I will quickly give brief on the issue I am facing..
On one of my friends' desktop (which runs on Vista), some registry entries are causing problems. I found the stuff in msconfig, some entries like MSServer, CMDS etc.. are not allowing to use google or any search engine. Also, it masks adsense ads with their own fake anti-spyware software ads. (Names like WinAnonymous, AntiSpyWareMaster etc..)
I tried scanning the machine using Nod32, Ad-Aware and Spybot but they could not fix anything but using Spybot I managed to block those registry entries.
Basically these things are controlled by dll files located under user's temp folder (Under Appdata/Local) but the system is not allowing me to delete those dll files.
I ran Combofix, it did manage to fix up few things but the files are still present.. I have attached following files:
Screenshot of MSConfig screen
ComboFix Log File
Hijackthis Log File (Ran after ComboFix)
Any kind of help is appreciated.
Edited by DeepXP, 01 June 2008 - 03:36 AM.