Hi
Start hjt, do a system scan, check (if found):
O15 - Trusted Zone: *.amaena.com
O15 - Trusted Zone: *.avsystemcare.com
O15 - Trusted Zone: *.onerateld.com
O15 - Trusted Zone: *.safetydownload.com
O15 - Trusted Zone: *.trustedantivirus.com
O15 - Trusted Zone: *.virusschlacht.com
O15 - Trusted Zone: *.amaena.com (HKLM)
O15 - Trusted Zone: *.avsystemcare.com (HKLM)
O15 - Trusted Zone: *.onerateld.com (HKLM)
O15 - Trusted Zone: *.safetydownload.com (HKLM)
O15 - Trusted Zone: *.trustedantivirus.com (HKLM)
O15 - Trusted Zone: *.virusschlacht.com (HKLM)
Close browsers before clicking 'fix checked'.
Open notepad and copy/paste the text in the quotebox below into it:
Code:File:: C:\WINDOWS\system32\pkuybyiq.ini C:\WINDOWS\system32\jvasnuvy.ini C:\WINDOWS\system32\cqxaufus.ini C:\WINDOWS\system32\fckdjvkq.ini Registry:: [-HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\cbxxyaw]
Save this as
CFScript (overwrite previous one)
Refering to the picture above, drag CFScript into ComboFix.exe
Then post ComboFix log & a fresh hjt log.
Combofix should never take more that 20 minutes including the reboot if malware is detected.
If it does, open Task Manager then Processes tab (press ctrl, alt and del at the same time) and end any processes of findstr, find, sed or swreg, then combofix should continue.
If that happened we want to know, and also what process you had to end.