Jump to content

request to Move: Computer have a virus and Malaware bytes not working


Recommended Posts

As i said, malawarebytes is not working because of error 372. I cant access my start menu and it because of an antifake virus and malawarebytes is the oly thing that cures my computer i have no idea what to do now It used to crash but i fixed that problem

Plz i just want my start menu back and the virus taken care of. I tried to go to Staples and it was 200 bucks. I Dont have that type of money. I know malwarebytes will work.

As i said best regards,

ThaBeast

Link to post
Share on other sites

Hi,

Download ComboFix from one of these locations:

Link 1

Link 2

* IMPORTANT !!! Save ComboFix.exe to your Desktop

  • Disable your AntiVirus and AntiSpyware applications, usually via a right click on the System Tray icon. They may otherwise interfere with our tools. Here is a guide on how to disable them:
    Click me
    If you can't disable them then just continue on.
  • Double click on ComboFix.exe & follow the prompts.
  • As part of it's process, ComboFix will check to see if the Microsoft Windows Recovery Console is installed. With malware infections being as they are today, it's strongly recommended to have this pre-installed on your machine before doing any malware removal. It will allow you to boot up into a special recovery/repair mode that will allow us to more easily help you should your computer have a problem after an attempted removal of malware.
  • Follow the prompts to allow ComboFix to download and install the Microsoft Windows Recovery Console, and when prompted, agree to the End-User License Agreement to install the Microsoft Windows Recovery Console.

**Please note: If the Microsoft Windows Recovery Console is already installed, ComboFix will continue it's malware removal procedures.

RcAuto1.gif

Once the Microsoft Windows Recovery Console is installed using ComboFix, you should see the following message:

whatnext.png

Click on Yes, to continue scanning for malware.

When finished, it shall produce a log for you. Please include the C:\ComboFix.txt log in your next reply.

Link to post
Share on other sites

Hi,

Run ComboFix again and check if it produced a log file this time. If it did not create a log file, you can follow these instructions instead:

Download OTL to your Desktop

  • Double click on the icon to run it. Make sure all other windows are closed and to let it run uninterrupted.
  • Check the box that says Scan All Users.
  • Under the Custom Scan box paste this in
    netsvcs
    drivers32
    %SYSTEMDRIVE%\*.*
    %systemroot%\*. /mp /s
    CREATERESTOREPOINT
    %systemroot%\System32\config\*.sav
    HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\WindowsUpdate\AU
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WindowsUpdate\Auto Update\Results\Install|LastSuccessTime /rs

  • Click the Quick Scan button. Do not change any settings unless otherwise told to do so. The scan wont take long.
    • When the scan completes, it will open two notepad windows. OTL.Txt and Extras.Txt. These are saved in the same location as OTL.
    • Please copy (Edit->Select All, Edit->Copy) the contents of these files, one at a time and post them in your topic

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

Please download Rootkit Unhooker and save it to your Desktop

  • Double-click on RKUnhookerLE to run it
  • Click the Report tab, then click Scan
  • Check Drivers, Stealth and uncheck the rest
  • Click OK
  • Wait until it's finished and then go to File > Save Report
  • Save the report to your Desktop

Copy the entire contents of the report and paste it in a reply here.

Note - you may get this warning it is ok, just ignore: "Rootkit Unhooker has detected a parasite inside itself!

It is recommended to remove parasite, okay?"

Link to post
Share on other sites

Hi,

Try running ComboFix in Safe Mode.

If that doesn't work, try running OTL in Safe Mode.

If that doesn't work, then try this (NOT in Safe Mode):

Download avz4.zip from HERE

  1. Unzip it to your desktop to a folder named avz4
  2. Double click on AVZ.exe to run it.
  3. Run an update by clicking the Auto Update button on the Right of the Log window: avz-update-button.png
  4. Click Start to begin the update

Note: If you recieve an error message, chose a different source, then click Start again

  1. Start AVZ.
  2. Choose from the menu "File" => "Standard scripts " and mark the "Advanced System Analysis with malware removal mode enabled" check box.
    avz-standardscripts-asa-removal.png
  3. Click on the
Link to post
Share on other sites

Hi,

Follow these first steps on another PC:

First, copy this scan.txt to a USB drive.

Please print these instruction out so that you know what you are doing.

OTLPEStd.exe

Size: 97,697,047b / 93.1Mb

MD5: E29EEBA00CCA665A2F04B8695469D986

  1. Download OTLPEStd.exe to your desktop.
  2. Ensure that you have a blank CD in the drive.
  3. Double click OTLPEStd.exe and this will then open imgburn to burn the file to CD.
  4. Reboot the infected system using the boot CD you just created.
    Note : If you do not know how to set your computer to boot from CD follow the steps here.
  5. As the CD needs to detect your hardware and load the operating system, I would recommend a nice cup of tea whilst it loads. :)
  6. Your system should now display a Reatogo desktop.
    Note : as you are running from CD it is not exactly speedy.
  7. Double-click on the OTLPE icon.
  8. Select the Windows folder of the infected drive if it asks for a location.
  9. When asked "Do you wish to load the remote registry", select Yes.
  10. When asked "Do you wish to load remote user profile(s) for scanning", select Yes.
  11. Ensure the box "Automatically Load All Remaining Users" is checked and press OK.
  12. OTL should now start.
  13. Double-click on the Custom Scans/Fixes box and a message box will popup asking if you want to load a custom scan from a file.
    Select Scan.txt on your USB drive.
  14. Press Run Scan to start the scan.
  15. When finished, the file will be saved in drive C:\OTL.txt.
  16. Copy this file to your USB drive if you do not have internet connection on this system.
  17. Right click the file and select send to : select the USB drive.
  18. Confirm that it has copied to the USB drive by selecting it
  19. You can backup any files that you wish from this OS
  20. Please post the contents of the C:\OTL.txt file in your reply.

Link to post
Share on other sites

  • 2 weeks later...
  • 3 weeks later...

3DVIA player 4.1

Acrobat.com

Adobe AIR

Adobe Flash Player 10 ActiveX

Adobe Reader 9.2

Adobe Shockwave Player 11.5

Agere Systems PCI-SV92PP Soft Modem

AIM 7

AIM Toolbar

Akamai NetSession Interface

AMD Processor Driver

Apple Mobile Device Support

Apple Software Update

ASIO4ALL

Ask Toolbar

BaboViolent 2.11

BitTorrent

Bonjour

CCleaner

CNC DLL Files

Combat Arms

Counter-Strike 2D 0.1.1.8

Counter-Strike: Source

Cross Fire En

Deal or No Deal

Defraggler

Download Updater (AOL LLC)

Dual-Core Optimizer

Easy CD & DVD Creator 6

Fists of Fu

Game Booster

GameTap Web Player

Google Toolbar for Internet Explorer

Google Update Helper

Graboid Video 1.71

Hero_Fighter Toolbar

Hotfix for Microsoft .NET Framework 3.5 SP1 (KB953595)

Hotfix for Microsoft .NET Framework 3.5 SP1 (KB958484)

Hotfix for Windows XP (KB954550-v5)

HP Product Detection

ijji - Gunz

ijji REACTOR

Insurgency

iTunes

Java Auto Updater

Java 6 Update 20

La Tale

Malwarebytes' Anti-Malware

MapleStory

Microsoft .NET Framework 2.0 Service Pack 2

Microsoft .NET Framework 3.0 Service Pack 2

Microsoft .NET Framework 3.5 SP1

Microsoft Halo Trial

Microsoft Kernel-Mode Driver Framework Feature Pack 1.7

Microsoft Office Professional Edition 2003

Microsoft Silverlight

Microsoft Visual C++ 2005 Redistributable

Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17

Mini Fighter

Mozilla Firefox (3.6.10)

MSN Toolbar

MSXML 4.0 SP2 (KB954430)

MSXML 4.0 SP2 (KB973688)

MSXML 4.0 SP2 Parser and SDK

Netmarble NPAPI Plugin Updater Installer

Norton Security Scan

NVIDIA Drivers

NVIDIA nView Desktop Manager

NVIDIA PhysX

OGPlanet Game Launcher

OpenAL

PageRage Toolbar

Pando Media Booster

Parabellum Beta

PC Cleaner (Shareware Release)

PC Connectivity Solution

Perfect Optimizer 5.2

Pirates, Vikings, & Knights II

Playsushi

PowerDVD

PriceGong 1.5.0

PsychoRocket - Joydesk Silly Games

PunkBuster Services

QuickTime

Realtek High Definition Audio Driver

Rumble Fighter

SAMSUNG Mobile Modem Driver Set

Samsung Mobile phone USB driver Software

SAMSUNG Mobile USB Modem 1.0 Software

SAMSUNG Mobile USB Modem Software

Samsung New PC Studio

Samsung New PC Studio USB Driver Installer

SamsungConnectivityCableDriver

Soldier Front

SplashFighters

Steam

STOPzilla

SuddenAttackNA

Super Mario Bros. X version 1.2.2

SUPERAntiSpyware

SweetIM for Messenger 3.0

SweetIM Toolbar for Internet Explorer 3.8

SwitchBlade

Tremulous 1.1.0

True Combat: Elite 0.49

Update for Microsoft .NET Framework 3.5 SP1 (KB963707)

Urban Terror 4.1

Ventrilo Client

VLC media player 1.0.1

WebFldrs XP

WildTangent Games

Windows Driver Package - MobileTop (sshpmdm) Modem (02/23/2007 2.5.0.0)

Windows Driver Package - MobileTop (sshpusb) USB (02/23/2007 2.5.0.0)

Windows Driver Package - Nokia pccsmcfd (10/12/2007 6.85.4.0)

Windows Genuine Advantage Notifications (KB905474)

Windows Media Format Runtime

WindSlayer

WinPcap 3.1

WinRAR archiver

WinZip

Wizard101

Wolfenstein - Enemy Territory

WolfTeam

WonderKing

Xfire (remove only)

==== End Of File ===========================

DDS (Ver_10-11-26.01) - NTFSx86

Run by ThaBeast at 22:22:00.98 on Wed 11/24/2010

Internet Explorer: 6.0.2900.5512 BrowserJavaVersion: 1.6.0_20

============== Running Processes ===============

C:\WINDOWS\system32\nvsvc32.exe

C:\Program Files\Common Files\iS3\Anti-Spyware\SZServer.exe

C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe

C:\Program Files\Bonjour\mDNSResponder.exe

C:\WINDOWS\system32\FsUsbExService.Exe

C:\Program Files\Java\jre6\bin\jqs.exe

C:\WINDOWS\system32\PnkBstrA.exe

C:\WINDOWS\system32\PnkBstrB.exe

C:\WINDOWS\Explorer.EXE

C:\Program Files\STOPzilla!\STOPzilla.exe

C:\Program Files\SweetIM\Messenger\SweetIM.exe

C:\Program Files\Common Files\Java\Java Update\jusched.exe

C:\WINDOWS\RTHDCPL.EXE

C:\Program Files\Roxio\Easy CD Creator 6\DragToDisc\DrgToDsc.exe

C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe

C:\WINDOWS\system32\RUNDLL32.EXE

C:\Program Files\iTunes\iTunesHelper.exe

C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe

C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe

C:\Program Files\PC Cleaner Trial\trayicon.exe

C:\Program Files\WinZip\WZQKPICK.EXE

C:\Program Files\Mozilla Firefox\firefox.exe

C:\Program Files\Xfire\Xfire.exe

C:\Program Files\Common Files\Java\Java Update\jucheck.exe

C:\Program Files\Mozilla Firefox\plugin-container.exe

C:\Program Files\Common Files\iS3\Anti-Spyware\SZScanner.exe

C:\Documents and Settings\ThaBeast\Desktop\dds.com

C:\WINDOWS\System32\svchost.exe -k netsvcs

C:\WINDOWS\system32\svchost.exe -k NetworkService

C:\WINDOWS\system32\svchost.exe -k LocalService

C:\WINDOWS\system32\svchost.exe -k LocalService

C:\WINDOWS\System32\svchost.exe -k Akamai

============== Pseudo HJT Report ===============

uSearch Page = hxxp://us.rd.yahoo.com/customize/ycomp/defaults/sp/*http://www.yahoo.com

uSearch Bar = hxxp://us.rd.yahoo.com/customize/ycomp/defaults/sb/*http://www.yahoo.com/search/ie.html

mStart Page = hxxp://www.yahoo.com

mURLSearchHooks: AIM Toolbar Search Class: {03402f96-3dc7-4285-bc50-9e81fefafe43} - c:\program files\aim toolbar\aimtb.dll

BHO: {02478D38-C3F9-4efb-9B51-7695ECA05670} - No File

BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelperShim.dll

BHO: PlaySushi: {21608b66-026f-4dcb-9244-0daca328dced} - c:\program files\playsushi\PSText.dll

BHO: {59a66b48-844f-db23-d0ee-f93b1439f92e} - c:\windows\oxobobit.dll

BHO: PageRage Toolbar: {9565115d-c7d6-46d3-bd63-b67b481a4368} - c:\program files\pagerage\tbPag0.dll

BHO: Google Toolbar Helper: {aa58ed58-01dd-4d91-8333-cf10577473f7} - c:\program files\google\google toolbar\GoogleToolbar_32.dll

BHO: Google Toolbar Notifier BHO: {af69de43-7d58-4638-b6fa-ce66b5ad205d} - c:\program files\google\googletoolbarnotifier\5.6.5612.1312\swg.dll

BHO: AIM Toolbar Loader: {b0cda128-b425-4eef-a174-61a11ac5dbf8} - c:\program files\aim toolbar\aimtb.dll

BHO: Hero Fighter Toolbar: {b12785f5-d8d0-4530-a3ea-5c4263b85bef} - c:\program files\hero_fighter\tbHer1.dll

BHO: PriceGongCtrl Class: {d2a2595c-4fe4-4315-aa9b-19dbd6271b71} - c:\program files\pricegong\1.5.0\PriceGongIE.dll

BHO: MSN Toolbar Helper: {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - c:\program files\msn\toolbar\3.0.1303.0\msneshellx.dll

BHO: Ask Toolbar: {d4027c7f-154a-4066-a1ad-4243d8127440} - c:\program files\ask.com\GenericAskToolbar.dll

BHO: Java Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll

BHO: STOPzilla Browser Helper Object: {e3215f20-3212-11d6-9f8b-00d0b743919d} - c:\program files\stopzilla!\SZIEBHO.dll

BHO: JQSIEStartDetectorImpl Class: {e7e6f031-17ce-4c07-bc86-eabfe594f69c} - c:\program files\java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll

BHO: SweetIM Toolbar Helper: {eee6c35c-6118-11dc-9c72-001320c79847} - c:\program files\sweetim\toolbars\internet explorer\mgToolbarIE.dll

TB: MSN Toolbar: {1e61ed7c-7cb8-49d6-b9e9-ab4c880c8414} - c:\program files\msn\toolbar\3.0.1303.0\msneshellx.dll

TB: SweetIM Toolbar for Internet Explorer: {eee6c35b-6118-11dc-9c72-001320c79847} - c:\program files\sweetim\toolbars\internet explorer\mgToolbarIE.dll

TB: PageRage Toolbar: {9565115d-c7d6-46d3-bd63-b67b481a4368} - c:\program files\pagerage\tbPag0.dll

TB: {0C8413C1-FAD1-446C-8584-BE50576F863E} - No File

TB: Ask Toolbar: {d4027c7f-154a-4066-a1ad-4243d8127440} - c:\program files\ask.com\GenericAskToolbar.dll

TB: Google Toolbar: {2318c2b1-4965-11d4-9b18-009027a5cd4f} - c:\program files\google\google toolbar\GoogleToolbar_32.dll

TB: Hero Fighter Toolbar: {b12785f5-d8d0-4530-a3ea-5c4263b85bef} - c:\program files\hero_fighter\tbHer1.dll

TB: AIM Toolbar: {61539ecd-cc67-4437-a03c-9aaccbd14326} - c:\program files\aim toolbar\aimtb.dll

EB: {32683183-48a0-441b-a342-7c2a440a9478} - No File

uRun: [PC_CLEAN] c:\program files\pc cleaner trial\trayicon.exe

mRun: [NvCplDaemon] RUNDLL32.EXE c:\windows\system32\NvCpl.dll,NvStartup

mRun: [Cwubufehoriqowaq] rundll32.exe "c:\windows\oxobobit.dll",Startup

mRun: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k

mRun: [sweetIM] c:\program files\sweetim\messenger\SweetIM.exe

mRun: [sunJavaUpdateSched] "c:\program files\common files\java\java update\jusched.exe"

mRun: [spyHunter Security Suite] c:\program files\enigma software group\spyhunter\SpyHunter4.exe

mRun: [RTHDCPL] RTHDCPL.EXE

mRun: [RoxioEngineUtility] "c:\program files\common files\roxio shared\system\EngUtil.exe"

mRun: [RoxioDragToDisc] "c:\program files\roxio\easy cd creator 6\dragtodisc\DrgToDsc.exe"

mRun: [RoxioAudioCentral] "c:\program files\roxio\easy cd creator 6\audiocentral\RxMon.exe"

mRun: [RemoteControl] "c:\program files\cyberlink\powerdvd\PDVDServ.exe"

mRun: [QuickTime Task] "c:\program files\quicktime\qttask.exe" -atboottime

mRun: [nwiz] nwiz.exe /installquiet

mRun: [NvMediaCenter] RUNDLL32.EXE c:\windows\system32\NvMcTray.dll,NvTaskbarInit

mRun: [NPSStartup]

mRun: [LanguageShortcut] "c:\program files\cyberlink\powerdvd\language\Language.exe"

mRun: [iTunesHelper] "c:\program files\itunes\iTunesHelper.exe"

mRun: [Alcmtr] ALCMTR.EXE

mRun: [Adobe Reader Speed Launcher] "c:\program files\adobe\reader 9.0\reader\Reader_sl.exe"

mRun: [Adobe ARM] "c:\program files\common files\adobe\arm\1.0\AdobeARM.exe"

mRunServices: [761C.tmp] c:\docume~1\luigi\locals~1\temp\761C.tmp

mRunServices: [Officescanpst] c:\program files\common files\system\msmapi\1033\officemspst32.exe

mRunServices: [iTunesMiniPlayerLocalizediTunes] c:\program files\itunes\itunesminiplayer.resources\da.lproj\itunesminiplayerlocalizeditunes.exe

mRunServices: [Outlookpstprx32] c:\program files\common files\system\msmapi\1033\officemspst32.exe

mRunServices: [resourcesMicrosoft] c:\program files\microsoft silverlight\4.0.50524.0\bg\resourcesvisualbasic.exe

mRunServices: [MicrosoftMSOSOAPR3] c:\program files\common files\microsoft shared\office11\1033\soapsoap3.00.1906.0.exe

mRunServices: [wrapperToolbar] c:\docume~1\brando~1.use\locals~1\temp\e687.tmp

mRunServices: [5593.tmp] c:\docume~1\admini~1.000\locals~1\temp\5593.tmp

mRunServices: [c166.tmp] c:\docume~1\luigi~1.use\locals~1\temp\c166.tmp

mRunServices: [uSPIntaddrparsr] c:\program files\microsoft office\office11\1033\microsoftpicture.exe

mRunServices: [A1F0.tmp] c:\docume~1\brando~1.001\locals~1\temp\A1F0.tmp

mRunServices: [5b3.tmp] c:\docume~1\luigiu~1.000\locals~1\temp\5b3.tmp

IE: {d9288080-1baa-4bc4-9cf8-a92d743db949} - c:\documents and settings\luigi.user-6ca132fdd1.000\start menu\programs\imvu\Run IMVU.lnk

IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe

IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe

IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\micros~2\office11\REFIEBAR.DLL

IE: {EBD24BD3-E272-4FA3-A8BA-C5D709757CAB} - {EBD24BD3-E272-4FA3-A8BA-C5D709757CAB} - c:\program files\playsushi\PSText.dll

DPF: {4944924A-64E4-49C1-AC97-ABA3927262FE} - hxxp://channel.dontblynk.com/Launcher/StWbUsa.CAB

DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_20-windows-i586.cab

DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} - hxxp://fpdownload.macromedia.com/get/flashplayer/current/polarbear/ultrashim.cab

DPF: {99CAAA27-FA0C-4FA4-B88A-4AB1CC7A17FE} - hxxp://www.netgame.com/mplugin/mglaunch_USAv1005.cab

DPF: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_20-windows-i586.cab

DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_20-windows-i586.cab

Notify: !SASWinLogon - c:\program files\superantispyware\SASWINLO.DLL

Notify: TPSvc - TPSvc.dll

SEH: SABShellExecuteHook Class: {5ae067d3-9afb-48e0-853a-ebb7f4a000da} - c:\program files\superantispyware\SASSEH.DLL

================= FIREFOX ===================

FF - ProfilePath - c:\docume~1\thabeast\applic~1\mozilla\firefox\profiles\747otaab.default\

FF - prefs.js: network.proxy.type - 0

FF - component: c:\program files\mozilla firefox\extensions\{4869ff49-0894-33ac-8ce5-b7c3a54fa440}\components\9NLpEKK1-c4-.dll

FF - plugin: c:\documents and settings\all users\application data\nexonus\ngm\npNxGameUS.dll

FF - plugin: c:\netmarbleglobal\glbnmnpapiplugins\npGlbNMNetmarbleDownload.dll

FF - plugin: c:\netmarbleglobal\glbnmnpapiplugins\npGlbNMNPAPIUpdater.dll

FF - plugin: c:\netmarbleglobal\glbnmnpapiplugins\npGlbNMStarter.dll

FF - plugin: c:\netmarbleglobal\glbnmnpapiplugins\npGlbNMWebMessengerPlugin.dll

FF - plugin: c:\netmarbleglobal\glbnmnpapiplugins\npNMSystemIDInfo.dll

FF - plugin: c:\netmarbleglobal\glbnmnpapiplugins\npNMSystemInformer.dll

FF - plugin: c:\program files\google\update\1.2.183.13\npGoogleOneClick8.dll

FF - plugin: c:\program files\mozilla firefox\plugins\npdeployJava1.dll

FF - plugin: c:\program files\mozilla firefox\plugins\npdnu.dll

FF - plugin: c:\program files\mozilla firefox\plugins\npdnupdater2.dll

FF - plugin: c:\program files\mozilla firefox\plugins\npijjiautoinstallpluginff.dll

FF - plugin: c:\program files\mozilla firefox\plugins\npOGPPlugin.dll

FF - plugin: c:\program files\pando networks\media booster\npPandoWebPlugin.dll

FF - plugin: c:\program files\virtools\3d life player\npvirtools.dll

FF - plugin: c:\windows\system32\npOGPPlugin.dll

FF - plugin: c:\windows\system32\npwmsdrm.dll

FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\microsoft.net\framework\v3.5\windows presentation foundation\dotnetassistantextension\

FF - HiddenExtension: XULRunner: {A905AB74-202C-413F-859F-F326343A5344} - c:\documents and settings\brandon.user-6ca132fdd1.001\local settings\application data\{A905AB74-202C-413F-859F-F326343A5344}

FF - HiddenExtension: XULRunner: {5904E4DD-155A-4DB4-9FDE-F37120D7EF05} - c:\documents and settings\thabeast\local settings\application data\{5904E4DD-155A-4DB4-9FDE-F37120D7EF05}

FF - HiddenExtension: LoudMo Contextual Ad Assistant: No Registry Reference - c:\program files\mozilla firefox\extensions\{4869ff49-0894-33ac-8ce5-b7c3a54fa440}

FF - HiddenExtension: Java Console: No Registry Reference - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}

---- FIREFOX POLICIES ----

FF - user.js: google.toolbar.linkdoctor.enabled - false

============= SERVICES / DRIVERS ===============

R? DM9USB;DM9601 USB To Fast Ethernet Adapter

R? esgiguard;esgiguard

R? gupdate;Google Update Service (gupdate)

R? is3srv;is3srv

R? npggsvc;nProtect GameGuard Service

R? PsSdk30;PsSdk30

R? vtany;vtany

R? XDva281;XDva281

R? XDva285;XDva285

R? XDva296;XDva296

R? XDva311;XDva311

R? XDva317;XDva317

R? XDva323;XDva323

R? XDva327;XDva327

R? XDva337;XDva337

R? XDva346;XDva346

R? XDva349;XDva349

R? XDva352;XDva352

R? XDva354;XDva354

R? XDva358;XDva358

R? XDva359;XDva359

R? XDva362;XDva362

R? xhunter1;xhunter1

S? Akamai;Akamai NetSession Interface

S? FsUsbExDisk;FsUsbExDisk

S? FsUsbExService;FsUsbExService

S? mvb35316;mvb35316

S? SASDIFSV;SASDIFSV

S? SASKUTIL;SASKUTIL

S? szkg5;szkg5

S? szkgfs;szkgfs

=============== Created Last 30 ================

==================== Find3M ====================

2010-11-25 03:04:36 0 ----a-w- c:\windows\Pniliwepasul.bin

2010-10-01 21:47:16 132560 ----a-r- c:\windows\system32\IS3HTUI5.dll

2010-10-01 21:47:14 546256 ----a-r- c:\windows\system32\SZComp5.dll

2010-10-01 21:47:14 452048 ----a-r- c:\windows\system32\SZBase5.dll

2010-10-01 21:47:14 398800 ----a-r- c:\windows\system32\IS3DBA5.dll

2010-10-01 21:47:14 28624 ----a-r- c:\windows\system32\IS3XDat5.dll

2010-10-01 21:47:14 22992 ----a-r- c:\windows\system32\SZIO5.dll

2010-10-01 21:47:12 99792 ----a-r- c:\windows\system32\IS3Svc5.dll

2010-10-01 21:47:12 99792 ----a-r- c:\windows\system32\IS3Inet5.dll

2010-10-01 21:47:12 738768 ----a-r- c:\windows\system32\IS3Base5.dll

2010-10-01 21:47:12 67024 ----a-r- c:\windows\system32\IS3Hks5.dll

2010-10-01 21:47:12 390608 ----a-r- c:\windows\system32\IS3UI5.dll

2010-10-01 21:47:12 230864 ----a-r- c:\windows\system32\IS3Win325.dll

2010-09-17 14:47:31 215016 ----a-w- c:\windows\system32\PnkBstrB.xtr

2010-09-17 14:47:31 215016 ----a-w- c:\windows\system32\PnkBstrB.exe

2010-09-17 00:05:08 2427248 ----a-w- c:\windows\system32\pbsvc_heroes.exe

============= FINISH: 22:32:53.60 ===============

Link to post
Share on other sites

Hi,

Please download OTM

  • Save it to your desktop.
  • Please double-click OTM to run it. (Note: If you are running on Vista, right-click on the file and choose Run As Administrator).
  • Copy the lines in the codebox below to the clipboard by highlighting ALL of them and pressing CTRL + C (or, after highlighting, right-click and choose Copy):
    :Processes

    :Services

    :Reg

    :Files
    ipconfig /flushdns /c
    c:\program files\playsushi
    c:\windows\oxobobit.dll
    c:\docume~1\luigi\locals~1\temp\761C.tmp
    c:\program files\common files\system\msmapi\1033\officemspst32.exe
    c:\program files\itunes\itunesminiplayer.resources\da.lproj\itunesminiplayerlocalizeditunes.exe
    c:\program files\common files\system\msmapi\1033\officemspst32.exe
    c:\program files\microsoft silverlight\4.0.50524.0\bg\resourcesvisualbasic.exe
    c:\program files\common files\microsoft shared\office11\1033\soapsoap3.00.1906.0.exe
    c:\docume~1\brando~1.use\locals~1\temp\e687.tmp
    c:\docume~1\admini~1.000\locals~1\temp\5593.tmp
    c:\docume~1\luigi~1.use\locals~1\temp\c166.tmp
    c:\program files\microsoft office\office11\1033\microsoftpicture.exe
    c:\docume~1\brando~1.001\locals~1\temp\A1F0.tmp
    c:\docume~1\luigiu~1.000\locals~1\temp\5b3.tmp
    c:\program files\mozilla firefox\extensions\{4869ff49-0894-33ac-8ce5-b7c3a54fa440}
    c:\documents and settings\brandon.user-6ca132fdd1.001\local settings\application data\{A905AB74-202C-413F-859F-F326343A5344}
    c:\documents and settings\thabeast\local settings\application data\{5904E4DD-155A-4DB4-9FDE-F37120D7EF05}
    c:\program files\mozilla firefox\extensions\{4869ff49-0894-33ac-8ce5-b7c3a54fa440}
    c:\windows\Pniliwepasul.bin

    :Commands
    [purity]
    [resethosts]
    [emptytemp]
    [emptyflash]
    [createrestorepoint]
    [reboot]


  • Return to OTM, right click in the "Paste Instructions for Items to be Moved" window (under the yellow bar) and choose Paste.
  • Click the red Moveit! button.
  • Close OTM and reboot your PC.

Note: If a file or folder cannot be moved immediately you may be asked to reboot the machine to finish the move process. If you are asked to reboot the machine choose Yes.

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

Delete you copy of ComboFix.exe and OTL.exe form the Desktop.

Then download the latest version of ComboFix here: http://download.bleepingcomputer.com/sUBs/ComboFix.exe

Try to run ComboFix. If you still can't run it, try downloading/running OTL from: http://oldtimer.geekstogo.com/OTL.scr

Post the resulting log file here.

Link to post
Share on other sites

Guest
This topic is now closed to further replies.
  • Recently Browsing   0 members

    • No registered users viewing this page.
Back to top
×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.