Welcome to MalwareRemoval.com,
What if we told you that you could get malware removal help from experts, and that it was 100% free? MalwareRemoval.com provides free support for people with infected computers. Our help, and the tools we use are always 100% free. No hidden catch. We simply enjoy helping others. You enjoy a clean, safe computer.

Malware Removal Instructions

I can't remove this malware

MalwareRemoval.com provides free support for people with infected computers. Using plain language that anyone can understand, our community of volunteer experts will walk you through each step.

Re: I can't remove this malware

Unread postby Zedman2k » April 16th, 2010, 7:01 pm

Hello Wingman

I was able to run IE and browsed a few pages. This info is from the about in IE "Internet Explorer version 6.0.2900.5512.xpsp_sp3_gdr.100216-1514
"


I tried to run chkdsk let 'run' for a few hours killed it when I noticed it was not doing any thing. This is the log. I tried to run it in safe mode but received the same.

The type of the file system is NTFS.

Cannot lock current drive.



Chkdsk cannot run because the volume is in use by another

process. Would you like to schedule this volume to be


As you can see it didn't even complete the log.
When I started it Avast looped about 200 times on "Object: mouclass.sys Infection- Win32:Alureon-FZ" This file is in the system32 folder.


Logfile of random's system information tool 1.06 (written by random/random)

Run by Jerry at 2010-04-16 22:15:19

Microsoft Windows XP Home Edition Service Pack 3

System drive C: has 24 GB (69%) free of 34 GB

Total RAM: 2814 MB (86% free)



Logfile of Trend Micro HijackThis v2.0.2

Scan saved at 22:15:23 PM, on 4/16/2010

Platform: Windows XP SP3 (WinNT 5.01.2600)

MSIE: Unable to get Internet Explorer version!

Boot mode: Normal



Running processes:

C:\WINDOWS\System32\smss.exe

C:\WINDOWS\system32\winlogon.exe

C:\WINDOWS\system32\services.exe

C:\WINDOWS\system32\lsass.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\System32\svchost.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\system32\ZoneLabs\vsmon.exe

C:\Program Files\Alwil Software\Avast5\AvastSvc.exe

C:\WINDOWS\system32\spoolsv.exe

C:\WINDOWS\system32\spupdsvc.exe

C:\WINDOWS\system32\wuauclt.exe

C:\WINDOWS\system32\cmd.exe

C:\WINDOWS\Explorer.EXE

C:\PROGRA~1\ALWILS~1\Avast5\avastUI.exe

C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe

C:\Documents and Settings\Jerry\Desktop\RSIT.exe

C:\Program Files\trend micro\Jerry.exe



R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896

O2 - BHO: ZoneAlarm Toolbar Registrar - {8A4A36C2-0535-4D2C-BD3D-496CB7EED6E3} - C:\Program Files\CheckPoint\ZAForceField\TrustChecker\bin\TrustCheckerIEPlugin.dll

O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll (file missing)

O3 - Toolbar: ZoneAlarm Toolbar - {EE2AC4E5-B0B0-4EC6-88A9-BCA1A32AB107} - C:\Program Files\CheckPoint\ZAForceField\TrustChecker\bin\TrustCheckerIEPlugin.dll

O4 - HKLM\..\Run: [avast5] C:\PROGRA~1\ALWILS~1\Avast5\avastUI.exe /nogui

O4 - HKLM\..\Run: [ZoneAlarm Client] "C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe"

O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\Microsoft Office\Office12\EXCEL.EXE/3000

O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe

O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe

O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe (file missing)

O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe (file missing)

O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204

O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab

O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast5\AvastSvc.exe

O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast5\AvastSvc.exe

O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast5\AvastSvc.exe

O23 - Service: TrueVector Internet Monitor (vsmon) - Check Point Software Technologies LTD - C:\WINDOWS\system32\ZoneLabs\vsmon.exe



--

End of file - 3228 bytes



======Scheduled tasks folder======



C:\WINDOWS\tasks\Ad-Aware Update (Weekly).job



======Registry dump======



[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{8A4A36C2-0535-4D2C-BD3D-496CB7EED6E3}]

ZoneAlarm Toolbar Registrar - C:\Program Files\CheckPoint\ZAForceField\TrustChecker\bin\TrustCheckerIEPlugin.dll [2009-10-14 578928]



[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{DBC80044-A445-435b-BC74-9C25C1C588A9}]

Java(tm) Plug-In 2 SSV Helper - C:\Program Files\Java\jre6\bin\jp2ssv.dll []



[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]

{EE2AC4E5-B0B0-4EC6-88A9-BCA1A32AB107} - ZoneAlarm Toolbar - C:\Program Files\CheckPoint\ZAForceField\TrustChecker\bin\TrustCheckerIEPlugin.dll [2009-10-14 578928]



[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]

"avast5"=C:\PROGRA~1\ALWILS~1\Avast5\avastUI.exe [2010-04-14 2790472]

"ZoneAlarm Client"=C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe [2009-11-22 1037192]



[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe ARM]

C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe []



[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Reader Speed Launcher]

C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe []



[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\avast5]

C:\PROGRA~1\ALWILS~1\Avast5\avastUI.exe [2010-04-14 2790472]



[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\BCU]

C:\Program Files\DeviceVM\Browser Configuration Utility\BCU.exe []



[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\EPSON Stylus CX7400 Series]

C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATICDA.EXE [2007-02-15 179200]



[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\GBTUpd]

C:\Program Files\GIGABYTE\GBTUpd\PreRun.exe []



[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\GrooveMonitor]

C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe []



[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ISW]

C:\Program Files\CheckPoint\ZAForceField\ForceField.exe [2009-10-14 730480]



[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\KernelFaultCheck]

C:\WINDOWS\system32\dumprep 0 -k []



[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PWRISOVM.EXE]

d:\Program Files\PowerISO\PWRISOVM.EXE [2009-11-08 180224]



[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RTHDCPL]

C:\WINDOWS\RTHDCPL.EXE [2009-08-14 18702336]



[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Steam]

d:\program files\steam\steam.exe -silent []



[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched]

C:\Program Files\Common Files\Java\Java Update\jusched.exe []



[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Uniblue RegistryBooster 2009]

C:\Program Files\Uniblue\RegistryBooster\RegistryBooster.exe /S []



[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ZoneAlarm Client]

C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe [2009-11-22 1037192]



[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\services]

"rpcapd"=3

"PnkBstrA"=2

"ose"=3

"odserv"=3

"Microsoft Office Groove Audit Service"=3

"JavaQuickStarterService"=2

"idsvc"=3

"IDriverT"=3

"ES lite Service"=2

"BCUService"=2

"Ati HotKey Poller"=2

"vsmon"=2

"IswSvc"=2

"EPSON_PM_RPCV4_01"=2

"avast! Web Scanner"=3

"avast! Mail Scanner"=3

"avast! Antivirus"=2



[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\AtiExtEvent]

C:\WINDOWS\system32\Ati2evxx.dll [2009-07-29 155648]



[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\klmdb.sys]



[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\PEVSystemStart]



[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\procexp90.Sys]



[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\klmdb.sys]



[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\PEVSystemStart]



[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\procexp90.Sys]



[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\vsmon]



[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System]

"dontdisplaylastusername"=0

"legalnoticecaption"=

"legalnoticetext"=

"shutdownwithoutlogon"=1

"undockwithoutlogon"=1



[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]

"NoDriveTypeAutoRun"=323

"NoDriveAutoRun"=67108863

"NoDrives"=0



[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]

"HonorAutoRunSetting"=

"NoDriveAutoRun"=

"NoDriveTypeAutoRun"=

"NoDrives"=



[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]

"C:\Program Files\BitTorrent\bittorrent.exe"="C:\Program Files\BitTorrent\bittorrent.exe:*:Disabled:BitTorrent"

"C:\Program Files\Gigabyte\EasySaver\UpdExe.exe"="C:\Program Files\Gigabyte\EasySaver\UpdExe.exe:*:Disabled:Exe File"

"C:\Program Files\Gigabyte\EasySaver\GBTUpd.exe"="C:\Program Files\Gigabyte\EasySaver\GBTUpd.exe:*:Disabled:GBTUpd.exe"

"C:\windows\Network Diagnostic\xpnetdiag.exe"="C:\windows\Network Diagnostic\xpnetdiag.exe:*:Disabled:@xpsp3res.dll,-20000"

"C:\windows\system32\sessmgr.exe"="C:\windows\system32\sessmgr.exe:*:Disabled:@xpsp2res.dll,-22019"



[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]

"%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"

"%windir%\Network Diagnostic\xpnetdiag.exe"="%windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"



[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{7fbe7920-1451-11df-96cf-0012179fe30e}]

shell\AutoRun\command - G:\USBAutoRun.exe





======List of files/folders created in the last 1 months======



2010-04-16 02:09:10 ----SD---- C:\ComboFix

2010-04-16 01:57:18 ----A---- C:\TDSSKiller.2.2.8.1_16.04.2010_01.57.18_log.txt

2010-04-16 01:29:18 ----D---- C:\Program Files\Enigma Software Group

2010-04-16 01:28:55 ----D---- C:\WINDOWS\61D3AAE1D5214CD7939B37813DE8F955.TMP

2010-04-16 01:28:53 ----D---- C:\Program Files\Common Files\Wise Installation Wizard

2010-04-16 01:20:33 ----D---- C:\Documents and Settings\All Users\Application Data\avG

2010-04-15 19:40:46 ----HDC---- C:\WINDOWS\$NtUninstallKB981349$

2010-04-15 19:40:40 ----HDC---- C:\WINDOWS\$NtUninstallKB978338$

2010-04-15 19:40:32 ----HDC---- C:\WINDOWS\$NtUninstallKB977816$

2010-04-15 07:15:22 ----HDC---- C:\WINDOWS\$NtUninstallKB979683$

2010-04-15 07:15:11 ----HDC---- C:\WINDOWS\$NtUninstallKB980232$

2010-04-14 23:38:19 ----D---- C:\Program Files\CheckPoint

2010-04-14 23:38:15 ----A---- C:\WINDOWS\system32\vsregexp.dll

2010-04-14 23:38:14 ----A---- C:\WINDOWS\system32\zlcommdb.dll

2010-04-14 23:38:14 ----A---- C:\WINDOWS\system32\zlcomm.dll

2010-04-14 23:38:09 ----A---- C:\WINDOWS\system32\vswmi.dll

2010-04-14 23:38:08 ----D---- C:\WINDOWS\system32\ZoneLabs

2010-04-14 23:38:08 ----A---- C:\WINDOWS\system32\zpeng25.dll

2010-04-14 23:38:08 ----A---- C:\WINDOWS\system32\vsxml.dll

2010-04-14 23:38:08 ----A---- C:\WINDOWS\system32\vspubapi.dll

2010-04-14 23:38:08 ----A---- C:\WINDOWS\system32\vsmonapi.dll

2010-04-14 23:38:06 ----D---- C:\Program Files\Zone Labs

2010-04-14 23:37:47 ----D---- C:\WINDOWS\Internet Logs

2010-04-14 23:37:46 ----A---- C:\WINDOWS\system32\vsinit.dll

2010-04-14 23:37:46 ----A---- C:\WINDOWS\system32\vsdata.dll

2010-04-14 23:37:45 ----A---- C:\WINDOWS\system32\vsutil.dll

2010-04-14 22:02:23 ----A---- C:\Boot.bak

2010-04-14 22:02:18 ----ASHDC---- C:\cmdcons

2010-04-14 22:01:39 ----SHD---- C:\RECYCLER

2010-04-14 21:55:48 ----ASH---- C:\boot.ini

2010-04-14 21:47:37 ----A---- C:\WINDOWS\system32\aswBoot.exe

2010-04-14 21:38:39 ----D---- C:\WINDOWS\temp

2010-04-14 21:22:44 ----D---- C:\Documents and Settings\All Users\Application Data\ZA_PreservedFiles

2010-04-14 21:07:25 ----HD---- C:\WINDOWS\$NtUninstallKB978601$

2010-04-14 21:07:18 ----HD---- C:\WINDOWS\$NtUninstallKB979309$

2010-04-14 19:52:48 ----A---- C:\WINDOWS\zip.exe

2010-04-14 19:52:48 ----A---- C:\WINDOWS\SWXCACLS.exe

2010-04-14 19:52:48 ----A---- C:\WINDOWS\SWSC.exe

2010-04-14 19:52:48 ----A---- C:\WINDOWS\SWREG.exe

2010-04-14 19:52:48 ----A---- C:\WINDOWS\sed.exe

2010-04-14 19:52:48 ----A---- C:\WINDOWS\PEV.exe

2010-04-14 19:52:48 ----A---- C:\WINDOWS\NIRCMD.exe

2010-04-14 19:52:48 ----A---- C:\WINDOWS\MBR.exe

2010-04-14 19:52:48 ----A---- C:\WINDOWS\grep.exe

2010-04-14 19:52:26 ----D---- C:\Qoobox

2010-04-14 19:32:39 ----A---- C:\WINDOWS\system32\pbsvc.exe

2010-04-14 03:35:43 ----D---- C:\Boot

2010-04-13 19:11:44 ----A---- C:\WINDOWS\ntbtlog.txt

2010-04-13 06:30:55 ----D---- C:\found.000

2010-04-13 01:47:54 ----A---- C:\WINDOWS\imsins.BAK

2010-04-13 01:47:46 ----HD---- C:\WINDOWS\$NtUninstallKB932716-v2$

2010-04-13 01:47:16 ----N---- C:\WINDOWS\system32\imapi2fs.dll

2010-04-13 01:47:16 ----N---- C:\WINDOWS\system32\imapi2.dll

2010-04-12 17:01:58 ----D---- C:\WINDOWS\LastGood(2)

2010-04-12 17:01:30 ----D---- C:\Program Files\Common Files\Futuremark Shared

2010-04-12 16:16:16 ----D---- C:\Documents and Settings\Jerry\Application Data\CheckPoint

2010-04-10 19:39:21 ----D---- C:\rsit

2010-04-10 19:37:50 ----D---- C:\WINDOWS\ERDNT

2010-04-10 19:36:48 ----D---- C:\Program Files\ERUNT

2010-04-07 22:16:39 ----D---- C:\Program Files\Trend Micro

2010-04-07 20:04:46 ----D---- C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy

2010-04-07 17:39:00 ----HD---- C:\Documents and Settings\All Users\Application Data\{74D08EB8-01D1-4BAE-91E3-F30C1B031AC6}

2010-04-07 17:38:54 ----D---- C:\Program Files\Lavasoft

2010-04-07 17:38:54 ----D---- C:\Documents and Settings\All Users\Application Data\Lavasoft

2010-04-07 14:08:34 ----D---- C:\Program Files\Microsoft Security Essentials

2010-04-06 23:44:54 ----D---- C:\spoolerlogs

2010-04-06 22:30:42 ----D---- C:\Program Files\ZIP PASSWORD FINDER

2010-03-28 23:24:45 ----D---- C:\Documents and Settings\Jerry\Application Data\bfgbar

2010-03-28 18:02:27 ----AD---- C:\Documents and Settings\All Users\Application Data\TEMP

2010-03-28 18:01:46 ----D---- C:\Program Files\Big Fish Games Toolbar Installer

2010-03-20 02:29:27 ----D---- C:\Documents and Settings\Jerry\Application Data\Help

2010-03-20 02:29:27 ----D---- C:\Documents and Settings\Jerry\Application Data\gtk-2.0

2010-03-18 00:54:52 ----D---- C:\Documents and Settings\Jerry\Application Data\Malwarebytes

2010-03-18 00:54:47 ----D---- C:\Program Files\Malwarebytes' Anti-Malware

2010-03-18 00:54:47 ----D---- C:\Documents and Settings\All Users\Application Data\Malwarebytes



======List of files/folders modified in the last 1 months======



2010-04-16 22:15:23 ----D---- C:\WINDOWS\Prefetch

2010-04-16 22:14:13 ----D---- C:\WINDOWS\system32

2010-04-16 22:14:08 ----D---- C:\WINDOWS\system32\CatRoot2

2010-04-16 22:04:34 ----A---- C:\WINDOWS\SchedLgU.Txt

2010-04-16 22:04:13 ----A---- C:\WINDOWS\system32\PerfStringBackup.INI

2010-04-16 21:59:58 ----D---- C:\WINDOWS

2010-04-16 21:08:50 ----RSHD---- C:\WINDOWS\system32\dllcache

2010-04-16 21:08:45 ----D---- C:\WINDOWS\system32\drivers

2010-04-16 21:04:03 ----HD---- C:\WINDOWS\inf

2010-04-16 02:03:27 ----A---- C:\WINDOWS\win.ini

2010-04-16 02:03:27 ----A---- C:\WINDOWS\system.ini

2010-04-16 01:55:18 ----D---- C:\Program Files\Windows Media Player

2010-04-16 01:53:07 ----RD---- C:\Program Files

2010-04-16 01:52:27 ----D---- C:\WINDOWS\Help

2010-04-16 01:52:27 ----D---- C:\Program Files\Windows Media Connect 2

2010-04-16 01:50:33 ----SHD---- C:\WINDOWS\Installer

2010-04-16 01:50:33 ----D---- C:\Config.Msi

2010-04-16 01:47:54 ----D---- C:\Program Files\Common Files

2010-04-16 01:46:25 ----D---- C:\Program Files\BitTorrent

2010-04-16 01:46:22 ----D---- C:\Documents and Settings\Jerry\Application Data\BitTorrent

2010-04-16 01:45:54 ----D---- C:\Program Files\ATI Technologies

2010-04-16 01:45:01 ----RSD---- C:\WINDOWS\assembly

2010-04-16 01:45:00 ----D---- C:\WINDOWS\WinSxS

2010-04-16 01:20:33 ----SD---- C:\Documents and Settings\All Users\Application Data\Microsoft

2010-04-15 07:15:19 ----HD---- C:\WINDOWS\$hf_mig$

2010-04-15 07:13:59 ----D---- C:\WINDOWS\Debug

2010-04-14 23:32:23 ----D---- C:\WINDOWS\system32\CatRoot

2010-04-14 21:47:34 ----D---- C:\Documents and Settings\All Users\Application Data\Alwil Software

2010-04-14 21:38:18 ----SD---- C:\WINDOWS\Tasks

2010-04-14 21:36:05 ----D---- C:\WINDOWS\AppPatch

2010-04-14 16:43:53 ----D---- C:\WINDOWS\system32\config

2010-04-14 14:47:03 ----RSD---- C:\WINDOWS\Fonts

2010-04-14 02:15:56 ----D---- C:\WINDOWS\system32\Restore

2010-04-13 19:12:21 ----D---- C:\Documents and Settings

2010-04-13 01:51:28 ----SD---- C:\Documents and Settings\Jerry\Application Data\Microsoft

2010-04-12 18:38:34 ----D---- C:\WINDOWS\system32\LogFiles

2010-04-12 18:07:09 ----D---- C:\Program Files\Mozilla Firefox

2010-04-12 18:04:41 ----D---- C:\Program Files\Internet Explorer

2010-04-12 17:51:16 ----D---- C:\WINDOWS\Minidump

2010-04-12 17:49:28 ----D---- C:\Documents and Settings\All Users\Application Data\Adobe

2010-04-12 17:46:30 ----D---- C:\Program Files\OpenOffice.org 3

2010-04-12 17:41:43 ----D---- C:\Documents and Settings\All Users\Application Data\Microsoft Help

2010-04-12 17:41:13 ----D---- C:\Program Files\Common Files\microsoft shared

2010-04-12 17:37:50 ----D---- C:\Program Files\Common Files\System

2010-04-12 17:19:35 ----D---- C:\WINDOWS\system32\wbem

2010-04-12 17:19:31 ----D---- C:\WINDOWS\Registration

2010-04-07 22:19:47 ----SD---- C:\WINDOWS\Downloaded Program Files

2010-04-07 20:29:31 ----HD---- C:\Program Files\InstallShield Installation Information

2010-04-07 20:28:51 ----D---- C:\Program Files\Gigabyte

2010-04-07 17:43:21 ----D---- C:\WINDOWS\system32\DRVSTORE

2010-04-07 17:25:00 ----D---- C:\WINDOWS\msapps

2010-04-06 13:52:54 ----A---- C:\WINDOWS\system32\MRT.exe

2010-03-20 02:29:21 ----D---- C:\WINDOWS\system32\DirectX

2010-03-20 02:28:23 ----D---- C:\Program Files\File Scavenger 3.2

2010-03-20 02:25:39 ----D---- C:\Program Files\Movie Maker

2010-03-18 01:36:22 ----D---- C:\WINDOWS\Config



======List of drivers (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======



R1 Aavmker4;avast! Asynchronous Virus Monitor; C:\WINDOWS\system32\drivers\Aavmker4.sys [2010-04-14 28880]

R1 AmdPPM;AMD HwPState Processor Driver; C:\WINDOWS\system32\DRIVERS\AmdPPM.sys [2007-04-16 33792]

R1 aswSP;aswSP; C:\WINDOWS\system32\drivers\aswSP.sys [2010-04-14 162768]

R1 aswTdi;avast! Network Shield Support; C:\WINDOWS\system32\drivers\aswTdi.sys [2010-04-14 46672]

R1 SCDEmu;SCDEmu; C:\WINDOWS\system32\drivers\SCDEmu.sys [2009-11-08 59388]

R1 truecrypt;truecrypt; C:\WINDOWS\System32\drivers\truecrypt.sys [2010-02-22 223440]

R1 vsdatant;vsdatant; C:\WINDOWS\System32\vsdatant.sys [2009-11-22 486280]

R1 WmiAcpi;Microsoft Windows Management Interface for ACPI; C:\WINDOWS\system32\DRIVERS\wmiacpi.sys [2008-04-13 8832]

R2 aswFsBlk;aswFsBlk; C:\WINDOWS\system32\drivers\aswFsBlk.sys [2010-04-14 19024]

R2 aswMon2;avast! Standard Shield Support; C:\WINDOWS\system32\drivers\aswMon2.sys [2010-04-14 100432]

R2 ISWKL;ZoneAlarm Toolbar ISWKL; \??\C:\Program Files\CheckPoint\ZAForceField\ISWKL.sys []

R3 aswRdr;aswRdr; C:\WINDOWS\system32\drivers\aswRdr.sys [2010-04-14 23376]

R3 ati2mtag;ati2mtag; C:\WINDOWS\system32\DRIVERS\ati2mtag.sys [2009-07-29 4411392]

R3 HDAudBus;Microsoft UAA Bus Driver for High Definition Audio; C:\WINDOWS\system32\DRIVERS\HDAudBus.sys [2008-04-13 144384]

R3 hidusb;Microsoft HID Class Driver; C:\WINDOWS\system32\DRIVERS\hidusb.sys [2008-04-13 10368]

R3 IntcAzAudAddService;Service for Realtek HD Audio (WDM); C:\WINDOWS\system32\drivers\RtkHDAud.sys [2009-08-18 5884416]

R3 mouhid;Mouse HID Driver; C:\WINDOWS\system32\DRIVERS\mouhid.sys [2004-08-04 12160]

R3 RT2500;Linksys Wireless-G PCI Adapter Driver; C:\WINDOWS\system32\DRIVERS\RT2500.sys [2005-10-20 243328]

R3 RTHDMIAzAudService;Service for HDMI; C:\WINDOWS\system32\drivers\RtKHDMI.sys [2009-06-24 3734976]

R3 usbehci;Microsoft USB 2.0 Enhanced Host Controller Miniport Driver; C:\WINDOWS\system32\DRIVERS\usbehci.sys [2008-04-13 30208]

R3 usbhub;USB2 Enabled Hub; C:\WINDOWS\system32\DRIVERS\usbhub.sys [2008-04-13 59520]

R3 usbohci;Microsoft USB Open Host Controller Miniport Driver; C:\WINDOWS\system32\DRIVERS\usbohci.sys [2008-04-13 17152]

R3 USBSTOR;USB Mass Storage Driver; C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS [2008-04-13 26368]

S3 Ambfilt;Ambfilt; C:\WINDOWS\system32\drivers\Ambfilt.sys [2008-08-05 1684736]

S3 AODDriver;AODDriver; \??\C:\Program Files\GIGABYTE\ET6\i386\AODDriver.sys []

S3 Arp1394;1394 ARP Client Protocol; C:\WINDOWS\system32\DRIVERS\arp1394.sys [2008-04-13 60800]

S3 catchme;catchme; \??\C:\DOCUME~1\Jerry\LOCALS~1\Temp\catchme.sys []

S3 cpuz130;cpuz130; \??\C:\DOCUME~1\Jerry\LOCALS~1\Temp\cpuz130\cpuz_x32.sys []

S3 ENTECH;ENTECH; \??\C:\WINDOWS\system32\DRIVERS\ENTECH.sys []

S3 etdrv;etdrv; \??\C:\WINDOWS\etdrv.sys []

S3 gdrv;gdrv; \??\C:\WINDOWS\gdrv.sys []

S3 mcdbus;Driver for MagicISO SCSI Host Controller; C:\WINDOWS\system32\DRIVERS\mcdbus.sys []

S3 Monfilt;Monfilt; C:\WINDOWS\system32\drivers\Monfilt.sys [2006-01-04 1389056]

S3 NIC1394;1394 Net Driver; C:\WINDOWS\system32\DRIVERS\nic1394.sys [2008-04-13 61824]

S3 nm;Network Monitor Driver; C:\WINDOWS\system32\DRIVERS\NMnt.sys [2008-04-13 40320]

S3 pbfilter;pbfilter; \??\D:\Program Files\PeerBlock\pbfilter.sys []

S3 RTLE8023xp;Realtek 10/100/1000 PCI-E NIC Family NDIS XP Driver; C:\WINDOWS\system32\DRIVERS\Rtenicxp.sys [2009-06-29 142592]

S3 usbbus;LGE CDMA Composite USB Device; C:\WINDOWS\system32\DRIVERS\lgusbbus.sys []

S3 usbccgp;Microsoft USB Generic Parent Driver; C:\WINDOWS\system32\DRIVERS\usbccgp.sys [2008-04-13 32128]

S3 UsbDiag;LGE CDMA USB Serial Port; C:\WINDOWS\system32\DRIVERS\lgusbdiag.sys []

S3 USBModem;LGE CDMA USB Modem; C:\WINDOWS\system32\DRIVERS\lgusbmodem.sys []

S3 usbprint;Microsoft USB PRINTER Class; C:\WINDOWS\system32\DRIVERS\usbprint.sys [2008-04-13 25856]

S3 WpdUsb;WpdUsb; C:\WINDOWS\system32\DRIVERS\wpdusb.sys []

S3 WudfRd;Windows Driver Foundation - User-mode Driver Framework Reflector; C:\WINDOWS\system32\DRIVERS\wudfrd.sys [2006-09-28 82944]

S4 IntelIde;IntelIde; C:\WINDOWS\system32\drivers\IntelIde.sys []



======List of services (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======



R2 avast! Antivirus;avast! Antivirus; C:\Program Files\Alwil Software\Avast5\AvastSvc.exe [2010-04-14 40384]

R2 spupdsvc;Windows Service Pack Installer update service; C:\WINDOWS\system32\spupdsvc.exe [2007-07-27 26488]

R2 vsmon;TrueVector Internet Monitor; C:\WINDOWS\system32\ZoneLabs\vsmon.exe [2009-11-22 2384240]

R2 WudfSvc;Windows Driver Foundation - User-mode Driver Framework; C:\WINDOWS\system32\svchost.exe [2008-04-13 14336]

R3 avast! Mail Scanner;avast! Mail Scanner; C:\Program Files\Alwil Software\Avast5\AvastSvc.exe [2010-04-14 40384]

R3 avast! Web Scanner;avast! Web Scanner; C:\Program Files\Alwil Software\Avast5\AvastSvc.exe [2010-04-14 40384]

S3 aspnet_state;ASP.NET State Service; C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe [2008-07-25 34312]

S3 clr_optimization_v2.0.50727_32;.NET Runtime Optimization Service v2.0.50727_X86; C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe [2008-07-25 69632]

S3 FontCache3.0.0.0;Windows Presentation Foundation Font Cache 3.0.0.0; c:\WINDOWS\Microsoft.NET\Framework\v3.0\WPF\PresentationFontCache.exe [2008-07-29 46104]

S3 getPlusHelper;getPlus(R) Helper; C:\WINDOWS\System32\svchost.exe [2008-04-13 14336]

S4 Ati HotKey Poller;Ati HotKey Poller; C:\WINDOWS\system32\Ati2evxx.exe [2009-07-29 602112]

S4 EPSON_PM_RPCV4_01;EPSON V3 Service4(01); C:\Documents and Settings\All Users\Application Data\EPSON\EPW!3 SSRP\E_S40RP7.EXE [2007-01-11 113664]

S4 ES lite Service;ES lite Service for program management.; C:\Program Files\Gigabyte\EasySaver\ESSVR.EXE [2009-08-24 68136]

S4 IDriverT;InstallDriver Table Manager; C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe [2005-04-04 69632]

S4 idsvc;Windows CardSpace; c:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe [2008-07-29 881664]

S4 IswSvc;ZoneAlarm Toolbar IswSvc; C:\Program Files\CheckPoint\ZAForceField\IswSvc.exe [2009-10-14 476528]

S4 NetTcpPortSharing;Net.Tcp Port Sharing Service; c:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\SMSvcHost.exe [2008-07-29 132096]



-----------------EOF-----------------


Are we having fun yet???

Thank you
Jerry
Zedman2k
Active Member
 
Posts: 10
Joined: April 7th, 2010, 10:51 pm
Advertisement
Register to Remove

Re: I can't remove this malware

Unread postby Wingman » April 17th, 2010, 9:05 am

Hello Zedman2k,

Chkdsk cannot run because the volume is in use by another process. Would you like to schedule this volume to be
When you run the CHKDSK process to fix errors, it needs to have total, exclusive control of the hard drive. Please rerun the previous instruction for CHKDSK. When asked if you want to schedule the volume to be checked on the next reboot... reply Yes and restart your computer.

Post the results of the chkdsk scan, in your next reply.

Also: please check Notepad and make sure under the Format command... Wordwrap is NOT checked.... Please repost your last RSIT log.txt file contents again, after removing Wordwrap.

Thanks,
Wingman
User avatar
Wingman
Admin/Teacher
Admin/Teacher
 
Posts: 14108
Joined: July 1st, 2008, 1:34 pm
Location: East Coast, USA

Re: I can't remove this malware

Unread postby Zedman2k » April 17th, 2010, 3:13 pm

Hello Wingman

When I ran check disk I got the empty command box and never had any text in it, the
Wingman wrote:Chkdsk cannot run because the volume is in use by another process. Would you like to schedule this volume to be

was as it is in the chkdskf.log it didn't give me the choice.

Windows Recovery Console might have installed somewhat. I now have that option when I reboot but if I try to use it I just get "NTLDR is compressed press ctrl+alt+del to restart"

I thank you for your time and help but it looks like this is going to be a lost cause. With every reboot it just seams to go from bad to worst. I call time of windows XP's death 04-17-2010 15:10 time to move to Ubuntu or Win 7.

Thank you
Jerry
Zedman2k
Active Member
 
Posts: 10
Joined: April 7th, 2010, 10:51 pm

Re: I can't remove this malware

Unread postby Wingman » April 17th, 2010, 7:52 pm

Hello Jerry,

Your call... I agree and understand, especially with the kind of infection you had (have) as indicated earlier.
Sometimes the best option is to stop and start over again. A reformat and a clean install of XP can do wonders. If you decide to go to another OS, do your research first, make sure there are drivers for your hardware.

I'm sorry I could not be of more assistance.
Please post back, indicating you have seen this post... at which time I will ask for it to be closed. Thanks.

Wingman
User avatar
Wingman
Admin/Teacher
Admin/Teacher
 
Posts: 14108
Joined: July 1st, 2008, 1:34 pm
Location: East Coast, USA

Re: I can't remove this malware

Unread postby Zedman2k » April 18th, 2010, 2:13 pm

Hi Wingman

Thank you for time and help.

I have installed Ubuntu and will be moving to win 7 after I upgrade my HD so I might be back! :D

Jerry
Zedman2k
Active Member
 
Posts: 10
Joined: April 7th, 2010, 10:51 pm

Re: I can't remove this malware

Unread postby Dakeyras » April 18th, 2010, 4:35 pm

Since we have done all we can, this topic is now closed.

We are pleased we could help you resolve your computer's malware issues.

If you would like to make a comment or leave a compliment regarding the help you have received, please see Feedback for Our Helpers - Say "Thanks" Here.
User avatar
Dakeyras
MRU Honors Graduate
MRU Honors Graduate
 
Posts: 8732
Joined: November 21st, 2007, 5:30 am
Location: The Tundra
Advertisement
Register to Remove

Previous

  • Similar Topics
    Replies
    Views
    Last post

Return to Infected? Virus, malware, adware, ransomware, oh my!



Who is online

Users browsing this forum: No registered users and 37 guests

Contact us:

Advertisements do not imply our endorsement of that product or service. Register to remove all ads. The forum is run by volunteers who donate their time and expertise. We make every attempt to ensure that the help and advice posted is accurate and will not cause harm to your computer. However, we do not guarantee that they are accurate and they are to be used at your own risk. All trademarks are the property of their respective owners.

Member site: UNITE Against Malware