Hi e28ct17,
Please tell me what if any steps you needed to take in order to get the computer to boot to windows. this information will be helpful later.
After this fix if you recieve an error message about IE or FF when opening them please reboot you computer and try again.
We'll continue with combofix. If you have a file on your desktop named CFScript please delete it we'll make a new one.
We will be using Combofix again but will run it differently.
Please follow all previous instructions regarding security programs.
Open a new Notepad session - Click the Start button, click run
- in the run box type notepad
- click ok
- In the notepad, Click "Format" and be certain that Word Wrap is not checked.
- Copy and paste all the all of the text in the code box below into the Notepad, (including the URL). Do Not copy the word CODE
Code:
http://forums.spybot.info/showpost.php?p=420140&postcount=17
Collect::
c:\users\Janice\AppData\Local\dplaysvr.exe
c:\users\Janice\AppData\Roaming\Ofgaub\teuzviu.exe
Registry::
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"dplaysvr"=-
"{24903B15-CFA6-2F4F-D499-A747DA35520F}"=-
Folder::
c:\users\Janice\AppData\Roaming\Sie
c:\users\Janice\AppData\Roaming\Ofgaub
In the notepad - Click File, Save as..., and set the Save in to your Desktop
- In the filename box, type (including quotation marks) as the filename: "CFScript.txt"
- Click save
Using your mouse left button, drag the new file CFscript.txt and drop it on the ComboFix.exe icon as shown below.
This will start ComboFix again.Close all browser/windows first.
**Note: Do not mouseclick combofix's window while it's running. That may cause it to stall**
**Note**
When CF finishes running, the ComboFix log will open along with a message box--do not be alarmed. With the above script, ComboFix will capture files to submit for analysis.- Ensure you are connected to the internet and click OK on the message box.
Please post back with the combofix log.
Thanks
