Search:

Thank you, Jeff and I will!!!

Jeff, you have been stellar in your directions and your patience with this issue! Your time and efforts are appreciated more than you know. Thank you so, very much and have a wonderful and Happy...

That didn't work, either, Jeff. Same error message.

voila! you know all the tricks!

http://www.mediafire.com/?t6a86ofhk6157qu

or so I thought...it's 1.42mb and is too large. I'll break it down for you.

The log is attached.

the log you requested is massive! can I give it to you as an attachment? Otherwise, I would have to paste in aprox 12-15 messages.

Ok, here's the new scoop...ran the link 3 times looking for the "aggressive" button. No button, but the WinFix said it had fixed the problem. Restarted, still getting the same error when I try to...

as you requested...


Microsoft DiskPart version 6.0.6002
Copyright (C) 1999-2007 Microsoft Corporation.
On computer: FAMILY-PC

Volume ### Ltr Label Fs Type Size ...

14 VT Community user(s) with a total of 43357 reputation credit(s) say(s) this sample is goodware. 4 VT Community user(s) with a total of 4 reputation credit(s) say(s) this sample is malware.
File...

You are the best!!!!!

same thing...same error and cannot get error check to run. :-s

"The task image is corrupt or has been tampered with.User+Feed+Synchronization-{1A27E350-4EB9-4A64-8D25-115B91043FBF}

Nothing like a good merge, eh?

I get a windows error code: WindowsUpdate_80096001. This is the one I'd gotten before regarding drive error and the check for errors was not running when the...

nothing quirky other than not being able to do updates, re:previous post. Although I have not tried since before. Here is the log:

SystemLook 30.07.11 by jpshortstuff
Log created at 15:06 on...

step 2 seems to be fine. File now reads service_COMSysApp.reg and has been merged.

Qoobox quarantined files

2011-11-20 15:02:51 . 2011-11-20 15:02:51 4,464 ----a-w- C:\Qoobox\Quarantine\Registry_backups\Service_COMSysApp.reg.dat
2011-11-17 02:35:36 . 2011-11-17...

No probs, Jeff...happy deep fried turkey, football, parade and psycho shopping day!

ComboFix 11-11-23.03 - Family 24/11/2011 11:00:03.11.2 - x86
Microsoft® Windows Vista™ Home Premium 6.0.6002.2.1252.2.1033.18.2037.1286 [GMT -5:00]
Running from:...

:-s the file does not have a reg.dat extension for me to rename.

"C:\Qoobox\Quarantine\Registry_backups\Service_COMSysApp.reg"

although it does show as a dat file listed under "type"

I...

taaaa daaaaa.....

SystemLook 30.07.11 by jpshortstuff
Log created at 18:02 on 23/11/2011 by Family
Administrator - Elevation successful

========== reg ==========
...

Look - notepad is blank. To recap, I saved the RegExp.bat notepad file to the desktop. Double clicked on it. The system asked for my permission to run. Then identified that there was no desktop...

Batting a thousand today...this didn't provide anything on the desktop...I copied ALL of the command and tried both search and run. I get a request to perform the task from windows...then nadda.

aweeee gorsh..thank you...it's been educational, to say the least!

Ok..this reg.dat file is showing it is a dat file, but the name is only .reg. However when I look at it in properties, it is...

WOW...if this means something to you, then you are more my hero than you were a few minutes ago!!!

2011-11-20 15:02:51 . 2011-11-20 15:02:51 4,464 ----a-w- ...

ooops sorry for the DDS twice...a couple quirky things but I'm hoping that updating windows sorts that out...Malwarebytes wouldn't run for me earlier, so I had to uninstall and reinstall...but I...

and DDS

.
UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.
IF REQUESTED, ZIP IT UP & ATTACH IT
.
DDS (Ver_2011-08-26.01)
.
Microsoft® Windows Vista™ Home Premium
Boot Device:...

...and tadaaaa DDS

.
DDS (Ver_2011-08-26.01) - NTFSx86
Internet Explorer: 8.0.6001.19154 BrowserJavaVersion: 1.6.0_22
Run by Family at 9:50:41 on 2011-11-21
Microsoft® Windows Vista™ Home...

Malware Bytes log...

Malwarebytes' Anti-Malware 1.51.2.1300
www.malwarebytes.org

Database version: 8206

Windows 6.0.6002 Service Pack 2
Internet Explorer 8.0.6001.19154

so far so good...it seems...just minorly fiddling until I get the go ahead from you to install new virus/malware/spyware tools..etc...and clean up from our work together. :)

Update, Jeff...I've tried to run updates for Windows and get errors..when I troubleshoot this one of the suggestions MS gives is a check disk may correct the problem...however, I cannot get check...

log 2....

17:01:17.0669 0680 TDSS rootkit removing tool 2.6.19.0 Nov 16 2011 12:18:50
17:01:18.0075 0680 ============================================================
17:01:18.0075 0680 Current...

Log 1...

========== PROCESSES ==========
Process explorer.exe killed successfully!
========== REGISTRY ==========
Registry key HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\.kbdclass\...

Part 2...The system is very slow...other than that...it seems fine! Now you said that the rootkit is "neutralized" does that mean....if it gets wet or eats after midnight it will come...

here it is again

ComboFix 11-11-20.01 - Family 20/11/2011 9:50.10.2 - x86
Microsoft® Windows Vista™ Home Premium 6.0.6002.2.1252.2.1033.18.2037.1214 [GMT -5:00]
Running from:...

here it is in 2 parts....

ComboFix 11-11-20.01 - Family 20/11/2011 9:50.10.2 - x86
Microsoft® Windows Vista™ Home Premium 6.0.6002.2.1252.2.1033.18.2037.1214 [GMT -5:00]
Running from:...

Please advise, Combo Fix states that there is a newer version and that it has expired. I've tried removing and downloading again, but get the same messages. Thank you!

Have we solved the RootKit/virus problem? My apologies if you are busy and haven't gotten back to it. Have a great Saturday!

Jeff, how are we coming on this process..just a check in...I am finding it facilitating....albeit frustrating, at times, too! lol Here is the combofix report from your last post....AND I have a...

No keyboard not working still...so I'm mousing it or cutting and pasting letters from the various notepad files.

SystemLook 30.07.11 by jpshortstuff
Log created at 10:32 on 16/11/2011 by Family...

Part 2

------- Supplementary Scan -------
.
mSearch Bar = hxxp://www.google.com
uInternet Settings,ProxyOverride = *.local
IE: E&xport to Microsoft Excel -...

Part 1

ComboFix 11-11-14.02 - Family 14/11/2011 18:17:18.8.2 - x86
Microsoft® Windows Vista™ Home Premium 6.0.6002.2.1252.2.1033.18.2037.1033 [GMT -5:00]
Running from: C:\ComboFix.exe...

I am running this set of instructions now. However, something is corrupt with the AVG. It it not allowing me to uninstall the program OR disable it...I'll post the results shortly.

http://www.mediafire.com/?tglj18v8585s5v5

this file is 36MB...please advise AND THANK YOU!!!!!

File already submitted: The file sent has already been analysed by VirusTotal in the past. This is same basic info regarding the sample itself and its last analysis:...

C:\Config.Msi\89120.rbf -- ** Maximum size exceeded: you have tried to upload a file which is larger than 20MB**

SystemLook 30.07.11 by jpshortstuff
Log created at 00:00 on 13/11/2011 by Family
Administrator - Elevation successful

========== Reg ==========
...

and now the second...

aswMBR version 0.9.8.986 Copyright(c) 2011 AVAST Software
Run date: 2011-11-12 16:14:18
-----------------------------
16:14:18.126 OS Version: Windows 6.0.6002 Service...

Here is the First Scan...

C:\Config.Msi\89120.rbf a variant of Win32/Adware.ErrorRepair application
C:\Documents and Settings\Family\AppData\Roaming\AVG\Rescue\PC Tuneup...