Hit by Winreanimator/Vundo, need assistance

Sometime back in late March/early April we got struck by the Winreanimator virus, due to my laziness in not updating Java/IE and my father still using IE and not Firefox. The red X showed up and refused to go away. I knew immediately that this had to be spyware and closed the installation attempts before Winreanimator got a chance to install. Then I read up a bit on the problem and tried deleting the 'braviax.exe' file through Safe Mode, and after some trial and error the red X didn't show up anymore in Normal mode. Everything was back to normal...or so I thought.

Recently the virus struck again, and this time it left quite a mark. Most of the installed programs in the Program Files folder have been wiped out, and the PC refuses to recognize any USB devices (notably my father's digital camera). The desktop was also affected, as I've had to rename certain antivirus software in order for them to run.

I printed out and followed the instructions in the RUN & READ ME FIRST guide, so I'm hoping someone can assist me in restoring the functionality of this computer. Here are the required logs:

 

And here is the MGlogs.zip:

 

Hi pgone,
Welcome to Major Geeks!

Not having updated Java could cause some vulnerability, but it is miniscule compared to the fact that you are running a computer without any windows updates, nor any antivirus program that I can see. You mentioned having to rename your antivirus. I don't see any antivirus running. Eight files came onto your computer on the 6th of May, all within the same minute, two of which have different names but are the same size. Was this a package of software meant to provide fixes? On your desktop you have a folder called cracks. If the reason for your lack of windows updates is because you're using illegal software, then it's important for you to know that there's no way to remove the vulnerabilites in the software because those vulnerabilities can't be patched and therefore there is no way to keep your computer clean. If you have any illegal software running, please remove it and then proceed as follows:

1) First of all, please do a search in Windows Explorer for the below file by clicking on start and search and in the window that opens up, click on files and folders. Type in *plorer.exe
You can narrow down the search by having it only look for .exe programs. This search should bring up explorer.exe, but it should also bring up at least one other file with a similar name. If you find the one that is not explorer.exe, I would like for you to, right-click on it and look at the properties and tell me what information is there about it.

C:\WINDOWS\system32\??plorer.exe

2) Do you know what the following two files are? If not, you can get more information about them by right-clicking on them and looking in properties. (Do not left-click on them if you don't know what they are.)

C:\Documents and Settings\Patrick.GIRON-ZQT1BLZD8\Desktop\supaspys.exe
C:\Documents and Settings\Patrick.GIRON-ZQT1BLZD8\Desktop\spibtz.exe

3) Next run C:\MGtools\analyse.exe by double clicking on it. This is really HijackThis (select Do a system scan only) and select the following lines but DO NOT CLICK FIX until you exit all browser sessions including the one you are reading in right now:

O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_06\bin\jusched.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime

After you click fix, just close hijackthis.

4) Download and install Erunt. Use it to create a backup of your registry.

5) Please copy the bold text below to notepad. Save it as fixME.reg to your desktop. Be sure the "Save as" type is set to "all files" Once you have saved it, look for it on your desktop and when you find it, double-click it and allow it to merge with the registry.

6) Now we need to use ComboFix again. Make sure it is on your Desktop.

• Make sure that combofix.exe (or cf.exe) that you downloaded while doing the READ & RUN ME is on your Desktop but Do not run it!
  • If it is not on your Desktop, the below will not work.
• Open Notepad and copy/paste the text in the below quote box into it:

Save the above as CFscript.txt and make sure you save it to the same location (should be on your Desktop) as ComboFix.exe

• At this point, you MUST EXIT ALL BROWSERS NOW before continuing!
• You should have both the ComboFix.exe and CFScript.txt icons on your Desktop.
• Now use your mouse to drag CFscript.txt on top of ComboFix.exe (cf.exe)
• Follow the prompts.
• When it finishes, a log will be produced named c:\combofix.txt
• I will ask for this log below

Note:

Do not mouseclick combofix's window while it is running. That may cause it to stall.

7) Now run Ccleaner!

8) Now run the C:\MGtools\GetLogs.bat file by double clicking on it and attach the fresh MGlogs.zip it generates along with the Combofix log. Also, let me know if you got a success message with the REGEDIT4 patch.

Let me know how things are running now?

abri