Virus & Hijacked?? HJT log attached

[tesser88]

My friend clicked on a link in an away message on AIM. It then became her away message and I believe hijacked her computer. I ran Spybot and Adaware. I also removed WildTangent. Regedit.exe and taskmgr.exe will not remain open. They close within two seconds of opening. By renaming the files I was able to get them opened. I think she may have a virus. I ran Symantec and none were found. I then downloaded and ran AVG and again found nothing. However, this thing still pops up on her AIM program and the original regedit, msconfig, and taskmgr files will not open. Help please!

 

[howard_hopkinso]

Hello and welcome to Techspot.

Go to This Post By RBS and follow the instructions very carefully.

Might be a good idea to print them out.

Regards Howard :wave:

 

[tbrunt3]

Few things I see

One Hijackthis needs to be in ITS OWN folder C/HJT this is very important for back up ..

Do you have all required patches ? I see have SP2 So are your updates current ? as well is your antivirus and spyware program upto date?

Download and install this program it is called A-squared it is very good if it finds anything have it deleate it..

http://www.emsisoft.com/en/software/free/

run this program with all windows closed

Then install HJT to the right folder and rerun it and post your log here someone will help you out ..

 

[tesser88]

I think I fixed it...but please check the log for me!

I believe I fixed it. I followed the original post, but I do not believe it was a CWS problem. I installed and ran A-squared afterwards, and it found nothing. I also installed Nod32 as recommended at another site. It found two possible viruses and I had them fixed. I believe it had something to do with Winamp Player. Winamp was not installed on this computer. But when I found it in HJT I didn't think to remove it because I thought it was okay. I did however remove it and I believe my problems are fixed. Will someone please read over my log to make sure I am okay. Thanks!

 

[RealBlackStuff]

Your PC is almost clean.
Boot in Safe Mode
Switch off System Restore
UNinstall anything to do with: C:\Program Files\Viewpoint\Viewpoint Manager\ViewMgr.exe
then delete the C:\Program Files\Viewpoint directory with everything in it.

You now have THREE Antivirus programs running, AVG, Symantec and Nod32.
This is overkill and will get your PC into trouble sooner rather than later.
If you paid for Nod32, uninstall the others.
If you paid for Norton/Symantec, let the subscription run out, then replace it with the (free) AVG.