Help Wanted with Recovery Plan

The information posted in threads to Tasmus were easy to follow and greatly appreciated -- thank you. I have run the preliminary diagnostics and will attach logs, please help with eradication. Thank you in advance for your time and help.

 

The remaining logs are attached. Thanks again.

 

Thank you for the quick response Tim, I appreciate the speed.

The questioned file on the desktop is a downloaded update from AVG -- I had to begin downloading the updates from AVG.com, due to an invalid control file (CTF) denoted by the update manager, approximately seven days ago.

Internet connectivity continues to be interrupted with dialog box which denotes Win 32 or Generic Service Host errors. This closes or "hibernates" the connection, the system tray icon shows connectivity but status box displays for nanosecond when right click on icon and any attempt to restart IE or Outlook fails because the system is recognizing connectivity. Unplugging the phone line clears connection and a reboot is necessary to re-establish a connection.

Resident shield for AVG Free Edition 8 continues to locate Trojan Horses, Worms and Viruses. Initially I would hit heal and AVG would bring up a dialog saying specified file could not be found in 7 out of 10 occurrences. At this stage I move everything to the Virus Vault. Daily scans continue to find infections but only (1) in today's scan. Some of the Infections have included:

Trojan -- Downloader Agent.APKO, Crypt AYG / AXH / AVL / AVK,
BackDoor.IRCbot.GIY / GYM, Dropper.Bravix,
WormGeneric.QMT / _c.YH

Up to and after running diagnostics, CPU pegged at 100% but appears to have abated since this morning's scan which turned up infection of Crypt.AYG. IE connectivity interruptions with abovesaid remedy.

This evening, an attempt to double click the AT&T icon to log in and establish a dialup connection, I noticed the AT&T name on the desktop icon was changed to steversss.

Ran MGTools and attached log.

 

Attempts to follow your instructions were mixed -- I had removed Java 6 update 5 and reinstalled JRE through your link; however, (6) attempts (sessions) to run the bit defender online scan were unsuccessful. When I utilized the link provided, nothing would happen upon left clicking the "I agree" box -- I tried this (3) times. I also navigated to the bitdefender.com website and was able to start the scan on two occasions but the online scanner failed because the dialog box said the virus database could not be loaded and nothing was scanned according to the data provided in the dialog box. I attempted to use the link in your post one last time before replying and the "I agree" box would not accept the left click once again.

Any other recommendations on the bit defender issue and as a follow up -- SAS found several items including the trojans and rootkit which were placed into quarantine and I do not know how to proceed with the quarantined items in SAS or my AVG 8. Some items found in the scans appear to require file replacement from OS install disks due to their status but I'm unsure.

Thanks again for all your time and help, the time lapse between replies was because I wanted to attempt to run bitdefender's online scan (as instructed) and thought traffic may have been the cause on their website.

 

Tim,

I am utilizing IE and after many days / attempts, bit defender scan could be completed. I have attached the log and would appreciate any recommendations. Thanks again for your time, help and consideration throughout the process. I followed the instructions on how to post and thought I was consistent throughout replies, if I am in err please let me know so I can correct any improper attentions to the details. Thanks again.

 

Tim,
I am hesistant to respond but at this stage, no problems detected at the superficial level and performances of all recently accessed systems, files or programs have been satisfactory.

CPU only pegs to 100% sporadically as expected.
No alerts from AVG 8 resident shield or daily scans since 12/25.

Do I need to flush out the virus vault on AVG 8 or in SAS's quarantine? Many of the problematic areas were in the Temporary internet Files -- I have started to use the ATF - cleaner found on your site and anticipate no further problems. Several registry problems were found during this process -- can you recommend any freeware for real-time monitoring of the registry and changes to?

Thanks again for the quick response and help.

 

Tim,

Would there be any issues with gathering the Combofix, SAS and MGTools into a folder for future considerations? Should have asked in a previous post but didn't anticipate any problems from archiving for future purposes.

 

Tim,
Ran the cleaning steps and instituted some of the recommendations in the malware guide. System is functioning flawlessly without any hitches or bugs, thanks again for all your help in recovering the system and its functionality. Please close the thread at your convenience if you do not have any additional input, questions or concerns. THANKS AGAIN FOR YOUR TIMELY RESPONSES, ATTENTION TO DETAIL AND THOROUGHNESS IN YOUR REPLIES.

Steve