HJT/CF/AVG logs
- Thread starter CatBox
- Start date
howard_hopkinso
Posts: 21,238 +17
Hello and welcome to Techspot.
1. Please download The Avenger by Swandog46 from HERE. Save it to your Desktop and extract it.
2. Download the attached avengerscript.txt and save it to your desktop
Note: the above code was created specifically for this user. If you are not this user, do NOT follow these directions as they could damage the workings of your system.
3. Now, start The Avenger program by double clicking on its icon on your desktop.
Under "Script file to execute" choose "Load script from file".
Now click on the folder icon which will open a new window titled "open Script File"
navigate to the file you have just downloaded, click on it and press open
Now click on the Green Light to begin execution of the script
Answer "Yes" twice when prompted.
4. The Avenger will automatically do the following:
It will Restart your computer. ( In cases where the code to execute contains "Drivers to Unload", The Avenger will actually restart your system twice.)
On reboot, it will briefly open a black command window on your desktop, this is normal.
After the restart, it creates a log file that should open with the results of Avenger’s actions. This log file will be located at C:\avenger.txt
The Avenger will also have backed up all the files, etc., that you asked it to delete, and will have zipped them and moved the zip archives to C:\avenger\backup.zip.
5. Please attach the content of c:\avenger.txt into your reply, as well as a fresh HJT and Combofix log.
Regards Howard :wave: :wave:
This thread is for the use of CatBox only. Please don`t post your own virus/spyware problems in this thread. Instead, open a new thread in our security and the web forum.
1. Please download The Avenger by Swandog46 from HERE. Save it to your Desktop and extract it.
2. Download the attached avengerscript.txt and save it to your desktop
Note: the above code was created specifically for this user. If you are not this user, do NOT follow these directions as they could damage the workings of your system.
3. Now, start The Avenger program by double clicking on its icon on your desktop.
Under "Script file to execute" choose "Load script from file".
Now click on the folder icon which will open a new window titled "open Script File"
navigate to the file you have just downloaded, click on it and press open
Now click on the Green Light to begin execution of the script
Answer "Yes" twice when prompted.
4. The Avenger will automatically do the following:
It will Restart your computer. ( In cases where the code to execute contains "Drivers to Unload", The Avenger will actually restart your system twice.)
On reboot, it will briefly open a black command window on your desktop, this is normal.
After the restart, it creates a log file that should open with the results of Avenger’s actions. This log file will be located at C:\avenger.txt
The Avenger will also have backed up all the files, etc., that you asked it to delete, and will have zipped them and moved the zip archives to C:\avenger\backup.zip.
5. Please attach the content of c:\avenger.txt into your reply, as well as a fresh HJT and Combofix log.
Regards Howard :wave: :wave:
This thread is for the use of CatBox only. Please don`t post your own virus/spyware problems in this thread. Instead, open a new thread in our security and the web forum.
howard_hopkinso
Posts: 21,238 +17
Run HJT with no other programmes open(except notepad). Click the scan button. Have HJT fix the following, by placing a tick in the little box next to(if there).
O2 - BHO: (no name) - {47811308-863E-4A34-AA8F-AEB5857812CD} - C:\WINDOWS\System32\dssdec.dll (file missing)
O21 - SSODL: JRE 1.3.1_04 - {0CFA28D9-0FD8-2CF2-918D-F4D1F3E519EC} - C:\Program Files\JavaSoft\JRE\1.3.1_04\LICENSE.dll (file missing)
O21 - SSODL: Hallmark Card Studio - {EF3DD198-A5E6-A976-F7AE-B7BA6477E350} - c:\sierra\cardstudio\dpqub32.dll (file missing)
Click on the fix checked button.
Close HJT and reboot your system.
Post a fresh HJT log.
Regards Howard
This thread is for the use of CatBox only. Please don`t post your own virus/spyware problems in this thread. Instead, open a new thread in our security and the web forum.
O2 - BHO: (no name) - {47811308-863E-4A34-AA8F-AEB5857812CD} - C:\WINDOWS\System32\dssdec.dll (file missing)
O21 - SSODL: JRE 1.3.1_04 - {0CFA28D9-0FD8-2CF2-918D-F4D1F3E519EC} - C:\Program Files\JavaSoft\JRE\1.3.1_04\LICENSE.dll (file missing)
O21 - SSODL: Hallmark Card Studio - {EF3DD198-A5E6-A976-F7AE-B7BA6477E350} - c:\sierra\cardstudio\dpqub32.dll (file missing)
Click on the fix checked button.
Close HJT and reboot your system.
Post a fresh HJT log.
Regards Howard
This thread is for the use of CatBox only. Please don`t post your own virus/spyware problems in this thread. Instead, open a new thread in our security and the web forum.
howard_hopkinso
Posts: 21,238 +17
Your HJT log is clean.
Turn off system restore.(XP/ME only) See how HERE.
Now, turn system restore back on. This will have deleted all your old restore points and any nasties that are in them. It will also have created a new, clean restore point.
If you have any further virus/spyware problems, please post in this thread.
Regards Howard
This thread is for the use of CatBox only. Please don`t post your own virus/spyware problems in this thread. Instead, open a new thread in our security and the web forum.
Turn off system restore.(XP/ME only) See how HERE.
Now, turn system restore back on. This will have deleted all your old restore points and any nasties that are in them. It will also have created a new, clean restore point.
If you have any further virus/spyware problems, please post in this thread.
Regards Howard
This thread is for the use of CatBox only. Please don`t post your own virus/spyware problems in this thread. Instead, open a new thread in our security and the web forum.
howard_hopkinso
Posts: 21,238 +17
Threads merged.
I see you`ve managed to get your system infected again. You really need to start taking care when browsing the internet etc.
Your system is infected with a trojan called Downloader.Agent.awf. It replaces legitimate files that are common on most computers with an infected file. Then, it moves the legitimate files to a bak or backup folder.
Very Important: Before deciding whether you should clean or reformat your system, go and read this thread HERE and decide what it is you want to do.
If after reading the above, you wish to clean your system, do the following.
Go and read this thread HERE and follow the instructions exactly. Then, post the requested log files.
Regards Howard
This thread is for the use of CatBox only. Please don`t post your own virus/spyware problems in this thread. Instead, open a new thread in our security and the web forum.
I see you`ve managed to get your system infected again. You really need to start taking care when browsing the internet etc.
Your system is infected with a trojan called Downloader.Agent.awf. It replaces legitimate files that are common on most computers with an infected file. Then, it moves the legitimate files to a bak or backup folder.
Very Important: Before deciding whether you should clean or reformat your system, go and read this thread HERE and decide what it is you want to do.
If after reading the above, you wish to clean your system, do the following.
Go and read this thread HERE and follow the instructions exactly. Then, post the requested log files.
Regards Howard
This thread is for the use of CatBox only. Please don`t post your own virus/spyware problems in this thread. Instead, open a new thread in our security and the web forum.
howard_hopkinso
Posts: 21,238 +17
Ok, no problem.
You need to go and follow the instructions HERE as I asked in my previous post.
That`s because that system is infected with a trojan called Downloader.Agent.awf. It replaces legitimate files that are common on most computers with an infected file. Then, it moves the legitimate files to a bak or backup folder.
Regards Howard
This thread is for the use of CatBox only. Please don`t post your own virus/spyware problems in this thread. Instead, open a new thread in our security and the web forum.
You need to go and follow the instructions HERE as I asked in my previous post.
That`s because that system is infected with a trojan called Downloader.Agent.awf. It replaces legitimate files that are common on most computers with an infected file. Then, it moves the legitimate files to a bak or backup folder.
Regards Howard
This thread is for the use of CatBox only. Please don`t post your own virus/spyware problems in this thread. Instead, open a new thread in our security and the web forum.
howard_hopkinso
Posts: 21,238 +17
Your awf.txt is now clean.
However, your system is far from clean and we need to do quite a lot of work in order to achieve that.
Go and read the Viruses/Spyware/Malware, preliminary removal instructions. Follow all the instructions exactly.
Post fresh HJT, AVG Antispyware and Combofix logs as Attachments into this thread, only after doing the above.
Also, let me know the results of the Panda Antirootkit scan.
Regards Howard
This thread is for the use of CatBox only. Please don`t post your own virus/spyware problems in this thread. Instead, open a new thread in our security and the web forum.
However, your system is far from clean and we need to do quite a lot of work in order to achieve that.
Go and read the Viruses/Spyware/Malware, preliminary removal instructions. Follow all the instructions exactly.
Post fresh HJT, AVG Antispyware and Combofix logs as Attachments into this thread, only after doing the above.
Also, let me know the results of the Panda Antirootkit scan.
Regards Howard
This thread is for the use of CatBox only. Please don`t post your own virus/spyware problems in this thread. Instead, open a new thread in our security and the web forum.
howard_hopkinso
Posts: 21,238 +17
Your`s has the dubious distinction of being the worst infected machine I have ever seen.
If this doesn`t put you off using P2P networks, then nothing will.
Follow all the instructions below Exactly.
Delete all files in AVG Antispyware quarantine.
Go to add remove programmes in your control panel and uninstall anything to do with(if there).
viewpoint
viewpoint manager
viewpoint toolbar
AntispyStorm
WindowsUpdate
BraveSentry
Close control panel.
Click start/run and type services.msc into the run box and press the enter key.
When the window appears, maximise it. Double click on the following services(if there) and select stop if they are running. Set the startup type to disabled. Click apply/ok for each service you disable.
Viewpoint Manager Service
Close the services window.
Open notepad and copy/paste the text in the code box below into it:
NOTE* make sure to only highlight and copy what is inside the quote box nothing out side of it.
Also ..
Pay particular attention to this :-
Make sure the word File:: is on the first line of the text file you save (no blank line above it, & no space in front of it)
Code:
Save this as CFScript.txt
Then drag the CFScript.txt into ComboFix.exe as you see in the screenshot below.
This will start ComboFix again. After reboot, (in case it asks to reboot), post the contents of Combofix.txt in your next reply together with a fresh HJT log.
Please open notepad and and copy and paste next bold in it:
(don't forget to copy and paste REGEDIT4)
Doubleclick on it and when it asks you if you want to merge the contents to the registry, click yes/ok.
Regards Howard
This thread is for the use of CatBox only. Please don`t post your own virus/spyware problems in this thread. Instead, open a new thread in our security and the web forum.
If this doesn`t put you off using P2P networks, then nothing will.
Follow all the instructions below Exactly.
Delete all files in AVG Antispyware quarantine.
Go to add remove programmes in your control panel and uninstall anything to do with(if there).
viewpoint
viewpoint manager
viewpoint toolbar
AntispyStorm
WindowsUpdate
BraveSentry
Close control panel.
Click start/run and type services.msc into the run box and press the enter key.
When the window appears, maximise it. Double click on the following services(if there) and select stop if they are running. Set the startup type to disabled. Click apply/ok for each service you disable.
Viewpoint Manager Service
Close the services window.
Open notepad and copy/paste the text in the code box below into it:
NOTE* make sure to only highlight and copy what is inside the quote box nothing out side of it.
Also ..
Pay particular attention to this :-
Make sure the word File:: is on the first line of the text file you save (no blank line above it, & no space in front of it)
Code:
Save this as CFScript.txt
Then drag the CFScript.txt into ComboFix.exe as you see in the screenshot below.
This will start ComboFix again. After reboot, (in case it asks to reboot), post the contents of Combofix.txt in your next reply together with a fresh HJT log.
Please open notepad and and copy and paste next bold in it:
(don't forget to copy and paste REGEDIT4)
Save this as "fix.reg" Choose to save as *all files and place it on your desktop.
Doubleclick on it and when it asks you if you want to merge the contents to the registry, click yes/ok.
Regards Howard
This thread is for the use of CatBox only. Please don`t post your own virus/spyware problems in this thread. Instead, open a new thread in our security and the web forum.
CF/HJT logs
I'd rather have reformatted it, hindsight being 20/20. Apparently their children click on any popup they see, and when things started to go from bad to worse, my brother-in-laws friend started clicking on all of those zany antispyware popups.
When I saved the log from CF after dropping the text I had copied, the log was 1229kb or something to that effect. Too big to attach, so I ran CF again and then HJT again, here are the logs. I appreciate all the help Howard.
I'd rather have reformatted it, hindsight being 20/20. Apparently their children click on any popup they see, and when things started to go from bad to worse, my brother-in-laws friend started clicking on all of those zany antispyware popups.
When I saved the log from CF after dropping the text I had copied, the log was 1229kb or something to that effect. Too big to attach, so I ran CF again and then HJT again, here are the logs. I appreciate all the help Howard.
howard_hopkinso
Posts: 21,238 +17
Definitely starting to look better.
Open notepad and copy/paste the text in the code box below into it:
NOTE* make sure to only highlight and copy what is inside the quote box nothing out side of it.
Also ..
Pay particular attention to this :-
Make sure the word File:: is on the first line of the text file you save (no blank line above it, & no space in front of it)
Code:
Save this as CFScript.txt
Then drag the CFScript.txt into ComboFix.exe as you see in the screenshot below.
This will start ComboFix again. After reboot, (in case it asks to reboot), post the contents of Combofix.txt in your next reply together with a fresh HJT log.
Regards Howard
This thread is for the use of CatBox only. Please don`t post your own virus/spyware problems in this thread. Instead, open a new thread in our security and the web forum.
Open notepad and copy/paste the text in the code box below into it:
NOTE* make sure to only highlight and copy what is inside the quote box nothing out side of it.
Also ..
Pay particular attention to this :-
Make sure the word File:: is on the first line of the text file you save (no blank line above it, & no space in front of it)
Code:
Save this as CFScript.txt
Then drag the CFScript.txt into ComboFix.exe as you see in the screenshot below.
This will start ComboFix again. After reboot, (in case it asks to reboot), post the contents of Combofix.txt in your next reply together with a fresh HJT log.
Regards Howard
This thread is for the use of CatBox only. Please don`t post your own virus/spyware problems in this thread. Instead, open a new thread in our security and the web forum.
howard_hopkinso
Posts: 21,238 +17
I did actually stop doing HJT log etc for a while. However, it quickly became apparent that my services were required, so I came out of retirement and here I am lol.
However, I hope this is only temporary and as soon as someone comes along to replace me, I intend to go back into retirement, or at the very least, seriously cut back on the amount I do in this forum.
You might want to copy and paste these instructions into a notepad file. Then you can have the file open in safe mode, so you can follow the instructions easier.
Boot into safe mode, under your normal user name(NOT THE ADMINISTRATOR ACCOUNT). See how HERE.
In Windows Explorer, turn on "Show all files and folders, including hidden and system". See how HERE.
Open your task manager, by holding down the ctrl and alt keys and pressing the delete key.
Click on the processes tab and end process for(if there).
mstaskmgr.exe
noskrnl.exe
Close task manager.
Run HJT with no other programmes open(except notepad). Click the scan button. Have HJT fix the following, by placing a tick in the little box next to(if there).
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O4 - HKUS\S-1-5-19\..\Run: [mstaskmgr.exe] C:\WINDOWS\system32\mstaskmgr.exe (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-19\..\Run: [noskrnl] C:\WINDOWS\noskrnl.exe (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [mstaskmgr.exe] C:\WINDOWS\system32\mstaskmgr.exe (User 'NETWORK SERVICE')
O16 - DPF: {D4323BF2-006A-4440-A2F5-27E3E7AB25F8} - http://a532.g.akamai.net/f/532/6712/5m/virtools.download.akamai.com/6712/player/ install/installer.exe
O16 - DPF: {D8EE8DC0-F193-11D0-B1E5-08005A885319} (MicroX Persistent Mainframe Display Control) - https://calltaking2.workathomeagent.net/walldata/curVersion/hostexpress.cab
O16 - DPF: {DA80E089-4648-43D5-93B4-7F37917084E6} (CacheManager.CacheManagerCtrl) - http://www.candystand.com/assets/activex/virtools/CacheManager.CAB
O16 - DPF: {F10C33E8-4EC0-4369-B365-730450CF5A09} (CPlayFirstDDTumsControl Object) - http://www.gamehouse.com/games/DinerDash.cab
Click on the fix checked button.
Close HJT.
Locate and delete the following bold files and/or folders(if there).
C:\WINDOWS\noskrnl.exe
C:\WINDOWS\system32\mstaskmgr.exe
C:\qoobox
Reboot into normal mode and rehide your protected OS files.
Post a fresh HJT log.
Regards Howard
This thread is for the use of CatBox only. Please don`t post your own virus/spyware problems in this thread. Instead, open a new thread in our security and the web forum.
However, I hope this is only temporary and as soon as someone comes along to replace me, I intend to go back into retirement, or at the very least, seriously cut back on the amount I do in this forum.
You might want to copy and paste these instructions into a notepad file. Then you can have the file open in safe mode, so you can follow the instructions easier.
Boot into safe mode, under your normal user name(NOT THE ADMINISTRATOR ACCOUNT). See how HERE.
In Windows Explorer, turn on "Show all files and folders, including hidden and system". See how HERE.
Open your task manager, by holding down the ctrl and alt keys and pressing the delete key.
Click on the processes tab and end process for(if there).
mstaskmgr.exe
noskrnl.exe
Close task manager.
Run HJT with no other programmes open(except notepad). Click the scan button. Have HJT fix the following, by placing a tick in the little box next to(if there).
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O4 - HKUS\S-1-5-19\..\Run: [mstaskmgr.exe] C:\WINDOWS\system32\mstaskmgr.exe (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-19\..\Run: [noskrnl] C:\WINDOWS\noskrnl.exe (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [mstaskmgr.exe] C:\WINDOWS\system32\mstaskmgr.exe (User 'NETWORK SERVICE')
O16 - DPF: {D4323BF2-006A-4440-A2F5-27E3E7AB25F8} - http://a532.g.akamai.net/f/532/6712/5m/virtools.download.akamai.com/6712/player/ install/installer.exe
O16 - DPF: {D8EE8DC0-F193-11D0-B1E5-08005A885319} (MicroX Persistent Mainframe Display Control) - https://calltaking2.workathomeagent.net/walldata/curVersion/hostexpress.cab
O16 - DPF: {DA80E089-4648-43D5-93B4-7F37917084E6} (CacheManager.CacheManagerCtrl) - http://www.candystand.com/assets/activex/virtools/CacheManager.CAB
O16 - DPF: {F10C33E8-4EC0-4369-B365-730450CF5A09} (CPlayFirstDDTumsControl Object) - http://www.gamehouse.com/games/DinerDash.cab
Click on the fix checked button.
Close HJT.
Locate and delete the following bold files and/or folders(if there).
C:\WINDOWS\noskrnl.exe
C:\WINDOWS\system32\mstaskmgr.exe
C:\qoobox
Reboot into normal mode and rehide your protected OS files.
Post a fresh HJT log.
Regards Howard
This thread is for the use of CatBox only. Please don`t post your own virus/spyware problems in this thread. Instead, open a new thread in our security and the web forum.
howard_hopkinso
Posts: 21,238 +17
Well done, your HJT log is now clean.
Turn off system restore.(XP/ME only) See how HERE.
Now, turn system restore back on. This will have deleted all your old restore points and any nasties that are in them. It will also have created a new, clean restore point.
If you have any further virus/spyware problems, please post in this thread.
Regards Howard
This thread is for the use of CatBox only. Please don`t post your own virus/spyware problems in this thread. Instead, open a new thread in our security and the web forum.
Turn off system restore.(XP/ME only) See how HERE.
Now, turn system restore back on. This will have deleted all your old restore points and any nasties that are in them. It will also have created a new, clean restore point.
If you have any further virus/spyware problems, please post in this thread.
Regards Howard
This thread is for the use of CatBox only. Please don`t post your own virus/spyware problems in this thread. Instead, open a new thread in our security and the web forum.
howard_hopkinso
Posts: 21,238 +17
You might want to copy and paste these instructions into a notepad file. Then you can have the file open in safe mode, so you can follow the instructions easier.
Boot into safe mode, under your normal user name(NOT THE ADMINISTRATOR ACCOUNT). See how HERE.
In Windows Explorer, turn on "Show all files and folders, including hidden and system". See how HERE.
Click start/run and type services.msc into the run box and press the enter key.
When the window appears, maximise it. Double click on the following services(if there) and select stop if they are running. Set the startup type to disabled. Click apply/ok for each service you disable.
WebClient WebClientSysmonLog (WebClientSysmonLog)
Close the services window.
Open your task manager, by holding down the ctrl and alt keys and pressing the delete key.
Click on the processes tab and end process for(if there).
6to4svcn.exe
netcfgx32.exe
vsndo763.exe
Close task manager.
Run HJT with no other programmes open(except notepad). Click the scan button. Have HJT fix the following, by placing a tick in the little box next to(if there).
O4 - HKLM\..\Run: [SNDO763] C:\WINDOWS\vsndo763.exe
O4 - HKCU\..\Run: [Paradyne ADSL Network Driver V2.3] C:\WINDOWS\netcfgx32.exe
O23 - Service: WebClient WebClientSysmonLog (WebClientSysmonLog) - Unknown owner - C:\WINDOWS\system32\6to4svcn.exe (file missing)
Click on the fix checked button.
Close HJT.
Locate and delete the following bold files and/or folders(if there).
C:\WINDOWS\system32\6to4svcn.exe
C:\WINDOWS\netcfgx32.exe
C:\WINDOWS\vsndo763.exe
Reboot into normal mode and rehide your protected OS files.
Go HERE, download and install the latest version of Java.
Once it`s installed, go to add remove programmes in your control panel and uninstall all previous versions of Java, except version 6 update 3. Close Control panel.
Post fresh HJT and Combofix logs.
Regards Howard
This thread is for the use of CatBox only. Please don`t post your own virus/spyware problems in this thread. Instead, open a new thread in our security and the web forum.
Boot into safe mode, under your normal user name(NOT THE ADMINISTRATOR ACCOUNT). See how HERE.
In Windows Explorer, turn on "Show all files and folders, including hidden and system". See how HERE.
Click start/run and type services.msc into the run box and press the enter key.
When the window appears, maximise it. Double click on the following services(if there) and select stop if they are running. Set the startup type to disabled. Click apply/ok for each service you disable.
WebClient WebClientSysmonLog (WebClientSysmonLog)
Close the services window.
Open your task manager, by holding down the ctrl and alt keys and pressing the delete key.
Click on the processes tab and end process for(if there).
6to4svcn.exe
netcfgx32.exe
vsndo763.exe
Close task manager.
Run HJT with no other programmes open(except notepad). Click the scan button. Have HJT fix the following, by placing a tick in the little box next to(if there).
O4 - HKLM\..\Run: [SNDO763] C:\WINDOWS\vsndo763.exe
O4 - HKCU\..\Run: [Paradyne ADSL Network Driver V2.3] C:\WINDOWS\netcfgx32.exe
O23 - Service: WebClient WebClientSysmonLog (WebClientSysmonLog) - Unknown owner - C:\WINDOWS\system32\6to4svcn.exe (file missing)
Click on the fix checked button.
Close HJT.
Locate and delete the following bold files and/or folders(if there).
C:\WINDOWS\system32\6to4svcn.exe
C:\WINDOWS\netcfgx32.exe
C:\WINDOWS\vsndo763.exe
Reboot into normal mode and rehide your protected OS files.
Go HERE, download and install the latest version of Java.
Once it`s installed, go to add remove programmes in your control panel and uninstall all previous versions of Java, except version 6 update 3. Close Control panel.
Post fresh HJT and Combofix logs.
Regards Howard
This thread is for the use of CatBox only. Please don`t post your own virus/spyware problems in this thread. Instead, open a new thread in our security and the web forum.
howard_hopkinso
Posts: 21,238 +17
catchme.exe is a rootkit scanner that`s built into Combofix.
Your HJT log is clean. However, you`re running both Avast and AVG Antivirus programmes. Please uninstall one of them immedately, as running more than one AV programme can cause serious conflicts.
.
Open notepad and copy/paste the text in the code box below into it:
NOTE* make sure to only highlight and copy what is inside the quote box nothing out side of it.
Also ..
Pay particular attention to this :-
Make sure the word File:: is on the first line of the text file you save (no blank line above it, & no space in front of it)
Code:
Save this as CFScript.txt
Then drag the CFScript.txt into ComboFix.exe as you see in the screenshot below.
This will start ComboFix again. After reboot, (in case it asks to reboot), post the contents of Combofix.txt in your next reply together with a fresh HJT log.
Regards Howard
This thread is for the use of CatBox only. Please don`t post your own virus/spyware problems in this thread. Instead, open a new thread in our security and the web forum.
Your HJT log is clean. However, you`re running both Avast and AVG Antivirus programmes. Please uninstall one of them immedately, as running more than one AV programme can cause serious conflicts.
.
Open notepad and copy/paste the text in the code box below into it:
NOTE* make sure to only highlight and copy what is inside the quote box nothing out side of it.
Also ..
Pay particular attention to this :-
Make sure the word File:: is on the first line of the text file you save (no blank line above it, & no space in front of it)
Code:
Save this as CFScript.txt
Then drag the CFScript.txt into ComboFix.exe as you see in the screenshot below.
This will start ComboFix again. After reboot, (in case it asks to reboot), post the contents of Combofix.txt in your next reply together with a fresh HJT log.
Regards Howard
This thread is for the use of CatBox only. Please don`t post your own virus/spyware problems in this thread. Instead, open a new thread in our security and the web forum.
