[evilfantasy]

Try this first.

The below is based on original info from http://support.microsoft.com/kb/949377

Important: This task contains steps that tell you how to modify the registry. However, serious problems might occur if you modify the registry incorrectly. Therefore, make sure that you follow these steps carefully. For added protection, back up the registry before you modify it. Then, you can restore the registry if a problem occurs. For more information about how to back up and restore the registry, click the following article number to view the article in the Microsoft Knowledge Base:

How to back up and restore the registry in Windows

* Download and then install SubInACL (SubInACL.exe) file from Microsoft.
* Click Start > Run and type notepad.exe and click OK to bring up Windows Notepad.
* Copy and then paste the following text into Notepad.

Code:

cd /d "%ProgramFiles%\Windows Resource Kits\Tools"
subinacl /subkeyreg HKEY_LOCAL_MACHINE /grant=administrators=f /grant=system=f
subinacl /subkeyreg HKEY_CURRENT_USER /grant=administrators=f /grant=system=f
subinacl /subkeyreg HKEY_CLASSES_ROOT /grant=administrators=f /grant=system=f
subinacl /subdirectories %SystemDrive% /grant=administrators=f /grant=system=f
subinacl /subdirectories %windir%\*.* /grant=administrators=f /grant=system=f
secedit /configure /cfg %windir%\repair\secsetup.inf /db secsetup.sdb /verbose

* Save this Notepad file as Reset.cmd to your desktop. Be sure the Save as type is set to all files.
* Once you have save it properly, double-click the Reset.cmd file to run the script.
** Note: This script file may take a long time to run. Additionally, you have to run this script as an administrator.
* Now reboot your computer! You must do this before the above will take effect.

[inflames]

Ok, that ran how it should. What now?

[evilfantasy]

Try running ComboFix again.

[inflames]

No luck on combofix but this folder appears in the C: Drive after I run it.

[evilfantasy]

Go to Start > Run and type scandisk /f then click OK.

Let it run, you will likely be prompted to restart.

[inflames]

Ok, ran that. I assume chkdsk was the same thing?

[evilfantasy]

It's a little different. Any changes with running CF?

[inflames]

Nothing yet.


When I download cf it obviously is saved to the desktop, but is it saving anything to system32 or system folders?

[evilfantasy]

It should only save a folder in your C drive when you run it.

I'm at a loss as to what's going on.

[inflames]

I am 90% sure I may have just figured it out. I went to another computer I had and when I pulled up CMD the prompt line read C:\Documents and Settings\username> HOWEVER...when I enter CMD on this computer it reads C:\windows\system32>...I believe that when the programs that we try to run use CMD, they are somehow being routed to system32 folder and not C:\Documents and Settings\username? Is there a way to change this 'route' so to speak for cmd?