Trojan Horse Agent_r.xj...again

Hello, leprekan

I am reviewing your logs and will get back to you with instructions as needed. Please be patient as the logs produce alot of information to go over.

dr.m

 

Hello again, leprekan

Please download the below file to your Desktop. Once saved on your Desktop, Right click on it and select Install.
EXEfix

Then see if you can run EXE files.

*You are out of date with your version of SUPERAntiSpyware.

• Please uninstall your current version (this is necessary).
• Then download this SUPERAntiSpyware
• Install this new version. It may tell you that you need to reboot to complete the installation. You must reboot at this time.
• After the reboot, run SUPERAntiSpyware and immediately click the Check for Updates button to get more updates for the database.
• Now run a new "Quick scan" of your system. And attach this new log.

Also, your Malwarebytes version is outdated. "Open" Malwarebytes > click on the "Update" tab then "Check for updates". After updating to the latest version and definitions - perform a new "Quick scan" and attach that new log.

Please look in Add/Remove Programs (Programs and Features if using Vista or Windows 7) for the following and uninstall if found. If you get any errors just make a note and continue on.

Please disable all anti-virus and anti-spyware programs while we do the following (re-enable when you are finished):

Run this Disable/Remove Windows Messenger to remove Windows Messenger. Do not confuse Windows Messenger with MSN Messenger because they are not the same. Windows Messenger is a frequent cause of popups.

Run C:\MGtools\analyse.exe by double clicking on it (Note: if using Vista, don't double click, use right click and select Run As Administrator). This is really HijackThis (select Do a system scan only) and select the following lines but DO NOT CLICK FIX until you exit all browser sessions including the one you are reading in right now:

After clicking Fix, exit HJT.

Now download The Avenger by Swandog469, and save it to your Desktop.

• Extract avenger.exe from the Zip file and save it to your desktop
• Run avenger.exe by double-clicking on it.
• Do not change any check box options!!
• Copy everything in the Quote box below, and paste it into the "Input script here:" part of the window.

• Now click the Execute button.
• Click Yes to the prompt to confirm you want to execute.
• Click Yes to the "Reboot now?" question that will appear when Avenger finishes running.
• Your PC should reboot, if not, reboot it yourself.
• A log file from Avenger will be produced at C:\avenger.txt and it will popup for you to view when you login after reboot.

Please download SystemLook from one of the links below and save it to your Desktop.
Download Mirror #1
Download Mirror #2

• Double-click SystemLook.exe to run it.
• Copy the content of the following codebox into the main textfield:
  
  Code:

  [b]:file
  C:\Documents and Settings\All Users\Application Data\1957920475[/b]
  

• Click the Look button to start the scan.
• When finished, a notepad window will open with the results of the scan. Please attach this log in your next reply.

Note: The log can also be found on your Desktop entitled SystemLook.txt

Delete all files and subfolders in the below folders except ones from the current date (Windows will not let you delete the files from the current day).

Now install the latest Sun Java Runtime Environment

*Now, please make sure that your system is in "Normal Startup Mode" and remains there if possible.

Then run the C:\MGtools\GetLogs.bat file by double clicking on it (Note: if using Vista or Windows 7, use right click and select Run As Administrator).

Please attach the new C:\MGlogs.zip and the SystemLook.txt to your next reply.

* Make sure you tell me if you had any problems running this procedure; and answer this - "What malware problems are you still experiencing?"

dr.m