Application cannot be executed. file *** is infected (With Logfiles)

[MrAnderson23]

I'm trying to fix my roomates computer. It has gotten this virus, which seems to be pretty popular right now. It is very similar(if not identical) to the one in this thread:
http://www.computerhope.com/forum/index.php?topic=95177.0

Started off unable to run anything. No executables. No install files. No taskmanager.System Restore etc. Constant complaints from fake antivirus asking for money and opening pop ups. From the look of the forums I imagine you guys are familiar with it.

I eventually managed to get one of the rKill files to run which beat it into remission enough to run other files.

I ran exehelper(log included).
Then I ran Antivir. Which removed plenty of bad files. But not enough to stop it from reinstalling itself.

I ran SuperAntiSpyware. Which removed more(log included). But it required a reboot.

After rebooting the virus had come back with a vengeance. So I had to run rKill and exeHelper again.
Then I ran MalwareBytes which also requested a reboot.

Upon rebooting I received the following message from windows:
"error loading C:users\chris\AppData\Local\srximdsb.dll
the specified module could not be found."

Which to me suggest that some part of the virus is still trying to reinstall itself.

Finally I ran Hijackthis. (log included)
If anyone can take a look at it, I would appreciate it.

Thanks,
James.



[recovering disk space - old attachment deleted by admin]

[evilfantasy]

Welcome to CH.


Open HijackThis and select Do a system scan only

Place a check mark next to the following entries: (if there)

• R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = http=127.0.0.1:5555
• O2 - BHO: (no name) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - (no file)
• O2 - BHO: (no name) - {3246bb9b-ac6d-41e8-a2e2-2d0f79bb773e} - C:\ProgramData\pelusuzu\pelusuzu.dll (file missing)
• O2 - BHO: NCO 2.0 IE BHO - {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} - (no file)
• O3 - Toolbar: (no name) - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - (no file)
• O4 - HKCU\..\Run: [Igiqafonutu] rundll32.exe \"C:\Users\Chris\AppData\Local\srximdsb.dll\",Startup
• O4 - HKUS\S-1-5-19\..\Run: [vebobutopo] Rundll32.exe \"C:\ProgramData\foziwufu\foziwufu.dll\",s (User \'LOCAL SERVICE\')

.
Important: Close all open windows except for HijackThis and then click Fix checked.

Once completed, exit HijackThis.

----------

Start Malwarebytes and go to the More Tools tab.  There you'll find a button named Run Tool to run FileASSASSIN.

Then browse to this foziwufu.dll: C:\ProgramData\foziwufu\foziwufu.dll

Select that file and click OK, then Yes to remove it.

Now use FileASSASSIN again to delete this file. C:\Users\Chris\AppData\Local\srximdsb.dll

----------

If you already have ComboFix be sure to delete it and download a new copy.

Download ComboFix© by sUBs from one of the below links. Be sure to save it to the Desktop.

Link #1
Link #2

**Note:  It is important that it is saved directly to your Desktop

Close any open Web browsers. (Firefox, Internet Explorer, etc) before starting ComboFix.

Temporarily disable your antivirus and any antispyware real time protection before performing a scan. Click this link to see a list of security programs that should be disabled and how to disable them.
 
Double click combofix.exe & follow the prompts.
Vista users Right-Click on ComboFix.exe and select Run as administrator (you will receive a UAC prompt, please allow it)
When finished ComboFix will produce a log for you.
Post the ComboFix log in your next reply.

Important: Do not mouseclick ComboFix's window while it is running. That may cause it to stall.

Remember to re-enable your antivirus and antispyware protection when ComboFix is complete.

If you have problems with ComboFix usage, see How to use ComboFix