Oh and as a side note it wont let me run my norton 360 and msn saying "this application has failed to start because its side-by-side configuration is incorrect. Please see the application event log for more detail" just thought i would throw that in if it helps

Hi V13RRR:

 

Please run a SysProt log for us so we can check your system for rootkit activity. You will need to disable Norton auto-protect while you run the scan.

Once it is downloaded to your desktop, right click on the SysProt icon, go to properties, and click unblock and apply.

Choose log, check all the boxes except show hidden objects only and scan.

You will be able to post the log here using the "add attachments" link just below the orange post button.

http://homepages.slingshot.co.nz/~crutches/SysProt

I cannot access my norton at all. It says it isn't running in task manager so hopefully it wont interfer

V1P3RRR:

 

You have two rootkit infections, MSIVX and ESQUL.  Quads, the guru who is qualified to assist you in removing these infections will be available later due to time zone considerations and a sudden increase in these infections.

 

Please do nothing to remove them yourself as that may cause damage to your system or prevent Quads from being able to do anything for you.

Delphinium,

Thanks for all your help so far. I have no problem in waiting for quads but do you have a rough estimate to the time he may be on??

Thanks again

So guru you think you can take a look at my thread please?

V1P3RRR:

 

You will have to be patient.  There are a considerable number of you in the line, and there is only one Quads.  He has been advised and he is proceeding as quickly as safety and the users allow. 

 

This is a user to user help forum.  If you are in a great hurry, Symantec offers the same service for a fee.  Your call.

Hi

 

 NOTE:- The 4 dll files are Missing Malwarebytes should find them afterwards

 

If you have Spybot S&D installed remove it 

 

Also during the restarts with Avenger if Your PC has a Startup repair center like with HP and Toshiba tell it to start Normally if it kicks in.

 

1. Download Avenger to your desktop,

 

Unzipped version http://homepages.slingshot.co.nz/~crutches/Avenger/

OR Creators website http://swandog46.geekstogo.com/avenger2/avenger2.html with zipped version to the unzip to desktop 

 

2. Click to run "Avenger.exe"  (right click "Run as Administrator" if using Vista)

 

3. In the "Input script here:" copy and paste the script between the lines

 

---

Drivers to disable:

MSIVXserv.sys

ESQULserv.sys

 

Drivers to delete:

MSIVXserv.sys

ESQULserv.sys

 

Files to delete:

C:\Autorun.inf

D:\Autorun.inf

C:\WINDOWS\System32\drivers\MSIVXciitxbvwqtfimjirepfdbxqiclxdtgrt.sys

C:\WINDOWS\System32\drivers\ESQULeiytywtprnircuhrpmsvtxdkpjilxqtc.sys

C:\WINDOWS\System32\MSIVXcount

C:\WINDOWS\System32\ESQULzcounter

 

Registry keys to delete:

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\MSIVXserv.sys

HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\MSIVXserv.sys

HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Services\MSIVXserv.sys

HKEY_LOCAL_MACHINE\SYSTEM\ControlSet003\Services\MSIVXserv.sys

HKEY_LOCAL_MACHINE\SYSTEM\ControlSet004\Services\MSIVXserv.sys

HKEY_LOCAL_MACHINE\SYSTEM\ControlSet005\Services\MSIVXserv.sys

HKEY_LOCAL_MACHINE\SYSTEM\ControlSet006\Services\MSIVXserv.sys

HKEY_LOCAL_MACHINE\SYSTEM\ControlSet007\Services\MSIVXserv.sys

HKEY_LOCAL_MACHINE\SYSTEM\ControlSet008\Services\MSIVXserv.sys

HKEY_LOCAL_MACHINE\SYSTEM\ControlSet009\Services\MSIVXserv.sys

HKEY_LOCAL_MACHINE\SYSTEM\ControlSet010\Services\MSIVXserv.sys

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\ESQULserv.sys

HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\ESQULserv.sys

HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Services\ESQULserv.sys

HKEY_LOCAL_MACHINE\SYSTEM\ControlSet003\Services\ESQULserv.sys

HKEY_LOCAL_MACHINE\SYSTEM\ControlSet004\Services\ESQULserv.sys

HKEY_LOCAL_MACHINE\SYSTEM\ControlSet005\Services\ESQULserv.sys

HKEY_LOCAL_MACHINE\SYSTEM\ControlSet006\Services\ESQULserv.sys

HKEY_LOCAL_MACHINE\SYSTEM\ControlSet007\Services\ESQULserv.sys

HKEY_LOCAL_MACHINE\SYSTEM\ControlSet008\Services\ESQULserv.sys

HKEY_LOCAL_MACHINE\SYSTEM\ControlSet009\Services\ESQULserv.sys

HKEY_LOCAL_MACHINE\SYSTEM\ControlSet010\Services\ESQULserv.sys

HKEY_LOCAL_MACHINE\SOFTWARE\ESQUL

HKEY_LOCAL_MACHINE\SOFTWARE\MSIVX 

---

 

Here is a screenshot (script updated since shot)

 

 

Make sure the "Automatically disable any rootkits found" is NOT selected

 

4. Click "Execute"

 

You will be asked to restart the PC click "Yes", when the PC restarts the load screen will takes slightly longer, then when it looks as though windows is loading the PC will restart again.

Then when Windows fully loads the Avenger log will be loaded, showing files it could or could not find.

 

5. Restart the PC again, then see if you can install  Update and run Malwarebytes  http://www.filehippo.com/download_malwarebytes_anti_malware/

 

 

Quads   

Hi,

Ok i did as you said and it did what you said it would. also as a side note when i copied the script it left a blank line in between each line of command, don't know if it was supposed to. Now when i start Firefox and IE the error message doesn't come up but i still cannot start msn meesenger yet or full tilt poker. I was able to install malwarebytes but when i go to update it it comes up with "An error occured. Please report the following error code to the Malwarebytes Ani-malware support team. Error code: 732 (0,0)". But i am running a systemscan now and will let you know what happens.