Jump to content

Computer Infect Unable to Run Removal Software

Recommended Posts

Hello all seeking to help,

In advance I'd like to state that I am greatly appreciative of all willing to help someone such as myself.

Here is the breakdown of the issue that I have found to date on my system.

I am certain that my computer has become infected by what I am not specifically sure.

However I can literate a few of the symptoms I have viewed:

- The infection has caused the Generic Host Process for Win32 Services to crash upon start up

- System recovery has become a beachhead for the infection. It will not complete when run and simply reverts to a point after the problem occurred, further it refuses to start in safemode.

- Windows Malicious software removal tool is prevented from launching

- Malawarebytes software is prevented from launching

- Some hijacking of IE has been observed

- Avast's updates have stopped and software continues to believe virus definitions are current.

Further attempts to use boot disc antivirus scanners such as Kaspersky and BitDefender fail due to their inability to mount my raid0 system.

Bellow is the HijackThis log and DDS log for the computer in question. attached is the Attach.zip from DDS and ARK.zip from GMER

Again I appreciate all the help you offer if you require any additional information feel free to email me.



HijackThis Log


Logfile of Trend Micro HijackThis v2.0.2

Scan saved at 3:26:08 PM, on 1/1/2009

Platform: Windows XP SP3 (WinNT 5.01.2600)

MSIE: Internet Explorer v6.00 SP3 (6.00.2900.5512)

Boot mode: Safe mode

Running processes:






C:Program FilesLavasoftAd-Aware 2007aawservice.exe



C:Program FilesTrend MicroHijackThisHijackThis.exe

R0 - HKCUSoftwareMicrosoftInternet ExplorerMain,Start Page =

R0 - HKCUSoftwareMicrosoftInternet ExplorerMain,Local Page =

R0 - HKCUSoftwareMicrosoftInternet ExplorerToolbar,LinksFolderName =

R3 - Default URLSearchHook is missing

O2 - BHO: ALOT Toolbar Helper - {14CEEAFF-96DD-4101-AE37-D5ECDC23C3F6} - C:Program Filesalotbinalot.dll

O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - (no file)

O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:PROGRA~1MICROS~4Office12GRA8E1~1.DLL

O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:Program FilesCommon FilesMicrosoft SharedWindows LiveWindowsLiveLogin.dll

O2 - BHO: Java Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:Program FilesJavajre6binjp2ssv.dll

O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:Program FilesJavajre6libdeployjqsiejqs_plugin.dll

O3 - Toolbar: ALOT Toolbar - {5AA2BA46-9913-4dc7-9620-69AB0FA17AE7} - C:Program Filesalotbinalot.dll

O4 - HKLM..Run: [ASUSGamerOSD] C:Program FilesASUSGamerOSDGamerOSD.exe

O4 - HKLM..Run: [intelliPoint] "C:Program FilesMicrosoft IntelliPointipoint.exe"

O4 - HKLM..Run: [avast5] C:PROGRA~1ALWILS~1Avast5avastUI.exe /nogui

O4 - HKLM..Run: [skyTel] SkyTel.EXE


O4 - HKLM..Run: [Alcmtr] ALCMTR.EXE

O4 - HKLM..Run: [MCStart] "C:Program FilesBell MobilityMobile Connect Basictscui.exe" /s

O4 - HKLM..Run: [sunJavaUpdateSched] "C:Program FilesCommon FilesJavaJava Updatejusched.exe"

O4 - HKLM..Run: [NeroFilterCheck] C:Program FilesCommon FilesAheadLibNeroCheck.exe

O4 - HKLM..Run: [GrooveMonitor] "C:Program FilesMicrosoft OfficeOffice12GrooveMonitor.exe"

O4 - HKLM..Run: [WindowsLivePhone] C:Program FilesWindows LiveDevice Managermsgrdvmn.exe /AutoRun

O4 - HKLM..Run: [LifeChat] "C:Program FilesMicrosoft LifeChatLifeChat.exe"

O4 - HKLM..Run: [nwiz] C:Program FilesNVIDIA CorporationnViewnwiz.exe /installquiet

O4 - HKLM..Run: [NvCplDaemon] RUNDLL32.EXE C:WINDOWSsystem32NvCpl.dll,NvStartup

O4 - HKLM..Run: [NvMediaCenter] RUNDLL32.EXE C:WINDOWSsystem32NvMcTray.dll,NvTaskbarInit

O4 - HKLM..RunOnce: [Malwarebytes' Anti-Malware] C:Program FilesMalwarebytes' Anti-Malwarembamgui.exe /install /silent

O4 - HKCU..Run: [ctfmon.exe] C:WINDOWSsystem32ctfmon.exe

O4 - Global Startup: NDAS Device Management.lnk = C:Program FilesNDASSystemndasmgmt.exe

O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:PROGRA~1MICROS~4Office12EXCEL.EXE/3000

O9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:PROGRA~1MICROS~4Office12ONBttnIE.dll

O9 - Extra 'Tools' menuitem: S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:PROGRA~1MICROS~4Office12ONBttnIE.dll

O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:PROGRA~1MICROS~4Office12REFIEBAR.DLL

O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:WINDOWSNetwork Diagnosticxpnetdiag.exe

O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:WINDOWSNetwork Diagnosticxpnetdiag.exe

O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:Program FilesMessengermsmsgs.exe

O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:Program FilesMessengermsmsgs.exe

O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:PROGRA~1MICROS~4Office12GR99D3~1.DLL

O20 - Winlogon Notify: !SASWinLogon - C:Program FilesSUPERAntiSpywareSASWINLO.DLL

O20 - Winlogon Notify: Antiwpa - C:WINDOWSSYSTEM32antiwpa.dll

O23 - Service: Ad-Aware 2007 Service (aawservice) - Lavasoft - C:Program FilesLavasoftAd-Aware 2007aawservice.exe

O23 - Service: ATK Keyboard Service (ATKKeyboardService) - ASUSTeK COMPUTER INC. - C:WINDOWSATKKBService.exe

O23 - Service: avast! Antivirus - AVAST Software - C:Program FilesAlwil SoftwareAvast5AvastSvc.exe

O23 - Service: avast! Mail Scanner - AVAST Software - C:Program FilesAlwil SoftwareAvast5AvastSvc.exe

O23 - Service: avast! Web Scanner - AVAST Software - C:Program FilesAlwil SoftwareAvast5AvastSvc.exe

O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:Program FilesCommon FilesInstallShieldDriver11Intel 32IDriverT.exe

O23 - Service: Java Quick Starter (JavaQuickStarterService) - Oracle - C:Program FilesJavajre6binjqs.exe

O23 - Service: MySQL - Unknown owner - C:Program.exe (file missing)

O23 - Service: NBService - Nero AG - C:Program FilesNeroNero 7Nero BackItUpNBService.exe

O23 - Service: NDAS Service (ndassvc) - XIMETA, Inc. - C:Program FilesNDASSystemndassvc.exe

O23 - Service: NMIndexingService - Nero AG - C:Program FilesCommon FilesAheadLibNMIndexingService.exe

O23 - Service: nProtect GameGuard Service (npggsvc) - Unknown owner - C:WINDOWSsystem32GameMon.des.exe (file missing)

O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:WINDOWSsystem32nvsvc32.exe

O23 - Service: NovaCore SDK Service (NvtlService) - Unknown owner - C:Program FilesNovatel WirelessNovacoreServerNvtlSrvr.exe


End of file - 5953 bytes




DDS (Ver_10-11-10.01) - NTFSx86 MINIMAL

Run by Administrator at 15:34:46.29 on Thu 01/01/2009

Internet Explorer: 6.0.2900.5512 BrowserJavaVersion: 1.6.0_21

Microsoft Windows XP Home Edition 5.1.2600.3.1252.1.1033.18.2047.1793 [GMT -5:00]

AV: avast! Antivirus *On-access scanning enabled* (Updated) {7591DB91-41F0-48A3-B128-1A293FD8233D}

============== Running Processes ===============

C:WINDOWSsystem32svchost -k DcomLaunch


C:Program FilesLavasoftAd-Aware 2007aawservice.exe


G:2 dds.scr

C:WINDOWSsystem32svchost.exe -k netsvcs

============== Pseudo HJT Report ===============

BHO: ALOT Toolbar Helper: {14ceeaff-96dd-4101-ae37-d5ecdc23c3f6} - c:program filesalotbinalot.dll

BHO: {5C255C8A-E604-49b4-9D64-90988571CECB} - No File

BHO: Groove GFS Browser Helper: {72853161-30c5-4d22-b7f9-0bbc1d38a37e} - c:progra~1micros~4office12GRA8E1~1.DLL

BHO: Windows Live Sign-in Helper: {9030d464-4c02-4abf-8ecc-5164760863c6} - c:program filescommon filesmicrosoft sharedwindows liveWindowsLiveLogin.dll

BHO: Java Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:program filesjavajre6binjp2ssv.dll

BHO: JQSIEStartDetectorImpl Class: {e7e6f031-17ce-4c07-bc86-eabfe594f69c} - c:program filesjavajre6libdeployjqsiejqs_plugin.dll

TB: ALOT Toolbar: {5aa2ba46-9913-4dc7-9620-69ab0fa17ae7} - c:program filesalotbinalot.dll

uRun: [ctfmon.exe] c:windowssystem32ctfmon.exe

mRun: [ASUSGamerOSD] c:program filesasusgamerosdGamerOSD.exe

mRun: [intelliPoint] "c:program filesmicrosoft intellipointipoint.exe"

mRun: [avast5] c:progra~1alwils~1avast5avastUI.exe /nogui

mRun: [skyTel] SkyTel.EXE


mRun: [Alcmtr] ALCMTR.EXE

mRun: [MCStart] "c:program filesbell mobilitymobile connect basictscui.exe" /s

mRun: [sunJavaUpdateSched] "c:program filescommon filesjavajava updatejusched.exe"

mRun: [NeroFilterCheck] c:program filescommon filesaheadlibNeroCheck.exe

mRun: [GrooveMonitor] "c:program filesmicrosoft officeoffice12GrooveMonitor.exe"

mRun: [WindowsLivePhone] c:program fileswindows livedevice managermsgrdvmn.exe /AutoRun

mRun: [LifeChat] "c:program filesmicrosoft lifechatLifeChat.exe"

mRun: [nwiz] c:program filesnvidia corporationnviewnwiz.exe /installquiet

mRun: [NvCplDaemon] RUNDLL32.EXE c:windowssystem32NvCpl.dll,NvStartup

mRun: [NvMediaCenter] RUNDLL32.EXE c:windowssystem32NvMcTray.dll,NvTaskbarInit

mRunOnce: [Malwarebytes' Anti-Malware] c:program filesmalwarebytes' anti-malwarembamgui.exe /install /silent

StartupFolder: c:docume~1alluse~1startm~1programsstartupndasde~1.lnk - c:program filesndassystemndasmgmt.exe

IE: E&xport to Microsoft Excel - c:progra~1micros~4office12EXCEL.EXE/3000

IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%Network Diagnosticxpnetdiag.exe

IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:program filesmessengermsmsgs.exe

IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - c:progra~1micros~4office12ONBttnIE.dll

IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:progra~1micros~4office12REFIEBAR.DLL

DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_21-windows-i586.cab

DPF: {CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_21-windows-i586.cab

DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_21-windows-i586.cab

Handler: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - c:progra~1micros~4office12GR99D3~1.DLL

Notify: !SASWinLogon - c:program filessuperantispywareSASWINLO.DLL

Notify: Antiwpa - antiwpa.dll

SEH: Groove GFS Stub Execution Hook: {b5a7f190-dda6-4420-b3ba-52453494e6cd} - c:progra~1micros~4office12GRA8E1~1.DLL

SEH: SABShellExecuteHook Class: {5ae067d3-9afb-48e0-853a-ebb7f4a000da} - c:program filessuperantispywareSASSEH.DLL

================= FIREFOX ===================

FF - ProfilePath -

FF - HiddenExtension: Java Console: No Registry Reference - c:program filesmozilla firefoxextensions{CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA}

FF - HiddenExtension: Java Console: No Registry Reference - c:program filesmozilla firefoxextensions{CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}


c:program filesmozilla firefoxgreprefsall.js - pref("network.IDN.whitelist.xn--mgbaam7a8h", true);

c:program filesmozilla firefoxgreprefsall.js - pref("network.IDN.whitelist.xn--fiqz9s", true); // Traditional

c:program filesmozilla firefoxgreprefsall.js - pref("network.IDN.whitelist.xn--fiqs8s", true); // Simplified

c:program filesmozilla firefoxgreprefsall.js - pref("network.IDN.whitelist.xn--j6w193g", true);

c:program filesmozilla firefoxgreprefsall.js - pref("network.IDN.whitelist.xn--mgberp4a5d4ar", true);

c:program filesmozilla firefoxgreprefsall.js - pref("network.IDN.whitelist.xn--mgberp4a5d4a87g", true);

c:program filesmozilla firefoxgreprefsall.js - pref("network.IDN.whitelist.xn--mgbqly7c0a67fbc", true);

c:program filesmozilla firefoxgreprefsall.js - pref("network.IDN.whitelist.xn--mgbqly7cvafr", true);

c:program filesmozilla firefoxgreprefsall.js - pref("network.IDN.whitelist.xn--kpry57d", true); // Traditional

c:program filesmozilla firefoxgreprefsall.js - pref("network.IDN.whitelist.xn--kprw13d", true); // Simplified

============= SERVICES / DRIVERS ===============

R0 lfsfilt;Lean File Sharing;c:windowssystem32driverslfsfilt.sys [2010-8-29 254440]

R0 lpx;LPX Protocol;c:windowssystem32driverslpx.sys [2007-6-29 62056]

R2 aawservice;Ad-Aware 2007 Service;c:program fileslavasoftad-aware 2007aawservice.exe [2008-3-19 607576]

R3 ndasbus;NDAS Bus Driver;c:windowssystem32driversndasbus.sys [2007-6-29 75880]

S1 aswSP;aswSP;c:windowssystem32driversaswSP.sys [2010-4-23 165584]

S1 ndasfat;NDAS FAT;c:windowssystem32driversndasfat.sys [2010-8-29 372584]

S1 oreans32;oreans32;c:windowssystem32driversoreans32.sys [2010-4-23 33824]

S1 SASDIFSV;SASDIFSV;c:program filessuperantispywaresasdifsv.sys [2010-2-17 12872]

S1 SASKUTIL;SASKUTIL;c:program filessuperantispywareSASKUTIL.SYS [2010-5-10 67656]

S2 Akamai;Akamai NetSession Interface;c:windowssystem32svchost.exe -k Akamai [2004-8-4 14336]

S2 aswFsBlk;aswFsBlk;c:windowssystem32driversaswFsBlk.sys [2010-4-23 17744]

S2 avast! Antivirus;avast! Antivirus;c:program filesalwil softwareavast5AvastSvc.exe [2010-4-23 40384]

S2 NvtlService;NovaCore SDK Service;c:program filesnovatel wirelessnovacoreserverNvtlSrvr.exe [2009-3-2 40448]

S3 avast! Mail Scanner;avast! Mail Scanner;c:program filesalwil softwareavast5AvastSvc.exe [2010-4-23 40384]

S3 avast! Web Scanner;avast! Web Scanner;c:program filesalwil softwareavast5AvastSvc.exe [2010-4-23 40384]

S3 ndasscsi;NDAS SCSI Miniport Driver;c:windowssystem32driversndasscsi.sys [2007-6-29 187368]

S3 nosGetPlusHelper;getPlus



Link to post
Share on other sites

This topic is now closed to further replies.
  • Recently Browsing   0 members

    • No registered users viewing this page.
Back to top
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.