hey

i have a virus that has infected my aim. its seams more like a program. i have found the name, but location doesnt exist. i saw on another post and ran the autoruns program and this is what i got.


HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run + AOL Instant Messanger Client (Not verified) Microsoft corp c:\windows\system32\aimclient.exe+ ccApp Symantec User Session Symantec Corporation c:\program files\common files\symantec shared\ccapp.exe+ Configuration Loader File not found: msfix.exe+ iTunesHelper iTunesHelper Module (Not verified) Apple Computer, Inc. c:\program files\itunes\ituneshelper.exe+ NeroFilterCheck NeroCheck (Not verified) Ahead Software Gmbh c:\windows\system32\nerocheck.exe+ QuickTime Task QuickTime Task (Not verified) Apple Computer, Inc. c:\program files\quicktime\qttask.exe+ RealTray RealPlayer (Not verified) RealNetworks, Inc. c:\program files\real\realplayer\realplay.exe+ Recguard Recguard MFC Application c:\windows\sminst\recguard.exe+ Reminder Application Remind_XP (Not verified) SoftThinks c:\windows\creator\remind_xp.exe+ RemoteControl PowerDVD RC Service (Not verified) Cyberlink Corp. c:\program files\cyberlink\powerdvd\pdvdserv.exe+ WD Button Manager WD Button Manager (Not verified) Western Digital Technologies, Inc. c:\windows\system32\wdbtnmgr.exe+ Windows Service Manager c:\windows\system32\eventviewor.exe+ {0228e555-4f9c-4e35-a3ec-b109a192b4c2} Gmail Notifier (Not verified) Google Inc. c:\program files\google\gmail notifier\gnotify.exeC:\Documents and Settings\All Users\Start Menu\Programs\Startup + Microsoft Office.lnk Microsoft Office 2000 component (Not verified) Microsoft Corporation c:\program files\microsoft office\office\osa9.exeC:\Documents and Settings\Owner\Start Menu\Programs\Startup + Clean Access Agent.lnk Clean Access Agent (Not verified) Cisco Systems, Inc c:\program files\cisco systems\clean access agent\ccaagent.exeHKCU\Software\Microsoft\Windows\CurrentVersion\Run + AOL Instant Messanger Client (Not verified) Microsoft corp c:\windows\system32\aimclient.exe+ Configuration Loader File not found: msfix.exe+ MSMSGS File not found: C:\Program Files\Messenger\msmsgs.exeHKCU\Software\Microsoft\Windows\CurrentVersion\RunOnce + Windows Service Manager c:\windows\system32\eventviewor.exeHKLM\System\CurrentControlSet\Services + Bonjour Service Enables hardware devices and software services to automatically configure themselves on the network and advertise their presence, so that users can discover and use those services without any unnecessary manual setup or administration. (Not verified) Apple Computer, Inc. c:\program files\bonjour\mdnsresponder.exe+ ccEvtMgr Event propagation and logging service Symantec Corporation c:\program files\common files\symantec shared\ccevtmgr.exe+ ccProxy Symantec Proxy Service Symantec Corporation c:\program files\common files\symantec shared\ccproxy.exe+ ccSetMgr Settings storage and management service Symantec Corporation c:\program files\common files\symantec shared\ccsetmgr.exe+ navapsvc Handles Norton AntiVirus Auto-Protect events. Symantec Corporation c:\program files\norton internet security\norton antivirus\navapsvc.exe+ PrismXL PrismXL Service (Not verified) New Boundary Technologies, Inc. c:\program files\common files\new boundary\prismxl\prismxl.sys+ RetroLauncher Launches Retrospect automatically when scripts are waiting to run. (Not verified) Dantz Development Corporation c:\program files\dantz\retrospect\retrorun.exe+ Retrospect Helper Helps Retrospect with various tasks. (Not verified) Dantz Development Corporation c:\program files\dantz\retrospect\rthlpsvc.exe+ RetroWDSvc Provide Retrospect interface to Western Digital drives. (Not verified) Dantz Development Corporation c:\program files\dantz\retrospect\wdsvc.exe+ SNDSrvc Symantec Network Drivers Service Symantec Corporation c:\program files\common files\symantec shared\sndsrvc.exe+ SPBBCSvc Symantec SPBBC Symantec Corporation c:\program files\common files\symantec shared\spbbc\spbbcsvc.exe+ Symantec Core LC Symantec Core LC Symantec Corporation c:\program files\common files\symantec shared\ccpd-lc\symlcsvc.exeHKLM\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved + Display Panning CPL Extension File not found: deskpan.dll+ Fusion Cache Microsoft .NET Runtime Execution Engine (Not verified) Microsoft Corporation c:\windows\system32\mscoree.dll+ iTunes iTunes Mini Player DLL (Not verified) Apple Computer, Inc. c:\program files\itunes\itunesminiplayer.dll+ Microsoft Outlook Custom Icon Handler Microsoft Outlook Shell Hook for Start/Find (Not verified) Microsoft Corporation c:\program files\microsoft office\office\olkfstub.dll+ SampleView ShellvRTF (Not verified) XSS c:\windows\system32\shellvrtf.dllHKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects + AcroIEHlprObj Class Adobe Acrobat IE Helper Version 7.0 for ActiveX Adobe Systems, Incorporated c:\program files\adobe\acrobat 7.0\activex\acroiehelper.dll+ CNavExtBho Class Norton AntiVirus Shell Extension Module Symantec Corporation c:\program files\norton internet security\norton antivirus\navshext.dll+ CNi-- The nicest hobby on Earth ;) --tBho Class NIS Shell Extension Symantec Corporation c:\program files\common files\symantec shared\adblocking\nisshext.dll+ Google Toolbar Helper Google IE Client Toolbar (Not verified) Google Inc. c:\program files\google\googletoolbar2.dllHKLM\Software\Microsoft\Internet Explorer\Toolbar + Easy-WebPrint Easy-WebPrint c:\program files\canon\easy-webprint\toolband.dll+ googletoolbar2.dll Google IE Client Toolbar (Not verified) Google Inc. c:\program files\google\googletoolbar2.dll+ Norton AntiVirus Norton AntiVirus Shell Extension Module Symantec Corporation c:\program files\norton internet security\norton antivirus\navshext.dll+ Norton Internet Security 2006 NIS Shell Extension Symantec Corporation c:\program files\common files\symantec shared\adblocking\nisshext.dllHKLM\Software\Microsoft\Internet Explorer\Extensions + Sun Java Console Java Plug-in 1.5.0_02 for Netscape Navigator (DLL Helper) (Not verified) Sun Microsystems, Inc. c:\program files\java\jre1.5.0_02\bin\npjpi150_02.dll+ Windows Messenger File not found: C:\Program Files\Messenger\msmsgs.exeHKLM\System\CurrentControlSet\Control\Session Manager\KnownDlls + DllDirectory c:\windows\system32



the program if you go to the task mananger is Microsoft IM Helper, or AOL Instant Messanger Client i have tried uninstalling and reinstalling aim and it dosent help.


any help would be appreacted

Thankx

Hi cwells4921,

Go to here and download 'Hijack This!' Double click on the file and it will install to C:\program files\hijackthis and create an entry in the start menu and an optional shortcut on desktop.
Click on the entry in start menu or on the desktop to run HijackThis.

Run the program, and press "Do a system scan and save a logfile".
After HJT runs, the log will show (notepad will open).
After notepad opens, click edit – select all then edit –copy .
Then paste that log onto this topic.

DO NOT Delete or modify anything yet, as some of it is needed to keep your system in Good Shape.

Follow this link http://home.planet.nl/~kleyn080/hijackthi-- The nicest hobby on Earth ;) --planation.html if you need help.

Logfile of HijackThis v1.99.1
Scan saved at 7:18:53 PM, on 10/3/2005
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
C:\Program Files\Common Files\Symantec Shared\ccProxy.exe
C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe
C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Norton Internet Security\Norton AntiVirus\navapsvc.exe
C:\Program Files\Common Files\New Boundary\PrismXL\PRISMXL.SYS
C:\Program Files\Dantz\Retrospect\retrorun.exe
C:\PROGRA~1\Dantz\RETROS~1\wdsvc.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe
C:\WINDOWS\system32\hkcmd.exe
C:\Program Files\Real\RealPlayer\RealPlay.exe
C:\Program Files\Google\Gmail Notifier\gnotify.exe
C:\Program Files\QuickTime\qttask.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\WINDOWS\system32\WDBtnMgr.exe
C:\WINDOWS\system32\EVENTVIEWOR.EXE
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\Program Files\Common Files\AOL\1128358896\ee\AOLSoftware.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Cisco Systems\Clean Access Agent\CCAAgent.exe
C:\Program Files\Common Files\Symantec Shared\Security Console\NSCSRVCE.EXE
C:\Program Files\Internet Explorer\iexplore.exe
C:\WINDOWS\system32\AIMClient.exe
C:\PROGRA~1\AIM\aim.exe
C:\Documents and Settings\Owner\Local Settings\Temp\Temporary Directory 1 for hijackthis[1].zip\HijackThis.exe

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.gatewaybiz.com
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.gatewaybiz.com
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://www.trustyhound.com/sidebar-search.php
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = local.,
O1 - Hosts: 127.0.2.5 www.symantec.com
O1 - Hosts: 127.0.2.5 symantec.com
O1 - Hosts: 127.0.2.5 securityresponse.symantec.com
O1 - Hosts: 127.0.2.5 sarc.com
O1 - Hosts: 127.0.2.5 www.sarc.com
O1 - Hosts: 127.0.2.5 f-prot.com
O1 - Hosts: 127.0.2.5 www.f-prot.com
O1 - Hosts: 127.0.2.5 kaspersky-labs.com
O1 - Hosts: 127.0.2.5 vil.nai.com
O1 - Hosts: 127.0.2.5 housecall.trendmicro.com
O1 - Hosts: 127.0.2.5 pandasoftware.com
O1 - Hosts: 127.0.2.5 www.pandasoftware.com
O1 - Hosts: 127.0.2.5 free.grisoft.com
O1 - Hosts: 127.0.2.5 clamav.net
O1 - Hosts: 127.0.2.5 www.clamav.net
O1 - Hosts: 127.0.2.5 free-av.com
O1 - Hosts: 127.0.2.5 www.free-av.com
O1 - Hosts: 127.0.2.5 www.avast.com
O1 - Hosts: 127.0.2.5 avast.com
O1 - Hosts: 127.0.2.5 cert.org
O1 - Hosts: 127.0.2.5 www.cert.org
O1 - Hosts: 127.0.2.5 www.microsoft.com
O1 - Hosts: 127.0.2.5 microsoft.com
O1 - Hosts: 127.0.2.5 www.virustotal.com
O1 - Hosts: 127.0.2.5 virustotal.com
O1 - Hosts: 127.0.2.5 update.microsoft.com
O1 - Hosts: 127.0.2.5 windowsupdate.microsoft.com
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: Norton Internet Security 2006 - {9ECB9560-04F9-4bbc-943D-298DDF1699E1} - C:\Program Files\Common Files\Symantec Shared\AdBlocking\NISShExt.dll
O2 - BHO: NAV Helper - {A8F38D8D-E480-4D52-B7A2-731BB6995FDD} - C:\Program Files\Norton Internet Security\Norton AntiVirus\NavShExt.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar2.dll
O3 - Toolbar: Easy-WebPrint - {327C2873-E90D-4c37-AA9D-10AC9BABA46C} - C:\Program Files\Canon\Easy-WebPrint\Toolband.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar2.dll
O3 - Toolbar: Norton Internet Security 2006 - {0B53EAC3-8D69-4b9e-9B19-A37C9A5676A7} - C:\Program Files\Common Files\Symantec Shared\AdBlocking\NISShExt.dll
O3 - Toolbar: Norton AntiVirus - {C4069E3A-68F1-403E-B40E-20066696354B} - C:\Program Files\Norton Internet Security\Norton AntiVirus\NavShExt.dll
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [SynTPLpr] C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [RemoteControl] "C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe"
O4 - HKLM\..\Run: [Reminder] %WINDIR%\Creator\Remind_XP.exe
O4 - HKLM\..\Run: [Recguard] %WINDIR%\SMINST\RECGUARD.EXE
O4 - HKLM\..\Run: [IgfxTray] C:\WINDOWS\system32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\system32\hkcmd.exe
O4 - HKLM\..\Run: [RealTray] C:\Program Files\Real\RealPlayer\RealPlay.exe SYSTEMBOOTHIDEPLAYER
O4 - HKLM\..\Run: [{0228e555-4f9c-4e35-a3ec-b109a192b4c2}] C:\Program Files\Google\Gmail Notifier\gnotify.exe
O4 - HKLM\..\Run: [Configuration Loader] msfix.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [WD Button Manager] WDBtnMgr.exe
O4 - HKLM\..\Run: [Windows Service Manager] EVENTVIEWOR.EXE
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [AOL Instant Messanger Client] C:\WINDOWS\system32\AIMClient.exe
O4 - HKLM\..\RunServices: [AOL Instant Messanger Client] C:\WINDOWS\system32\AIMClient.exe
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [Configuration Loader] msfix.exe
O4 - HKCU\..\Run: [AOL Instant Messanger Client] C:\WINDOWS\system32\AIMClient.exe
O4 - HKCU\..\Run: [AIM] C:\PROGRA~1\AIM\aim.exe -cnetwait.odl
O4 - HKCU\..\RunOnce: [Windows Service Manager] EVENTVIEWOR.EXE
O4 - Startup: Clean Access Agent.lnk = C:\Program Files\Cisco Systems\Clean Access Agent\CCAAgent.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office\OSA9.EXE
O8 - Extra context menu item: &Google Search - res://c:\program files\google\GoogleToolbar2.dll/cmsearch.html
O8 - Extra context menu item: &Translate English Word - res://c:\program files\google\GoogleToolbar2.dll/cmwordtrans.html
O8 - Extra context menu item: Backward Links - res://c:\program files\google\GoogleToolbar2.dll/cmbacklinks.html
O8 - Extra context menu item: Cached Snapshot of Page - res://c:\program files\google\GoogleToolbar2.dll/cmcache.html
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~3\OFFICE11\EXCEL.EXE/3000
O8 - Extra context menu item: Easy-WebPrint Add To Print List - res://C:\Program Files\Canon\Easy-WebPrint\Resource.dll/RC_AddToList.html
O8 - Extra context menu item: Easy-WebPrint High Speed Print - res://C:\Program Files\Canon\Easy-WebPrint\Resource.dll/RC_HSPrint.html
O8 - Extra context menu item: Easy-WebPrint Preview - res://C:\Program Files\Canon\Easy-WebPrint\Resource.dll/RC_Preview.html
O8 - Extra context menu item: Easy-WebPrint Print - res://C:\Program Files\Canon\Easy-WebPrint\Resource.dll/RC_Print.html
O8 - Extra context menu item: Similar Pages - res://c:\program files\google\GoogleToolbar2.dll/cmsimilar.html
O8 - Extra context menu item: Translate Page into English - res://c:\program files\google\GoogleToolbar2.dll/cmtrans.html
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_02\bin\npjpi150_02.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_02\bin\npjpi150_02.dll
O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\PROGRA~1\AIM\aim.exe
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\system32\Shdocvw.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe (file missing)
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe (file missing)
O10 - Unknown file in Winsock LSP: c:\program files\bonjour\mdnsnsp.dll
O16 - DPF: {205FF73B-CA67-11D5-99DD-444553540012} - http://www.funnytaf.com/fun/installer/Install.cab
O16 - DPF: {9E17A5F9-2B9C-4C66-A592-199A4BA1FBC8} - http://pictures04.aim.com/ygp/aol/plugin/u...AIM.9.5.1.8.cab
O16 - DPF: {BB21F850-63F4-4EC9-BF9D-565BD30C9AE9} (ASquaredScanForm Element) - http://www.windowsecurity.com/trojanscan/axscan.cab
O20 - Winlogon Notify: igfxcui - C:\WINDOWS\SYSTEM32\igfxsrvc.dll
O20 - Winlogon Notify: PCANotify - C:\WINDOWS\SYSTEM32\PCANotify.dll
O23 - Service: pcAnywhere Host Service (awhost32) - Symantec Corporation - C:\Program Files\Symantec\pcAnywhere\awhost32.exe
O23 - Service: Bonjour Service - Apple Computer, Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
O23 - Service: Symantec Internet Security Password Validation (ccISPwdSvc) - Symantec Corporation - C:\Program Files\Norton Internet Security\ccPwdSvc.exe
O23 - Service: Symantec Network Proxy (ccProxy) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccProxy.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
O23 - Service: COM Host (comHost) - Symantec Corporation - C:\Program Files\Norton Internet Security\comHost.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPodService - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Norton AntiVirus Auto-Protect Service (navapsvc) - Symantec Corporation - C:\Program Files\Norton Internet Security\Norton AntiVirus\navapsvc.exe
O23 - Service: Norton Protection Center Service (NSCService) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\Security Console\NSCSRVCE.EXE
O23 - Service: PrismXL - New Boundary Technologies, Inc. - C:\Program Files\Common Files\New Boundary\PrismXL\PRISMXL.SYS
O23 - Service: Retrospect Launcher (RetroLauncher) - Dantz Development Corporation - C:\Program Files\Dantz\Retrospect\retrorun.exe
O23 - Service: Retrospect Helper - Dantz Development Corporation - C:\Program Files\Dantz\Retrospect\rthlpsvc.exe
O23 - Service: Retrospect WD Service (RetroWDSvc) - Dantz Development Corporation - C:\PROGRA~1\Dantz\RETROS~1\wdsvc.exe
O23 - Service: Symantec AVScan (SAVScan) - Symantec Corporation - C:\Program Files\Norton Internet Security\Norton AntiVirus\SAVScan.exe
O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
O23 - Service: Symantec SPBBCSvc (SPBBCSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe
O23 - Service: Symantec Core LC - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe

HijackThis.exe is Not in a permanent folder!
Please follow the steps posted.

Follow the steps above, or....
Put Hijackthis.exe in a Permanent folder.
Click My Computer, then C:\
In the menu bar, File->New->Folder.
That will create a folder named New Folder, which you can rename to "HJT" or "HijackThis". Now you have C:\HJT\ folder. Put your HijackThis.exe there, and double click to run it.
This will allow backups to be made and saved By hijackthis in case something goes wrong.
Follow this link http://home.planet.nl/~kleyn080/hijackthi-- The nicest hobby on Earth ;) --planation.html if you need help.

This is needed to be done as we are going to delete the contents of theTemp folder that has HJT.exe!


To clean your temp folder, recycle bin, etc..please download this free tool:
CCleaner
It will put a shortcut on your Desktop.
Click on CCleaner to start it. Then click "Run Cleaner".
Then Reboot (Exit)



Please download, install, and update the free version of Ewido trojan scanner:
http://www.ewido.net/en/download/

When installing, under "Additional Options" uncheck "Install background guard" and "Install scan via context menu".
When you run ewido for the first time, you will get a warning "Database could not be found!". Click OK.
From the main ewido screen, click on update in the left menu, then click the Start update button.
After the update finishes (the status bar at the bottom will display "Update successful").

Then, reboot to Safe mode (tap F8 while restarting).

Run ewido, click on the Scanner button in the left menu, then click on the Start button. This scan can take quite a while to run.
If ewido finds anything, it will pop up a notification. You can select "clean" and check the boxes "Perform action with all infections" and "Create encrypted backup" before clicking on OK.
When the scan finishes, click on "Save Report". This will create a text file. Please then paste the contents of the text file to you next reply.
After you reboot normally, also post a new HJT log.