I am infected and can not rid myself of the problem

Erik M

Erik M

Posted 19 November 2009 - 05:02 PM


Please forgive my uniteligible ramblings. I have read the tutorial, but my memory (brain) is shot because I am worried about my computer issue. Please forgive some of my terms, I am a motorcycle guy, and learning computers. So here goes:
Some of these issues have taken place in the past 96 hours and have taken alot of my time to try and repair. The offsite helpdesk for my company has been some help, but now they want it for a week to "wipe it" and start again. I can't be without the system for that long, So I am turning to help here.


Can not restart in safe mode, the "DOS looking" screen allows me to select safe mode, then I get a blue screen that says, "if this is the first time windows has shut down please restart your computer....." it just keeps looping me back to the main DOS start up and I have been able to restart only in windows normal

When searching with Google, I get redirected to some rather unusual sites, newspaper, porn, etc..

A new toolbar has been added to my outlook called "pre spam" with C cleaner and so forth. Outlook will continue to open and as soon as I select an email, I get a new window that says the program is unresponsive and must be closed etc... Then it starts all over again. So I know I need to prevent that from starting when outlook starts up. I can remove it by right clicking and deleting the tool bar, but everytime I open outlook it starts again. (this is new today)

The machine has locked up several times today and ctrl, Alt, Delete does nothing. I have to force the shut down and restart.

When I run MBAM, I get this:

Malwarebytes' Anti-Malware 1.41
Database version: 3198
Windows 5.1.2600 Service Pack 3

11/19/2009 4:50:57 PM
mbam-log-2009-11-19 (16-50-51).txt

Scan type: Quick Scan
Objects scanned: 130407
Time elapsed: 5 minute(s), 41 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 0
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 12

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
(No malicious items detected)

Registry Values Infected:
(No malicious items detected)

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
(No malicious items detected)

Files Infected:
C:\Program Files\PAV\pav.exe (Rogue.PersonalAntiVirus) -> No action taken.
C:\Program Files\XPA\XPA.exe (Rogue.XPertAntiVirus) -> No action taken.
C:\WINDOWS\system32\utorrent.exe (Worm.AutoRun) -> No action taken.
C:\WINDOWS\Temp\2xgwindow3x\restart.exe (Spyware.Agent) -> No action taken.
C:\Documents and Settings\Administrator\Local Settings\temp\2xgwindow3x\restart.exe (Spyware.Agent) -> No action taken.
C:\Documents and Settings\Default User\Local Settings\temp\2xgwindow3x\restart.exe (Spyware.Agent) -> No action taken.
C:\Documents and Settings\emadsen\Local Settings\temp\2xgwindow3x\restart.exe (Spyware.Agent) -> No action taken.
C:\Documents and Settings\lloydadmin\Local Settings\temp\2xgwindow3x\restart.exe (Spyware.Agent) -> No action taken.
C:\Documents and Settings\LocalService\Local Settings\temp\2xgwindow3x\restart.exe (Spyware.Agent) -> No action taken.
C:\Documents and Settings\NetworkService\Local Settings\temp\2xgwindow3x\restart.exe (Spyware.Agent) -> No action taken.
C:\Documents and Settings\Piaggio\Local Settings\temp\2xgwindow3x\restart.exe (Spyware.Agent) -> No action taken.
C:\WINDOWS\sysguard.exe (Trojan.Agent) -> No action taken.

The top five do not go away when I remove them and I am asked to restart. I can run this again and find the same issues and the same 12 files.

Here is what I have done:

I have been running MBAM and C Cleaner for three months (free), yesterday I purchased the pay version

When this happened, I purchased Cyber Defender antispyware which I could never get to load, and their registry cleaner (which I did get to load), both which I paid for, and found their one time help was a sales call to get another 209.00. I think it is a scam...But I could be wrong, I do not understand what is and is not legitimate in this industry. I uninstalled all cyber defender items.

Per my help desk admin I installed and ran Combo fix and then MBAM and the system was better, but not repaired

Per the Search I found yesterday evening on BC when I joined this forum, I installed and ran ATP and Superantispyware, but I was not allowed to do it in safe mode as the directions requested on the other thread.

The situation is best when I run the ATP, but never fixed. I am not sure how to post the other logs that I see people post, and hope I have not given the incorrect information here.

I have a large project that I am half way into and really can't lose the time between now and Thanksgiving to work.

I hope I have provided the right data.

Hope you guys can help!



