Unable to remove PUM.UserWLoad and Trojan.Ransom

[pleasehelpme01]

As topic title says I am unable to remove these viruses. I've  done a search in google and I am aware that atleast one of these viruses is a "rootkit component" and a "backdoor trojan". Both from my understanding are dangerous and I should reset my passwords for banking and other private information, on a secure computer.

 

But my question to you is how do I remove these viruses and should I trust this "infected" computer to handle my confidential information in the furture assuming I wipe out the two viruses in the first place? 

 

Thank you for any help heres the copy from my most recent scan taken by malware bytes.

 

Malwarebytes Anti-Malware (Trial) 1.75.0.1300

www.malwarebytes.org

 

Database version: v2013.09.02.08

 

Windows Vista Service Pack 1 x86 NTFS

Internet Explorer 8.0.6001.19088

Jon :: JONSXTREAMPC [administrator]

 

Protection: Enabled

 

9/3/2013 2:25:52 PM

MBAM-log-2013-09-03 (15-11-46).txt

 

Scan type: Quick scan

Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM

Scan options disabled: P2P

Objects scanned: 422976

Time elapsed: 17 minute(s), 56 second(s)

 

Memory Processes Detected: 0

(No malicious items detected)

 

Memory Modules Detected: 0

(No malicious items detected)

 

Registry Keys Detected: 0

(No malicious items detected)

 

Registry Values Detected: 2

HKCU\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows|Load (PUM.UserWLoad) -> Data: C:\Users\Jon\LOCALS~1\Temp\msyusoyw.scr -> No action taken.

HKCU\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows|Load (Trojan.Ransom) -> Data: C:\Users\Jon\LOCALS~1\Temp\msyusoyw.scr -> No action taken.

 

Registry Data Items Detected: 0

(No malicious items detected)

 

Folders Detected: 0

(No malicious items detected)

 

Files Detected: 0

(No malicious items detected)

 

(end)

 

[MrCharlie]

Welcome to the forum, please start HERE

Post back the 2 logs here.....DDS.txt and Attach.txt

(please don't put logs in code or quotes)

P2P/Piracy Warning:

1. If you're using Peer 2 Peer software such uTorrent, BitTorrent or similar you must either fully uninstall it or completely disable it from running while being assisted here.

Failure to remove or disable such software will result in your topic being closed and no further assistance being provided.

2. If you have illegal/cracked software, cracks, keygens, Adobe host file, etc. on the system, please remove or uninstall them now and read the policy on Piracy.

Failure to remove such software will result in your topic being closed and no further assistance being provided.

<====><====><====><====><====><====><====><====>

Next................

Please download and run RogueKiller 32 bit to your desktop.

RogueKiller<---use this one for 64 bit systems

Quit all running programs.

For Windows XP, double-click to start.

For Vista or Windows 7-8, do a right-click on the program, select Run as Administrator to start, & when prompted Allow to run.

Click Scan to scan the system.

When the scan completes > Close out the program > Don't Fix anything!

Don't run any other options, they're not all bad!!!!!!!

Post back the report which should be located on your desktop.

(please don't put logs in code or quotes)

MrC

Note:

Please read all of my instructions completely including these.

Make sure you're subscribed to this topic: Click on the Follow This Topic Button (at the top right of this page), make sure that the Receive notification box is checked and that it is set to Instantly

Removing malware can be unpredictable...unlikely but things can go very wrong! Backup any files that cannot be replaced. You can copy them to a CD/DVD, external drive or a pen drive

<+>Please don't run any other scans, download, install or uninstall any programs while I'm working with you.

<+>The removal of malware isn't instantaneous, please be patient.

<+>When we are done, I'll give to instructions on how to cleanup all the tools and logs

<+>Please stick with me until I give you the "all clear" and Please don't waste my time by leaving before that.

------->Your topic will be closed if you haven't replied within 3 days!<--------

(If I don't respond within 24 hours, please send me a PM)

[pleasehelpme01]

Thank you for the quick reply. Heres DDS txt.

 

 

 DDS (Ver_2012-11-20.01) - NTFS_x86 

Internet Explorer: 8.0.6001.19088  BrowserJavaVersion: 10.21.2

Run by Jon at 21:05:35 on 2013-09-03

Microsoft® Windows Vista™ Home Premium   6.0.6001.1.1252.1.1033.18.1918.1168 [GMT -4:00]

.

AV: Microsoft Security Essentials *Disabled/Updated* {3F839487-C7A2-C958-E30C-E2825BA31FB5}

SP: Windows Defender *Disabled/Outdated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

SP: Microsoft Security Essentials *Disabled/Updated* {84E27563-E198-C6D6-D9BC-D9F020245508}

.

============== Running Processes ================

.

C:\Windows\system32\wininit.exe

C:\Windows\system32\lsm.exe

C:\Windows\system32\nvvsvc.exe

c:\Program Files\Microsoft Security Client\MsMpEng.exe

C:\Windows\system32\SLsvc.exe

C:\Windows\system32\rundll32.exe

C:\Windows\System32\spoolsv.exe

C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe

C:\Program Files\Bonjour\mDNSResponder.exe

C:\Windows\system32\taskeng.exe

C:\Windows\system32\Dwm.exe

C:\Windows\Explorer.EXE

c:\Program Files\Common Files\LightScribe\LSSrvc.exe

C:\Program Files\Malwarebytes' Anti-Malware\mbamscheduler.exe

C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe

C:\Program Files\CyberLink\Shared Files\RichVideo.exe

C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe

C:\Program Files\Viewpoint\Common\ViewpointService.exe

C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE

C:\Windows\system32\SearchIndexer.exe

C:\Windows\system32\DRIVERS\xaudio.exe

C:\Windows\system32\WUDFHost.exe

C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe

C:\Windows\System32\mobsync.exe

C:\hp\support\hpsysdrv.exe

C:\Program Files\Hewlett-Packard\On-Screen OSD Indicator\OSD.exe

C:\Windows\RtHDVCpl.exe

C:\Program Files\Common Files\AOL\1188405714\ee\aolsoftware.exe

C:\Program Files\Microsoft IntelliPoint\ipoint.exe

C:\Program Files\CyberLink\PCM4Everio\EverioService.exe

C:\Windows\WindowsMobile\wmdc.exe

C:\Windows\System32\rundll32.exe

C:\Program Files\iTunes\iTunesHelper.exe

C:\Program Files\Microsoft IntelliPoint\dpupdchk.exe

C:\Program Files\Freecorder\FLVSrvc.exe

C:\Program Files\HP\HP Software Update\hpwuschd2.exe

C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe

C:\Program Files\Windows Sidebar\sidebar.exe

C:\Windows\ehome\ehtray.exe

C:\Program Files\TomTom HOME 2\HOMERunner.exe

C:\Program Files\Hewlett-Packard\HP Advisor\HPAdvisor.exe

C:\Program Files\Microsoft Office\Office12\ONENOTEM.EXE

C:\Program Files\OpenOffice.org 3\program\soffice.exe

C:\Windows\system32\taskeng.exe

C:\Windows\ehome\ehmsas.exe

C:\Program Files\OpenOffice.org 3\program\soffice.bin

C:\Program Files\iPod\bin\iPodService.exe

C:\Windows\Microsoft.Net\Framework\v3.0\WPF\PresentationFontCache.exe

C:\hp\kbd\kbd.exe

C:\Windows\system32\wuauclt.exe

C:\Program Files\Microsoft Security Client\msseces.exe

C:\Windows\system32\SearchProtocolHost.exe

C:\Windows\system32\SearchFilterHost.exe

C:\Windows\system32\wbem\wmiprvse.exe

C:\Windows\system32\svchost.exe -k DcomLaunch

C:\Windows\system32\svchost.exe -k rpcss

C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted

C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted

C:\Windows\system32\svchost.exe -k netsvcs

C:\Windows\system32\svchost.exe -k GPSvcGroup

C:\Windows\system32\svchost.exe -k LocalService

C:\Windows\system32\svchost.exe -k NetworkService

C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork

C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted

C:\Windows\system32\svchost.exe -k imgsvc

C:\Windows\System32\svchost.exe -k WerSvcGroup

C:\Windows\system32\svchost.exe -k WindowsMobile

.

============== Pseudo HJT Report ===============

.

uWindow Title = Powered by Charter Communications

mURLSearchHooks: {1283e7d0-b598-4b2d-a20f-59a9dde270a8} - <orphaned>

uWindows: Load = c:\users\jon\locals~1\temp\msyusoyw.scr

BHO: Complitly: {0FB6A909-6086-458F-BD92-1F8EE10042A0} - c:\users\tom's user account\appdata\roaming\complitly\Complitly.dll

BHO: {1283e7d0-b598-4b2d-a20f-59a9dde270a8} - <orphaned>

BHO: Adobe PDF Link Helper: {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelperShim.dll

BHO: Babylon toolbar helper: {2EECD738-5844-4a99-B4B6-146BF802613B} - 

BHO: AOL Toolbar Loader: {3ef64538-8b54-4573-b48f-4d34b0238ab2} - c:\program files\aol toolbar\aoltb.dll

BHO: SSVHelper Class: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - c:\program files\java\jre7\bin\ssv.dll

BHO: Windows Live ID Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - c:\program files\common files\microsoft shared\windows live\WindowsLiveLogin.dll

BHO: ArcadeCandy Games: {AB6BD08C-DB6B-4F02-8A22-4BD343E990FF} - c:\users\jon\appdata\local\arcadecandy\candyEX.dll

BHO: Google Toolbar Notifier BHO: {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - c:\program files\google\googletoolbarnotifier\5.7.7725.1624\swg.dll

BHO: Java Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - c:\program files\java\jre7\bin\jp2ssv.dll

TB: AOL Toolbar: {BA00B7B1-0351-477A-B948-23E3EE5A73D4} - c:\program files\aol toolbar\aoltb.dll

TB: AOL Toolbar: {ba00b7b1-0351-477a-b948-23e3ee5a73d4} - c:\program files\aol toolbar\aoltb.dll

TB: Snap.Do: {ae07101b-46d4-4a98-af68-0333ea26e113} - 

uRun: [sidebar] c:\program files\windows sidebar\sidebar.exe /autoRun

uRun: [ehTray.exe] c:\windows\ehome\ehTray.exe

uRun: [TomTomHOME.exe] "c:\program files\tomtom home 2\HOMERunner.exe"

uRun: [HPADVISOR] c:\program files\hewlett-packard\hp advisor\HPAdvisor.exe view=DOCKVIEW,SYSTRAY

uRun: [ctfmon.exe] c:\windows\system32\ctfmon.exe

uRun: [Google Update] "c:\users\jon\appdata\local\google\update\GoogleUpdate.exe" /c

uRun: [swg] "c:\program files\google\googletoolbarnotifier\GoogleToolbarNotifier.exe"

mRun: [hpsysdrv] c:\hp\support\hpsysdrv.exe

mRun: [KBD] c:\hp\kbd\KbdStub.EXE

mRun: [OsdMaestro] "c:\program files\hewlett-packard\on-screen osd indicator\OSD.exe"

mRun: [RtHDVCpl] RtHDVCpl.exe

mRun: [snapfishMediaDetector] c:\program files\snapfish media detector\SnapfishMediaDetector.exe

mRun: [HostManager] c:\program files\common files\aol\1188405714\ee\AOLSoftware.exe

mRun: [intelliPoint] "c:\program files\microsoft intellipoint\ipoint.exe"

mRun: [EverioService] "c:\program files\cyberlink\pcm4everio\EverioService.exe"

mRun: [Windows Mobile Device Center] c:\windows\windowsmobile\wmdc.exe

mRun: [NvCplDaemon] RUNDLL32.EXE c:\windows\system32\NvCpl.dll,NvStartup

mRun: [NvMediaCenter] RUNDLL32.EXE c:\windows\system32\NvMcTray.dll,NvTaskbarInit

mRun: [AppleSyncNotifier] c:\program files\common files\apple\mobile device support\AppleSyncNotifier.exe

mRun: [QuickTime Task] "c:\program files\quicktime\QTTask.exe" -atboottime

mRun: [iTunesHelper] "c:\program files\itunes\iTunesHelper.exe"

mRun: [Freecorder FLV Service] "c:\program files\freecorder\FLVSrvc.exe" /run

mRun: [MSC] "c:\program files\microsoft security client\mssecex.exe" -hide -runkey

mRun: [HP Software Update] c:\program files\hp\hp software update\HPWuSchd2.exe

mRun: [sunJavaUpdateSched] "c:\program files\java\jre7\bin\jusched.exe"

mRun: [Adobe Reader Speed Launcher] "c:\program files\adobe\reader 9.0\reader\Reader_sl.exe"

mRun: [Adobe ARM] "c:\program files\common files\adobe\arm\1.0\AdobeARM.exe"

StartupFolder: c:\users\jon\appdata\roaming\micros~1\windows\startm~1\programs\startup\onenot~1.lnk - c:\program files\microsoft office\office12\ONENOTEM.EXE

StartupFolder: c:\users\jon\appdata\roaming\micros~1\windows\startm~1\programs\startup\openof~1.lnk - c:\program files\openoffice.org 3\program\quickstart.exe

StartupFolder: c:\progra~2\micros~1\windows\startm~1\programs\startup\snapfi~1.lnk - c:\program files\snapfish media detector\SnapfishMediaDetector.exe

uPolicies-Explorer: NoDriveTypeAutoRun = dword:0

mPolicies-Explorer: NoCDBurning = dword:1

mPolicies-System: EnableUIADesktopToggle = dword:0

mPolicies-Explorer: NoDriveTypeAutoRun = dword:145

IE: E&xport to Microsoft Excel - c:\progra~1\micros~3\office12\EXCEL.EXE/3000

IE: Google Sidewiki... - c:\program files\google\google toolbar\component\GoogleToolbarDynamic_mui_en_D183CA64F05FDD98.dll/cmsidewiki.html

IE: {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - {CAFEEFAC-0016-0000-0007-ABCDEFFEDCBC} - c:\program files\java\jre7\bin\jp2iexp.dll

IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - c:\program files\microsoft office\office12\ONBttnIE.dll

IE: {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - {2EAF5BB0-070F-11D3-9307-00C04FAE2D4F} - c:\windows\windowsmobile\INetRepl.dll

IE: {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - {2EAF5BB0-070F-11D3-9307-00C04FAE2D4F} - c:\windows\windowsmobile\INetRepl.dll

IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503}

DPF: {E06E2E99-0AA1-11D4-ABA6-0060082AA75C} - 

TCP: NameServer = 66.189.0.100 24.159.64.23 24.247.24.53

TCP: Interfaces\{0122B2E1-257D-4823-802A-3013F4A6370F} : DHCPNameServer = 66.189.0.100 24.159.64.23 24.247.24.53

SSODL: bestreak - <orphaned>

SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - c:\windows\system32\wpdshserviceobj.dll

STS: bestreak - <orphaned>

LSA: Security Packages =  kerberos msv1_0 schannel wdigest tspkg

.

============= SERVICES / DRIVERS ===============

.

R0 MpFilter;Microsoft Malware Protection Driver;c:\windows\system32\drivers\MpFilter.sys [2013-1-20 195296]

R2 MBAMScheduler;MBAMScheduler;c:\program files\malwarebytes' anti-malware\mbamscheduler.exe [2013-8-27 418376]

R2 MBAMService;MBAMService;c:\program files\malwarebytes' anti-malware\mbamservice.exe [2013-8-27 701512]

R2 Viewpoint Manager Service;Viewpoint Manager Service;c:\program files\viewpoint\common\ViewpointService.exe [2007-10-26 24652]

R3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [2013-8-27 22856]

R3 UsbFltr;WayTech USB Filter Driver1;c:\windows\system32\drivers\UsbFltr.sys [2007-4-9 9600]

S3 NisDrv;Microsoft Network Inspection System;c:\windows\system32\drivers\NisDrvWFP.sys [2010-10-24 100328]

S3 NisSrv;Microsoft Network Inspection;c:\program files\microsoft security client\NisSrv.exe [2013-1-27 295232]

S3 NPF;NetGroup Packet Filter Driver;c:\windows\system32\drivers\npf.sys [2010-6-25 35088]

.

=============== Created Last 30 ================

.

2013-09-03 18:42:20 7166848 ----a-w- c:\programdata\microsoft\microsoft antimalware\definition updates\{cf99b6f8-5fdd-4e51-a07b-97f297eddacd}\mpengine.dll

2013-09-02 16:12:34 7166848 ------w- c:\programdata\microsoft\microsoft antimalware\definition updates\backup\mpengine.dll

2013-08-30 18:58:47 -------- d-----w- c:\users\jon\appdata\local\Microsoft Corporation

2013-08-30 18:56:49 -------- d-----w- c:\program files\Microsoft Windows 7 Upgrade Advisor

2013-08-27 16:52:50 22856 ----a-w- c:\windows\system32\drivers\mbam.sys

2013-08-27 16:52:50 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware

2013-08-15 15:15:15 -------- d-----w- c:\windows\system32\MRT

.

==================== Find3M  ====================

.

.

[pleasehelpme01]

And heres attach txt.

 

DDS (Ver_2012-11-20.01)

.

Microsoft® Windows Vista™ Home Premium 

Boot Device: \Device\HarddiskVolume1

Install Date: 5/11/2007 6:07:25 PM

System Uptime: 9/3/2013 2:22:11 PM (7 hours ago)

.

Motherboard: ASUSTek Computer INC. |  | NARRA2

Processor: AMD Athlon 64 X2 Dual Core Processor 4400+ | Socket AM2  | 2300/200mhz

.

==== Disk Partitions =========================

.

C: is FIXED (NTFS) - 289 GiB total, 160.137 GiB free.

D: is FIXED (NTFS) - 9 GiB total, 0.998 GiB free.

E: is CDROM ()

G: is Removable

H: is Removable

I: is Removable

J: is Removable

.

==== Disabled Device Manager Items =============

.

==== System Restore Points ===================

.

RP3348: 8/28/2013 1:33:16 PM - Removed Microsoft Office File Validation Add-In

RP3349: 8/28/2013 1:33:41 PM - Removed Microsoft Office Live Add-in 1.4

RP3350: 8/29/2013 8:29:20 AM - Windows Update

RP3351: 8/29/2013 8:36:35 AM - Windows Update

RP3352: 8/30/2013 10:56:27 AM - Windows Update

RP3353: 8/30/2013 11:04:32 AM - Windows Update

RP3354: 8/30/2013 2:54:52 PM - Installed Windows 7 Upgrade Advisor

RP3355: 8/31/2013 10:24:09 AM - Windows Update

RP3356: 8/31/2013 12:06:09 PM - Windows Update

RP3357: 9/1/2013 10:40:27 AM - Windows Update

RP3358: 9/1/2013 12:14:35 PM - Windows Update

RP3359: 9/2/2013 11:05:12 AM - Windows Update

RP3360: 9/2/2013 12:11:06 PM - Windows Update

RP3361: 9/3/2013 11:34:12 AM - Windows Update

RP3362: 9/3/2013 2:38:47 PM - Windows Update

.

==== Installed Programs ======================

.

 Update for Microsoft Office 2007 (KB2508958)

Acrobat.com

Activation Assistant for the 2007 Microsoft Office suites

Adobe AIR

Adobe Flash Player 10 Plugin

Adobe Flash Player 11 ActiveX

Adobe Reader 9.5.4

AOL Toolbar

AOL Uninstaller (Choose which Products to Remove)

Apple Application Support

Apple Mobile Device Support

Apple Software Update

ArcadeCandy

AutoUpdate

Babylon toolbar on IE

BabylonObjectInstaller

Bonjour

CCleaner

Charter Browser Updater

Complitly

Digital Photo Navigator 1.5

DivX Codec

DivX Content Uploader

DivX Converter

DivX Player

DivX Web Player

Download Updater (AOL LLC)

Enhanced Multimedia Keyboard Solution

ffdshow [rev 2527] [2008-12-19]

flvto.com Freecorder Toolbar

Freecorder 5

Google Chrome

Google Updater

Haali Media Splitter

Handbrake 2.4.1

Hotfix for Microsoft .NET Framework 3.5 SP1 (KB953595)

Hotfix for Microsoft .NET Framework 3.5 SP1 (KB958484)

HP Advisor

HP Customer Experience Enhancements

HP Customer Feedback

HP Easy Setup - Frontend

HP On-Screen Cap/Num/Scroll Lock Indicator

HP Photosmart Essential 2.0

HP Photosmart Essential2.5

HP Picasso Media Center Add-In

HP Update

Hyplay

ImageMixer VCD for FinePix

iTunes

Java 7 Update 21

Java Auto Updater

Java 6 Update 2

Java 6 Update 3

Java 6 Update 7

LightScribe  1.4.142.1

Malwarebytes Anti-Malware version 1.75.0.1300

Microsoft .NET Framework 3.5 SP1

Microsoft Application Error Reporting

Microsoft Games for Windows - LIVE Redistributable

Microsoft Games for Windows Marketplace

Microsoft IntelliPoint 6.2

Microsoft Office 2007 Service Pack 3 (SP3)

Microsoft Office Excel MUI (English) 2007

Microsoft Office Home and Student 2007

Microsoft Office OneNote MUI (English) 2007

Microsoft Office PowerPoint MUI (English) 2007

Microsoft Office Proof (English) 2007

Microsoft Office Proof (French) 2007

Microsoft Office Proof (Spanish) 2007

Microsoft Office Proofing (English) 2007

Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)

Microsoft Office Shared MUI (English) 2007

Microsoft Office Shared Setup Metadata MUI (English) 2007

Microsoft Office Word MUI (English) 2007

Microsoft Security Client

Microsoft Security Essentials

Microsoft Silverlight

Microsoft VC9 runtime libraries

Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053

Microsoft Visual C++ 2005 Redistributable

Microsoft Visual C++ 2008 ATL Update kb973924 - x86 9.0.30729.4148

Microsoft Visual C++ 2008 Redistributable - KB2467174 - x86 9.0.30729.5570

Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022

Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17

Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148

Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161

Microsoft Works

MobileMe Control Panel

Move Networks Media Player for Internet Explorer

MSXML 4.0 SP2 (KB936181)

MSXML 4.0 SP2 (KB941833)

MSXML 4.0 SP2 (KB954430)

MSXML 4.0 SP2 (KB973688)

muvee autoProducer 6.0

NVIDIA Drivers

OGA Notifier 2.0.0048.0

OpenOffice.org 3.3

PowerCinema NE for Everio

PowerDirector Express

PowerProducer

PSSWCORE

Python 2.4.3

QuickTime

RealPlayer

Realtek High Definition Audio Driver

Rhapsody

Rhapsody Player Engine

Roxio Activation Module

Roxio Creator Audio

Roxio Creator Basic v9

Roxio Creator Copy

Roxio Creator Data

Roxio Creator EasyArchive

Roxio Creator Tools

Roxio Express Labeler 3

RTC Client API v1.2

SAMSUNG Mobile USB DRIVER(4.40.7.0) v1.6

Security Update for CAPICOM (KB931906)

Security Update for Microsoft .NET Framework 3.5 SP1 (KB2416473)

Security Update for Microsoft Office 2007 suites (KB2596615) 32-Bit Edition 

Security Update for Microsoft Office 2007 suites (KB2596744) 32-Bit Edition 

Security Update for Microsoft Office 2007 suites (KB2596754) 32-Bit Edition 

Security Update for Microsoft Office 2007 suites (KB2596785) 32-Bit Edition

Security Update for Microsoft Office 2007 suites (KB2596792) 32-Bit Edition

Security Update for Microsoft Office 2007 suites (KB2596871) 32-Bit Edition

Security Update for Microsoft Office 2007 suites (KB2597969) 32-Bit Edition

Security Update for Microsoft Office 2007 suites (KB2687309) 32-Bit Edition 

Security Update for Microsoft Office 2007 suites (KB2687311) 32-Bit Edition 

Security Update for Microsoft Office 2007 suites (KB2687441) 32-Bit Edition 

Security Update for Microsoft Office 2007 suites (KB2760416) 32-Bit Edition 

Security Update for Microsoft Office Excel 2007 (KB2687307) 32-Bit Edition 

Security Update for Microsoft Office InfoPath 2007 (KB2687440) 32-Bit Edition 

Security Update for Microsoft Office PowerPoint 2007 (KB2596764) 32-Bit Edition

Security Update for Microsoft Office PowerPoint 2007 (KB2596912) 32-Bit Edition

Security Update for Microsoft Office Word 2007 (KB2760421) 32-Bit Edition 

Snap.Do

Snapfish Media Detector

Soft Data Fax Modem with SmartCP

System Requirements Lab CYRI

TomTom HOME 2.5.2.60

Uniblue SpeedUpMyPC 2009

Uninstall Dual Mode Camera (ST606)

Update for 2007 Microsoft Office System (KB967642)

Update for Microsoft .NET Framework 3.5 SP1 (KB963707)

Update for Microsoft Office 2007 Help for Common Features (KB963673)

Update for Microsoft Office 2007 suites (KB2596620) 32-Bit Edition

Update for Microsoft Office 2007 suites (KB2596660) 32-Bit Edition

Update for Microsoft Office 2007 suites (KB2596848) 32-Bit Edition

Update for Microsoft Office 2007 suites (KB2767849) 32-Bit Edition

Update for Microsoft Office 2007 suites (KB2767916) 32-Bit Edition

Update for Microsoft Office Excel 2007 Help (KB963678)

Update for Microsoft Office Powerpoint 2007 Help (KB963669)

Update for Microsoft Office Script Editor Help (KB963671)

Update for Microsoft Office Word 2007 Help (KB963665)

USB Driver

VC_MergeModuleToMSI

Viewpoint Media Player

Vivitar Experience Image Manager

Wallpaper Changer App

Walmart Digital Photo Manager

Watchtower Library 2009 - English

Watchtower Library 2010 - English

WebEx Support Manager for Internet Explorer

Windows 7 Upgrade Advisor

Windows Genuine Advantage Notifications (KB905474)

Windows Live ID Sign-in Assistant

Windows Mobile Device Center

WinPcap 3.1

.

==== Event Viewer Messages From Past Week ========

.

9/3/2013 2:48:58 PM, Error: Microsoft-Windows-WindowsUpdateClient [20]  - Installation Failure: Windows failed to install the following update with error 0x80070643: Definition Update for Microsoft Security Essentials - KB2310138 (Definition 1.157.1049.0).

9/3/2013 2:47:43 PM, Error: Microsoft Antimalware [2001]  - Microsoft Antimalware has encountered an error trying to update signatures.   New Signature Version:   Previous Signature Version: 1.157.1049.0   Update Source: Microsoft Update Server   Update Stage: Install   Source Path: http://www.microsoft.com   Signature Type: AntiVirus   Update Type: Full   User: NT AUTHORITY\SYSTEM   Current Engine Version:   Previous Engine Version: 1.1.9800.0   Error code: 0x80070643   Error description: Fatal error during installation. 

9/3/2013 2:47:39 PM, Error: Microsoft Antimalware [2003]  - Microsoft Antimalware has encountered an error trying to update the engine.   New Engine Version:   Previous Engine Version: 2.0.8001.0   Engine Type: Network Inspection System   User: NT AUTHORITY\SYSTEM   Error Code: 0x8007042c   Error description: The dependency service or group failed to start. 

9/3/2013 2:47:39 PM, Error: Microsoft Antimalware [2001]  - Microsoft Antimalware has encountered an error trying to update signatures.   New Signature Version:   Previous Signature Version: 11.159.0.0   Update Source: User   Update Stage: Install   Source Path:   Signature Type: Network Inspection System   Update Type: Full   User: NT AUTHORITY\SYSTEM   Current Engine Version:   Previous Engine Version: 2.0.8001.0   Error code: 0x8007042c   Error description: The dependency service or group failed to start. 

9/2/2013 12:19:26 PM, Error: Microsoft-Windows-WindowsUpdateClient [20]  - Installation Failure: Windows failed to install the following update with error 0x80070643: Definition Update for Microsoft Security Essentials - KB2310138 (Definition 1.157.982.0).

9/2/2013 12:17:13 PM, Error: Microsoft Antimalware [2001]  - Microsoft Antimalware has encountered an error trying to update signatures.   New Signature Version:   Previous Signature Version: 1.157.982.0   Update Source: Microsoft Update Server   Update Stage: Install   Source Path: http://www.microsoft.com   Signature Type: AntiVirus   Update Type: Full   User: NT AUTHORITY\SYSTEM   Current Engine Version:   Previous Engine Version: 1.1.9800.0   Error code: 0x80070643   Error description: Fatal error during installation. 

9/2/2013 12:17:12 PM, Error: Microsoft Antimalware [2003]  - Microsoft Antimalware has encountered an error trying to update the engine.   New Engine Version:   Previous Engine Version: 2.0.8001.0   Engine Type: Network Inspection System   User: NT AUTHORITY\SYSTEM   Error Code: 0x8007042c   Error description: The dependency service or group failed to start. 

9/2/2013 12:17:12 PM, Error: Microsoft Antimalware [2001]  - Microsoft Antimalware has encountered an error trying to update signatures.   New Signature Version:   Previous Signature Version: 11.159.0.0   Update Source: User   Update Stage: Install   Source Path:   Signature Type: Network Inspection System   Update Type: Full   User: NT AUTHORITY\SYSTEM   Current Engine Version:   Previous Engine Version: 2.0.8001.0   Error code: 0x8007042c   Error description: The dependency service or group failed to start. 

9/1/2013 12:22:05 PM, Error: Microsoft-Windows-WindowsUpdateClient [20]  - Installation Failure: Windows failed to install the following update with error 0x80070643: Definition Update for Microsoft Security Essentials - KB2310138 (Definition 1.157.915.0).

9/1/2013 12:20:14 PM, Error: Microsoft Antimalware [2001]  - Microsoft Antimalware has encountered an error trying to update signatures.   New Signature Version:   Previous Signature Version: 1.157.915.0   Update Source: Microsoft Update Server   Update Stage: Install   Source Path: http://www.microsoft.com   Signature Type: AntiVirus   Update Type: Full   User: NT AUTHORITY\SYSTEM   Current Engine Version:   Previous Engine Version: 1.1.9800.0   Error code: 0x80070643   Error description: Fatal error during installation. 

9/1/2013 12:20:10 PM, Error: Microsoft Antimalware [2003]  - Microsoft Antimalware has encountered an error trying to update the engine.   New Engine Version:   Previous Engine Version: 2.0.8001.0   Engine Type: Network Inspection System   User: NT AUTHORITY\SYSTEM   Error Code: 0x8007042c   Error description: The dependency service or group failed to start. 

9/1/2013 12:20:10 PM, Error: Microsoft Antimalware [2001]  - Microsoft Antimalware has encountered an error trying to update signatures.   New Signature Version:   Previous Signature Version: 11.159.0.0   Update Source: User   Update Stage: Install   Source Path:   Signature Type: Network Inspection System   Update Type: Full   User: NT AUTHORITY\SYSTEM   Current Engine Version:   Previous Engine Version: 2.0.8001.0   Error code: 0x8007042c   Error description: The dependency service or group failed to start. 

8/31/2013 12:22:25 PM, Error: Microsoft-Windows-WindowsUpdateClient [20]  - Installation Failure: Windows failed to install the following update with error 0x80070643: Definition Update for Microsoft Security Essentials - KB2310138 (Definition 1.157.874.0).

8/31/2013 12:19:45 PM, Error: Microsoft Antimalware [2001]  - Microsoft Antimalware has encountered an error trying to update signatures.   New Signature Version:   Previous Signature Version: 1.157.874.0   Update Source: Microsoft Update Server   Update Stage: Install   Source Path: http://www.microsoft.com   Signature Type: AntiVirus   Update Type: Full   User: NT AUTHORITY\SYSTEM   Current Engine Version:   Previous Engine Version: 1.1.9800.0   Error code: 0x80070643   Error description: Fatal error during installation. 

8/31/2013 12:19:40 PM, Error: Microsoft Antimalware [2003]  - Microsoft Antimalware has encountered an error trying to update the engine.   New Engine Version:   Previous Engine Version: 2.0.8001.0   Engine Type: Network Inspection System   User: NT AUTHORITY\SYSTEM   Error Code: 0x8007042c   Error description: The dependency service or group failed to start. 

8/31/2013 12:19:40 PM, Error: Microsoft Antimalware [2001]  - Microsoft Antimalware has encountered an error trying to update signatures.   New Signature Version:   Previous Signature Version: 11.159.0.0   Update Source: User   Update Stage: Install   Source Path:   Signature Type: Network Inspection System   Update Type: Full   User: NT AUTHORITY\SYSTEM   Current Engine Version:   Previous Engine Version: 2.0.8001.0   Error code: 0x8007042c   Error description: The dependency service or group failed to start. 

8/31/2013 10:20:04 AM, Error: EventLog [6008]  - The previous system shutdown at 8:07:00 PM on 8/30/2013 was unexpected.

8/30/2013 11:15:29 AM, Error: Service Control Manager [7009]  - A timeout was reached (30000 milliseconds) while waiting for the Windows Search service to connect.

8/30/2013 11:15:29 AM, Error: Service Control Manager [7000]  - The Windows Search service failed to start due to the following error:  The service did not respond to the start or control request in a timely fashion.

8/30/2013 11:15:29 AM, Error: Microsoft-Windows-DistributedCOM [10005]  - DCOM got error "1053" attempting to start the service WSearch with arguments "" in order to run the server: {7D096C5F-AC08-4F1F-BEB7-5C22C517CE39}

8/30/2013 11:13:57 AM, Error: Microsoft-Windows-WindowsUpdateClient [20]  - Installation Failure: Windows failed to install the following update with error 0x80070643: Definition Update for Microsoft Security Essentials - KB2310138 (Definition 1.157.797.0).

8/30/2013 11:11:01 AM, Error: Microsoft Antimalware [2001]  - Microsoft Antimalware has encountered an error trying to update signatures.   New Signature Version:   Previous Signature Version: 1.157.797.0   Update Source: Microsoft Update Server   Update Stage: Install   Source Path: http://www.microsoft.com   Signature Type: AntiVirus   Update Type: Full   User: NT AUTHORITY\SYSTEM   Current Engine Version:   Previous Engine Version: 1.1.9800.0   Error code: 0x80070643   Error description: Fatal error during installation. 

8/30/2013 11:11:00 AM, Error: Microsoft Antimalware [2003]  - Microsoft Antimalware has encountered an error trying to update the engine.   New Engine Version:   Previous Engine Version: 2.0.8001.0   Engine Type: Network Inspection System   User: NT AUTHORITY\SYSTEM   Error Code: 0x8007042c   Error description: The dependency service or group failed to start. 

8/30/2013 11:11:00 AM, Error: Microsoft Antimalware [2001]  - Microsoft Antimalware has encountered an error trying to update signatures.   New Signature Version:   Previous Signature Version: 11.159.0.0   Update Source: User   Update Stage: Install   Source Path:   Signature Type: Network Inspection System   Update Type: Full   User: NT AUTHORITY\SYSTEM   Current Engine Version:   Previous Engine Version: 2.0.8001.0   Error code: 0x8007042c   Error description: The dependency service or group failed to start. 

8/29/2013 8:43:42 AM, Error: Microsoft-Windows-WindowsUpdateClient [20]  - Installation Failure: Windows failed to install the following update with error 0x80070643: Definition Update for Microsoft Security Essentials - KB2310138 (Definition 1.157.699.0).

8/29/2013 8:42:27 AM, Error: Microsoft Antimalware [2003]  - Microsoft Antimalware has encountered an error trying to update the engine.   New Engine Version:   Previous Engine Version: 2.0.8001.0   Engine Type: Network Inspection System   User: NT AUTHORITY\SYSTEM   Error Code: 0x8007042c   Error description: The dependency service or group failed to start. 

8/29/2013 8:42:27 AM, Error: Microsoft Antimalware [2001]  - Microsoft Antimalware has encountered an error trying to update signatures.   New Signature Version:   Previous Signature Version: 11.159.0.0   Update Source: User   Update Stage: Install   Source Path:   Signature Type: Network Inspection System   Update Type: Full   User: NT AUTHORITY\SYSTEM   Current Engine Version:   Previous Engine Version: 2.0.8001.0   Error code: 0x8007042c   Error description: The dependency service or group failed to start. 

8/29/2013 8:42:27 AM, Error: Microsoft Antimalware [2001]  - Microsoft Antimalware has encountered an error trying to update signatures.   New Signature Version:   Previous Signature Version: 1.157.699.0   Update Source: Microsoft Update Server   Update Stage: Install   Source Path: http://www.microsoft.com   Signature Type: AntiVirus   Update Type: Full   User: NT AUTHORITY\SYSTEM   Current Engine Version:   Previous Engine Version: 1.1.9800.0   Error code: 0x80070643   Error description: Fatal error during installation. 

8/27/2013 9:53:23 PM, Error: Microsoft-Windows-WindowsUpdateClient [20]  - Installation Failure: Windows failed to install the following update with error 0x80070643: Definition Update for Microsoft Security Essentials - KB2310138 (Definition 1.157.559.0).

8/27/2013 9:51:52 PM, Error: Microsoft Antimalware [2001]  - Microsoft Antimalware has encountered an error trying to update signatures.   New Signature Version:   Previous Signature Version: 1.157.559.0   Update Source: Microsoft Update Server   Update Stage: Install   Source Path: http://www.microsoft.com   Signature Type: AntiVirus   Update Type: Full   User: NT AUTHORITY\SYSTEM   Current Engine Version:   Previous Engine Version: 1.1.9800.0   Error code: 0x80070643   Error description: Fatal error during installation. 

8/27/2013 9:51:48 PM, Error: Microsoft Antimalware [2003]  - Microsoft Antimalware has encountered an error trying to update the engine.   New Engine Version:   Previous Engine Version: 2.0.8001.0   Engine Type: Network Inspection System   User: NT AUTHORITY\SYSTEM   Error Code: 0x8007042c   Error description: The dependency service or group failed to start. 

8/27/2013 9:51:48 PM, Error: Microsoft Antimalware [2001]  - Microsoft Antimalware has encountered an error trying to update signatures.   New Signature Version:   Previous Signature Version: 11.159.0.0   Update Source: User   Update Stage: Install   Source Path:   Signature Type: Network Inspection System   Update Type: Full   User: NT AUTHORITY\SYSTEM   Current Engine Version:   Previous Engine Version: 2.0.8001.0   Error code: 0x8007042c   Error description: The dependency service or group failed to start. 

8/27/2013 3:31:37 PM, Error: Service Control Manager [7011]  - A timeout (30000 milliseconds) was reached while waiting for a transaction response from the fdPHost service.

8/27/2013 3:29:44 PM, Error: EventLog [6008]  - The previous system shutdown at 1:24:00 PM on 8/27/2013 was unexpected.

8/27/2013 10:45:23 AM, Error: Microsoft-Windows-WindowsUpdateClient [20]  - Installation Failure: Windows failed to install the following update with error 0x80070643: Microsoft .NET Framework 1.1 Service Pack 1.

8/27/2013 10:36:55 AM, Error: Service Control Manager [7026]  - The following boot-start or system-start driver(s) failed to load:  i8042prt

8/27/2013 10:36:55 AM, Error: Service Control Manager [7009]  - A timeout was reached (30000 milliseconds) while waiting for the Computer Backup (MyPC Backup) service to connect.

8/27/2013 10:36:55 AM, Error: Service Control Manager [7000]  - The Parallel port driver service failed to start due to the following error:  The service cannot be started, either because it is disabled or because it has no enabled devices associated with it.

8/27/2013 10:36:55 AM, Error: Service Control Manager [7000]  - The Computer Backup (MyPC Backup) service failed to start due to the following error:  The service did not respond to the start or control request in a timely fashion.

8/27/2013 10:35:13 AM, Error: Microsoft-Windows-PrintSpooler [72]  - Windows could not initialize printer Microsoft Office Document Image Writer because the print processor ModiPrint could not be found. Please obtain and install a new version of the driver from the manufacturer (if available), or choose an alternate driver that works with this print device.

8/27/2013 10:35:13 AM, Error: Microsoft-Windows-PrintSpooler [23]  - Printer Microsoft Office Document Image Writer failed to initialize because a suitable Microsoft Office Document Image Writer Driver driver could not be found. The new printer settings that you specified have not taken effect. Install or reinstall the printer driver. You might need to contact the vendor for an updated driver.

8/27/2013 10:35:13 AM, Error: Microsoft-Windows-PrintSpooler [23]  - Printer hp psc 2170 series failed to initialize because a suitable hp psc 2170 series driver could not be found. The new printer settings that you specified have not taken effect. Install or reinstall the printer driver. You might need to contact the vendor for an updated driver.

.

==== End Of File ===========================

[pleasehelpme01]

Here's the rougekiller report:

 

Operating System : Windows Vista (6.0.6001 Service Pack 1) 32 bits version

Started in : Normal mode

User : Jon [Admin rights]

Mode : Scan -- Date : 09/04/2013 09:50:58

| ARK || FAK || MBR |

 

¤¤¤ Bad processes : 0 ¤¤¤

 

¤¤¤ Registry Entries : 10 ¤¤¤

[RUN][sUSP PATH] HKCU\[...]\Run : Google Update ("C:\Users\Jon\AppData\Local\Google\Update\GoogleUpdate.exe" /c [7]) -> FOUND

[RUN][sUSP PATH] HKUS\S-1-5-21-2815645520-2284376448-706021650-1000\[...]\Run : Google Update ("C:\Users\Jon\AppData\Local\Google\Update\GoogleUpdate.exe" /c [7]) -> FOUND

[sHELL][sUSP PATH] HKCU\[...]\Windows : load (C:\Users\Jon\LOCALS~1\Temp\msyusoyw.scr [x]) -> FOUND

[sHELL][sUSP PATH] HKUS\[...]\Windows : load (C:\Users\Jon\LOCALS~1\Temp\msyusoyw.scr [x]) -> FOUND

[HJ] HKLM\[...]\SystemRestore : DisableSR (1) -> FOUND

[HJ SMENU] HKCU\[...]\Advanced : Start_ShowRecentDocs (0) -> FOUND

[HJ SMENU] HKCU\[...]\Advanced : Start_ShowMyPics (0) -> FOUND

[HJ SMENU] HKCU\[...]\Advanced : Start_ShowPrinters (0) -> FOUND

[HJ DESK] HKLM\[...]\NewStartPanel : {59031a47-3f72-44a7-89c5-5595fe6b30ee} (1) -> FOUND

[HJ DESK] HKLM\[...]\NewStartPanel : {20D04FE0-3AEA-1069-A2D8-08002B30309D} (1) -> FOUND

 

¤¤¤ Scheduled tasks : 4 ¤¤¤

[V1][sUSP PATH] GoogleUpdateTaskUserS-1-5-21-2815645520-2284376448-706021650-1000UA.job : C:\Users\Jon\AppData\Local\Google\Update\GoogleUpdate.exe - /ua /installsource scheduler [7][x] -> FOUND

[V1][sUSP PATH] GoogleUpdateTaskUserS-1-5-21-2815645520-2284376448-706021650-1000Core.job : C:\Users\Jon\AppData\Local\Google\Update\GoogleUpdate.exe - /c [7] -> FOUND

[V2][sUSP PATH] GoogleUpdateTaskUserS-1-5-21-2815645520-2284376448-706021650-1000Core : C:\Users\Jon\AppData\Local\Google\Update\GoogleUpdate.exe - /c [7] -> FOUND

[V2][sUSP PATH] GoogleUpdateTaskUserS-1-5-21-2815645520-2284376448-706021650-1000UA : C:\Users\Jon\AppData\Local\Google\Update\GoogleUpdate.exe - /ua /installsource scheduler [7][x] -> FOUND

 

¤¤¤ Startup Entries : 0 ¤¤¤

 

¤¤¤ Web browsers : 0 ¤¤¤

 

¤¤¤ Particular Files / Folders: ¤¤¤

 

¤¤¤ Driver : [LOADED] ¤¤¤

[Address] IRP[iRP_MJ_CREATE] : C:\Windows\System32\drivers\mountmgr.sys -> HOOKED ([Address] C:\Windows\system32\drivers\ataport.SYS @ 0x807290FC)

[Address] IRP[iRP_MJ_CLOSE] : C:\Windows\System32\drivers\mountmgr.sys -> HOOKED ([Address] C:\Windows\system32\drivers\ataport.SYS @ 0x807290FC)

[Address] IRP[iRP_MJ_DEVICE_CONTROL] : C:\Windows\System32\drivers\mountmgr.sys -> HOOKED ([Address] C:\Windows\system32\drivers\ataport.SYS @ 0x807179D6)

[Address] IRP[iRP_MJ_INTERNAL_DEVICE_CONTROL] : C:\Windows\System32\drivers\mountmgr.sys -> HOOKED ([Address] C:\Windows\system32\drivers\ataport.SYS @ 0x807179A8)

[Address] IRP[iRP_MJ_POWER] : C:\Windows\System32\drivers\mountmgr.sys -> HOOKED ([Address] C:\Windows\system32\drivers\ataport.SYS @ 0x80717A04)

[Address] IRP[iRP_MJ_SYSTEM_CONTROL] : C:\Windows\System32\drivers\mountmgr.sys -> HOOKED ([Address] C:\Windows\system32\drivers\ataport.SYS @ 0x80724B70)

[Address] IRP[iRP_MJ_PNP] : C:\Windows\System32\drivers\mountmgr.sys -> HOOKED ([Address] C:\Windows\system32\drivers\ataport.SYS @ 0x80724B3C)

 

¤¤¤ External Hives: ¤¤¤

 

¤¤¤ Infection :  ¤¤¤

 

¤¤¤ HOSTS File: ¤¤¤

--> %SystemRoot%\System32\drivers\etc\hosts

 

 

127.0.0.1       localhost

::1             localhost

 

 

¤¤¤ MBR Check: ¤¤¤

 

+++++ PhysicalDrive0: ST332082 0AS SCSI Disk Device +++++

--- User ---

[MBR] 43742b29363ef826c3b6ec43a6291673

[bSP] 2552b2d2227b2ea2b3c92a526a1a6f5d : MBR Code unknown

Partition table:

0 - [ACTIVE] NTFS (0x07) [VISIBLE] Offset (sectors): 63 | Size: 296250 Mo

1 - [XXXXXX] NTFS (0x07) [VISIBLE] Offset (sectors): 606720240 | Size: 8992 Mo

User = LL1 ... OK!

Error reading LL2 MBR!

 

Finished : << RKreport[0]_S_09042013_095058.txt >>

[MrCharlie]

Run RogueKiller again and click Scan

When the scan completes > click on the Registry tab

Put a check next to all of these and uncheck the rest: (if found)

 

[sHELL][sUSP PATH] HKCU\[...]\Windows : load (C:\Users\Jon\LOCALS~1\Temp\msyusoyw.scr [x]) -> FOUND

[sHELL][sUSP PATH] HKUS\[...]\Windows : load (C:\Users\Jon\LOCALS~1\Temp\msyusoyw.scr [x]) -> FOUND

Now click Delete on the right hand column under Options

-------------

Download Malwarebytes Anti-Rootkit from HERE

• Unzip the contents to a folder in a convenient location.
• Open the folder where the contents were unzipped and run mbar.exe
• Follow the instructions in the wizard to update and allow the program to scan your computer for threats.
• Click on the Cleanup button to remove any threats and reboot if prompted to do so.
• Wait while the system shuts down and the cleanup process is performed.
• Perform another scan with Malwarebytes Anti-Rootkit to verify that no threats remain. If they do, then click Cleanup once more and repeat the process.
• When done, please post the two logs produced they will be in the MBAR folder..... mbar-log.txt and system-log.txt

To attach a log if needed:

Bottom right corner of this page.

New window that comes up.

~~~~~~~~~~~~~~~~~~~~~~~

Note:

If no additional threats were found, verify that your system is now running normally, making sure that the following items are functional:

Internet access

Windows Update

Windows Firewall

If there are additional problems with your system, such as any of those listed above or other system issues, then run the fixdamage tool included with Malwarebytes Anti-Rootkit and reboot. It's located in the Plugins folder which is in the MBAR folder.

Just run fixdamage.exe.

Verify that they are now functioning normally.

MrC

[pleasehelpme01]

I attached both mbar logs just in case you wanted to see them both. No additional threats were found and internet access,

windows update and windows firewall werent affected. So does this mean my computer is clean and I can use it again to input private information needed for things like online banking?

 

Thank you for your help and your time.

mbar-log-2013-09-04 (10-31-20).txt

mbar-log-2013-09-04 (11-10-51).txt

system-log.txt

[MrCharlie]

Here's the warning given to people who are infected with ZA:

 

You're infected with Rootkit.ZeroAccess, a BackDoor Trojan.

BACKDOOR WARNING

------------------------------

One or more of the identified infections is known to use a backdoor.

This allows hackers to remotely control your computer, steal critical system information and download and execute files.

I would advice you to disconnect this PC from the Internet immediately. If you do any banking or other financial transactions on the PC or if it should contain any other sensitive information, please get to a known clean computer and change all passwords where applicable, and it would be wise to contact those same financial institutions to apprise them of your situation.

Though the infection has been identified and because of it's backdoor functionality, your PC is very likely compromised and there is no way to be sure your computer can ever again be trusted. Many experts in the security community believe that once infected with this type of trojan, the best course of action would be a reformat and reinstall of the OS. Please read these for more information:

How Do I Handle Possible Identify Theft, Internet Fraud and CC Fraud?

http://www.dslreports.com/faq/10451

When Should I Format, How Should I Reinstall

http://www.dslreports.com/faq/10063

I will try my best to clean this machine but I can't guarantee that it will be 100% secure afterwards.

I would change all my passwords and keep a close eye on all your sensitive accounts.

----------------------------------------

Lets run a couple of more scans......

Please download and run ComboFix.

The most important things to remember when running it is to disable all your malware programs and run Combofix from your desktop.

Please visit this webpage for download links, and instructions for running ComboFix

http://www.bleepingcomputer.com/combofix/how-to-use-combofix

Ensure you have disabled all anti virus and anti malware programs so they do not interfere with the running of ComboFix.

Information on disabling your malware programs can be found Here.

Make sure you run ComboFix from your desktop.

Give it at least 30-45 minutes to finish if needed.

Please include the C:\ComboFix.txt in your next reply for further review.

 

---------->NOTE<----------

If you get the message Illegal operation attempted on registry key that has been marked for deletion after you run ComboFix....please reboot the computer, this should resolve the problem. You may have to do this several times if needed.

MrC

[pleasehelpme01]

Heres the combo fix log. But i've completely read the article from the link you providied earlier, and I don't know if just removing these viruses and malware is going to be enough to have a "secure" computer again. Do you think I should just take my computer to a computer specialist and have them do a reformat and reinstall because I'd really like to trust my computer and I dont have the disks to do it myself.

 

But then again I've probably had these viruses for months if not years because i've looked at my update history and for some reason alot of updates have been failing specifically microsoft.netframework1.1 service pack 1 and alot of microsoft security essentials definition updates. I don't know if this is because a virus or my computer just sucks.

 

But anyway the viruses I've had on my computer have never affected my banking or credit card account because I've spotted no irregularities or large purchases without my approval when the bills and statements finnally came. I don't know if this is because I have my router and firewall always running which might help prevent this or its because of something else.

 

What do you think? Should i pay like 50-100 bucks to get the computer refromated and reinstalled or should I with a lot of help continue to try to disinfect the computer.

 

Thank you for your continued help and assistance.

ComboFix.txt

[MrCharlie]

Well I'm obligated to inform you about the infection you have.

I think you'll be OK after we clean it all up but I can't guarantee that, you never know what was left behind.

Change all you passwords and keep a close eye on all you sensitive accounts.

----------------------------------------------------

Did you set up this proxy or do you recognize it:

uInternet Settings,ProxyOverride = <-loopback>

uInternet Settings,ProxyServer = http=127.0.0.1:49318;https=127.0.0.1:49318;

--------------------------------------------------

Next.......

Please download AdwCleaner by Xplode and save to your Desktop.

• Double click on AdwCleaner.exe to run the tool.

  Vista/Windows 7/8 users right-click and select Run As Administrator

• Click on the Scan button.
• AdwCleaner will begin...be patient as the scan may take some time to complete.
• When it's done you'll see: Pending: Please uncheck elements you don't want removed.
• Now click on the Report button...a logfile (AdwCleaner[R0].txt) will open in Notepad for review.
• Look over the log especially under Files/Folders for any program you want to save.
• If there's a program you want to save, just uncheck it from AdwCleaner.
• If you're not sure, post the log for review.
• If you're ready to clean it all up.....click the Clean button.
• After rebooting, a logfile report (AdwCleaner[s0].txt) will open automatically.
• Copy and paste the contents of that logfile in your next reply.
• A copy of that logfile will also be saved in the C:\AdwCleaner folder.
• Items that are deleted are moved to the Quarantine Folder: C:\AdwCleaner\Quarantine
• To restore an item that has been deleted:
• Go to Tools > Quarantine Manager > check what you want restored > now click on Restore.

Then..................

Open up Malwarebytes > Settings Tab > Scanner Settings > Under action for PUP > Select Show in Results List and Check for removal.

Please Update and run a Quick Scan with Malwarebytes Anti-Malware, post the report.

Make sure that everything is checked, and click Remove Selected.

Please let me know how computer is running now, MrC

[pleasehelpme01]

I apoligise for not replying sooner. I decided to try to disinfect my computer, I'll just use it to surf the web and when I have to input private information I'll just use my xbox 360 as it is relativeley secure because it uses a diffirent O.S.  then a pc. As for those 2 proxys I have no idea what those are. I assume its probably bad, how would I remove the 2 proxys?

 

I didn't know whether or not to delete some of the things listed on the registry. So I was wondering if you would look over the attached adwcleaner document and see if it was safe to delete the things I didn't think was a good idea to delete. 

 

 

AdwCleanerS0.txt

[MrCharlie]

Go back and delete everything, it's all adware/spyware.

Then run a scan with MB.

For the proxy:
In Internet Explorer go to Tools - Internet Options - Connections Tab - Lan Settings and remove the reference to 127.0.0.1:48318 if there then uncheck "Use a proxy server for your LAN" and check "Automatically detect settings".

MrC

[pleasehelpme01]

Heres the malawarebytes log I didn't delete anything because I didn't know if it was important or not, or if it was safe to do that. Should I delete what came up when I sacnned? Thank you and I apoligise if I took a long to respond.

MBAM-log-2013-09-08 (16-05-29).txt

[MrCharlie]

Yes, delete all of that....MrC

[pleasehelpme01]

Ok, I deleted everything. Is there anything else I need to do to make my computer clean? If not I thank you sincerely for all your assistance and expertise.

[MrCharlie]

Lets check your computers security before you go and we have a little cleanup to do also:

Download Security Check by screen317 from HERE or HERE.

• Save it to your Desktop.
• Double click SecurityCheck.exe and follow the onscreen instructions inside of the black box.
• If you get Unsupported operating system. Aborting now, just reboot and try again.
• A Notepad document should open automatically called checkup.txt.
• Please Post the contents of that document.
• Do Not Attach It!!!

MrC

[MrCharlie]

How are we doing??

Do you still need help or can I close this post??

MrC

[Maurice Naggar]

Due to the lack of feedback this topic is closed to prevent others from posting here. If you need this topic reopened, please send a Private Message to any one of the moderating team members. Please include a link to this thread with your request. This applies only to the originator of this thread.

Other members who need assistance please start your own topic in a new thread. Thanks!