BleepingComputer.com: I know for a fact that I am infected.

The first thing I do when I turn my computer on is open the task manager and leave it on the "processes" tab and leave it at the bottom. I do this cause it shows what programs are using for physical memory and how much total it being used. Anyways, I was on Facebook tonight, and for some reason my computer was lagging up horribly. I finally got the Firefox window up from the bottom tray bar and it said "stop script/continue running script"...anyways, I restarted my computer and brought up the task manager and the first thing I noticed in the processes tab were the weirdest files. The things have NEVER been there before.

http://www.esnips.com/doc/0fb5b9d4-7e22-45cc-8e74-18bc7327f113/TM-h

There...I highlighted the weird ones...but I stopped after those ones cause pretty much everything in there is new! They were never there before. From what I can tell, my computer is running fine and no different right now, but Im telling you, those files were never there before! Im pretty sure the only things ever running in there were running as "Owner" or "SYSTEM", never "Local Service" or "Netowrok Service". Im really hoping you guys recognize these as a virus and which one! AND HOW TO REMOVE IT!

Im running on Vista too.

This post has been edited by 365_days_gone: 24 October 2010 - 10:34 AM

Could you please post the names of the strange files rather than having an external link to them. It will help the helpers help you faster

Sorry, I had posted the wrong link. The link now takes you right to a picture of my Processes-Task Manager screen. Showing the highlighted files.

It's still asking me to install software to download a readable image?

Your link is not loading for me so I cannot see the list of processes.

Most of the processes in Task Manager will be legitimate as shown in these links.

• List of common system processes found in Task Manager
  
• Common system processes found in Task Manager
  
• Top System Processes

It is not uncommon to have a lot of running processes showing in Task Manager. For instance, Svchost.exe is a generic host process name for a group of services that are run from dynamic-link libraries (.dll's) and can run other services underneath itself. At startup, Svchost.exe checks the services portion of the registry to construct a list of services that it needs to load. It is not unusual for multiple instances of Svchost.exe running at the same time in Task Manager in order to optimize the running of the various services.

• svchost.exe SYSTEM
  
• svchost.exe LOCAL SERVICE
  
• svchost.exe NETWORK SERVICE

Each Svchost.exe session can contain a grouping of services, therefore, separate services can run, depending on how and where Svchost.exe is started. This grouping of services permits better control and easier debugging. The process ID's (PID's) must be checked in real time to determine what services each instance of svchost.exe is controlling at that particular time.

Determining whether a file is malware or a legitimate process usually depends on the location (path) it is running from. One of the ways that malware tries to hide is to give itself the same name as a critical system file. However, it then places itself in a different location (folder) than where the legitimate file resides and runs from there. Another technique is for the process to alter the registry and add itself as a Startup program or service so that it can run automatically each time the computer is booted. Keep in mind that a legitimate file can also be infected by some types of malware such as Virut which is a dangerous polymorphic file infector. A file's properties may give a clue to identifying it. Right-click on the file, choose Properties and examine the General and Version tabs.

Tools to investigate running processes and gather additional information to identify them and resolve problems:

• AnVir TaskManager Free
  
• Process Explorer
  
• System Explorer
  
• ProcessHacker - (requires Microsoft .NET Framework 2.0 or above to use)
  
• Autoruns
  
• svchostViewer

-- These tools will provide information about each process, CPU usage, file description and its path location.
-- System Explorer provides a security check of running processing using their online security database when you first launch the program. If you want process the initial scan, press the "Start Security Check" button. Keep in mind, that the check is not a guarantee of what is or is not detected as malware. Further investigation is always recommended. At the Security Check page you can also check the file through the VirusTotal database by pressing the Check MD5 button.

Anytime you come across a suspicious file or one that you do not recognize, search the name using Google <- click here for an example.

Or search the following databases:

• BC's Startup Programs Database
  
• SystemLookup StartupList Index
  
• ProcessLibrary.com
  
• File Research Center

If you cannot find any information, the file has a legitimate name but is not located where it is supposed to be, or you want a second opinion, submit it to one of the following online services that analyzes suspicious files:

• Jotti's virusscan
  
• VirusTotal
  
• VirSCAN

In the "File to upload & scan" box, browse to the location of the suspicious file and submit (upload) it for scanning/analysis.

There are far too many files to list.
Try this link

http://s1184.photobucket.com/albums/z327/Prototypebrad/?action=view&current=TM.jpg

And a highlighted version:
http://s1184.photobucket.com/albums/z327/Prototypebrad/?action=view&current=TM-h.jpg

This post has been edited by 365_days_gone: 27 October 2010 - 08:03 PM

Now you need to investigate which .exe files you are not familiar with as I previously advised.

Quote