1. You are viewing our forum as a guest. For full access please Register. WindowsBBS.com is completely free, paid for by advertisers and donations.

Active esukefup

Discussion in 'Malware and Virus Removal Archive' started by flatfoot, 2009/05/09.

  1. 2009/05/09
    flatfoot

    flatfoot Inactive Thread Starter

    Joined:
    2002/10/08
    Messages:
    55
    Likes Received:
    0
    [Active] esukefup

    I keep getting a pop up box that says RUN DLL
    Error loading C:\Windows esukefup.dll
    The specified module could not be found.

    I could not find a dll with this name. When I run spybot it doesnt say anything about it. I have run the DDS program and here are the results from DDS.text and Attach.txt


    DDS (Ver_09-03-16.01) - NTFSx86
    Run by Owner at 19:39:24.25 on Sat 05/09/2009
    Internet Explorer: 6.0.2900.2180
    Microsoft Windows XP Home Edition 5.1.2600.2.1252.1.1033.18.247.150 [GMT -5:00]


    ============== Running Processes ===============

    C:\WINDOWS\system32\svchost -k DcomLaunch
    C:\WINDOWS\system32\svchost -k rpcss
    C:\WINDOWS\System32\svchost.exe -k netsvcs
    svchost.exe
    C:\WINDOWS\Explorer.EXE
    svchost.exe
    C:\WINDOWS\system32\spoolsv.exe
    C:\WINDOWS\system32\svchost.exe -k hpdevmgmt
    C:\WINDOWS\System32\svchost.exe -k imgsvc
    C:\WINDOWS\system32\svchost.exe -k netsvcs
    C:\WINDOWS\System32\rundll32.exe
    C:\Program Files\Logitech\MouseWare\system\em_exec.exe
    C:\WINDOWS\System32\taskmgr.exe
    C:\Documents and Settings\Owner\Desktop\dds.scr
    C:\WINDOWS\System32\rundll32.exe

    ============== Pseudo HJT Report ===============

    uLocal Page = hxxp://www.google.com
    uStart Page = hxxp://www.google.com/intl/en_ALL/images/logo.gif
    uDefault_Search_URL = hxxp://www.google.com
    mLocal Page = hxxp://www.google.com
    mStart Page = hxxp://www.google.com
    EB: {32683183-48a0-441b-a342-7c2a440a9478} - No File
    mRun: [Logitech Utility] Logi_MwX.Exe
    mRun: [Vpecafekuteg] rundll32.exe "c:\windows\Ysebuqikuwafo.dll ",e
    mRun: [Hyigif] rundll32.exe "c:\windows\esukefup.dll ",e
    uPolicies-explorer: NoBandCustomize = 1 (0x1)
    DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} - hxxp://fpdownload.macromedia.com/get/flashplayer/current/ultrashim.cab
    Handler: cetihpz - {CF184AD3-CDCB-4168-A3F7-8E447D129300} - c:\program files\hp\hpcoretech\comp\hpuiprot.dll

    ================= FIREFOX ===================

    FF - ProfilePath - c:\docume~1\owner\applic~1\mozilla\firefox\profiles\vuaco10v.default user\
    FF - prefs.js: browser.startup.homepage - hxxp://www.google.com/intl/en_ALL/images/logo.gif
    FF - plugin: c:\program files\java\j2re1.4.2\bin\NPJava11.dll
    FF - plugin: c:\program files\java\j2re1.4.2\bin\NPJava12.dll
    FF - plugin: c:\program files\java\j2re1.4.2\bin\NPJava13.dll
    FF - plugin: c:\program files\java\j2re1.4.2\bin\NPJava14.dll
    FF - plugin: c:\program files\java\j2re1.4.2\bin\NPJava32.dll
    FF - plugin: c:\program files\java\j2re1.4.2\bin\NPJPI142.dll
    FF - plugin: c:\program files\java\j2re1.4.2\bin\NPOJI610.dll
    FF - HiddenExtension: XUL Cache: {59E116E3-C78F-49FF-8503-2D7C282B6F1F} - c:\documents and settings\owner\local settings\application data\{59E116E3-C78F-49FF-8503-2D7C282B6F1F}

    ============= SERVICES / DRIVERS ===============


    =============== Created Last 30 ================

    2009-05-09 14:46 <DIR> --d----- C:\cmdcons
    2009-05-08 12:50 <DIR> --d----- c:\docume~1\owner\applic~1\Safer Networking
    2009-05-08 12:49 <DIR> --d----- c:\program files\Safer Networking
    2009-05-08 03:58 161,792 a------- c:\windows\SWREG.exe
    2009-05-08 03:58 98,816 a------- c:\windows\sed.exe

    ==================== Find3M ====================

    2006-07-23 05:54 4,265 a------- c:\program files\gftjng.exe
    2004-03-17 17:13 1,028,368 a------- c:\program files\vbrun60sp6.exe
    2003-07-16 15:36 339,968 a------- c:\program files\mspaint.exe
    2008-01-28 05:00 19,389 a--sh--- c:\windows\system32\geede.exe

    ============= FINISH: 19:39:59.78 ===============


    UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.
    IF REQUESTED, ZIP IT UP & ATTACH IT

    DDS (Ver_09-03-16.01)

    Microsoft Windows XP Home Edition
    Boot Device: \Device\HarddiskVolume2
    Install Date: 11/11/2005 7:22:55 AM
    System Uptime: 5/9/2009 3:12:14 PM (4 hours ago)

    Motherboard: Dell Computer Corp. | | 0G1548
    Processor: Intel(R) Celeron(R) CPU 2.40GHz | Microprocessor | 2392/400mhz

    ==== Disk Partitions =========================

    A: is Removable
    C: is FIXED (NTFS) - 37 GiB total, 23.512 GiB free.
    D: is CDROM ()

    ==== Disabled Device Manager Items =============

    Class GUID: {50127DC3-0F36-415E-A6CC-4CB3BE910B65}
    Description: Intel Processor
    Device ID: ACPI\GENUINEINTEL_-_X86_FAMILY_15_MODEL_2\_0
    Manufacturer: Intel
    Name: Intel(R) Celeron(R) CPU 2.40GHz
    PNP Device ID: ACPI\GENUINEINTEL_-_X86_FAMILY_15_MODEL_2\_0
    Service: intelppm

    Class GUID: {4D36E972-E325-11CE-BFC1-08002BE10318}
    Description: Broadcom 440x 10/100 Integrated Controller
    Device ID: PCI\VEN_14E4&DEV_4401&SUBSYS_81271028&REV_01\4&3B1CAF2B&0&48F0
    Manufacturer: Broadcom
    Name: Broadcom 440x 10/100 Integrated Controller
    PNP Device ID: PCI\VEN_14E4&DEV_4401&SUBSYS_81271028&REV_01\4&3B1CAF2B&0&48F0
    Service: bcm4sbxp

    Class GUID: {4D36E97D-E325-11CE-BFC1-08002BE10318}
    Description: Microsoft System Management BIOS Driver
    Device ID: ROOT\SYSTEM\0002
    Manufacturer: (Standard system devices)
    Name: Microsoft System Management BIOS Driver
    PNP Device ID: ROOT\SYSTEM\0002
    Service: mssmbios

    ==== System Restore Points ===================

    RP1017: 2/8/2009 7:10:21 PM - System Checkpoint
    RP1018: 2/9/2009 8:30:23 PM - System Checkpoint
    RP1019: 2/10/2009 11:19:43 PM - System Checkpoint
    RP1020: 2/12/2009 12:10:21 AM - System Checkpoint
    RP1021: 2/13/2009 5:47:39 AM - System Checkpoint
    RP1022: 2/14/2009 5:56:42 AM - System Checkpoint
    RP1023: 2/15/2009 6:55:06 AM - System Checkpoint
    RP1024: 2/16/2009 7:03:59 AM - System Checkpoint
    RP1025: 2/17/2009 7:55:04 AM - System Checkpoint
    RP1026: 2/18/2009 8:55:04 AM - System Checkpoint
    RP1027: 2/19/2009 9:55:04 AM - System Checkpoint
    RP1028: 2/20/2009 10:23:42 AM - System Checkpoint
    RP1029: 2/21/2009 10:43:57 AM - System Checkpoint
    RP1030: 2/22/2009 11:43:57 AM - System Checkpoint
    RP1031: 2/23/2009 11:45:03 AM - System Checkpoint
    RP1032: 2/24/2009 2:19:03 PM - System Checkpoint
    RP1033: 2/25/2009 2:43:58 PM - System Checkpoint
    RP1034: 2/26/2009 3:43:58 PM - System Checkpoint
    RP1035: 2/27/2009 4:43:58 PM - System Checkpoint
    RP1036: 2/28/2009 5:11:28 PM - System Checkpoint
    RP1037: 3/1/2009 5:17:56 PM - System Checkpoint
    RP1038: 3/2/2009 6:17:54 PM - System Checkpoint
    RP1039: 3/3/2009 7:18:59 PM - System Checkpoint
    RP1040: 3/5/2009 7:03:29 AM - System Checkpoint
    RP1041: 3/6/2009 7:17:55 AM - System Checkpoint
    RP1042: 3/7/2009 8:17:55 AM - System Checkpoint
    RP1043: 3/8/2009 8:41:11 AM - System Checkpoint
    RP1044: 3/9/2009 9:49:50 AM - System Checkpoint
    RP1045: 3/10/2009 10:40:21 AM - System Checkpoint
    RP1046: 3/11/2009 11:41:50 AM - System Checkpoint
    RP1047: 3/12/2009 12:39:27 PM - System Checkpoint
    RP1048: 3/13/2009 12:40:21 PM - System Checkpoint
    RP1049: 3/14/2009 4:23:12 PM - System Checkpoint
    RP1050: 3/15/2009 4:41:26 PM - System Checkpoint
    RP1051: 3/16/2009 5:40:21 PM - System Checkpoint
    RP1052: 3/17/2009 6:05:35 PM - System Checkpoint
    RP1053: 3/18/2009 6:40:22 PM - System Checkpoint
    RP1054: 3/19/2009 7:40:20 PM - System Checkpoint
    RP1055: 3/21/2009 3:30:12 AM - System Checkpoint
    RP1056: 3/22/2009 3:40:20 AM - System Checkpoint
    RP1057: 3/23/2009 3:54:23 AM - System Checkpoint
    RP1058: 3/24/2009 5:08:07 AM - System Checkpoint
    RP1059: 3/25/2009 5:54:25 AM - System Checkpoint
    RP1060: 3/26/2009 6:54:26 AM - System Checkpoint
    RP1061: 3/27/2009 7:22:04 AM - System Checkpoint
    RP1062: 3/28/2009 7:54:25 AM - System Checkpoint
    RP1063: 3/29/2009 8:54:25 AM - System Checkpoint
    RP1064: 3/30/2009 9:54:26 AM - System Checkpoint
    RP1065: 3/31/2009 11:15:46 AM - System Checkpoint
    RP1066: 4/1/2009 11:54:16 AM - System Checkpoint
    RP1067: 4/2/2009 12:54:15 PM - System Checkpoint
    RP1068: 4/3/2009 1:54:16 PM - System Checkpoint
    RP1069: 4/4/2009 4:10:51 PM - System Checkpoint
    RP1070: 4/5/2009 5:54:17 PM - System Checkpoint
    RP1071: 4/6/2009 6:08:07 PM - System Checkpoint
    RP1072: 4/7/2009 9:21:54 PM - System Checkpoint
    RP1073: 4/8/2009 9:55:24 PM - System Checkpoint
    RP1074: 4/9/2009 11:27:34 PM - System Checkpoint
    RP1075: 4/11/2009 4:08:35 AM - System Checkpoint
    RP1076: 4/12/2009 4:54:20 AM - System Checkpoint
    RP1077: 4/13/2009 5:54:17 AM - System Checkpoint
    RP1078: 4/14/2009 6:54:20 AM - System Checkpoint
    RP1079: 4/15/2009 7:54:19 AM - System Checkpoint
    RP1080: 4/16/2009 8:55:20 AM - System Checkpoint
    RP1081: 4/17/2009 9:54:15 AM - System Checkpoint
    RP1082: 4/18/2009 10:54:14 AM - System Checkpoint
    RP1083: 4/19/2009 11:54:14 AM - System Checkpoint
    RP1084: 4/20/2009 12:54:15 PM - System Checkpoint
    RP1085: 4/21/2009 1:29:03 PM - System Checkpoint
    RP1086: 4/22/2009 1:54:15 PM - System Checkpoint
    RP1087: 4/23/2009 2:54:14 PM - System Checkpoint
    RP1088: 4/24/2009 3:54:14 PM - System Checkpoint
    RP1089: 4/25/2009 6:31:11 PM - System Checkpoint
    RP1090: 4/26/2009 6:46:18 PM - System Checkpoint
    RP1091: 4/27/2009 7:46:18 PM - System Checkpoint
    RP1092: 4/28/2009 7:49:41 PM - System Checkpoint
    RP1093: 4/29/2009 8:37:58 PM - System Checkpoint
    RP1094: 4/30/2009 10:49:59 PM - System Checkpoint
    RP1095: 5/1/2009 11:43:55 PM - System Checkpoint
    RP1096: 5/3/2009 3:21:01 AM - System Checkpoint
    RP1097: 5/4/2009 3:42:17 AM - System Checkpoint
    RP1098: 5/5/2009 4:44:01 AM - System Checkpoint
    RP1099: 5/6/2009 11:21:05 AM - System Checkpoint
    RP1100: 5/7/2009 12:05:47 PM - System Checkpoint
    RP1101: 5/8/2009 1:06:56 PM - System Checkpoint
    RP1102: 5/9/2009 1:37:54 PM - System Checkpoint

    ==== Installed Programs ======================

    4300
    4300_Help
    4300Trb
    Adobe Acrobat 4.0
    Adobe Flash Player ActiveX
    Adobe Reader 7.0.8
    AiO_Scan_CDA
    AiOSoftwareNPI
    AP Tuner 3.06
    AutoUpdate
    Broadcom 440x 10/100 Integrated Controller
    Broadcom Management Programs
    BufferChm
    CCleaner (remove only)
    CP_Package_Variety1
    CP_Package_Variety2
    CP_Package_Variety3
    D1400
    D1400_Help
    Dell Digital Jukebox Driver
    Dell Media Experience
    Dell ResourceCD
    Destinations
    DivX
    DivX Player
    DivX Web Player
    dj_sf_ProductContext
    dj_sf_software
    dj_sf_software_req
    DocProc
    eSupportQFolder
    FastNetSearch.Net Browser Enhancement
    Fax_CDA
    HijackThis 1.99.1
    HP Deskjet 3740
    HP Deskjet 8.0 Software
    HP Imaging Device Functions 8.0
    HP Photosmart Essential
    HP PSC & OfficeJet 6.1.A
    HP Smart Web Printing 1.0
    HP Software Update
    HP Solution Center and Imaging Support Tools 6.1
    HPProductAssistant
    Intel(R) Extreme Graphics Driver
    Java 2 Runtime Environment, SE v1.4.2
    Jetico Personal Firewall 1.0
    KeyCAD 2.0
    Logitech MouseWare 9.77
    Mozilla Firefox (3.0.6)
    MSN Music Assistant
    Nero - Burning Rom
    NetShow Tools 3.0
    NewCopy_CDA
    ProductContextNPI
    Readme
    RegAlyzer
    Scan
    ScannerCopy
    Shockwave 7.0.2 Player
    Small Business Resource Guide 2000
    SolutionCenter
    SoundMAX
    SpywareBlaster 4.1
    Status
    Switch
    Toolbox
    TrayApp
    Ulead VideoStudio version 4.0 SE Basic
    Unload
    UnloadSupport
    WebFldrs XP
    WebReg
    WinAVIVideoConverter
    Windows Installer 3.1 (KB893803)
    Windows Media Format Runtime
    Windows Media Player 10
    Windows XP Service Pack 2
    WinRAR archiver
    WordPerfect Office 12

    ==== Event Viewer Messages From Past Week ========

    5/7/2009 11:05:23 PM, error: Service Control Manager [7023] - The wscsvc service terminated with the following error: The specified module could not be found.
    5/7/2009 11:00:16 PM, error: Service Control Manager [7034] - The IMAPI CD-Burning COM Service service terminated unexpectedly. It has done this 1 time(s).
    5/6/2009 7:14:57 PM, error: Service Control Manager [7000] - The hpqcxs08 service failed to start due to the following error: The pipe state is invalid.
    5/6/2009 7:03:25 PM, error: Service Control Manager [7034] - The hpqcxs08 service terminated unexpectedly. It has done this 1 time(s).
    5/6/2009 7:02:23 PM, error: Service Control Manager [7034] - The WebClient service terminated unexpectedly. It has done this 1 time(s).
    5/6/2009 7:02:23 PM, error: Service Control Manager [7034] - The TCP/IP NetBIOS Helper service terminated unexpectedly. It has done this 1 time(s).
    5/6/2009 5:57:09 AM, error: Service Control Manager [7034] - The HP CUE DeviceDiscovery Service service terminated unexpectedly. It has done this 1 time(s).
    5/6/2009 5:57:09 AM, error: Service Control Manager [7001] - The Fast User Switching Compatibility service depends on the Terminal Services service which failed to start because of the following error: The pipe state is invalid.
    5/6/2009 5:57:09 AM, error: Service Control Manager [7000] - The Terminal Services service failed to start due to the following error: The pipe state is invalid.
    5/6/2009 4:07:10 AM, error: Service Control Manager [7032] - The Service Control Manager tried to take a corrective action (Restart the service) after the unexpected termination of the Windows Management Instrumentation service, but this action failed with the following error: An instance of the service is already running.
    5/4/2009 11:01:16 PM, error: Service Control Manager [7034] - The Windows Image Acquisition (WIA) service terminated unexpectedly. It has done this 1 time(s).
    5/4/2009 10:49:53 PM, error: Service Control Manager [7034] - The DNS Client service terminated unexpectedly. It has done this 1 time(s).
    5/4/2009 10:49:42 PM, error: Service Control Manager [7034] - The Windows User Mode Driver Framework service terminated unexpectedly. It has done this 1 time(s).
    5/2/2009 9:12:01 AM, error: Service Control Manager [7001] - The SSDP Discovery Service service depends on the HTTP service which failed to start because of the following error: The system cannot find the file specified.
    5/2/2009 9:12:01 AM, error: Service Control Manager [7000] - The HTTP service failed to start due to the following error: The system cannot find the file specified.
    5/2/2009 9:11:58 AM, error: Service Control Manager [7022] - The SharedAccess service hung on starting.
    5/2/2009 9:11:39 AM, error: Service Control Manager [7022] - The DCOM Server Process Launcher service hung on starting.
    5/2/2009 9:06:54 AM, error: Service Control Manager [7023] - The hpqcxs08 service terminated with the following error: Invalid handle
    5/2/2009 9:06:50 AM, error: Service Control Manager [7031] - The Remote Procedure Call (RPC) service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 60000 milliseconds: Reboot the machine.
    5/2/2009 9:06:50 AM, error: Service Control Manager [7005] - The RpcImpersonateClient call failed with the following error: No security context is available to allow impersonation.
    5/2/2009 9:06:49 AM, error: Service Control Manager [7031] - The Print Spooler service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 60000 milliseconds: Restart the service.
    5/2/2009 9:06:49 AM, error: Service Control Manager [7026] - The following boot-start or system-start driver(s) failed to load: intelppm
    5/2/2009 6:35:20 PM, error: Service Control Manager [7023] - The hpqcxs08 service terminated with the following error: %%2147944122
    5/2/2009 6:35:16 PM, error: Service Control Manager [7031] - The DCOM Server Process Launcher service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 60000 milliseconds: Reboot the machine.
    5/2/2009 6:30:36 PM, error: Service Control Manager [7034] - The Automatic Updates service terminated unexpectedly. It has done this 1 time(s).
    5/2/2009 6:24:57 PM, error: W32Time [17] - Time Provider NtpClient: An error occurred during DNS lookup of the manually configured peer 'time.nist.gov,0x1'. NtpClient will try the DNS lookup again in 15 minutes. The error was: A socket operation was attempted to an unreachable host. (0x80072751)

    ==== End Of File ===========================
     
    flatfoot,
    #1
  2. 2009/05/11
    flatfoot

    flatfoot Inactive Thread Starter

    Joined:
    2002/10/08
    Messages:
    55
    Likes Received:
    0
    I fixed it. I used CCleaner version 2.17.853 and it has a thing on the left that says "Registry ". It said the esukefup was from a program that had been uninstalled and it was something leftover.
    I had never used that registry button before and I ran it five times in a row before it cleaned up all the extra stuff.
    As stated in the forum rules... Flatfoot is not a moderator so this process should only be used upon their recommendation, and at your own risk.

    Thanks to moderators for working on improvements to this forum.
     
    flatfoot,
    #2


  3. to hide this advert.

  4. 2009/05/14
    broni

    broni Moderator Malware Analyst

    Joined:
    2002/08/01
    Messages:
    21,701
    Likes Received:
    116
    Your computer is infected, so fixing some registry entry won't cure it.

    Print these instructions out.

    NOTE. If any of the programs listed below refuse to run, try renaming executive file to something else; for instance, rename hijackthis.exe to scanner.exe

    STEP 1. Download SUPERAntiSpyware Free for Home Users:
    http://www.superantispyware.com/

    * Double-click SUPERAntiSpyware.exe and use the default settings for installation.
    * An icon will be created on your desktop. Double-click that icon to launch the program.
    * If asked to update the program definitions, click "Yes ". If not, update the definitions before scanning by selecting "Check for Updates ". (If you encounter any problems while downloading the updates, manually download and unzip them from here: http://www.superantispyware.com/definitions.html.)
    * Close SUPERAntiSpyware.

    PHYSICALLY DISCONNECT FROM THE INTERNET

    Restart computer in Safe Mode.
    To enter Safe Mode, restart computer, and keep tapping F8 key, until menu appears; select Safe Mode; you'll see "Safe Mode" in all four corners of your screen

    * Open SUPERAntiSpyware.
    * Under Configuration and Preferences, click the Preferences button.
    * Under General and Startup tab, make sure, Start SUPERAntiSpyware when Windows starts option is UN-checked.
    * Click the Scanning Control tab.
    * Under Scanner Options make sure the following are checked (leave all others unchecked):
    - Close browsers before scanning.
    - Scan for tracking cookies.
    - Terminate memory threats before quarantining.
    * Click the Close button to leave the control center screen.
    * Back on the main screen, under Scan for Harmful Software click Scan your computer.
    * On the left, make sure you check C:\Fixed Drive.
    * On the right, under Complete Scan, choose Perform Complete Scan.
    * Click Next to start the scan. Please be patient while it scans your computer.
    * After the scan is complete, a Scan Summary box will appear with potentially harmful items that were detected. Click OK.
    * Make sure everything has a checkmark next to it and click Next.
    * A notification will appear that Quarantine and Removal is Complete. Click OK and then click the Finish button to return to the main menu.
    * If asked if you want to reboot, click Yes.
    * To retrieve the removal information after reboot, launch SUPERAntispyware again.
    - Click Preferences, then click the Statistics/Logs tab.
    - Under Scanner Logs, double-click SUPERAntiSpyware Scan Log.
    - If there are several logs, click the current dated log and press View log. A text file will open in your default text editor.
    - Please copy and paste the Scan Log results in your next reply.
    * Click Close to exit the program.
    Post SUPERAntiSpyware log.
    NOTE: Tracking cookies may be omitted from the log.

    RECONNECT TO THE INTERNET

    RESTART COMPUTER!

    STEP 2. Download Malwarebytes' Anti-Malware: http://www.malwarebytes.org/mbam.php to your desktop.
    (Malwarebytes is free to use as a manual scanner. Payment is only required if you wish to have it run and update automatically which is not necessary for our purposes)

    * Double-click mbam-setup.exe and follow the prompts to install the program.
    * At the end, be sure a checkmark is placed next to Update Malwarebytes' Anti-Malware and Launch Malwarebytes' Anti-Malware, then click Finish.
    * If an update is found, it will download and install the latest version.
    * Once the program has loaded, select Perform full scan, then click Scan.
    * When the scan is complete, click OK, then Show Results to view the results.
    * Be sure that everything is checked, and click Remove Selected.
    * When completed, a log will open in Notepad.
    * Post the log back here.

    The log can also be found here:
    C:\Documents and Settings\Username\Application Data\Malwarebytes\Malwarebytes' Anti-Malware\Logs\log-date.txt
    Or at C:\Program Files\Malwarebytes' Anti-Malware\Logs\log-date.txt

    RESTART COMPUTER!

    STEP 3. Download GMER: http://www.gmer.net/files.php, by clicking on Download EXE button.
    Alternative downloads:
    - http://majorgeeks.com/GMER_d5198.html
    - http://www.softpedia.com/get/Interne...ers/GMER.shtml
    Double click on downloaded .exe file, select Rootkit tab and click the Scan button.
    When scan is completed, click Save button, and save the results as gmer.log
    Warning ! Please, do not select the "Show all" checkbox during the scan.
    Post the log to your next reply.

    RESTART COMPUTER

    STEP 4. Download HijackThis:
    http://www.trendsecure.com/portal/en-US/tools/security_tools/hijackthis/download
    by clicking on Download HijackThis Installer
    Install, and run it.
    Post HijackThis log.
    Do NOT attempt to "fix" anything!


    DO NOT make any other changes to your computer (like installing programs, using other cleaning tools, etc.), until it's officially declared clean!!!
     
    broni,
    #3

Share This Page

  1. This site uses cookies to help personalise content, tailor your experience and to keep you logged in if you register.
    By continuing to use this site, you are consenting to our use of cookies.
    Accept Learn More...