"Phil" <Nospam@nospam.net> wrote in message news:<Uzvwb.218457$mZ5.1659447@attbi_s54>...
> Wipe the disk!!!! Why not just hit the computer with a sledge hammer???

Actually, Lance's advice is quite accurate: Any security professional
will tell you that a machine that has been compromised is
untrustworthy. Far more so considering the number of trojans, worms,
and parasites that the OP mentioned and the fact that he wasn't able
to specify several hundred items removed.

I'm looking at his HiJackThis! log and I see a number of entries that
look very much like trojans, as well as a number of other suspicious
items. To wit:

C:\WINDOWS\SYSTEM\YUYT10.EXE
C:\WINDOWS\SYSTEM\FNJT.EXE
HKLM\..\Run: [wzkrbxyj] C:\WINDOWS\dxudxzkt.exe
O4 - HKLM\..\Run: [AQWANQU] C:\WINDOWS\AQWANQU.exe
O4 - HKLM\..\Run: [4THQMFQ5XMTXYD] C:\WINDOWS\SYSTEM\DbhB2.exe

These are almost certainly trojans or worms.

O12 - Plugin for .spop: C:\PROGRA~1\INTERN~1\Plugins\NPDocBox.dll
O16 - DPF: {AE1C01E3-0283-11D3-9B3F-00C04F8EF466} (HeartbeatCtl Class)
-
http://fdl.msn.com/zone/datafiles/heartbeat.cab

These two are very suspicious.

O16 - DPF: {33564D57-0000-0010-8000-00AA00389B71} -
http://download.microsoft.com/downlo...22/wmv9VCM.CAB
O16 - DPF: {AE1C01E3-0283-11D3-9B3F-00C04F8EF466} (HeartbeatCtl Class)
-
http://fdl.msn.com/zone/datafiles/heartbeat.cab

These look like very intrusive junk.

On top of it all, he's got a Netropa keyboard driver, which can also
be considered malware.

The best solution for a system this screwed is to backup all valuable
data, reformat from known-good media, and be sure not to run any
executable programs or macros from his backups.

Sponge
Sponge's Secure Solutions
www.geocities.com/yosponge
My new email: yosponge2 att yahoo dott com