Hi Tony, Welcome to the forum,
There's some problems showing there, one of the trojan files has been detected as a banker infection which means its capable of stealing information such as your credit card details if you have done any banking or paying for goods online and login user names/passwords for sites you have visited since its been active, If you do any banking or other financial transactions on the PC or if it should contain any other sensitive information, please change all passwords where applicable from a different PC if possible or once your system is clean and it would be wise to also contact any banks or credit card companies to notify them of your situation.
Please read this link for more information:
How to report ID theft, fraud, drive-by installs, hijacking and malware?Run HijackThis and choose
Do A System Scan then place a check next to these entries
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O4 - HKLM\..\Run: [Msn Messenger] C:\WINDOWS\system32\msnmsnr.scr
O4 - HKCU\..\Run: [Firewal] C:\windows\svchost.exe
O4 - HKCU\..\Run: [Internet Explorer] C:\WINDOWS\IEXPLORE.EXE
Close all open browser and other windows except for HijackThis and press the
Fix Checked button
Next set Windows to show hidden files and folders.
Click
Start. Goto
MyComputer then
C:\drive Select the
Tools menu from the top bar and click
Folder Options. Select the
View Tab.
Under the Hidden files and folders heading select "
Show hidden files and folders".
UnCheck the "
Hide protected operating system files (recommended)" option.
Uncheck the "
Hide extensions for known file types" option
Click
Yes to confirm then
OKSet this back once you have checked for the files by opening the same page and pressing the
Restore Defaults button then click
Apply and
OK.
Then delete these files if they still exist
C:\WINDOWS\system32\
msnmsnr.scrC:\WINDOWS\
svchost.exeC:\WINDOWS\
IEXPLORE.EXEDo not delete the svchost.exe in the system32 folder as that is an essential Windows file but the one above in the Windows folder is a trojan, Also run CCleaner to clear out your temp folders as there was a backdoor trojan found there.
Download Blacklight
HERE and save it to your desktop.
Run the program, accept statement > click next then scan
When its finished scanning exit the program and post back the log if it detects hidden files, The log is called 'fsbl-<date/time>.log' which will save to the same location as the fsbl.exe file.
Finally run Kaspersky WebScanner
- Please go HERE and click Kaspersky Online Scanner
- Read and Accept the Agreement
- You will be promted to install an ActiveX component from Kaspersky, Click Yes.
- If you see a Windows dialog asking if you want to install this software, click the Install button.
- The program will launch and then begin downloading the latest definition files,
- When the "Update progress" line changes to "Ready" and the "NEXT ->" button becomes available, please click on it.
- Click on the Scan Settings button, and in the next window select the Extended database, and click Ok.
- Under "Please select a target to scan:", click My Computer to start the scan.
- When the scan is finished, click the "Save as Text" button, and save the file as kavscan.txt to your Desktop, close the Kaspersky On-line Scanner window.
Please then post back the Kaspersky log, Blacklight log if it finds any hidden files and a new HijackThis log, let us know if you have any problems
Cheers
Andy