Windows Vista Home Premuim SP1 Memory 2.50 GB 32 Bit Operating System Intel Core 1.86 GHz Just looking for some advice basically. I have noticed some strange behaviour from my PC lately as it has started running very slow at times and this really is the first time this has happened since I bought the system back in 2007 I have also opened the pc and hoovered all the dust away but this hasn't really improved things and very recently my keyboard has altered as in my @ symbol has to be made by holding shift + 2 and it was never like this before which leads me to believe I have some sort of virus and so does the fact that on some websites the text appears bold in places and normal in others which is clearly not normal behaviour, I have performed a scan and given a log below only I don't understand it and can't work out if there is anything suspicious. I appreciate any help. Logfile of Trend Micro HijackThis v2.0.2 Scan saved at 12:24:13, on 01/12/2009 Platform: Windows Vista SP1 (WinNT 6.00.1905) MSIE: Internet Explorer v8.00 (8.00.6001.18828) Boot mode: Normal Running processes: C:\Windows\system32\taskeng.exe C:\Windows\system32\Dwm.exe C:\Windows\Explorer.EXE C:\Program Files\NetLimiter 2 Pro\NLClient.exe C:\Program Files\Intel\LDCM\Bin\LDCMSync.exe C:\Windows\RtHDVCpl.exe C:\Program Files\Alwil Software\Avast4\ashDisp.exe C:\Windows\System32\igfxtray.exe C:\Windows\System32\igfxpers.exe C:\Windows\system32\igfxsrvc.exe C:\Program Files\O2\bin\sprtcmd.exe C:\Program Files\NoAdware\NoAdware5.exe C:\Program Files\Windows Media Player\wmpnscfg.exe C:\Program Files\RelevantKnowledge\rlvknlg.exe C:\Windows\system32\wbem\unsecapp.exe C:\Program Files\Vuze\Azureus.exe C:\Windows\system32\wuauclt.exe C:\Windows\explorer.exe C:\Windows\system32\taskeng.exe C:\Windows\System32\mobsync.exe C:\Windows\system32\SearchFilterHost.exe C:\Program Files\Trend Micro\HijackThis\HijackThis.exe R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896 R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.co.uk/ R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896 R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157 R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch = R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page = \blank.htm R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll O1 - Hosts: ::1 localhost O2 - BHO: &Yahoo! Toolbar Helper - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll O2 - BHO: AskBar BHO - {201f27d4-3704-41d6-89c1-aa35e39143ed} - C:\Program Files\AskBarDis\bar\bin\askBar.dll O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\PROGRA~1\MICROS~2\Office12\GRA8E1~1.DLL O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll O2 - BHO: SingleInstance Class - {FDAD4DA1-61A2-4FD8-9C17-86F7AC245081} - C:\Program Files\Yahoo!\Companion\Installs\cpn\YTSingleInstance.dll O2 - BHO: HP Smart BHO Class - {FFFFFFFF-CF4E-4F2B-BDC2-0E72E116A856} - C:\Program Files\HP\Digital Imaging\Smart Web Printing\hpswp_BHO.dll O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll O3 - Toolbar: Ask Toolbar - {3041d03e-fd4b-44e0-b742-2d9b88305f98} - C:\Program Files\AskBarDis\bar\bin\askBar.dll O4 - HKLM\..\Run: [LDCMSync] C:\Program Files\Intel\LDCM\Bin\LDCMSync.exe O4 - HKLM\..\Run: [RtHDVCpl] RtHDVCpl.exe O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe O4 - HKLM\..\Run: [IgfxTray] C:\Windows\system32\igfxtray.exe O4 - HKLM\..\Run: [Persistence] C:\Windows\system32\igfxpers.exe O4 - HKLM\..\Run: [O2] "C:\Program Files\O2\bin\sprtcmd.exe" /P O2 O4 - HKCU\..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter O4 - HKCU\..\Run: [NoAdware5] "C:\Program Files\NoAdware\NoAdware5.exe" :Min: O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000 O9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll O9 - Extra 'Tools' menuitem: S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL O9 - Extra button: HP Smart Select - {DDE87865-83C5-48c4-8357-2F5B1AA84522} - C:\Program Files\HP\Digital Imaging\Smart Web Printing\hpswp_BHO.dll O13 - Gopher Prefix: O15 - Trusted Zone: http://*.broadband.o2.co.uk O16 - DPF: {0E5F0222-96B9-11D3-8997-00104BD12D94} (PCPitstop Utility) - http://www.pcpitstop.com/betapit/PCPitStop.CAB O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/fl...ent/swflash.cab O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\PROGRA~1\MICROS~2\Office12\GR99D3~1.DLL O23 - Service: ASKService - Unknown owner - C:\Program Files\AskBarDis\bar\bin\AskService.exe O23 - Service: ASKUpgrade - Unknown owner - C:\Program Files\AskBarDis\bar\bin\ASKUpgrade.exe O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe O23 - Service: FLEXnet Licensing Service - Acresso Software Inc. - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe O23 - Service: Intel Bootstrap Agent - Intel Corporation - C:\Program Files\Intel\BootStrap Agent\Bsa.exe O23 - Service: Intel CI Manager - Intel(R) Corporation - C:\Program Files\Intel\LDCM\ci\cimgr\CiMgrLdr.exe O23 - Service: Intel IIDS - Intel(R) Corporation - C:\Program Files\Intel\LDCM\bin\IIDS.exe O23 - Service: Intel SSM - Intel(R) Corporation - C:\Program Files\Intel\LDCM\bin\ssm.exe O23 - Service: Nero BackItUp Scheduler 3 - Nero AG - C:\Program Files\Nero\Nero8\Nero BackItUp\NBService.exe O23 - Service: NetLimiter (nlsvc) - Locktime Software - C:\Program Files\NetLimiter 2 Pro\nlsvc.exe O23 - Service: NMIndexingService - Nero AG - C:\Program Files\Common Files\Nero\Lib\NMIndexingService.exe O23 - Service: RelevantKnowledge - TMRG, Inc. - C:\Program Files\RelevantKnowledge\rlservice.exe O23 - Service: ScsiAccess - Unknown owner - C:\Program Files\Photodex\ProShowGold\ScsiAccess.exe O23 - Service: SupportSoft Sprocket Service (O2) (sprtsvc_O2) - SupportSoft, Inc. - C:\Program Files\O2\bin\sprtsvc.exe O23 - Service: SupportSoft RemoteAssist - SupportSoft, Inc. - C:\Program Files\Common Files\Supportsoft\bin\ssrc.exe O23 - Service: TomTomHOMEService - TomTom - C:\Program Files\TomTom HOME 2\TomTomHOMEService.exe O23 - Service: @%SystemRoot%\System32\TuneUpDefragService.exe,-1 (TuneUp.Defrag) - TuneUp Software - C:\Windows\System32\TuneUpDefragService.exe O23 - Service: @%SystemRoot%\System32\TUProgSt.exe,-1 (TuneUp.ProgramStatisticsSvc) - TuneUp Software - C:\Windows\System32\TUProgSt.exe O23 - Service: win32sl - Smart Technology Enablers - C:\Program Files\Intel\DMI\BIN\WIN32SL.EXE -- End of file - 7351 bytes I have not deleted anything from this scan as I wanted a knowledgeable opinion first. Thankyou.
Hi, I do not know how to read the scans but I have a very effective process for removing Malware/Virus. If the below programs do not load change their .exe file name (not the shortcut)to something like iexplorer.exe and they will work fine. Do not run more than one spyware/malware program at once (they might conflict) you may also have to disable you Anti Virus temperarly to scan with them. Most effective in the following order: 1. Malware bytes: http://www.malwarebytes.org/mbam-download.php 2. ComboFix: http://download.bleepingcomputer.com/sUBs/ComboFix.exe 3. SDFix: http://www.bleepingcomputer.com/files/sdfix.php 4. SmitfraudFix: http://www.bleepingcomputer.com/resources/link243.html 5. SpyBot Search and Destroy: http://www.spybotupdates.com/files/spybotsd162.exe Also ensure you have the newest version of java as some of the old one's have vulnerabilities. Other things to consider if you don’t already do them a third part firewall, as windows firewall only block incoming traffic, if you are infected you want something like ZoneAlarm which will block outgoing traffic also. Please ensure Windows Firewall is switched off if you install a third party firewall. Install firefox browser 3.5 only (very resistant to getting compromised) Install returnil (free version) can beused instead of antispyware software, when enabled it seperates the hard drive from the internet, no known/unknown virus/spyware will defeat this software. Another program more powerful than returnil (cannot be installed together) is comodo time machine (freeware). You can installed this on a clean computer and it will make a baseline snapshot. Before you go on the internet you can create a new snapshot (takes 3 seconds), if you run into problems/malware just restore your computer to this snapshot. It's similar to windows system restore but much more powerful especially against bad drivers/software/malware. http://www.brighthub.com/computing/smb-s...iews/61309.aspx Finally use a free imaging software (macrium reflect) to make an image backup of your c: drive while it's clean. Worst case scenario you can restore your computer to a like new windows condition without spending hours reinstalling windows. I hope this helps. Part of my reply was quoted by user jony218 - Senior Member Regards, Terry9999
