These virus are stopping you from going to google search and few other sites but I have tried resetting Tcip Stack, ran Combo Fix twice and removed a load of crap I have also ran Malwarebytes and full Avast Scan and found nothing.
Does anyone know what these are and how to remove them without reformatting PC
Know I dont have the log file for combo fix I deleted it in process of trying to clean this machine up worked on this for about 3 hours altogether over last couple of days about to tell them im going to have to wipe it out has I have not been able to find any way of removing them.
Download ComboFixfrom here and save it to your Desktop.
If you are unsure how ComboFix works please read this guide carefully. note: ComboFix must be downloaded to your Desktop.
Temporarily disable your AntiVirus program.
If you are unsure how to do this please read this Instruction.
How to disable avast:
[*]Right-click on the avast! icon in the lower right corner of the screen and choose Open Avast! User Interface.
[*]In the window that opens on the top right corner, click Settings.
[*]In a new window that opens, choose the option Troubleshooting, Uncheck Enable avast! self-defense, and click OK.
[*]Right-click on the avast! icon in the lower right corner of the screen and select avast! shield controls .
[*]In the menu that appears, choose Disable Permanently. When you are prompted to turn off security, click Yes.
Note: Do not forget to turn on this option after the cleaning.
Run ComboFix. Click on I Agree!
ComboFix will check if there is a newer version of ComboFix available.
Click Yes if prompted to download.
ComboFix will display DISCLAIMER OF WARRANTY ON SOFTWARE.
Click Yes to allow ComboFix to continue.
If Recovery Console is not installed, ComboFix will offer download & installation.
Click Yes to allow ComboFix to install Recovery Console.
Note:Do not mouse-click Combofix’s window while it is running.
When the tool is finished, it will produce a log report for you. (typical location: C:[b]ComboFix.txt[/b] )
Attach log reports ( ComboFix.txt) back to topic.
[*]Re-run TDSSKiller.exe and click on Change parametres.
[*]Under Additional options check the boxes next to Verify Driver Digital Signature and Detect TDLFS file system, then click OK
[*]Click on Start Scan.
[*]If an infected file is detected, the default action will be Cure, click on
[*]If a suspicious file is detected, the default action will be Skip, click on Continue.
[*]It may ask you to reboot the computer to complete the process. Click on Reboot Now.
[*]Click the Report button and copy/paste the contents of it into your next reply Note:It will also create a log in the [b]C:[/b] directory.
Re-run Combofix and attach here fresh Combofix.txt log
Ok here is the report i had to attach it as a file also i uninstalled Avast and installed AVIRA and ran it it found 3 virus ill attach that log file could it be that Avast itself had got infected. I will re run combofix and post.
Close all browser windows and refering to the picture above.
Referring to the screenshot above, drag CFScript.txt into ComboFix.exe.
ComboFix will will re-run. When finished, it will produce a log for you.
Attach the contents of the log in your next reply. (typical location: C:[b]ComboFix.txt[/b] )
well for one I have to have this PC back tomorrow for the buisness im working on Avira is already uninstalled just trying to fined out what these are so that i can remove them I have been a Avast fan for many years and always recommend Avast ive never saw this on a pc that runs avast cause i have never been infected using Avast will have results shortly.
Well still having intermitting conection issues with some sites I havnt saw Avast block those url right now but first time I ran combofix it fixed issues for about 20 mins then they came back so right now im doing a scan with Avast agian to see if it locates anything do you have any ideal what those were coming from and did I get them removed with any of the stuff we done.
The Avast scan didnt show anything but RogueKiller found the host file is pointing to 127.0.0.1 agian and it hadnt been i attached the log file. If i go to windows system32/drivers/etc and open the host file all it shows it 127.0.0.1 localhost it dont look like any other host file i look at.
[*]Re-run TDSSKiller.exe and click on Change parametres.
[*]Under Additional options check the boxes next to Verify Driver Digital Signature and Detect TDLFS file system, then click OK
[*]Click on Start Scan.
[*]If an infected file is detected, the default action will be Cure, click on
[*]If a suspicious file is detected, the default action will be Skip, click on Continue.
[*]It may ask you to reboot the computer to complete the process. Click on Reboot Now.
[*]Click the Report button and copy/paste the contents of it into your next reply Note:It will also create a log in the [b]C:[/b] directory.