Lets run these through the Avenger Program, if you saved it then disregard the download link
1. Please download The Avenger by Swandog46 to your Desktop.
- Click on Avenger.zip to open the file
- Extract avenger.exe to your desktop
2. Copy all the text contained in the code box below to your Clipboard by highlighting it and pressing (Ctrl+C):
Code:Files to Delete: C:\dnsbak.reg C:\WINDOWS\SYSTEM32\arpl.exe C:\WINDOWS\SYSTEM32\spoolvs.exe C:\WINDOWS\SYSTEM32\tmp.reg C:\WINDOWS\system32\xlibgfl254.dll C:\DOCUMEnts and settings\COLIN wells\APPLICation data\xxx.exe C:\DOCUMEnts and settings\COLIN wells\APPLICation data\update9999.exe
Note: the above code was created specifically for this user. If you are not this user, do NOT follow these directions as they could damage the workings of your system.
3. Now, start The Avenger program by clicking on its icon on your desktop.4. The Avenger will automatically do the following:
- Under "Script file to execute" choose "Input Script Manually".
- Now click on the Magnifying Glass icon which will open a new window titled "View/edit script"
- Paste the text copied to clipboard into this window by pressing (Ctrl+V).
- Click Done
- Now click on the Green Light to begin execution of the script
- Answer "Yes" twice when prompted.
5. Please copy/paste the content of c:\avenger.txt into your reply along with a fresh HJT log by using Add/Reply
- It will Restart your computer. ( In cases where the code to execute contains "Drivers to Unload", The Avenger will actually restart your system twice.)
- On reboot, it will briefly open a black command window on your desktop, this is normal.
- After the restart, it creates a log file that should open with the results of Avenger’s actions. This log file will be located at C:\avenger.txt
- The Avenger will also have backed up all the files, etc., that you asked it to delete, and will have zipped them and moved the zip archives to C:\avenger\backup.zip.
Download and Save the Trial of Blacklight to your desktop.
- Download the Blacklight Beta graphical user interface version
- Double-click blbeta.exe
- Then accept the agreement
- Click > scan then > next
- You'll see a list of all items found. There will also be a log on your desktop with the name fsbl.xxxxxxx.log (the xxxxxxx stand for numbers).
- Copy and paste this log in your next reply.
- Don't choose the rename option yet! I want to see the log first, because legitimate items can also be present there, such as "wbemtest.exe"
Let me see the Avenger log and the Blacklight log please