TechSpot

Malware removal - remote support

By Bahawolf
Sep 1, 2010
  1. Hello everyone. - I am supporting a friend remotely and I was previously working on this issue with Bobby but the user did decide to run a scan on their own which conflicted with the rules.

    I've told them that if they do so again, they will NOT be assisted and they have agreed to not touch the unit.

    That being said, I'd like to begin the cleansing process if allowed...

    Logs:


    Malwarebytes' Anti-Malware 1.46
    www.malwarebytes.org

    Database version: 4526

    Windows 6.0.6001 Service Pack 1
    Internet Explorer 7.0.6001.18000

    9/1/2010 19:20:34
    mbam-log-2010-09-01 (19-20-34).txt

    Scan type: Quick scan
    Objects scanned: 137172
    Time elapsed: 6 minute(s), 9 second(s)

    Memory Processes Infected: 0
    Memory Modules Infected: 0
    Registry Keys Infected: 0
    Registry Values Infected: 0
    Registry Data Items Infected: 0
    Folders Infected: 0
    Files Infected: 0

    Memory Processes Infected:
    (No malicious items detected)

    Memory Modules Infected:
    (No malicious items detected)

    Registry Keys Infected:
    (No malicious items detected)

    Registry Values Infected:
    (No malicious items detected)

    Registry Data Items Infected:
    (No malicious items detected)

    Folders Infected:
    (No malicious items detected)

    Files Infected:
    (No malicious items detected)

    ==


    GMER 1.0.15.15281 - http://www.gmer.net
    Rootkit quick scan 2010-09-01 19:27:42
    Windows 6.0.6001 Service Pack 1
    Running: w87l01ws.exe; Driver: C:\Users\Chris\AppData\Local\Temp\ufldapoc.sys


    ---- System - GMER 1.0.15 ----

    Code \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/ALWIL Software) ZwCreateProcessEx [0x8E3A7B9C]
    Code \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/ALWIL Software) ZwCreateSection [0x8E3A79C0]
    Code \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/ALWIL Software) ZwLoadDriver [0x8E3A7AFA]
    Code \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/ALWIL Software) NtCreateSection
    Code \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/ALWIL Software) ObInsertObject
    Code \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/ALWIL Software) ObMakeTemporaryObject

    ---- Devices - GMER 1.0.15 ----

    Device \FileSystem\Ntfs \Ntfs aswSP.SYS (avast! self protection module/ALWIL Software)

    AttachedDevice \Driver\tdx \Device\Tcp aswTdi.SYS (avast! TDI Filter Driver/ALWIL Software)
    AttachedDevice \Driver\tdx \Device\Udp aswTdi.SYS (avast! TDI Filter Driver/ALWIL Software)

    ---- EOF - GMER 1.0.15 ----

    ==



    DDS (Ver_10-03-17.01) - NTFSx86 NETWORK
    Run by Chris at 19:45:16.49 on Wed 09/01/2010
    Internet Explorer: 7.0.6001.18000 BrowserJavaVersion: 1.6.0_21
    Microsoft® Windows Vista™ Home Premium 6.0.6001.1.1252.1.1033.18.2039.1637 [GMT -7:00]

    SP: Windows Defender *disabled* (Updated) {D68DDC3A-831F-4FAE-9E44-DA132C1ACF46}

    ============== Running Processes ===============

    C:\Windows\system32\wininit.exe
    C:\Windows\system32\lsm.exe
    C:\Windows\system32\svchost.exe -k DcomLaunch
    C:\Windows\system32\svchost.exe -k rpcss
    C:\Windows\System32\svchost.exe -k secsvcs
    C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
    C:\Windows\system32\svchost.exe -k netsvcs
    C:\Windows\system32\svchost.exe -k NetworkService
    C:\Windows\system32\svchost.exe -k LocalService
    C:\Windows\system32\svchost.exe -k LocalSystemNetworkRestricted
    C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
    C:\Windows\Explorer.EXE
    C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
    C:\Program Files\TeamViewer\Version5\TeamViewer_Service.exe
    C:\Program Files\TeamViewer\Version5\TeamViewer.exe
    C:\Program Files\Windows Media Player\wmpnscfg.exe
    C:\Windows\system32\wbem\unsecapp.exe
    C:\Windows\system32\wbem\wmiprvse.exe
    C:\Program Files\Alwil Software\Avast5\AvastUI.exe
    C:\Users\Chris\Desktop\dds.scr
    C:\Windows\system32\wbem\wmiprvse.exe

    ============== Pseudo HJT Report ===============

    uInternet Settings,ProxyOverride = *.local;<local>
    uInternet Settings,ProxyServer = http=localhost:7171
    BHO: Java(tm) Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll
    TB: Windows Live Toolbar: {bdad1dad-c946-4a17-adc1-64b5b4ff55d0} - c:\program files\windows live toolbar\msntb.dll
    mRun: [Malwarebytes' Anti-Malware] "c:\program files\malwarebytes' anti-malware\mbamgui.exe" /starttray
    mRun: [SunJavaUpdateSched] "c:\program files\common files\java\java update\jusched.exe"
    dRun: [MySpaceIM] c:\program files\myspace\im\MySpaceIM.exe
    StartupFolder: c:\progra~2\micros~1\windows\startm~1\programs\startup\autoru~1\mri_di~1\exifla~1.lnk - c:\program files\finepixviewers\QuickDCF2.exe
    mPolicies-system: EnableLUA = 0 (0x0)
    IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - c:\progra~1\micros~2\office12\ONBttnIE.dll
    IE: {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - c:\program files\yahoo!\common\yiesrvc.dll
    IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\micros~2\office12\REFIEBAR.DLL
    DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} - hxxp://download.bitdefender.com/resources/scanner/sources/en/scan8/oscan8.cab
    DPF: {7530BFB8-7293-4D34-9923-61A11451AFC5} - hxxp://download.eset.com/special/eos/OnlineScanner.cab
    DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_21-windows-i586.cab
    DPF: {CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_21-windows-i586.cab
    DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_21-windows-i586.cab
    Notify: igfxcui - igfxdev.dll

    ================= FIREFOX ===================

    FF - ProfilePath - c:\users\chris\appdata\roaming\mozilla\firefox\profiles\l8k0id2p.default\
    FF - plugin: c:\program files\java\jre6\bin\new_plugin\npdeployJava1.dll
    FF - plugin: c:\program files\mozilla firefox\plugins\npdeployJava1.dll
    FF - HiddenExtension: Java Console: No Registry Reference - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA}

    ============= SERVICES / DRIVERS ===============

    R2 TeamViewer5;TeamViewer 5;c:\program files\teamviewer\version5\TeamViewer_Service.exe [2010-7-6 173352]
    S1 aswSP;aswSP;c:\windows\system32\drivers\aswSP.sys [2010-8-17 165456]
    S2 aswFsBlk;aswFsBlk;c:\windows\system32\drivers\aswFsBlk.sys [2010-8-17 17744]
    S2 aswMonFlt;aswMonFlt;c:\windows\system32\drivers\aswMonFlt.sys [2010-8-17 50256]
    S2 avast! Antivirus;avast! Antivirus;c:\program files\alwil software\avast5\AvastSvc.exe [2010-8-17 40384]
    S2 lxddCATSCustConnectService;lxddCATSCustConnectService;c:\windows\system32\spool\drivers\w32x86\3\lxddserv.exe [2007-4-25 99248]
    S2 MBAMService;MBAMService;c:\program files\malwarebytes' anti-malware\mbamservice.exe [2010-8-24 304464]
    S2 uvnc_service;uvnc_service;c:\program files\ultravnc\winvnc.exe [2010-8-24 1590216]
    S3 avast! Mail Scanner;avast! Mail Scanner;c:\program files\alwil software\avast5\AvastSvc.exe [2010-8-17 40384]
    S3 avast! Web Scanner;avast! Web Scanner;c:\program files\alwil software\avast5\AvastSvc.exe [2010-8-17 40384]
    S3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [2010-8-24 20952]
    S3 mv2;mv2;c:\windows\system32\drivers\mv2.sys [2010-8-24 12096]
    S3 NETw2v32;Intel(R) PRO/Wireless 2200BG Network Connection Driver for Windows Vista;c:\windows\system32\drivers\NETw2v32.sys [2006-11-2 2589184]
    S4 lxdd_device;lxdd_device;c:\windows\system32\lxddcoms.exe -service --> c:\windows\system32\lxddcoms.exe -service [?]

    =============== Created Last 30 ================

    2010-08-30 04:42:17 0 d-----w- C:\$RECYCLE.BIN
    2010-08-28 16:57:45 0 d-----w- c:\users\chris\appdata\roaming\Webroot
    2010-08-28 16:24:14 82 ----a-w- c:\windows\qawin32.INI
    2010-08-28 14:24:01 0 d-----w- c:\programdata\Sun
    2010-08-28 14:23:38 423656 ----a-w- c:\windows\system32\deployJava1.dll
    2010-08-28 13:47:41 0 d-----w- c:\program files\Windows Installer Clean Up
    2010-08-28 13:47:34 0 d-----w- c:\program files\MSECACHE
    2010-08-28 12:17:38 0 d-----w- c:\program files\JDownloader
    2010-08-25 04:51:39 0 d-----w- c:\program files\ESET
    2010-08-25 04:48:33 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
    2010-08-25 04:48:32 20952 ----a-w- c:\windows\system32\drivers\mbam.sys
    2010-08-25 04:48:32 0 d-----w- c:\program files\Malwarebytes' Anti-Malware
    2010-08-25 04:27:59 23872 ----a-w- c:\windows\system32\mv2.dll
    2010-08-25 04:27:59 12096 ----a-w- c:\windows\system32\drivers\mv2.sys
    2010-08-25 04:27:51 0 d-----w- c:\program files\UltraVNC
    2010-08-18 12:21:49 95024 ----a-w- c:\windows\system32\drivers\SBREDrv.sys
    2010-08-18 11:57:06 0 d-----w- c:\programdata\Lavasoft
    2010-08-18 11:57:06 0 d-----w- c:\program files\Lavasoft
    2010-08-18 05:18:36 50256 ----a-w- c:\windows\system32\drivers\aswMonFlt.sys
    2010-08-18 05:18:11 38848 ----a-w- c:\windows\avastSS.scr
    2010-08-18 05:18:08 0 d-----w- c:\programdata\Alwil Software
    2010-08-17 02:40:56 0 d-----w- c:\program files\roguescanfix
    2010-08-17 02:32:07 0 d-----w- c:\windows\LMI7445.tmp
    2010-08-17 02:27:38 0 d-----w- c:\program files\Trend Micro
    2010-08-15 17:01:06 0 d-----w- c:\users\chris\appdata\roaming\TeamViewer
    2010-08-15 15:49:02 0 d-----w- c:\users\chris\appdata\roaming\PCToolsFirewallPlus
    2010-08-15 15:49:01 0 d-----w- c:\users\chris\appdata\roaming\Spam Monitor
    2010-08-15 14:44:08 0 d-----w- c:\programdata\PC Tools
    2010-08-15 14:44:08 0 d-----w- c:\program files\PC Tools Internet Security
    2010-08-15 14:43:38 0 d-----w- c:\users\chris\appdata\roaming\Swhst
    2010-08-15 14:09:02 798 ---ha-w- C:\IPH.PH
    2010-08-15 14:09:02 0 d-----w- C:\TEMP
    2010-08-15 14:01:16 0 d-----w- c:\program files\common files\PC Tools
    2010-08-15 14:01:14 0 d---a-w- c:\programdata\TEMP
    2010-08-15 13:11:46 4213696 ----a-w- C:\ExterminateIt.exe
    2010-08-15 07:16:34 0 d-----w- c:\program files\Exterminate It!
    2010-08-15 06:51:29 226688 ----a-w- C:\BdUninstallTool2010.08.14-11.51.29.reg
    2010-08-15 04:22:02 0 d-----w- c:\users\chris\appdata\roaming\QuickScan
    2010-08-14 22:56:26 0 d-----w- c:\programdata\SUPERAntiSpyware.com
    2010-08-10 03:34:33 15892480 ----a-w- C:\Ad-AwareInstall.exe
    2010-08-10 03:03:53 0 d-----w- c:\programdata\Spybot - Search & Destroy
    2010-08-10 03:03:53 0 d-----w- c:\program files\Spybot - Search & Destroy
    2010-08-10 02:44:19 16409960 ----a-w- C:\spybotsd162.exe
    2010-08-10 02:12:38 35 ----a-w- c:\users\chris\appdata\roaming\SetValue.bat
    2010-08-10 02:12:37 691 ----a-w- c:\users\chris\appdata\roaming\GetValue.vbs
    2010-08-09 23:56:45 0 d-----w- c:\users\chris\appdata\roaming\Malwarebytes
    2010-08-09 23:56:27 0 d-----w- c:\programdata\Malwarebytes
    2010-08-09 23:50:12 0 d-----w- c:\program files\TeamViewer
    2010-08-03 22:46:16 221300608 ----a-w- c:\windows\MEMORY.DMP

    ==================== Find3M ====================

    2010-08-31 16:10:00 4022 ----a-w- c:\users\chris\appdata\roaming\wklnhst.dat
    2010-08-25 04:28:06 86016 ----a-w- c:\windows\inf\infstrng.dat
    2010-08-25 04:28:06 51200 ----a-w- c:\windows\inf\infpub.dat
    2010-08-25 04:28:05 86016 ----a-w- c:\windows\inf\infstor.dat
    2008-08-03 09:44:02 174 --sha-w- c:\program files\desktop.ini
    2008-08-03 09:31:48 665600 ----a-w- c:\windows\inf\drvindex.dat
    2006-11-02 12:42:02 30674 ----a-w- c:\windows\inf\perflib\0409\perfd.dat
    2006-11-02 12:42:02 30674 ----a-w- c:\windows\inf\perflib\0409\perfc.dat
    2006-11-02 12:42:02 287440 ----a-w- c:\windows\inf\perflib\0409\perfi.dat
    2006-11-02 12:42:02 287440 ----a-w- c:\windows\inf\perflib\0409\perfh.dat
    2006-11-02 09:20:21 287440 ----a-w- c:\windows\inf\perflib\0000\perfi.dat
    2006-11-02 09:20:21 287440 ----a-w- c:\windows\inf\perflib\0000\perfh.dat
    2006-11-02 09:20:19 30674 ----a-w- c:\windows\inf\perflib\0000\perfd.dat
    2006-11-02 09:20:19 30674 ----a-w- c:\windows\inf\perflib\0000\perfc.dat
    2009-05-01 06:44:18 16384 --sha-w- c:\windows\serviceprofiles\localservice\appdata\local\microsoft\windows\history\history.ie5\index.dat
    2009-05-01 06:44:18 32768 --sha-w- c:\windows\serviceprofiles\localservice\appdata\local\microsoft\windows\temporary internet files\content.ie5\index.dat
    2009-05-01 06:44:18 16384 --sha-w- c:\windows\serviceprofiles\localservice\appdata\roaming\microsoft\windows\cookies\index.dat
    2008-01-15 06:45:41 16384 --sha-w- c:\windows\serviceprofiles\networkservice\appdata\local\microsoft\windows\history\history.ie5\index.dat
    2008-01-15 06:45:41 32768 --sha-w- c:\windows\serviceprofiles\networkservice\appdata\local\microsoft\windows\temporary internet files\content.ie5\index.dat
    2008-01-15 06:45:41 16384 --sha-w- c:\windows\serviceprofiles\networkservice\appdata\roaming\microsoft\windows\cookies\index.dat

    ============= FINISH: 19:46:17.53 ===============

    ==



    UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.
    IF REQUESTED, ZIP IT UP & ATTACH IT

    DDS (Ver_10-03-17.01)

    Microsoft® Windows Vista™ Home Premium
    Boot Device: \Device\HarddiskVolume2
    Install Date: 9/24/2007 12:27:24
    System Uptime: 9/1/2010 19:36:25 (0 hours ago)

    Motherboard: ELITEGROUP | | 945GCT-M3
    Processor: Intel(R) Pentium(R) Dual CPU E2140 @ 1.60GHz | Socket 775 | 1599/200mhz

    ==== Disk Partitions =========================

    C: is FIXED (NTFS) - 288 GiB total, 216.985 GiB free.
    D: is FIXED (NTFS) - 10 GiB total, 4.524 GiB free.
    E: is CDROM ()
    G: is Removable
    H: is Removable
    I: is Removable
    J: is Removable

    ==== Disabled Device Manager Items =============

    ==== System Restore Points ===================


    ==== Installed Programs ======================

    2007 Microsoft Office Suite Service Pack 1 (SP1)
    ABBYY FineReader 6.0 Sprint
    Activation Assistant for the 2007 Microsoft Office suites
    Adobe Flash Player 10 Plugin
    Adobe Flash Player ActiveX
    Adobe Reader 8.1.2
    Agere Systems PCI-SV92PP Soft Modem
    Apple Application Support
    Apple Mobile Device Support
    Apple Software Update
    avast! Free Antivirus
    Bejeweled 2 Deluxe
    BlackBerry Desktop Software 4.5
    Bonjour
    Chicago Blackhawks Desktop Communicator
    Digital Media Reader
    ESET Online Scanner v3
    Exterminate It!
    FUJIFILM FinePixViewer S Ver.2.1
    Gateway Connect
    Gateway Game Console
    Gateway Recovery Center Installer
    Highlight Viewer (Windows Live Toolbar)
    HiJackThis
    Intel(R) Graphics Media Accelerator Driver
    iTunes
    Java Auto Updater
    Java(TM) 6 Update 21
    JDownloader
    Lexmark 2500 Series
    Lexmark Fax Solutions
    Malwarebytes' Anti-Malware
    Map Button (Windows Live Toolbar)
    Microsoft Money Essentials
    Microsoft Money Shared Libraries
    Microsoft Office Excel MUI (English) 2007
    Microsoft Office Home and Student 2007
    Microsoft Office OneNote MUI (English) 2007
    Microsoft Office PowerPoint MUI (English) 2007
    Microsoft Office Proof (English) 2007
    Microsoft Office Proof (French) 2007
    Microsoft Office Proof (Spanish) 2007
    Microsoft Office Proofing (English) 2007
    Microsoft Office Shared MUI (English) 2007
    Microsoft Office Shared Setup Metadata MUI (English) 2007
    Microsoft Office Word MUI (English) 2007
    Microsoft Visual C++ 2005 Redistributable
    Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
    Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
    Microsoft Works
    Microsoft WSE 2.0 SP3 Runtime
    MobileMe Control Panel
    Mozilla Firefox (3.0.19)
    MSXML 4.0 SP2 (KB936181)
    MSXML 4.0 SP2 (KB941833)
    MSXML 4.0 SP2 (KB954430)
    MySpaceIM
    Power2Go 5.0
    QuickTime
    Realtek High Definition Audio Driver
    Roxio Media Manager
    Security Update for 2007 Microsoft Office System (KB951550)
    Security Update for 2007 Microsoft Office System (KB951944)
    Security Update for 2007 Microsoft Office System (KB960003)
    Security Update for Microsoft Office Excel 2007 (KB959997)
    Security Update for Microsoft Office OneNote 2007 (KB950130)
    Security Update for Microsoft Office PowerPoint 2007 (KB951338)
    Security Update for Microsoft Office system 2007 (KB954326)
    Security Update for Microsoft Office system 2007 (KB956828)
    Security Update for Microsoft Office Word 2007 (KB956358)
    Smart Menus (Windows Live Toolbar)
    Spare Backup
    TeamViewer 5
    Tradewinds
    UltraVNC 1.0.8.2
    Update for 2007 Microsoft Office System (KB967642)
    Update for Microsoft Office 2007 Help for Common Features (KB963673)
    Update for Microsoft Office Excel 2007 Help (KB963678)
    Update for Microsoft Office OneNote 2007 Help (KB963670)
    Update for Microsoft Office Powerpoint 2007 Help (KB963669)
    Update for Microsoft Office Script Editor Help (KB963671)
    Update for Microsoft Office Word 2007 Help (KB963665)
    Visual C++ 2008 x86 Runtime - (v9.0.30729)
    Visual C++ 2008 x86 Runtime - v9.0.30729.01
    Windows Installer Clean Up
    Windows Live Favorites for Windows Live Toolbar
    Windows Live installer
    Windows Live Sign-in Assistant
    Windows Live Toolbar
    Windows Live Toolbar Extension (Windows Live Toolbar)
    WinRAR archiver
    Yahoo! Browser Services
    Yahoo! Install Manager
    Yahoo! Internet Mail
    Yahoo! Messenger
    Yahoo! Toolbar

    ==== End Of File ===========================
     
  2. Bobbye

    Bobbye Helper on the Fringe Posts: 16,335   +36

    I remember that! Every time I opened a log, some other scan had been done- good that you read the riot act! I'll review the logs shortly. I notices there are some data updated by Webroot on 8/28. This was a problem previously. If possible, find out what's running from Webroot and if it's security, as that it be temporarily disabled.

    Back in a bit.
     
  3. Bahawolf

    Bahawolf TS Rookie Topic Starter

    It was Webroot System Analyzer that was run, and allegedly removed but the user doesn't know all that much about computers obviously. I can't seem to find it installed either, so I wonder where it could be stemming from.

    Thanks for your help!
     
  4. Bobbye

    Bobbye Helper on the Fringe Posts: 16,335   +36

    Since it's still collecting data, it's using resources. I can remove it in script after Combofix:

    First, let's do a Security Check:
    Download Security Check and save it to your Desktop.
    • Double-click SecurityCheck.exe to run.
    • Follow the onscreen instructions inside of the black box.
    • A Notepad document should open automatically called checkup.txt; please post this log in your next reply.
    =============================
    Follow with download ComboFix from Here and save to your Desktop.

    • [1]. Do NOT rename Combofix unless instructed.
      [2].Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.
      [3].Close any open browsers.
      [4]. Double click combofix.exe & follow the prompts to run.
    • NOTE: Combofix will disconnect your machine from the Internet as soon as it starts. The connection is automatically restored before CF completes its run. If it does not, restart your computer to restore your connection.
      [5]. If Combofix asks you to install Recovery Console, please allow it.
      [6]. If Combofix asks you to update the program, always allow.
    • Please do not attempt to re-connect your machine back to the Internet until Combofix has completely finished.
      [7]. A report will be generated after the scan. Please post the C:\ComboFix.txt in next reply.
    Note: Do not mouseclick combofix's window while it's running. That may cause it to stall.
    Note: Make sure you re-enable your security programs, when you're done with Combofix..
    =============================
    Then Run Eset NOD32 Online AntiVirus scan HERE
    1. Tick the box next to YES, I accept the Terms of Use.
    2. Click Start
    3. When asked, allow the Active X control to install
    4. Disable your current Antivirus software. You can usually do this with its Notification Tray icon near the clock.
    5. Click Start
    6. Make sure that the option "Remove found threats" is Unchecked, and the option "Scan unwanted applications" is checked
    7. Click Scan
    8. Wait for the scan to finish
    9. Re-enable your Antivirus software.
    10. A logfile is created and located at C:\Program Files\EsetOnlineScanner\log.txt. Please include this on your post.

    Can you refresh me please on the current problems?
     
Topic Status:
Not open for further replies.

Similar Topics

Add New Comment

You need to be a member to leave a comment. Join thousands of tech enthusiasts and participate.
TechSpot Account You may also...