Brave Sentry infection....HELP!!

My computer has a Brave Sentry infection. I've tried to follow the SpyFalcon removal, but in safe mode, the only thing I can't get to any files... Nothing shows on the desktop, even the start menu. Any ideas? :confused

 

Ran the SpywareQuake & SpyFalcon Removal Procedure as best I could. Have a few notes on it tho.

1. Could not run Safe Mode. When I tried, no icons showed on the desktop & no taskbar/start menu showed on the bottom of the screen. Got into task manager and tried to start Windows Explorer through that. Clicked the New Task button, typed explorer.exe, and nothing happened. Repeated, then clicked the processes tab, and it started, then shutdown.

2. I found no fileds from the initial list (the DLL to DDD list) or from the second one (after running RunThis.bat).

3. Found and deleted to additional files from these locations:

C:\PROGRAM FILES\BRAVE SENTRY
C:\DOCUMENTS & SETTINGS\INTERNET 2([CURRENT USER])\START MENU\PROGRAMS\BRAVE SENTRY - had to perform this one twice, as the first time I deleted it, explorer.exe shutdown.​

My computer appears to still be infected w/ Brave Sentry

What next?

 

Ran READ & RUN ME FIRST. Here are my notes from it.

1. Can not connect to the internet. Attempted to set up a connection, and the New Connection Wizard runs, but no connection appears.

2. I am unable to move files. The cut/copy functions appear to be inop.

3. Had to run ComboFix.exe from my E: drive (flash drive).

4. Spybot S&D would not install. Received error message:

Error sending request. The server name or address could not be resolved.​

As a result, could not run.

5. Was unable to update AVG Antispyware

6. Was unable to move MGTools.exe to my C: drive, so did not run since you stressed that it was critical to save to the C: drive root folder. Had an older version of MGTools (getrunkey.bat & shownew.bat separately) already saved to C: drive. Ran those instead.​

My taskbar still does not show up; however, I don't seem to be having a problem w/ Brave Sentry anymore. I haven't seen the error message all morning. Where do I go from here?

 

This is the computer's current status & the answers to your previous questions:

1. The taskbar is still not showing, and I can not access it or the Start menu.​

2. Cut/Copy/Paste/Move functions inop thru Windows. Am able to use them in DOS.​

3. Am not able to use Search, Troubleshooters, or create a new Network Connection.​

4. Have now seen this message twice:

Data Execution Prevention - Microsoft Windows​

To help protect your computer, Windows has closed this program.​

Name: Windows​

Publisher; Microsoft Corporation​

Followed by a Windows Explorer has encountered a problem..... message. Then the desktop goes blank for about a minute.​

5. In Safe Mode, the desktop is still empty. The only way I can run programs is thru the Task Manager. Explorer.exe will run, but no window will open (I know it is running, b/c I can see it on the processes tab of Task Manager.​

Have been downloading programs to my flash drive then using my flash drive to install programs on the infected computer. I did figure out that I can move files in the DOS prompt. I have attached MGlogs.zip.​

Ran the fixME.reg file, and found and deleted these files:

C:\WINDOWS\system32\vupltxj.dll​

C:\WINDOWS\system32\fujhjeb.dll​

Noticed this entry: c:\qoobox. Should I be concerned about this?

 

I would like to take this time to say, "I didn't do it! It wasn't me!!" This is a work computer that has been passed off to me because no one else could fix it. I'm fairly certain tho that there was some misguided downloading & some non-work web surfing going on.

I removed a bunch of junk programs initially; however, I didn't delete anything w/o making sure that it didn't need to be there. A lot of the damage done to Windows was already done when I got it. I was actually hoping that part of the O/S was being supressed somehow & that cleaning it would solve that.

I'm pretty sure this pc was used for internet sales.

From going thru the old emails in Outlook(yahoo email address), there appears to be some customer info (mostly name, address, phone, email), but there is at least one that has the full deal (SSN, DOB).

The pc has been disconnected from the internet for almost a year. I will follow your recommendations on formatting & reinstalling tho. I'm willing to try your instructions to clean it, but if you think it would be a wiser course of action to just wipe it & start over I will do that.

As far as having other PCs networked to this one, what are the risks to other PCs if there was a central server with other PCs connected?

Please let me know your opinion asap.

 

I don't have a lot of experience w/ any of that, at least not with an entire O/S. I'm not sure what you mean by partition/repartition. Could you give me any tips or instructions?

Unfortunately, I have tried to warn them about that in the past & noone has wanted to spend the money on it. The PCs that are protected are because the individual user has downloaded antivirus/antispyware software on their own. However, I will run READ ME on 1 or 2 other PCs and get back to you ASAP.

Thanks a bunch!

 

Ran READ ME on another computer on the network. I know this one previously had avast on it, but it seems to be conspicuously absent now. Other than being unnaturally slow for having 1GB of RAM, it doesn't seem to have too many problems with it, and it certainly doesn't have anywhere near the issues of the first computer. Regardless, I have attached the scan log files. Please let me know if I need to take any further steps. Thanks!