Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

possible browser hijacker?


  • This topic is locked This topic is locked
4 replies to this topic

#1 distortedface

distortedface

  • Members
  • 7 posts
  • OFFLINE
  •  
  • Local time:09:23 PM

Posted 05 May 2013 - 09:04 PM

trusted sites show up untrusted. when i add exceptions they show up as text only. no flash, html or anything. ive ran mbam, avast, norton, security check, adwcleaner, and roguekiller. here are the logs.

 

# AdwCleaner v2.300 - Logfile created 01/05/2001 at 23:14:13
# Updated 28/04/2013 by Xplode
# Operating system : Microsoft Windows XP Service Pack 3 (32 bits)
# User : Marcia - TIFF
# Boot Mode : Normal
# Running from : C:\Documents and Settings\Marcia\My Documents\Downloads\adwcleaner.exe
# Option [Delete]


***** [Services] *****


***** [Files / Folders] *****

Deleted on reboot : C:\Documents and Settings\Marcia\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\ejpbbhjlbipncjklfjjaedaieimbmdda
File Deleted : C:\Documents and Settings\Marcia\Application Data\Mozilla\Firefox\Profiles\6k45ez9v.default\searchplugins\Askcom.xml
File Deleted : C:\Program Files\Mozilla Firefox\searchplugins\avg-secure-search.xml
Folder Deleted : C:\Documents and Settings\All Users\Application Data\Ask
Folder Deleted : C:\Documents and Settings\All Users\Application Data\Trymedia
Folder Deleted : C:\Documents and Settings\Marcia\Application Data\Mozilla\Firefox\Profiles\6k45ez9v.default\Smartbar
Folder Deleted : C:\Documents and Settings\Marcia\Local Settings\Application Data\AskToolbar
Folder Deleted : C:\Documents and Settings\Marcia\Local Settings\Application Data\Conduit
Folder Deleted : C:\Documents and Settings\Marcia\Local Settings\Application Data\Coupon Companion
Folder Deleted : C:\Program Files\Conduit
Folder Deleted : C:\Program Files\Coupon Companion

***** [Registry] *****

Key Deleted : HKCU\Software\APN PIP
Key Deleted : HKCU\Software\Conduit
Key Deleted : HKCU\Software\Crossrider
Key Deleted : HKCU\Software\Google\Chrome\Extensions\ejpbbhjlbipncjklfjjaedaieimbmdda
Key Deleted : HKCU\Software\InstalledBrowserExtensions
Key Deleted : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{171DEBEB-C3D4-40B7-AC73-056A5EBA4A7E}
Key Deleted : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{95B7759C-8C7F-4BF1-B163-73684A933233}
Key Deleted : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{AFDBDDAA-5D3F-42EE-B79C-185A7020515B}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\App Management\ARPCache\{79A765E1-C399-405B-85AF-466F52E918B0}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{83FF80F4-8C74-4B80-B5BA-C8DDD434E5C4}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{83FF80F4-8C74-4B80-B5BA-C8DDD434E5C4}
Key Deleted : HKLM\Software\AskToolbar
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{3C471948-F874-49F5-B338-4F214A2EE0B1}
Key Deleted : HKLM\SOFTWARE\Classes\CrossriderApp0004493.BHO
Key Deleted : HKLM\SOFTWARE\Classes\CrossriderApp0004493.Sandbox
Key Deleted : HKLM\SOFTWARE\Classes\CrossriderApp0004493.Sandbox.1
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{03E2A1F3-4402-4121-8B35-733216D61217}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{9E3B11F6-4179-4603-A71B-A55F4BCB0BEC}
Key Deleted : HKLM\SOFTWARE\Classes\Toolbar.CT3220468
Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{9C049BA6-EA47-4AC3-AED6-A66D8DC9E1D8}
Key Deleted : HKLM\Software\Conduit
Key Deleted : HKLM\SOFTWARE\Google\Chrome\Extensions\ejpbbhjlbipncjklfjjaedaieimbmdda
Key Deleted : HKLM\Software\PIP

***** [Internet Browsers] *****

-\\ Internet Explorer v8.0.6001.18702

[OK] Registry is clean.

-\\ Mozilla Firefox v20.0.1 (en-US)

File : C:\Documents and Settings\Marcia\Application Data\Mozilla\Firefox\Profiles\6k45ez9v.default\prefs.js

Deleted : user_pref("CT3220468.BT_Stats", "{\"last_log\":1349136148,\"uuid\":387672394288022,\"seq_id\":1,\"ss[...]
Deleted : user_pref("CT3220468.ENABALE_HISTORY", "{\"dataType\":\"string\",\"data\":\"true\"}");
Deleted : user_pref("CT3220468.ENABLE_RETURN_WEB_SEARCH_ON_THE_PAGE", "{\"dataType\":\"string\",\"data\":\"tru[...]
Deleted : user_pref("CT3220468.FirstTime", "true");
Deleted : user_pref("CT3220468.FirstTimeFF3", "true");
Deleted : user_pref("CT3220468.UserID", "UN51284089027341574");
Deleted : user_pref("CT3220468.addressBarTakeOverEnabledInHidden", "true");
Deleted : user_pref("CT3220468.autoDisableScopes", -1);
Deleted : user_pref("CT3220468.cbcountry_001", "US");
Deleted : user_pref("CT3220468.cbfirsttime", "Mon Oct 01 2012 20:02:24 GMT-0400 (Eastern Daylight Time)");
Deleted : user_pref("CT3220468.defaultSearch", "FALSE");
Deleted : user_pref("CT3220468.embeddedsData", "[{\"appId\":\"129813684258939747\",\"apiPermissions\":{\"cross[...]
Deleted : user_pref("CT3220468.enableAlerts", "always");
Deleted : user_pref("CT3220468.enableSearchFromAddressBar", "FALSE");
Deleted : user_pref("CT3220468.firstTimeDialogOpened", "true");
Deleted : user_pref("CT3220468.fixPageNotFoundError", "true");
Deleted : user_pref("CT3220468.fixPageNotFoundErrorInHidden", "true");
Deleted : user_pref("CT3220468.fixUrls", true);
Deleted : user_pref("CT3220468.installId", "fft64.tmp.exe");
Deleted : user_pref("CT3220468.installType", "XPE");
Deleted : user_pref("CT3220468.isEnableAllDialogs", "{\"dataType\":\"string\",\"data\":\"true\"}");
Deleted : user_pref("CT3220468.isNewTabEnabled", true);
Deleted : user_pref("CT3220468.isPerformedSmartBarTransition", "true");
Deleted : user_pref("CT3220468.isToolbarShrinked", "{\"dataType\":\"string\",\"data\":\"false\"}");
Deleted : user_pref("CT3220468.isWelcomPage", "{\"dataType\":\"boolean\",\"data\":\"true\"}");
Deleted : user_pref("CT3220468.navigationAliasesJson", "{\"EB_SEARCH_TERM\":\"\",\"EB_MAIN_FRAME_URL\":\"\",\"[...]
Deleted : user_pref("CT3220468.openThankYouPage", "true");
Deleted : user_pref("CT3220468.openUninstallPage", "FALSE");
Deleted : user_pref("CT3220468.search.searchAppId", "129813684258939747");
Deleted : user_pref("CT3220468.search.searchCount", "0");
Deleted : user_pref("CT3220468.searchInNewTabEnabledInHidden", "true");
Deleted : user_pref("CT3220468.selectToSearchBoxEnabled", "{\"dataType\":\"string\",\"data\":\"true\"}");
Deleted : user_pref("CT3220468.serviceLayer_service_login_isFirstLoginInvoked", "{\"dataType\":\"boolean\",\"d[...]
Deleted : user_pref("CT3220468.serviceLayer_service_login_loginCount", "{\"dataType\":\"number\",\"data\":\"4\[...]
Deleted : user_pref("CT3220468.serviceLayer_service_toolbarGrouping_activeCTID", "{\"dataType\":\"string\",\"d[...]
Deleted : user_pref("CT3220468.serviceLayer_service_toolbarGrouping_activeDownloadUrl", "{\"dataType\":\"strin[...]
Deleted : user_pref("CT3220468.serviceLayer_service_toolbarGrouping_activeToolbarName", "{\"dataType\":\"strin[...]
Deleted : user_pref("CT3220468.serviceLayer_service_toolbarGrouping_invoked", "{\"dataType\":\"string\",\"data[...]
Deleted : user_pref("CT3220468.serviceLayer_services_appTrackingFirstTime_lastUpdate", "1349136128803");
Deleted : user_pref("CT3220468.serviceLayer_services_appsMetadata_lastUpdate", "1349136128496");
Deleted : user_pref("CT3220468.serviceLayer_services_gottenAppsContextMenu_lastUpdate", "1349136131344");
Deleted : user_pref("CT3220468.serviceLayer_services_login_10.10.27.6_lastUpdate", "1349136132377");
Deleted : user_pref("CT3220468.serviceLayer_services_otherAppsContextMenu_lastUpdate", "1349136131112");
Deleted : user_pref("CT3220468.serviceLayer_services_searchAPI_lastUpdate", "1349136126538");
Deleted : user_pref("CT3220468.serviceLayer_services_serviceMap_lastUpdate", "1349136125728");
Deleted : user_pref("CT3220468.serviceLayer_services_toolbarContextMenu_lastUpdate", "1349136131589");
Deleted : user_pref("CT3220468.serviceLayer_services_toolbarSettings_lastUpdate", "1349136126576");
Deleted : user_pref("CT3220468.serviceLayer_services_translation_lastUpdate", "1349136128835");
Deleted : user_pref("CT3220468.settingsINI", true);
Deleted : user_pref("CT3220468.shouldFirstTimeDialog", "false");
Deleted : user_pref("CT3220468.smartbar.CTID", "CT3220468");
Deleted : user_pref("CT3220468.smartbar.Uninstall", "0");
Deleted : user_pref("CT3220468.smartbar.toolbarName", "uTorrentControl_v2 ");
Deleted : user_pref("CT3220468.toolbarBornServerTime", "2-10-2012");
Deleted : user_pref("CT3220468.toolbarCurrentServerTime", "2-10-2012");
Deleted : user_pref("CT3220468.url_history0001", "hxxps://www.google.com:::clickhandler:::1349136391840,,,hxxp[...]
Deleted : user_pref("browser.search.order.1", "Ask.com");

-\\ Google Chrome v26.0.1410.64

File : C:\Documents and Settings\Marcia\Local Settings\Application Data\Google\Chrome\User Data\Default\Preferences

[OK] File is clean.

*************************

AdwCleaner[R1].txt - [8836 octets] - [05/01/2001 23:11:02]
AdwCleaner[S1].txt - [8493 octets] - [05/01/2001 23:14:13]

########## EOF - C:\AdwCleaner[S1].txt - [8553 octets] ##########
 

 Results of screen317's Security Check version 0.99.63  
 Windows XP Service Pack 3 x86   
 Internet Explorer 8  
``````````````Antivirus/Firewall Check:``````````````
 Windows Firewall Disabled!  
 avast! Free Antivirus    
 Norton Internet Security    
`````````Anti-malware/Other Utilities Check:`````````
 Malwarebytes Anti-Malware version 1.75.0.1300  
 Java 7 Update 7  
 Java version out of Date!
 Adobe Flash Player     11.5.502.110  
 Adobe Reader 9 Adobe Reader out of Date!
 Mozilla Firefox (20.0.1)
 Google Chrome 26.0.1410.64  
````````Process Check: objlist.exe by Laurent````````  
 Norton ccSvcHst.exe
 AVAST Software Avast AvastSvc.exe  
 AVAST Software Avast avastUI.exe  
`````````````````System Health check`````````````````
 Total Fragmentation on Drive C:: 7%
````````````````````End of Log``````````````````````
 

RogueKiller V8.5.4 [Mar 18 2013] by Tigzy
mail : tigzyRK<at>gmail<dot>com
Feedback : http://www.geekstogo.com/forum/files/file/413-roguekiller/
Website : http://tigzy.geekstogo.com/roguekiller.php
Blog : http://tigzyrk.blogspot.com/

Operating System : Windows XP (5.1.2600 Service Pack 3) 32 bits version
Started in : Normal mode
User : Marcia [Admin rights]
Mode : Scan -- Date : 01/05/2001 23:33:33
| ARK || FAK || MBR |

¤¤¤ Bad processes : 0 ¤¤¤

¤¤¤ Registry Entries : 3 ¤¤¤
[HJPOL] HKLM\[...]\System : DisableRegistryTools (0) -> FOUND
[HJ SMENU] HKLM\[...]\Advanced : Start_ShowRecentDocs (0) -> FOUND
[HJ DESK] HKLM\[...]\NewStartPanel : {20D04FE0-3AEA-1069-A2D8-08002B30309D} (1) -> FOUND

¤¤¤ Particular Files / Folders: ¤¤¤

¤¤¤ Driver : [LOADED] ¤¤¤
SSDT[12] : NtAlertResumeThread @ 0x80637D2E -> HOOKED (Unknown @ 0x865B79B0)
SSDT[13] : NtAlertThread @ 0x80592C50 -> HOOKED (Unknown @ 0x865C1A38)
SSDT[17] : NtAllocateVirtualMemory @ 0x80570DA7 -> HOOKED (Unknown @ 0x864A71F0)
SSDT[31] : NtConnectPort @ 0x80590E73 -> HOOKED (Unknown @ 0x85A72E10)
SSDT[52] : NtCreateSymbolicLinkObject @ 0x805DFAEA -> HOOKED (Unknown @ 0x864C8100)
SSDT[83] : NtFreeVirtualMemory @ 0x805712A1 -> HOOKED (Unknown @ 0x865B79E8)
SSDT[89] : NtImpersonateAnonymousToken @ 0x8059AD1D -> HOOKED (Unknown @ 0x8643F708)
SSDT[91] : NtImpersonateThread @ 0x805876DA -> HOOKED (Unknown @ 0x85889F88)
SSDT[108] : NtMapViewOfSection @ 0x8057AC39 -> HOOKED (Unknown @ 0x8585E2F8)
SSDT[123] : NtOpenProcessToken @ 0x80578506 -> HOOKED (Unknown @ 0x8654FEF8)
SSDT[137] : NtProtectVirtualMemory @ 0x8057F587 -> HOOKED (Unknown @ 0x85826298)
SSDT[206] : NtResumeThread @ 0x805853D0 -> HOOKED (Unknown @ 0x8654C508)
SSDT[228] : NtSetInformationProcess @ 0x80574B2F -> HOOKED (Unknown @ 0x865BC288)
SSDT[267] : NtUnmapViewOfSection @ 0x8057A7C1 -> HOOKED (Unknown @ 0x863FC230)
S_SSDT[307] : NtUserAttachThreadInput -> HOOKED (Unknown @ 0x86522880)
S_SSDT[383] : NtUserGetAsyncKeyState -> HOOKED (Unknown @ 0x85860218)
S_SSDT[414] : NtUserGetKeyboardState -> HOOKED (Unknown @ 0x858880A8)
S_SSDT[416] : NtUserGetKeyState -> HOOKED (Unknown @ 0x854F9FD0)
S_SSDT[428] : NtUserGetRawInputData -> HOOKED (Unknown @ 0xFFB99250)
S_SSDT[460] : NtUserMessageCall -> HOOKED (Unknown @ 0x820882D8)
S_SSDT[475] : NtUserPostMessage -> HOOKED (Unknown @ 0xFFBA52B8)
S_SSDT[476] : NtUserPostThreadMessage -> HOOKED (Unknown @ 0x82088368)
S_SSDT[549] : NtUserSetWindowsHookEx -> HOOKED (Unknown @ 0xFFB9B760)
S_SSDT[552] : NtUserSetWinEventHook -> HOOKED (Unknown @ 0x8580ECE0)

¤¤¤ HOSTS File: ¤¤¤
--> C:\WINDOWS\system32\drivers\etc\hosts

127.0.0.1       localhost


¤¤¤ MBR Check: ¤¤¤

+++++ PhysicalDrive0: ST9160310AS +++++
--- User ---
[MBR] 0b7f9dc5a344657eff8851463df232e9
[BSP] ec35d0208a954efbaae268a31f81ec4e : Acer MBR Code
Partition table:
0 - [XXXXXX] COMPAQ (0x12) [VISIBLE] Offset (sectors): 63 | Size: 6149 Mo
1 - [ACTIVE] NTFS (0x07) [VISIBLE] Offset (sectors): 12595200 | Size: 146476 Mo
User = LL1 ... OK!
User = LL2 ... OK!

Finished : << RKreport[1]_S_01052001_02d2333.txt >>
RKreport[1]_S_01052001_02d2333.txt


RogueKiller V8.5.4 [Mar 18 2013] by Tigzy
mail : tigzyRK<at>gmail<dot>com
Feedback : http://www.geekstogo.com/forum/files/file/413-roguekiller/
Website : http://tigzy.geekstogo.com/roguekiller.php
Blog : http://tigzyrk.blogspot.com/

Operating System : Windows XP (5.1.2600 Service Pack 3) 32 bits version
Started in : Normal mode
User : Marcia [Admin rights]
Mode : Remove -- Date : 01/05/2001 23:37:05
| ARK || FAK || MBR |

¤¤¤ Bad processes : 0 ¤¤¤

¤¤¤ Registry Entries : 3 ¤¤¤
[HJPOL] HKLM\[...]\System : DisableRegistryTools (0) -> DELETED
[HJ SMENU] HKLM\[...]\Advanced : Start_ShowRecentDocs (0) -> REPLACED (1)
[HJ DESK] HKLM\[...]\NewStartPanel : {20D04FE0-3AEA-1069-A2D8-08002B30309D} (1) -> REPLACED (0)

¤¤¤ Particular Files / Folders: ¤¤¤

¤¤¤ Driver : [LOADED] ¤¤¤
SSDT[12] : NtAlertResumeThread @ 0x80637D2E -> HOOKED (Unknown @ 0x865B79B0)
SSDT[13] : NtAlertThread @ 0x80592C50 -> HOOKED (Unknown @ 0x865C1A38)
SSDT[17] : NtAllocateVirtualMemory @ 0x80570DA7 -> HOOKED (Unknown @ 0x864A71F0)
SSDT[31] : NtConnectPort @ 0x80590E73 -> HOOKED (Unknown @ 0x85A72E10)
SSDT[52] : NtCreateSymbolicLinkObject @ 0x805DFAEA -> HOOKED (Unknown @ 0x864C8100)
SSDT[83] : NtFreeVirtualMemory @ 0x805712A1 -> HOOKED (Unknown @ 0x865B79E8)
SSDT[89] : NtImpersonateAnonymousToken @ 0x8059AD1D -> HOOKED (Unknown @ 0x8643F708)
SSDT[91] : NtImpersonateThread @ 0x805876DA -> HOOKED (Unknown @ 0x85889F88)
SSDT[108] : NtMapViewOfSection @ 0x8057AC39 -> HOOKED (Unknown @ 0x8585E2F8)
SSDT[123] : NtOpenProcessToken @ 0x80578506 -> HOOKED (Unknown @ 0x8654FEF8)
SSDT[137] : NtProtectVirtualMemory @ 0x8057F587 -> HOOKED (Unknown @ 0x85826298)
SSDT[206] : NtResumeThread @ 0x805853D0 -> HOOKED (Unknown @ 0x8654C508)
SSDT[228] : NtSetInformationProcess @ 0x80574B2F -> HOOKED (Unknown @ 0x865BC288)
SSDT[267] : NtUnmapViewOfSection @ 0x8057A7C1 -> HOOKED (Unknown @ 0x863FC230)
S_SSDT[307] : NtUserAttachThreadInput -> HOOKED (Unknown @ 0x86522880)
S_SSDT[383] : NtUserGetAsyncKeyState -> HOOKED (Unknown @ 0x85860218)
S_SSDT[414] : NtUserGetKeyboardState -> HOOKED (Unknown @ 0x858880A8)
S_SSDT[416] : NtUserGetKeyState -> HOOKED (Unknown @ 0x854F9FD0)
S_SSDT[428] : NtUserGetRawInputData -> HOOKED (Unknown @ 0xFFB99250)
S_SSDT[460] : NtUserMessageCall -> HOOKED (Unknown @ 0x820882D8)
S_SSDT[475] : NtUserPostMessage -> HOOKED (Unknown @ 0xFFBA52B8)
S_SSDT[476] : NtUserPostThreadMessage -> HOOKED (Unknown @ 0x82088368)
S_SSDT[549] : NtUserSetWindowsHookEx -> HOOKED (Unknown @ 0xFFB9B760)
S_SSDT[552] : NtUserSetWinEventHook -> HOOKED (Unknown @ 0x8580ECE0)

¤¤¤ HOSTS File: ¤¤¤
--> C:\WINDOWS\system32\drivers\etc\hosts

127.0.0.1       localhost


¤¤¤ MBR Check: ¤¤¤

+++++ PhysicalDrive0: ST9160310AS +++++
--- User ---
[MBR] 0b7f9dc5a344657eff8851463df232e9
[BSP] ec35d0208a954efbaae268a31f81ec4e : Acer MBR Code
Partition table:
0 - [XXXXXX] COMPAQ (0x12) [VISIBLE] Offset (sectors): 63 | Size: 6149 Mo
1 - [ACTIVE] NTFS (0x07) [VISIBLE] Offset (sectors): 12595200 | Size: 146476 Mo
User = LL1 ... OK!
User = LL2 ... OK!

Finished : << RKreport[2]_D_01052001_02d2337.txt >>
RKreport[1]_S_01052001_02d2333.txt ; RKreport[2]_D_01052001_02d2337.txt


 

 

 

 



BC AdBot (Login to Remove)

 


#2 distortedface

distortedface
  • Topic Starter

  • Members
  • 7 posts
  • OFFLINE
  •  
  • Local time:09:23 PM

Posted 05 May 2013 - 09:10 PM

forgot to mention i am not able to update the java and adobe plugins that are out of date because of the untrusted warning.



#3 nasdaq

nasdaq

  • Malware Response Team
  • 40,238 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Montreal, QC. Canada
  • Local time:09:23 PM

Posted 08 May 2013 - 08:41 AM

Hello, Welcome to BleepingComputer.
I'm nasdaq and will be helping you.

If you can please print this topic it will make it easier for you to follow the instructions and complete all of the necessary steps.
===

Please download ComboFix from one of these locations:
Link 1
Link 2
IMPORTANT !!! Save ComboFix.exe to your Desktop
  • Disable your Anti-Virus and Anti-Spyware applications, usually via a right click on the System Tray icon. They may otherwise interfere with our tools.
  • Double click on ComboFix.exe & follow the prompts.
  • As part of it's process, ComboFix will check to see if the Microsoft Windows Recovery Console is installed. With malware infections being as they are today, it's strongly recommended to have this pre-installed on your machine before doing any malware removal. It will allow you to boot up into a special recovery/repair mode that will allow us to more easily help you should your computer have a problem after an attempted removal of malware.
  • Follow the prompts to allow ComboFix to download and install the Microsoft Windows Recovery Console, and when prompted, agree to the End-User License Agreement to install the Microsoft Windows Recovery Console.
  • Some Rookit infection may damage your boot sector. The Windows Recovery Console may be needed to restore it. Do not bypass this installation. You may regret it.
**Please note: If the Microsoft Windows Recovery Console is already installed, ComboFix will continue it's malware removal procedures.
RcAuto1.gif
Once the Microsoft Windows Recovery Console is installed using ComboFix, you should see the following message:
whatnext.png
Click on Yes, to continue scanning for malware.
When finished, it shall produce a log for you. Please include the C:\ComboFix.txt in your next reply.

Note: If you have difficulty properly disabling your protection programs, refer to this link --> http://www.bleepingcomputer.com/forums/topic114351.html

Do not mouse click ComboFix's window while it's running. That may cause it to stall

Note: If after running ComboFix you get this error message "Illegal operation attempted on a registry key that has been marked for deletion." when attempting to run a program all you need to do is restart the computer to reset the registry.
===

Please paste the log in your next reply, DO NOT ATTACH IT
Let me know what problem persists.

#4 distortedface

distortedface
  • Topic Starter

  • Members
  • 7 posts
  • OFFLINE
  •  
  • Local time:09:23 PM

Posted 12 May 2013 - 10:48 AM

I apologize for wasting your time. I am no longer in possession of the computer with the issues. This thread can be closed. Thanks again for all of the time you guys put in to help us. You are all greatly appreciated.

#5 nasdaq

nasdaq

  • Malware Response Team
  • 40,238 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Montreal, QC. Canada
  • Local time:09:23 PM

Posted 12 May 2013 - 01:01 PM

It appears that this issue is resolved, therefore I am closing the topic. If that is not the case and you need or wish to continue with this topic, please send me or any Moderator a Personal Message (PM) that you would like this topic re-opened.




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users