Welcome to MalwareRemoval.com,
What if we told you that you could get malware removal help from experts, and that it was 100% free? MalwareRemoval.com provides free support for people with infected computers. Our help, and the tools we use are always 100% free. No hidden catch. We simply enjoy helping others. You enjoy a clean, safe computer.

Malware Removal Instructions

Pop-ups, computer slow! Cannot remove found files.

MalwareRemoval.com provides free support for people with infected computers. Using plain language that anyone can understand, our community of volunteer experts will walk you through each step.

Re: Pop-ups, computer slow! Cannot remove found files.

Unread postby Rfusion » April 7th, 2009, 12:12 am

just an update on how things are going: Today I turned on the computer to back up my files and I got a blue screen with an error stating "Unmountable boot volume". My guess is a corrupted boot. How is this possible? Will I need to do a repair from Windows cd? cuz' I donot have one.

edit: my 2 RSIT logs are on page 1
Rfusion
Regular Member
 
Posts: 17
Joined: March 28th, 2009, 2:11 am
Location: Yuma, AZ
Advertisement
Register to Remove

Re: Pop-ups, computer slow! Cannot remove found files.

Unread postby MikeSwim07 » April 7th, 2009, 6:23 pm

SReng - System Repair Engineer ...from KZTechs.COM.
Repair File Associations
If you already have SREng by Smallfrogs... when executed, it will check for any updated versions.
Download SREng ... ©2003-2008 Smallfrogs ... save the .zip file to your desktop.
  1. Extract SREngLdr.EXE to your Desktop...then double-click to run it.
  2. Select System Repair from the left pane.
  3. Click on the File Association...tab.
  4. Check each entry that has an Error status...then click the Repair button.
  5. Refer to this image for an example:
    Image
  6. In the above example (only) ... it would be .TXT, .REG, .SCR and .INI file associations that need repairing.
    Your case may be different...
  7. Once finished... Close and Exit SREng.

HostsXpert

    Please download HostXpert.
  • Unzip HostsXpert.zip
  • Double click on HostsXpert.exe to launch the programme.
  • Check to see if top button on left hand side says Make Writable ?
    • If it does. click on it then proceed to next instruction.
    • If not, just proceed to next instruction
  • Then click on "Restore ms Hosts file" to restore your Hosts file to its default condidtion..
  • Click on Make Read Only to secure it against further infection.
  • Close program when complete.

Download and Run OTMoveIt3
Download OTMoveIt3 by OldTimer and save it to your desktop.
  • Double-click on OTMoveIt3.exe to run it. (Note: If you are running on Vista, right-click on the file and choose Run As Administrator).
  • Copy the lines in the codebox below.
  • Copy the lines in the codebox below to the clipboard by highlighting ALL of them and pressing CTRL + C (or, after highlighting, right-click and choose Copy):
    Code: Select all
    :files
    C:\Program Files\eMule
    C:\WINDOWS\system32\3361
    C:\WINDOWS\system32\sikemaha.dll .vir
    C:\20.tmp
    C:\1F.tmp
    C:\1E.tmp
    C:\1D.tmp
    C:\1C.tmp
    C:\18.tmp
    C:\28.tmp
    C:\27.tmp
    C:\26.tmp
    C:\25.tmp
    C:\1B.tmp
    C:\17.tmp
    C:\E.tmp
    C:\D.tmp
    C:\1A.tmp
    C:\19.tmp
    C:\15.tmp
    C:\C.tmp
    C:\B.tmp
    C:\21.tmp
    C:\14.tmp
    C:\A.tmp
    C:\9.tmp
    C:\8.tmp
    C:\7.tmp
    C:\16.tmp
    C:\13.tmp
    C:\12.tmp
    C:\11.tmp
    C:\10.tmp
    C:\WINDOWS\dhcp
    C:\F.tmp
    C:\WINDOWS\system32\ffo38657837.dll
    C:\WINDOWS\system32\w21230380328.dll
    C:\WINDOWS\adobe.bat
    C:\WINDOWS\system32\cc.exe
    C:\hwjthdcs.exe
    C:\wlct.exe
    C:\jurj.exe
    C:\WINDOWS\system32\butabefu.exe
    C:\Documents and Settings\All Users\Application Data\32 Ref Up Mp3
    C:\Documents and Settings\Obando\Application Data\cornspamlong
    C:\WINDOWS\system32\drivers\ethezabp.sys
    C:\WINDOWS\system32\drivers\ethjhlfo.sys
    C:\WINDOWS\system32\drivers\ethzitmg.sys
    C:\WINDOWS\system32\at1394.sys
    
    :reg
    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\explorer\SharedTaskScheduler]
    "{547aaa89-7e6b-42b4-b112-a64955f86a2a}"=-
    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa]
    "Notification Packages"=hex(7):73,63,65,63,6c,69,00,00
    [HKEY_LOCAL_MACHINE\system\currentcontrolset\control\securityproviders]
    "SecurityProviders"="msapsspc.dll, schannel.dll, digest.dll, msnsspc.dll"
    [-HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\clbdriver.sys]
    [-HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WinDefend]
    [-HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\clbdriver.sys]
    [-HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\WinDefend]
    [HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]
    "C:\Program Files\eMule\emule.exe"=-
    "C:\WINDOWS\system32\3361\svchost.exe"=-
    :services
    ethezabp
    ethjhlfo
    ethzitmg
    at1394
    dhcpsrv
    
  • Return to OTMoveIt3, right click in the Paste Instructions for Items to be Moved window (under the yellow bar) and choose Paste.
  • Click the red Moveit! button.
  • If a file or folder cannot be moved immediately you may be asked to reboot the machine to finish the move process. If you are asked to reboot the machine choose Yes.
  • If you are not asked to reboot close OTMoveIt3.
  • A log C:\_OTMoveIt\MovedFiles\mmddyyyy_hhmmss.log will be created (where mmddyyyy_hhmmss are numbers giving date and time the log was created).

Download Lop S&D by Eric_71 and save it to your desktop.
Lop S&D will only run on Windows XP and Windows Vista

Disable your antivirus and antimalware programs so they do not interfere with the running of Lop S&D.
To see how to disable security programs visit this tutorial:
How To Temporarily Disable Your Anti-virus, Firewall And Anti-malware Programs
You will need to disable following programs:
Avast Anti-Virus, Winpatrol, and Windows Defender
  • Double-click Lop S&D.exe
  • Choose the language by typing of the corresponding letter and press Enter
  • Click OK at the informative window
  • Type 1, to choose Option 1 (Search) then press Enter
  • Wait until the end of the scan
  • A report will be generated, post the contents of it in your next reply.
(Copy of the report can be found at this location: %systemdrive%\lopR.txt, in most cases C:\lopR.txt)

Please now re-run RSIT.exe and please post log.txt on your next reply.

Please post the OTMoveIt3 log, the LOP S&D log, and log.txt from RSIT.
MikeSwim07
Regular Member
 
Posts: 4215
Joined: August 27th, 2007, 9:44 am
Location: Gone

Re: Pop-ups, computer slow! Cannot remove found files.

Unread postby Rfusion » April 8th, 2009, 4:57 pm

MikeSwim07 wrote:SReng - System Repair Engineer ...from KZTechs.COM.
Repair File Associations
If you already have SREng by Smallfrogs... when executed, it will check for any updated versions.
Download SREng ... ©2003-2008 Smallfrogs ... save the .zip file to your desktop.
.


How can I use it if I can't get into my computer. I get the Unmountable Boot Volume Blue Screen Error, and well... How could I fix that? Do I only need the XP Cd?
Rfusion
Regular Member
 
Posts: 17
Joined: March 28th, 2009, 2:11 am
Location: Yuma, AZ

Re: Pop-ups, computer slow! Cannot remove found files.

Unread postby MikeSwim07 » April 9th, 2009, 6:20 pm

You can boot to the XP cd and when you see the Welcome to setup press the letter R
You will get a dos prompt
Then type "chkdsk /p" without the quotes and hit enter
When that is done type "fixboot" and hit enter
"Y" and enter at the prompt
Then type "exit" and hit enter
The system will now reboot into Windows

If for some reason that don't work for you, you can boot to the recovery console like above and...
Type "chkdsk /r" then enter
When done type "exit" and hit enter.
This will take longer, but the system should boot back into Windows.
MikeSwim07
Regular Member
 
Posts: 4215
Joined: August 27th, 2007, 9:44 am
Location: Gone

Re: Pop-ups, computer slow! Cannot remove found files.

Unread postby Rfusion » April 11th, 2009, 10:47 pm

oh, ok. Will try and get an XP cd hopefully on monday. So plz give me some time to work this out, and thanks in advance.
Rfusion
Regular Member
 
Posts: 17
Joined: March 28th, 2009, 2:11 am
Location: Yuma, AZ

Re: Pop-ups, computer slow! Cannot remove found files.

Unread postby MikeSwim07 » April 12th, 2009, 8:00 am

Thanks for letting me know :)
MikeSwim07
Regular Member
 
Posts: 4215
Joined: August 27th, 2007, 9:44 am
Location: Gone

Re: Pop-ups, computer slow! Cannot remove found files.

Unread postby Rfusion » April 15th, 2009, 11:36 am

Just like combo fix, I wasn't able to run SReng - System Repair Engineer nor Lop S&D
I dunno if it has to do that this time I ran them in safe mode since it was the only way to use them. I didn't have a windows xp cd but a friend told me to use my hard drdive as a slave and from another computer use the repair option under Properties>Tools of my hard drive.

I must say that it fixed the "Unmountable boot volume" yet I couldn't open task manager to open explorer.exe since the only thing I saw was a wallpaper. So I turned to safe mode and I got task manager and explorer.exe running and I ran OTMoveIt3.

Here's a log that came out.

========== FILES ==========
C:\Program Files\eMule\Temp moved successfully.
C:\Program Files\eMule\logs moved successfully.
C:\Program Files\eMule\Incoming moved successfully.
C:\Program Files\eMule moved successfully.
C:\WINDOWS\system32\3361 moved successfully.
File/Folder C:\WINDOWS\system32\sikemaha.dll .vir not found.
C:\20.tmp moved successfully.
C:\1F.tmp moved successfully.
C:\1E.tmp moved successfully.
C:\1D.tmp moved successfully.
C:\1C.tmp moved successfully.
C:\18.tmp moved successfully.
C:\28.tmp moved successfully.
C:\27.tmp moved successfully.
C:\26.tmp moved successfully.
C:\25.tmp moved successfully.
C:\1B.tmp moved successfully.
C:\17.tmp moved successfully.
C:\E.tmp moved successfully.
C:\D.tmp moved successfully.
C:\1A.tmp moved successfully.
C:\19.tmp moved successfully.
C:\15.tmp moved successfully.
C:\C.tmp moved successfully.
C:\B.tmp moved successfully.
C:\21.tmp moved successfully.
C:\14.tmp moved successfully.
C:\A.tmp moved successfully.
C:\9.tmp moved successfully.
C:\8.tmp moved successfully.
C:\7.tmp moved successfully.
C:\16.tmp moved successfully.
C:\13.tmp moved successfully.
C:\12.tmp moved successfully.
C:\11.tmp moved successfully.
C:\10.tmp moved successfully.
C:\WINDOWS\dhcp moved successfully.
C:\F.tmp moved successfully.
DllUnregisterServer procedure not found in C:\WINDOWS\system32\ffo38657837.dll
C:\WINDOWS\system32\ffo38657837.dll NOT unregistered.
C:\WINDOWS\system32\ffo38657837.dll moved successfully.
DllUnregisterServer procedure not found in C:\WINDOWS\system32\w21230380328.dll
C:\WINDOWS\system32\w21230380328.dll NOT unregistered.
C:\WINDOWS\system32\w21230380328.dll moved successfully.
C:\WINDOWS\adobe.bat moved successfully.
C:\WINDOWS\system32\cc.exe moved successfully.
C:\hwjthdcs.exe moved successfully.
C:\wlct.exe moved successfully.
C:\jurj.exe moved successfully.
C:\WINDOWS\system32\butabefu.exe moved successfully.
C:\Documents and Settings\All Users\Application Data\32 Ref Up Mp3 moved successfully.
C:\Documents and Settings\Obando\Application Data\cornspamlong moved successfully.
C:\WINDOWS\system32\drivers\ethezabp.sys moved successfully.
File/Folder C:\WINDOWS\system32\drivers\ethjhlfo.sys not found.
File/Folder C:\WINDOWS\system32\drivers\ethzitmg.sys not found.
C:\WINDOWS\system32\at1394.sys moved successfully.
========== REGISTRY ==========
Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\explorer\SharedTaskScheduler\\{547aaa89-7e6b-42b4-b112-a64955f86a2a} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{547aaa89-7e6b-42b4-b112-a64955f86a2a}\ deleted successfully.
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\\"Notification Packages"|hex(7):73,63,65,63,6c,69,00,00 /E : value set successfully!
HKEY_LOCAL_MACHINE\system\currentcontrolset\control\securityproviders\\"SecurityProviders"|"msapsspc.dll, schannel.dll, digest.dll, msnsspc.dll" /E : value set successfully!
Registry key HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\clbdriver.sys\\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WinDefend\\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\clbdriver.sys\\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\WinDefend\\ deleted successfully.
Registry value HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list\\C:\Program Files\eMule\emule.exe deleted successfully.
Registry value HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list\\C:\WINDOWS\system32\3361\svchost.exe deleted successfully.
========== SERVICES/DRIVERS ==========

Service\Driver ethezabp deleted successfully.

Service\Driver ethjhlfo deleted successfully.

Service\Driver ethzitmg deleted successfully.

Service\Driver at1394 deleted successfully.

Service\Driver dhcpsrv deleted successfully.

OTMoveIt3 by OldTimer - Version 1.0.10.0 log created on 04142009_162129


edit: the RSIT log hopefully will be posted soon. My computer restarted and and it doesn't go past the log in screen, it just stays there for hours. Same in safe mode, it will load the drivers and freeze for hours (4 to be exact). So Im trying to find another way.

Is there a way to use those programs by using my hard drive as a slave? or is it a danger for the working master hard drive?
Rfusion
Regular Member
 
Posts: 17
Joined: March 28th, 2009, 2:11 am
Location: Yuma, AZ

Re: Pop-ups, computer slow! Cannot remove found files.

Unread postby MikeSwim07 » April 16th, 2009, 5:52 pm

Hello,

I have some unpleasant news for you. It seems like the infection has done too much damage for your computer to work properly. When a system is this damaged, there really is no way to get it working well again. Therefore, the best option to fix this computer would be to reformat and reinstall it.

If you are able to get into safemode, you may be possible to save some of your files, but I cannot be sure of this.

How Should I Reinstall
Where to backup your files
How to backup your files in Windows XP
Restoring your backups

If you have any questions, please ask.
MikeSwim07
Regular Member
 
Posts: 4215
Joined: August 27th, 2007, 9:44 am
Location: Gone

Re: Pop-ups, computer slow! Cannot remove found files.

Unread postby Rfusion » April 18th, 2009, 5:58 pm

ok thanks. I backup all my files and returned my system to the way it was sent to me from factory. :geek: and hopefully no more of this nasty virus. Before I did all that Avast showed an alter that it had Win32:Vitro and Win32:Virut. Those are nasty viruses, no wonder it took that long. Too bad the only solution is this.

In the end thanks Michael. You were much help.
Rfusion
Regular Member
 
Posts: 17
Joined: March 28th, 2009, 2:11 am
Location: Yuma, AZ

Re: Pop-ups, computer slow! Cannot remove found files.

Unread postby MikeSwim07 » April 18th, 2009, 7:14 pm

Your welcome :)
MikeSwim07
Regular Member
 
Posts: 4215
Joined: August 27th, 2007, 9:44 am
Location: Gone

Re: Pop-ups, computer slow! Cannot remove found files.

Unread postby NonSuch » April 23rd, 2009, 7:07 pm

As this issue appears to be resolved, this topic is now closed.

You can help support this site from this link :
Donations For Malware Removal
User avatar
NonSuch
Administrator
Administrator
 
Posts: 27302
Joined: February 23rd, 2005, 7:08 am
Location: California
Advertisement
Register to Remove

Previous

  • Similar Topics
    Replies
    Views
    Last post

Return to Infected? Virus, malware, adware, ransomware, oh my!



Who is online

Users browsing this forum: No registered users and 28 guests

Contact us:

Advertisements do not imply our endorsement of that product or service. Register to remove all ads. The forum is run by volunteers who donate their time and expertise. We make every attempt to ensure that the help and advice posted is accurate and will not cause harm to your computer. However, we do not guarantee that they are accurate and they are to be used at your own risk. All trademarks are the property of their respective owners.

Member site: UNITE Against Malware