I wanted to create an account specifically to thank Gringo for the following post for another random person:
Whilst I couldn't follow the instructions exactly I ran everything in order to gather information and then after finally running combofix in safemode, I believe I have finally cleaned off a friends laptop. Things are running well and now the system can be updated and secured. Note I had read about combofix being used with supervision but I was happy with the information I had from reading many posts and experience in the past and that the system was aok to be trashed/rebuilt fresh so there was nothing to be too concerned about.
I've been in IT in the realm of support for a good 20+ years through to todays server, san, vmware, replication and DR envirnoment and have found this forum particularly helpful especially when trying to fix up other people's systems. Thankfully my own system has remained clean but I find I'm often handed infected systems to have a look at. I ended up building a specific isolated network behind a firewall so these machines could see the internet for 80/443 and windows updates but not my local lan, etc.
Edited by tjwaus, 18 June 2013 - 08:51 AM.