You were right Not to click that "Uninstall" botton - It IS Nasty!Originally Posted by jornsen
-- I do not see much in your HJT Log. I do not know what this is:
O2 - BHO: Class - {B9AE75D1-F00C-69A5-C748-26D2448F8738} - C:\WINDOWS\fseku1.dll (file missing)
You can FIX that with HijackThis.
These look like they allow remote access to your computer - But I imagine you installed them?
O23 - Service: MReg Service (MReg) - Ementor Danmark A/S - C:\WINDOWS\system32\MReg.exe
O23 - Service: M·RemoteUser (MRemoteUser) - Ementor Danmark A/S - C:\WINDOWS\system32\MRemoteUser.exe
O23 - Service: M·SoftwareScan (MSoftwareScan) - Ementor Danmark A/S - C:\WINDOWS\system32\MSoftwareScan.exe
O23 - Service: VNC Server (winvnc) - Unknown owner - C:\Program Files\ORL\VNC\WinVNC.exe (file missing)
Did the Kaspersky Online scan find Nothing at all? It should catch that LinkOptimizer
The same for the AVG Anti-spy....
They both came up completely clean?
There are a few more scans I'd like to see....
FIRST:
Download WinPFind2 by OldTimer to your Desktop and double-click on it to extract the files. It will create a folder named WinPFind2 on your desktop.
-- Open the WinPFind2 folder and DoubleClick winpfind2.exe to start the program.
-- Keep the Standard Settings.
-- In the AddOn Options section (Far Right of GUI) Check the Boxes for the following:
--> Policies.def
--> SID_Run_Policies.def
THEN:
Click the Run All Scans button.
When the tool has finished running, select the Simple Report Button in the lower right. Notepad shoud open with a Log.
Please submit that Log for me.
THEN:
Let's get a StartupList.
Run HijackThis and open the Misc Tools section.
-- Check the boxes to List minor sections & List empty sections
-- Click Generate StartupList & Yes
-- Please submit that log for me
And, we'll go from there.
Best
PP
EDIT PP:
It might also be a good idea to run the following:
http://www.prevx.com/gromozon.asp
Let me know how that shakes out.....
PP
Reply With Quote