INFECTED please help!

[EmpressPhoenix]

Having many issues. DCOM failing to start, plug and play, other stuff...I'm having to do all of this in safe mode with networking, so hopefully it pops up the results you need. Understand..that I might have to fix them in safe mode only because launching otherwise doesn't last long, depending. I didn't know at first if i was infected but running the scans I seen from below I am :( So yeah..please help!
---------------------------------------------

DDS (Ver_2012-11-20.01) - NTFS_x86 NETWORK
Internet Explorer: 7.0.6001.18639 BrowserJavaVersion: 10.51.2
Run by Phoenix at 10:53:35 on 2014-03-16
Microsoft® Windows Vista™ Home Basic 6.0.6001.1.1252.1.1033.18.3262.2042 [GMT -5:00]
.
SP: Windows Defender *Disabled/Outdated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
============== Running Processes ================
.
C:\Windows\system32\wininit.exe
C:\Windows\system32\lsm.exe
C:\Windows\Explorer.EXE
C:\Windows\helppane.exe
C:\Windows\system32\taskmgr.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\svchost.exe -k rpcss
C:\Windows\System32\svchost.exe -k secsvcs
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\svchost.exe -k NetworkService
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
.
============== Pseudo HJT Report ===============
.
uStart Page = hxxp://www.google.com
uDefault_Page_URL = hxxp://www.google.com
mStart Page = hxxp://www.google.com
mDefault_Page_URL = hxxp://www.google.com
uURLSearchHooks: {90b49673-5506-483e-b92b-ca0265bd9ca8} - <orphaned>
BHO: Adobe PDF Reader Link Helper: {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelper.dll
BHO: Spybot-S&D IE Protection: {53707962-6F74-2D53-2644-206D7942484F} - c:\program files\spybot - search & destroy\SDHelper.dll
BHO: {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} - <orphaned>
BHO: Java(tm) Plug-In SSV Helper: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - c:\program files\java\jre7\bin\ssv.dll
BHO: Java(tm) Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - c:\program files\java\jre7\bin\jp2ssv.dll
BHO: HP Print Clips: {FFFFFFFF-FF12-44C5-91EC-068E3AA1B2D7} - c:\program files\hp\smart web printing\hpswp_framework.dll
uRun: [Google Update] "c:\users\phoenix\appdata\local\google\update\GoogleUpdate.exe" /c
uRun: [WMPNSCFG] c:\program files\windows media player\WMPNSCFG.exe
mRun: [NvSvc] RUNDLL32.EXE c:\windows\system32\nvsvc.dll,nvsvcStart
mRun: [NvCplDaemon] RUNDLL32.EXE c:\windows\system32\NvCpl.dll,NvStartup
mRun: [NvMediaCenter] RUNDLL32.EXE c:\windows\system32\NvMcTray.dll,NvTaskbarInit
mRun: [QPService] "c:\program files\hp\quickplay\QPService.exe"
mRun: [Windows Defender] c:\program files\windows defender\MSASCui.exe -hide
mRun: [ccApp] "c:\program files\common files\symantec shared\ccApp.exe"
mRun: [hpqSRMon] <no file>
StartupFolder: c:\users\phoenix\appdata\roaming\micros~1\windows\startm~1\programs\startup\erunta~1.lnk - c:\program files\erunt\AUTOBACK.EXE
mPolicies-System: EnableLUA = dword:0
mPolicies-System: EnableUIADesktopToggle = dword:0
IE: E&xport to Microsoft Excel - c:\progra~1\micros~3\office12\EXCEL.EXE/3000
IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - c:\program files\microsoft office\office12\ONBttnIE.dll
IE: {58ECB495-38F0-49cb-A538-10282ABF65E7} - {A93C41D8-01F8-4F8B-B14C-DE20B117E636} - c:\program files\hp\smart web printing\hpswp_extensions.dll
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503}
IE: {d9288080-1baa-4bc4-9cf8-a92d743db949} - c:\users\phoenix\appdata\roaming\microsoft\windows\start menu\programs\imvu\Run IMVU.lnk
IE: {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - {53707962-6F74-2D53-2644-206D7942484F} - c:\program files\spybot - search & destroy\SDHelper.dll
.
INFO: HKCU has more than 50 listed domains.
If you wish to scan all of them, select the 'Force scan all domains' option.
.
.
INFO: HKLM has more than 50 listed domains.
If you wish to scan all of them, select the 'Force scan all domains' option.
.
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.7.0/jinstall-1_7_0_25-windows-i586.cab
DPF: {CAFEEFAC-0017-0000-0025-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.7.0/jinstall-1_7_0_25-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.7.0/jinstall-1_7_0_25-windows-i586.cab
TCP: NameServer = 209.18.47.61 209.18.47.62
TCP: Interfaces\{54A4859D-93EA-43A8-AD0A-3FEF4C6863ED} : DHCPNameServer = 209.18.47.61 209.18.47.62
TCP: Interfaces\{9482D0F0-CCBB-4791-AC78-3C6258280826} : DHCPNameServer = 192.168.1.1
Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - c:\program files\common files\skype\Skype4COM.dll
AppInit_DLLs=
LSA: Security Packages = kerberos msv1_0 schannel wdigest tspkg
mASetup: {8A69D345-D564-463c-AFF1-A69D9E530F96} - "c:\program files\google\chrome\application\33.0.1750.154\installer\chrmstp.exe" --configure-user-settings --verbose-logging --system-level --multi-install --chrome
Hosts: 127.0.0.1 www.spywareinfo.com
.
================= FIREFOX ===================
.
FF - ProfilePath - c:\users\phoenix\appdata\roaming\mozilla\firefox\profiles\1w5oxnrp.default\
FF - prefs.js: browser.search.defaulturl -
FF - prefs.js: browser.startup.homepage - hxxp://www.aywas.com/news/
FF - plugin: c:\program files\google\update\1.3.22.5\npGoogleUpdate3.dll
FF - plugin: c:\program files\java\jre7\bin\dtplugin\npdeployJava1.dll
FF - plugin: c:\program files\java\jre7\bin\plugin2\npjp2.dll
FF - plugin: c:\program files\kaneva\npkanevapatch.dll
FF - plugin: c:\program files\microsoft silverlight\5.1.20513.0\npctrlui.dll
FF - plugin: c:\users\phoenix\appdata\local\google\update\1.3.22.5\npGoogleUpdate3.dll
FF - plugin: c:\users\phoenix\appdata\roaming\mozilla\firefox\profiles\1w5oxnrp.default\extensions\{ab91efd4-6975-4081-8552-1b3922ed79e2}\plugins\npAclmPlugin.dll
FF - plugin: c:\users\phoenix\appdata\roaming\mozilla\firefox\profiles\1w5oxnrp.default\extensions\{ab91efd4-6975-4081-8552-1b3922ed79e2}\plugins\npPitPlugin.dll
FF - plugin: c:\users\phoenix\appdata\roaming\mozilla\firefox\profiles\1w5oxnrp.default\extensions\{ab91efd4-6975-4081-8552-1b3922ed79e2}\plugins\npProductDetectPlugin.dll
FF - plugin: c:\users\phoenix\appdata\roaming\mozilla\firefox\profiles\1w5oxnrp.default\extensions\activegs@freetoolsassociation.com\plugins\npActiveGS.dll
FF - plugin: c:\users\phoenix\appdata\roaming\mozilla\plugins\npgoogletalk.dll
FF - plugin: c:\users\phoenix\appdata\roaming\mozilla\plugins\npgtpo3dautoplugin.dll
FF - plugin: c:\users\phoenix\appdata\roaming\mozilla\plugins\npo1d.dll
FF - plugin: c:\windows\system32\macromed\flash\NPSWF32_12_0_0_43.dll
.
============= SERVICES / DRIVERS ===============
.
R1 avgtp;avgtp;c:\windows\system32\drivers\avgtpx86.sys [2012-11-13 37664]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\microsoft.net\framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]
S2 SkypeUpdate;Skype Updater;c:\program files\skype\updater\Updater.exe [2013-9-5 171680]
S3 WPFFontCache_v0400;Windows Presentation Foundation Font Cache 4.0.0.0;c:\windows\microsoft.net\framework\v4.0.30319\wpf\WPFFontCache_v0400.exe [2010-3-18 753504]
S4 SBSDWSCService;SBSD Security Center Service;c:\program files\spybot - search & destroy\SDWinSec.exe [2012-8-12 1153368]
S4 vToolbarUpdater15.2.0;vToolbarUpdater15.2.0;c:\program files\common files\avg secure search\vtoolbarupdater\15.2.0\toolbarupdater.exe --> c:\program files\common files\avg secure search\vtoolbarupdater\15.2.0\ToolbarUpdater.exe [?]
.
=============== Created Last 30 ================
.
2014-02-26 10:04:29 -------- d-----w- C:\MSBOB
2014-02-26 09:08:56 -------- d-----w- c:\users\phoenix\appdata\roaming\Marine Aquarium 3
2014-02-26 09:08:45 -------- d-----w- c:\program files\SereneScreen
2014-02-22 12:58:47 -------- d-----w- c:\users\phoenix\appdata\local\Blizzard
2014-02-22 12:46:24 -------- d-----w- c:\program files\Hearthstone
2014-02-22 12:42:26 -------- d-----w- c:\users\phoenix\appdata\local\Blizzard Entertainment
2014-02-22 12:42:23 -------- d-----w- c:\users\phoenix\appdata\local\Battle.net
2014-02-22 12:42:00 -------- d-----w- c:\programdata\Blizzard Entertainment
2014-02-22 12:42:00 -------- d-----w- c:\program files\Battle.net
2014-02-22 12:39:25 -------- d-----w- c:\programdata\Battle.net
.
==================== Find3M ====================
.
2014-01-20 03:56:56 71048 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2014-01-20 03:56:56 692616 ----a-w- c:\windows\system32\FlashPlayerApp.exe
2014-01-16 15:59:46 231584 ------w- c:\windows\system32\MpSigStub.exe
2013-12-19 03:10:01 94632 ----a-w- c:\windows\system32\WindowsAccessBridge.dll
.
============= FINISH: 10:54:34.29 ===============

-------------------------------------------------------

aswMBR version 0.9.9.1771 Copyright(c) 2011 AVAST Software
Run date: 2014-03-16 11:02:05
-----------------------------
11:02:05.889 OS Version: Windows 6.0.6001 Service Pack 1
11:02:05.889 Number of processors: 2 586 0x6802
11:02:05.890 ComputerName: DJIBOUTI UserName: Phoenix
11:02:09.597 Initialize success
11:04:32.437 AVAST engine defs: 14031600
11:04:48.712 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IdeDeviceP2T0L0-4
11:04:48.717 Disk 0 Vendor: WDC_WD5000LPVT-00G33T0 01.01A01 Size: 476940MB BusType: 3
11:04:48.836 Disk 0 MBR read successfully
11:04:48.840 Disk 0 MBR scan
11:04:48.847 Disk 0 unknown MBR code
11:04:48.852 Disk 0 Partition 1 80 (A) 07 HPFS/NTFS NTFS 465484 MB offset 63
11:04:48.913 Disk 0 Partition 2 00 07 HPFS/NTFS NTFS 11452 MB offset 953313165
11:04:48.929 Disk 0 scanning sectors +976768065
11:04:49.127 Disk 0 scanning C:\Windows\system32\drivers
11:05:00.901 Service scanning
11:05:06.028 Service DcomLaunch C:\Windows\system32\rpcss.dll **INFECTED** Win32:Patched-AOD [Trj]
11:05:23.533 Service RpcSs C:\Windows\system32\rpcss.dll **INFECTED** Win32:Patched-AOD [Trj]
11:05:35.959 Modules scanning
11:05:38.674 Disk 0 trace - called modules:
11:05:38.698 ntkrnlpa.exe CLASSPNP.SYS disk.sys acpi.sys hal.dll ataport.SYS pciide.sys PCIIDEX.SYS atapi.sys
11:05:38.708 1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0x85180818]
11:05:38.727 3 CLASSPNP.SYS[8a9a3745] -> nt!IofCallDriver -> [0x8509e870]
11:05:38.739 5 acpi.sys[8060a6a0] -> nt!IofCallDriver -> \Device\Ide\IdeDeviceP2T0L0-4[0x842ad8a8]
11:05:41.875 AVAST engine scan C:\Windows
11:05:47.344 AVAST engine scan C:\Windows\system32
11:08:05.015 File: C:\Windows\system32\rpcss.dll **INFECTED** Win32:Patched-AOD [Trj]
11:10:38.828 AVAST engine scan C:\Windows\system32\drivers
11:11:30.515 AVAST engine scan C:\Users\Phoenix
13:09:26.738 AVAST engine scan C:\ProgramData
13:22:03.938 Scan finished successfully
21:33:17.608 Disk 0 MBR has been saved successfully to "C:\Users\Phoenix\Desktop\MBR.dat"
21:33:17.618 The log file has been saved successfully to "C:\Users\Phoenix\Desktop\aswMBR.txt"
----------------------------------------

DoubleClick: Tracking cookie (Chrome: Chrome) (Cookie, nothing done)


DoubleClick: Tracking cookie (Chrome: Chrome) (Cookie, nothing done)


FastClick: Tracking cookie (Chrome: Chrome) (Cookie, nothing done)


MediaPlex: Tracking cookie (Chrome: Chrome) (Cookie, nothing done)


MediaPlex: Tracking cookie (Chrome: Chrome) (Cookie, nothing done)


MediaPlex: Tracking cookie (Chrome: Chrome) (Cookie, nothing done)



--- Spybot - Search & Destroy version: 1.6.2 (build: 20090126) ---

2009-01-26 blindman.exe (1.0.0.8)
2009-01-26 SDFiles.exe (1.6.1.7)
2009-01-26 SDMain.exe (1.0.0.6)
2009-01-26 SDShred.exe (1.0.2.5)
2009-01-26 SDUpdate.exe (1.6.0.12)
2009-01-26 SDWinSec.exe (1.0.0.12)
2009-01-26 SpybotSD.exe (1.6.2.46)
2009-03-05 TeaTimer.exe (1.6.6.32)
2012-08-12 unins000.exe (51.49.0.0)
2009-01-26 Update.exe (1.6.0.7)
2009-11-04 advcheck.dll (1.6.5.20)
2007-04-02 aports.dll (2.1.0.0)
2008-06-14 DelZip179.dll (1.79.11.1)
2009-01-26 SDHelper.dll (1.6.2.14)
2008-06-19 sqlite3.dll
2009-01-26 Tools.dll (2.1.6.10)
2009-01-16 UninsSrv.dll (1.0.0.0)
2013-04-11 Includes\Adware.sbi (*)
2013-05-08 Includes\AdwareC.sbi (*)
2010-08-13 Includes\Cookies.sbi (*)
2012-11-14 Includes\Dialer.sbi (*)
2013-04-11 Includes\DialerC.sbi (*)
2013-04-11 Includes\HeavyDuty.sbi (*)
2012-11-14 Includes\Hijackers.sbi (*)
2013-04-11 Includes\HijackersC.sbi (*)
2012-11-14 Includes\iPhone.sbi (*)
2012-11-14 Includes\Keyloggers.sbi (*)
2013-04-11 Includes\KeyloggersC.sbi (*)
2004-11-29 Includes\LSP.sbi (*)
2012-11-21 Includes\Malware.sbi (*)
2013-05-22 Includes\MalwareC.sbi (*)
2012-11-14 Includes\PUPS.sbi (*)
2013-05-22 Includes\PUPSC.sbi (*)
2010-01-25 Includes\Revision.sbi (*)
2012-11-14 Includes\Security.sbi (*)
2013-04-11 Includes\SecurityC.sbi (*)
2008-06-03 Includes\Spybots.sbi (*)
2008-06-03 Includes\SpybotsC.sbi (*)
2013-05-22 Includes\Spyware.sbi (*)
2013-05-08 Includes\SpywareC.sbi (*)
2012-11-19 Includes\Tracks.uti
2013-01-16 Includes\Trojans.sbi (*)
2013-05-13 Includes\TrojansC-02.sbi (*)
2013-05-22 Includes\TrojansC-03.sbi (*)
2013-05-16 Includes\TrojansC-04.sbi (*)
2013-05-08 Includes\TrojansC-05.sbi (*)
2013-04-19 Includes\TrojansC.sbi (*)
2008-03-04 Plugins\Chai.dll
2008-03-05 Plugins\Fennel.dll
2008-02-26 Plugins\Mate.dll
2007-12-24 Plugins\TCPIPAddress.dll


Previous topic: http://forums.spybot.info/showthread.php?68904-Sweetpacks-amp-other-stuff&p=443860

[Juliet]

Let's see what we can do.


Malwarebytes Anti-Rootkit

1.Download Malwarebytes Anti-Rootkit
2.Unzip the contents to a folder in a convenient location.
3.Open the folder where the contents were unzipped and run mbar.exe
4.Follow the instructions in the wizard to update and allow the program to scan your computer for threats.
5.Click on the Cleanup button to remove any threats and reboot if prompted to do so.
6.Wait while the system shuts down and the cleanup process is performed.
7.Perform another scan with Malwarebytes Anti-Rootkit to verify that no threats remain. If they do, then click Cleanup once more and repeat the process.
8.If no additional threats were found, verify that your system is now running normally, making sure that the following items are functional:

• •Internet access
  •Windows Update
  •Windows Firewall

9.If there are additional problems with your system, such as any of those listed above or other system issues, then run the 'fixdamage' tool included with Malwarebytes Anti-Rootkit and reboot.
10.Verify that your system is now functioning normally.

~~~~~~~~~~~~~~~~~~~~~~~~~`

Please download and run RogueKiller 32 Bit to your desktop.

RogueKiller 64 Bit <---use this one for 64 bit systems

Which system am I using?

Quit all running programs.

For Windows XP, double-click to start.
For Vista or Windows 7-8, do a right-click on the program, select Run as Administrator to start, & when prompted Allow to run.

[list][*]Please disconnect any external drives from the computer before you run this scan!
[*]Wait until Prescan has finished ...[*]Then Click on "Scan" button[/*]

When the scan completes > Close out the program > Don't Fix anything!
Click on "Report" and copy/paste the content of the Notepad into your next reply.
Post back the report which should be located on your desktop.

[EmpressPhoenix]

Sorry it took so long, work and such. Hope I did everything correctly.


RogueKiller V8.8.11 [Mar 14 2014] by Adlice Software
mail : http://www.adlice.com/contact/
Feedback : http://forum.adlice.com
Website : http://www.adlice.com/softwares/roguekiller/
Blog : http://www.adlice.com

Operating System : Windows Vista (6.0.6001 Service Pack 1) 32 bits version
Started in : Normal mode
User : Phoenix [Admin rights]
Mode : Scan -- Date : 03/19/2014 21:22:09
| ARK || FAK || MBR |

¤¤¤ Bad processes : 0 ¤¤¤

¤¤¤ Registry Entries : 5 ¤¤¤
[HJ POL][PUM] HKCU\[...]\System : DisableTaskMgr (0) -> FOUND
[HJ POL][PUM] HKCU\[...]\System : DisableRegistryTools (0) -> FOUND
[HJ POL][PUM] HKLM\[...]\System : EnableLUA (0) -> FOUND
[HJ DESK][PUM] HKLM\[...]\NewStartPanel : {59031a47-3f72-44a7-89c5-5595fe6b30ee} (1) -> FOUND
[HJ DESK][PUM] HKLM\[...]\NewStartPanel : {20D04FE0-3AEA-1069-A2D8-08002B30309D} (1) -> FOUND

¤¤¤ Scheduled tasks : 2 ¤¤¤
[V1][SUSP PATH] AVG-Secure-Search-Update_JUNE2013_TB_rmv.job : C:\Windows\TEMP\{D988E5D4-D751-4BDF-AC41-0B918C600A78}.exe - --uninstall=1 [x] -> FOUND
[V2][SUSP PATH] AVG-Secure-Search-Update_JUNE2013_TB_rmv : C:\Windows\TEMP\{D988E5D4-D751-4BDF-AC41-0B918C600A78}.exe - --uninstall=1 [x] -> FOUND

¤¤¤ Startup Entries : 0 ¤¤¤

¤¤¤ Web browsers : 0 ¤¤¤

¤¤¤ Browser Addons : 0 ¤¤¤

¤¤¤ Particular Files / Folders: ¤¤¤

¤¤¤ Driver : [LOADED] ¤¤¤
[Address] SSDT[21] : NtAlpcConnectPort @ 0x820394F3 -> HOOKED (Unknown @ 0x87536368)

¤¤¤ External Hives: ¤¤¤

¤¤¤ Infection : ¤¤¤

¤¤¤ HOSTS File: ¤¤¤
--> %SystemRoot%\System32\drivers\etc\hosts


ÿþ1
127.0.0.1 www.007guard.com
127.0.0.1 007guard.com
127.0.0.1 008i.com
127.0.0.1 www.008k.com
127.0.0.1 008k.com
127.0.0.1 www.00hq.com
127.0.0.1 00hq.com
127.0.0.1 010402.com
127.0.0.1 www.032439.com
127.0.0.1 032439.com
127.0.0.1 www.0scan.com
127.0.0.1 0scan.com
127.0.0.1 1000gratisproben.com
127.0.0.1 www.1000gratisproben.com
127.0.0.1 1001namen.com
127.0.0.1 www.1001namen.com
127.0.0.1 100888290cs.com
127.0.0.1 www.100888290cs.com
127.0.0.1 www.100sexlinks.com
[...]


¤¤¤ MBR Check: ¤¤¤

+++++ PhysicalDrive0: (\\.\PHYSICALDRIVE0 @ IDE) WDC WD5000LPVT-00G33T0 ATA Device +++++
--- User ---
[MBR] 35e447d11196d8919b2ab6ba08f0e53a
[BSP] ee70e945e77313ff7fd93dac859d4822 : MBR Code unknown
Partition table:
0 - [ACTIVE] NTFS (0x07) [VISIBLE] Offset (sectors): 63 | Size: 465484 Mo
1 - [XXXXXX] NTFS (0x07) [VISIBLE] Offset (sectors): 953313165 | Size: 11452 Mo
User = LL1 ... OK!
User = LL2 ... OK!

Finished : << RKreport[0]_S_03192014_212209.txt >>

[Juliet]

Please print out or make a copy in notepad of any instructions given, as sometimes it is necessary to go offline and you will lose access to them.

How to use ComboFix

Download ComboFix from here:
Link 1
Link 2
Link 3

Place ComboFix.exe on your Desktop <--Important

• Disable your AntiVirus and AntiSpyware applications, usually via a right click on the System Tray icon. They may otherwise interfere with ComboFix.
  You can get help on disabling your protection programs here
• Double click on ComboFix.exe & follow the prompts.
• You may be asked to install or update the Recovery Console (Win XP Only) if this happens please allow it to do so (you will need to be connected to the internet for this)
• Your desktop may go blank. This is normal. It will return when ComboFix is done. Combofix may need to reboot your computer more than once to do its job this is normal.
• When finished, it shall produce a log for you. Post that log in your next reply
  
  Note:
  Do not mouseclick combofix's window whilst it's running. That may cause it to stall.
  
  Note 2: If you receive an error "Illegal operation attempted on a registry key that has been marked for deletion." Please restart the computer
  
  ---------------------------------------------------------------------------------------------
• Ensure your AntiVirus and AntiSpyware applications are re-enabled.
  
  Note: ComboFix may reset a number of Internet Explorer's settings, including making it the default browser.
  Note: Combofix prevents autorun of ALL CDs, floppies and USB devices to assist with malware removal & increase security.
  ---------------------------------------------------------------------------------------------
• If there are Internet issues after running ComboFix:
  Internet Explorer:
  Tools Menu -> Internet Options -> Connections Tab ->Lan Settings > uncheck "use a proxy server" and check to "Automatically detect settings". Also clear any proxy address and port. ok, apply (only if applicable), ok.
  Firefox:
  Tools Menu -> Options... -> Advanced Tab -> Network Tab -> "Settings" under Connection. "No Proxy" should be selected, unless you have one set up yourself.
  Chrome:
  Select -> Tools menu -> then "Options", then go to "Change Proxy Settings", then "LAN Settings" , then take out the check mark for "Use a proxy server for your LAN" if set, unless you set this up yourself.
  Safari
  Launch Safari
  Go to general settings menu
  Then in Preferences/ Advanced
  Then on line click Proxies change settings ...
  Click Internet Options, then click the Connections tab, click Network Settings.
  Disable option (uncheck) for the use of proxy server ...
  

~~~~~~~~~~~~~~~~~~`

[EmpressPhoenix]

Sadly, I am unable to complete with this followup. My other comp, not sure what happened (I don't think it was a virus but could have been) bit the dusk. I mean, I can start it up, it goes to boot screen and such, but it will not pull up any logon screen, not even in safe mode. After it goes to boot screen or loading screen or what not, the screen just goes black. Not "computer is off" black but....just black. So, I don't know what's going on with it :( Was having some issues with that a week or so ago. On a new laptop atm, rent to own. Not sure if I'm ever going to get the other one fixed of if it's worth it as good as it was to me, like I said..it's old.

I apologize for this, however, if you have any insight as to why it might not be loading a windows login screen or anything past the load/boot screen..I'd appreciate knowing.

[Juliet]

yikes!
Sounds like a major issue with hardware. I think it could be from video?
I have to admit I am completely no good with things like these.

I'll supply a link to a help forum, you will have to register, then create a new topic there. Excellent help from friendly people will assist.
http://forums.whatthetech.com/index.php?showforum=126


All the best and good luck.

[Juliet]

Glad we could help.

Since this issue appears resolved ... this Topic is closed.