Please review log files

cwood911 · Nov 30, 2008

I have followed your removal procedure on my computer, do see a substantial improvement but still believe that there is a problem - wireless connection dropping, windows opening and desktop activity without reason!

Attached are the files. I would appreciate your help!

History:
I noticed that something was hijacking my computer after extended IE sessions for several weeks until I finally received a Windows Balloon Alert that there was a Trojan Virus present. I ran AVG 8.0.175 which found Dropper.Bravix.K which was removed. I activated Resident Shield which indicated several alerts of Dropper.Bravix.K, Agent.3.R and Downloader.Agent.APKL trying to hijack svchost.exe. All removed. I attempted to restore my computer to an earlier restore point but none worked!
I went to you site and ran your programs.

cwood911 · Nov 30, 2008

Last file attached!

Kestrel13! · Dec 1, 2008

Hi and welcome, we are currently reviewing your logs and will get back to you with a set of instructions as soon as we possibly can.

Thanks for your patience
Kestrel13!

Kestrel13! · Dec 2, 2008

1) If you do not use Windows Messenger Run this Disable/Remove Windows Messenger to remove Windows Messenger. Do not confuse Windows Messenger with MSN Messenger because they are not the same. Windows Messenger is a frequent cause of popups.

2) Please Disable the Guest Account through User Accounts if this hasn't already been done so.

3) Please go to Add or Remove programs and uninstall the following software:

Viewpoint Media Player

4) Now we need to use ComboFix to remove a bunch of malware files.

Make sure that combofix.exe that you downloaded while doing the READ & RUN ME is on your Desktop but Do not run it!

If it is not on your Desktop, the below will not work.

Open Notepad and copy/paste the text in the below code box into it

(make sure you scroll all the way down in the code box to get all lines selected ):
Code:
KILLALL::

File::
E:\reper.exe


Registry::
[-HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{02478D38-C3F9-4efb-9B51-7695ECA05670}]
[-HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{d40af9c8-7c99-11dd-82b2-0012f021dea7}]
[-HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{71e961bc-984d-11da-be93-0012f021dea7}]
Save the above as CFscript.txt and make sure you save it to the same location (should be on your Desktop) as ComboFix.exe

At this point, you MUST EXIT ALL BROWSERS NOW before continuing!

You should have both the ComboFix.exe and CFScript.txt icons on your Desktop.

Now use your mouse to drag CFscript.txt on top of ComboFix.exe

http://farm4.static.flickr.com/3014/3035535531_512f04c6a2_o.gif

Follow the prompts.

When it finishes, a log will be produced named c:\combofix.txt

I will ask for this log below

Note:

Do not mouseclick combofix's window while it is running. That may cause it to stall.

5) Now Run Ccleaner!

6) Also delete all files in the below folders except ones from the current date (Windows will not let you delete the files from the current day).

C:\WINDOWS\Temp

C:\Documents and Settings\claytonw\Local Settings\Temp

7) Now download the most recent version of MGTools.exe from this link here:

MGTools.exe

8) Run the program and attach the MGlogs.zip and also the log from combofix in your next post.

Thanks, Kes13!

Log in or Sign up

Please review log files

cwood911 Private E-2

Attached Files:

SUPERAntiSpyware Scan Log - 11-24-2008 - 14-52-41.log

mbam-log-2008-11-24 (18-11-13).txt

ComboFix.txt

cwood911 Private E-2

Attached Files:

MGlogs.zip

Kestrel13! Super Malware Fighter - Major Dilemma Staff Member

Kestrel13! Super Malware Fighter - Major Dilemma Staff Member