha-w- c:\windows\serviceprofiles\localservice\appdata\roaming\microsoft\windows\cookies\index.dat
2010-05-23 23:50:38 16384 --sha-w- c:\windows\serviceprofiles\networkservice\appdata\local\microsoft\windows\history\history.ie5\index.dat
2010-05-23 23:55:20 32768 --sha-w- c:\windows\serviceprofiles\networkservice\appdata\local\microsoft\windows\temporary internet files\content.ie5\index.dat
2010-05-23 23:55:20 16384 --sha-w- c:\windows\serviceprofiles\networkservice\appdata\local\temp\cookies\index.dat
2010-05-23 23:55:20 16384 --sha-w- c:\windows\serviceprofiles\networkservice\appdata\local\temp\history\history.ie5\index.dat
2010-05-23 23:55:20 32768 --sha-w- c:\windows\serviceprofiles\networkservice\appdata\local\temp\temporary internet files\content.ie5\index.dat
2010-05-23 23:50:38 16384 --sha-w- c:\windows\serviceprofiles\networkservice\appdata\roaming\microsoft\windows\cookies\index.dat

============= FINISH: 0:47:11.28 ===============

Attached Files



BC AdBot (Login to Remove)

 


#2 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:10:31 PM

Posted 01 September 2010 - 05:51 PM

Hello and Welcome to the forums!

My name is Gringo and I'll be glad to help you with your computer problems.

Somethings to remember while we are working together.

  1. Do not run any other tool untill instructed to do so!
  2. Do not Attach logs unless I ask you to.
  3. Tell me about any problems that have occurred during the fix.
  4. Tell me of any other symptoms you may be having as these can help also.
  5. Do not run anything while running a fix.
  6. Do not run any other tool untill instructed to do so!


In the upper right hand corner of the topic you will see a button called Options. If you click on this in the drop-down menu you can choose Track this topic. By doing this and then choosing Immediate E-Mail notification and then clicking on Proceed you will be advised when we respond to your topic and facilitate the cleaning of your machine.

Note** If you are having problems posting the complete log into this thread upload them here http://www.rapidshare.com/ and post the links in this thread

Please print out or make a copy in notpad of any instructions given, as sometimes it is necessary to go offline and you will lose access to them.


:run combofix:
    Please visit this webpage for download links, and instructions for running the tool:

    http://www.bleepingcomputer.com/combofix/how-to-use-combofix

    Please ensure you read this guide carefully and install the Recovery Console first.

    The Windows Recovery Console will allow you to boot up into a special recovery (repair) mode.
    This allows us to more easily help you should your computer have a problem after an attempted removal of malware.
    It is a simple procedure that will only take a few moments of your time.


    Once installed, you should see a blue screen prompt that says:
      The Recovery Console was successfully installed.
    Please continue as follows:
    • Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.
    • Click Yes to allow ComboFix to continue scanning for malware.

    When the tool is finished, it will produce a report for you.

    Please include the report in your next post:

    C:\ComboFix.txt

"information and logs"
    In your next post I need the following
    1. Log From Combofix
    2. let me know of any problems you may have had
    3. How is the computer doing now?

Gringo


I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#3 broman55

broman55
  • Topic Starter

  • Members
  • 14 posts
  • OFFLINE
  •  
  • Local time:10:31 PM

Posted 01 September 2010 - 08:56 PM

I had trouble disabling AVG Anti-Virus and ended up uninstalling the program before running ComboFix. However, sometime during or after the scan (stepped out for a second) my system attempted to restart. Currently, it has been displaying the Windows Vista "Logging Off...." screen for the past hour.

Should I wait this out or do a soft reset?

#4 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:10:31 PM

Posted 01 September 2010 - 10:38 PM

If it is still hung do a soft reset and start it up again and see if combofix starts again


Gringo
I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#5 broman55

broman55
  • Topic Starter

  • Members
  • 14 posts
  • OFFLINE
  •  
  • Local time:10:31 PM

Posted 01 September 2010 - 11:00 PM

When I start up I get an error:
"Explorer.exe - Original Not Found: The ordinal 874 could not be located in the dynamic link library SHEL32.dll" Now no windows explorer

#6 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:10:31 PM

Posted 01 September 2010 - 11:14 PM

Hello

ok restart your computer tap F8 about once a seconde while the computer is booting

it should go into advanced boot options

choose repair your computer

Select your keyboard language preferences and click on Next.

Select your user name and type in the password, and then click on OK.

Select the system recovery option you want to do - Startup Repair


If You do not have these options we will need to have the install DVD to run this

Gringo



I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#7 broman55

broman55
  • Topic Starter

  • Members
  • 14 posts
  • OFFLINE
  •  
  • Local time:10:31 PM

Posted 01 September 2010 - 11:42 PM

Gringo,

I've gone through System Repair and my computer successfully completed a system restore. I went hunting for the ComboFix.txt file but no luck.

I'm going to re-download ComboFix.exe just in case we run it again.

Let me know what you think we should do next.

ps Thanks so much for the help, I probably reply once more tomorrow morning with your recommendations, but won't be able to respond again until late Thursday night (work then class).

#8 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:10:31 PM

Posted 01 September 2010 - 11:46 PM

Yes try it once more and I want to ask did you do a system restore or did you do the startup repair?


gringo
I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#9 broman55

broman55
  • Topic Starter

  • Members
  • 14 posts
  • OFFLINE
  •  
  • Local time:10:31 PM

Posted 01 September 2010 - 11:51 PM

I did a startup repair, it then asked me if I wanted to do a system restore, which I did. I'll run ComboFix again, if I run into the same problem I'll just do the startup repair.

#10 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:10:31 PM

Posted 02 September 2010 - 12:00 AM

yes do the startup repair and come back and let me know


gringo
I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#11 broman55

broman55
  • Topic Starter

  • Members
  • 14 posts
  • OFFLINE
  •  
  • Local time:10:31 PM

Posted 02 September 2010 - 08:31 AM

Ok, good news and bad news. After running ComboFix again my computer got hung up on "logging off..." I ran Startup Repair, said there were no problems, computer tried to start, went into automatic restart then back into Startup Repair. This time, Startup Repair found problems. My computer is now booted up with the ComboFix log open (see below), however, I can't open any programs. I keep receiving the same error:

"Illegal operation attempted by a registry key marked for deletion"

Thoughts?



Combo Fix Log
ComboFix 10-09-01.02 - Steve Handy 09/02/2010 1:03.1.2 - x86
Running from: c:\users\Steve Handy\Desktop\ComboFix.exe
SP: Windows Defender *disabled* (Updated) {D68DDC3A-831F-4FAE-9E44-DA132C1ACF46}
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\users\Steve Handy\AppData\Local\Windows Server
c:\users\Steve Handy\AppData\Local\Windows Server\flags.ini
c:\users\Steve Handy\AppData\Local\Windows Server\uses32.dat
c:\windows\system32\images
c:\windows\system32\images\printer_image_faded.gif
.
---- Previous Run -------
.
C:\feed.txt
c:\users\Steve Handy\AppData\Local\{8FE2F96D-2F74-41D7-9FF6-CB9838C7E23A}
c:\users\Steve Handy\AppData\Local\{8FE2F96D-2F74-41D7-9FF6-CB9838C7E23A}\chrome.manifest
c:\users\Steve Handy\AppData\Local\{8FE2F96D-2F74-41D7-9FF6-CB9838C7E23A}\chrome\content\_cfg.js
c:\users\Steve Handy\AppData\Local\{8FE2F96D-2F74-41D7-9FF6-CB9838C7E23A}\chrome\content\overlay.xul
c:\users\Steve Handy\AppData\Local\{8FE2F96D-2F74-41D7-9FF6-CB9838C7E23A}\install.rdf
c:\users\Steve Handy\AppData\Local\Windows Server
c:\users\Steve Handy\AppData\Local\Windows Server\flags.ini
c:\users\Steve Handy\AppData\Local\Windows Server\server.dat
c:\users\Steve Handy\AppData\Local\Windows Server\uses32.dat
c:\users\Steve Handy\AppData\Roaming\56DD2F176D84C7768E88761B7336CCF4
c:\users\Steve Handy\AppData\Roaming\56DD2F176D84C7768E88761B7336CCF4\enemies-names.txt
c:\users\Steve Handy\AppData\Roaming\56DD2F176D84C7768E88761B7336CCF4\local.ini
c:\windows\system32\images
c:\windows\system32\images\printer_image_faded.gif

Infected copy of c:\windows\system32\wininit.exe was found and disinfected
Restored copy from - c:\windows\winsxs\x86_microsoft-windows-wininit_31bf3856ad364e35_6.0.6000.16386_none_2ebbf6d3076595ce\wininit.exe

Infected copy of c:\windows\explorer.exe was found and disinfected
Restored copy from - c:\windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.0.6001.22298_none_51e4f8c7931bd1e1\explorer.exe

Infected copy of c:\windows\system32\wininit.exe was found and disinfected
Restored copy from - c:\windows\winsxs\x86_microsoft-windows-wininit_31bf3856ad364e35_6.0.6000.16386_none_2ebbf6d3076595ce\wininit.exe
.
((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))
.

-------\Service_ndisrd
-------\Service_ndisrd


((((((((((((((((((((((((( Files Created from 2010-08-02 to 2010-09-02 )))))))))))))))))))))))))))))))
.

2010-09-02 05:14 . 2010-09-02 06:02 -------- d-----w- c:\users\Steve Handy\AppData\Local\temp
2010-09-02 05:14 . 2010-09-02 05:14 -------- d-----w- c:\users\Default\AppData\Local\temp
2010-09-02 05:01 . 2010-09-02 05:02 -------- d-----w- C:\32788R22FWJFW
2010-09-02 01:19 . 2010-09-02 04:00 -------- d-----w- c:\users\Steve Handy\AppData\Local\Temp(29)
2010-09-01 00:32 . 2010-09-01 00:32 -------- d-----w- c:\program files\CCleaner
2010-08-28 06:37 . 2010-09-01 00:17 34560 ----a-w- c:\windows\system32\drivers\Normandy.sys
2010-08-27 21:50 . 2010-08-27 21:50 -------- d-----w- c:\users\Steve Handy\{b248232c-2288-4262-a4e1-5b3bc023f557}
2010-08-27 21:50 . 2010-08-27 21:50 77824 ----a-w- c:\windows\system32\drvsign.exe
2010-08-27 21:50 . 2010-08-27 21:50 20480 ----a-w- c:\windows\system32\ndisrd.sys
2010-08-27 21:50 . 2010-08-27 21:50 13824 ----a-w- c:\windows\system32\snetcfg.exe
2010-08-27 21:50 . 2010-08-27 21:50 -------- d-----w- c:\users\All Users
2010-08-27 21:49 . 2010-09-02 08:33 -------- d-----w- c:\users\Steve Handy\AppData\Roaming\56DD2F176D84C7768E88761B7336CCF4
2010-08-19 21:52 . 2010-08-19 21:52 -------- d-----w- c:\users\Steve Handy\AppData\Roaming\Wireshark
2010-08-19 02:40 . 2010-08-19 02:40 -------- d-----w- c:\program files\WinPcap
2010-08-19 02:39 . 2010-08-19 02:40 -------- d-----w- c:\program files\Wireshark
2010-08-08 02:21 . 2010-08-08 02:21 -------- d-----w- c:\program files\Veetle

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2010-09-02 08:33 . 2009-07-11 00:08 -------- d-----w- c:\programdata\pdf995
2010-09-02 04:35 . 2007-04-26 04:44 -------- d-----w- c:\users\Steve Handy\AppData\Roaming\OpenOffice.org2
2010-09-02 00:57 . 2009-07-08 00:20 -------- d-----w- c:\programdata\avg8
2010-09-01 03:49 . 2006-12-18 05:09 -------- d-----w- c:\program files\Yahoo!
2010-09-01 03:47 . 2009-05-11 23:13 -------- d-----w- c:\users\Steve Handy\AppData\Roaming\Move Networks
2010-09-01 03:41 . 2006-12-18 04:05 12 ----a-w- c:\windows\bthservsdp.dat
2010-09-01 00:46 . 2010-05-25 03:29 16968 ----a-w- c:\windows\system32\drivers\hitmanpro35.sys
2010-09-01 00:37 . 2008-05-17 16:32 -------- d-----w- c:\program files\Creative
2010-09-01 00:34 . 2007-04-26 04:34 -------- d-----w- c:\users\Steve Handy\AppData\Roaming\Azureus
2010-08-23 03:56 . 2009-10-31 18:45 -------- d-----w- c:\program files\YouTube Downloader
2010-08-13 07:03 . 2006-12-18 04:50 -------- d-----w- c:\programdata\Microsoft Help
2010-07-23 12:02 . 2010-05-25 03:29 -------- d-----w- c:\programdata\Hitman Pro
2010-06-25 17:07 . 2010-06-25 17:07 96784 ----a-w- c:\windows\system32\Packet.dll
2010-06-25 17:07 . 2010-06-25 17:07 281104 ----a-w- c:\windows\system32\wpcap.dll
2010-06-25 17:07 . 2010-06-25 17:07 35088 ----a-w- c:\windows\system32\drivers\npf.sys
2010-06-25 17:03 . 2010-06-25 17:03 53299 ----a-w- c:\windows\system32\pthreadVC.dll
2009-05-01 21:02 . 2009-05-01 21:02 1044480 ----a-w- c:\program files\mozilla firefox\plugins\libdivx.dll
2009-05-01 21:02 . 2009-05-01 21:02 200704 ----a-w- c:\program files\mozilla firefox\plugins\ssldivx.dll
.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Sidebar"="c:\program files\Windows Sidebar\sidebar.exe" [2008-01-10 1232896]
"AdobeUpdater"="c:\program files\Common Files\Adobe\Updater5\AdobeUpdater.exe" [2008-11-11 2356088]
"Google Update"="c:\users\Steve Handy\AppData\Local\Google\Update\GoogleUpdate.exe" [2010-07-08 136176]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Windows Defender"="c:\program files\Windows Defender\MSASCui.exe" [2006-11-02 1004136]
"WAWifiMessage"="c:\program files\Hewlett-Packard\HP Wireless Assistant\WiFiMsg.exe" [2006-10-18 317152]
"hpWirelessAssistant"="c:\program files\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe" [2006-10-18 472800]
"SunJavaUpdateSched"="c:\program files\Java\jre1.6.0\bin\jusched.exe" [2006-12-18 77824]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [2007-02-26 131072]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2007-02-26 151552]
"Persistence"="c:\windows\system32\igfxpers.exe" [2007-02-26 126976]
"SynTPEnh"="c:\program files\Synaptics\SynTP\SynTPEnh.exe" [2006-11-15 815104]
"nmctxth"="c:\program files\Common Files\Pure Networks Shared\Platform\nmctxth.exe" [2009-07-07 647216]
"nmapp"="c:\program files\Pure Networks\Network Magic\nmapp.exe" [2009-07-08 472112]
"QuickTime Task"="c:\program files\QuickTime\QTTask.exe" [2009-11-11 417792]
"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2009-11-12 141600]

c:\users\Steve Handy\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
OneNote 2007 Screen Clipper and Launcher.lnk - c:\program files\Microsoft Office\Office12\ONENOTEM.EXE [2009-2-26 97680]
OpenOffice.org 2.2.lnk - c:\program files\OpenOffice.org 2.2\program\quickstart.exe [2007-2-2 393216]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"EnableLUA"= 0 (0x0)

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"aux"=wdmaud.drv

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\aawservice]
@="Service"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WinDefend]
@="Service"

[HKLM\~\startupfolder\C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^McAfee Security Scan.lnk]
path=c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\McAfee Security Scan.lnk
backup=c:\windows\pss\McAfee Security Scan.lnk.CommonStartup
backupExtension=.CommonStartup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Reader Speed Launcher]
2008-01-12 03:16 39792 ----a-w- c:\program files\Adobe\Reader 8.0\Reader\reader_sl.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\BySoft FreeRAM]
2004-12-17 20:44 318976 ----a-w- c:\program files\BySoft FreeRAM\FreeRAM.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\CTSyncU.exe]
2007-07-17 16:03 868352 ------w- c:\program files\Creative\Sync Manager Unicode\CTSyncU.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HP Health Check Scheduler]
2006-11-28 23:42 46704 ----a-w- c:\program files\Hewlett-Packard\HP Health Check\HPHC_Scheduler.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HP Software Update]
2007-05-08 21:24 54840 ----a-w- c:\program files\HP\HP Software Update\hpwuSchd2.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HPAdvisor]
2006-11-22 00:36 1474560 ----a-w- c:\program files\Hewlett-Packard\HP Advisor\HPAdvisor.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QlbCtrl]
2006-11-06 18:58 159744 ----a-w- c:\program files\Hewlett-Packard\HP Quick Launch Buttons\QLBCTRL.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QPService]
2006-11-24 23:33 167936 ----a-w- c:\program files\HP\QuickPlay\QPService.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\TkBellExe]
2007-12-19 22:49 185896 ----a-w- c:\program files\Common Files\Real\Update_OB\realsched.exe

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring]
"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]
"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall]
"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Svc\S-1-5-21-4015301129-3373372614-1724876926-1000]
"EnableNotifications"=dword:00000001
"EnableNotificationsRef"=dword:00000001

R0 eypn;eypn;c:\windows\System32\drivers\frqctu.sys [x]
R0 oorbu;oorbu;c:\windows\System32\drivers\vicnpveg.sys [x]
R3 hitmanpro35;Hitman Pro 3.5 Support Driver;c:\windows\system32\drivers\hitmanpro35.sys [2010-09-01 16968]
R3 ManyCam;ManyCam Virtual Webcam, WDM Video Capture Driver;c:\windows\system32\DRIVERS\ManyCam.sys [2006-12-13 19072]
R3 Normandy;Normandy SR2; [x]
R3 R5U870FLx86;R5U870 UVC Lower Filter ;c:\windows\system32\Drivers\R5U870FLx86.sys [2006-10-18 73344]
R3 R5U870FUx86;R5U870 UVC Upper Filter ;c:\windows\system32\Drivers\R5U870FUx86.sys [2006-10-18 43904]
R3 ST50220;Sonix ST50220 USB Video Camera Driver;c:\windows\system32\Drivers\ST50220.sys [2006-11-24 26752]
S2 atashost;WebEx Service Host for Support Center;c:\windows\system32\atashost.exe [2009-03-06 20376]
S2 NPF;NetGroup Packet Filter Driver;c:\windows\system32\drivers\npf.sys [2010-06-25 35088]


[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
bthsvcs REG_MULTI_SZ BthServ
.
Contents of the 'Scheduled Tasks' folder

2010-09-02 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-4015301129-3373372614-1724876926-1000Core.job
- c:\users\Steve Handy\AppData\Local\Google\Update\GoogleUpdate.exe [2010-07-08 20:53]

2010-09-02 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-4015301129-3373372614-1724876926-1000UA.job
- c:\users\Steve Handy\AppData\Local\Google\Update\GoogleUpdate.exe [2010-07-08 20:53]

2010-09-02 c:\windows\Tasks\User_Feed_Synchronization-{DE969F19-0A8B-4ED2-B50F-845C7CF63B92}.job
- c:\windows\system32\msfeedssync.exe [2006-11-02 09:45]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=EN_US&c=71&bd=Pavilion&pf=laptop
mStart Page = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=EN_US&c=71&bd=Pavilion&pf=laptop
uInternet Settings,ProxyOverride = <local>
uInternet Settings,ProxyServer = http=127.0.0.1:5555
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~3\Office12\EXCEL.EXE/3000
DPF: {F27237D7-93C8-44C2-AC6E-D6057B9A918F} - hxxps://juniper.net/dana-cached/sc/JuniperSetupClient.cab
FF - ProfilePath - c:\users\Steve Handy\AppData\Roaming\Mozilla\Firefox\Profiles\v494mox8.default\
FF - plugin: c:\program files\Java\jre1.6.0\bin\npjpi160.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\np-mswmp.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\NPTURNMED.dll
FF - plugin: c:\program files\Veetle\Player\npvlc.dll
FF - plugin: c:\program files\Veetle\plugins\npVeetle.dll
FF - plugin: c:\program files\Veetle\VLCBroadcast\npvbp.dll
FF - plugin: c:\users\Steve Handy\AppData\Local\Google\Update\1.2.183.29\npGoogleOneClick8.dll
FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\

---- FIREFOX POLICIES ----
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgbaam7a8h", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgberp4a5d4ar", true);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("dom.ipc.plugins.enabled", false);
.
- - - - ORPHANS REMOVED - - - -

Toolbar-{CCC7A320-B3CA-4199-B1A6-9F516DD69829} - (no file)
WebBrowser-{CCC7A320-B3CA-4199-B1A6-9F516DD69829} - (no file)
MSConfigStartUp-CTCheck - c:\program files\Creative\Creative ZEN\ZEN Media Explorer\CTCheck.exe
MSConfigStartUp-Uqeti - c:\users\Steve Handy\AppData\Local\ahinerav.dll



**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2010-09-02 02:05
Windows 6.0.6000 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
--------------------- LOCKED REGISTRY KEYS ---------------------

[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
--------------------- DLLs Loaded Under Running Processes ---------------------

- - - - - - - > 'Explorer.exe'(2632)
c:\program files\Pure Networks\Network Magic\nmrsrc.dll
c:\program files\FileZilla FTP Client\fzshellext.dll
.
------------------------ Other Running Processes ------------------------
.
c:\program files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
c:\program files\Bonjour\mDNSResponder.exe
c:\program files\HP\QuickPlay\Kernel\TV\CLCapSvc.exe
c:\windows\system32\DRIVERS\xaudio.exe
c:\program files\Common Files\Pure Networks Shared\Platform\nmsrvc.exe
c:\program files\HP\QuickPlay\Kernel\TV\CLSched.exe
c:\program files\Hitman Pro 3.5\HitmanPro35.exe
c:\program files\iPod\bin\iPodService.exe
c:\windows\servicing\TrustedInstaller.exe
.
**************************************************************************
.
Completion time: 2010-09-02 02:20:36 - machine was rebooted
ComboFix-quarantined-files.txt 2010-09-02 06:20

Pre-Run: 13,712,474,112 bytes free
Post-Run: 13,278,363,648 bytes free

- - End Of File - - 424727CF9B50C9F868AF6C3D3D5A7699


#12 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:10:31 PM

Posted 02 September 2010 - 10:16 AM

QUOTE
"Illegal operation attempted by a registry key marked for deletion"

Thoughts?


Restart the computer it will fix itself


Gringo
I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#13 broman55

broman55
  • Topic Starter

  • Members
  • 14 posts
  • OFFLINE
  •  
  • Local time:10:31 PM

Posted 02 September 2010 - 10:32 AM

I'm at work now; I'll restart and give you an update later this evening (probably not until 11pm EST). I really appreciate the help Gringo

#14 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:10:31 PM

Posted 02 September 2010 - 09:31 PM

I will be around

I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#15 broman55

broman55
  • Topic Starter

  • Members
  • 14 posts
  • OFFLINE
  •  
  • Local time:10:31 PM

Posted 02 September 2010 - 09:35 PM

Gringo,
I've restarted and everything looks good. No errors with startup. I've tried clicking on Google links and there doesn't appear to be any problems. Any further post-ComboFix recommendations? I'll be re-downloading AVG Anti - Virus once I get the green light from you. Thanks again for all your help!




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users