Followed READ ME But Still Infected

Hi. It's been a long time since I've tangled with malware and I am having a very difficult time with what I've recently been infected with. Here are the details:

When the computer starts, the background is now blue with a black box in the middle. Inside the black box is the following text:

--------
YOUR SYSTEM IS INFECTED!
System has been stopped due to a serious malfunction.
Spyware activity has been detected.

It is recommended to use spyware removal tool to prevent data loss.
Do not run any application before all spyware removed.
--------

In addition, I also have a Windows Security Alert:

--------
Your computer is making unauthorized copies of your system and Internet files.

You should imideatly run full scan your system to prevent any unauthorized access to your data.

Click YES to run Antivirus scaner right now.

Yes No
--------

I followed the guidelines in the READ ME file before posting. I got infected while repairing Windows and the virus has shut down all antivirus software I have. It is a program called Safe & Secure through my ISP. Worked extremely well until now.

I followed the House Cleaning rules and ran CCleaner.exe.

I uninstalled one known malware (Antivirus 2010). After removing this program, I no longer have the Windows Security Alert window. I have not restarted since following the READ ME, but it disappeared after I removed the file.

I also ran the cleaning procedures, but with minimal success. SAS would shut down after about 4 minutes. However in the first few seconds it would find two Trojans each time. I paused it before it could shut down and saved the log. It is attached. MBAM would not run a scan for longer than 5 seconds. It will not run on it's own anymore. It says the file is not accessible. ComboFix also would not run. The status bar would fill completely, but then nothing. RootRepeal and MGTools ran successfully and the logs are attached.

I would appreciate any assistance you can provide. I work a very long day, so I am usually not home until the evenings EST. But I will be checking this post at least daily to look for potential solutions.

I'm no malware expert, but I am an electrical engineer so I can follow technical directions. Thanks for any help anyone can provide!!!

 

Thanks for taking the time to give me a hand and read the logs!

I've never run TDSSKiller before, so I followed the recommended actions. The recommended action for that file was "Skip", so I clicked Continue. I've included two logs from my recent TDSSKiller runs. The first shows what the program recommended, which was "Skip" again. The second shows that I selected "Quarantine".

I downloaded and ran the version of ComboFix from the link with the same results. The status bar filled to capacity but then nothing.

I have also attached the new MGlogs.zip file as requested.

Still no noticeable improvement since yesterday or since I ran these programs. Please let me know what you recommend next.

 

Ok. Downloaded and ran Avenger. This had an impact. The background picture has been restored. The log is attached.

ComboFix still does not work correctly. I ran it in safe mode, but it will only start. It does not finish. It sat idle for a very long time and then I just ended the application. I also tried to run it in normal mode and it started, but would not finish. It says that it is setting up, but never actually starts doing anything. At first it gave me warnings that my anti-virus software was active and that I should disable it before starting. I could not disable it because I still cannot get it to run, so I simply uninstalled that portion of my security package.

I was, however, able to run SAS to completion which is another improvement. MBAM still will not run though. I have attached the log from SAS as well. A number of items were found.

I deleted the files prior to today in both temp folders.

The MGTools log is also attached. I saw significant progress today as compared with the previous days. Let me know what you think I should do next.

 

The contents of the first folder include the following:
Ad-AwareAE.dat
Ad-AwareAE.exe
Ad-AwareAE.lan
Ad-AwareAE.msi
Ad-AwareAE.par
Ad-AwareAE.res
instance.dat
mia.lib

WHAT.exe is sort of a long story. In 2005, I got a virus on the computer that file showed up after I got rid of the virus. I always suspected that it was somehow the culprit because the PC would never allow me to delete it. Oddly enough, when I went to delete it today, it worked and it is gone.

I deleted every file in the temp folder except for two that could not be deleted due to a warning: SAS24.tmp, SAS25.tmp

I removed all outdated Java versions.

The TDSSkiller and MGtools logs are attached.

I am able to get some of my other antimalware programs to run now, but I must re-install them from scratch before they will work. MBAM, SAS and AdAware will all work now and I have ran all of them a few times.