In regards to Super evil malware defender-review.com Help me please!

[pimpiepopmac]

The symptoms are a popup that says Security Center Alert To help protect your computer, Windows Firewall has blocked activity of harmful software.  name: Spyware.ISpynow then when you click on enable protection it takes you to defender-review.com

Another symptoms happens when you open Motzilla or IE you get a web page that says:
Insecure Internet activity. Threat of virus attack
Due to insecure Internet browsing your PC can easily get infected with viruses, worms and trojans without your knowledge, and that can lead to system slowdown, freezes and crashes.
Also insecure Internet activity can result in revealing your personal information.
To get full advanced real-time protection for PC and Internet activity, register your antivirus software.
We recommend you to protect your PC now and continue safe Internet browsing
I of course have not downloaded anything

This thing is a beast I tell ya.

It redirects or blocks you from going to any webpage that may be helpful in removal of it.
It also stops programs from running that could harm it like superantispyware.
It also keeps you from doing a system restore.
It also keeps you from starting up in safe mode.
It also freezes your computer constantly

I have been around the internet all day on my wifes computer (because mine is F@@ked) and I have gotten some information thinking that it could be buried in video codecs somehow and thats how you get t by watching an online video. I dont know how to stop it but I managed to get superantispyware running by going into its program file and running the program directly.  Its been doing a deep scan now for an hour.

In order to download the programs i used another computer to download them and put them on a flash stick and brought them over that way.

my only thoughts on it is that it could be a file by tha name of xtgoj6119471 I have been seeing it all day in my searching for a fix. I think. I have seen the same one on my computer and when I go to msconfig to keep it from booting up on start, it makes a copy of itself and starts anyway.

Hope this helps, if anyone has a solution that would be great. In the mean time I am preparing to do a full system resboot, but i would prefer to fix it if i can.
and thank you fine folks at computerhope your information has been great so far.

PS i am running windows XP

[pimpiepopmac]

I am not trying to bump my post. i just have more information that should be helpful.
I have ran super antispyware but now i cant reopen it to get the log file. I cant get mbam-setup to run no matter what i do to it. I got hjackthis to run after a bit of tinkering. here is that log file. also an update if i try to send an email or post a blog on the infected computer, firefox fails.

Thank you again in advance
Rob

[Saving space - attachment deleted by admin]

[pimpiepopmac]

Okay I promise i am still not trying to bump my post.  This is the last update i swear. I found some info on the mbam website that gave some great instructions on why mbam would not start. I have copied those below since the virus keeps you from going to their site.  They worked great and mbam installed and started right up and did a scan and i have included the log. However the pop ups persist and the website redirecting is still happening on the infected computer. I am calling it a night and will take up the cause tomorrow.

http://www.malwarebytes.org/forums/index.php?showtopic=7668&pid=37852&st=0&#entry37852

Please try the following routine to see if you can get Malwarebytes to run.

        * Click on Start, click Run, and then type devmgmt.msc and click OK
        * On the View menu click on Show hidden devices
        * Browse to Non-Plug and Play Drivers and you should see something like TDSSserv.sys
        * Highlight that driver and right click on it and select DISABLE
        * Now RESTART your computer.
        * Download a copy of Malwarebytes but DO NOT run it yet.
        * Rename the downloaded installer file to any generic name such as your own name but keep the .EXE extension on the file and run it.
        * Once the program is installed go to the UPDATE tab and try to update the program if you can.
        * Then go to the SCANNER tab and run a Quick Scan and allow MBAM to fix anything found.

[Saving space - attachment deleted by admin]

[pimpiepopmac]

Okay this is the last update from me for now. I ran a deep scan with mbam last night, which took 7 hours, and this morning it came up clean.  The pop ups posing as windows defender are still there and the first fake security warning is still there when I open firefox. However the web site redirecting and the inability to open certain programs or send email has stopped and the computer is running 100% faster. So i gather whatever that process was that I had stopped via the mbam website worked great.  I am including another HJT log to see where to go next.

Thank You
Robert

[Saving space - attachment deleted by admin]

[ptphelan]

if ur still getting them annoying popup that says "Security Center Alert"   have a look in C:\Documents and Settings\(User Name)\Local Settings\Application Data\Google   that's where i found the files that cause it on my computer.

also if there is something like kjzna1562565.exe file in there, search ur registry for it, most likely in current user/software/microsoft/windows/current version/run/ 

fixed my problem so hopefully this info may help someone else...   

[BC_Programmer]

also you can use modify instead of reply, to avoid bumping.