New
#311
Prescottbob,
Part I:
Please open Notepad: (Start > All Programs > Accessories > Notepad)
Copy/paste the entire content inside the quote box below to Notepad (Do not copy the word 'Quote'):
In Notepad, click: File (upper left) > Save As...FCopy::
C:\MpSvc.dll | C:\Program Files\Windows Defender\MpSvc.dll
C:\MpSvc.dll | C:\Windows\winsxs\amd64_security-malware-windows-defender_31bf3856ad364e35_6.1.7601.17514_none_b5e2b6396ecea306\MpSvc.dll
C:\MpSvc.dll | C:\Windows\winsxs\amd64_security-malware-windows-defender_31bf3856ad364e35_6.1.7600.16385_none_b3b1a27171e01f6c\MpSvc.dll
ClearJavaCache::
Save the file to the Desktop
Name it: CFScript.txt
Click: Save
-->>Both the CFScript.txt and the ComboFix program icon must be on the Desktop, or this will not work.<<--
Make sure all AntiVirus and AntiMalware programs are disabled, so they do not interfere with the running of ComboFix.
Info: http://www.bleepingcomputer.com/forums/topic114351.html
Now, drag the CFScript.txt into ComboFix.exe as shown below:
This action starts ComboFix again.
If the program asks to reboot, please do so.
When done, please attach the new Combofix.txt in your reply.
Part II:
Can't remember if you have MBAM installed or not. If not, please download Malwarebytes' Anti-Malware:
http://www.malwarebytes.org/mbam-download-exe.php
Save to the Desktop.
MBAM may make changes to the Registry as part of its disinfection routine.
If using other security programs that detect Registry changes, they may interfere or alert you.
Continue disabling these programs, or permit them to allow the changes.
Right-click the MBAM file, and select: Run as Administrator
When the installation begins, follow the prompts.
Make sure both of these are checked:
Update Malwarebytes' Anti-Malware
Launch Malwarebytes' Anti-Malware
Click: Finish
MBAM automatically starts and you are asked to update the program.
If an update is found, the program will automatically update itself.
Press the OK button to close that box and continue.
On the Scanner tab:
Make sure the Perform Full Scan option is selected.
Then click on the Scan button.
If asked to select the drives to scan, leave all the drives selected.
Click on the Start Scan button.
The scan may take some time to complete, so please be patient.
When the scan is finished, a message box shows The scan completed successfully. Click 'Show Results' to display all objects found
Click OK to close the message box and continue with the removal process.
Back at the main Scanner screen:
Click on the Show Results button to see a list of any malware found.
Make sure everything is checked, and click: Remove Selected
When removal is completed, a report opens in Notepad.
The log is automatically saved and can be viewed by clicking the Logs tab.
Please copy/paste the entire contents of the MBAM report in your reply.
Exit MBAM when done.
Note: If MBAM encounters a file that is difficult to remove, you are asked to reboot the computer so MBAM can proceed with the disinfection process. If asked to restart the computer, please do so immediately.
Failure to reboot normally (not into safe mode) prevents MBAM from removing all the malware.