Over 1 million tech questions and answers.

Combofix, Registry key marked for deletion

Q: Combofix, Registry key marked for deletion

Begging for help! This is also my first blog/topic of any kind, ever. I found a link to combofix, with instructions to only use it from your site. Very responsible of them, but the link bypassed all your warnings not to do it alone. Combofix did its thing, then I managed to restore my internet connection. The connection itself is there, and my icons are there, but I cant get online or do anything else. Nearly ALL my program icons say "Illegal operation attempted on a registry key that has been marked for deletion."

The past week or so I had the redirect/ad coupon drop virus. I downloaded the 2013 AVG free protection to start, then my Google didn't work. I tried to uninstall AVG, but it didn't fix it, and then I couldn't turn Windows Defender back on. I tried a few malware scans recommended on your site, but they didn't find anything. I finally restored the whole thing back a week or so, then it worked fine.

Till last night when it suddenly kept saying Internet Explorer has stopped working, repeatedly popping that tab up as soon as I would try to close it. It wouldn't even let me Ctl-alt-del to get out of it. Today it would work for a few minutes on Yahoo, then start acting up again (virus-like, not wifi problems.) So I got out my old laptop and found a blog with links to you. I had a moment on the ill computer when it actually let me on, so I went right to the Combofix link and downloaded. Now nothing works, and I have seen all your warnings too late. I have the log saved on that computer, but its also under an "Illegal Operation" key.
HELP! What do I do?

PS, I just found out I can get online through the Windows online help page, but my IE and other icons still dont work.

RELEVANCY SCORE 200
Preferred Solution: Combofix, Registry key marked for deletion

I recommend downloading and running Reimage. It's a computer repair tool that has been proven to identify and fix many Windows problems with a high level of success.

I've used it in the past to identify and fix everything from blue screens (BSOD's), ActiveX errors, corrupt files and processes, dll/exe/sys errors, recover lost memory, Windows update problems, defragging, malware removal etc.

You can download it direct from this link http://downloadreimage.com/download.php. (This link will automatically start a download of Reimage that you can save to your computer.)

A: Combofix, Registry key marked for deletion

Have you read thru this http://www.bleepingcomputer.com/forums/topic273628.html

Read other 4 answers
RELEVANCY SCORE 114.8

I have a serious problem on a work laptop. I have some sort of malware.I believe I got it from downloading pdf files but I'm not sure.The symptoms are I am getting a lot of disk type errors. Also, my desktopicons are mostly gone. Also there were a bunch of windows popping up.My Desktop walpaper is now black rather than the default. Now, after running ComboFix, everything I try to run says Illegal Operationattempted on a registry key that has been marked for deletion!!HELP!! I have KeePass on this box with a lot of passwords that I really need to recover!!!Ray

A:Ran ComboFix, Now All Registry Keys Marked For Deletion?

I have a serious problem on a work laptop. I have some sort of malware.I believe I got it from downloading pdf files but I'm not sure.The symptoms are I am getting a lot of disk type errors. Also, my desktopicons are mostly gone. Also there were a bunch of windows popping up.My Desktop walpaper is now black rather than the default. Now, after running ComboFix, everything I try to run says Illegal Operationattempted on a registry key that has been marked for deletion!!HELP!! I have KeePass on this box with a lot of passwords that I really need to recover!!!RayHmmm, a re-boot seems to have fixed the problem!! Phewww.Sorry for the wasted bandwidth..Ray

Read other 2 answers
RELEVANCY SCORE 114.8

Hi guys,
Computer was randomly rebooting. Tried to install Malwarebytes but it said access was denied -- it couldn't write the file in the temp directory.  Went to your forum and you advised another person with same issue to run Combofix.  I ran it and it rebooted the computer, but all the programs I try to open now say "Illegal Operation Attempted on a Registry Key that has been marked for deletion."  I can't even open the File Manager to get a copy of the log.  I remember the Vid-Saver program was deleted by combofix.
I'm writing from the kids computer since mine doesn't work, please help.
Running Windows 7 Pro on a Thinkpad
Best,
grahamby

A:Ran Combofix -- Now All Programs "Registry Key Marked for Deletion" Help?

Held my breath, crossed my fingers and rebooted -- voila back in ship-shape.
Will now try mbamclean

Read other 2 answers
RELEVANCY SCORE 113.6

Ok, so I'm working on a computer who's owner ran a program called ComboFix. Now, whenever you try to launch a program (say, Chrome, word, etc.) we're getting a popup that says something like "Illegal Operation Attempted on registry key marked for deletion."

I was thinking I'd have him restart the computer but "marked for deletion" makes me think this thing will not be able to reboot.

Let's troubleshoot this!

A:After ComboFix: Illegal Operation, Registry Key Marked for Deletion

Just had client run "sfc /scannow". System returned: "Windows Resource Protection did not find any integrity violations."

Read other 5 answers
RELEVANCY SCORE 112.4

I ran Rkill on a lenovo x220, then ran Combofix.  I failed to see that the Lenovo Toolbox was open, which may have interfered somehow with Combofix.  After Combofix finished, I then attempted to run the Malwarebytes Anti Malware, and received an error message stating "Illegal operation attempted on registry key that has been marked for deletion".
 
I cannot launch any programs, including a system restore.  Any suggestions?

A:After Combofix, launching a program advises registry key marked for deletion

The "Illegal operation attempted on a registry key that has been marked for deletion" message is not a ComboFix or Malwarebytes specific problem. It happens from time to time on Vista and Windows 7 computers when a security tool deletes files and registry entries that require a forced reboot. Another reboot should take care of the issue.

Read other 1 answers
RELEVANCY SCORE 108.8

I have a problem similar to this issue..... none of the personal information, just commonlities when I downloaded and ran ComboFix....... Please help, I need my computer asap, I'm an online student....Thanks so much
"I ran ComboFix because my computer had some serious virus. I found ComboFix through another site and did not see the disclaimer about using it under the instruction of professionals.

The virus i had before showed up on AVG as Trojan Horse Crypt.EML. However, AVG couldn't get rid of it. The site i found just told me just to run ComboFix and it would work.

Anyways, ComboFix ran fine and generated a log report.

However, now all my programs won't work and instead say "Illegal operation attempted on a registry key that has been marked for deletion."

I have the log report and all other files generated by ComboFix if anybody needs them.

I am running Windows Vista Home Premium.

Can somebody please help me fix this???"

A:Downloaded combofix now get message "Illegal operation attempted on a registry key that has been marked for deletion...eeeek

Hi Dame1220Firstly, for the benefit of both you and others reading this thread, please take note of the following:ComboFix (CF for short) is intended by its creator to be "used under the guidance and supervision of an expert", NOT for personal, unsupervised use. Please read Combofix's Disclaimer. When CF is run without trained assistance, it can no longer be considered a "safe" tool. Using this tool incorrectly could lead to disastrous problems with your operating system such as preventing it from ever starting again.You may find this topic to be informative - ComboFix usage, Questions, Help? - Look hereSecondly, in regards to your issue. Reboot the computer again. That should set everything straight.~Blade

Read other 1 answers
RELEVANCY SCORE 92.8

I ran ComboFix because my computer had some serious virus. I found ComboFix through another site and did not see the disclaimer about using it under the instruction of professionals.

The virus i had before showed up on AVG as Trojan Horse Crypt.EML. However, AVG couldn't get rid of it. The site i found just told me just to run ComboFix and it would work.

Anyways, ComboFix ran fine and generated a log report.

However, now all my programs won't work and instead say "Illegal operation attempted on a registry key that has been marked for deletion."

I have the log report and all other files generated by ComboFix if anybody needs them.

I am running Windows Vista Home Premium.

Can somebody please help me fix this???

Thanks-

A:"...registry key that has been marked for deletion"

ComboFix logs cannot be worked in this forum. Please follow this procedure from item 6 and post a DDS log in the HJt forum. The helper there will advise when to post the combofix log.Please follow this guide from step (6). Post a HJT log to the HJT forum and a Team member will be along to help you as soon as possible. You may wish to post a link back to this topic to see what was discussed thus far. If you need any help with the guide, please let me know.

Read other 4 answers
RELEVANCY SCORE 92.8

I recently ran Combofix and now get registry key marked for deletion whenever I try to run anything. Where do I go from here? Any help would be greatly appreciated.

A:Registry marked for deletion

Hello,Please follow the instructions in ==>This Guide<== starting at step 6.Once the proper logs are created, then make a NEW TOPIC and post it ==>HERE<== Since you have run ComboFix, please include the ComboFix log in the new topic. Please be sure to include a description of your computer issues and what you have done to try to resolve them.If you cannot produce any of the other logs, then please create the new topic anyway, include the information that you were unable to produce the other logs and why and include the ComboFix log along with a description of your computer issues.Orange Blossom

Read other 1 answers
RELEVANCY SCORE 91.6

I would like one of the helpers on this site to help me fix my computer. I downloaded and ran Combofix and now when I click on Internet Explorer, Yahoo Messenger and many other things on my comptuer I get the message "Illegal operation attempted on a registry key that has been marked for deletion". My computer is worse now than before I ran Combofix. Is there any way to just undo what this software has done? I can not post my log here becaue I can't get to the internet from that computer. I'm posting this message from a different computer.

A:Registry Keys Marked for Deletion

Hi,
please reboot once and that issue should be fixed. What is your original problem?

regards myrti

Read other 2 answers
RELEVANCY SCORE 90.8

In order to fix some Internet Explorer window opening errors I installed and ran both HijackThis and ComboFix. I now receive the message "Illegal operation attempted on a registry key that has been marked for deletion." on most every action that I attempt, including running the above mentioned programs or accessing the log files created by these programs. I cannot copy and paste the results however I did save the combofix log to the attached file. I don't know where the hijack this file is stored.

Updated 010911 15;31;34 - Added Hijack log that I was only able to run via Internet Explorer (using Microsoft link, not iexplorer.exe)
Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 3:30:22 PM, on 1/9/2011
Platform: Windows Vista (WinNT 6.00.1904)
MSIE: Internet Explorer v7.00 (7.00.6000.16982)
Boot mode: Normal
Running processes:
C:\Windows\system32\taskeng.exe
C:\Windows\system32\Dwm.exe
C:\Program Files\Verizon\McciTrayApp.exe
C:\Program Files\Common Files\Java\Java Update\jusched.exe
C:\Windows\Explorer.exe
C:\Windows\system32\wuauclt.exe
C:\Windows\System32\mobsync.exe
C:\Program Files\Internet Explorer\IEUser.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Windows\system32\Macromed\Flash\FlashUtil10l_ActiveX.exe
C:\Windows\Explorer.exe
C:\Program Files\Trend Micro\HiJackThis\HiJackThis.exe
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.gateway.com/g/startpage.html?Ch=Retail&SubCH=nofound&Br=GTW&Loc=E... Read more

Read other answers
RELEVANCY SCORE 90.8
A:illegal operation on a registry key that has been marked for deletion

Hello and welcome to Bleeping Computer! I am HelpBot: an automated program designed to help the Bleeping Computer Staff better assist you! This message contains very important information, so please read through all of it before doing anything. We apologize for the delay in responding to your request for help. Here at Bleeping Computer we get overwhelmed at times, and we are trying our best to keep up. Please note that your topic was not intentionally overlooked. Our mission is to help everyone in need, but sometimes it takes just a little longer to get to every request for help. No one is ignored here. To help Bleeping Computer better assist you please perform the following steps:*************************************************** In order to continue receiving help at BleepingComputer.com, YOU MUST tell me if you still need help or if your issue has already been resolved on your own or through another resource! To tell me this, please click on the following link and follow the instructions there.CLICK THIS LINK >>> http://www.bleepingcomputer.com/logreply/419418 <<< CLICK THIS LINK If you no longer need help, then all you needed to do was the previous instructions of telling me so. You can skip the rest of this post. If you do need help please continue with Step 2 below.*************************************************** If you still need help, I would like you to post a Reply to this topic (click the "Add Reply" button in the lo... Read more

Read other 2 answers
RELEVANCY SCORE 90.8

I ran combofix on a Windows 7 computer and now get "Illegal operation on a registry key that has already been marked for deletion" for everything I try running even the logging tools in the instructions. See the attached combofix log file.
Thanks for your help!

A:Illegal operation on a registry key that has already been marked for deletion

I rebooted and all is good. Thanks

Read other 2 answers
RELEVANCY SCORE 89.6

I told a friend about this forum. He ran malwarebytes on his computer and had 78 infections. Malwarebytes removed them, then he installed Service Pack 1. Then deleted McAfee (it had expired), then he ran combofix. It didn't fix anything, it just made a log file. But now, when he tries to open just about anything, including a restore point, he gets an error that says "Illegal operation attempted on a registry key that has been marked for deletion". I can open the Task Manager and My Computer, but that seems to be about all. How to fix?

At least I was able to get his log file using a jump drive! He did this because a program called "Bearshare" seemed to be taking over his computer, and now I see at least 4 references to it in the log file.

I can open My Computer, and I see 2 files - $$DeleteMe.wmp.dll.01c82bcaf27e290.000 (10.1MB) and $$DeleteMe.wmploc.DLL.01c82bcaaf2a43f0.001 (7.77MG). The date on them is 9/3/2007. Would these have anything to do with the problem?

ComboFix 11-01-04.01 - BPA 01/04/2011 18:29:43.1.2 - x86
Microsoft? Windows Vista? Home Premium 6.0.6001.1.1252.1.1033.18.1014.356 [GMT -6:00]
Running from: c:\users\BPA\Desktop\ComboFix.exe
SP: Windows Defender *Enabled/Outdated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.

((((((((((((((((((((((((( Files Created from 2010-12-05 to 2011-01-05 )))))))))))))))))))))))))))))))
.

2011-01-05 00:40 . 2011-01-05 00:44 -------- d-----w- c:\u... Read more

A:Illegal operation attempted on a registry key that has been marked for deletion

Hello and welcome to Bleeping ComputerWe apologize for the delay in responding to your request for help. Here at Bleeping Computer we get overwhelmed at times, and we are trying our best to keep up. Please note that your topic was not intentionally overlooked. Our mission is to help everyone in need, but sometimes it takes just a little longer to get to every request for help. No one is ignored here.If you have since resolved the original problem you were having, we would appreciate you letting us know. If not please perform the following steps below so we can have a look at the current condition of your machine. If you are unable to create a log because your computer cannot start up successfully please provide detailed information about the Windows version you are using: What we in particular need to know is version, edition and if it is a 32bit or a 64bit system. If you are unsure about any of these caracteristics, just let us know and we'll help you figuring it out. Please also tell us if you have your Windows CD/DVD handy.Please include a clear description of the problems you're having, along with any steps you may have performed so far.Please refrain from running tools or applying updates other than those we suggest while we are cleaning up your computer. The reason for this is so we know what is going on with the machine at any time. Some programs can interfere with others and hamper the recovery process.Even if you have already provided information about your ... Read more

Read other 2 answers
RELEVANCY SCORE 89.6

I was infected by a koobface virus and hundreds of spyware and trojans last week from my Face book account. I was able to download Paretologic Anti-virus and malware program it found a few applications that it deleted. My computer still acted funny and when I went to the koobface posting on the internet it suggested using Malwarebytes or Spybot. I downloaded Malwarebytes, ran it and it found hundreds of infections including 13 koobface viruses. My computer continued to run slow and accumulated thousands of cookies from MSN and Facebook any time I openend Internet Explorer. I wrote to Paretologic about the problem and they sent a link to Combo fix and said to download it directly to the desktop. I did that and ran the program. Combo fix said to let it run and that it would generate a log file which I could then send to someone to help me with the fixes. When I went to my email to do that as instructed by Paretologic, this message came up. Illegal operation attempted on a registry key that has been marked for deletion. When I attempted to use any programs, I kept getting the same message. I have not been able to use some of the recommendations by the Combo Fix website as it won't allow me to open Internet Explorer, the start, run program.

Please, if you've had this problem or know how to fix it, let me know. I am not super computer literate, but can follow instructions typed out for me.

Thank you!!

A:Illegal operation attempted on a registry key that has been marked for deletion

Hello costumelady and to BleepingComputer.Reboot the computer again. That should fix the issue.~Blade

Read other 1 answers
RELEVANCY SCORE 88.8

I had a virus and HostGator suggested running your program. So I ran ComboFix following the directions.

And now the message for ANY program I try to launch is "Illegal operation attempted on a registry key that has been marked for deletion."

The computer starts up, but NO programs work. What did I do wrong?

I am trying to follow the directions at:

http://www.bleepingcomputer.com/combofix/how-to-use-combofix#manual_recovery

Unfortunately, I don't have any Windows 7 start-up disks or recovery disks. I have a Thinkpad W520. They don't come with them. HELP!!! It appears every single program registry file I have has been designated for deletion.

Email: doug(at)douggreene-dot-net.

A:HELP!!! No programs launch, "registry key marked for deletion" (I fubar'ed big time)

I saw this:*******************In order to access the Windows 7 System Recovery Command Prompt you first need to boot your computer off of the Windows 7 DVD by inserting it into your DVD player and turning your computer on. Your computer will start and you should see the BIOS listing the hardware on your computer as well as other information. When that information has been cleared, your computer will see that a bootable DVD is inserted and present a prompt similar to Figure 1 below. If your computer does not boot off of the DVD, and instead boots directly into Windows 7, then you can read this guide on how to configure your bios to boot from a CD or DVD.***************************at:http://www.bleepingcomputer.com/tutorials/windows-7-recovery-environment-command-prompt/*************The problem is that THERE IS NO WINDOWS 7 DVD. Lenovo ONLY has RECOVERY CD's.

Read other 3 answers
RELEVANCY SCORE 80.8

I just reinstalled a fresh copy of Windows 7 on my laptop, and when I went to download Windows Updates, it threw me this error message "Illegal operation attempted on a registry key marked for deletion." with the error code 800703FA. I also tried to run the .NET Framework installer and got the exact same message. I looked the error up and it's my understanding that it is a registry error? This doesn't make much sense though, as this is a fresh install of Windows.

A:"Illegal operation attempted on a registry key marked for deletion."

Hi and welcome to SevenForums,
Where did you get the installation media ?

You can get new media with this
Microsoft Windows and Office ISO Download Tool

Read other 1 answers
RELEVANCY SCORE 76.4

Hello,

I just ran ComboFix and when it was finished clicking on programs and even the control panel causes an alert that says
"Illegal operation attempted on a registry key that has been marked for deletion". What do I do?

Damon

Spoke too soon. Restarting solved the issue. Good thing!

A:ComboFix caused illegal operation key registry deletion problem

You shouldn't be running Combofix unsupervised.

Read other 1 answers
RELEVANCY SCORE 69.6

before , when i tried to delete something from my inbox, it would disappear immediately, all of a sudden, it is marking it with a red 'x' ? thanks
 

A:OUTLOOK EXPRESS : marked for deletion ?

You could just go to: Tools -> Options... -> Maintenance -> Purge deleted items when leaving IMAP folders.
 

Read other 2 answers
RELEVANCY SCORE 69.6

When I try to start my wifi hotspot on my windows 8.1 laptop while installation it says that the specific service is marked for deletion when I try to install another virtual router it says the same that a specific service which is for to start hotspot had
been deleted.
PLEASE anyone help me please????

Read other answers
RELEVANCY SCORE 69.6

I fell prey to the Antivirus 2012 scam malware recently and I installed Malwarebyte's to take care of the issue. It removed the malware, but now my ICS will not start and it states that the dependencies have been "deleted or marked for deletion." and will not start the ICS. I have restarted my comp, deleted the malware removal software, what can I do? Thanks for the help and have a Merry Christmas.

A:ICS depedencies are marked for deletion. Need help fixing.

Run System File Checker.
Click on Start, type command prompt.
Right click on Command Prompt at the top of the window and select Run as Administrator.
In the Command Prompt Window, type (or copy and paste) sfc /scannow and press Enter.

Vista and Windows 7 tell you if there were and problems, XP does not. You can examine the SFC results as follows:

Open a Command Prompt (does not have to be as Administrator):Type (or copy and paste) findstr /c:"[SR]" %windir%\logs\cbs\cbs.log >sfcdetails.txt and press Enter.
Type (or copy and paste) notepad sfcdetails.txt and press Enter.

Read other 4 answers
RELEVANCY SCORE 68.8

Let me try to give as much info as I can to start. Running Windows 7 64bit Ultimate have all updates as of 01-16-2012. Recently had some malware that I removed not sure if there is a correlation. I am trying to connect my wireless connection on my pc to a router to run xbox and BD player. So I connect to my wireless network have my network card plugged into my router, connected to both networks. I go to properties on wireless connection click sharing tab check allow other network users to connect to the internet through this computer connection, also checked allow other network users to control or disable the shared internet connection. I click ok and get a error window that says in the title bar Network Connections the body of the window says, "An error occurred while Internet Connection Sharing was being enabled. The dependency service does not exist or has been marked for deletion. I looked through services and device manager in non pnp drivers everything looks right to me... I am not super familiar with networking issues so I may have missed or overlooked something easily. Searched the internet for answers could not find anything that would resolve my issue. So I am posting here for some help resolving this issue. Help would be appreciated thanks in advance!
 

A:ICS dependency service does not exist or has been marked for deletion

Read other 14 answers
RELEVANCY SCORE 68.8

I could not start my time service.
I was getting this error:

Could not start Windows Time on Local Computer
Error 1058: The service cannot be started because it is disabled or because
it has no enabled devices associated with it.


So I found this "solution" Here:

1. Start->Run cmd.exe
2. net stop w32time
3. w32tm /unregister [ignore error message]
4. w32tm /unregister
5. w32tm /register
6. net start w32time

It worked for that guy but I am stuck with this:


Anfd the service is marked for deletion. I am afraid to shut down or restart. If the time service is stopped, won't it cause some real issues?

Thanks for any ideas!

A:Windows time service marked for deletion

Don't worry, I solved it!

With a little more searching I found this:
http://www.code101.com/Code101/Displ...le.aspx?cid=52

I just needed to close the services and then:
5. w32tm /register
6. net start w32time


Thanks for all the replies ! JK

(hopefully this will help someone else)
Cheers

Read other 4 answers
RELEVANCY SCORE 68
A:illegal operation attempted on a register key that has been marked for deletion

Please download MiniToolBox  , save it to your desktop and run it.
 Checkmark the following checkboxes:  List last 10 Event Viewer log  List Installed Programs  List Users, Partitions and Memory size.
 Click Go and paste the content into your next post.
 Also...please Publish a Snapshot using Speccy - http://www.bleepingcomputer.com/forums/topic323892.html/page__p__1797792#entry1797792 , taking care to post the link of the snapshot in your next post.
 
Louis

Read other 2 answers
RELEVANCY SCORE 66.4

I had the problem with Coordinator.exe pop up saying that no disk was in the drive. I came across your March 12, 2012 solution to that problem (problem now closed) and followed Cheeseball81's instructions to download and run Combofix.exe. However, after completing the scan, none of my programs will work. I get a message, "C:/Program files (x86)\(Program file) Illegal Opertion attempted on a registry key that has been marked for deletion."

I'm using Windows 7. Thanks for any help here.
 

Read other answers
RELEVANCY SCORE 57.6

I have attached a combofix.txt log from a few days ago from a XP Home PC.
 ComboFix.txt   51.81KB
  20 downloadsI work as a level 1-2 technician for a local computer helpdesk/repair company. I have used combofix 1000s of times, but last week, I was completely speechless as I watched combofix delete...c:\windows\system, system32, .dll's, and other system files. I have heard horror stories that Combofix can completely devastate a computer, but seeing it do it right in front of your eyes on-site was horrifying.Setting: A customer called in to schedule a virus removal on site. I went on-site and did my normal routine. Safemode > Malwarebytes > (rename avg)> reboot > normal boot > combofix. MBAM found and removed 3 trojans and some adware which included the infection that I was sent out there for. But to be safe, I always run combofix. To my amazement, combofix started deleting... well check the log. I was able to reboot fine afterwards, but that's the only normal thing that happened. Drivers were missing, programs failed, errors everywhere. Is there any input on this log? Maybe some explanation as to what happened here?Edit: Moved topic from XP to the more appropriate forum. ~ Animal

A:Combofix Devastating Deletion Log

I just notified malware team.
Someone will post back here shortly.

Read other 4 answers
RELEVANCY SCORE 56.4

DO NOT MOVE-MGGood Morning,Like a few others here, I used ComboFix to resolve a Google Redirect Virus issue (not knowing that it had been pulled by the dev), and it "deleted" (quarantined) every file on my machine. A quick look around my C:\ I found all the files with a brand spanking new .vir extension. </panic mode>Following instructions and recommendations from tetonbob given to another forum member in another thread, I was able to use a dequarantine script to recover all my data back to its original location. Fantastic!At this point I just need someone to help me address some housekeeping issues...it seems all my data was copied from the Quarantine folder and the .vir extension was removed, because the quarantine folder is still showing the "infected" files. Essentially I have two sets of files, the normal one and the set that was quarantined and marked .vir. Is it safe to remove the set of quarantined data?Are there any other things that I should be doing to get my PC back to its condition before I ran ComboFix?Thanks in advance for your help!

A:Another ComboFix File Quarantine/"Deletion" question

Hello thereAre you having any issues right now? This is important to know because there are two ways to proceed and I need to know which way to go. tea

Read other 9 answers
RELEVANCY SCORE 56

Can I delete the entire registry and then do a repair install?

What would be the results of something like this?

A:Registry deletion

No, you can't delete the entire registry.
If you want to do that just do a clean install of XP.
It would be the same because if you could delete the regestry & do a repair all that would work would be XP because you would lose the registry entries for everything else.
The registry entries are what tell >Windows where stuff is at, what it is, & what to do with it.

Read other 2 answers
RELEVANCY SCORE 55.2

While playing I navigated to "HKEY_CURRENT_USER\ControlPanel\Desktop" and selected "MenuShowDelay" and instead of modify I Deleted. I've scanned by deleted files using both "Norton" and "Fix-It" Utilities and can not find the deleted item. At this stage I'm afraid to shut down the computer for fear it will not reboot properly.
I'm using Windows XP Pro. Any advise would be appreciated. Thanks.
Bill
 

A:Accidental Registry Deletion

Welcome to TSG

Go back to HKEY_CURRENT_USER\ControlPanel\Desktop

click Edit | New | String Value
Right click it and click Rename
name it MenuShowDelay
Double Click MenuShowDelay and change the value to what you want it to be

(400 is default, 0 is too fast, set it to 100 for a happy medium)

Alternatively, Try a system restore to yesterday's date
 

Read other 3 answers
RELEVANCY SCORE 55.2

I was uninstalling a prog that had a trojan in it. I deleted the registry keys and such; manuelling removing it because the Explorer.exe would shut down every time I tried to do it the old fasion way Wink
So, I was going through, and I accidentally deleted the Uninstall registry key
Which has led all the installed progs to not show up in the Add/Remove Programs gui that's in Control Panel.
And so, I am wondering if I have to wait until tommorow to do this, when I have the windows cd. Or if I'm able to just do some other recovery.
I restarted and held down F8, and did the "Last known good configuration" thing, but it said I had to replace hal.dll.
I've downloaded the dll file, but I'm not very sure I want to replace it because I don't want to mess up the computer that is not even mine worse. Wink
And so...
What am I to do in this dillema?
The programs work; obviouslly, I'm in Firefox at the moment. I'm going to be running a scan, of course, and already have, but I'm defintelly sure it wasn't the virus that did this; but my fat fingering talent of screwing things up worse then they already were. Smile
As a clarification:
HKLM,"SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\
This is the directory.
 

A:Solved: Registry Deletion

Read other 16 answers
RELEVANCY SCORE 55.2

hi all. i had a very nasty backdoor trojan that was very difficult to remove.i ended up finding combofix via another website and was advised to use it (after the failure of many, many other programs). i realize the hap-hazardness of this now and am dealing with the aftermath of a messed up computer...it seems like all the virus is cleared up, but now i've lost functionality of all programs that had required registrations. furthermore, and more complicated, is the fact all uninstall files for said programs have as well been deleted (at least they are not located when searched for nor are they in the correct file folders).under add/remove programs, i now have a ton of random single-word programs such as "fax" or "unload" or "scan" or "printscreen" that have no remove/uninstall button. in fact, almost non of my programs have the uninstall buttons anymore.i've lost microsoft office, all my adobe programs, and just about anything that had required registration. i can reload most of these, but i cannot uninstall the old, malfunctioning versions due to the lack of uninstall files and lack of buttons under add/remove programs.what can i do to get back to a functional computer? how do i get rid of all the weird, single-name programs that appeared? note that all of this happened immediately after using combofix.any help is appreciated.Mod. edit. DaChew referred here from Am I Infected as the infections appear to be gone. ~ OB

A:combofix deletion of uninstall files, add/remove programs/function

i've reinstalled a newer photoshop which seems ok, but i still need to delete the old as well as the other programs.

rebooting seems to change nothing, FYI.

Read other 1 answers
RELEVANCY SCORE 54.8

Hi All,

While troubleshooting a failed internet connection (Windows XP Home, SP 2) I installed Windows Internet Explorer 7.0 (probably a beta version) that wasn't downloaded from the windows website. I've since uninstalled it, so I am now running IE 6, but IE 7 left something behind. Now, when I connect to the internet I get to my home page, but when I select a link I get a blank web page and the error message "Windows cannot find ?(null)?. Make sure you typed the name correctly, and then try again. To search for a file, click the start button, and then click Search.?

Through reseach on the internet I've found that the registry key "C93E5AB5-7B71-4C31-B6B2-7F922A551EFF" needs to be deleted to fix my problem. I've tried with no success. I've tried adding "Everyone" to the registry users, changing the permissions so all users can access the registry and tried to delete the key, downloaded Registry Fix software, I've tried deleting it using regedit and regedt32 and I've run the program IE7betakey.reg with no success.

I can temporarily delete the key, but it always comes back.

Any suggestions?

SteveG297

A:[SOLVED] Registry key comes back after deletion

Is there anyone out there? I'm still looking for help.

I thought the problem was fixed after using Registry Manager software, it was for about 15 minutes. The registry key that I originally referenced was the wrong one. This is the key that is the issue: HKEY_CLASSES_ROOT\CLSID\{C90250F3-4D7D-4991-9B69-A5C5BC1C2AE6} NOT the one originally posted. I thought I had deleted the key with Registrar Registry Manager, but it came back.

Any thoughts?

SteveG

Read other 6 answers
RELEVANCY SCORE 54.8

I'm trying to install ESET smart security on a client computer, and everytime I do, it fails half way saying it cannot write to "AppData" location..

when I browse to the HKLM\Software\ESET the values are incorrect, so I want to delete all references to the software. It keeps saying Access Denied.

this is after I've verified the permissions on the reg key is set to Full Control for Administrators both domain admin and local admin..

what do I do? I can't install this otherwise...

thanks
 

A:Access Denied on Registry key deletion, how do I fix it?

Have you logged in as THE Admin (not an Admin).
 

Read other 5 answers
RELEVANCY SCORE 54.8

Hi folks,

Question: Is Revo a good uninstaller program, in you good folks' opinions? Also, how often does it find and bold stuff from the registry that is associated with the deleted program but that the user should NOT delete?

That leads me to my next question: If, for instance, I'm trying to uninstall something like Seagate Dashboard, and it finds something in the registry that is related to Seagate Dashboard, how likely is it that deleting a registry entry that has Seagate Dashboard's name in it (or only showed up after I installed Seagate Dashboard) would actually harm my computer somehow? And can someone explain to me why and how it could harm my computer (briefly if you like, or be detailed if you'd rather; I love learning!)?

Thanks!
James

A:Revo and Registry File Deletion

Revo is a very good program, however any program can make mistakes.
Since it's not a native Windows uninstaller, it's always a good idea to create a new restore point before proceeding with any removal.

Read other 4 answers
RELEVANCY SCORE 54

I have two computers, a laptop with Home Premium and a desktop with Ultimate. I'm setup as admin on both and installed an application on both that I ended up removing. There were a couple of registry keys that are giving me 'fits' and need removing. I am struggling to get these keys removed.

Using Regedit, I have no issues removing the keys on the Ultimate desktop machine. However, I get the typical error message "Access Denied" message on the Home Premium laptop. Of course I've made sure that my permissions are set to OWNER, etc. but still no luck.

Would this imply that I have a GROUP POLICY issue between the two machines? I understand that some of the differences between the Home Premium and the Ultimate versions of Win 7 are related to GROUP POLICY. Does anyone have any thoughts that would help with this problem. I've heard that it is possible to copy the group policy from one machine to another. Is this possible and if so, how?

Any help would be appreciated.
thanks
Jim

A:Registry Key deletion - Home Premium & Ultimate are different

  
Quote: Originally Posted by rfdes


I have two computers, a laptop with Home Premium and a desktop with Ultimate. I'm setup as admin on both and installed an application on both that I ended up removing. There were a couple of registry keys that are giving me 'fits' and need removing. I am struggling to get these keys removed.

Using Regedit, I have no issues removing the keys on the Ultimate desktop machine. However, I get the typical error message "Access Denied" message on the Home Premium laptop. Of course I've made sure that my permissions are set to OWNER, etc. but still no luck.

Would this imply that I have a GROUP POLICY issue between the two machines? I understand that some of the differences between the Home Premium and the Ultimate versions of Win 7 are related to GROUP POLICY. Does anyone have any thoughts that would help with this problem. I've heard that it is possible to copy the group policy from one machine to another. Is this possible and if so, how?

Any help would be appreciated.
thanks
Jim


You can seize ownership of any registry key;
Right-click the key, click Permissions, click Advanced.
Then set any permission you need.

However, there are two restrictions:
- You cannot do this in bulk.
- In nested keys you must frequently set ownership from inside out. Doing it on the main key only may fail.

I don't use Group Policy, so I have no answer for that part of your question.

HTH

Read other 9 answers
RELEVANCY SCORE 54

I am trying to delete SID from the registry and certain entries cant be deleted. I have permission to remove them as i can do some but not all. I can get around the temp profile issue by renaming the suspect SID but would prefer to remove the all together 

Any Ideas

Read other answers
RELEVANCY SCORE 53.6

Examples of the entries are in the attachment. The "preapproved" within the registry entries concerns me in case they relate to Windows 10, which at this time I do not wish to install, but may wish to later. If I removed the entries now, would I lose the free upgrade.

Are the entries relating to what I think? Remove or not? Opinions please!

A:Antivirus suggests unnecessary registry keys for deletion

Those "PreApproved" keys have to do with ActiveX in Internet Explorer:
Controlling ActiveX in Internet Explorer - IEInternals - Site Home - MSDN Blogs

What antivirus app is suggesting that these keys are unnecessary?

Read other 1 answers
RELEVANCY SCORE 53.6

I've been cleaning up my PC (Windows XP) for the last couple of days but no matter what I try the problem comes back.

Here's the history and what i've tried so far:

The PC was infected with Spyware Guard 2008 (tell you you have a virus and need their virus remover yada yada yada) and I was able to remove it and restore some normality using Malwarebytes Anti-Malware 1.31

However when I was cleaning up the system there is a file that MAM finds but it cannot remove:

c:\windows\system2\dxmhqx.dll

It says that it will clean up during reboot but whe I reboot the file is still there.

If I tried to delete the file manually I get a cannot delete access denied message so I downloaded Unlocker 1.8.7 so I could unlock the file (it was associated to svchost.exe and also other times to winlogon.exe). I was able to unlock the file and then delete

Now I had to go to the registry to remove the entry in there but low and behold everytime I remove the entry it comes up again so this time I got Process Explorer so I could suspend all the instances of svchost.exe. Suspending the processes allows me to remove the entry from the registry and it doesn't come back.

Then I ran MAM and Spybot and everything comes back clean but after I reboot dxmhqx dll and its registry entry come back.
I have done this several times and i always end up on the same spot, one thing worth noting is that if I disconnect my internet connection cable and do the above steps I can clean the syst... Read more

A:Please Help: Malware dll and registry entries keep coming back after deletion

Hey guys,

Just bumping to see if anyone has any ideas.

Thanks
 

Read other 2 answers
RELEVANCY SCORE 53.2

Hello. Today. i am was trying to delete a file
when i am trying. it says: cannot delete because corrupted and unreadable
ok. my problem isn't that.. Nevermind on this !
My problem is. when i tried to search for a solution for it. they said check if your c: marked as dirty. i don't know but i am sure someone made a command in the cmd. to mark c: as dirty. JUST TELL ME. HOW I CAN MAKE IT UNDIRTY. JUST GIVE ME A COMMAND OR A SOLUTION FOR IT. PLS DON'T SAY ANYTHING ELSE

A:My C: is marked as dirty.. how i can make it marked as undirty ?

A dirty drive usually shows up at boot. You get a message that one or more drives need checking - press any key to stop the check. It's best to let the check run - can take a while and it's not a good idea to abort the check while it is running.

After the check has finished, there should be a message 'drive C:\ is clean' or similar.

Dual booting with W10 can occasionally show a false dirty status (from Win7) due to 10's hybrid shutdown state being seen as an error condition.

I've seen cmd methods of changing dirty status, but not a good idea IMHO.

Read other 6 answers
RELEVANCY SCORE 53.2

Hello. Today. i am was trying to delete a file
when i am trying. it says: cannot delete because corrupted and unreadable
ok. my problem isn't that.. Nevermind on this !
My problem is. when i tried to search for a solution for it. they said check if your c: marked as dirty. i don't know but i am sure someone made a command in the cmd. to mark c: as dirty. JUST TELL ME. HOW I CAN MAKE IT UNDIRTY. JUST GIVE ME A COMMAND OR A SOLUTION FOR IT. PLS DON'T SAY ANYTHING ELSE

A:My C: is marked as dirty.. how i can make it marked as undirty ?

A dirty drive usually shows up at boot. You get a message that one or more drives need checking - press any key to stop the check. It's best to let the check run - can take a while and it's not a good idea to abort the check while it is running.

After the check has finished, there should be a message 'drive C:\ is clean' or similar.

Dual booting with W10 can occasionally show a false dirty status (from Win7) due to 10's hybrid shutdown state being seen as an error condition.

I've seen cmd methods of changing dirty status, but not a good idea IMHO.

Read other 6 answers
RELEVANCY SCORE 47.2

Hi,

I hope this is the right place to post this. I ran combofix on my computer and now I am unable to open any programs on the computer. I receive the error message: Illegal operation attempted on a registry key that has been marked for deletion.

I am able to open my documents and pictures folders just not any programs. I am running windows vista. Any help would be greatly appreciated. Thank you.

Grace

A:Combofix Registry Key Problem

Hello.First, a warning for both you and others who may read this thread.ComboFix (CF for short) is intended by its creator to be "used under the guidance and supervision of an expert", NOT for personal, unsupervised use. Please read Combofix's Disclaimer. When CF is run without trained assistance, it can no longer be considered a "safe" tool. Using this tool incorrectly could lead to disastrous problems with your operating system such as preventing it from ever starting again.You may find this topic to be informative - ComboFix usage, Questions, Help? - Look here***************************************************Now. . . in regards to your issue. The problem should resolve itself if you reboot the computer again~Blade

Read other 1 answers
RELEVANCY SCORE 47.2

I ran combofix after it was complete it said something like, let combofix reboot your PC. It stayed like that for a while so finally i just hit the power button.

Now I get an error at boot up:

STOP: c0000218 {Registry File Failure}
The registry cannot load the hive (file):
\SystemRoot\System32\Config\Default or its log or alternate.
It is corrupt, absent, or not writable.

Beginning dump of physical memory.....................

I tried "last known good configuration" , same problem. Safe mode doesnt work either.

Any ideas?

A:Ran Combofix, Now Registry Error

I booted off the windows xp cd into recovery console and ran this command copy c:\windows\repair\default c:\windows\system32\config\default

It also seems like the virus is gone

Read other 2 answers
RELEVANCY SCORE 46.8

I apologize if this is not the forum this would go in but I was told to run ComboFix by someone in order to fix a malware problem and I did and all seems well but after I turned on my McAfee virus protection again after I was done with ComboFix it kept popping up Registry Change warnings because of ComboFix and asking me whether to allow them or block them. I blocked all of them and I just wanted to know if this was the wrong move to make or whether it will screw anything up. McAfee also quarantined and removed the ComboFix file before I could properly uninstall it, so I just deleted the Qoobox folder that was left. I hope that's enough to finish uninstalling it and that it won't cause computer problems later on (there are no problems so far, thankfully).

A:ComboFix made registry changes? [Moved]

As no logs have been posted, I am shifting this topic from the specialized HiJack This forum to the Am I Infected forum.==>PLEASE DO NOT NOW POST LOGS<== unless a log is specifically requested.

Read other 2 answers
RELEVANCY SCORE 46.8

I was thinking, the general user should just not use either one, but which would be the "better" to just pick up and start using? (Not like I'm going to do so, but just out of curiosity.) I'm thinking Registry Cleaners.
 

A:Solved: ComboFix vs. Registry Cleaners

Read other 14 answers
RELEVANCY SCORE 46.8

Ok on my nephews system I go to run Combofix and it backs up the registry hive using eRunt than stops and no other activity blue command prompt screen still showing nothing but Combofix is preparing the run.. than all activity stops.. no HDD activity at all. Any idea what could be wrong? I have used Combofix on hundreds of systems (yes hundreds I worked for Dell YTT for 18 months now in Dell Workstation and Federal support so no longer doing malware removal). This is the first time I have never been able to get Combofix to run at all though.

A:Combofix will not get past registry backup

ComboFix usage, Questions, Help? - Look here

Read other 1 answers
RELEVANCY SCORE 46

In order not to lose all your files, I recommend taking the hard drive out and temporarily add it to another machine and copy the files you wish to retain. Make sure this second machine has up to date, legitimate antivirus protection. Please run a virus scan on these files to be sure you do not infect the secondary machine. I would also recommend you install an antispyware application on this secondary machine as well. I personally use spy sweeper. It is $-ware but you can get a 30-day trial from the manufacturers website. This will ensure you do not infect the other machine.Once that is said and done you should break out the good ole' windows disc and get to rebuilding (provided a fix for the problems caused by combofix does not surface in the VERY near future. about 10 minutes for me!!! lol)There is a half-ass written guide that explains a little about combofix here: http://www.bleepingcomputer.com/combofix/how-to-use-combofixThe author mentions the need of having access to the recovery console, yet makes no mention of what to do with it when combofix kills your computer. In the future I recommend against running combofix, as the results of running the application seem worse than the virii that infected the machine initially. Hopefully there are other ways of cleaning these virii/spy/mal-ware off the system.Good Luck,Paul

A:Help restoring registry backups after running ComboFix.

Laska,You have not lost your data. I will see if I can get someone to help you repair the problem you are having. Please be patient while I find someone to walk you through the steps.Paul,Welcome to the site. Though, I do not normally comment on posts like these, I felt it was necessary in order to educate certain people who make "half-assed" remarks.The so-called "half-ass" guide was written by me and was made purposely vague. If you read the "half-assed" guide you will see that it specifically states the following:Due to the power of this tool it is strongly advised that you do not attempt to act upon any of the information displayed by ComboFix without supervision from someone who has been properly trained. If you do so, it may lead to problems with the normal functionality of your computer. Instead you should use this guide to download and run ComboFix and then post the resulting log in a forum that contains helpers who understand how to diagnose them. These helpers will then help you clean your computer of infections so that it is running properly again.Please take note of the underlined text above. As you can see from reading the above text, the program is not meant to be run by anyone who is not being supervised by a trained helper. Anyone working with CF logs here at BC has been trained on its proper usage and how to recover a computer in the case, rare as it is, that a problem occurs after running CF. Furthermore the guide states:W... Read more

Read other 13 answers
RELEVANCY SCORE 46

My computer has been slowing down considerably and keeps losing its internet connection. Then I started getting the error ' the account specified for this service is different from the account specified for other services running the same process.'

I have CA a/v and had 117 threats removed. Was able to run all the windows updates, then tried to find more help on the internet because then I started receiving the error ' the settings saved on this computer for the network do not match the requirements of the network.'

Viperware found tons of problems, listed under MyWebSearch, which it did not clean, so I used MBytes to fix them. When that was complete, I started combofix. When Combofix rebooted, I couldn't even log on to Windows because it said my Windows Activation had expired and I had to call Acer, which I still may do, but I want to get all of my files off before they say to do a restore (which I am assuming will happen). The only way I was able to boot into Safe mode is to reset the bios to 2004. Then Combofix resumed it final steps, creating a log, etc. I assume M-Bytes got rid of the problems, because it looks like Combofix didn't find anything that I can see.

However, NOW I cannot open anything, or move anything because I get the error "Illegal operation attempted on a registry key that has been marked for deletion." This error comes up for all files, not registry keys. (UPDATE: I rebooted - what did I have to lose? - back int... Read more

Read other answers