Author Topic: [Resolved] my sister computer needs help  (Read 7638 times)

0 Members and 1 Guest are viewing this topic.

Offline Joseph Gosselin

  • Bronze Member
  • Posts: 51
Re: [In Progress] my sister computer needs help
« Reply #30 on: August 08, 2011, 09:25:35 am »
when i run combo fix it keeps saying "Extract: error writing to file SetEnvmt.bat." i tried bot links.

Offline Hoov

  • Malware Removal Mentors
  • Global Moderator
  • Diamond Member
  • Posts: 24727
  • Unwilling part owner of Gov't. Motors and Chrysler
    • Hoov's Personal Site
Re: [In Progress] my sister computer needs help
« Reply #31 on: August 08, 2011, 09:47:36 am »
Can you find out if combofix had ever been run on this computer? If not we need to run it a little differently.

Please download Rkill by Grinler and save it to your desktop.
    Link 2
    Link 3
    Link 4

    • Double-click on the Rkill desktop icon to run the tool.
    • If using Vista, right-click on it and Run As Administrator.
    • A black DOS box will briefly flash and then disappear. This is normal and indicates the tool ran successfully.
    • If not, delete the file, then download and use the one provided in Link 2.
    • A log pops up at the end of the run. This log file is located at C:\rkill.log. Please post this only if requested to by the person helping you. Otherwise you can close this log when you wish.
    • If it does not work, repeat the process and attempt to use one of the remaining links until the tool runs.
    • If the tool does not run from any of the links provided, please let me know.



    Now try running combofix. Use the instructions from before.

    Let me know how it goes. [/list]

    Consumer Security

    If I am helping you and you don't hear from me for 24Hrs, send me a PM Please!

    Offline Joseph Gosselin

    • Bronze Member
    • Posts: 51
    Re: [In Progress] my sister computer needs help
    « Reply #32 on: August 08, 2011, 09:55:49 am »
    i dont think the computer has ran combo fix before. i will run rkill right now

    Offline Joseph Gosselin

    • Bronze Member
    • Posts: 51
    Re: [In Progress] my sister computer needs help
    « Reply #33 on: August 08, 2011, 10:07:23 am »
    now it says "Extract: error writing to badclsid.c" i ran rkill before i ran combo fix

    Offline Hoov

    • Malware Removal Mentors
    • Global Moderator
    • Diamond Member
    • Posts: 24727
    • Unwilling part owner of Gov't. Motors and Chrysler
      • Hoov's Personal Site
    Re: [In Progress] my sister computer needs help
    « Reply #34 on: August 08, 2011, 10:15:58 am »
    Lets try it this way,

    I need you to reboot windows cleanly. To do that please go to the run command and type in msconfig . Once that starts, select selective startup, and then uncheck the load startup items. Now click on the services tab, and down near the bottom of the window, check the box that says Hide all Microsoft Services now go up and uncheck all the services still listed, make sure you scroll down the list if need to unselect all the non Microsoft services. Now click apply, then click OK and reboot the computer.

    Now run rkill and then combofix using the instructions from before. Once you have run them thru and have the logs, then run msconfig and select normal startup then click apply then OK and reboot the computer. Post the logs up.

    Consumer Security

    If I am helping you and you don't hear from me for 24Hrs, send me a PM Please!

    Offline Joseph Gosselin

    • Bronze Member
    • Posts: 51
    Re: [In Progress] my sister computer needs help
    « Reply #35 on: August 08, 2011, 01:17:27 pm »
    i did what you asked and it worked but then it stopped because it said not enough room. then when i tried again it said "Extract: error writing to file swreg.cfxxe.                   

    Offline Hoov

    • Malware Removal Mentors
    • Global Moderator
    • Diamond Member
    • Posts: 24727
    • Unwilling part owner of Gov't. Motors and Chrysler
      • Hoov's Personal Site
    Re: [In Progress] my sister computer needs help
    « Reply #36 on: August 08, 2011, 01:52:08 pm »
    Are there any video files on this computer that you can move to the other harddrive?

    Consumer Security

    If I am helping you and you don't hear from me for 24Hrs, send me a PM Please!

    Offline Joseph Gosselin

    • Bronze Member
    • Posts: 51
    Re: [In Progress] my sister computer needs help
    « Reply #37 on: August 08, 2011, 08:18:08 pm »
    hi hoov,
    Thanks for the help so far. My family and i are taking a trip for about 4 days and i dont think i can get wifi. i would like to continue. will this be posible? if so when i come back i will post something. Here is the combo fix log:


    ComboFix 11-08-07.03 - Nora 08/08/2011  21:05:07.2.2 - x86
    Microsoft® Windows Vista™ Home Premium   6.0.6002.2.1252.1.1033.18.1979.980 [GMT -7:00]
    Running from: c:\users\Nora\Desktop\ComboFix.exe
    AV: Norton 360 *Disabled/Outdated* {88C95A36-8C3B-2F2C-1B8B-30FCCFDC4855}
    FW: Norton 360 *Disabled* {B0F2DB13-C654-2E74-30D4-99C9310F0F2E}
    SP: Norton 360 *Disabled/Outdated* {33A8BBD2-AA01-20A2-213B-0B8EB45B02E8}
    SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
     * Created a new restore point
    .
    .
    (((((((((((((((((((((((((((((((((((((((   Other Deletions   )))))))))))))))))))))))))))))))))))))))))))))))))
    .
    .
    ---- Previous Run -------
    .
    c:\programdata\SPL4BBE.tmp
    c:\programdata\SPL8445.tmp
    c:\programdata\SPL8700.tmp
    c:\programdata\SPL893C.tmp
    c:\programdata\SPLA103.tmp
    c:\programdata\SPLC356.tmp
    c:\programdata\SPLDCB2.tmp
    c:\programdata\SPLF527.tmp
    c:\programdata\SPLF8F4.tmp
    c:\users\Nora\Documents\~WRL0115.tmp
    c:\users\Nora\Documents\~WRL0326.tmp
    c:\users\Nora\Documents\~WRL0379.tmp
    c:\users\Nora\Documents\~WRL0440.tmp
    c:\users\Nora\Documents\~WRL0521.tmp
    c:\users\Nora\Documents\~WRL0590.tmp
    c:\users\Nora\Documents\~WRL0784.tmp
    c:\users\Nora\Documents\~WRL0889.tmp
    c:\users\Nora\Documents\~WRL1050.tmp
    c:\users\Nora\Documents\~WRL1239.tmp
    c:\users\Nora\Documents\~WRL1434.tmp
    c:\users\Nora\Documents\~WRL1501.tmp
    c:\users\Nora\Documents\~WRL1536.tmp
    c:\users\Nora\Documents\~WRL1556.tmp
    c:\users\Nora\Documents\~WRL1687.tmp
    c:\users\Nora\Documents\~WRL1707.tmp
    c:\users\Nora\Documents\~WRL1881.tmp
    c:\users\Nora\Documents\~WRL1934.tmp
    c:\users\Nora\Documents\~WRL2372.tmp
    c:\users\Nora\Documents\~WRL2807.tmp
    c:\users\Nora\Documents\~WRL2849.tmp
    c:\users\Nora\Documents\~WRL2860.tmp
    c:\users\Nora\Documents\~WRL2905.tmp
    c:\users\Nora\Documents\~WRL2914.tmp
    c:\users\Nora\Documents\~WRL2951.tmp
    c:\users\Nora\Documents\~WRL3028.tmp
    c:\users\Nora\Documents\~WRL3779.tmp
    c:\users\Nora\Documents\~WRL3927.tmp
    .
    .
    (((((((((((((((((((((((((   Files Created from 2011-07-09 to 2011-08-09  )))))))))))))))))))))))))))))))
    .
    .
    2011-08-09 04:55 . 2011-08-09 04:55   --------   d-----w-   c:\users\Nora\AppData\Local\temp
    2011-08-09 04:55 . 2011-08-09 04:55   --------   d-----w-   c:\users\Default\AppData\Local\temp
    2011-08-07 21:43 . 2011-07-07 02:52   41272   ----a-w-   c:\windows\system32\drivers\mbamswissarmy.sys
    2011-08-07 21:43 . 2011-08-07 21:45   --------   d-----w-   c:\program files\Malwarebytes' Anti-Malware
    2011-08-07 21:43 . 2011-07-07 02:52   22712   ----a-w-   c:\windows\system32\drivers\mbam.sys
    2011-08-07 21:42 . 2011-08-07 21:42   --------   d-----w-   c:\users\Nora\AppData\Local\Adobe
    2011-08-05 10:56 . 2011-08-07 02:20   --------   d-----w-   c:\programdata\STOPzilla!
    2011-08-05 05:37 . 2011-08-07 22:40   --------   d--h--w-   c:\users\Nora\AppData\Local\MicrosoftNT
    2011-07-16 06:42 . 2011-07-16 06:42   652296   ----a-w-   c:\programdata\Microsoft\eHome\Packages\SportsTemplate\SportsTemplateCore\Microsoft.MediaCenter.Sports.UI.dll
    2011-07-16 06:41 . 2011-07-16 06:41   749832   ----a-w-   c:\programdata\Microsoft\eHome\Packages\MCESpotlight\MCESpotlight\SpotlightResources.dll
    2011-07-16 06:41 . 2011-07-16 06:41   416128   ----a-w-   c:\programdata\Microsoft\eHome\Packages\NetTV\Browse\NetTVResources.dll
    2011-07-13 20:17 . 2011-06-02 13:34   2043392   ----a-w-   c:\windows\system32\win32k.sys
    2011-07-13 20:17 . 2011-04-20 15:55   375808   ----a-w-   c:\windows\system32\winsrv.dll
    2011-07-13 20:17 . 2011-04-20 15:50   49152   ----a-w-   c:\windows\system32\csrsrv.dll
    .
    .
    .
    ((((((((((((((((((((((((((((((((((((((((   Find3M Report   ))))))))))))))))))))))))))))))))))))))))))))))))))))
    .
    2011-06-25 07:09 . 2011-06-25 07:09   404640   ----a-w-   c:\windows\system32\FlashPlayerCPLApp.cpl
    2011-05-30 04:44 . 2008-12-26 04:34   952   --sha-w-   c:\programdata\KGyGaAvL.sys
    2011-05-28 06:08 . 2011-06-16 06:06   916480   ----a-w-   c:\windows\system32\wininet.dll
    2011-05-28 06:04 . 2011-06-16 06:06   43520   ----a-w-   c:\windows\system32\licmgr10.dll
    2011-05-28 06:04 . 2011-06-16 06:06   1469440   ----a-w-   c:\windows\system32\inetcpl.cpl
    2011-05-28 06:04 . 2011-06-16 06:06   71680   ----a-w-   c:\windows\system32\iesetup.dll
    2011-05-28 06:04 . 2011-06-16 06:06   109056   ----a-w-   c:\windows\system32\iesysprep.dll
    2011-05-28 05:10 . 2011-06-16 06:06   385024   ----a-w-   c:\windows\system32\html.iec
    2011-05-28 04:33 . 2011-06-16 06:06   133632   ----a-w-   c:\windows\system32\ieUnatt.exe
    2011-05-28 04:31 . 2011-06-16 06:06   1638912   ----a-w-   c:\windows\system32\mshtml.tlb
    2011-04-14 16:26 . 2011-06-21 02:17   142296   ----a-w-   c:\program files\mozilla firefox\components\browsercomps.dll
    .
    .
    (((((((((((((((((((((((((((((((((((((   Reg Loading Points   ))))))))))))))))))))))))))))))))))))))))))))))))))
    .
    .
    *Note* empty entries & legit default entries are not shown
    REGEDIT4
    .
    [HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\URLSearchHooks]
    "{00000000-6E41-4FD3-8538-502F5495E5FC}"= "c:\program files\Ask.com\GenericAskToolbar.dll" [2010-02-05 1197448]
    .
    [HKEY_CLASSES_ROOT\clsid\{00000000-6e41-4fd3-8538-502f5495e5fc}]
    .
    [HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{D4027C7F-154A-4066-A1AD-4243D8127440}]
    2010-02-05 00:50   1197448   ----a-w-   c:\program files\Ask.com\GenericAskToolbar.dll
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
    "{D4027C7F-154A-4066-A1AD-4243D8127440}"= "c:\program files\Ask.com\GenericAskToolbar.dll" [2010-02-05 1197448]
    .
    [HKEY_CLASSES_ROOT\clsid\{d4027c7f-154a-4066-a1ad-4243d8127440}]
    [HKEY_CLASSES_ROOT\GenericAskToolbar.ToolbarWnd.1]
    [HKEY_CLASSES_ROOT\TypeLib\{2996F0E7-292B-4CAE-893F-47B8B1C05B56}]
    [HKEY_CLASSES_ROOT\GenericAskToolbar.ToolbarWnd]
    .
    [HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\Webbrowser]
    "{D4027C7F-154A-4066-A1AD-4243D8127440}"= "c:\program files\Ask.com\GenericAskToolbar.dll" [2010-02-05 1197448]
    .
    [HKEY_CLASSES_ROOT\clsid\{d4027c7f-154a-4066-a1ad-4243d8127440}]
    [HKEY_CLASSES_ROOT\GenericAskToolbar.ToolbarWnd.1]
    [HKEY_CLASSES_ROOT\TypeLib\{2996F0E7-292B-4CAE-893F-47B8B1C05B56}]
    [HKEY_CLASSES_ROOT\GenericAskToolbar.ToolbarWnd]
    .
    [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "Aim6"="" [BU]
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "eRecoveryService"="" [BU]
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
    "EnableUIADesktopToggle"= 0 (0x0)
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]
    "AppInit_DLLs"=c:\progra~1\Google\GOOGLE~1\GoogleDesktopNetwork3.dll
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
    "aux"=wdmaud.drv
    .
    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys]
    @="Driver"
    .
    [HKLM\~\startupfolder\C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^Bluetooth.lnk]
    path=c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\Bluetooth.lnk
    backup=c:\windows\pss\Bluetooth.lnk.CommonStartup
    backupExtension=.CommonStartup
    .
    [HKLM\~\startupfolder\C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^McAfee Security Scan Plus.lnk]
    path=c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\McAfee Security Scan Plus.lnk
    backup=c:\windows\pss\McAfee Security Scan Plus.lnk.CommonStartup
    backupExtension=.CommonStartup
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Acer Assist Launcher]
    2007-11-19 22:17   1261568   ----a-w-   c:\program files\Acer\Acer Assist\launcher.exe
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Reader Speed Launcher]
    2008-06-12 09:38   34672   ----a-w-   c:\program files\Adobe\Reader 9.0\Reader\reader_sl.exe
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ALUAlert]
    2008-02-21 22:02   152952   ----a-w-   c:\program files\Symantec\LiveUpdate\ALUNOTIFY.EXE
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Apoint]
    2007-07-21 10:18   159744   ----a-w-   c:\program files\Apoint2K\Apoint.exe
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\BkupTray]
    2008-04-07 05:42   34040   ----a-w-   c:\program files\NewTech Infosystems\NTI Backup Now 5\BkupTray.exe
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ccApp]
    2008-10-17 23:52   51048   ----a-w-   c:\program files\Common Files\Symantec Shared\CCAPP.EXE
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ehTray.exe]
    2008-01-21 02:25   125952   ----a-w-   c:\windows\ehome\ehtray.exe
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ePower_DMC]
    2008-08-01 16:51   405504   ----a-w-   c:\program files\Acer\Empowering Technology\ePower\ePower_DMC.exe
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Google Update]
    2010-10-16 22:19   136176   ----atw-   c:\users\Nora\AppData\Local\Google\Update\GoogleUpdate.exe
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HotKeysCmds]
    2010-08-26 03:45   171032   ----a-w-   c:\windows\System32\hkcmd.exe
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\IgfxTray]
    2010-08-26 03:45   136216   ----a-w-   c:\windows\System32\igfxtray.exe
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\iTunesHelper]
    2011-04-27 08:22   421160   ----a-w-   c:\program files\iTunes\iTunesHelper.exe
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\LManager]
    2008-07-02 03:36   850440   ----a-w-   c:\progra~1\LAUNCH~1\LManager.exe
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\lxdxamon]
    2008-06-13 16:04   16040   ----a-w-   c:\program files\Lexmark 3600-4600 Series\lxdxamon.exe
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\lxdxmon.exe]
    2008-06-13 16:04   668328   ----a-w-   c:\program files\Lexmark 3600-4600 Series\lxdxmon.exe
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Malwarebytes' Anti-Malware (reboot)]
    2011-07-07 02:52   1047656   ----a-w-   c:\program files\Malwarebytes' Anti-Malware\mbam.exe
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\osCheck]
    2008-02-26 14:50   988512   ----a-w-   c:\program files\Norton 360\osCheck.exe
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Persistence]
    2010-08-26 03:45   170520   ----a-w-   c:\windows\System32\igfxpers.exe
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RtHDVCpl]
    2008-04-17 03:50   6111232   ----a-w-   c:\windows\RtHDVCpl.exe
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Skytel]
    2007-11-20 10:15   1826816   ----a-w-   c:\windows\SkyTel.exe
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\WMPNSCFG]
    2008-01-21 02:25   202240   ----a-w-   c:\program files\Windows Media Player\wmpnscfg.exe
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\McAfeeAntiSpyware]
    "DisableMonitoring"=dword:00000001
    .
    R2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384]
    R3 BBSvc;Bing Bar Update Service;c:\program files\Microsoft\BingBar\BBSvc.EXE [2011-03-01 183560]
    R3 COH_Mon;COH_Mon;c:\windows\system32\Drivers\COH_Mon.sys [2008-07-31 23888]
    R3 WPFFontCache_v0400;Windows Presentation Foundation Font Cache 4.0.0.0;c:\windows\Microsoft.NET\Framework\v4.0.30319\WPF\WPFFontCache_v0400.exe [2010-03-18 753504]
    R4 BUNAgentSvc;NTI Backup Now 5 Agent Service;c:\program files\NewTech Infosystems\NTI Backup Now 5\Client\Agentsvc.exe [2008-03-03 16384]
    R4 ETService;Empowering Technology Service;c:\program files\Acer\Empowering Technology\Service\ETService.exe [2008-06-02 24576]
    R4 GoogleDesktopManager-051210-111108;Google Desktop Manager 5.9.1005.12335;c:\program files\Google\Google Desktop Search\GoogleDesktop.exe [2010-06-20 30192]
    R4 gupdate;Google Update Service (gupdate);c:\program files\Google\Update\GoogleUpdate.exe [2010-01-30 135664]
    R4 gupdatem;Google Update Service (gupdatem);c:\program files\Google\Update\GoogleUpdate.exe [2010-01-30 135664]
    R4 LiveUpdate Notice;LiveUpdate Notice;c:\program files\Common Files\Symantec Shared\ccSvcHst.exe [2008-10-17 149352]
    R4 lxdx_device;lxdx_device;c:\windows\system32\lxdxcoms.exe [2008-02-28 594600]
    R4 lxdxCATSCustConnectService;lxdxCATSCustConnectService;c:\windows\system32\spool\DRIVERS\W32X86\3\\lxdxserv.exe [2008-02-28 98984]
    R4 McComponentHostService;McAfee Security Scan Component Host Service;c:\program files\McAfee Security Scan\2.0.181\McCHSvc.exe [2010-01-15 227232]
    R4 NTIBackupSvc;NTI Backup Now 5 Backup Service;c:\program files\NewTech Infosystems\NTI Backup Now 5\BackupSvc.exe [2008-04-07 50424]
    R4 NTISchedulerSvc;NTI Backup Now 5 Scheduler Service;c:\program files\NewTech Infosystems\NTI Backup Now 5\SchedulerSvc.exe [2008-04-04 131072]
    R4 Viewpoint Manager Service;Viewpoint Manager Service;c:\program files\Viewpoint\Common\ViewpointService.exe [2007-01-04 24652]
    S1 IDSvix86;Symantec Intrusion Prevention Driver;c:\progra~2\Symantec\DEFINI~1\SymcData\ipsdefs\20091217.001\IDSvix86.sys [2009-11-20 286768]
    S2 regi;regi;c:\windows\system32\drivers\regi.sys [2007-04-18 11032]
    S3 b57nd60x;Broadcom NetXtreme Gigabit Ethernet - NDIS 6.0;c:\windows\system32\DRIVERS\b57nd60x.sys [2008-03-28 210432]
    S3 JMCR;JMCR;c:\windows\system32\DRIVERS\jmcr.sys [2008-05-30 93968]
    S3 SYMNDISV;SYMNDISV;c:\windows\System32\Drivers\SYMNDISV.SYS [2009-02-19 41008]
    .
    .
    --- Other Services/Drivers In Memory ---
    .
    *NewlyCreated* - COMHOST
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
    LocalServiceAndNoImpersonation   REG_MULTI_SZ      FontCache
    .
    Contents of the 'Scheduled Tasks' folder
    .
    2011-08-09 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
    - c:\program files\Google\Update\GoogleUpdate.exe [2010-01-30 01:56]
    .
    2011-08-09 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
    - c:\program files\Google\Update\GoogleUpdate.exe [2010-01-30 01:56]
    .
    2011-08-07 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-2179011211-1787922989-1093665615-1003Core.job
    - c:\users\Nora\AppData\Local\Google\Update\GoogleUpdate.exe [2011-04-18 22:19]
    .
    2011-08-09 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-2179011211-1787922989-1093665615-1003UA.job
    - c:\users\Nora\AppData\Local\Google\Update\GoogleUpdate.exe [2011-04-18 22:19]
    .
    2011-08-09 c:\windows\Tasks\User_Feed_Synchronization-{A67B2B58-20A6-48DA-B10B-789D0CD39DB6}.job
    - c:\windows\system32\msfeedssync.exe [2011-06-16 04:32]
    .
    .
    ------- Supplementary Scan -------
    .
    uStart Page = hxxp://www.fitnessmagazine.com/videos/m/35164840/booty-swirl.htm
    mStart Page = hxxp://homepage.acer.com/rdr.aspx?b=ACAW&l=0409&s=2&o=vp32&d=1008&m=extensa_4630z
    uInternet Settings,ProxyOverride = *.local
    IE: &AIM Toolbar Search - c:\programdata\AIM Toolbar\ieToolbar\resources\en-US\local\search.html
    IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
    IE: Google Sidewiki... - c:\program files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_70C5B381380DB17F.dll/cmsidewiki.html
    TCP: DhcpNameServer = 192.168.1.1
    FF - ProfilePath - c:\users\Nora\AppData\Roaming\Mozilla\Firefox\Profiles\88g1mb28.default\
    .
    .
    **************************************************************************
    scanning hidden processes ... 
    .
    scanning hidden autostart entries ...
    .
    scanning hidden files ... 
    .
    scan completed successfully
    hidden files:
    .
    **************************************************************************
    .
    --------------------- LOCKED REGISTRY KEYS ---------------------
    .
    [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet003\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
    @Denied: (A) (Users)
    @Denied: (A) (Everyone)
    @Allowed: (B 1 2 3 4 5) (S-1-5-20)
    "BlindDial"=dword:00000000
    .
    --------------------- DLLs Loaded Under Running Processes ---------------------
    .
    - - - - - - - > 'Explorer.exe'(1800)
    c:\program files\Common Files\Symantec Shared\AppCore\AppMgr32.dll
    .
    Completion time: 2011-08-08  22:02:37
    ComboFix-quarantined-files.txt  2011-08-09 05:02
    .
    Pre-Run: 286,023,680 bytes free
    Post-Run: 247,386,112 bytes free
    .
    - - End Of File - - FBDBBCCF47966B436A6AAD8E39D52A1D

    Offline Hoov

    • Malware Removal Mentors
    • Global Moderator
    • Diamond Member
    • Posts: 24727
    • Unwilling part owner of Gov't. Motors and Chrysler
      • Hoov's Personal Site
    Re: [In Progress] my sister computer needs help
    « Reply #38 on: August 08, 2011, 09:42:36 pm »
    We are not done yet, but can you tell me how the computer is running now? Also please post a new DDS scan please.

    Consumer Security

    If I am helping you and you don't hear from me for 24Hrs, send me a PM Please!

    Offline Joseph Gosselin

    • Bronze Member
    • Posts: 51
    Re: [In Progress] my sister computer needs help
    « Reply #39 on: August 09, 2011, 07:42:04 am »
    whenever i try to run a program like msconfig to change the settings back because of combofix it says "C:\Windows\system32\msconfig.exe
    Illegal operation attempted on a registry key that has been marked for deletion" also it dosn't seem to be losing memory.

    Offline Hoov

    • Malware Removal Mentors
    • Global Moderator
    • Diamond Member
    • Posts: 24727
    • Unwilling part owner of Gov't. Motors and Chrysler
      • Hoov's Personal Site
    Re: [In Progress] my sister computer needs help
    « Reply #40 on: August 09, 2011, 09:28:12 am »
    Please reboot to safe mode, click the start button, then go to all programs then to accessories and right click on command prompt and select run as administrator. Now in the command prompt type in sfc /scannow  (there is a space after the c) and hit enter. Once the scan is done reboot the computer and see if you can run msconfig now.

    Consumer Security

    If I am helping you and you don't hear from me for 24Hrs, send me a PM Please!

    Offline Joseph Gosselin

    • Bronze Member
    • Posts: 51
    Re: [In Progress] my sister computer needs help
    « Reply #41 on: August 09, 2011, 09:33:59 am »
    hoov,
    i will do that but im going away for a couple of days can we still continue when i come back? i am leaving today.

    Offline Hoov

    • Malware Removal Mentors
    • Global Moderator
    • Diamond Member
    • Posts: 24727
    • Unwilling part owner of Gov't. Motors and Chrysler
      • Hoov's Personal Site
    Re: [In Progress] my sister computer needs help
    « Reply #42 on: August 09, 2011, 10:01:10 am »
    Yep, no worries.

    Consumer Security

    If I am helping you and you don't hear from me for 24Hrs, send me a PM Please!

    Offline Joseph Gosselin

    • Bronze Member
    • Posts: 51
    Re: [In Progress] my sister computer needs help
    « Reply #43 on: August 17, 2011, 04:29:56 pm »
    sorry for the wait hoov my family has been traveling alot and we are going again tommorow. if u could give me a couple more steps to work on to do that would be great. i will be gone for about 5 more days.
    thanks for you help so far.

    Offline Hoov

    • Malware Removal Mentors
    • Global Moderator
    • Diamond Member
    • Posts: 24727
    • Unwilling part owner of Gov't. Motors and Chrysler
      • Hoov's Personal Site
    Re: [In Progress] my sister computer needs help
    « Reply #44 on: August 17, 2011, 06:14:55 pm »
    Not a problem, I am having internet connectivity issues right now anyway.

    As for the steps, running sfc is kind of a pivotal step. Depending on what happens after it is run will tell us which way to go.

    Consumer Security

    If I am helping you and you don't hear from me for 24Hrs, send me a PM Please!