Computer Infected please help I got the logs!

Please attach the entire C:\MGLogs.zip, not individual logs. We also still need the logs from running:

SAS
MBAM

Now do this:
Download and run Win32kDiag per the below instructions:

• Download this Win32kDiag and save to C:\Win32kDiag.exe. You must save it here!!!!
• Click on Start->Run, and copy-paste the following command (the bolded text) into the "Open" box, and click OK. When it's finished, there will be a log called Win32kDiag.txt on your desktop. Please attach this log

C:\win32kdiag.exe -f -r



Now download Junction,zip to your Windows folder

• Please download Junction.zip and save it to your Windows folder (i.e, C:\Windows\Junction.zip This assumes C:\ is your Windows boot drive.)
• Now unzip it and put junction.exeinto the Windows folder (i.e., C:\Windows\junction.exe)
• Do not try to run it right now. We will run something that uses it later.

Now we need to reset the permissions altered by the malware on some files.

• Download and save inhertit.exe to your Desktop: Inherit.exe
• It must be in your Desktop or the below fix will not work!

Now run the C:\MGtools\FixPerm.bat file by double clicking on it (Note: if using Vista, don't double click, use right click and select Run As Administrator).

• A command prompt window opens and also a license agreement from SysInternals will appear for Junction.
• Accept the license agreement and the scan will begin.
• Wait until it finishes we can take a while to run since it scans your whole harddisk. e patient and don't do anything else while it is scanning.
• The command prompt window should close when it finishes.
• While this is running, you will get several/many popups that have a title Finish and say OK. Just click the OK button each time. This is an indication that it has found a file and has attempted to fix permissions. Depending on how many files that need to be fixed, you could get only a few or many of these popups.

And one more scanning tool I want to use to collect more information is OTL per the below.

Please download OTL by Old Timer to your desktop.
See the download links under this icon: http://forums.majorgeeks.com/chaslang/images/MGDownloadLoc.gif

1. Double-click OTL.exe to run (Vista and Win7 right click and select Run as Administrator)
2. When OTL opens, change the Output (at the top-right portion of the program) to Minimal Output.
3. Put check-marks in LOP Check and Purity Check.
4. Now click the http://img171.imageshack.us/img171/2405/runscanotl.png button.

• When the scan is complete, two logs entitled OTL.txt and Extras.txt will be created on your desktop.
• Attach both of these logs to your next message.

 

Please Disable Spybot's TeaTimer --> Should have been done as per the R&R instructions!

* Run Spybot and click Mode
* Select Advanced Mode.
* Then click Tools and select Resident.
* Now in the right window pane, uncheck TeaTimer.
* Also while this is open, in the left column now select IE Tweaks
* and then in the right pane make sure all the Miscellaneous locks are unchecked.
* Now quit Spybot!