rowddawg

been a little bit. I've been trying to get the comp up and running again. So here's the latest. I ended up having to reinstall windows only not with a clean install. I installed it to the secondary partition to allow me to get to everything on the computer. This was actually suggested to me by microsoft via live chat, since the issue stemmed from a service pack upgrade. This worked for a brief time. I was able to get to all my old information, and I continued to update windows through sp1. This time I did not have the same issues as before, but I am still having trouble. The day after getting the computer to start working (5 days ago) my wife had the screen go crazy... by crazy i mean there were horizontal lines of varying colors on the screen. (it looked as though the screen had become offset and skewed.) I thought this may be an issue with the video card, so I moved the monitor to another port on the same card, and when everything worked correctly, I assumed I had corrected the problem. I continued installing updates for vista through sp1. I was able to get sp1 completely installed and all appeared well when I had the same thing happen again. Here's the odd part. I can run windows in safemode without any issues. At least I didnt have any issues while i ran it in safemode before. Could this be from a driver issue? I have the latest updated driver for my card according to vista. I know this is outside the scope of malware removal, and I appreciate the suggestions up until now. Any suggestions or direction on what else to do would be appreciated. Thanks.

Tried the boot disk. It will only reinstall the os, not allow me to boot it. I do have a knoppix boot cd that I've used in the past, going to try it. If that doesn't work, are there any other options? I'd rather not have to wipe the drive if I don't have to.

I've tried getting into safemode. It hangs while the files are filling on the side of the screen. I do have a cd, although it's a combo cd (not solely vista) so I'm hoping that if i use it it won't only give me the option of reformatting the drive, but will allow me to boot from it and uninstall the patch for sp1 (which I'm assuming is what I need to do) does that sound right?

OK. I followed your instructions and deleted the programs (combofix and your security check), i uninstalled adobe and java and installed the latest versions, and then I reinstated UAC (although it seems to be much more of a hassle than a help). I rebooted the computer when necessary during these steps. Then I received all updates using windows updates. *I had not yet installed even service pack 1 yet, as it had not been an option. I accepted the updates needed to get to sp1, rebooted the computer, then downloaded and installed sp1, so I could get to sp2. I left the computer to go to work as this happened, so I am not sure what has happened to cause the following issue. Basically, when I came home I was welcomed by a black screen with the following text stuck on the screen a few lines down from the top of the screen. !! 0xc0000034 !! 5553/89603 (x86_microsoft-windows-comdlg32.resources_...) This was flickering on the black background. Thinking that somehow the system had hung up (it had been 10 hours since I had started the update), I rebooted the system. Immediately it went to a black screen similar to the one you get when the system shuts down unexpectedly, but it said there was an issue with windows, and recommended to have the computer try to fix the issue. I did this, but ended up back at the same screen. As for the computer itself, the issues I had been having were fixed primarily after combofix, at least the noticible issues (slowing down of computer, internet redirection, etc.) after the next step (online virus/malware check) other issues I had not known about were removed as well. Now what should I do? I have left the computer on for now. In a little while if nothing changes I will probably turn it off until I receive a reply. Thanks.

Here is the report. I did have one issue. Once the full scan had ran, and I clicked for it to clean the computer, it said the priviledges were not there to clean it, and it closed. I then ran the quick scan, which found the same number of malware issues, and this time it allowed the cleaning. Odd. At any rate, here is the list from the scanning report. I reran the full scan afterwards, with no problems at all. Scanning Report Thursday, July 15, 2010 15:47:49 - 15:55:48 Computer name: YATES-HOME Scanning type: Quick scan Target: System -------------------------------------------------------------------------------- 18 malware found TrackingCookie.Questionmarket (spyware) System (Disinfected) TrackingCookie.Adinterax (spyware) System (Disinfected) TrackingCookie.Advertising (spyware) System (Disinfected) TrackingCookie.Atdmt (spyware) System (Disinfected) TrackingCookie.Adtech (spyware) System (Disinfected) TrackingCookie.Doubleclick (spyware) System (Disinfected) TrackingCookie.Revsci (spyware) System (Disinfected) TrackingCookie.Admeta (spyware) System (Disinfected) TrackingCookie.Specificclick (spyware) System (Disinfected) TrackingCookie.Adrevolver (spyware) System (Disinfected) TrackingCookie.Adbrite (spyware) System (Disinfected) TrackingCookie.Xiti (spyware) System (Disinfected) TrackingCookie.Webtrends (spyware) System (Disinfected) TrackingCookie.Mediaplex (spyware) System (Disinfected) TrackingCookie.Tradedoubler (spyware) System (Disinfected) TrackingCookie.Statcounter (spyware) System (Disinfected) TrackingCookie.Atwola (spyware) System (Disinfected) TrackingCookie.Yieldmanager (spyware) System (Disinfected) -------------------------------------------------------------------------------- Statistics Scanned: Files: 4120 System: 4120 Not scanned: 0 Actions: Disinfected: 18 Renamed: 0 Deleted: 0 Not cleaned: 0 Submitted: 0 -------------------------------------------------------------------------------- Options Scanning engines: -------------------------------------------------------------------------------- Copyright

combofix log ComboFix 10-07-14.01 - Rowdy 07/14/2010 15:36:55.1.4 - x86 Microsoft

The rerun of MBAM. Same info. Malwarebytes' Anti-Malware 1.46 www.malwarebytes.org Database version: 4306 Windows 6.0.6000 Internet Explorer 8.0.6001.18904 7/12/2010 8:21:27 PM mbam-log-2010-07-12 (20-21-27).txt Scan type: Quick scan Objects scanned: 141451 Time elapsed: 7 minute(s), 10 second(s) Memory Processes Infected: 0 Memory Modules Infected: 0 Registry Keys Infected: 0 Registry Values Infected: 0 Registry Data Items Infected: 0 Folders Infected: 0 Files Infected: 1 Memory Processes Infected: (No malicious items detected) Memory Modules Infected: (No malicious items detected) Registry Keys Infected: (No malicious items detected) Registry Values Infected: (No malicious items detected) Registry Data Items Infected: (No malicious items detected) Folders Infected: (No malicious items detected) Files Infected: C:\Users\Rebecca\AppData\Local\Temp\low\COUPON~1.DLL (Trojan.BHO.H) -> Quarantined and deleted successfully. DDS LOG DDS (Ver_10-03-17.01) - NTFSx86 Run by Rowdy at 20:23:46.53 on Mon 07/12/2010 Internet Explorer: 8.0.6001.18904 Microsoft

Hello. First, thanks for taking the time to help me with this issue. I've tried to follow all the instructions under 'I'm infected - What do I do now?', and with the exception of the GMER section, I can complete all other tasks. MBAM runs successfully on the computer, but the virus returns after reboot. following is the most recent MBAM log file... Malwarebytes' Anti-Malware 1.46 www.malwarebytes.org Database version: 4298 Windows 6.0.6000 Internet Explorer 8.0.6001.18904 7/9/2010 11:59:11 PM mbam-log-2010-07-09 (23-59-11).txt Scan type: Quick scan Objects scanned: 140860 Time elapsed: 21 minute(s), 21 second(s) Memory Processes Infected: 0 Memory Modules Infected: 0 Registry Keys Infected: 0 Registry Values Infected: 0 Registry Data Items Infected: 0 Folders Infected: 0 Files Infected: 1 Memory Processes Infected: (No malicious items detected) Memory Modules Infected: (No malicious items detected) Registry Keys Infected: (No malicious items detected) Registry Values Infected: (No malicious items detected) Registry Data Items Infected: (No malicious items detected) Folders Infected: (No malicious items detected) Files Infected: C:\Users\Rebecca\AppData\Local\Temp\low\COUPON~1.DLL (Trojan.BHO.H) -> Quarantined and deleted successfully. Here is the DDS text file info... DDS (Ver_10-03-17.01) - NTFSx86 Run by Rowdy at 0:05:47.06 on Sat 07/10/2010 Internet Explorer: 8.0.6001.18904 Microsoft Attach.zip

since i now can run hijack this and malwarebytes, i'll repost this and not reply to my own post. (which i just read I should not do.) if someone wouldn't mind either deleting or closing this post that would be fantastic. Thanks.

My computer was infected with a virus that disables access to control panel and other areas as well as only shows my wallpaper on my monitor. (i have to use task manager to do everything) It also kept redirecting any google searches to pages that offered to sell stuff to clean my computer. I originally realized there was a virus when it posted a fake icon in the system tray telling me I had a virus, and would periodically put up an error message. I ran an avg scan, and when the infections seemed to have been taken care of, I tried to delete a shortcut to the program 'av care' that had been placed on my desktop, but when I did that, my comp crashed. at first, the virus kept me from using mwb. combo-fix corrected that issue. now, i've ran both the short scan and long scan through mwb, and was able to install and run hijack this. first, i'll post the mwb log, then the hijack this log. Malwarebytes' Anti-Malware 1.41 Database version: 2891 Windows 5.1.2600 Service Pack 2 10/2/2009 2:32:28 AM mbam-log-2009-10-02 (02-32-19).txt Scan type: Full Scan (C:\|) Objects scanned: 227598 Time elapsed: 52 minute(s), 53 second(s) Memory Processes Infected: 0 Memory Modules Infected: 0 Registry Keys Infected: 0 Registry Values Infected: 0 Registry Data Items Infected: 0 Folders Infected: 0 Files Infected: 7 Memory Processes Infected: (No malicious items detected) Memory Modules Infected: (No malicious items detected) Registry Keys Infected: (No malicious items detected) Registry Values Infected: (No malicious items detected) Registry Data Items Infected: (No malicious items detected) Folders Infected: (No malicious items detected) Files Infected: C:\Combo-Fix\Combo-Fix.sys (Worm.Agent) -> No action taken. C:\Qoobox\Quarantine\C\WINDOWS\msa.exe.vir (Trojan.Downloader) -> No action taken. C:\Qoobox\Quarantine\C\WINDOWS\system32\eventlog.dll.vir (Trojan.Sirefef) -> No action taken. C:\System Volume Information\_restore{1D1D6F93-1B0C-4060-8D79-09274A81BD2A}\RP799\A0191532.exe (Rogue.AVCare) -> No action taken. C:\System Volume Information\_restore{1D1D6F93-1B0C-4060-8D79-09274A81BD2A}\RP799\A0191533.exe (Rogue.AVCare) -> No action taken. C:\System Volume Information\_restore{1D1D6F93-1B0C-4060-8D79-09274A81BD2A}\RP800\A0191593.sys (Worm.Agent) -> No action taken. C:\System Volume Information\_restore{1D1D6F93-1B0C-4060-8D79-09274A81BD2A}\RP800\A0191687.exe (Trojan.Downloader) -> No action taken. Logfile of Trend Micro HijackThis v2.0.2 Scan saved at 3:04:51 AM, on 10/2/2009 Platform: Windows XP SP2 (WinNT 5.01.2600) MSIE: Internet Explorer v7.00 (7.00.6000.16876) Boot mode: Normal Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\Program Files\Intel\Wireless\Bin\EvtEng.exe C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe C:\WINDOWS\system32\spoolsv.exe C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe C:\Program Files\Bonjour\mDNSResponder.exe C:\Program Files\TOSHIBA\ConfigFree\CFSvcs.exe C:\WINDOWS\system32\DVDRAMSV.exe C:\PROGRA~1\AVG\AVG8\avgrsx.exe C:\PROGRA~1\AVG\AVG8\avgnsx.exe C:\Program Files\Common Files\Nero\Nero BackItUp 4\NBService.exe C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe C:\WINDOWS\system32\svchost.exe c:\TOSHIBA\IVP\swupdate\swupdtmr.exe C:\WINDOWS\system32\wscntfy.exe C:\WINDOWS\system32\taskmgr.exe C:\WINDOWS\system32\ctfmon.exe C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe C:\WINDOWS\system32\winlogon.exe C:\Program Files\Internet Explorer\iexplore.exe C:\PROGRA~1\METAMA~1\METAMA~1\METAMA~1.EXE C:\PROGRA~1\METAMA~1\METAMA~1\METAMA~2.EXE C:\WINDOWS\system32\NOTEPAD.EXE C:\Program Files\Trend Micro\HijackThis\HijackThis.exe R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com/ R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896 R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157 R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://www.toshibadirect.com/dpdstart R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx O2 - BHO: DriveLetterAccess - {5CA3D70E-1895-11CF-8E15-001234567890} - C:\WINDOWS\system32\dla\tfswshx.dll O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_02\bin\ssv.dll O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.3.4501.1418\swg.dll O2 - BHO: Metamail IEPlugin - {C09C9904-FD44-11D6-A711-00105AC8F168} - C:\PROGRA~1\METAMA~1\METAMA~1\IEPlugIn.dll O2 - BHO: Google Dictionary Compression sdch - {C84D72FE-E17D-4195-BB24-76C02E2E7C4E} - C:\Program Files\Google\Google Toolbar\Component\fastsearch_B7C5AC242193BB3E.dll O3 - Toolbar: (no name) - {BA52B914-B692-46c4-B683-905236F6F655} - (no file) O3 - Toolbar: Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll O4 - HKLM\..\Run: [igfxTray] C:\WINDOWS\system32\igfxtray.exe O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\system32\hkcmd.exe O4 - HKLM\..\Run: [TCtryIOHook] TCtrlIOHook.exe O4 - HKLM\..\Run: [TFncKy] TFncKy.exe O4 - HKLM\..\Run: [dla] C:\WINDOWS\system32\dla\tfswctrl.exe O4 - HKLM\..\Run: [Apoint] C:\Program Files\Apoint2K\Apoint.exe O4 - HKLM\..\Run: [AGRSMMSG] AGRSMMSG.exe O4 - HKLM\..\Run: [NDSTray.exe] NDSTray.exe O4 - HKLM\..\Run: [HWSetup] C:\Program Files\TOSHIBA\TOSHIBA Applet\HWSetup.exe hwSetUP O4 - HKLM\..\Run: [sVPWUTIL] C:\Program Files\Toshiba\Windows Utilities\SVPWUTIL.exe SVPwUTIL O4 - HKLM\..\Run: [TOSHIBA Accessibility] C:\Program Files\TOSHIBA\Accessibility\FnKeyHook.exe O4 - HKLM\..\Run: [CeEKEY] C:\Program Files\TOSHIBA\E-KEY\CeEKey.exe O4 - HKLM\..\Run: [TPSMain] TPSMain.exe O4 - HKLM\..\Run: [PadTouch] C:\Program Files\TOSHIBA\Touch and Launch\PadExe.exe O4 - HKLM\..\Run: [ZoomingHook] ZoomingHook.exe O4 - HKLM\..\Run: [smoothView] C:\Program Files\TOSHIBA\TOSHIBA Zooming Utility\SmoothView.exe O4 - HKLM\..\Run: [TPNF] C:\Program Files\TOSHIBA\TouchPad\TPTray.exe O4 - HKLM\..\Run: [Tvs] C:\Program Files\Toshiba\Tvs\TvsTray.exe O4 - HKLM\..\Run: [Pinger] c:\toshiba\ivp\ism\pinger.exe /run O4 - HKLM\..\Run: [CFSServ.exe] CFSServ.exe -NoClient O4 - HKLM\..\Run: [Windows Defender] "C:\Program Files\Windows Defender\MSASCui.exe" -hide O4 - HKLM\..\Run: [AVG8_TRAY] C:\PROGRA~1\AVG\AVG8\avgtray.exe O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\Grisoft\AVG7\avgcc.exe /STARTUP O4 - HKLM\..\Run: [sunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_02\bin\jusched.exe" O4 - HKLM\..\Run: [intelZeroConfig] "C:\Program Files\Intel\Wireless\bin\ZCfgSvc.exe" O4 - HKLM\..\Run: [intelWireless] "C:\Program Files\Intel\Wireless\Bin\ifrmewrk.exe" /tf Intel PROSet/Wireless O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe" O4 - HKLM\..\Run: [combofix] C:\WINDOWS\system32\CF21202.exe /c C:\Combo-Fix\Combobatch.bat O4 - HKLM\..\Run: [Malwarebytes Anti-Malware (reboot)] "C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe" /runcleanupscript O4 - HKLM\..\RunOnce: [Malwarebytes' Anti-Malware] C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe /install /silent O4 - HKLM\..\RunOnce: [combofix] C:\WINDOWS\system32\CF21202.exe /c C:\Combo-FixCombobatch.bat O4 - HKCU\..\Run: [TOSCDSPD] C:\Program Files\TOSHIBA\TOSCDSPD\toscdspd.exe O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background O4 - HKCU\..\Run: [swg] "C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe O4 - HKLM\..\Policies\Explorer\Run: [l0l1mJYrk4] C:\Documents and Settings\All Users\Application Data\spcledaz\snergzmx.exe O4 - HKLM\..\Policies\Explorer\Run: [6Q4Lbw6UwH] C:\Documents and Settings\All Users\Application Data\spcledaz\snergzmx.exe O4 - HKUS\S-1-5-21-1334378050-777839371-2054903559-1007\..\Run: [TOSCDSPD] C:\Program Files\TOSHIBA\TOSCDSPD\toscdspd.exe (User 'Rebecca') O4 - HKUS\S-1-5-21-1334378050-777839371-2054903559-1007\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe (User 'Rebecca') O4 - HKUS\S-1-5-21-1334378050-777839371-2054903559-1007\..\Run: [swg] "C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" (User 'Rebecca') O4 - HKUS\S-1-5-18\..\Run: [DWQueuedReporting] "C:\PROGRA~1\COMMON~1\MICROS~1\DW\dwtrig20.exe" -t (User 'SYSTEM') O4 - HKUS\.DEFAULT\..\Run: [DWQueuedReporting] "C:\PROGRA~1\COMMON~1\MICROS~1\DW\dwtrig20.exe" -t (User 'Default user') O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE O4 - Global Startup: RAMASST.lnk = C:\WINDOWS\system32\RAMASST.exe O8 - Extra context menu item: Add to Google Photos Screensa&ver - res://C:\WINDOWS\system32\GPhotos.scr/200 O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000 O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_02\bin\ssv.dll O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_02\bin\ssv.dll O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\system32\Shdocvw.dll O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll O14 - IERESET.INF: START_PAGE_URL=http://www.toshibadirect.com/dpdstart O16 - DPF: {05D44720-58E3-49E6-BDF6-D00330E511D3} (StagingUI Object) - http://zone.msn.com/binFrameWork/v10/StagingUI.cab55579.cab O16 - DPF: {0CCA191D-13A6-4E29-B746-314DEE697D83} (Facebook Photo Uploader 5 Control) - http://upload.facebook.com/controls/2008.1...toUploader5.cab O16 - DPF: {1239CC52-59EF-4DFA-8C61-90FFA846DF7E} (Musicnotes Viewer) - http://www.musicnotes.com/download/mnviewer.cab O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204 O16 - DPF: {3BB54395-5982-4788-8AF4-B5388FFDD0D8} (MSN Games

well... i uninstalled mwb and reinstalled it, and now it is working for me. apparently combofix cleared up whatever was keeping it from running. I'll post the logs from it here after it finishes.

Hello. First of all, thanks in advance for any help given. I have tried to follow the directions in other posts that seem to have similar issues to what I'm experiencing, but to no avail. I'll post what I have done and what issues I'm experiencing. I'm posting here first because I noticed that when mwb and others do not work, people were instructed to post here. (green text) Here are the known problems I'm experiencing... I realized my computer was infected when a fake security icon appeared in the system tray saying my computer was infected, which was compounded by the fact that google searches, when clicked, now redirect me to a number of 'buy this program to fix your comp' sites. I have avg free 8.5, which I ran immediately to try to fix the issue, which it said it deleted multiple infections, but there was still an icon *AV Care* on my desktop, and when I went to delete it my comp crashed--causing me to reboot it. Once I logged back on, the only thing I could see was my wallpaper. Fortunately I had access to the task manager, and tried to see what I could access from it as well as if there were processes I could kill within it to get around this bug, but ran into dead ends. The basic response for opening (from task manager) my control panel, or any other file from it (without simply right clicking on the entity and choosing run) states that I do not have sufficient priviledges to access those commands. That was when I got on my desktop and started searching for solutions. I saw how MWB software was often recommended, and wanted to give it a shot. Much to my dismay, the virus shuts it down after about 2 seconds. I then continued searching these forums, and saw how combo-fix was a solution given in multiple cases, especially in those where MWB was not allowed to run. I downloaded, installed and ran it (after disabling avg) and seemed to be making some headway, it deleted multiple infections, repaired a sys file, etc. then it prompted me to reboot to fix the rootkit? i believe, without giving me an option for a log, and when I did let it reboot, it went back to the logon screen. After waiting a few minutes ( i didnt want to mess with it if it was somehow still running) I logged back on, but the desktop icons are still unavailable-although the 'av care' folder now is not on my computer any more. So apparently it was able to fix some issues, but not all? I still have the same issues, no access to running MWB, no access to control panel or actually entering files to be ran by task manager (although I can circumvent this by right clicking.) I assume combofix should have created a log, but I'm not sure where it would be. I installed cf to the desktop, under the name combo-fix, and do not know where the log would be. Any help to this problem (or problems) would be greatly appreciated. Thanks. Other stuff you might want to know. running xp on my toshiba laptop (so only a toshiba startup for windows, not windows by itself) I do have internet access, although I can disable that.