Posts by jholland1964

Have you tried to see if you can update and run MBA-M since the running of GMER? If not, try again.
Judy

Yes, that's the log.
One thing you should do is go to
Click on the Start button.
Now go to Control Panel, Programs there. Please click on that.
Now click on Program and Features
Click on Uninstall/Change button.

Uninstall AskBar. Reboot and run a new HJT scan and post the log back here. And also please give more specific information on the problems you are having.
Judy

Looking pretty good, just a few more fixes needed.
First of all go to Start, Control Panel, Admininstrative Tools, Services.
When that opens the list is in alphabetical order so scroll through until you find these:
FsUsbExService
PLFlash DeviceIoControl Service

Double click one at a time on each one. This will open the properties box of that service. First click the Stop button if it shows, this will stop the service. Once the service is stopped then click the Start Up type and change it to Disabled.

Do that for both services, they are definitely unneeded.
Reboot.
Run HiJackThis once more and put check marks next to the following entries if they remain:

O2 - BHO: McAfee Privacy Service - {cc4b2ee5-4803-11d7-8a38-00b0d0c6b814} - (no file)
O3 - Toolbar: (no name) - {BA52B914-B692-46c4-B683-905236F6F655} - (no file)
O3 - Toolbar: (no name) - {CCC7A320-B3CA-4199-B1A6-9F516DD69829} - (no file)

O16 - DPF: {15AD6789-CDB4-47E1-A9DA-992EE8E6BAD6} - http://static.windupdates.com/cab/Do...ridge-c139.cab
O16 - DPF: {1B4F9DD7-2D7C-44B5-9126-73206DA0AE75} - http://www.btsecurity.bt.com/bt/bin/wizard.exe
O16 - DPF: {4ED9DDF0-7479-4BBE-9335-5A1EDB1D8A21} -
O16 - DPF: {BCC0FF27-31D9-4614-A68E-C18E1ADA4389} - http://download.mcafee.com/molbin/sh...20/mcgdmgr.cab
O16 - DPF: {BFF1950D-B1B4-4AE8-B842-B2CCF06D9A1B} (Zylom Games Player) - http://game02.zylom.com/activex/zylomgamesplayer.cab

O23 - Service: FsUsbExService - Teruten - C:\WINDOWS\system32\FsUsbExService.Exe
O23 - Service: PLFlash DeviceIoControl Service - Prolific Technology Inc. - C:\WINDOWS\system32\IoctlSvc.exe

Once you have placed those check marks then click the Fix Checked button. Exit HJT.

Then download this program, Mike Lin's Startup Control Panel …

Looks much better, just a few more steps. Your Java is way out of date and needs to be updated.
Please go HERE and download the Offline Install. Save it to your desk top for easy access but DON'T run it yet.
Once it is downloaded then close all browsers. Go to Add/Remove and Uninstall ALL older versions of Java you find there. Once all are uninstalled then double click that Java install file on the desk top and install the new version, be sure to watch the install boxes, occasionally they will give you something else along with it, like a yahoo toolbar or something like that. If you see anything extra with a check mark in a box next to it, take that check mark out and then continue. When the install is complete then go back to the download page and on the right side you will see Verify Now. Click that to go to the verification page to see for sure if the installation was completed.
Once that happens then run a new HJT and post back with the log and we should have only a couple more steps.
Judy

Did combofix ever show you a log when it was complete?
Did you see the screens shown in my two attachments?

Give us another HJT scan and log.

I have a question, you said:

I thought maybe it was the way I downloaded the ComboFix

Did you download differently than the instructions stated?

Ok, I'm confused as to what I should DL from this list. Can you tell?

What list are you talking about?

So I should post there & tell them that I have 2 instances of the card on my computer & I'm getting that error message?

You don't have two cards on the system, only one:
ASUS Extreme AX300 Series Secondary [Display adapter]
What I first thought were two cards actually are the Display adapter from ASUS and then the NVIDIA nForce Networking Controller so that was my mistake. You should check to see if there is an updated driver available

System Security Status
CIS Benchmark Score
Score
3.13 of 10 (details...)

What ARE the details given in that CIS Benchmark Score? That will tell you why it is 3.13 out of 10

Forgot about addressing the Smart Doctor.
If you think I don't need it b/c of the graphic card issues, I can uncheck it, I just thought b/c I'm having problems, it would help.

It isn't a required program. Honestly it might be the cause of your problems. If you uncheck it and stop it from running it isn't going to hurt anything. Try it for awhile and see if that makes a difference. You can always go back in and put the check mark back it, reboot and it will restart. This doesn't remove anything, it just stops it from auto starting.

Can you please post the MBA-M log?

No the actual file, not the name has to be uploaded to their scanners. This IS a legitimate file but GMER has flagged it because it has been altered, probably by the rootkit.
I would like you to try now to run combofix again. Delete the one on the desktop and install a new one using your flash drive. I will keep my fingers crossed that it will run this time. If it will it may also fix that flagged file.
The log should be located at C:\Combofix.txt when it is complete. Post the log back here.
Judy

Qoobox is combofix Quarantine file we don't want that right now. Don't worry about uninstalling combofix, that has to be done a specific way and I will give instructions for that later.
Forget about looking for the log for now.
Update MBA-M and do another Full Scan with it. Have it REMOVE all found.
Reboot. Come back and post that new MBA-M log.

sorry i didn't know wont happen again, but i reran gmer and i had no red entries but one entries was marked as suspicious do i delete it

I don't know what was the suspicious entry? Was it this same one showing from your previous logs?

C:\WINDOWS\system32\drivers\atapi.sys suspicious modification

You might upload it to http://virusscan.jotti.org/en and see what all those scanners say about it.
When you go to the jotti page put the full listing into the window like this C:\WINDOWS\system32\drivers\atapi.sys
and then have the scans run. This should show a report on what all those different scanners say it is.
Report back on what they say then we can go from there.

i installed spyware terminater a few days ago and i'm going uninstall it. thats the most useless program i've used since i've installed ashampoo firewall, oh and i just deleted those entries and i'm run gmer again and report back here but i hope it's not like mba-m and say infections are deleted but when you rerun the program the infections are right back there

Ok, two things I want to say #1.if you want us to help you clean your machine then you have to follow the steps we give, installing SpywareTerminator would never have been one of them and a "go ahead" to install programs without checking here first also would not be something we would say to do. This can really cause major problems when working on a fix, some programs interfere with others and if we happen to give you a program to run, without you saying you installed something else then major damage can be done.
#2. The reason the infection keeps coming back has absolutely NOTHING to do with MBA-M. If IS removing it BUT what this is is a Rootkit, a very difficult infection to remove because part of what it does is not allow programs like MBA-M and others to complete their job or do it completely. This is why special tools must be used to try to remove it. SpywareTerminator isn't one of them.

two entries marked red i didnt delete them thay were Service C:\WINDOWS\system32\drivers\nmxco.sys (*** hidden *** ) and
File C:\WINDOWS\system32\drivers\nmxco.sys

Did you notice that GMER said 79744 bytes executable <-- ROOTKIT !!![/B] next to the entry...you need to run GMER again and no matter the name of the file if it is noted as ROOTKIT then DELETE it. This is why you cannot get the computer clean, there is a rootkit on there, it is renaming itself to avoid being caught.
By the way, I see SpywareTerminator listed in this log, when did you install that?

Did you put combofix on your desktop as originally noted? I have not seen it in a folder before as your attachment shows.
Did you open that combofix folder and see what is in it?

Have not seen this before but suppose it possible this Combofix file is hidden.
Do the following:
Click Start.
Open My Computer.
Select the Tools menu and click Folder Options.
Select the View Tab.
Under the Hidden files and folders heading select Show hidden files and folders.
Uncheck the Hide protected operating system files (recommended) option.
Click Yes to confirm.
Click OK.

Now look for that combofix txt. file.

I dont think i should be getting malwear and stuff. Any thoughts?

A MUST have is SpywareBlaster.

SpywareBlaster doesn't scan for and clean spyware--it prevents it from being installed in the first place. SpywareBlaster prevents the installation of ActiveX-based spyware, adware, dialers, browser hijackers, and other potentially unwanted programs. It can also block spyware/tracking cookies in IE, Mozilla Firefox, Netscape, and many other browsers, and restrict the actions of spyware/ad/tracking sites.

I wouldn't run a computer without it. Download, install, update, Enable ALL protection, including Restricted Sites. Close the program, that's it. It doesn't run in the background but protects your computer from all the nasties.
You need to check for updates on a regular basis. It doesn't update often but check every week or so to be sure. When there is a new one, download, install, enable and close.
The last thing you need to do is set a new, clean Restore Point. To do this do the following:
. Do this by right Clicking My Computer and choose Properties. Go to the System Restore Tab and place a checkmark in Turn off System Restore. You will receive a warning that you are about to turn off System Restore and ask if you are sure, click yes.
System Restore will shut down. Wait a minute or two and then do the reverse and turn it back on. This way if you do need System Restore you will be certain that the restore points …

Just double click My Computer. When that opens Double Click "C" drive. When that opens scroll through all you see there. It should be there. Remember, after all the Folder icons, the last one you see will likely be Windows, then you will probably see .DLL icons, then someplace near the top of the list you will see a TEXT Icon named ComboFix. Take a look at my attachments to see what they look like.
When you find that combofix double click to open it up. It will be in Notepad very likely. Go to Edit, Select All, Copy.
Then come back here and paste.
Take a look at my attachments.

Try running GMER again and when it shows these files:

C:\WINDOWS\system32\drivers\qkmazwv.sys
C:\WINDOWS\system32\drivers\str.sys

right click on them one at a time and select delete. If it will not delete, use the kill option first.

If successful, run Gmer again and post the log.

Don't give up yet. Let's see what we can find out.

Geeze, I am so sorry. I have been consulting on Crunchie about this so I am going to have him take a look here and see what he suggests, ok?

I'm still confused about that graphics card issue.

I guess you weren't able to figure that out?

I am sorry, had all this saved to post to you and forgot. It appears that you have the correct driver but maybe you need a newer edition. Don't know when you installed it but the latest edition came out in April of this year so you might check the page and see if the newer driver is the same one that you have.
You noted this earlier:

When I went to look for the name of the graphics card (see below), first it only had 2 names there, not 3 & second, it looks slightly different than what I pulled from the word doc. I thought maybe it was a typo, but even the URL has the letter "E" in it.

I may be wrong but I believe the "E" applies to the actual name of the card with is ASUS Extreme AX300 Series Secondary, which is where the "E" would come in.

Is there a reason you feel you need the Smart Doctor running all the time? Do you overclock your card? Do you change graphic settings all the time?

You might want to begin a thread in our Monitors, Displays and Video Card forums, there would be more people there who know about correct settings, video cards, etc., than I certainly do.
Judy

here we go ..Hope this is done right

You are doing a great job and have done everything right. Now since many more infections were found and removed with the ESET Scanner I think it is time to "bring out a big gun"

You may want to print these steps out just to be certain you know what to expect and also you won't be able to have internet access during part of the running of this next tool.
You can find these instructions with pictures at http://www.bleepingcomputer.com/combofix/how-to-use-combofix

Here are the instructions simplified.
Download Combofix

You will get a prompt asking if you want to run or save the file. Choose SAVE and save it to the desk top. DO NOT RUN it YET
You must take some preventative measures so that there are no conflicts with other programs when running ComboFix. At this point you should do the following:

* Close all open Windows including this one.
* Close or disable all running Antivirus, Antispyware, and Firewall programs as they may interfere with the proper running of ComboFix.

Once these two steps have been completed, double-click on the ComboFix icon found on your desktop. Please note, that once you start ComboFix you should not click anywhere on the ComboFix window as it can cause the program to stall. In fact, when ComboFix is running, do not touch your computer at all and just take a break as …

Wow! Lot's more found than just the worm.win32.netsky!
Think you better do at least one more scan before I give any more instructions regarding your HJT log.
Please do this:
Please Run the ESET Online Scanner and attach the ScanLog with your post for assistance.

* You will need to use Internet Explorer to to complete this scan.
* You will need to temporarily Disable your current Anti-virus program.
* Be sure the option to Remove found threats is checked and the option to Scan unwanted applications is Checked.
* When you have completed that scan, a scanlog ought to have been created and located at C:\Program Files\EsetOnlineScanner\log.txt. Please post that log for us as directed below.
Reboot the computer and run one more HJT scan. Post back with the ESET log and the new HJT log. You are doing great!
Judy

Open the logs. Go up to Edit, Select All. Then the log should be in highlight. Go to Edit, Copy.
Then open a new reply here, place the cursor in the reply box, Right Click with your mouse and choose Paste. The log will be pasted here.
Judy

Your log looks clean, are you still having problems?

Did you run that Avenger Script? Did it produce a log? If so please post it here.

Hi and welcome to daniweb,
First of all do this:
Please download Malwarebytes' Anti-Malware (MBA-M) to your Desktop.

* DoubleClick mbam-setup.exe and follow the prompts to install MBA-M.
* Be sure a checkmark is placed next to Update Malwarebytes' Anti-Malware and Launch Malwarebytes' Anti-Malware, then click Finish.
* If an update is found, it will download and install the latest version.
* Once the program has loaded, select Perform full scan, then click Scan.
* When the scan is complete, click OK, then Show Results to view the results.
* Be sure that everything is checked, and click Remove Selected.
* When MBA-M finishes, Notepad will open with the log. Please save it where you can find it easily. The log can also be opened by going to Start > All Programs > Malwarebytes' Anti-Malware > Logs > log-date.txt.

Reboot the computer.

Next download and run a System Scan with HiJackThis. Save the log and post back here with the MBA-M log and the HJT log.
Judy

Run Avenger again and in the Script window type all of this script:

Drivers to delete:
qkmazwv
str

Files to Delete:
C:\WINDOWS\system32\drivers\qkmazwv.sys
C:\WINDOWS\system32\drivers\str.sys

Be sure there is a check mark in Scan for Rootkits and then click the Execute button.

After that completes then try downloading and running combofix again.

sb147780, this thread is nearly 1 year old. Though problems seem similar they may be caused by totally different things. It is never recommended that people post their own problems in somebody else's thread, for one reason because that is called "thread hijacking" but the key reason is that it is totally impossible to work with two people and two different computers on the same thread. Please create your own thread, restating all your information and adding logs from any program you have run thus far, even it they show clean, and somebody will be very happy to help you get things fixed.
Also please note, the HJT log you posted here is incomplete. You will need to post the entire log when you create your own post.
Judy

Just remembered I didn't give you those auto starting programs which are not required to auto start and can be accessed by Start->Programs.
All of these run all the time in the background. You also need to remember that just not the particular file noted runs in the background but there are many other processes which may also be loaded with each individual program so one program may have several other processes running in connection with it. This can result in excessive resource usage which is unnecessary and taxing to the machine also.
The choice is yours of course but many of these will load faster if loaded manually.
You can disable these via msconfig but as this is just considered a trouble shooting tool really I would recommend using something like Mike Lin's Startup Control panel to control auto starts. Free, easy to use and it is a stand alone program so it uses no resources really.
Here is the list of unneeded auto starts and an explanation of each.

ATIPTA-Control panel for the ATI series of video cards allowing access to such features as display resolution, colour depth, etc. Available via Start -> Settings -> Control Panel -> Display. Some users may need it if they have optimised their settings
HP Software Update-exactly what it says it is. Can easily be run manually, plus updates are fairly rare.
StartCCC-ATI's CATALYST™ CONTROL CENTER. Required if you want to change graphics settings on …

Run HJT again and place a check mark next to the following entry:
O4 - HKCU\..\Run: [MS_MASTER] RUNDLL32.EXE C:\Users\voz\AppData\Local\Temp\yMaster.dll,w

Once you have placed the check mark click the Fix Checked button.
Exit HJT and reboot.

Now for that Zone Alarm warning, this is supposed to be for a networked printer. The request for access will try to connect to the internet even for a stand alone printer with remote access not enabled. Choose Always Deny access. Unless you're on a network, there is no reason for the Print Spooler to connect to the internet.

Click: Remember this answer the next time I use this program. when Zone
Alarm pops up with Spooler SubSystem App again.
Judy

Well sorry I couldn't help you. Hope you find the answer.

Please download GMER Rootkit Scanner:
http://www.gmer.net/download.php

-- DoubleClick the .exe file and, if asked, allow the gmer.sys driver to load.
-- If you receive a warning about Rootkit Activity and GMER asks if you want to run a scan, Click NO

-- Make sure the Rootkit/Malware Tab is selected (Top Left of GMER GUI)
Along the Right Side of the GMER GUI there will be a number of checked boxes. Please Uncheck the following:
- Sections
- Drives or Partitions other than your Systemdrive (usually C:\)
- Show All (be sure this one remains Unchecked)

-- Then, click the Scan Button
Allow the scan as long as it needs and then save the log to where you can easily find it and post it for us.

***Disconnect from the internet and do not run any other programs while GMER is scanning. Temporarily disable any real-time anti-spyware or anti-virus protection so they do not interfere with the running of GMER.
Post back with the log.

I did the Eset scan, Once the file was found i stoped the scan, and this time the "delete files" box was checked. I wanted to stop the scan because last time it took about an hour. But i am running a full scan now and lets hope it doesn't find anything.

After i deleted the program (I think) I did the Hijackthis scan. Here is the report.

If you stopped the ESET program before it had completed the Full Scan then it was not run properly and there is no guarantee that the program was removed properly, so the HJT scan you did after really isn't to be trusted either.
Please allow ESET to complete a Full Scan, when the scan is complete THEN is when you can do another HJT scan and post that log, until then I can't offer any suggestions.
Judy

Well, with further research you probably are ok with just the router firewall.
But the additional RAM I would say is something you need.
If you do the scan at Crucial it will tell you how many slots you have and what you can put in them.
Adding ram is literally a snap...because that is the sound it makes when you snap it in. And that IS all you do. I have done it a number of times. Takes longer to disconnect all the cords from the computer and open the case than it does to install the RAM. To be 100% accurate, an 8 year old child could EASILY install new RAM in a computer.
Most advice today tell you when you get a new machine START with 1GB of RAM...at the very least. Adding RAM is really and truly the most cost effective investment to speed up a slow machine.

Also, someone told me a long time ago that having more than 1 GB of memory does nothing to speed up the computer. I can't remember his exact words, but he was saying to deal with the virtual memory settings or something (can't remember now).

Here is a very simple and understandable explanation of Virtual Memory from Ask Leo and I honestly think is what is happening to your machine...freezing, not being able to work between programs, swapping files, etc. Read what he says very carefully:

Virtual Memory is simply the …

Actually, a lot depends on what programs you have open and running all the time. If these are resource intensive programs then...your employees are right :), you need to shut things down and reboot. With many programs this really is the only way to release the memory. If you have a large computer as you say and run labor intensive programs, then no 1GB of RAM is probably NOT enough. I am running a little 40GB Dell...I have 1.5GB of RAM. I am certain you could probably take more.
To really find out, go to http://www.crucial.com/ and do their FREE scan and it will tell you exactly how much RAM your system can handle, what you need and how much it costs...they are the cheapest place generally.

To get detailed profile of your installed software and hardware, go to http://www.belarc.com/free_download.html and run that scan. That will tell you exactly what hardware is installed on the computer and we can go from there for correct drivers.
Both of these scans take just a few moments.
Come back with the info. I don't need logs, just the info.

By the way, you have a lot of unnecessary auto starts, which will slow the system, sap resources and also cause problems.
Judy

Yes, run the ESET again, sorry I forgot to have you remove when I pasted the instructions. As for the one I asked about it evidently is gone if start up can't find it. We'll take care of that when you post back with the results of the ESET scan.
After you do the ESET scan run another HJT scan and post back with both logs.
Judy

Are you saying the ESET program did not fix or remove what it found?
It should have done so, or did you not tell it to fix anything?
If you didn't tell it to fix then you should run the scan again and this time have it fix whatever it finds.
But if you DID tell it to fix and it could not, let me know.
Also;
Do you know what this is?
O4 - HKCU\..\Run: [MS_MASTER] RUNDLL32.EXE C:\Users\voz\AppData\Local\Temp\yMaster.dll,w
It is located in a Temp file but is running automatically at start up, never a good idea.

It actually scared me, b/c I've been wondering if someone has access to my computer (remotely) & thought maybe this is what's happening.

If somebody were going to PUT programs on your computer remotely without your knowledge they would certainly be much more malicious I would think. Now that of course would be possibly something somebody would do if they wanted to search through your business emails I suppose, Xobni IS a legitmate program for organizing Outlook emails which allows you to find info about contacts and such. But as you said, you no longer use Outlook so it wouldn't do anyone any good really, but that doesn't mean somebody else couldn't have installed it remotely either. I still believe it very likely came in with that TechTracker program.
One thing, earlier you said this:

Now I just rely upon my router's firewall.

That is most definitely NOT enough. It is just one piece of protection. The router firewall only protects what is connected to the router, that is all. You should have a firewall ON the computer. There are many which are very good and certainly other options other than Zone Alarm.

now my computer isn't even allowing me to move files from one folder to another

What happens when you try to do this? How full is the hard drive?

Try the instructions I gave above concerning Avenger and running of combofix

sorry, but yeah i renamed it on my flash drive and sent it to my desktop

And it didn't run?

Just noticed something here, in a previous post you said this:

combofix it starts up and then i get this screen that says its not safe to continue and then everything shuts down and the file deletes itself

Do you mean one of the screens in the attachments? If it is the Security Warning you have press RUN or the program will exit and it it is the Warranty Disclaimer you have to press YES or the program will end. This warning you see must be coming from someplace...your av program, your firewall, it just won't pop up from no where. Is there anything there that tells you where this warning is coming from?

Answer my questions and wait for my reply before doing the step below.

Download Avenger and unzip to your desktop.
Run Avenger, make sure that the box next to "Scan for rootkits" has a tick in it and that the box next to "Automatically disable any rootkits found" does not have a tick in it, then click on ‘Execute’. Afterwards, Windows restarts, and opens the log generated by The Avenger so you can see the results.

Next try Combofix again...deleing ALL copies first of course and installing a brand new, RENAMED one. See what happens

Hello, looking at the HJT log I see that TWO anti-virus programs are running at the same time. This is a BIG NO-NO. One of them MUST be UNINSTALLED via Add/Remove.
If you have a current and paid for version of Norton on there then I would advise that the uninstall be AVG8. If Norton is expired then Uninstall it.
Both of those program use a huge amount of resources which could be an explanation of the random shut downs, especially when playing a game. AVG 8 is also out of date, they are currently up to AVG 9 so an uninstall of this also is not really out of the question.
If both are out of date then uninstall both and install a new anti-virus program Avira and Avast are two excellent free programs and both use less resources than Norton and AVG.
Judy

Hi and welcome to daniweb,
Please Download ATF-Cleaner.exe by Atribune
• You can put ATF-Cleaner on your Desktop for easy access

RUN ATF-Cleaner.exe.

-- Click on ATF-Cleaner to run it
-- Where it says Select Files To Delete, Check the Select All Option
-- Click Empty Selected > OK
Please download Malwarebytes' Anti-Malware (MBA-M) to your Desktop.

* DoubleClick mbam-setup.exe and follow the prompts to install MBA-M.
* Be sure a checkmark is placed next to Update Malwarebytes' Anti-Malware and Launch Malwarebytes' Anti-Malware, then click Finish.
* If an update is found, it will download and install the latest version.
* Once the program has loaded, select Perform full scan, then click Scan.
* When the scan is complete, click OK, then Show Results to view the results.
* Be sure that everything is checked, and click Remove Selected.
* When MBA-M finishes, Notepad will open with the log. Please save it where you can find it easily. The log can also be opened by going to Start > All Programs > Malwarebytes' Anti-Malware > Logs > log-date.txt.
Reboot the computer

Please Run the ESET Online Scanner and post the ScanLog with your post for assistance.

* You will need to use Internet Explorer to to complete this scan.
* You will need to temporarily Disable your current Anti-virus program.
* Be sure the option …

Didn't ask this, when you renamed it was it all ready on the desktop?
If so I wasn't clear enough, when you go to download it and the box comes up asking where to save it and of course it needs to go to the desktop but THAT is also when you should rename it, not before it is downloaded to the desktop. So the box should come up, choose Save As...then rename it and have it go to the desktop. When you see it on the desktop then it should have that new name all ready. Is this how you did it?

You could also rename it on the flash drive and then SEND it to the desktop.

Do you have a flash drive from which you can install combofix?

Did you turn off your antivirus program and your firewall?

Did you try the download the same way that you were able to get MBA-M to download?

Delete the first one.
Try downloading again and follow all the same directions on first rename combofix to bossy.exe. Then follow the same directions and see what happens.

Whew! Ok, do this:
Please download Combofix from one of these locations:
HERE or HERE
It is very important that you save this file to your DESKTOP.
Here is a tutorial that describes how to download, install and run Combofix more thoroughly. Please review it and follow the prompts to install Recovery Console - if you have not done that already:
http://www.bleepingcomputer.com/combofix/how-to-use-combofix

Very Important! Temporarily disable your antivirus and antimalware real-time protection and any script blocking components of them or your firewall before performing a scan. They can interfere with ComboFix and even remove onboard components so it is rendered ineffective:
http://www.bleepingcomputer.com/forums/topic114351.html

Running Combofix

In the event you already have Combofix, please delete it as this is a new version.

* Close any open browsers.
* Close/disable all anti-virus and anti-malware programs so they do not interfere with the running of ComboFix.

Note: Do not mouseclick combofix's window while it is running. That may cause your system to stall/hang. Do not proceed with the rest of the fix if you fail to run combofix.

ComboFix will disconnect your computer from the Internet. Therefore, do not be surprised or concerned if you receive any warnings stating that you are no longer on the Internet as your connection will be completely restored at a later stage in the program. While the program is scanning your computer, it will change your …

i get attcked by rogue anti spyware( like right now!) the rouge spy ware are the least of my worries i just want control of my pc back.

Hi and welcome to daniweb...had to laugh, sorry, but it appears your problem IS rogue spyware, not the least of your worries..it is your worry.
Are you able to boot to Safe Mode with Networking? If so this may allow you to download some programs needed for cleaning.
If you cannot download them directly to the computer do you have access to another computer? If so you could download the install file to the other computer, transfer them via either a burned cd or flash drive to the infected computer and then run the programs. Try both ways and see if it is possible. Here is what you need, obviously the first one should be updated and can be if you are using safe mode with networking. If it cannot be updated because you are installing via outside source that is fine. Even non-updated is better than none.
Now if at all possible MBA-M should most definitely be run in NORMAL mode, it is designed to run in NORMAL mode. Running in Safe mode does not allow it to load all of it's drivers. If that is 100% impossible to do then go ahead and run in Safe Mode but please make the attempt first to run it in NORMAL mode.
If you can only run in safe …

The only other suggestion I have is that you install SpywareBlaster as added protection. This is another FREE program, uses NO system resources as it doesn't run all the time in the background.

SpywareBlaster prevents the installation of ActiveX-based spyware, adware, dialers, browser hijackers, and other potentially unwanted programs. It can also block spyware/tracking cookies in IE, Mozilla Firefox, Netscape, and many other browsers, and restrict the actions of spyware/ad/tracking sites.

Simply download, install, update, enable all protection and close the program, that's it. It must be manually updated and doesn't update often so have your friend check for updates monthly. If there are any then install and enable them all and close the program.
I would advise that your friend keep Malwarebytes' Anti-Malware. Update the program and do at least a weekly Quick Scan. If anything is found have the program remove it. Shut down, reboot, update the program again and do the Full Scan and remove anything found.
Other than that you are good to go.
Judy