patched.fl/fm

Hi there and welcome. I am currently reviewing your logs and will get back to you with a set of instructions in the next post I make to you.

 

Delete these old avg8 remnants:

Also delete all files in the below bold folders except ones from the current date (Windows will not let you delete the files from the current day).

Now run Ccleaner. Only use the Run Cleaner button. Do not run anything else on any other forms.

Now why did you not run Combofix, for I do see it on your desktop. Please run it now at this point as per the instructions in the R&R.

Your Mglogs.zip was missing a hijackthis log. When you run MGTools.exe after a little while you will get a window opening asking you to agree to the Trend Micro HJT license. There's a bug and you have to click on "accept" TWICE.

So... double click the C:\MGTools.exe to run it again and then attach the C:\Mglogs.zip once done.

Let me know how things are running now please?

 

Then try renaming combofix to kestrel.com and see if it runs then. If NOT, reboot into safe mode and give it a shot, let me know. But I start work soon so will reply when I can.

 

Without seeing the log from combofix (which aids in helping us see which files are infected,) it's harder to work up an initial fix.

I want you to run a full system scan with Avast soon, not yet, but soon.

O20 - Winlogon Notify: Antiwpa - antiwpa.dll (file missing) <--- I see this in your logs

Please disable all anti-virus and anti-spyware programs while we do the following (re-enable when you are finished):

Run C:\MGtools\analyse.exe by double clicking on it (Note: if using Vista, don't double click, use right click and select Run As Administrator). This is really HijackThis (select Do a system scan only) and select the following lines but DO NOT CLICK FIX until you exit all browser sessions including the one you are reading in right now:

After clicking Fix exit HJT.


Now Copy the bold text below to notepad. Save it as fixME.reg to your desktop. Be sure the "Save as" type is set to "all files" Once you have saved it double click it and allow it to merge with the registry.

Make sure that you tell me if you receive a success message about adding the above
to the registry. If you do not get a success message, it definitely did not work.

Please run a scan with this: Norman Malware Cleaner

Then after another reboot, see if you are still having problems. Also se if you can get a log from Norman to attach. Ignore any messages about items in the QooBox folder (from ComboFix) or in the MGtools folder being infected.

Now run this in safe mode with networking:

Using ESET's Online Scanner

Now run a full system scan with avast, let me know what it reports (Again ignore anything about MGTools.)