Work PC hit hard with Spyware Protect

[pfexpress]

I saw another post in this forum that sounds like this one. My work PC gets used by alot of different people and I noticed today some pop-ups from a program called Spyware Protect 2009. It's pretty much taken over my PC. I cant run any programs. Or run any install programs to check for Malware/Spyware etc. I tried in safe mode and was able to download, but still could not install. When trying to use the internet, it blocks some sites and if I do a Google search, and click on a result, it takes me to a different site.

I understand the 8 steps that are required before posting here, but as of now, I dont have the option to get those programs. Any ideas would be appreciated.

 

[pfexpress]

HIJackThis Log attached

I havent been able to get any of the programs to install, or run due to this infection. I did, however get HiJackThis to run, if it's any help. The log is attached.

 

[Bobbye]

I ask all users who are having a problem with a computer in a work setting if they have contacted whoever is the IT person for the office- have you done this?

You have Malwarebytes running on the system:
C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe
Why can't you update and run a scan with it?

As for the HijackThis log:
Remove bad HijackThis entries
• Run HijackThis
• Click on the System Scan Only button
• Put a check beside all of the items listed below (if present):

R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://www.fulldotfind.com/pubac/ac.php?aid=100&sid=v300
(the above site is known to be an 'attach site' and needs to be removed)
R3 - URLSearchHook: (no name) - {4D25F926-B9FE-4682-BF72-8AB8210D6D75} - (no file)
F2 - REG:system.ini: UserInit=C:\WINDOWS\system32\userinit.exe,C:\WINDOWS\system32\sdra64.exe,
O4 - HKLM\..\Run: [PromoReg] C:\DOCUME~1\AllStar\LOCALS~1\Temp\7B6.tmp.exe
O20 - Winlogon Notify: memtxxfa - memtxxfa32.dll (file missing)
O20 - Winlogon Notify: subupgbx - C:\WINDOWS\SYSTEM32\qzkjwgx.dll

• Close all open windows and browsers/email, etc...
• Click on the "Fix Checked" button
• When completed, close the application.

Regarding the following entry:
O10 - Unknown file in Winsock LSP: c:\windows\system32\nwprovau.dll
Since you are in an office setting, please see the following site about determining whether the entry should remain:
http://www.pchell.com/support/nwprovau_dll_file.shtml

When done, run the MalwareBytes scan, being sure to UPDATE first. Follow that by running SuperAntispyware, then a new HijackThis scan.

Attach all three logs.

 

[pfexpress]

Thanks for the reply. I cant run any of my protection programs because it seems the infection is stopping them from working. Even in safe mode. I click on the program and it just stalls there. It never opens.
Our setting really isnt an office its just a computer in a store and lots of people use it at random times. Which is now going to stop.
I will be back in the store on Monday and will fix what you have asked me to, and try and get another report.

 

[Bobbye]

just a computer in a store and lots of people use it at random times.

Are those people employees or customers? Sounds like a really bad set up for security no matter which they are if there is internet access.