Welcome to MalwareRemoval.com,
What if we told you that you could get malware removal help from experts, and that it was 100% free? MalwareRemoval.com provides free support for people with infected computers. Our help, and the tools we use are always 100% free. No hidden catch. We simply enjoy helping others. You enjoy a clean, safe computer.

Malware Removal Instructions

Malware ??

MalwareRemoval.com provides free support for people with infected computers. Using plain language that anyone can understand, our community of volunteer experts will walk you through each step.

Malware ??

Unread postby ashanta » April 13th, 2009, 11:36 am


I suspect a malware on my computer because I can't uninstall and install neither Malwarebytes and SuperAntispyware.

I'm under Vista platform 32 bits.

I'm waiting for your suggestions, thanks in advance

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 17:56:11, on 13/04/2009
Platform: Windows Vista (WinNT 6.00.1904)
MSIE: Internet Explorer v7.00 (7.00.6000.16711)
Boot mode: Normal

Running processes:
C:\Program Files\Eset\nod32krn.exe
F:\Program Files\ThreatFire\TFService.exe
C:\Program Files\ESET\nod32kui.exe
F:\Program Files\Ashampoo Magical UnInstall\MagicalUnInstall.exe
F:\Program Files\ThreatFire\TFTray.exe
F:\Program Files\RogueRemover PRO\RogueRemoverPRO.exe
F:\Program Files\Orbitdownloader\orbitdm.exe
F:\Program Files\Orbitdownloader\orbitnet.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.fr/
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page =
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer =
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
O1 - Hosts: ::1 localhost
O2 - BHO: btorbit.com - {000123B4-9B42-4900-B3F7-F4B073EFC214} - F:\Program Files\Orbitdownloader\orbitcth.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_04\bin\ssv.dll
O4 - HKLM\..\Run: [nod32kui] "C:\Program Files\Eset\nod32kui.exe" /WAITSERVICE
O4 - HKLM\..\Run: [MAGUNINSTALL] "F:\Program Files\Ashampoo Magical UnInstall\MagicalUnInstall.exe"
O4 - HKLM\..\Run: [ThreatFire] F:\Program Files\ThreatFire\TFTray.exe
O4 - HKCU\..\Run: [RogueMonitor] F:\Program Files\RogueRemover PRO\RogueRemoverPRO.exe /monitor
O4 - Global Startup: Orbit.lnk = F:\Program Files\Orbitdownloader\orbitdm.exe
O8 - Extra context menu item: &Download by Orbit - res://F:\Program Files\Orbitdownloader\orbitmxt.dll/201
O8 - Extra context menu item: &Grab video by Orbit - res://F:\Program Files\Orbitdownloader\orbitmxt.dll/204
O8 - Extra context menu item: Do&wnload selected by Orbit - res://F:\Program Files\Orbitdownloader\orbitmxt.dll/203
O8 - Extra context menu item: Down&load all by Orbit - res://F:\Program Files\Orbitdownloader\orbitmxt.dll/202
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_04\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_04\bin\ssv.dll
O15 - Trusted Zone: http://*.amiestreet.com
O15 - Trusted Zone: http://*.body-building.ru
O15 - Trusted Zone: http://deekay.delimit.net
O15 - Trusted Zone: http://www.delimit.net
O15 - Trusted Zone: http://sports.espn.go.com.
O15 - Trusted Zone: http://www.sendspace.com
O15 - Trusted Zone: http://www.thevalkyrie.com
O15 - Trusted Zone: http://www.tvtuga.com
O16 - DPF: {0B79F48A-E8D6-11DB-9283-E25056D89593} (F-Secure Online Scanner 3.1) - http://support.f-secure.com/ols/fscax.cab
O16 - DPF: {0EB0E74A-2A76-4AB3-A7FB-9BD8C29F7F75} (CKAVWebScan Object) - http://www.kaspersky.com/kos/eng/partne ... nicode.cab
O16 - DPF: {193C772A-87BE-4B19-A7BB-445B226FE9A1} (ewidoOnlineScan Control) - http://downloads.ewido.net/ewidoOnlineScan.cab
O16 - DPF: {2BC66F54-93A8-11D3-BEB6-00105AA9B6AE} (Symantec AntiVirus scanner) - http://security.symantec.com/sscv6/Shar ... vSniff.cab
O16 - DPF: {3EA4FA88-E0BE-419A-A732-9B79B87A6ED0} (CTVUAxCtrl Object) - http://dl.tvunetworks.com/TVUAx.cab
O16 - DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} (BDSCANONLINE Control) - http://download.bitdefender.com/resourc ... oscan8.cab
O16 - DPF: {644E432F-49D3-41A1-8DD5-E099162EEEC5} (Symantec RuFSI Utility Class) - http://security.symantec.com/sscv6/Shar ... /cabsa.cab
O16 - DPF: {664088B0-6AF3-4514-AF9D-A0DC3A3DF24A} (F-Secure Online Scanner 3.3) - http://support.f-secure.com/ols3beta/fscax.cab
O16 - DPF: {BB21F850-63F4-4EC9-BF9D-565BD30C9AE9} (a-squared Scanner) - http://ax.emsisoft.com/asquared.cab
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/s ... wflash.cab
O16 - DPF: {D821DC4A-0814-435E-9820-661C543A4679} (CRLDownloadWrapper Class) - http://drmlicense.one.microsoft.com/crl ... crlocx.ocx
O17 - HKLM\System\CCS\Services\Tcpip\..\{B173306B-D16E-4116-9769-88407345F628}: NameServer =
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O23 - Service: NOD32 Kernel Service (NOD32krn) - Eset - C:\Program Files\Eset\nod32krn.exe
O23 - Service: Sandboxie Service (SbieSvc) - tzuk - F:\Program Files\Sandboxie\SbieSvc.exe
O23 - Service: ThreatFire - PC Tools - F:\Program Files\ThreatFire\TFService.exe

End of file - 5749 bytes
Regular Member
Posts: 24
Joined: February 22nd, 2008, 1:59 pm
Register to Remove

Re: Malware ??

Unread postby davis » April 17th, 2009, 12:16 pm

Hi ashanta,

Welcome to MRU. My name is davis. I will be helping you to fix your malware problems.
If your issues have been resolved or already received help elsewhere, then please let us know. If not, and still need help. Please follow the instructions in the following.
In the meantime, please refrain from making any changes to your computer. Please rescan your computer and post a new HJT log and an Uninstall List.

Make an Uninstall List

1. Start HijackThis
2. Click on the Config button
3. Click on the Misc Tools button
4. Click on the Open Uninstall Manager button
5. Click on the Save list button
6. It will prompt you to save. Save this log in a convenient location. By default, it's named uninstall_list.txt.
7. Copy and paste the contents in your next reply and a fresh HJT log.

Can you rename Malwarebytes as MMM.exe or run it in safe mode? Please specify that info in your next reply.
User avatar
Regular Member
Posts: 910
Joined: February 3rd, 2008, 4:48 am

Re: Malware ??

Unread postby ashanta » April 18th, 2009, 7:53 pm

Thanks Davis for your help.

I've been receiving help from another forum to help me to run Malwarebytes. Now, Malwarebytes is working again, but I've not installed SuperAntispyware yet. I've to check.

I don't know if my computer is really safe, I'd like to be sure.
Regular Member
Posts: 24
Joined: February 22nd, 2008, 1:59 pm

Re: Malware ??

Unread postby davis » April 18th, 2009, 8:07 pm

Thanks for the info. Hope everything is running well. Good luck! :)
User avatar
Regular Member
Posts: 910
Joined: February 3rd, 2008, 4:48 am

Re: Malware ??

Unread postby NonSuch » April 18th, 2009, 9:43 pm

As it appears this issue has been resolved elsewhere, this topic is now closed.

You can help support this site from this link :
Donations For Malware Removal
User avatar
Posts: 27257
Joined: February 23rd, 2005, 7:08 am
Location: California
Register to Remove

  • Similar Topics
    Last post

Return to Infected? Virus, malware, adware, ransomware, oh my!

Who is online

Users browsing this forum: No registered users and 60 guests

Contact us:

Advertisements do not imply our endorsement of that product or service. Register to remove all ads. The forum is run by volunteers who donate their time and expertise. We make every attempt to ensure that the help and advice posted is accurate and will not cause harm to your computer. However, we do not guarantee that they are accurate and they are to be used at your own risk. All trademarks are the property of their respective owners.

Member site: UNITE Against Malware