Logs

Welcome to Major Geeks!

You are very badly infected!!!

You have a bunch of infected Windows System files. Many other executable files may also be infected. I want to warn you up front that this could lead to you needing to do a total reinstall since even after we clean everything we can see, your system could still be infected and it may well be unreliable and untrustworthy. In addition the act of cleaning PCs with these kinds of infections could at some point render the PC unbootable. You should backup any important data you need now before doing anything else. DO NOT backup any executable type files as they maybe infected and if you copy them back or run the later, you could just reinfect you PC.

Run this Disable/Remove Windows Messenger to remove Windows Messenger. Do not confuse Windows Messenger with MSN Messenger because they are not the same. Windows Messenger is a frequent cause of popups.

Uninstall the below software:
Java(TM) 6 Update 5
Viewpoint Media Player <-- should have been uninstalled in step 1 of the READ ME

Run C:\MGtools\analyse.exe by double clicking on it (Note: if using Vista, don't double click, use right click and select Run As Administrator). This is really HijackThis (select Do a system scan only) and select the following lines but DO NOT CLICK FIX until you exit all browser sessions including the one you are reading in right now:

O2 - BHO: (no name) - {9E8F3700-B204-4A1F-A637-3DE5381CDF53} - c:\windows\system32\srvgenx.dll
O4 - HKLM\..\Run: [reader_s] C:\WINDOWS\System32\reader_s.exe
O4 - HKLM\..\Run: [services] C:\WINDOWS\services.exe
O4 - HKLM\..\Policies\Explorer\Run: [services] C:\WINDOWS\services.exe
O4 - HKUS\S-1-5-18\..\Run: [reader_s] C:\Documents and Settings\SAH\reader_s.exe (User 'SYSTEM')
O4 - HKUS\S-1-5-18\..\Run: [services] C:\WINDOWS\services.exe (User 'SYSTEM')
O4 - HKUS\S-1-5-18\..\Policies\Explorer\Run: [services] C:\WINDOWS\services.exe (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [reader_s] C:\Documents and Settings\SAH\reader_s.exe (User 'Default user')
O4 - HKUS\.DEFAULT\..\Policies\Explorer\Run: [services] C:\WINDOWS\services.exe (User 'Default user')
O20 - AppInit_DLLs: c:\windows\system32\jolikiwe.dll

NOTE: HJT may popup an error about the AppInit_DLLs line. Ignore it and click OK to continue.

After clicking Fix, exit HJT.

Now we need to use ComboFix to remove a bunch of malware files.

• Make sure that combofix.exe that you downloaded while doing the READ & RUN ME is on your Desktop but Do not run it!
  • If it is not on your Desktop, the below will not work.
• Also make sure you have shut down all protection software (antivirus, antispyware...etc) or they may get in the way of allowing ComboFix to run properly.
• Open Notepad and copy/paste the text in the below quote box into it:

• Save the above as CFscript.txt and make sure you save it to the same location (should be on your Desktop) as ComboFix.exe
• At this point, you MUST EXIT ALL BROWSERS NOW before continuing!
• You should have both the ComboFix.exe and CFScript.txt icons on your Desktop.
• Now use your mouse to drag CFscript.txt on top of ComboFix.exe
• Follow the prompts.
• When it finishes, a log will be produced named c:\combofix.txt
• I will ask for this log below

Note:

Do not mouseclick combofix's window while it is running. That may cause it to stall.


After reboot, now install the current version of Sun Java from: Sun Java Runtime Environment

Now run Ccleaner!

Now run the C:\MGtools\GetLogs.bat file by double clicking on it (Note: if using Vista, don't double click, use right click and select Run As Administrator).

Then attach the below logs:

• C:\ComboFix.txt
• C:\MGlogs.zip

Make sure you tell me how things are working now!

 

Yes but now you have a load of issues because you used a CD that was Windows XP SP1 and you had Windows XP SP3 installed. Now your PC is in and unknown state and anything not working may be more a result from the repair that you did rather than from malware. However many of your system files and older backups are still infected. Your best bet for reliability and security may be to perform a full reinstall. Trying to fix this could just be a delaying the inevitable.

What happens when you try to connect to the internet? Are you sure you have it setup properly to obtain an IP address automatically....etc? Since you did a repair, you may have changed many settings to defaults.

Your ComboFix log is very incomplete which indicates that it never finished running. You will have to try again.