pesky trojan sirefef

Vista Home Premium-Service Pack 2

I've had some experience removing things in the past, but just picked up a bug that won't seem to go away. The good news is I have internet access, access to most antivirus software functioning, but the thing keeps coming back on reload, so I'm in need of some expert help.

I first notice the problem 2 days ago when my MSE went red and when you try and update it, a program attempts to install itself. When you click cancel, it keeps coming back up. I would have to rkill it to get it to go away. I can't recall the exact *.exe as it was a mix mash of letters, and my cleaning since then has at least gotten rid of that. The virus has shut down my ability to activate MSE and I get error messages when I try. So that was my trigger that I was infected. I've run malwarebytes, quick and full scans, MS safety scanner quick and full, and things are found. But upon reload, I run again and still not clean.

Let me know what else you need to know, and special thanks in advance to anyone taking their personal time to help out.

My most recent malwarebytes log:

Malwarebytes Anti-Malware 1.61.0.1400
www.malwarebytes.org

Database version: v2012.06.16.05

Windows Vista Service Pack 2 x86 NTFS
Internet Explorer 9.0.8112.16421
Geoff :: HOME [administrator]

6/18/2012 4:07:06 PM
mbam-log-2012-06-18 (16-07-06).txt

Scan type: Quick scan
Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM
Scan options disabled: P2P
Objects scanned: 262015
Time elapsed: 13 minute(s), 32 second(s)

Memory Processes Detected: 0
(No malicious items detected)

Memory Modules Detected: 0
(No malicious items detected)

Registry Keys Detected: 0
(No malicious items detected)

Registry Values Detected: 0
(No malicious items detected)

Registry Data Items Detected: 0
(No malicious items detected)

Folders Detected: 0
(No malicious items detected)

Files Detected: 3
C:\Windows\Installer\{ae5877c1-20eb-7c5e-2e56-57be7c22be80}\U\00000001.@ (Trojan.Small) -> Quarantined and deleted successfully.
C:\Windows\Installer\{ae5877c1-20eb-7c5e-2e56-57be7c22be80}\U\80000000.@ (Trojan.Sirefef) -> Quarantined and deleted successfully.
C:\Windows\Installer\{ae5877c1-20eb-7c5e-2e56-57be7c22be80}\U\800000cb.@ (Rootkit.0Access) -> Quarantined and deleted successfully.

(end)

Please follow the instructions in ==>This Guide<== starting at Step 6. If you cannot complete a step, skip it and continue.

Once the proper logs are created, then make a NEW TOPIC and post it ==>HERE<== Please include a description of your computer issues, what you have done to resolve them, and a link to this topic.

If you can produce at least some of the logs, then please create the new topic and explain what happens when you try to create the log(s) that you couldn't get. If you cannot produce any of the logs, then still post the topic and explain that you followed the Prep. Guide, were unable to create the logs, and describe what happens when you try to create the logs.

It would be helpful if you post a note here once you have completed the steps in the guide and have started your topic in malware removal. Good luck and be patient.

If HelpBot replies to your topic, PLEASE follow Step One so it will report your topic to the team members.

Finished the Prep Guide and posted new topic in other forum.

Thank you!!

Now that your log is properly posted, you should NOT make further changes to your computer (install/uninstall programs, use special fix tools, delete files, edit the registry, etc) unless advised by a Malware Removal Team member, nor should you continue to ask for help elsewhere. Doing so can result in system changes which may not show it the log you already posted. Further, any modifications you make on your own may cause confusion for the helper assisting you and could complicate the malware removal process which would extend the time it takes to clean your computer.

From this point on the Malware Removal Team should be the only members that you take advice from, until they have verified your log as clean.

Please be patient. It may take a while to get a response because the Malware Removal Team members are very busy working logs posted before yours. They are volunteers who will help you out as soon as possible. Once you have made your post and are waiting, please DO NOT make another reply until it has been responded to by a member of the Malware Removal Team. Generally the staff checks the forum for postings that have 0 replies as this makes it easier for them to identify those who have not been helped. If you post another response there will be 1 reply. A team member, looking for a new log to work may assume another MRL Team member is already assisting you and not open the thread to respond.

ALL logs are answered.

If HelpBot replies to your topic, PLEASE follow Step One so it will report your topic to the team members.

To avoid confusion, I am closing this topic.