Remote computer/ server has control of my computer & user profile

Status
This thread has been Locked and is not open to further replies. Please start a New Thread if you're having a similar issue. View our Welcome Guide to learn how to use this site.

roothit

Thread Starter
Joined
Jul 20, 2010
Messages
6
There is a remote computer/ server logging on and and controlling my computer.
I realized that it has changed around around my files
When I go into My computer, my profile windows logon is a folder under there along with the drives.
There is also another folder called Common Files. I think THIS remote computer has changed my log on TO BE A dependent on a service that is logged on. Its called IANMAN COMPUTER. This is a personal home computer and the only one. So its not part of a network

Commodo firewall REported/ detected that I was a new netwotk was dected that I was a part of

The Hijack this log is pretty uslewss and does not show much.

I found these lines using Regrun/ Unhackme:
Windows Core Components tab in Regrun/ Unhackme
Active Setup items
--------------
"%ProgramFiles%\Outlook Express\ setup50.exe" /APP:OE /CALLER:WINTT /user install
shows this target file in system
D:\PROGRAM FILES\OUTLOOK EXPRESS\SETUP50.EXE
--------------
--------------
"%ProgramFiles%\Outlook Express\ setup50.exe" /APP:WAB /CALLER:WINTT /user install
shows this target file in system
D:\PROGRAM FILES\OUTLOOK EXPRESS\SETUP50.EXE
--------------
--------------
%systemRoot%\system32\regsvr32.exe /s /n /i:UserInstall %SystemRoot%\system32themeui.dll
shows this target file in system
D:\WINDOWS\SYSTEM32\REGSVR32.EXE
--------------
--------------
%systemroot%\system32\shmgrate.exe OCInstallUserConfigIE
points to
D:\WINDOWS\SYSTEM32\SHMGRATE.EXE
--------------
--------------
%systemroot%\system32\shmgrate.exe OCInstallUserConfigOE
points to
D:\WINDOWS\SYSTEM32\SHMGRATE.EXE
--------------
--------------
D:\WINDOWS\inf\ unregmp2.exe /ShowWMP
shows this target file in system
D:\WINDOWS\INF\UNREGMP2.EXE
--------------
--------------
D:\WINDOWS\system32\ie4uinit.exe -BaseSettings
points to
D:\WINDOWS\SYSTEM32\IE4UINIT.EXE
--------------
--------------
D:\WINDOWS\system32\ieudinit.exe
points to
D:\WINDOWS\SYSTEM32\IEUDINIT.EXE
--------------
--------------
RunDLL32 IEDKCS32.DLL,BrandIE4 SIGNUP
points to or is supposed to be
D:\WINDOWS\system32\IEDKCS32.DLL
--------------
--------------
RunDLL32 IEDKCS32.DLL,BrandIE4 SIGNUP
points to or is supposed to be
D:\WINDOWS\system32\IEDKCS32.DLL
--------------
--------------
regsve32.exe /s /n /i:U shell32.dll
is supposed to be
D:\WINDOWS\system32\REGSVR32.EXE
--------------
I knew that setup50.exe for Outlook Express was hijacked somhow, but didnt know the extent because when I looked it up on the net it showed as a regular file.
"ProgramFiles%\Outlook Express\ setup50.exe"
It showed up on comodo but disappeared really quick, I count control or find it.
 
Status
This thread has been Locked and is not open to further replies. Please start a New Thread if you're having a similar issue. View our Welcome Guide to learn how to use this site.

Users Who Are Viewing This Thread (Users: 0, Guests: 1)

As Seen On
As Seen On...

Welcome to Tech Support Guy!

Are you looking for the solution to your computer problem? Join our site today to ask your question. This site is completely free -- paid for by advertisers and donations.

If you're not already familiar with forums, watch our Welcome Guide to get started.

Join over 807,865 other people just like you!

Latest posts

Staff online

Members online

Top