Gumbar infection

I was trying to get a job as a PC repair from InHouseCIO. I answered the cell call from David Kakish  on Jan 7 2010 around 4:40pm CST and during the cell phone interview David Kakish mentioned something about domian and workstation question & I answered the best I could. I was told to wait for a reply from him by cell phone on Fri Jan 15 2010 in the afternoon.

 

Just last Thursday Jan 14 2010 (evening) I wanted to get Windows Media Player for my Win XP Pro SP3

I went to the first website offered by Google using Firefox.

Downloading was fine.

When I installed Windows Media Player ver 11 to my Dell Dimension XPS Gen 5 PC, the installation was very slow and then it felt like it stopped momentarily and then it finished quickly.

I suspect something was amiss.

 

I tried playing one of the video file. It played OK.

 

Then I attempted to uninstall Windows Media Player 11 and it did not uninstall completely.

 

I used WinDirStat and I used Windows Search to remove the remaining Windows Media Player 11 folders, but it refused & then it displayed a popup window stating that I need to install a CD containing Windows XP with SP3!

 

I attempted to load the Dell CD with Windows XP & my PC refused.

 

I suspect that I was tricked into installing a hidden Gumbar program.

 

Then I when I exited from a website, I saw one of my files ~$ on my desktop.

I suspect that someone was attempting to copy/transfer my files and folders from my secondary internal hard drive.

 

I went Start - My Computer - double clicked my secondary HDD & went to the folder that contained the file (~$ that was on the desktop). it matched.

 

I then went a step further, on that file, I right clicked on the file & selected Properties & I saw an unknown user with a red (?) next to the user picture & was identified as

S-1-5-21-2976122918-2254641369-676893803-1006 & had Full Control, Modify, Read & Execute, Read, and Write permissions, but no Special Permission

 So, what I did was the following:

 

I clicked on the Security tab, clicked the Advanced button, cleared Inherit from parent the permission entried that apply to child objects, clicked Copy button, made sure the S-1-5-21-22... was highlighted & clicked the remove button, the clicked the Owner tab & saw S-1-5-21-22... was the current owner!

So, I made sure that my name was highlighted & clicked OK twice.

 

I checked all of my files & folders on my secondary HDD, I saw that S-1-5-21-22... was on most of my files and folders, some files and folders was skipped by.

Whoever that S-1-5-21-22... was, was very selective in choosing which files & folders to get ownership and to transfer the data out of my PC & probably was thinking of making a CD/DVD copy of them.

 

I did a bit of reseach of who S-1-5-21 -x-x-x-1006 is.

It turns out that someone created S-1-5-21 from a remote domain/server & somehow using my e-mail address info to connect to my PC at home & probably using anonymous VPN via Firefox.

 

I then tried using Auslogic Disk defrag several times & noticed that my C:\SystemVolumeInformation\restore registries was taking a bit of time to defrag.

 

I used Malwarebytes' Anti-malware & spotted 3 trojan in the C:\SystemVolumeInformation\restore registries & have successfully deleted them.

 

But now I feel that that Gumbar is somehow still infecting my PC & I request a cure, plus I request to know how to track this S-1-5-21 user & I request to know how to block this S-1-5-21 user permanently from firefox connection.

 

This is NOT, I repeat NOT a joke!

 

I request immediate assistance.