View Full Version : system sluggish after browser hijack
I think I need some help with a PC I am trying to clean up for a friend.
It is a Dell 2400, 2.8gh P4, 512mb, running Windows XP Pro.
Initially when you started Internet Explorer the program would start, never connect to the internet, and then say it had encountered an error and needed to close.I ran Spybot multiple times (normal mode, safe mode, on boot), eventually it cleaned exerything except 10 files.I was able to manually delete these using Windows Explorer.
After this Internet Explorer works and Spybot runs clean (and ad-aware as well) but the machine still seems sluggish when starting a program or connecting to the internet (cable connection).
The antivirus is out of date (getting a new version soon I hope, it is a church organization so I don't think I can run free Avast or AVG based on thier user agreements).
I ran the CA online scanner and it said it found some viruses and deleted them (they were mostly in temp files).
I ran the Trend Micro Housecall and it did not find any viruses but did find adware that it apparently could not remove (I told it to remove it, then reran and the same things show up). It says it found tspy_agent.abr, adware_clicker, adware_commoncomponents, and adware_memwatcher.
Hijack This log attached, help would be appreciated.
pskelley
2007-06-29, 12:34
Welcome to Safer Networking, if you still need help and are not receiving it elsewhere, it appears you have missed some important instructions our administrator has posted at the top of the forum, especially this: "BEFORE you POST" (READ this Procedure before Requesting Assistance)
http://forums.spybot.info/showthread.php?t=288
All advice given is taken at your own risk.
Please read and follow all instructions and post all required logs or reports, anything less will slow your process.
Use "Post Reply" to post the information in the instructions and stay in the same topic.
I really can't say if I can help or not from the limited information you have provided. I can say you need an active antivirus program on the computer, here are three free ones.
http://free.grisoft.com/freeweb.php/doc/2/
http://www.avast.com/eng/avast_4_home.html
http://www.free-av.com/
You would have to look to see how they handle churches, I did notice Grisoft offers a discount to churches but did not look further at the information.
This information may help:
http://users.telenet.be/bluepatchy/miekiemoes/slowcomputer.html
Thanks
I thought I had uploaded the Hijach This log but it looks like I didn't. The problem is it is too big for a single post and exceeds the upload limit I will put it in two replys.
Logfile of HijackThis v1.99.1
Scan saved at 10:03:17 AM, on 6/26/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16473)
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\PROGRA~1\TRENDM~1\INTERN~1\PcCtlCom.exe
C:\PROGRA~1\TRENDM~1\INTERN~1\Tmntsrv.exe
C:\PROGRA~1\TRENDM~1\INTERN~1\tmproxy.exe
C:\Program Files\Analog Devices\Core\smax4pnp.exe
C:\Program Files\Java\jre1.6.0_01\bin\jusched.exe
C:\Program Files\Intel\Modem Event Monitor\IntelMEM.exe
C:\Program Files\Common Files\Sonic\Update Manager\sgtray.exe
C:\Program Files\Real\RealPlayer\RealPlay.exe
C:\Program Files\Trend Micro\Internet Security 2005\pccguide.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\WINDOWS\system32\igfxpers.exe
C:\WINDOWS\system32\hkcmd.exe
C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb04.exe
C:\WINDOWS\system32\dla\tfswctrl.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Messenger\msmsgs.exe
C:\Program Files\DellSupport\DSAgnt.exe
C:\PROGRA~1\TRENDM~1\INTERN~1\TmPfw.exe
C:\WINDOWS\system32\wscntfy.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Documents and Settings\Br.Ronnie\My Documents\Downloads\hijack this\HijackThis.exe
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = about:blank
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = about:blank
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = about:blank
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = about:blank
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = about:blank
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = about:blank
R1 - HKCU\Software\Microsoft\Internet Explorer\Search,SearchAssistant = about:blank
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = about:blank
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://us.rd.yahoo.com/customize/ycomp/defaults/su/*http://www.yahoo.com
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Windows Internet Explorer provided by Yahoo!
R3 - Default URLSearchHook is missing
O2 - BHO: (no name) - {01C3675A-742C-F571-C549-9B7E893FC5E9} - (no file)
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll
O2 - BHO: Class - {088535BC-DED7-DA54-0D5F-6BC96009E456} - C:\WINDOWS\crrp.dll (file missing)
O2 - BHO: (no name) - {0A18D7B4-8485-B715-3461-EDCA233B81A2} - (no file)
O2 - BHO: (no name) - {0B55BE2B-A75E-6E3D-F6CF-A9288172D9E4} - (no file)
O2 - BHO: Class - {0C3C97D9-21C6-B33B-3429-B59624FD263F} - C:\WINDOWS\system32\mssr32.dll (file missing)
O2 - BHO: Class - {0E59F682-B49E-9314-4B0F-55169D9DB01D} - C:\WINDOWS\system32\addqv32.dll (file missing)
O2 - BHO: Class - {0F1C73A3-D00A-5B50-277B-29E122FC2D80} - C:\WINDOWS\netoq32.dll (file missing)
O2 - BHO: Class - {0FA16817-797E-C206-03C6-AA5386674100} - C:\WINDOWS\nthg.dll (file missing)
O2 - BHO: (no name) - {12249E43-F15C-0E4D-06F5-0B6F9831A09F} - (no file)
O2 - BHO: (no name) - {140D792F-75A2-4E42-7091-0866E3AE621A} - (no file)
O2 - BHO: (no name) - {181EDD6C-335B-6475-7B7C-B04EFA3C4F99} - (no file)
O2 - BHO: Class - {197A8D26-DFA5-F761-1F4B-4A8703447597} - C:\WINDOWS\system32\netpo32.dll (file missing)
O2 - BHO: Class - {1C716D90-1EF1-DAB0-7395-A99040661F78} - C:\WINDOWS\system32\apirs32.dll (file missing)
O2 - BHO: Class - {1F24D511-9AF7-39AA-3646-AD1A3A3C44E0} - C:\WINDOWS\mfcwn.dll (file missing)
O2 - BHO: Class - {229E6A5D-B94F-9372-A0E1-C8FA42AAC0B7} - C:\WINDOWS\system32\crzu.dll (file missing)
O2 - BHO: Class - {24A65122-E418-D30F-9B86-0FC7CF1A477D} - C:\WINDOWS\atlqa.dll (file missing)
O2 - BHO: Class - {27931773-97FE-8F82-A25B-070C522B3CF0} - C:\WINDOWS\atlqy32.dll (file missing)
O2 - BHO: Class - {282032FC-C6CA-9E36-F009-345A15203683} - C:\WINDOWS\javaln.dll (file missing)
O2 - BHO: Class - {2AD27B78-A144-13BF-3CFD-8C2B118FCB77} - C:\WINDOWS\sdkgq.dll (file missing)
O2 - BHO: (no name) - {2CF3F7AD-CB85-FA6A-FA52-E649A865235B} - (no file)
O2 - BHO: Class - {36672DD6-0E2A-B9F7-1ADF-58AE711BE2D3} - C:\WINDOWS\system32\crpm32.dll (file missing)
O2 - BHO: (no name) - {37276319-5C2D-9354-E5C1-9D62AF7ADE07} - (no file)
O2 - BHO: (no name) - {3E9286B0-CAED-1862-7F24-4B2CF01194D2} - (no file)
O2 - BHO: (no name) - {40435204-5FF3-A72D-C4F6-26F9B7CF3238} - (no file)
O2 - BHO: Class - {41D261AF-74ED-449F-EEC7-1D4FC649FA14} - C:\WINDOWS\appoe32.dll (file missing)
O2 - BHO: Class - {427AC2D9-095B-B8F2-E344-79D48DC72DAA} - C:\WINDOWS\javayy32.dll (file missing)
O2 - BHO: Class - {46015205-9C0D-68F5-0714-0BA8A0DA3C56} - C:\WINDOWS\javaqq.dll (file missing)
O2 - BHO: Class - {4D6349C9-DB1F-F1BC-CA27-1B9D604C7F02} - C:\WINDOWS\ipac32.dll (file missing)
O2 - BHO: (no name) - {4EC3A22A-5434-CC1A-4E91-B9094044E2D6} - (no file)
O2 - BHO: Class - {54EC2000-824C-7ABC-DA9D-E7D8479CD36D} - C:\WINDOWS\system32\apigc.dll (file missing)
O2 - BHO: Class - {5F25A197-5C64-2844-84AC-BE08CBD78A39} - C:\WINDOWS\system32\winvw32.dll (file missing)
O2 - BHO: Class - {621C772A-BD1C-569E-4C0E-31803458AF26} - C:\WINDOWS\ipui.dll (file missing)
O2 - BHO: Class - {63D8E7C3-8227-3E71-D229-292FC69E5C73} - C:\WINDOWS\javare32.dll (file missing)
O2 - BHO: Class - {6542A967-1F9A-0252-366F-EB61AF2E0E58} - C:\WINDOWS\system32\d3dm32.dll (file missing)
O2 - BHO: Class - {661A21D1-458F-8AE8-8737-B3DD77B2194A} - C:\WINDOWS\system32\sdkfs.dll (file missing)
O2 - BHO: (no name) - {686C35B9-5E7B-1BFA-0B2C-F8DBA37CB7CF} - (no file)
O2 - BHO: Class - {6916E12D-B7B5-E5B2-A230-80E344B0872D} - C:\WINDOWS\apiyw.dll (file missing)
O2 - BHO: Class - {696C280D-491E-BCE6-CB54-6602CC3C3A0C} - C:\WINDOWS\winvr32.dll (file missing)
O2 - BHO: Class - {6A9A98A4-1733-141A-04B1-536A43E5A00C} - C:\WINDOWS\netek.dll (file missing)
O2 - BHO: (no name) - {6DF792E2-E465-9370-BF80-0572AA228138} - (no file)
O2 - BHO: Class - {70B30880-F84D-EE39-FE16-EDB1E1A80F9A} - C:\WINDOWS\system32\iemq32.dll (file missing)
O2 - BHO: (no name) - {72763199-C2D7-3547-5C10-D62AF7ADE07C} - (no file)
O2 - BHO: (no name) - {741EF1A1-D9CC-94D4-0B32-52C18D0ED509} - (no file)
O2 - BHO: Class - {75B9E207-AB9C-F794-070D-C3D24A9C47A8} - C:\WINDOWS\system32\appcu32.dll (file missing)
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll
O2 - BHO: Class - {7621039D-911B-1A3D-343B-0F72B58EF21C} - C:\WINDOWS\syskr32.dll (file missing)
O2 - BHO: Class - {78F80350-DF77-499E-4B59-72E1FF551449} - C:\WINDOWS\system32\ieve32.dll (file missing)
O2 - BHO: Class - {7CE28F1A-C75D-E86A-7653-65342618DF9B} - C:\WINDOWS\syslj32.dll (file missing)
O2 - BHO: Class - {7DBD6986-1C5E-5F61-5CDC-F5402DB34848} - C:\WINDOWS\mfcee32.dll (file missing)
O2 - BHO: Class - {7DCBAEA8-04D5-60D6-F78B-5C16E122E3BC} - C:\WINDOWS\system32\apizf32.dll (file missing)
O2 - BHO: Class - {8349086E-3F47-DF2F-515E-324A161E8B39} - C:\WINDOWS\apiht32.dll (file missing)
O2 - BHO: (no name) - {8430846B-8A81-CE71-E16C-22A97EFCBE41} - (no file)
O2 - BHO: Class - {847B6EAB-D9B0-4FC9-A4B8-83E8BCC35E8C} - C:\WINDOWS\netxp.dll (file missing)
O2 - BHO: (no name) - {86E20715-05AB-460E-423F-569BAEE5A0CB} - (no file)
O2 - BHO: Class - {8A4CF18B-B846-C0E7-A457-DF8C366EE6AB} - C:\WINDOWS\javatt32.dll (file missing)
O2 - BHO: Class - {8C7D53BF-2F81-F6A2-202A-C13B9FDF7854} - C:\WINDOWS\addoe.dll (file missing)
O2 - BHO: Class - {920AD1D2-5235-FD60-EB1A-42DB37705C6B} - C:\WINDOWS\winue32.dll (file missing)
O2 - BHO: Class - {94EDC8C3-C5D6-A92A-41EE-6CC367C3A231} - C:\WINDOWS\d3dk.dll (file missing)
O2 - BHO: Class - {9567AEAF-59B7-5E8B-8F6C-5DD2344A72B3} - C:\WINDOWS\system32\nettl32.dll (file missing)
O2 - BHO: Class - {977907C4-FEB4-AC8C-7FEA-8B1DE9098D54} - C:\WINDOWS\system32\ipgq32.dll (file missing)
O2 - BHO: Class - {A26538B0-8F5F-F0E6-7B55-44FA9E707CF1} - C:\WINDOWS\apiog.dll (file missing)
O2 - BHO: (no name) - {A4F44AA0-9FEC-4E35-454E-9966C5BAB81B} - (no file)
O2 - BHO: (no name) - {A5FF8485-7410-8006-3E97-05C369AB07B3} - (no file)
O2 - BHO: Class - {A6773BDA-AF27-D057-4727-6CE7CCFF4CE6} - C:\WINDOWS\mfcfy32.dll (file missing)
O2 - BHO: Class - {A69B7D98-9DAC-21C6-7ADB-7FF21D28CEC1} - C:\WINDOWS\system32\addep.dll (file missing)
O2 - BHO: Class - {AEB98174-C938-D64D-4321-E50CF46B9CFC} - C:\WINDOWS\system32\sdkjs32.dll (file missing)
O2 - BHO: Class - {B30E458E-D56C-F802-8A2F-D5FC73A16CAE} - C:\WINDOWS\system32\mfcxj32.dll (file missing)
O2 - BHO: Class - {B33D0721-6A15-CDB1-D9DA-50D77149E4F8} - C:\WINDOWS\system32\atlig32.dll (file missing)
O2 - BHO: Class - {B89A9C19-6168-604D-2FF8-CB8455B6D319} - C:\WINDOWS\msby32.dll (file missing)
O2 - BHO: Class - {B9B03493-3AB7-1458-DC72-1757D8B6955D} - C:\WINDOWS\winuh32.dll (file missing)
O2 - BHO: Class - {B9D30E0B-5FED-E464-AAFF-7DD0E2C91EDE} - C:\WINDOWS\system32\d3fy32.dll (file missing)
O2 - BHO: Class - {B9FCA0E1-7B64-E16E-A3DC-00928170618E} - C:\WINDOWS\crhr.dll (file missing)
O2 - BHO: Class - {BA41BA8F-761F-36A0-EC00-50A899ECE89E} - C:\WINDOWS\system32\netfx32.dll (file missing)
O2 - BHO: Class - {BD9F01E8-BBEC-4791-99A6-0B3141961A1C} - C:\WINDOWS\system32\mfcem32.dll (file missing)
O2 - BHO: Class - {C0B4A97D-E166-016C-9557-B10E1E67B6BD} - C:\WINDOWS\sdkzr.dll (file missing)
O2 - BHO: Class - {C0FE83BD-31A5-72B3-58A3-123E5B3E66F7} - C:\WINDOWS\netsa32.dll (file missing)
O2 - BHO: Class - {C15D9B6E-7635-EE40-6B05-91AF55B4A5D8} - C:\WINDOWS\system32\iedw.dll (file missing)
O2 - BHO: Class - {C1A41FA6-75A9-208D-8DC5-1020AE6270B6} - C:\WINDOWS\d3gz.dll (file missing)
O2 - BHO: (no name) - {CC99040E-760C-7B3F-DB14-4EE4EB7AA49E} - (no file)
O2 - BHO: Class - {CE7A710F-55BC-4498-742A-FEB5AF0058EF} - C:\WINDOWS\system32\crbz32.dll (file missing)
O2 - BHO: (no name) - {CF3AB838-55A1-5960-9D86-9EF072CBB309} - (no file)
O2 - BHO: Class - {CFE933EE-9DAA-CBCB-0405-119C175A18A1} - C:\WINDOWS\system32\atlje.dll (file missing)
O2 - BHO: Class - {D01EB607-FCB6-D9F9-F253-E432410DA962} - C:\WINDOWS\system32\sdkon.dll (file missing)
O2 - BHO: (no name) - {D02FD285-78D4-2369-CA17-092C21D1BC0E} - (no file)
O2 - BHO: Class - {D3DFD4E6-1C5E-99E5-CD97-BC92535FF528} - C:\WINDOWS\javawn.dll (file missing)
O2 - BHO: Class - {D49FD607-A2D9-6ED1-FD46-17458B02B006} - C:\WINDOWS\crnd32.dll (file missing)
O2 - BHO: (no name) - {D772EDB5-7E28-3680-0DFD-47B69536B127} - (no file)
O2 - BHO: (no name) - {D846D0FC-261A-7E1F-5D9C-EF98B2A7155F} - (no file)
O2 - BHO: Class - {E1757CF5-D1DE-B6BF-7313-71B514B2709D} - C:\WINDOWS\ipyg32.dll (file missing)
O2 - BHO: (no name) - {E2206C5C-A3AE-1960-7FEE-E2D7D04FD24C} - (no file)
O2 - BHO: Class - {E9AE91ED-230B-9C13-63C1-9B2A676E905B} - C:\WINDOWS\system32\d3qu.dll (file missing)
O2 - BHO: (no name) - {EACAF0D9-E942-E0AA-7DE0-8F8242818257} - (no file)
O2 - BHO: Class - {EE37178B-E57C-4045-A483-E895595C72A5} - C:\WINDOWS\sdkdy.dll (file missing)
O2 - BHO: Class - {EE72118D-405B-F80E-60FC-ABE4266F3C23} - C:\WINDOWS\winon.dll (file missing)
O2 - BHO: (no name) - {EFE08795-2BF8-283F-7363-352336770626} - (no file)
O2 - BHO: (no name) - {F0E2EB4B-54D0-6F5F-BFD0-1254D3F4D787} - (no file)
O2 - BHO: Class - {F3B83A92-A1D1-BD6C-69DB-EAEF4B4D27B8} - C:\WINDOWS\syshi32.dll (file missing)
O2 - BHO: (no name) - {F58EF4B2-119D-83ED-24FE-F0DCDD4A68DC} - (no file)
O2 - BHO: Class - {F8DF7926-05DA-3C69-A9DA-2FF6B1F4CDF8} - C:\WINDOWS\system32\mfclv.dll (file missing)
O2 - BHO: Class - {FA30FBE1-2D6A-60CB-19A0-CC0872CC2F67} - C:\WINDOWS\sdkdz.dll (file missing)
O2 - BHO: (no name) - {FA5137E2-683E-E18D-19AC-697532D849C0} - (no file)
O2 - BHO: (no name) - {FBD510D7-7593-FDD3-1C34-C5FEB77E69B3} - (no file)
O2 - BHO: Class - {FC63F231-14C0-2872-4514-264B57E8F5C1} - C:\WINDOWS\ipsi32.dll (file missing)
O3 - Toolbar: (no name) - {BA52B914-B692-46c4-B683-905236F6F655} - (no file)
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn1\yt.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar2.dll
O4 - HKLM\..\Run: [SoundMAXPnP] C:\Program Files\Analog Devices\Core\smax4pnp.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_01\bin\jusched.exe"
O4 - HKLM\..\Run: [IntelMeM] C:\Program Files\Intel\Modem Event Monitor\IntelMEM.exe
O4 - HKLM\..\Run: [UpdateManager] "C:\Program Files\Common Files\Sonic\Update Manager\sgtray.exe" /r
O4 - HKLM\..\Run: [RealTray] C:\Program Files\Real\RealPlayer\RealPlay.exe SYSTEMBOOTHIDEPLAYER
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [pccguide.exe] "C:\Program Files\Trend Micro\Internet Security 2005\pccguide.exe"
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [winzy.exe] C:\WINDOWS\system32\winzy.exe
O4 - HKLM\..\Run: [winzd.exe] C:\WINDOWS\system32\winzd.exe
O4 - HKLM\..\Run: [winyw.exe] C:\WINDOWS\winyw.exe
O4 - HKLM\..\Run: [winxp32.exe] C:\WINDOWS\system32\winxp32.exe
O4 - HKLM\..\Run: [winqw.exe] C:\WINDOWS\system32\winqw.exe
O4 - HKLM\..\Run: [winqb.exe] C:\WINDOWS\winqb.exe
O4 - HKLM\..\Run: [winkk32.exe] C:\WINDOWS\winkk32.exe
O4 - HKLM\..\Run: [winja.exe] C:\WINDOWS\winja.exe
O4 - HKLM\..\Run: [winfs.exe] C:\WINDOWS\system32\winfs.exe
O4 - HKLM\..\Run: [winfk32.exe] C:\WINDOWS\system32\winfk32.exe
O4 - HKLM\..\Run: [winfd32.exe] C:\WINDOWS\system32\winfd32.exe
O4 - HKLM\..\Run: [windt32.exe] C:\WINDOWS\windt32.exe
O4 - HKLM\..\Run: [winby.exe] C:\WINDOWS\system32\winby.exe
O4 - HKLM\..\Run: [winay32.exe] C:\WINDOWS\system32\winay32.exe
O4 - HKLM\..\Run: [syszp32.exe] C:\WINDOWS\system32\syszp32.exe
O4 - HKLM\..\Run: [sysye.exe] C:\WINDOWS\system32\sysye.exe
O4 - HKLM\..\Run: [sysxt32.exe] C:\WINDOWS\system32\sysxt32.exe
O4 - HKLM\..\Run: [sysxg.exe] C:\WINDOWS\sysxg.exe
O4 - HKLM\..\Run: [sysuq.exe] C:\WINDOWS\sysuq.exe
O4 - HKLM\..\Run: [sysqr32.exe] C:\WINDOWS\system32\sysqr32.exe
O4 - HKLM\..\Run: [sysow32.exe] C:\WINDOWS\sysow32.exe
O4 - HKLM\..\Run: [sysnt.exe] C:\WINDOWS\system32\sysnt.exe
O4 - HKLM\..\Run: [syshw32.exe] C:\WINDOWS\syshw32.exe
O4 - HKLM\..\Run: [sysem32.exe] C:\WINDOWS\sysem32.exe
O4 - HKLM\..\Run: [syscy32.exe] C:\WINDOWS\syscy32.exe
O4 - HKLM\..\Run: [sdkyp.exe] C:\WINDOWS\system32\sdkyp.exe
O4 - HKLM\..\Run: [sdkwi32.exe] C:\WINDOWS\sdkwi32.exe
O4 - HKLM\..\Run: [sdkos.exe] C:\WINDOWS\sdkos.exe
O4 - HKLM\..\Run: [sdknr.exe] C:\WINDOWS\system32\sdknr.exe
O4 - HKLM\..\Run: [sdkmt32.exe] C:\WINDOWS\system32\sdkmt32.exe
O4 - HKLM\..\Run: [sdklr.exe] C:\WINDOWS\system32\sdklr.exe
O4 - HKLM\..\Run: [sdkit32.exe] C:\WINDOWS\sdkit32.exe
O4 - HKLM\..\Run: [sdkgb.exe] C:\WINDOWS\system32\sdkgb.exe
Second part:
O4 - HKLM\..\Run: [sdkfn.exe] C:\WINDOWS\sdkfn.exe
O4 - HKLM\..\Run: [sdkcj32.exe] C:\WINDOWS\sdkcj32.exe
O4 - HKLM\..\Run: [ntyv32.exe] C:\WINDOWS\ntyv32.exe
O4 - HKLM\..\Run: [ntxz.exe] C:\WINDOWS\ntxz.exe
O4 - HKLM\..\Run: [ntvt.exe] C:\WINDOWS\system32\ntvt.exe
O4 - HKLM\..\Run: [ntss.exe] C:\WINDOWS\system32\ntss.exe
O4 - HKLM\..\Run: [ntsm.exe] C:\WINDOWS\ntsm.exe
O4 - HKLM\..\Run: [ntse32.exe] C:\WINDOWS\ntse32.exe
O4 - HKLM\..\Run: [ntrz.exe] C:\WINDOWS\system32\ntrz.exe
O4 - HKLM\..\Run: [ntrq32.exe] C:\WINDOWS\system32\ntrq32.exe
O4 - HKLM\..\Run: [ntop32.exe] C:\WINDOWS\ntop32.exe
O4 - HKLM\..\Run: [ntnl32.exe] C:\WINDOWS\ntnl32.exe
O4 - HKLM\..\Run: [ntnh32.exe] C:\WINDOWS\ntnh32.exe
O4 - HKLM\..\Run: [ntkc.exe] C:\WINDOWS\system32\ntkc.exe
O4 - HKLM\..\Run: [ntga32.exe] C:\WINDOWS\system32\ntga32.exe
O4 - HKLM\..\Run: [ntbi32.exe] C:\WINDOWS\system32\ntbi32.exe
O4 - HKLM\..\Run: [netzb32.exe] C:\WINDOWS\netzb32.exe
O4 - HKLM\..\Run: [netxy32.exe] C:\WINDOWS\netxy32.exe
O4 - HKLM\..\Run: [netxf32.exe] C:\WINDOWS\netxf32.exe
O4 - HKLM\..\Run: [netvk32.exe] C:\WINDOWS\netvk32.exe
O4 - HKLM\..\Run: [nettu.exe] C:\WINDOWS\nettu.exe
O4 - HKLM\..\Run: [netsm32.exe] C:\WINDOWS\netsm32.exe
O4 - HKLM\..\Run: [netrx32.exe] C:\WINDOWS\system32\netrx32.exe
O4 - HKLM\..\Run: [netny32.exe] C:\WINDOWS\system32\netny32.exe
O4 - HKLM\..\Run: [netnv32.exe] C:\WINDOWS\netnv32.exe
O4 - HKLM\..\Run: [netnn32.exe] C:\WINDOWS\netnn32.exe
O4 - HKLM\..\Run: [netiw.exe] C:\WINDOWS\netiw.exe
O4 - HKLM\..\Run: [nethg32.exe] C:\WINDOWS\system32\nethg32.exe
O4 - HKLM\..\Run: [netfe32.exe] C:\WINDOWS\system32\netfe32.exe
O4 - HKLM\..\Run: [netbm32.exe] C:\WINDOWS\netbm32.exe
O4 - HKLM\..\Run: [netbl32.exe] C:\WINDOWS\system32\netbl32.exe
O4 - HKLM\..\Run: [mszn.exe] C:\WINDOWS\mszn.exe
O4 - HKLM\..\Run: [msyi.exe] C:\WINDOWS\msyi.exe
O4 - HKLM\..\Run: [mswf32.exe] C:\WINDOWS\system32\mswf32.exe
O4 - HKLM\..\Run: [msvz.exe] C:\WINDOWS\system32\msvz.exe
O4 - HKLM\..\Run: [msum.exe] C:\WINDOWS\msum.exe
O4 - HKLM\..\Run: [msrj.exe] C:\WINDOWS\system32\msrj.exe
O4 - HKLM\..\Run: [msqn.exe] C:\WINDOWS\system32\msqn.exe
O4 - HKLM\..\Run: [msks.exe] C:\WINDOWS\msks.exe
O4 - HKLM\..\Run: [mskf.exe] C:\WINDOWS\system32\mskf.exe
O4 - HKLM\..\Run: [msiw32.exe] C:\WINDOWS\msiw32.exe
O4 - HKLM\..\Run: [msiv.exe] C:\WINDOWS\msiv.exe
O4 - HKLM\..\Run: [mshw.exe] C:\WINDOWS\mshw.exe
O4 - HKLM\..\Run: [msgl32.exe] C:\WINDOWS\msgl32.exe
O4 - HKLM\..\Run: [msdw32.exe] C:\WINDOWS\system32\msdw32.exe
O4 - HKLM\..\Run: [msdr.exe] C:\WINDOWS\msdr.exe
O4 - HKLM\..\Run: [msbr.exe] C:\WINDOWS\system32\msbr.exe
O4 - HKLM\..\Run: [mfczp32.exe] C:\WINDOWS\mfczp32.exe
O4 - HKLM\..\Run: [mfcwy32.exe] C:\WINDOWS\system32\mfcwy32.exe
O4 - HKLM\..\Run: [mfcuv32.exe] C:\WINDOWS\system32\mfcuv32.exe
O4 - HKLM\..\Run: [mfcpg.exe] C:\WINDOWS\system32\mfcpg.exe
O4 - HKLM\..\Run: [mfcnt32.exe] C:\WINDOWS\mfcnt32.exe
O4 - HKLM\..\Run: [mfclv32.exe] C:\WINDOWS\mfclv32.exe
O4 - HKLM\..\Run: [mfckr32.exe] C:\WINDOWS\mfckr32.exe
O4 - HKLM\..\Run: [mfchg.exe] C:\WINDOWS\system32\mfchg.exe
O4 - HKLM\..\Run: [mfcgf.exe] C:\WINDOWS\system32\mfcgf.exe
O4 - HKLM\..\Run: [mfcec.exe] C:\WINDOWS\system32\mfcec.exe
O4 - HKLM\..\Run: [mfcbd32.exe] C:\WINDOWS\system32\mfcbd32.exe
O4 - HKLM\..\Run: [mfcaa32.exe] C:\WINDOWS\system32\mfcaa32.exe
O4 - HKLM\..\Run: [javayx32.exe] C:\WINDOWS\javayx32.exe
O4 - HKLM\..\Run: [javawg.exe] C:\WINDOWS\javawg.exe
O4 - HKLM\..\Run: [javaui.exe] C:\WINDOWS\system32\javaui.exe
O4 - HKLM\..\Run: [javarc.exe] C:\WINDOWS\system32\javarc.exe
O4 - HKLM\..\Run: [javaog.exe] C:\WINDOWS\system32\javaog.exe
O4 - HKLM\..\Run: [javale.exe] C:\WINDOWS\javale.exe
O4 - HKLM\..\Run: [javair32.exe] C:\WINDOWS\javair32.exe
O4 - HKLM\..\Run: [javafl.exe] C:\WINDOWS\system32\javafl.exe
O4 - HKLM\..\Run: [ipyc32.exe] C:\WINDOWS\system32\ipyc32.exe
O4 - HKLM\..\Run: [ipvw.exe] C:\WINDOWS\system32\ipvw.exe
O4 - HKLM\..\Run: [ipvl32.exe] C:\WINDOWS\system32\ipvl32.exe
O4 - HKLM\..\Run: [iprk32.exe] C:\WINDOWS\iprk32.exe
O4 - HKLM\..\Run: [ipre.exe] C:\WINDOWS\ipre.exe
O4 - HKLM\..\Run: [ipnr.exe] C:\WINDOWS\system32\ipnr.exe
O4 - HKLM\..\Run: [ipkg32.exe] C:\WINDOWS\ipkg32.exe
O4 - HKLM\..\Run: [iphv.exe] C:\WINDOWS\system32\iphv.exe
O4 - HKLM\..\Run: [ipdd.exe] C:\WINDOWS\system32\ipdd.exe
O4 - HKLM\..\Run: [ipag.exe] C:\WINDOWS\ipag.exe
O4 - HKLM\..\Run: [igfxtray] C:\WINDOWS\system32\igfxtray.exe
O4 - HKLM\..\Run: [igfxpers] C:\WINDOWS\system32\igfxpers.exe
O4 - HKLM\..\Run: [igfxhkcmd] C:\WINDOWS\system32\hkcmd.exe
O4 - HKLM\..\Run: [ieyw32.exe] C:\WINDOWS\ieyw32.exe
O4 - HKLM\..\Run: [ieyo32.exe] C:\WINDOWS\system32\ieyo32.exe
O4 - HKLM\..\Run: [iewp32.exe] C:\WINDOWS\iewp32.exe
O4 - HKLM\..\Run: [ievj.exe] C:\WINDOWS\system32\ievj.exe
O4 - HKLM\..\Run: [ieuy32.exe] C:\WINDOWS\ieuy32.exe
O4 - HKLM\..\Run: [ieut.exe] C:\WINDOWS\ieut.exe
O4 - HKLM\..\Run: [ietf.exe] C:\WINDOWS\system32\ietf.exe
O4 - HKLM\..\Run: [ieqv32.exe] C:\WINDOWS\system32\ieqv32.exe
O4 - HKLM\..\Run: [ieqf32.exe] C:\WINDOWS\system32\ieqf32.exe
O4 - HKLM\..\Run: [iepx32.exe] C:\WINDOWS\iepx32.exe
O4 - HKLM\..\Run: [iepd32.exe] C:\WINDOWS\system32\iepd32.exe
O4 - HKLM\..\Run: [ieig.exe] C:\WINDOWS\ieig.exe
O4 - HKLM\..\Run: [iego32.exe] C:\WINDOWS\system32\iego32.exe
O4 - HKLM\..\Run: [iedn.exe] C:\WINDOWS\iedn.exe
O4 - HKLM\..\Run: [ieam.exe] C:\WINDOWS\ieam.exe
O4 - HKLM\..\Run: [HPDJ Taskbar Utility] C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb04.exe
O4 - HKLM\..\Run: [dla] C:\WINDOWS\system32\dla\tfswctrl.exe
O4 - HKLM\..\Run: [d3ze.exe] C:\WINDOWS\system32\d3ze.exe
O4 - HKLM\..\Run: [d3wm32.exe] C:\WINDOWS\d3wm32.exe
O4 - HKLM\..\Run: [d3wi.exe] C:\WINDOWS\system32\d3wi.exe
O4 - HKLM\..\Run: [d3uy.exe] C:\WINDOWS\system32\d3uy.exe
O4 - HKLM\..\Run: [d3ux.exe] C:\WINDOWS\system32\d3ux.exe
O4 - HKLM\..\Run: [d3sp.exe] C:\WINDOWS\system32\d3sp.exe
O4 - HKLM\..\Run: [d3px.exe] C:\WINDOWS\d3px.exe
O4 - HKLM\..\Run: [d3on.exe] C:\WINDOWS\d3on.exe
O4 - HKLM\..\Run: [d3ms32.exe] C:\WINDOWS\system32\d3ms32.exe
O4 - HKLM\..\Run: [d3kz.exe] C:\WINDOWS\d3kz.exe
O4 - HKLM\..\Run: [d3jv32.exe] C:\WINDOWS\d3jv32.exe
O4 - HKLM\..\Run: [d3ie.exe] C:\WINDOWS\system32\d3ie.exe
O4 - HKLM\..\Run: [d3hz32.exe] C:\WINDOWS\system32\d3hz32.exe
O4 - HKLM\..\Run: [d3et32.exe] C:\WINDOWS\d3et32.exe
O4 - HKLM\..\Run: [d3bq32.exe] C:\WINDOWS\d3bq32.exe
O4 - HKLM\..\Run: [crus32.exe] C:\WINDOWS\system32\crus32.exe
O4 - HKLM\..\Run: [crsn32.exe] C:\WINDOWS\system32\crsn32.exe
O4 - HKLM\..\Run: [crry32.exe] C:\WINDOWS\crry32.exe
O4 - HKLM\..\Run: [crrn32.exe] C:\WINDOWS\system32\crrn32.exe
O4 - HKLM\..\Run: [crqv32.exe] C:\WINDOWS\system32\crqv32.exe
O4 - HKLM\..\Run: [crpm32.exe] C:\WINDOWS\system32\crpm32.exe
O4 - HKLM\..\Run: [crnt32.exe] C:\WINDOWS\crnt32.exe
O4 - HKLM\..\Run: [crmu.exe] C:\WINDOWS\crmu.exe
O4 - HKLM\..\Run: [crku32.exe] C:\WINDOWS\system32\crku32.exe
O4 - HKLM\..\Run: [crkp.exe] C:\WINDOWS\crkp.exe
O4 - HKLM\..\Run: [crjq.exe] C:\WINDOWS\crjq.exe
O4 - HKLM\..\Run: [crhp.exe] C:\WINDOWS\system32\crhp.exe
O4 - HKLM\..\Run: [crgz32.exe] C:\WINDOWS\system32\crgz32.exe
O4 - HKLM\..\Run: [crec.exe] C:\WINDOWS\system32\crec.exe
O4 - HKLM\..\Run: [BO1HelperStartUp] C:\PROGRA~1\BUTTER~1\BO1HEL~1.EXE /partner BO1
O4 - HKLM\..\Run: [atlwl32.exe] C:\WINDOWS\system32\atlwl32.exe
O4 - HKLM\..\Run: [atlwb32.exe] C:\WINDOWS\atlwb32.exe
O4 - HKLM\..\Run: [atlux.exe] C:\WINDOWS\system32\atlux.exe
O4 - HKLM\..\Run: [atlqh32.exe] C:\WINDOWS\system32\atlqh32.exe
O4 - HKLM\..\Run: [atljt.exe] C:\WINDOWS\atljt.exe
O4 - HKLM\..\Run: [atliw32.exe] C:\WINDOWS\atliw32.exe
O4 - HKLM\..\Run: [atlir.exe] C:\WINDOWS\system32\atlir.exe
O4 - HKLM\..\Run: [atlem.exe] C:\WINDOWS\atlem.exe
O4 - HKLM\..\Run: [atlac32.exe] C:\WINDOWS\system32\atlac32.exe
O4 - HKLM\..\Run: [appzp32.exe] C:\WINDOWS\appzp32.exe
O4 - HKLM\..\Run: [appyf32.exe] C:\WINDOWS\appyf32.exe
O4 - HKLM\..\Run: [appwo32.exe] C:\WINDOWS\appwo32.exe
O4 - HKLM\..\Run: [appwc.exe] C:\WINDOWS\appwc.exe
O4 - HKLM\..\Run: [appvt.exe] C:\WINDOWS\appvt.exe
O4 - HKLM\..\Run: [appvi.exe] C:\WINDOWS\system32\appvi.exe
O4 - HKLM\..\Run: [appux32.exe] C:\WINDOWS\system32\appux32.exe
O4 - HKLM\..\Run: [appue32.exe] C:\WINDOWS\appue32.exe
O4 - HKLM\..\Run: [apptq.exe] C:\WINDOWS\apptq.exe
O4 - HKLM\..\Run: [appti.exe] C:\WINDOWS\system32\appti.exe
O4 - HKLM\..\Run: [appmt.exe] C:\WINDOWS\appmt.exe
O4 - HKLM\..\Run: [appev32.exe] C:\WINDOWS\system32\appev32.exe
O4 - HKLM\..\Run: [appav.exe] C:\WINDOWS\appav.exe
O4 - HKLM\..\Run: [apizi32.exe] C:\WINDOWS\apizi32.exe
O4 - HKLM\..\Run: [apiyy32.exe] C:\WINDOWS\apiyy32.exe
O4 - HKLM\..\Run: [apiyy.exe] C:\WINDOWS\system32\apiyy.exe
O4 - HKLM\..\Run: [apiyc32.exe] C:\WINDOWS\system32\apiyc32.exe
O4 - HKLM\..\Run: [apivj.exe] C:\WINDOWS\system32\apivj.exe
O4 - HKLM\..\Run: [apium.exe] C:\WINDOWS\system32\apium.exe
O4 - HKLM\..\Run: [apisq.exe] C:\WINDOWS\apisq.exe
O4 - HKLM\..\Run: [apisj32.exe] C:\WINDOWS\system32\apisj32.exe
O4 - HKLM\..\Run: [apiqr.exe] C:\WINDOWS\system32\apiqr.exe
O4 - HKLM\..\Run: [apimn.exe] C:\WINDOWS\system32\apimn.exe
O4 - HKLM\..\Run: [apikw.exe] C:\WINDOWS\system32\apikw.exe
O4 - HKLM\..\Run: [apiim.exe] C:\WINDOWS\system32\apiim.exe
O4 - HKLM\..\Run: [apihw.exe] C:\WINDOWS\apihw.exe
O4 - HKLM\..\Run: [apiga32.exe] C:\WINDOWS\apiga32.exe
O4 - HKLM\..\Run: [apifc32.exe] C:\WINDOWS\system32\apifc32.exe
O4 - HKLM\..\Run: [apiev32.exe] C:\WINDOWS\system32\apiev32.exe
O4 - HKLM\..\Run: [apicu.exe] C:\WINDOWS\apicu.exe
O4 - HKLM\..\Run: [apibx.exe] C:\WINDOWS\apibx.exe
O4 - HKLM\..\Run: [apibt32.exe] C:\WINDOWS\system32\apibt32.exe
O4 - HKLM\..\Run: [apiat32.exe] C:\WINDOWS\apiat32.exe
O4 - HKLM\..\Run: [apiac32.exe] C:\WINDOWS\system32\apiac32.exe
O4 - HKLM\..\Run: [addzu.exe] C:\WINDOWS\addzu.exe
O4 - HKLM\..\Run: [addzj.exe] C:\WINDOWS\addzj.exe
O4 - HKLM\..\Run: [addzg.exe] C:\WINDOWS\system32\addzg.exe
O4 - HKLM\..\Run: [addul.exe] C:\WINDOWS\system32\addul.exe
O4 - HKLM\..\Run: [addsy.exe] C:\WINDOWS\addsy.exe
O4 - HKLM\..\Run: [addqs32.exe] C:\WINDOWS\addqs32.exe
O4 - HKLM\..\Run: [addog.exe] C:\WINDOWS\addog.exe
O4 - HKLM\..\Run: [addjn.exe] C:\WINDOWS\addjn.exe
O4 - HKLM\..\Run: [addig.exe] C:\WINDOWS\addig.exe
O4 - HKLM\..\Run: [addga32.exe] C:\WINDOWS\system32\addga32.exe
O4 - HKLM\..\Run: [addfx.exe] C:\WINDOWS\system32\addfx.exe
O4 - HKLM\..\Run: [addcu32.exe] C:\WINDOWS\addcu32.exe
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [DellSupport] "C:\Program Files\DellSupport\DSAgnt.exe" /startup
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O11 - Options group: [INTERNATIONAL] International*
O16 - DPF: {04E214E5-63AF-4236-83C6-A7ADCBF9BD02} (HouseCall Control) - http://housecall60.trendmicro.com/housecall/xscan60.cab
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
O16 - DPF: {2BC66F54-93A8-11D3-BEB6-00105AA9B6AE} (Symantec AntiVirus scanner) - http://security.symantec.com/sscv6/SharedContent/vc/bin/AvSniff.cab
O16 - DPF: {644E432F-49D3-41A1-8DD5-E099162EEEC5} (Symantec RuFSI Utility Class) - http://security.symantec.com/sscv6/SharedContent/common/bin/cabsa.cab
O16 - DPF: {7B297BFD-85E4-4092-B2AF-16A91B2EA103} (WScanCtl Class) - http://www.ca.com/us/securityadvisor/virusinfo/webscan.cab
O20 - Winlogon Notify: igfxcui - C:\WINDOWS\SYSTEM32\igfxdev.dll
O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll
O21 - SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll
O23 - Service: DSBrokerService - Unknown owner - C:\Program Files\DellSupport\brkrsvc.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: iPod Service - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Intel NCS NetService (NetSvc) - Intel(R) Corporation - C:\Program Files\Intel\PROSetWired\NCS\Sync\NetSvc.exe
O23 - Service: Trend Micro Central Control Component (PcCtlCom) - Trend Micro Incorporated. - C:\PROGRA~1\TRENDM~1\INTERN~1\PcCtlCom.exe
O23 - Service: Trend Micro Real-time Service (Tmntsrv) - Trend Micro Incorporated. - C:\PROGRA~1\TRENDM~1\INTERN~1\Tmntsrv.exe
O23 - Service: Trend Micro Personal Firewall (TmPfw) - Trend Micro Inc. - C:\PROGRA~1\TRENDM~1\INTERN~1\TmPfw.exe
O23 - Service: Trend Micro Proxy Service (tmproxy) - Trend Micro Inc. - C:\PROGRA~1\TRENDM~1\INTERN~1\tmproxy.exe
pskelley
2007-06-29, 17:54
Sorry to have to tell you that you have a very, very infected computer here:
http://www.sophos.com/security/analyses/w32rbothg.html
http://vil.nai.com/vil/content/v_137456.htm
http://spywarefiles.prevx.com/RRHDIF938796/WINKK32.EXE.html
http://www.spywaredata.com/spyware/malware/winja.exe.php
http://www.superadblocker.com/A/APIUM32.EXE-5023.html
http://www.trendmicro.com/vinfo/virusencyclo/default5.asp?VName=WORM_RBOT.CKI&VSect=T
http://spywarefiles.prevx.com/RRHDIF629366/WINAY32.EXE.html
http://www.spywaredata.com/spyware/malware/sysye.exe.php
I am stopping there, many of these trojans I can not even identify. I may never have seen this level of infection on a computer before?
A Backdoor is a software program that gives an attacker unauthorized access to a machine and the means for remotely controlling the machine without the user's knowledge. A Backdoor compromises system integrity by making changes to the system that allow it to by used by the attacker for malicious purposes unknown to the user.
One or more of the identified infections is a backdoor trojan.
This allows hackers to remotely control your computer, steal critical system information and Download and Execute files
I would counsel you to disconnect this PC from the Internet immediately. If you do any banking or other financial transactions on the PC or if it should contain any other sensitive information, please get to a known clean computer and change all passwords where applicable, and it would be wise to contact those same financial institutions to apprise them of your situation.
Though the Trojan has been identified and can be killed, because of it's backdoor functionality, your PC is very likely compromised and there is no way to be sure your computer can ever again be trusted. Many experts in the security community believe that once infected with this type of Trojan, the best course of action would be a reformat and reinstall of the OS. Please read these for more information:
How Do I Handle Possible Identify Theft, Internet Fraud and CC Fraud?
http://www.dslreports.com/faq/10451
When Should I Format, How Should I Reinstall
http://www.dslreports.com/faq/10063
With this level of infection, my suggestion is that you reformat.
Please let us know what you have decided to do in your next post.
Thanks
This topic has been archived.