I can't remove Trojan.Ransom and PUM.UserWLoad

[ruccarod]

Hi there (especially Gringo)

i'm infected with I can't remove Trojan.Ransom and PUM.UserWLoad.

I have run Malwarebytes 2 times and it is alway reporting that the 2 virus are there.

Then I followed the instruction in this post: http://forums.malwarebytes.org/index.php?showtopic=125970

Here are the logs:

FROM : SECURITY CHECK

Results of screen317's Security Check version 0.99.63

Windows 7 Service Pack 1 x86 (UAC is enabled)

Internet Explorer 9

``````````````Antivirus/Firewall Check:``````````````

Avira Desktop

Antivirus up to date! (On Access scanning disabled!)

`````````Anti-malware/Other Utilities Check:`````````

Malwarebytes Anti-Malware versione 1.75.0.1300

JavaFX 2.1.0

Java 6 Update 21

Java 7 Update 17

Java version out of Date!

Adobe Flash Player 11.7.700.202

Adobe Reader 9 Adobe Reader out of Date!

Mozilla Firefox (20.0.1)

Google Chrome 26.0.1410.43

Google Chrome 26.0.1410.64

````````Process Check: objlist.exe by Laurent````````

Malwarebytes Anti-Malware mbamservice.exe

Malwarebytes Anti-Malware mbamgui.exe

Avira Antivir avgnt.exe

Avira Antivir avguard.exe

Malwarebytes' Anti-Malware mbamscheduler.exe

`````````````````System Health check`````````````````

Total Fragmentation on Drive C:

````````````````````End of Log``````````````````````

FROM ADWCLEANER

# AdwCleaner v2.301 - Logfile creato il 21/05/2013 alle 14:54:23

# Aggiornamento 16/05/2013 by Xplode

# Sistema Operativo : Windows 7 Professional Service Pack 1 (32 bits)

# Utente : superscommesse - SUPERSCOMMESSE1

# Modalità Avvio : Modalità Normale

# Eseguito da : C:\Users\superscommesse\Downloads\adwcleaner.exe

# Opzioni [Elimina]

***** [servizi] *****

***** [File / Cartelle] *****

***** [Registro] *****

***** [browser Internet] *****

-\\ Internet Explorer v9.0.8112.16483

[OK] Registro Pulito.

-\\ Mozilla Firefox v20.0.1 (it)

File : C:\Users\superscommesse\AppData\Roaming\Mozilla\Firefox\Profiles\ko1tullc.default\prefs.js

[OK] File Pulito.

-\\ Google Chrome v26.0.1410.64

File : C:\Users\superscommesse\AppData\Local\Google\Chrome\User Data\Default\Preferences

[OK] File Pulito.

*************************

AdwCleaner[R1].txt - [3137 octets] - [21/05/2013 14:44:23]

AdwCleaner[s1].txt - [3089 octets] - [21/05/2013 14:45:32]

AdwCleaner[s2].txt - [993 octets] - [21/05/2013 14:54:23]

########## EOF - C:\AdwCleaner[s2].txt - [1052 octets] ##########

FROM --RogueKiller--

RogueKiller V8.5.4 [Mar 18 2013] by Tigzy

mail : tigzyRK<at>gmail<dot>com

Feedback : http://www.geekstogo.com/forum/files/file/413-roguekiller/

Website : http://tigzy.geekstogo.com/roguekiller.php

Blog : http://tigzyrk.blogspot.com/

Operating System : Windows 7 (6.1.7601 Service Pack 1) 32 bits version

Started in : Normal mode

User : superscommesse [Admin rights]

Mode : Scan -- Date : 05/21/2013 15:04:21

| ARK || FAK || MBR |

¤¤¤ Bad processes : 0 ¤¤¤

¤¤¤ Registry Entries : 8 ¤¤¤

[RUN][bLACKLISTDLL] HKLM\[...]\Run : bit4id csp store register (M) ("RUNDLL32.EXE" "C:\Windows\system32\bit4upki-store.dll",RegisterMyPhysicalStore) -> Trovato

[sHELL][sUSP PATH] HKCU\[...]\Windows : Load (C:\Users\superscommesse\Local Settings\Temp\mspzuya.com) [x] -> Trovato

[sHELL][sUSP PATH] HKUS\S-1-5-21-1060465878-1994809615-1601912546-1004[...]\Windows : Load (C:\Users\superscommesse\Local Settings\Temp\mspzuya.com) [x] -> Trovato

[DNS] HKLM\[...]\ControlSet001\Services\Tcpip\Interfaces\{2D56DD36-113C-4408-AD8C-EBCD84D7FE78} : NameServer (83.224.70.54 83.224.70.77) -> Trovato

[DNS] HKLM\[...]\ControlSet002\Services\Tcpip\Interfaces\{2D56DD36-113C-4408-AD8C-EBCD84D7FE78} : NameServer (83.224.70.54 83.224.70.77) -> Trovato

[HJ SMENU] HKCU\[...]\Advanced : Start_ShowMyGames (0) -> Trovato

[HJ DESK] HKLM\[...]\NewStartPanel : {59031a47-3f72-44a7-89c5-5595fe6b30ee} (1) -> Trovato

[HJ DESK] HKLM\[...]\NewStartPanel : {20D04FE0-3AEA-1069-A2D8-08002B30309D} (1) -> Trovato

¤¤¤ Particular Files / Folders: ¤¤¤

¤¤¤ Driver : [LOADED] ¤¤¤

SSDT[84] : NtCreateSection @ 0x8302E13D -> HOOKED (Unknown @ 0x923F06A6)

SSDT[299] : NtRequestWaitReplyPort @ 0x83048B22 -> HOOKED (Unknown @ 0x923F06B0)

SSDT[316] : NtSetContextThread @ 0x830E8851 -> HOOKED (Unknown @ 0x923F06AB)

SSDT[347] : NtSetSecurityObject @ 0x8300C7F7 -> HOOKED (Unknown @ 0x923F06B5)

SSDT[368] : NtSystemDebugControl @ 0x830907D2 -> HOOKED (Unknown @ 0x923F06BA)

SSDT[370] : NtTerminateProcess @ 0x83065D86 -> HOOKED (Unknown @ 0x923F0647)

S_SSDT[585] : NtUserSetWindowsHookEx -> HOOKED (Unknown @ 0x923F06CE)

S_SSDT[588] : NtUserSetWinEventHook -> HOOKED (Unknown @ 0x923F06D3)

¤¤¤ HOSTS File: ¤¤¤

--> C:\Windows\system32\drivers\etc\hosts

¤¤¤ MBR Check: ¤¤¤

+++++ PhysicalDrive0: ST9320423AS +++++

--- User ---

[MBR] a8d4a54cad1c03eae46a74b9dbd624e4

[bSP] 6c7757e8933a95df1fb93ccb70fd20e5 : Windows Vista MBR Code

Partition table:

0 - [XXXXXX] DELL-UTIL (0xde) [VISIBLE] Offset (sectors): 63 | Size: 39 Mo

1 - [ACTIVE] NTFS (0x07) [VISIBLE] Offset (sectors): 81920 | Size: 15000 Mo

2 - [XXXXXX] NTFS (0x07) [VISIBLE] Offset (sectors): 30801920 | Size: 290204 Mo

User = LL1 ... OK!

User = LL2 ... OK!

Finished : << RKreport[1]_S_05212013_02d1504.txt >>

RKreport[1]_S_05212013_02d1504.txt

[Maniac]

Hello ruccarod and ! My name is Maniac and I will be glad to help you solve your malware problem.

Please note:

• If you are a paying customer, you have the privilege to contact the help desk at Consumer Support. If you choose this option to get help, please let me know.
  
• I recommend you to keep the instructions I will be giving you so that they are available to you at any time. You can save them in a text file or print them.
  
• Make sure you read all of the instructions and fixes thoroughly before continuing with them.
  
• Follow my instructions strictly and don’t hesitate to stop and ask me if you have any questions.
  
• Post your log files, don't attach them. Every log file should be copy/pasted in your next reply.
  
• Do not perform any kind of scanning and fixing without my instructions. If you want to proceed on your own, please let me know.
  

Please follow the instructions here:

http://forums.malwarebytes.org/index.php?showtopic=9573

[LDTate]

Due to the lack of feedback this topic is closed to prevent others from posting here. If you need this topic reopened, please send a Private Message to any one of the moderating team members. Please include a link to this thread with your request. This applies only to the originator of this thread.

Other members who need assistance please start your own topic in a new thread. Thanks!