deepdive wont remove

You will have to be more specific than that.
What is the exact file path.....and what is deepdive? There is nothing in your logs that look suspicious.

 

Copy the bold text below to notepad. Save it as fixME.reg to your desktop. Be sure the "Save as" type is set to "all files" Once you have saved it double click it and allow it to merge with the registry.

Now tell me if the issue still exists.

 

Please get me a new log from ComboFix.

But first!! Make a backup of your registry.

1. Click Start > Run.
2. Type regedit
3. Click OK.
4. Navigate to and delete9if found- the following entries:
   
   HKEY_CLASSES_ROOT\toolbar.TB\CLSID
   HKEY_CLASSES_ROOT\toolbar.TB.1\CLSID
   HKEY_CLASSES_ROOT\AppID\toolbar.DLL
   HKEY_CLASSES_ROOT\CLSID\{0CB66BA8-5E1F-4963-93D1-E1D6B78FE9A2}
   HKEY_CLASSES_ROOT\TypeLib\{A8954909-1F0F-41A5-A7FA-3B376D69E226}
   HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{0CB66BA8-5E1F-4963-93D1-E1D6B78FE9A2}
   HKEY_LOCAL_MACHINE\SOFTWARE\Classes\TypeLib\{A8954909-1F0F-41A5-A7FA-3B376D69E226}
   HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{0CB66BA8-5E1F-4963-93D1-E1D6B78FE9A2}
   HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{0CB66BA8-5E1F-4963-93D1-E1D6B78FE9A2}
5. Exit the Registry Editor.

 

* Make sure that combofix.exe that you downloaded while doing the READ & RUN ME is on your Desktop but Do not run it!
o If it is not on your Desktop, the below will not work.
* Open Notepad and copy/paste the text in the below code box into it (make sure you scroll all the way down in the code box to get all lines selected ):

Code:

KILLALL::


Registry::
[-HKEY_CLASSES_ROOT\CLSID\{0CB66BA8-5E1F-4963-93D1-E1D6B78FE9A2}]
[-HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{0CB66BA8-5E1F-4963-93D1-E1D6B78FE9A2}]

* Save the above as CFscript.txt and make sure you save it to the same location (should be on your Desktop) as ComboFix.exe
* At this point, you MUST EXIT ALL BROWSERS NOW before continuing!
* You should have both the ComboFix.exe and CFScript.txt icons on your Desktop.
If it asks you to overide the prvevious file with the same name, click YES.
* Now use your mouse to drag CFscript.txt on top of ComboFix.exe
http://img.photobucket.com/albums/v666/sUBs/CFScriptB-4.gif
* Follow the prompts.
* When it finishes, a log will be produced named c:\combofix.txt
* I will ask for this log below

Note:

Do not mouseclick combofix's window while it is running. That may cause it to stall.

Now run the C:\MGtools\GetLogs.bat file by double clicking on it. Then attach the new C:\MGlogs.zip file that will be created by running this and also attach the log from Combo.

 

You didn't tell me if the issue still persists or not.

 

aarrgghhh....

Download and Install Registrar Lite.

Run Registrar Lite navigate to the following keys and take ownership of them (explained further down:

HKEY_CLASSES_ROOT\CLSID\{0CB66BA8-5E1F-4963-93D1-E1D6B78FE9A2}
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{0CB66BA8-5E1F-4963-93D1-E1D6B78FE9A2}

To take ownership of the key do the following:

* Copy & Paste one registry key from above into the address bar of Registrar Lite and hit the enter key. This will bring you to the regitry key.
* Click-on Security in the Menu
* Select Take Ownership
* Now right click on the registry key and select delete
* Repeat for both registry keys
* Tell me the results. Any errors?

 

Then we get more aggressive:

Run Registrar Lite navigate to each of the following keys (one at a time) and take ownership of them (I explained how to do that further down).

HKEY_CLASSES_ROOT\CLSID\{0CB66BA8-5E1F-4963-93D1-E1D6B78FE9A2}
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{0CB66BA8-5E1F-4963-93D1-E1D6B78FE9A2}

To take ownership of the key do the following:

* Copy & Paste the registry key from above into the Address bar of Registrar Lite and hit the enter key. This will bring you to the registry key.
* Click-on Security in the top Menu
* Select Take Ownership
* Repeat these steps for all of the registry keys given above before continue to the next steps below.
* Now leave RegistrarLite running and continue
* Now run the fixME.reg REGISTRY PATCH below in this message.
* Tell me the results. Any error messages?
* Now in RegistrarLite click View and then Refresh
* Now navigate one at a time to each of the above keys we took ownership of to make sure they were deleted.
* If any of the keys still exist, move on down to PART 2 - Setting Permissions for Everyone below!.

Here is the Registry Patch

Now Copy the bold text below to notepad. Save it as fixME.reg to your desktop. Be sure the "Save as" type is set to "all files" Once you have saved it double click it and allow it to merge with the registry.

PART 2 - Setting Permissions for Everyone

Run the below if some of the registry keys still exist after running the above steps.

Now I want you to use Registar Lite again to navigate to each of the below keys (one at a time) by pasting them into the Address Bar and hitting return. But this time click the Security menu item and select Edit Permissions so we can change permissions to everyone ( I describe this down below the list of registry keys).

HKEY_CLASSES_ROOT\CLSID\{0CB66BA8-5E1F-4963-93D1-E1D6B78FE9A2}
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{0CB66BA8-5E1F-4963-93D1-E1D6B78FE9A2}

After click Edit Permissions , here is what I expect you to see in the Group or user names area of the form:

Everyone
SYSTEM

Select Everyone by clicking on it. Now at the bottom in the Permissions box click the check box for Full Control. The click Apply and then OK to get back to the main Registrar Lite screen. Nowright click on the registry key and select Delete. The click View and Refresh. Check to see if the registry key just deleted truly deleted. If so, move on to the next to work thru the whole list. If it does not delete, I want you to boot into safe mode and repeat these exact same steps to see if we can do it from safe mode.

Then reboot your PC!

Now see if they still exist.

 

AARRRGGGHHH!!!

Please download the OTMoveIt3 by OldTimer.

• Save it to your desktop.
• Please double-click OTMoveIt3.exe to run it. (Note: If you are running on Vista, right-click on the file and choose Run As Administrator).
• Copy the lines in the codebox below to the clipboard by highlighting ALL of them and pressing CTRL + C (or, after highlighting, right-click and choose Copy):

Code:

::Reg

[-HKEY_CLASSES_ROOT\CLSID\{0CB66BA8-5E1F-4963-93D1-E1D6B78FE9A2}]
[-HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{0CB66BA8-5E1F-4963-93D1-E1D6B78FE9A2}]

:Commands
[emptytemp]
[Reboot]

• Return to OTMoveIt3, right click in the "Paste Instructions for Items to be Moved" window (under the yellow bar) and choose Paste.
• Click the red Moveit! button.
• Copy everything in the Results window (under the green bar) to the clipboard by highlighting ALL of them and pressing CTRL + C (or, after highlighting, right-click and choose copy), and paste it in your next reply.
• Close OTMoveIt3

Note: If a file or folder cannot be moved immediately you may be asked to reboot the machine to finish the move process. If you are asked to reboot the machine choose Yes. In this case, after the reboot, open Notepad (Start->All Programs->Accessories->Notepad), click File->Open, in the File Name box enter *.log and press the Enter key, navigate to the C:\_OTMoveIt\MovedFiles folder, and open the newest .log file present, and copy/paste the contents of that document back here in your next post.

 

Now...if that doesn't work we will try this, dang it!!

Let's start by copying the bold text below to notepad. Save it as fixDNSC.reg to your desktop. Be sure the "Save as" type is set to "all files".

* Please go to this link:http://live.sysinternals.com/
* find the psexec.exe file listed in the list and click on it and download and save it to your Desktop. Doing this properly is critical for other steps below.
* Now click Start, Run, and enter cmd and click OK. This will open a command prompt window with a prompt that shows the current folder you are in.
* For you the prompt should show C:\Documents and Settings\User>
* Now type cd Desktop and hit the enter key. There is a space after the cd.
* If you do this properly, your prompt will change to C:\Documents and Settings\User\Desktop>
* Type the below bold text and hit the enter key. This will open the Window Registry Editor. You will have to agree to the SysInternals License Agreement first that pops up.
psexec -s -i regedit
* In the Registry Editor click File, Import and then navigate to the fixDNSC.reg file on your Desktop from the previous fix and double click on it to import it into your registry. If it works properly you should get a success message.
* If you get a success message continue on with the below, otherwise stop and explain to me any problems you had.

Now, download a fresh copy of ComboFix and attach the new log, also run the C:\MGtools\GetLogs.bat file by double clicking on it (Note: if using Vista, don't double click, use right click and select Run As Administrator).

Then attach the below logs:

* ComboFix Log
* C:\MGlogs.zip

Make sure you tell me how things are working now!

 

Next fix posted below....?

 

Hang in there.....I need to consult with Chas on this.

 

Please run the below procedure and make sure you reboot where requested:

Resetting Registry and File Permissions





Now download The Avenger by Swandog46, and save it to your Desktop.

• Extract avenger.exe from the Zip file and save it to your desktop
• Run avenger.exe by double-clicking on it.
• Do not change any check box options!!
• Copy everything in the Quote box below, and paste it into the Input script here: part of the window:

• Now click the Execute button.
• Click Yes to the prompt to confirm you want to execute.
• Click Yes to the Reboot now? question that will appear when Avenger finishes running.
• Your PC should reboot, if not, reboot it yourself.
• A log file from Avenger will be produced at C:\avenger.txt and it will popup for you to view when you login after reboot.

After reboot check to see if the above registry keys have been deleted.

Now also attach the C:\avenger.txt log

 

Now copy the bold text below to notepad. Save it as fixme.reg to your desktop. Be sure the "Save as" type is set to "all files" Once you have saved it double click it and allow it to merge with the registry.

Make sure that you tell me if you receive a success message about adding the above
to the registry. If you do not get a success message, it definitely did not work.

Did the above key get removed?

 

This is strange, I'm not sure if there is something still hiding that is locking this or the permissions are just not getting reset. Let's try a few things.

Copy the bold text below to notepad. Save it as fixme.reg to your desktop overwriting and previous files of the same name. Be sure the "Save as" type is set to "all files" Once you have saved it double click it and allow it to merge with the registry.

Make sure that you tell me if you receive a success message about adding the above
to the registry. If you do not get a success message, it definitely did not work.

Now please run Malwarebytes and first make sure you UPDATE to the current definitions. Then run a full scan and make sure you fix what it finds before saving the log. I will ask for the log later. IMMEDIATELY REBOOT HERE!!!!!!

After reboot please run SUPERAntiSpyware and first make sure you UPDATE to the current definitions. Then run a full scan and make sure you fix what it finds before saving the log. I will ask for the log later.

Now download Registry Search (see the link titled RegSearch Download Link)

• Extract the files from Regsearch.zip into a folder.
• Doubleclick regsearch.exe to start the program.
• In the top 3 boxes under the Enter search strings case independen) and click Ok... option, enter the below three strings (use copy and past)
  • 0CB66BA8-5E1F-4963-93D1-E1D6B78FE9A2
  • A8954909-1F0F-41A5-A7FA-3B376D69E226
  • 967A494A-6AEC-4555-9CAF-FA6EB00ACF91
• Then click "OK".
• Notepad will be opened with text in it (the file named RegSearch.txt will be saved in the program's folder as well).

Now attach the below three logs:

• new Malwarebytes log
• new SUPERAntiSpyware log
• RegSearch.txt log

 

Important Notice: A new version of SUPERAntiSpyware is out that should help with this problem from Vundo.

• Please uninstall your current version (this is necessary).
• Then download this SUPERAntiSpyware
• Install this new version. It may tell you that you need to reboot to complete the installation. You must reboot at this time.
• After the reboot, run SUPERAntiSpyware and immediately click the Check for Updates button to get more updates for the database.
• Now run a new full scan of your system. And attach this first log later.
• Since this infection has been reappearing after a reboot, you will have to reboot again and then run an additional scan to make sure it comes back clean. Attach this second log too.

 

I have asked our friends at SUPERAntiSpyware to check into this.

In the meantime please do the below.

Go here and download SysClean:

http://www.trendmicro.com/download/dcs.asp

You will need to download two additional files, one for viruses and the other for spyware. Instructions for which ones to download are found here:

http://www.trendmicro.com/ftp/products/tsc/readme.txt

After running SysClean, attach the log from it.



Now run this Running GMER to detect rootkits and attach the GMER log.

Also please run this Trend Micro RootkitBusterand see if you can get us a log from it too.