Jump to content

sysproc32.sys,nv4_disp.dll bluescreen and gura.exe


Recommended Posts

Ok so just recently my computer has been acting up, like freezing and not letting me move my mouse for 2-3 seconds or crashing to a nv4_disp.dll Page_fault_in_nonpaged_area bluescreen while playing games,

i also have trouble connecting to my wireless, with TcPip spamming my event viewer

---------------------------------------------------------

The Nv4_disp.dll Problem

Ok so randomly while playing games i crash to this, i have tested my ram with memtest86, i let it do 7 full passes and it came back with 0 errors

i've tried updating my nvidia drivers but the problem keeps arising....

-----------------------------------------------------------

The Gura.exe Problem

in my event viewer, before or right after these Bluescreens i get

The administrator NT AUTHORITY\SYSTEM canceled job "D:\WINDOWS\TEMP\GURA.exe" on behalf of HOME-38D73EF425\Ryan. The job ID was {CECBBF4C-BFDE-48A6-A61A-54C403543F29}.

It used to be called GUR2.exe but has changed recently...

its source is BITS and its event is 16384

-----------------------------------------------------

Tcpip Problem

i have trouble connecting to my wireless sometimes with

The system detected that network adapter Ralink...LAN Card - Packet Scheduler Miniport was connected to the network, and has initiated normal operation over the network adapter.

being spammed in my event viewer about 40 times, its event is 4201

i believe this might be linked to a malware.trace in HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Network\uid

-------------------

i have attached a HIJACK this log, and a MALWAREBYTES LOG, as my malware bytes has found 5 trojan.agents and 4 backdoor.bots

one of which trojan is sysproc86 , sysproc64 , and sysproc32

MBAM log

Malwarebytes' Anti-Malware 1.44

Database version: 3747

Windows 5.1.2600 Service Pack 2

Internet Explorer 6.0.2900.2180

16/02/2010 7:38:08 PM

mbam-log-2010-02-16 (19-38-03).txt

Scan type: Quick Scan

Objects scanned: 132585

Time elapsed: 10 minute(s), 3 second(s)

Memory Processes Infected: 0

Memory Modules Infected: 0

Registry Keys Infected: 4

Registry Values Infected: 1

Registry Data Items Infected: 2

Folders Infected: 2

Files Infected: 3

Memory Processes Infected:

(No malicious items detected)

Memory Modules Infected:

(No malicious items detected)

Registry Keys Infected:

HKEY_USERS\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\{19127ad2-394b-70f5-c650-b97867baa1f7} (Backdoor.Bot) -> No action taken.

HKEY_USERS\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\{43bf8cd1-c5d5-2230-7bb2-98f22c2b7dc6} (Backdoor.Bot) -> No action taken.

HKEY_USERS\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\{19127ad2-394b-70f5-c650-b97867baa1f7} (Backdoor.Bot) -> No action taken.

HKEY_USERS\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\{43bf8cd1-c5d5-2230-7bb2-98f22c2b7dc6} (Backdoor.Bot) -> No action taken.

Registry Values Infected:

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Network\uid (Malware.Trace) -> No action taken.

Registry Data Items Infected:

HKEY_CLASSES_ROOT\regfile\shell\open\command\(default) (Broken.OpenCommand) -> Bad: ("regedit.exe" "%1") Good: (regedit.exe "%1") -> No action taken.

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\UpdatesDisableNotify (Disabled.SecurityCenter) -> Bad: (1) Good: (0) -> No action taken.

Folders Infected:

D:\Documents and Settings\LocalService\Application Data\sysproc64 (Trojan.Agent) -> No action taken.

D:\WINDOWS\system32\sysproc64 (Trojan.Agent) -> No action taken.

Files Infected:

D:\Documents and Settings\LocalService\Application Data\sysproc64\sysproc32.sys (Trojan.Agent) -> No action taken.

D:\WINDOWS\system32\sysproc64\sysproc32.sys (Trojan.Agent) -> No action taken.

D:\WINDOWS\system32\sysproc64\sysproc86.sys (Trojan.Agent) -> No action taken.

HJT log

Logfile of Trend Micro HijackThis v2.0.2

Scan saved at 7:46:44 PM, on 16/02/2010

Platform: Windows XP SP2 (WinNT 5.01.2600)

MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Boot mode: Normal

Running processes:

D:\WINDOWS\System32\smss.exe

D:\WINDOWS\system32\winlogon.exe

D:\WINDOWS\system32\services.exe

D:\WINDOWS\system32\lsass.exe

D:\WINDOWS\system32\nvsvc32.exe

D:\WINDOWS\system32\svchost.exe

D:\Program Files\COMODO\COMODO Internet Security\cmdagent.exe

D:\WINDOWS\system32\svchost.exe

D:\Program Files\Alwil Software\Avast5\AvastSvc.exe

D:\WINDOWS\system32\spoolsv.exe

D:\WINDOWS\system32\cisvc.exe

D:\Program Files\Java\jre6\bin\jqs.exe

D:\Program Files\Kontiki\KService.exe

D:\WINDOWS\system32\PnkBstrB.exe

D:\Program Files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe

D:\WINDOWS\System32\TUProgSt.exe

D:\WINDOWS\system32\atwtusb.exe

D:\WINDOWS\Explorer.EXE

D:\WINDOWS\system32\atwtusb.exe

D:\Program Files\TortoiseSVN\bin\TSVNCache.exe

D:\Program Files\PowerISO\PWRISOVM.EXE

D:\Program Files\Unlocker\UnlockerAssistant.exe

D:\Program Files\Java\jre6\bin\jusched.exe

D:\WINDOWS\system32\RUNDLL32.EXE

D:\WINDOWS\system32\WTMKM.exe

D:\WINDOWS\RTHDCPL.EXE

D:\WINDOWS\system32\RunDll32.exe

D:\PROGRA~1\ALWILS~1\Avast5\avastUI.exe

D:\Program Files\COMODO\COMODO Internet Security\cfp.exe

D:\Program Files\Spybot - Search & Destroy\TeaTimer.exe

D:\Program Files\nerds.de\LoopBe1\loopBeMon.exe

D:\Program Files\RALINK\Common\RaUI.exe

D:\Program Files\Stardock\ObjectDock\ObjectDock.exe

D:\Program Files\Thoosje\thoosje vista sidebar\Thoosje Sidebar.exe

D:\Documents and Settings\Ryan\My Documents\Winflip\WinFlip.exe

D:\Program Files\Mozilla Firefox\firefox.exe

D:\WINDOWS\system32\mmc.exe

D:\WINDOWS\System32\svchost.exe

D:\Program Files\Java\jre6\bin\jucheck.exe

D:\WINDOWS\system32\cidaemon.exe

D:\Program Files\Malwarebytes' Anti-Malware\mbam.exe

D:\Documents and Settings\Ryan\Desktop\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.co.uk/

O2 - BHO: IE7Pro - {00011268-E188-40DF-A514-835FCD78B1BF} - D:\Program Files\IEPro\iepro.dll

O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - D:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll

O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - D:\Program Files\Spybot - Search & Destroy\SDHelper.dll

O2 - BHO: Search Helper - {6EBF7485-159F-4bff-A14F-B9E3AAC4465B} - D:\Program Files\Microsoft\Search Enhancement Pack\Search Helper\SearchHelper.dll

O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - D:\Program Files\Java\jre6\bin\ssv.dll

O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - D:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll

O2 - BHO: Java Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - D:\Program Files\Java\jre6\bin\jp2ssv.dll

O2 - BHO: Windows Live Toolbar Helper - {E15A8DC0-8516-42A1-81EA-DC94EC1ACF10} - D:\Program Files\Windows Live\Toolbar\wltcore.dll

O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - D:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll

O3 - Toolbar: &Windows Live Toolbar - {21FA44EF-376D-4D53-9B0F-8A89D3229068} - D:\Program Files\Windows Live\Toolbar\wltcore.dll

O3 - Toolbar: Veoh Web Player Video Finder - {0FBB9689-D3D7-4f7a-A2E2-585B10099BFC} - D:\Program Files\Veoh Networks\VeohWebPlayer\VeohIEToolbar.dll

O4 - HKLM\..\Run: [PWRISOVM.EXE] D:\Program Files\PowerISO\PWRISOVM.EXE

O4 - HKLM\..\Run: [unlockerAssistant] "D:\Program Files\Unlocker\UnlockerAssistant.exe"

O4 - HKLM\..\Run: [sunJavaUpdateSched] "D:\Program Files\Java\jre6\bin\jusched.exe"

O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE D:\WINDOWS\system32\NvCpl.dll,NvStartup

O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE D:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit

O4 - HKLM\..\Run: [QuickTime Task] "D:\Program Files\QuickTime\qttask.exe" -atboottime

O4 - HKLM\..\Run: [MacrokeyManager] WTMKM.exe

O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE

O4 - HKLM\..\Run: [CmUsbSound] RunDll32 cmcnfgu.cpl,CMICtrlWnd

O4 - HKLM\..\Run: [avast5] D:\PROGRA~1\ALWILS~1\Avast5\avastUI.exe /nogui

O4 - HKLM\..\Run: [COMODO Internet Security] "D:\Program Files\COMODO\COMODO Internet Security\cfp.exe" -h

O4 - HKLM\..\RunOnce: [Malwarebytes' Anti-Malware] D:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe /install /silent

O4 - HKCU\..\Run: [Google Update] "D:\Documents and Settings\Ryan\Local Settings\Application Data\Google\Update\GoogleUpdate.exe" /c

O4 - HKCU\..\Run: [spybotSD TeaTimer] D:\Program Files\Spybot - Search & Destroy\TeaTimer.exe

O4 - Startup: Stardock ObjectDock.lnk = D:\Program Files\Stardock\ObjectDock\ObjectDock.exe

O4 - Startup: Thoosje Sidebar.lnk = D:\Program Files\Thoosje\thoosje vista sidebar\Thoosje Sidebar.exe

O4 - Startup: WinFlip.lnk = D:\Documents and Settings\Ryan\My Documents\Winflip\WinFlip.exe

O4 - Global Startup: LoopBe1 Monitor.lnk = D:\Program Files\nerds.de\LoopBe1\loopBeMon.exe

O4 - Global Startup: Ralink Wireless Utility.lnk = D:\Program Files\RALINK\Common\RaUI.exe

O9 - Extra button: IE7Pro Preferences - {0026439F-A980-4f18-8C95-4F1CBBF9C1D8} - D:\Program Files\IEPro\iepro.dll

O9 - Extra 'Tools' menuitem: IE7Pro Preferences - {0026439F-A980-4f18-8C95-4F1CBBF9C1D8} - D:\Program Files\IEPro\iepro.dll

O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - D:\Program Files\Java\jre6\bin\jp2iexp.dll

O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - D:\Program Files\Java\jre6\bin\jp2iexp.dll

O9 - Extra button: Blog This - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - D:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll

O9 - Extra 'Tools' menuitem: &Blog This in Windows Live Writer - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - D:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll

O9 - Extra button: PalTalk - {4EAFEF58-EEFA-4116-983D-03B49BCBFFFE} - D:\Program Files\Paltalk Messenger\Paltalk.exe

O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - D:\Program Files\Spybot - Search & Destroy\SDHelper.dll

O9 - Extra 'Tools' menuitem: Spybot - Search && Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - D:\Program Files\Spybot - Search & Destroy\SDHelper.dll

O9 - Extra button: @D:\Program Files\Messenger\Msgslang.dll,-61144 - {FB5F1910-F110-11d2-BB9E-00C04F795683} - D:\Program Files\Messenger\msmsgs.exe

O9 - Extra 'Tools' menuitem: @D:\Program Files\Messenger\Msgslang.dll,-61144 - {FB5F1910-F110-11d2-BB9E-00C04F795683} - D:\Program Files\Messenger\msmsgs.exe

O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204

O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://www.update.microsoft.com/windowsupd...b?1199300685734

O17 - HKLM\System\CCS\Services\Tcpip\..\{8DDBA5D9-4A76-442D-B5C3-CD93D7CF3D01}: NameServer = 192.168.1.254

O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - D:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL

O20 - AppInit_DLLs: D:\WINDOWS\system32\guard32.dll

O20 - Winlogon Notify: !SASWinLogon - D:\Program Files\SUPERAntiSpyware\SASWINLO.DLL

O23 - Service: avast! Antivirus - ALWIL Software - D:\Program Files\Alwil Software\Avast5\AvastSvc.exe

O23 - Service: avast! Mail Scanner - ALWIL Software - D:\Program Files\Alwil Software\Avast5\AvastSvc.exe

O23 - Service: avast! Web Scanner - ALWIL Software - D:\Program Files\Alwil Software\Avast5\AvastSvc.exe

O23 - Service: COMODO Internet Security Helper Service (cmdAgent) - COMODO - D:\Program Files\COMODO\COMODO Internet Security\cmdagent.exe

O23 - Service: FLEXnet Licensing Service - Acresso Software Inc. - D:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe

O23 - Service: Google Update Service (gupdate1ca217f867ce258) (gupdate1ca217f867ce258) - Google Inc. - D:\Program Files\Google\Update\GoogleUpdate.exe

O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - D:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe

O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - D:\Program Files\Java\jre6\bin\jqs.exe

O23 - Service: KService - Kontiki Inc. - D:\Program Files\Kontiki\KService.exe

O23 - Service: NVIDIA Display Driver Service (nvsvc) - NVIDIA Corporation - D:\WINDOWS\system32\nvsvc32.exe

O23 - Service: PnkBstrB - Unknown owner - D:\WINDOWS\system32\PnkBstrB.exe

O23 - Service: TuneUp Drive Defrag Service (TuneUp.Defrag) - TuneUp Software - D:\WINDOWS\System32\TuneUpDefragService.exe

O23 - Service: TuneUp Program Statistics Service (TuneUp.ProgramStatisticsSvc) - TuneUp Software - D:\WINDOWS\System32\TUProgSt.exe

O23 - Service: WTService - Unknown owner - D:\WINDOWS\system32\atwtusb.exe

--

End of file - 9101 bytes

Edited by Maurice Naggar
Inserted logs in-line
Link to post
Share on other sites

Hello,

Preface:

Please do NOT change, add, or modify anything without checking with me first.

Do NOT change any hardware driver, or tweak or add programs,etc.

Any display or stability issues have to be sidelined, until all malwares are dealt with.

Right now, there are malwares to remove.

IF Normal mode is unstable, you may restart the system, and login to Safe Mode with Networking.

However, it is best to stay in Normal mode if possible.

You will want to print out or copy these instructions to Notepad for offline reference!

eusa_hand.gif

If you are a casual viewer, do NOT try this on your system!

If you are not RatchetStrike and have a similar problem, do NOT post here; start your own topic

Do not run or start any other programs while these utilities and tools are in use!

icon_arrow.gif Do NOT run any other tools on your own or do any fixes other than what is listed here.

If you have questions, please ask before you do something on your own.

But it is important that you get going on these following steps.

=

Close any of your open programs while you run these tools.

Step 1

DISABLE Spybot's TEA TIMER and keep it that way while we deal with malwares; otherwise, it will block changes we need to put into effect. Further, if you are not fully familiar with it's functions, do not re-activate it.

Right click the Spybot Icon (blue icon with lock teatimer-systemtray-en.1.png) in the system tray (notification area).

  • If you have the new version, click once on Resident Protection and make sure it is Unchecked.
  • If you have Version 1.4, Click on Exit Spybot S&D Resident
    If Teatimer gives you a warning that changes were made, click the "Allow Change" box when prompted.
    Exit Spybot S&D when done and reboot the system so the changes are in effect.

Step 2

Start HijackThis. Look for these lines and place a checkmark against each of the following, if still present

O4 - HKCU\..\Run: [spybotSD TeaTimer] D:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
Click on Fix Checked when finished and exit HijackThis.

Make sure your Internet Explorer (& or any other window) is closed when you click Fix Checked!

Step 3

1. Go >> Here << and download ERUNT

(ERUNT (Emergency Recovery Utility NT) is a free program that allows you to keep a complete backup of your registry and restore it when needed.)

2. Install ERUNT by following the prompts

(use the default install settings but say no to the portion that asks you to add ERUNT to the start-up folder, if you like you can enable this option later)

3. Start ERUNT

(either by double clicking on the desktop icon or choosing to start the program at the end of the setup)

4. Choose a location for the backup

(the default location is C:\WINDOWS\ERDNT which is acceptable).

5. Make sure that at least the first two check boxes are ticked

6. Press OK

7. Press YES to create the folder.

Step 4

Set Windows to show all files and all folders.

On your Desktop, double click My Computer, from the menu options, select tools, then Folder Options, and then select VIEW Tab and look at all of settings listed.

"CHECK" (turn on) Display the contents of system folders.

Under column, Hidden files and folders----choose ( *select* ) Show hidden files and folders.

Next, un-check Hide extensions for known file types.

Next un-check Hide protected operating system files.

Step 5

Temporarily disable the real-time-monitor of your Antivirus app: Avast

How To Temporarily Disable Your Anti-virus, Firewall And Anti-malware Programs

Do NOT turn off your firewall.

Step 6

Download The Avenger by Swandog46 from here.

  • Unzip/extract it to a folder on your desktop.
  • Double click on avenger.exe to run The Avenger.
  • Click OK.
  • Make sure that the box next to Scan for rootkits has a tick in it and that the box next to Automatically disable any rootkits found does not have a tick in it.
  • Copy all of the text in the below textbox to the clibpboard by highlighting it and then pressing Ctrl+C.
    Drivers to delete:
    sysproc32
    sysproc86
    sysproc64

    Files to delete:
    D:\Documents and Settings\LocalService\Application Data\sysproc64\sysproc32.sys
    D:\WINDOWS\system32\sysproc64\sysproc32.sys
    D:\WINDOWS\system32\sysproc64\sysproc86.sys
    D:\WINDOWS\TEMP\GURA.exe

    Folders to delete:
    D:\Documents and Settings\LocalService\Application Data\sysproc64
    D:\WINDOWS\system32\sysproc64


  • In the avenger window, click the Paste Script from Clipboard icon, pastets4.png button.
  • :!: Make sure that what appears in Avenger matches exactly what you were asked to Copy/Paste from the Code box above.
  • Click the Execute button.
  • You will be asked Are you sure you want to execute the current script?.
  • Click Yes.
  • You will now be asked First step completed --- The Avenger has been successfully set up to run on next boot. Reboot now?.
  • Click Yes.
  • Your PC will now be rebooted.
  • Note: If the above script contains Drivers to delete: or Drivers to disable:, then The Avenger will require two reboots to complete its operation.
  • If that is the case, it will force a BSOD on the first reboot. This is normal & expected behaviour.
  • After your PC has completed the necessary reboots, a log should automatically open. Please copy/paste the contents of c:\avenger.txt into your next reply.

Step 7

Download TFC by OldTimer to your desktop

  • Please double-click TFC.exe to run it. (Note: If you are running on Vista or Windows 7, right-click on the file and choose Run As Administrator).
  • It will close all programs when run, so make sure you have saved all your work before you begin.
  • Click the Start button to begin the process. Depending on how often you clean temp files, execution time should be anywhere from a few seconds to a minute or two. Let it run uninterrupted to completion.
  • IF prompted to Reboot, reply "Yes".

Step 8

Start your MBAM MalwareBytes' Anti-Malware.

Click the Settings Tab. Make sure all option lines have a checkmark.

Next, Click the Update tab. Press the "Check for Updates" button.

When done, click the Scanner tab.

Do a Quick Scan.

When the scan is complete, click OK, then Show Results to view the results.

Make sure that everything is checked, and click Remove Selected.

When disinfection is completed, a log will open in Notepad and you may be prompted to Restart.

The log is automatically saved by MBAM and can be viewed by clicking the Logs tab in MBAM.

Step 9

Download GMER Rootkit Scanner from here or here. Unzip it to your Desktop.

========================================================

Before scanning, make sure all other running programs are closed and no other actions like a scheduled antivirus scan will occur while the scan is being performed. Do not use your computer for anything else during the scan.

========================================================

Double-click gmer.exe. The program will begin to run.

**Caution**

These types of scans can produce false positives. Do NOT take any action on any "<--- ROOKIT" entries unless advised by a trained Security Analyst

If possible rootkit activity is found, you will be asked if you would like to perform a full scan.

  • Click Yes.
  • Once the scan is complete, you may receive another notice about rootkit activity.
  • Click OK.
  • GMER will produce a log. Click on the [save..] button, and in the File name area, type in "Gmer.txt".
  • Save it where you can easily find it, such as your desktop.

If you do not receive notice about possible rootkit activity remain on the Rootkit/Malware tab & make sure the 'Show All' button is unticked.

  • Click the Scan button and let the program do its work. GMER will produce a log. Click on the [save..] button, and in the File name area, type in "Gmer.txt".
  • Save it where you can easily find it, such as your desktop.

Step 10

Re-Enable your antivirus program !

Download Random's System Information Tool (RSIT) by random/random from here and save it to your desktop.

  • Double click on RSIT.exe to run RSIT.
  • Click Continue at the disclaimer screen.
  • Once it has finished, two logs will open. Please post the contents of both log.txt (<<will be maximized) and info.txt (<<will be minimized)

Do not use the attachment feature to place any of your reports. Always put them in-line inside the body of reply.

Reply with copy of contents of C:\Avenger.txt

the latest MBAM scan log

Log.txt

Info.txt

Be sure to do a Preview prior to pressing Submit because all reports may not fit into 1 single reply. You may have to do more than 1 reply.

Link to post
Share on other sites

Due to the lack of feedback this topic is closed to prevent others from posting here. If you need this topic reopened, please send a Private Message to any one of the moderating team members. Please include a link to this thread with your request. This applies only to the originator of this thread.

Other members who need assistance please start your own topic in a new thread. Thanks!

Link to post
Share on other sites

Guest
This topic is now closed to further replies.
 Share

  • Recently Browsing   0 members

    • No registered users viewing this page.
Back to top
×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.