I rebooted, windows started - Combofix is running now, created a new system restore point and it's scanning now.  I'll post the log when it's done.

Thanks so much for you help.

Julie

Combofix seems to be having trouble running.

After restarting the computer ComboFix started running, it would get to the blue screen: Scanning for infected files but would never get to the Clock Setting message or the Completed Stage_X, it would reboot and start over again.  It did this numerous times, finally I intervened with a safe reboot which brought me back to windows.

I downloaded Combofix again, created the script file again.  I tried running and I get a

Combofix warning:

antivirus:CyberDefenderInternetSecruity

antispyware: CyberDefenderInternetSecurity

I checked Msadmin it shows CyberDefender is disabled.  (Msadmin does show some suspicious processes running poprock & tgzaaf).

I let Combofix run, it creates new system restore point and starts brings up the scanning for infected files message but before the Completed Stage_X messages start appearing it reboots with a blue screen & memory auto dump.

The system then starts up windows normally.  A log file is not crated.

Something on the system seems to be interfering with Combofix and I also can't figure out how to disable CyberDefenderInternetSecurity.

Thanks

Julie

jvpierce:

Please look under C:\Combofix for the log file.  Please do nothing else without Quads' specific instructions. Finding the log is important.  

There is no log file, I don't think it's running to completion.

The combofix directory that I have is an actual image of the file system (I'm not sure if this is what's created during the system restore step, it shows the disk drives and hardware connected to the computer).   When I go to the dos commad line and do a dir, there is no combofix directory.

I haven't done anything else, I'll await further instructions. 

Thanks

Julie

There doesn't appear to be anything there except the image file and the download file.  I've attached an image of the search screen.

Thanks

Julie

jvpierce:

You have a worse problem than originally stated.  I can see the Qoobox folder in your screen print.  Please click on that and advise if there are any files, and what they are.  Do run  run any more programs, particularly Combofix.  If the Qoobox, which is the quarantine is empty, it might mean that Combofix has not been allowed to run.

The worst problem is the folder on the right called Windows Police Pro, which is a particularly vicious rogue antivirus. That would have been an important thing to know at the beginning.

I will advise Quads.

Here's the contents of Qoobox:

Folder: BackEnv

appdata.folder.dat

cache.folder.dat

Cookies.folder.dat

desktop.folder.dat

favorites.folder.dat

localappdata.folder.dat

LocalSettings.folder.dat

mypictures.folder.dat

personnel.folder.dat

Profiles.Folder.dat

Profiles.Folder.folder.dat

programs.folder.dat

SetPath (Windows Batch File)

startmenu.folder.dat

startup.folder.dat

SysPath.dat

templates.folder.dat

Folder: LastRun

d-del_A.dat

Folder: Quarantine

Folder: C (empty)

Folder: Registry_backups (empty)

catchme.txt

Folder: Test (empty)

Folder: TestC (empty)

Thanks

Julie

One other thing...

I have no applications running (confirmed with Windows Task manager) but my disk is spinning non-stop.  Should I shutdown my laptop while waiting for next steps or just keep it running?

Thanks

Julie