Welcome to MalwareRemoval.com,
What if we told you that you could get malware removal help from experts, and that it was 100% free? MalwareRemoval.com provides free support for people with infected computers. Our help, and the tools we use are always 100% free. No hidden catch. We simply enjoy helping others. You enjoy a clean, safe computer.

Malware Removal Instructions

Please help - computer badly infected

MalwareRemoval.com provides free support for people with infected computers. Using plain language that anyone can understand, our community of volunteer experts will walk you through each step.

Re: Please help - computer badly infected

Unread postby bigalroden » November 12th, 2008, 4:53 pm

Hi, many thanks for your help so far -things were certainly improving, and pop-ups had more or less stopped.
However, the last tasks have caused problems.
There were 2 Java items to delete from my programs. Having installed the latest edition, both Comodo Firewall and Spyware Terminator pop up with messages every time I turn the computer on.
I tried to run the Kapersky online scanner, but every time, either my computer freezes, or eventually it will say that Java is not installed.

Can you help?
Cheers,
A.

Here's the latest Hijack:

20:53 12/11/2008Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 20:51:14, on 12/11/2008
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16735)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Virgin Broadband Wireless\AffinegyService.exe
C:\Program Files\COMODO\Firewall\cmdagent.exe
C:\WINDOWS\system32\CTsvcCDA.EXE
C:\Program Files\Java\jre6\bin\jqs.exe
C:\Program Files\Kontiki\KService.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\Program Files\ATI Technologies\ATI.ACE\cli.exe
C:\WINDOWS\system32\Rundll32.exe
C:\Program Files\Spyware Terminator\sp_rsser.exe
C:\Program Files\ATI Technologies\ATI HYDRAVISION\HydraDM.exe
C:\Program Files\dvd43\dvd43_tray.exe
C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe
C:\Program Files\Virgin Broadband Wireless\Wireless Manager.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Java\jre6\bin\jusched.exe
C:\Program Files\Creative\MediaSource\Detector\CTDetect.exe
C:\WINDOWS\system32\ctfmon.exe
C:\WINDOWS\system32\UAService7.exe
C:\Program Files\ATI Technologies\ATI.ACE\CLI.exe
C:\Program Files\Logitech\SetPoint\SetPoint.exe
C:\Program Files\Common Files\Logitech\KHAL\KHALMNPR.EXE
C:\Program Files\Virgin Broadband Wireless\ndis_events.exe
C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
C:\Program Files\Java\jre6\bin\java.exe
C:\Program Files\internet explorer\iexplore.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://news.bbc.co.uk/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page =
O2 - BHO: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre6\bin\ssv.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar5.dll
O4 - HKLM\..\Run: [ATICCC] "C:\Program Files\ATI Technologies\ATI.ACE\cli.exe" runtime
O4 - HKLM\..\Run: [P17Helper] Rundll32 P17.dll,P17Helper
O4 - HKLM\..\Run: [Ptipbmf] rundll32.exe ptipbmf.dll,SetWriteCacheMode
O4 - HKLM\..\Run: [HydraVisionDesktopManager] C:\Program Files\ATI Technologies\ATI HYDRAVISION\HydraDM.exe
O4 - HKLM\..\Run: [HPHUPD04] "C:\Program Files\HP Photosmart 11\hphinstall\UniPatch\hphupd04.exe"
O4 - HKLM\..\Run: [dvd43] C:\Program Files\dvd43\dvd43_tray.exe
O4 - HKLM\..\Run: [ISUSPM Startup] C:\PROGRA~1\COMMON~1\INSTAL~1\UPDATE~1\ISUSPM.exe -startup
O4 - HKLM\..\Run: [ISUSScheduler] "C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" -start
O4 - HKLM\..\Run: [Wireless Manager] "C:\Program Files\Virgin Broadband Wireless\Wireless Manager.exe" startup
O4 - HKLM\..\Run: [SpywareTerminator] "C:\Program Files\Spyware Terminator\SpywareTerminatorShield.exe"
O4 - HKLM\..\Run: [COMODO Firewall Pro] "C:\Program Files\COMODO\Firewall\cfp.exe" -h
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [COMODO Internet Security] "C:\Program Files\COMODO\Firewall\cfp.exe" -h
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe"
O4 - HKCU\..\Run: [Creative Detector] C:\Program Files\Creative\MediaSource\Detector\CTDetect.exe /R
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - Global Startup: ATI CATALYST System Tray.lnk = C:\Program Files\ATI Technologies\ATI.ACE\CLI.exe
O4 - Global Startup: Logitech SetPoint.lnk = C:\Program Files\Logitech\SetPoint\SetPoint.exe
O9 - Extra button: (no name) - {85d1f590-48f4-11d9-9669-0800200c9a66} - C:\WINDOWS\bdoscandel.exe
O9 - Extra 'Tools' menuitem: Uninstall BitDefender Online Scanner v8 - {85d1f590-48f4-11d9-9669-0800200c9a66} - C:\WINDOWS\bdoscandel.exe
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~4\OFFICE11\REFIEBAR.DLL
O9 - Extra button: (no name) - {B205A35E-1FC4-4CE3-818B-899DBBB3388C} - C:\Program Files\Common Files\Microsoft Shared\Encarta Search Bar\ENCSBAR.DLL
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {0A5FD7C5-A45C-49FC-ADB5-9952547D5715} (Creative Software AutoUpdate) - http://creative.com/su/ocx/15015/CTSUEng.cab
O16 - DPF: {0CCA191D-13A6-4E29-B746-314DEE697D83} (Facebook Photo Uploader 5 Control) - http://upload.facebook.com/controls/200 ... oader5.cab
O16 - DPF: {138E6DC9-722B-4F4B-B09D-95D191869696} (Bebo Uploader Control) - http://www.bebo.com/files/BeboUploader.5.1.4.cab
O16 - DPF: {39B0684F-D7BF-4743-B050-FDC3F48F7E3B} - http://www.fileplanet.com/fpdlmgr/cabs/ ... 1.2.76.cab
O16 - DPF: {3EA4FA88-E0BE-419A-A732-9B79B87A6ED0} (CTVUAxCtrl Object) - http://dl.tvunetworks.com/TVUAx.cab
O16 - DPF: {4C39376E-FA9D-4349-BACC-D305C1750EF3} (EPUImageControl Class) - http://tools.ebayimg.com/eps/wl/activex ... 0-3-48.cab
O16 - DPF: {4E62C4DE-627D-4604-B157-4B7D6B09F02E} (Egg Money Manager Digital Safe) - https://moneymanager.egg.com/Pinsafe/ac ... acking.cab
O16 - DPF: {5C6698D9-7BE4-4122-8EC5-291D84DBD4A0} (Facebook Photo Uploader 4 Control) - http://upload.facebook.com/controls/Fac ... oader3.cab
O16 - DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} (BDSCANONLINE Control) - http://www.bitdefender.co.uk/scan_uk/scan8/oscan8.cab
O16 - DPF: {5F8469B4-B055-49DD-83F7-62B522420ECC} (Facebook Photo Uploader Control) - http://upload.facebook.com/controls/Fac ... loader.cab
O16 - DPF: {67DABFBF-D0AB-41FA-9C46-CC0F21721616} - http://download.divx.com/player/DivXBrowserPlugin.cab
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsoftup ... 6751981718
O16 - DPF: {70BA88C8-DAE8-4CE9-92BB-979C4A75F53B} - http://launch.gamespyarcade.com/softwar ... launch.cab
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/s ... wflash.cab
O16 - DPF: {F6ACF75C-C32C-447B-9BEF-46B766368D29} (Creative Software AutoUpdate Support Package) - http://creative.com/su/ocx/15016/CTPID.cab
O16 - DPF: {FE0BD779-44EE-4A4B-AA2E-743C63F2E5E6} (IWinAmpActiveX Class) - http://pdl.stream.aol.com/downloads/aol ... _en_dl.cab
O20 - Winlogon Notify: !SASWinLogon - C:\Program Files\SUPERAntiSpyware\SASWINLO.dll
O23 - Service: Adobe LM Service - Unknown owner - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: AffinegyService - Affinegy, Inc. - C:\Program Files\Virgin Broadband Wireless\AffinegyService.exe
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
O23 - Service: COMODO Internet Security Helper Service (cmdAgent) - Unknown owner - C:\Program Files\COMODO\Firewall\cmdagent.exe
O23 - Service: Creative Service for CDROM Access - Creative Technology Ltd - C:\WINDOWS\system32\CTsvcCDA.EXE
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe
O23 - Service: KService - Kontiki Inc. - C:\Program Files\Kontiki\KService.exe
O23 - Service: Pml Driver HPH11 - HP - C:\WINDOWS\system32\HPHipm11.exe
O23 - Service: Spyware Terminator Realtime Shield Service (sp_rssrv) - Crawler.com - C:\Program Files\Spyware Terminator\sp_rsser.exe
O23 - Service: SecuROM User Access Service (V7) (UserAccess7) - Sony DADC Austria AG. - C:\WINDOWS\system32\UAService7.exe
O23 - Service: ZipToA - Iomega Corporation - C:\WINDOWS\system32\ZipToA.exe

--
End of file - 10110 bytes
bigalroden
Active Member
 
Posts: 11
Joined: October 31st, 2008, 5:03 am
Location: Edinburgh, UK
Advertisement
Register to Remove

Re: Please help - computer badly infected

Unread postby ktreffin » November 12th, 2008, 5:19 pm

What kind of pop-ups are you getting? Looks like the latest version of Java was installed successfully. The new version of Java actually installs a new service, which Comodo and Spyware Terminator may be bawking at.....

If Kaspersky won't run, lets get an ESET scan instead:

Step #1: Run ESET Online Scan

Please do an online scan with ESET Online Scanner. Please use Internet Explorer as it uses ActiveX.
  • Check (tick) this box: YES, I accept the Terms of Use.
  • Click on the Start button next to it.
  • When prompted to run ActiveX. click Yes.
  • You will be asked to install an ActiveX. Click Install.
  • Once installed, the scanner will be initialized.
  • After the scanner is initialized, click Start.
  • Uncheck (untick) Remove found threats box.
  • Check (tick) Scan unwanted applications.
  • Click on Scan.
  • It will start scanning. Please be patient.
  • Once the scan is done, the log will be saved here: C:\Program Files\esetonlinescanner\log.txt.

*===============================================*

Step #2: Things to put in your next reply

Please post the following in your next reply:
  • A New Hijack This Log
  • Contents of the ESET Online Scan Log
User avatar
ktreffin
Retired Graduate
 
Posts: 1864
Joined: February 28th, 2007, 11:12 pm
Location: USA, Florida

Re: Please help - computer badly infected

Unread postby bigalroden » November 12th, 2008, 7:42 pm

Hi, the Comodo and Terminator pop-ups kept asking me to accept Java...

Here's the Eset scan - I notice it seems to think my MP3 songs beginning with the letter A have viruses?? They've been on my computer for years... apologies for the bad taste in music!!!


# version=4
# OnlineScanner.ocx=1.0.0.635
# OnlineScannerDLLA.dll=1, 0, 0, 79
# OnlineScannerDLLW.dll=1, 0, 0, 78
# OnlineScannerUninstaller.exe=1, 0, 0, 49
# vers_standard_module=3607 (20081112)
# vers_arch_module=1.064 (20080214)
# vers_adv_heur_module=1.066 (20070917)
# EOSSerial=c1cd5028a05acd41ba88517c1881d0ec
# end=finished
# remove_checked=false
# unwanted_checked=true
# utc_time=2008-11-12 10:29:48
# local_time=2008-11-12 10:29:48 (+0000, GMT Standard Time)
# country="United Kingdom"
# osver=5.1.2600 NT Service Pack 3
# scanned=319768
# found=67
# scan_time=2679
C:\Documents and Settings\Alan\My Documents\My Music\ALAN's Downloads\2 Unlimited - Get Ready For This.mp3 a variant of WMA/TrojanDownloader.GetCodec.gen trojan EC8F13E06FBF0A5B76F866AEF88289E3
C:\Documents and Settings\Alan\My Documents\My Music\ALAN's Downloads\2 Unlimited - No limits.mp3 a variant of WMA/TrojanDownloader.GetCodec.gen trojan EA29BE449CEC2EAAD906E369838B1B3F
C:\Documents and Settings\Alan\My Documents\My Music\ALAN's Downloads\4 Non Blondes - What's Up.mp3 a variant of WMA/TrojanDownloader.GetCodec.gen trojan EF672BAA9D1BC29C3F3D0C5CF2168391
C:\Documents and Settings\Alan\My Documents\My Music\ALAN's Downloads\442 - Come On England.mp3 a variant of WMA/TrojanDownloader.GetCodec.gen trojan B345CC626799AB11971E9BB190CACED0
C:\Documents and Settings\Alan\My Documents\My Music\ALAN's Downloads\ABBA - Chiquitita.mp3 a variant of WMA/TrojanDownloader.GetCodec.gen trojan EDA786678CF781399EFB5AE4EAFC1D76
C:\Documents and Settings\Alan\My Documents\My Music\ALAN's Downloads\ABBA - Dancing Queen.mp3 a variant of WMA/TrojanDownloader.GetCodec.gen trojan D05D5E1935497626CD7748F4EBB5D84D
C:\Documents and Settings\Alan\My Documents\My Music\ALAN's Downloads\ABBA - Fernando.mp3 a variant of WMA/TrojanDownloader.GetCodec.gen trojan 6A9197441038AFFC4240A778C826B8FA
C:\Documents and Settings\Alan\My Documents\My Music\ALAN's Downloads\ABBA - Gimme! Gimme! Gimme!.wma a variant of WMA/TrojanDownloader.GetCodec.gen trojan CB6B5E9580E04F3D443A1A435CD70EE3
C:\Documents and Settings\Alan\My Documents\My Music\ALAN's Downloads\ABBA - Mamma Mia.mp3 a variant of WMA/TrojanDownloader.GetCodec.gen trojan 0A91551F9F68F1EEE852AD8C67533E9F
C:\Documents and Settings\Alan\My Documents\My Music\ALAN's Downloads\ABBA - Super Trouper.mp3 a variant of WMA/TrojanDownloader.GetCodec.gen trojan BC1666F2CB96AE998CE6BC33189D36CA
C:\Documents and Settings\Alan\My Documents\My Music\ALAN's Downloads\ABBA - Take A Chance On Me.wma a variant of WMA/TrojanDownloader.GetCodec.gen trojan 3C534550916C7FAFAF64569B22FDA516
C:\Documents and Settings\Alan\My Documents\My Music\ALAN's Downloads\ABBA - Thank You for the Music.wma a variant of WMA/TrojanDownloader.GetCodec.gen trojan B9B8AEC55A6748B037F02234A75528AF
C:\Documents and Settings\Alan\My Documents\My Music\ALAN's Downloads\ABBA - The Name Of The Game.mp3 a variant of WMA/TrojanDownloader.GetCodec.gen trojan BCFB5238FDA64360C0FBDB27D1BEC059
C:\Documents and Settings\Alan\My Documents\My Music\ALAN's Downloads\ABBA - The Winner Takes It All.mp3 a variant of WMA/TrojanDownloader.GetCodec.gen trojan 18A0B764EE45F1EF4CD293DA5213CA9E
C:\Documents and Settings\Alan\My Documents\My Music\ALAN's Downloads\ABBA - Waterloo.mp3 a variant of WMA/TrojanDownloader.GetCodec.gen trojan 151C84A43BC27D46261B9CB430E7433B
C:\Documents and Settings\Alan\My Documents\My Music\ALAN's Downloads\ABC - All Of My Heart.wma a variant of WMA/TrojanDownloader.GetCodec.gen trojan C18B525B1CAF7D31DB9AE2E32E89E59C
C:\Documents and Settings\Alan\My Documents\My Music\ALAN's Downloads\ACDC - Highway To Hell.mp3 a variant of WMA/TrojanDownloader.GetCodec.gen trojan 1EBF5C76B37632C061F7EB6417521B09
C:\Documents and Settings\Alan\My Documents\My Music\ALAN's Downloads\ACDC - I Love Rock and Roll.mp3 a variant of WMA/TrojanDownloader.GetCodec.gen trojan 311B06BEBE6319EE1EBE52471A9D104C
C:\Documents and Settings\Alan\My Documents\My Music\ALAN's Downloads\Ace Of Base - All That She Wants.mp3 a variant of WMA/TrojanDownloader.GetCodec.gen trojan FAEE1F6042B6F42A5ADE0C0033CA3E57
C:\Documents and Settings\Alan\My Documents\My Music\ALAN's Downloads\Ace Of Base - I Saw The Sign.mp3 a variant of WMA/TrojanDownloader.GetCodec.gen trojan 3769C770EFE5C4D5A8144F68A8A67730
C:\Documents and Settings\Alan\My Documents\My Music\ALAN's Downloads\Adam Ant - Stand and Deliver.mp3 a variant of WMA/TrojanDownloader.GetCodec.gen trojan 5AB94E41AA49F3D7CE0866E02DD7C4E9
C:\Documents and Settings\Alan\My Documents\My Music\ALAN's Downloads\Adele - Chasing Pavements.mp3 a variant of WMA/TrojanDownloader.GetCodec.gen trojan 9BFE71625B5A71BE571619800FBE67B3
C:\Documents and Settings\Alan\My Documents\My Music\ALAN's Downloads\Aerosmith - Love Me Two Times.wma a variant of WMA/TrojanDownloader.GetCodec.gen trojan 0629D067C7ED8095302ADEB9F8717D0A
C:\Documents and Settings\Alan\My Documents\My Music\ALAN's Downloads\Aerosmith - Theme From Spider Man.mp3 a variant of WMA/TrojanDownloader.GetCodec.gen trojan 40CD7EEDCB115D4AC03DC19985E9D806
C:\Documents and Settings\Alan\My Documents\My Music\ALAN's Downloads\Afroman - Because I Got High.mp3 a variant of WMA/TrojanDownloader.GetCodec.gen trojan 201EE9926FC6FC18957D020327FC701C
C:\Documents and Settings\Alan\My Documents\My Music\ALAN's Downloads\Aha - The Living Daylights.mp3 a variant of WMA/TrojanDownloader.GetCodec.gen trojan 712197FC5DE3B3D6D68595FDB9AD0D7A
C:\Documents and Settings\Alan\My Documents\My Music\ALAN's Downloads\Ain't Nobody Home - B.B. King.wma a variant of WMA/TrojanDownloader.GetCodec.gen trojan 7D8B8E5B2F3E6600866B813D7BD5BF4A
C:\Documents and Settings\Alan\My Documents\My Music\ALAN's Downloads\Air Supply - All out of love.mp3 a variant of WMA/TrojanDownloader.GetCodec.gen trojan 05CC8EB6D384CBD84287DAC29ED974EF
C:\Documents and Settings\Alan\My Documents\My Music\ALAN's Downloads\Air Supply - Total Eclipse Of The Heart.mp3 a variant of WMA/TrojanDownloader.GetCodec.gen trojan 6E91E3FB684E312E1E75567D3FE40F69
C:\Documents and Settings\Alan\My Documents\My Music\ALAN's Downloads\Air Supply - We Built This City.mp3 a variant of WMA/TrojanDownloader.GetCodec.gen trojan 2D3A24B9543D69F8FECE3175F3E858A1
C:\Documents and Settings\Alan\My Documents\My Music\ALAN's Downloads\Al Green - Aint No Sunshine When She's Gone.mp3 a variant of WMA/TrojanDownloader.GetCodec.gen trojan DFBE0FC09A756F520F1F0029CD773B6B
C:\Documents and Settings\Alan\My Documents\My Music\ALAN's Downloads\Alabama 3 - Woke Up This Morning.mp3 a variant of WMA/TrojanDownloader.GetCodec.gen trojan 7152AA914AAC12DE4EB32B7A6410C429
C:\Documents and Settings\Alan\My Documents\My Music\ALAN's Downloads\Alanis Morisette - Ironic.mp3 a variant of WMA/TrojanDownloader.GetCodec.gen trojan EC3C72B699968E88E955A43485F2A31C
C:\Documents and Settings\Alan\My Documents\My Music\ALAN's Downloads\Alanis Morissette - What if God was one of us.mp3 a variant of WMA/TrojanDownloader.GetCodec.gen trojan FEA94995E28261EC81A87BAF8F9BE355
C:\Documents and Settings\Alan\My Documents\My Music\ALAN's Downloads\Alex Parks - Maybe That's What it Takes.mp3 a variant of WMA/TrojanDownloader.GetCodec.gen trojan B801B9B9AF57A08D9B32D98150DD1749
C:\Documents and Settings\Alan\My Documents\My Music\ALAN's Downloads\Alexia-Goodbye.mp3 a variant of WMA/TrojanDownloader.GetCodec.gen trojan B952D1D99F4447BE39F767B0C1DE65B2
C:\Documents and Settings\Alan\My Documents\My Music\ALAN's Downloads\Alice Cooper - Poision.mp3 a variant of WMA/TrojanDownloader.GetCodec.gen trojan E484524094A2CEBF18837A11600D380B
C:\Documents and Settings\Alan\My Documents\My Music\ALAN's Downloads\All Saints - Rock_Steady.mp3 a variant of WMA/TrojanDownloader.GetCodec.gen trojan 4F46D0FFF98CC7612A84AAE4BB87D17E
C:\Documents and Settings\Alan\My Documents\My Music\ALAN's Downloads\Allman Brothers Band - Jessica.mp3 a variant of WMA/TrojanDownloader.GetCodec.gen trojan 7235ED1257404F4295F4F6FDAA6B2FD1
C:\Documents and Settings\Alan\My Documents\My Music\ALAN's Downloads\Allstars - Bump In the Night.mp3 a variant of WMA/TrojanDownloader.GetCodec.gen trojan 519D57EC6A28C62037ACC1A04FBD2784
C:\Documents and Settings\Alan\My Documents\My Music\ALAN's Downloads\Alphabeat - Fascination.mp3 a variant of WMA/TrojanDownloader.GetCodec.gen trojan EB298358987449C79EA7328353F13A76
C:\Documents and Settings\Alan\My Documents\My Music\ALAN's Downloads\Amii Stewart - Knock On Wood.mp3 a variant of WMA/TrojanDownloader.GetCodec.gen trojan E50900328622C090F82E701D41062DBE
C:\Documents and Settings\Alan\My Documents\My Music\ALAN's Downloads\Amy Macdonald - This Is The Life.mp3 a variant of WMA/TrojanDownloader.GetCodec.gen trojan CFFEAA667C17D4778834C65BF3DBB894
C:\Documents and Settings\Alan\My Documents\My Music\ALAN's Downloads\Ana Johnson - We Are.mp3 a variant of WMA/TrojanDownloader.GetCodec.gen trojan 83A526FEBB7A621F9341FDF3D0FED217
C:\Documents and Settings\Alan\My Documents\My Music\ALAN's Downloads\Andrea Bocceli & Sarah Brightman - Time to Say Goodbye.mp3 a variant of WMA/TrojanDownloader.GetCodec.gen trojan C39797BA23F9AD05FAD01E68FFAC06AF
C:\Documents and Settings\Alan\My Documents\My Music\ALAN's Downloads\Andrew Lloyd Weber - Poor, Poor Joseph (Joseph and the Amazing Technicolor Dreamcoat, 05).mp3 a variant of WMA/TrojanDownloader.GetCodec.gen trojan 8CB0F4CE43EF7C22CD9C5089D408C1D8
C:\Documents and Settings\Alan\My Documents\My Music\ALAN's Downloads\Andy Stewart - Donald Where's Your Trousers.mp3 a variant of WMA/TrojanDownloader.GetCodec.gen trojan C8761DAF9D8FA25891D1D274508393A1
C:\Documents and Settings\Alan\My Documents\My Music\ALAN's Downloads\Andy Williams - Can't take my eyes off you.wma a variant of WMA/TrojanDownloader.GetCodec.gen trojan 8197181B652B567FE016DAC4194D8287
C:\Documents and Settings\Alan\My Documents\My Music\ALAN's Downloads\Andy Williams - Happy Heart.mp3 a variant of WMA/TrojanDownloader.GetCodec.gen trojan D4F3B3C2F2448649296E6DD3BA4C5FBB
C:\Documents and Settings\Alan\My Documents\My Music\ALAN's Downloads\Animals - We've Gotta Get Out Of This Place.mp3 a variant of WMA/TrojanDownloader.GetCodec.gen trojan 4489E91BCB02854057500087E2915444
C:\Documents and Settings\Alan\My Documents\My Music\ALAN's Downloads\Annie Get Your Gun - There's No Business Like Show Business .mp3 a variant of WMA/TrojanDownloader.GetCodec.gen trojan AB3338A6E3DCCC290604650596EF43A3
C:\Documents and Settings\Alan\My Documents\My Music\ALAN's Downloads\Apocalypse Now.wma a variant of WMA/TrojanDownloader.GetCodec.gen trojan BA71AE8A9635082C9F9135974FC42EB3
C:\Documents and Settings\Alan\My Documents\My Music\ALAN's Downloads\Apollo 440 - Lost In Space Theme.mp3 a variant of WMA/TrojanDownloader.GetCodec.gen trojan F43746D6A7FF763AC234549C5A523031
C:\Documents and Settings\Alan\My Documents\My Music\ALAN's Downloads\Apollo 440 - Stop The Rock.mp3 a variant of WMA/TrojanDownloader.GetCodec.gen trojan 92586477230669A68E312636104933B1
C:\Documents and Settings\Alan\My Documents\My Music\ALAN's Downloads\Arctic Monkeys - I Bet You Look Good On The Dancefloor.mp3 a variant of WMA/TrojanDownloader.GetCodec.gen trojan 1C17ECE9EAC0037983F15C42C2CEEFC6
C:\Documents and Settings\Alan\My Documents\My Music\ALAN's Downloads\Arctic Monkeys - Love Machine (Live Lounge).MP3 a variant of WMA/TrojanDownloader.GetCodec.gen trojan 432C592D67C48A526350094EF605CBC6
C:\Documents and Settings\Alan\My Documents\My Music\ALAN's Downloads\Aretha Franklin - Ain't No Mountain High Enough....Mariah Carey, Diana Ross, Faith Hill, Donna Summer, Destiny's Child.mp3 a variant of WMA/TrojanDownloader.GetCodec.gen trojan BCDFE6E5AE00F08477FA3834AEA8A026
C:\Documents and Settings\Alan\My Documents\My Music\ALAN's Downloads\Ash - Girl From Mars.mp3 a variant of WMA/TrojanDownloader.GetCodec.gen trojan 88FB84C3781FC40960AAFCA140B8DCDD
C:\Documents and Settings\All Users\Documents\My Music\Sample Music\Beethoven's Symphony No. 9 (Scherzo).wma a variant of WMA/TrojanDownloader.GetCodec.gen trojan E72927DA31CEF1ED889D53E4E6BA4669
C:\Documents and Settings\All Users\Documents\My Music\Sample Music\New Stories (Highway Blues).wma a variant of WMA/TrojanDownloader.GetCodec.gen trojan BA211204D7637B8B21A12FBDC97D0567
C:\Documents and Settings\All Users\Documents\My Videos\My Deliveries\iplayer_live\BBC_1_Magic_Forest_N.I_16x9.wmv a variant of WMA/TrojanDownloader.GetCodec.gen trojan 8C38B6FE035072D1D6BD678295254895
C:\Documents and Settings\All Users\Documents\My Videos\My Deliveries\iplayer_live\BBC_2_Zoetrope_N.I_16x9.wmv a variant of WMA/TrojanDownloader.GetCodec.gen trojan 27991F42191B28C33589300E9D3025BD
C:\Documents and Settings\All Users\Documents\My Videos\My Deliveries\iplayer_live\BBC_2_Zoetrope_Network_16x9.wmv a variant of WMA/TrojanDownloader.GetCodec.gen trojan BA46ED78E59E762CAC9412B8F724FB19
C:\Documents and Settings\All Users\Documents\My Videos\My Deliveries\iplayer_live\BBC_2_Zoetrope_Scotland_16x9.wmv a variant of WMA/TrojanDownloader.GetCodec.gen trojan D66BA76A576686134716F94B9A91500F
C:\Documents and Settings\All Users\Documents\My Videos\My Deliveries\iplayer_live\BBC_NEWS_15_SEC.wmv a variant of WMA/TrojanDownloader.GetCodec.gen trojan ADCA2176EDF2A3012E005B985F1C0316
C:\Documents and Settings\All Users\Documents\My Videos\My Deliveries\iplayer_live\BBC_Parliament.wmv a variant of WMA/TrojanDownloader.GetCodec.gen trojan D2185817D51FD968DB4C58B229F1B855
C:\Documents and Settings\All Users\Documents\My Videos\My Deliveries\iplayer_live\CBeebies_Dance_16x9.wmv a variant of WMA/TrojanDownloader.GetCodec.gen trojan AAEED62CD4D68E352DBF5FAACF55809E







Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 23:42:01, on 12/11/2008
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16735)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Virgin Broadband Wireless\AffinegyService.exe
C:\Program Files\COMODO\Firewall\cmdagent.exe
C:\WINDOWS\system32\CTsvcCDA.EXE
C:\Program Files\Java\jre6\bin\jqs.exe
C:\Program Files\Kontiki\KService.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\Program Files\ATI Technologies\ATI.ACE\cli.exe
C:\WINDOWS\system32\Rundll32.exe
C:\Program Files\Spyware Terminator\sp_rsser.exe
C:\Program Files\ATI Technologies\ATI HYDRAVISION\HydraDM.exe
C:\Program Files\dvd43\dvd43_tray.exe
C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe
C:\Program Files\Virgin Broadband Wireless\Wireless Manager.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Java\jre6\bin\jusched.exe
C:\Program Files\Creative\MediaSource\Detector\CTDetect.exe
C:\WINDOWS\system32\ctfmon.exe
C:\WINDOWS\system32\UAService7.exe
C:\Program Files\ATI Technologies\ATI.ACE\CLI.exe
C:\Program Files\Logitech\SetPoint\SetPoint.exe
C:\Program Files\Common Files\Logitech\KHAL\KHALMNPR.EXE
C:\Program Files\Virgin Broadband Wireless\ndis_events.exe
C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
C:\Program Files\internet explorer\iexplore.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://news.bbc.co.uk/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page =
O2 - BHO: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre6\bin\ssv.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar5.dll
O4 - HKLM\..\Run: [ATICCC] "C:\Program Files\ATI Technologies\ATI.ACE\cli.exe" runtime
O4 - HKLM\..\Run: [P17Helper] Rundll32 P17.dll,P17Helper
O4 - HKLM\..\Run: [Ptipbmf] rundll32.exe ptipbmf.dll,SetWriteCacheMode
O4 - HKLM\..\Run: [HydraVisionDesktopManager] C:\Program Files\ATI Technologies\ATI HYDRAVISION\HydraDM.exe
O4 - HKLM\..\Run: [HPHUPD04] "C:\Program Files\HP Photosmart 11\hphinstall\UniPatch\hphupd04.exe"
O4 - HKLM\..\Run: [dvd43] C:\Program Files\dvd43\dvd43_tray.exe
O4 - HKLM\..\Run: [ISUSPM Startup] C:\PROGRA~1\COMMON~1\INSTAL~1\UPDATE~1\ISUSPM.exe -startup
O4 - HKLM\..\Run: [ISUSScheduler] "C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" -start
O4 - HKLM\..\Run: [Wireless Manager] "C:\Program Files\Virgin Broadband Wireless\Wireless Manager.exe" startup
O4 - HKLM\..\Run: [SpywareTerminator] "C:\Program Files\Spyware Terminator\SpywareTerminatorShield.exe"
O4 - HKLM\..\Run: [COMODO Firewall Pro] "C:\Program Files\COMODO\Firewall\cfp.exe" -h
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [COMODO Internet Security] "C:\Program Files\COMODO\Firewall\cfp.exe" -h
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe"
O4 - HKCU\..\Run: [Creative Detector] C:\Program Files\Creative\MediaSource\Detector\CTDetect.exe /R
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - Global Startup: ATI CATALYST System Tray.lnk = C:\Program Files\ATI Technologies\ATI.ACE\CLI.exe
O4 - Global Startup: Logitech SetPoint.lnk = C:\Program Files\Logitech\SetPoint\SetPoint.exe
O9 - Extra button: (no name) - {85d1f590-48f4-11d9-9669-0800200c9a66} - C:\WINDOWS\bdoscandel.exe
O9 - Extra 'Tools' menuitem: Uninstall BitDefender Online Scanner v8 - {85d1f590-48f4-11d9-9669-0800200c9a66} - C:\WINDOWS\bdoscandel.exe
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~4\OFFICE11\REFIEBAR.DLL
O9 - Extra button: (no name) - {B205A35E-1FC4-4CE3-818B-899DBBB3388C} - C:\Program Files\Common Files\Microsoft Shared\Encarta Search Bar\ENCSBAR.DLL
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {0A5FD7C5-A45C-49FC-ADB5-9952547D5715} (Creative Software AutoUpdate) - http://creative.com/su/ocx/15015/CTSUEng.cab
O16 - DPF: {0CCA191D-13A6-4E29-B746-314DEE697D83} (Facebook Photo Uploader 5 Control) - http://upload.facebook.com/controls/200 ... oader5.cab
O16 - DPF: {138E6DC9-722B-4F4B-B09D-95D191869696} (Bebo Uploader Control) - http://www.bebo.com/files/BeboUploader.5.1.4.cab
O16 - DPF: {39B0684F-D7BF-4743-B050-FDC3F48F7E3B} - http://www.fileplanet.com/fpdlmgr/cabs/ ... 1.2.76.cab
O16 - DPF: {3EA4FA88-E0BE-419A-A732-9B79B87A6ED0} (CTVUAxCtrl Object) - http://dl.tvunetworks.com/TVUAx.cab
O16 - DPF: {4C39376E-FA9D-4349-BACC-D305C1750EF3} (EPUImageControl Class) - http://tools.ebayimg.com/eps/wl/activex ... 0-3-48.cab
O16 - DPF: {4E62C4DE-627D-4604-B157-4B7D6B09F02E} (Egg Money Manager Digital Safe) - https://moneymanager.egg.com/Pinsafe/ac ... acking.cab
O16 - DPF: {56762DEC-6B0D-4AB4-A8AD-989993B5D08B} (OnlineScanner Control) - http://www.eset.eu/buxus/docs/OnlineScanner.cab
O16 - DPF: {5C6698D9-7BE4-4122-8EC5-291D84DBD4A0} (Facebook Photo Uploader 4 Control) - http://upload.facebook.com/controls/Fac ... oader3.cab
O16 - DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} (BDSCANONLINE Control) - http://www.bitdefender.co.uk/scan_uk/scan8/oscan8.cab
O16 - DPF: {5F8469B4-B055-49DD-83F7-62B522420ECC} (Facebook Photo Uploader Control) - http://upload.facebook.com/controls/Fac ... loader.cab
O16 - DPF: {67DABFBF-D0AB-41FA-9C46-CC0F21721616} - http://download.divx.com/player/DivXBrowserPlugin.cab
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsoftup ... 6751981718
O16 - DPF: {70BA88C8-DAE8-4CE9-92BB-979C4A75F53B} - http://launch.gamespyarcade.com/softwar ... launch.cab
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/s ... wflash.cab
O16 - DPF: {F6ACF75C-C32C-447B-9BEF-46B766368D29} (Creative Software AutoUpdate Support Package) - http://creative.com/su/ocx/15016/CTPID.cab
O16 - DPF: {FE0BD779-44EE-4A4B-AA2E-743C63F2E5E6} (IWinAmpActiveX Class) - http://pdl.stream.aol.com/downloads/aol ... _en_dl.cab
O20 - Winlogon Notify: !SASWinLogon - C:\Program Files\SUPERAntiSpyware\SASWINLO.dll
O23 - Service: Adobe LM Service - Unknown owner - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: AffinegyService - Affinegy, Inc. - C:\Program Files\Virgin Broadband Wireless\AffinegyService.exe
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
O23 - Service: COMODO Internet Security Helper Service (cmdAgent) - Unknown owner - C:\Program Files\COMODO\Firewall\cmdagent.exe
O23 - Service: Creative Service for CDROM Access - Creative Technology Ltd - C:\WINDOWS\system32\CTsvcCDA.EXE
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe
O23 - Service: KService - Kontiki Inc. - C:\Program Files\Kontiki\KService.exe
O23 - Service: Pml Driver HPH11 - HP - C:\WINDOWS\system32\HPHipm11.exe
O23 - Service: Spyware Terminator Realtime Shield Service (sp_rssrv) - Crawler.com - C:\Program Files\Spyware Terminator\sp_rsser.exe
O23 - Service: SecuROM User Access Service (V7) (UserAccess7) - Sony DADC Austria AG. - C:\WINDOWS\system32\UAService7.exe
O23 - Service: ZipToA - Iomega Corporation - C:\WINDOWS\system32\ZipToA.exe

--
End of file - 10194 bytes
bigalroden
Active Member
 
Posts: 11
Joined: October 31st, 2008, 5:03 am
Location: Edinburgh, UK

Re: Please help - computer badly infected

Unread postby ktreffin » November 12th, 2008, 9:08 pm

Alan,

I am afraid those files are infected, and need to go. If you choose not to remove them, then you risk re-infecting your machine each time to open one of those files. Please do the following:

Step #1 Download and Run Dr.Web CureIt

Download to the desktop:Dr.Web CureIt
  • Doubleclick the drweb-cureit.exe file and Allow to run the express scan
  • This will scan the files currently running in memory and when something is found, click the yes button when it asks you if you want to cure it. This is only a short scan.
  • Once the short scan has finished, Click Options > Change settings
  • Choose the "Scan"-tab, remove the mark at "Heuristic analysis".
  • Back at the main window, mark the drives that you want to scan.
  • Select all drives. A red dot shows which drives have been chosen.
  • Click the green arrow at the right, and the scan will start.
  • Click 'Yes to all' if it asks if you want to cure/move the file.
  • When the scan has finished, look if you can click next icon next to the files found:
    Image
    If so, click it and then click the next icon right below and select Move incurable as you'll see in next image:
    Image
    This will move it to the %userprofile%\DoctorWeb\quarantaine-folder if it can't be cured. (this in case if we need samples)
  • After selecting, in the Dr.Web CureIt menu on top, click file and choose save report list
  • Save the report to your desktop. The report will be called DrWeb.csv
  • Close Dr.Web Cureit.
  • Reboot your computer!! Because it could be possible that files in use will be moved/deleted during reboot.
  • After reboot, post the contents of the log from Dr.Web you saved previously in your next reply with a new hijackthis log.

*===============================================*

Step #2: Things to put in your next reply

Please post the following in your next reply:
  • A New Hijack This Log
  • Contents of the Dr.Web CureIt Log
User avatar
ktreffin
Retired Graduate
 
Posts: 1864
Joined: February 28th, 2007, 11:12 pm
Location: USA, Florida

Re: Please help - computer badly infected

Unread postby bigalroden » November 13th, 2008, 8:58 pm

Hi.
Still having problems with Java - Spyware Terminator would flash up loads of "blocked" messages, and the internet wouldn't load. I've disabled Terminator, and it works OK now, but if there's a way round that - or a better anti-spyware programme - that would be great. Comodo also kept popping up with Java-related access requests, so I've had to disable that as well.

Couldn't follow the DrWeb instructions to the letter, as your description didn't fully match up what was on the screen, but did an express scan which found nothing, then a complete system scan which found three things. I selected them all, and selected "move incurable" as well.

Here are the reports, and thanks again for your help so far:

ComboFix.exe\32788R22FWJFW\psexec.cfexe;C:\Documents and Settings\Alan\Desktop\ComboFix.exe;Program.PsExec.171;;
ComboFix.exe;C:\Documents and Settings\Alan\Desktop;Archive contains infected objects;Moved.;
A0168642.EXE;C:\System Volume Information\_restore{327593A4-581B-4D4F-8D72-9F5A50C45B36}\RP855;Program.PsExec.170;Incurable.Moved.;
A0169123.exe\32788R22FWJFW\psexec.cfexe;C:\System Volume Information\_restore{327593A4-581B-4D4F-8D72-9F5A50C45B36}\RP862\A0169123.exe;Program.PsExec.171;;
A0169123.exe;C:\System Volume Information\_restore{327593A4-581B-4D4F-8D72-9F5A50C45B36}\RP862;Archive contains infected objects;Moved.;






Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 00:58:17, on 14/11/2008
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16735)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Virgin Broadband Wireless\AffinegyService.exe
C:\Program Files\COMODO\Firewall\cmdagent.exe
C:\WINDOWS\system32\CTsvcCDA.EXE
C:\Program Files\Java\jre6\bin\jqs.exe
C:\Program Files\Kontiki\KService.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\Program Files\Spyware Terminator\sp_rsser.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\UAService7.exe
C:\Program Files\ATI Technologies\ATI.ACE\cli.exe
C:\WINDOWS\system32\Rundll32.exe
C:\Program Files\ATI Technologies\ATI HYDRAVISION\HydraDM.exe
C:\Program Files\dvd43\dvd43_tray.exe
C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe
C:\Program Files\Virgin Broadband Wireless\Wireless Manager.exe
C:\Program Files\Spyware Terminator\SpywareTerminatorShield.exe
C:\Program Files\Java\jre6\bin\jusched.exe
C:\Program Files\Creative\MediaSource\Detector\CTDetect.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\ATI Technologies\ATI.ACE\CLI.exe
C:\Program Files\Logitech\SetPoint\SetPoint.exe
C:\Program Files\Common Files\Logitech\KHAL\KHALMNPR.EXE
C:\Program Files\Virgin Broadband Wireless\ndis_events.exe
C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
C:\Program Files\internet explorer\iexplore.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://news.bbc.co.uk/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page =
O2 - BHO: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre6\bin\ssv.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar5.dll
O4 - HKLM\..\Run: [ATICCC] "C:\Program Files\ATI Technologies\ATI.ACE\cli.exe" runtime
O4 - HKLM\..\Run: [P17Helper] Rundll32 P17.dll,P17Helper
O4 - HKLM\..\Run: [Ptipbmf] rundll32.exe ptipbmf.dll,SetWriteCacheMode
O4 - HKLM\..\Run: [HydraVisionDesktopManager] C:\Program Files\ATI Technologies\ATI HYDRAVISION\HydraDM.exe
O4 - HKLM\..\Run: [HPHUPD04] "C:\Program Files\HP Photosmart 11\hphinstall\UniPatch\hphupd04.exe"
O4 - HKLM\..\Run: [dvd43] C:\Program Files\dvd43\dvd43_tray.exe
O4 - HKLM\..\Run: [ISUSPM Startup] C:\PROGRA~1\COMMON~1\INSTAL~1\UPDATE~1\ISUSPM.exe -startup
O4 - HKLM\..\Run: [ISUSScheduler] "C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" -start
O4 - HKLM\..\Run: [Wireless Manager] "C:\Program Files\Virgin Broadband Wireless\Wireless Manager.exe" startup
O4 - HKLM\..\Run: [SpywareTerminator] "C:\Program Files\Spyware Terminator\SpywareTerminatorShield.exe"
O4 - HKLM\..\Run: [COMODO Firewall Pro] "C:\Program Files\COMODO\Firewall\cfp.exe" -h
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [COMODO Internet Security] "C:\Program Files\COMODO\Firewall\cfp.exe" -h
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe"
O4 - HKCU\..\Run: [Creative Detector] C:\Program Files\Creative\MediaSource\Detector\CTDetect.exe /R
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - Global Startup: ATI CATALYST System Tray.lnk = C:\Program Files\ATI Technologies\ATI.ACE\CLI.exe
O4 - Global Startup: Logitech SetPoint.lnk = C:\Program Files\Logitech\SetPoint\SetPoint.exe
O9 - Extra button: (no name) - {85d1f590-48f4-11d9-9669-0800200c9a66} - C:\WINDOWS\bdoscandel.exe
O9 - Extra 'Tools' menuitem: Uninstall BitDefender Online Scanner v8 - {85d1f590-48f4-11d9-9669-0800200c9a66} - C:\WINDOWS\bdoscandel.exe
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~4\OFFICE11\REFIEBAR.DLL
O9 - Extra button: (no name) - {B205A35E-1FC4-4CE3-818B-899DBBB3388C} - C:\Program Files\Common Files\Microsoft Shared\Encarta Search Bar\ENCSBAR.DLL
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {0A5FD7C5-A45C-49FC-ADB5-9952547D5715} (Creative Software AutoUpdate) - http://creative.com/su/ocx/15015/CTSUEng.cab
O16 - DPF: {0CCA191D-13A6-4E29-B746-314DEE697D83} (Facebook Photo Uploader 5 Control) - http://upload.facebook.com/controls/200 ... oader5.cab
O16 - DPF: {138E6DC9-722B-4F4B-B09D-95D191869696} (Bebo Uploader Control) - http://www.bebo.com/files/BeboUploader.5.1.4.cab
O16 - DPF: {39B0684F-D7BF-4743-B050-FDC3F48F7E3B} - http://www.fileplanet.com/fpdlmgr/cabs/ ... 1.2.76.cab
O16 - DPF: {3EA4FA88-E0BE-419A-A732-9B79B87A6ED0} (CTVUAxCtrl Object) - http://dl.tvunetworks.com/TVUAx.cab
O16 - DPF: {4C39376E-FA9D-4349-BACC-D305C1750EF3} (EPUImageControl Class) - http://tools.ebayimg.com/eps/wl/activex ... 0-3-48.cab
O16 - DPF: {4E62C4DE-627D-4604-B157-4B7D6B09F02E} (Egg Money Manager Digital Safe) - https://moneymanager.egg.com/Pinsafe/ac ... acking.cab
O16 - DPF: {56762DEC-6B0D-4AB4-A8AD-989993B5D08B} (OnlineScanner Control) - http://www.eset.eu/buxus/docs/OnlineScanner.cab
O16 - DPF: {5C6698D9-7BE4-4122-8EC5-291D84DBD4A0} (Facebook Photo Uploader 4 Control) - http://upload.facebook.com/controls/Fac ... oader3.cab
O16 - DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} (BDSCANONLINE Control) - http://www.bitdefender.co.uk/scan_uk/scan8/oscan8.cab
O16 - DPF: {5F8469B4-B055-49DD-83F7-62B522420ECC} (Facebook Photo Uploader Control) - http://upload.facebook.com/controls/Fac ... loader.cab
O16 - DPF: {67DABFBF-D0AB-41FA-9C46-CC0F21721616} - http://download.divx.com/player/DivXBrowserPlugin.cab
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsoftup ... 6751981718
O16 - DPF: {70BA88C8-DAE8-4CE9-92BB-979C4A75F53B} - http://launch.gamespyarcade.com/softwar ... launch.cab
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/s ... wflash.cab
O16 - DPF: {F6ACF75C-C32C-447B-9BEF-46B766368D29} (Creative Software AutoUpdate Support Package) - http://creative.com/su/ocx/15016/CTPID.cab
O16 - DPF: {FE0BD779-44EE-4A4B-AA2E-743C63F2E5E6} (IWinAmpActiveX Class) - http://pdl.stream.aol.com/downloads/aol ... _en_dl.cab
O20 - Winlogon Notify: !SASWinLogon - C:\Program Files\SUPERAntiSpyware\SASWINLO.dll
O23 - Service: Adobe LM Service - Unknown owner - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: AffinegyService - Affinegy, Inc. - C:\Program Files\Virgin Broadband Wireless\AffinegyService.exe
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
O23 - Service: COMODO Internet Security Helper Service (cmdAgent) - Unknown owner - C:\Program Files\COMODO\Firewall\cmdagent.exe
O23 - Service: Creative Service for CDROM Access - Creative Technology Ltd - C:\WINDOWS\system32\CTsvcCDA.EXE
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe
O23 - Service: KService - Kontiki Inc. - C:\Program Files\Kontiki\KService.exe
O23 - Service: Pml Driver HPH11 - HP - C:\WINDOWS\system32\HPHipm11.exe
O23 - Service: Spyware Terminator Realtime Shield Service (sp_rssrv) - Crawler.com - C:\Program Files\Spyware Terminator\sp_rsser.exe
O23 - Service: SecuROM User Access Service (V7) (UserAccess7) - Sony DADC Austria AG. - C:\WINDOWS\system32\UAService7.exe
O23 - Service: ZipToA - Iomega Corporation - C:\WINDOWS\system32\ZipToA.exe

--
End of file - 10259 bytes
bigalroden
Active Member
 
Posts: 11
Joined: October 31st, 2008, 5:03 am
Location: Edinburgh, UK

Re: Please help - computer badly infected

Unread postby ktreffin » November 14th, 2008, 9:47 am

Just out of curiosity, have you tried to uninstall Spyware Terminator? Going back and looking at your logs and Uninstall list again, I think maybe you are actually running too many protection programs. This is what appears to be installed:

avast! Antivirus
COMODO Firewall Pro
Spyware Terminator
SpywareBlaster 4.1
SUPERAntiSpyware Free Edition


It's good that you are trying to protect yourself, however, too many programs can actually cause conflicts. Are you operating behind a router? If you have a router in place, which you access the internet through, then actually you really don't need the third party Firewall. Many experts believe that the combination of a hardware firewall through the Router, and enabling the Windows Firewall on the computer will provide adequate protection.

If this was my system, here is what I would do: I would uninstall everything except Avast and Malwarebytes' Anti-Malware. Later, I will also recommend that you install WinPatrol. I would also remove Comodo only if I am behind a router, and after I make sure that Windows Firewall is enabled.

I am not seeing anything malicious in your HijackThis log. I think that most of the problems you are experiencing now are all software related.

Alternately, as I really don't see any signs anything remaining, I would be happy to refer you to a General Troubleshooting Forum which may be able to assist you a little better with the remaining problems. If this is something you would like to do, please let me know.

Thanks,
Ken
User avatar
ktreffin
Retired Graduate
 
Posts: 1864
Joined: February 28th, 2007, 11:12 pm
Location: USA, Florida

Re: Please help - computer badly infected

Unread postby bigalroden » November 14th, 2008, 10:00 am

Thanks - I will remove some of those anti-spyware programmes then. I got them all in my attempts to fix my computer, before I came to you for help!!

Can I check re those songs that came up with Trojans - I haven't deleted them yet, but they weren't picked up by DrWeb??
bigalroden
Active Member
 
Posts: 11
Joined: October 31st, 2008, 5:03 am
Location: Edinburgh, UK

Re: Please help - computer badly infected

Unread postby ktreffin » November 14th, 2008, 10:43 am

I assume that most of these came from the P2P you had installed?

Lets do this, it will be a lot easier for you:

Run OTMoveIt3

  • Double-click on OTMoveIt3.exe to run it. (Note: If you are running on Vista, right-click on the file and choose Run As Administrator).
  • Copy the lines in the codebox below.
  • Copy the lines in the codebox below to the clipboard by highlighting ALL of them and pressing CTRL + C (or, after highlighting, right-click and choose Copy):
    Code: Select all
    :Files
    C:\Documents and Settings\Alan\My Documents\My Music\ALAN's Downloads\2 Unlimited - Get Ready For This.mp3
    C:\Documents and Settings\Alan\My Documents\My Music\ALAN's Downloads\2 Unlimited - No limits.mp3
    C:\Documents and Settings\Alan\My Documents\My Music\ALAN's Downloads\4 Non Blondes - What's Up.mp3 
    C:\Documents and Settings\Alan\My Documents\My Music\ALAN's Downloads\442 - Come On England.mp3
    C:\Documents and Settings\Alan\My Documents\My Music\ALAN's Downloads\ABBA - Chiquitita.mp3
    C:\Documents and Settings\Alan\My Documents\My Music\ALAN's Downloads\ABBA - Dancing Queen.mp3
    C:\Documents and Settings\Alan\My Documents\My Music\ALAN's Downloads\ABBA - Fernando.mp3
    C:\Documents and Settings\Alan\My Documents\My Music\ALAN's Downloads\ABBA - Gimme! Gimme! Gimme!.wma 
    C:\Documents and Settings\Alan\My Documents\My Music\ALAN's Downloads\ABBA - Mamma Mia.mp3
    C:\Documents and Settings\Alan\My Documents\My Music\ALAN's Downloads\ABBA - Super Trouper.mp3
    C:\Documents and Settings\Alan\My Documents\My Music\ALAN's Downloads\ABBA - Take A Chance On Me.wma
    C:\Documents and Settings\Alan\My Documents\My Music\ALAN's Downloads\ABBA - Thank You for the Music.wma
    C:\Documents and Settings\Alan\My Documents\My Music\ALAN's Downloads\ABBA - The Name Of The Game.mp3
    C:\Documents and Settings\Alan\My Documents\My Music\ALAN's Downloads\ABBA - The Winner Takes It All.mp3
    C:\Documents and Settings\Alan\My Documents\My Music\ALAN's Downloads\ABBA - Waterloo.mp3
    C:\Documents and Settings\Alan\My Documents\My Music\ALAN's Downloads\ABC - All Of My Heart.wma
    C:\Documents and Settings\Alan\My Documents\My Music\ALAN's Downloads\ACDC - Highway To Hell.mp3
    C:\Documents and Settings\Alan\My Documents\My Music\ALAN's Downloads\ACDC - I Love Rock and Roll.mp3
    C:\Documents and Settings\Alan\My Documents\My Music\ALAN's Downloads\Ace Of Base - All That She Wants.mp3
    C:\Documents and Settings\Alan\My Documents\My Music\ALAN's Downloads\Ace Of Base - I Saw The Sign.mp3
    C:\Documents and Settings\Alan\My Documents\My Music\ALAN's Downloads\Adam Ant - Stand and Deliver.mp3
    C:\Documents and Settings\Alan\My Documents\My Music\ALAN's Downloads\Adele - Chasing Pavements.mp3
    C:\Documents and Settings\Alan\My Documents\My Music\ALAN's Downloads\Aerosmith - Love Me Two Times.wma
    C:\Documents and Settings\Alan\My Documents\My Music\ALAN's Downloads\Aerosmith - Theme From Spider Man.mp3
    C:\Documents and Settings\Alan\My Documents\My Music\ALAN's Downloads\Afroman - Because I Got High.mp3
    C:\Documents and Settings\Alan\My Documents\My Music\ALAN's Downloads\Aha - The Living Daylights.mp3
    C:\Documents and Settings\Alan\My Documents\My Music\ALAN's Downloads\Ain't Nobody Home - B.B. King.wma
    C:\Documents and Settings\Alan\My Documents\My Music\ALAN's Downloads\Air Supply - All out of love.mp3
    C:\Documents and Settings\Alan\My Documents\My Music\ALAN's Downloads\Air Supply - Total Eclipse Of The Heart.mp3
    C:\Documents and Settings\Alan\My Documents\My Music\ALAN's Downloads\Air Supply - We Built This City.mp3
    C:\Documents and Settings\Alan\My Documents\My Music\ALAN's Downloads\Al Green - Aint No Sunshine When She's Gone.mp3
    C:\Documents and Settings\Alan\My Documents\My Music\ALAN's Downloads\Alabama 3 - Woke Up This Morning.mp3
    C:\Documents and Settings\Alan\My Documents\My Music\ALAN's Downloads\Alanis Morisette - Ironic.mp3
    C:\Documents and Settings\Alan\My Documents\My Music\ALAN's Downloads\Alanis Morissette - What if God was one of us.mp3
    C:\Documents and Settings\Alan\My Documents\My Music\ALAN's Downloads\Alex Parks - Maybe That's What it Takes.mp3
    C:\Documents and Settings\Alan\My Documents\My Music\ALAN's Downloads\Alexia-Goodbye.mp3
    C:\Documents and Settings\Alan\My Documents\My Music\ALAN's Downloads\Alice Cooper - Poision.mp3
    C:\Documents and Settings\Alan\My Documents\My Music\ALAN's Downloads\All Saints - Rock_Steady.mp3
    C:\Documents and Settings\Alan\My Documents\My Music\ALAN's Downloads\Allman Brothers Band - Jessica.mp3
    C:\Documents and Settings\Alan\My Documents\My Music\ALAN's Downloads\Allstars - Bump In the Night.mp3
    C:\Documents and Settings\Alan\My Documents\My Music\ALAN's Downloads\Alphabeat - Fascination.mp3
    C:\Documents and Settings\Alan\My Documents\My Music\ALAN's Downloads\Amii Stewart - Knock On Wood.mp3
    C:\Documents and Settings\Alan\My Documents\My Music\ALAN's Downloads\Amy Macdonald - This Is The Life.mp3
    C:\Documents and Settings\Alan\My Documents\My Music\ALAN's Downloads\Ana Johnson - We Are.mp3
    C:\Documents and Settings\Alan\My Documents\My Music\ALAN's Downloads\Andrea Bocceli & Sarah Brightman - Time to Say Goodbye.mp3
    C:\Documents and Settings\Alan\My Documents\My Music\ALAN's Downloads\Andrew Lloyd Weber - Poor, Poor Joseph (Joseph and the Amazing Technicolor Dreamcoat, 05).mp3
    C:\Documents and Settings\Alan\My Documents\My Music\ALAN's Downloads\Andy Stewart - Donald Where's Your Trousers.mp3
    C:\Documents and Settings\Alan\My Documents\My Music\ALAN's Downloads\Andy Williams - Can't take my eyes off you.wma
    C:\Documents and Settings\Alan\My Documents\My Music\ALAN's Downloads\Andy Williams - Happy Heart.mp3
    C:\Documents and Settings\Alan\My Documents\My Music\ALAN's Downloads\Animals - We've Gotta Get Out Of This Place.mp3
    C:\Documents and Settings\Alan\My Documents\My Music\ALAN's Downloads\Annie Get Your Gun - There's No Business Like Show Business .mp3
    C:\Documents and Settings\Alan\My Documents\My Music\ALAN's Downloads\Apocalypse Now.wma
    C:\Documents and Settings\Alan\My Documents\My Music\ALAN's Downloads\Apollo 440 - Lost In Space Theme.mp3
    C:\Documents and Settings\Alan\My Documents\My Music\ALAN's Downloads\Apollo 440 - Stop The Rock.mp3
    C:\Documents and Settings\Alan\My Documents\My Music\ALAN's Downloads\Arctic Monkeys - I Bet You Look Good On The Dancefloor.mp3
    C:\Documents and Settings\Alan\My Documents\My Music\ALAN's Downloads\Arctic Monkeys - Love Machine (Live Lounge).MP3
    C:\Documents and Settings\Alan\My Documents\My Music\ALAN's Downloads\Aretha Franklin - Ain't No Mountain High Enough....Mariah Carey, Diana Ross, Faith Hill, Donna Summer, Destiny's Child.mp3
    C:\Documents and Settings\Alan\My Documents\My Music\ALAN's Downloads\Ash - Girl From Mars.mp3
    C:\Documents and Settings\All Users\Documents\My Music\Sample Music\Beethoven's Symphony No. 9 (Scherzo).wma
    C:\Documents and Settings\All Users\Documents\My Music\Sample Music\New Stories (Highway Blues).wma
    C:\Documents and Settings\All Users\Documents\My Videos\My Deliveries\iplayer_live\BBC_1_Magic_Forest_N.I_16x9.wmv
    C:\Documents and Settings\All Users\Documents\My Videos\My Deliveries\iplayer_live\BBC_2_Zoetrope_N.I_16x9.wmv
    C:\Documents and Settings\All Users\Documents\My Videos\My Deliveries\iplayer_live\BBC_2_Zoetrope_Network_16x9.wmv
    C:\Documents and Settings\All Users\Documents\My Videos\My Deliveries\iplayer_live\BBC_2_Zoetrope_Scotland_16x9.wmv
    C:\Documents and Settings\All Users\Documents\My Videos\My Deliveries\iplayer_live\BBC_NEWS_15_SEC.wmv
    C:\Documents and Settings\All Users\Documents\My Videos\My Deliveries\iplayer_live\BBC_Parliament.wmv
    C:\Documents and Settings\All Users\Documents\My Videos\My Deliveries\iplayer_live\CBeebies_Dance_16x9.wmv
    
  • Return to OTMoveIt3, right click in the Paste Instructions for Items to be Moved window (under the yellow bar) and choose Paste.
  • Click the red Moveit! button.
  • If a file or folder cannot be moved immediately you may be asked to reboot the machine to finish the move process. If you are asked to reboot the machine choose Yes.
  • If you are not asked to reboot close OTMoveIt3.
  • A log C:\_OTMoveIt\MovedFiles\mmddyyyy_hhmmss.log will be created (where mmddyyyy_hhmmss are numbers giving date and time the log was created).

Once you do the above, and remove some of the programs in my previous post, please post a new HijackThis log, along with the OTMoveIt log.

Let me know if you have any questions or problems.
User avatar
ktreffin
Retired Graduate
 
Posts: 1864
Joined: February 28th, 2007, 11:12 pm
Location: USA, Florida

Re: Please help - computer badly infected

Unread postby NonSuch » November 19th, 2008, 5:14 pm

Due to lack of response, this topic is now closed.

If you still require help, please open a new thread in the Infected? Virus, malware, adware, ransomware, oh my! forum, include a fresh FRST log, and wait for a new helper.
User avatar
NonSuch
Administrator
Administrator
 
Posts: 28747
Joined: February 23rd, 2005, 7:08 am
Location: California
Advertisement
Register to Remove

Previous

  • Similar Topics
    Replies
    Views
    Last post

Return to Infected? Virus, malware, adware, ransomware, oh my!



Who is online

Users browsing this forum: No registered users and 501 guests

Contact us:

Advertisements do not imply our endorsement of that product or service. Register to remove all ads. The forum is run by volunteers who donate their time and expertise. We make every attempt to ensure that the help and advice posted is accurate and will not cause harm to your computer. However, we do not guarantee that they are accurate and they are to be used at your own risk. All trademarks are the property of their respective owners.

Member site: UNITE Against Malware