Jump to content

Recommended Posts

MS Forefront will find what it calls trojan:DOS/Alureon.A rootkit:AlureonMbr but cannot clean or quaranteen it If you need anything else please let me know. Thanks for your help

11:09:34 aaron MESSAGE Protection started successfully

11:09:47 aaron MESSAGE IP Protection started successfully

11:11:01 aaron IP-BLOCK 208.73.210.29 (Type: incoming)

11:12:47 aaron IP-BLOCK 208.73.210.29 (Type: incoming)

11:16:48 aaron IP-BLOCK 208.73.210.29 (Type: incoming)

11:29:07 aaron IP-BLOCK 208.73.210.29 (Type: outgoing)

11:29:10 aaron IP-BLOCK 208.73.210.29 (Type: outgoing)

11:29:16 aaron IP-BLOCK 208.73.210.29 (Type: outgoing)

11:52:09 aaron MESSAGE Protection started successfully

11:52:19 aaron MESSAGE IP Protection started successfully

11:53:04 aaron IP-BLOCK 208.73.210.29 (Type: outgoing)

11:53:07 aaron IP-BLOCK 208.73.210.29 (Type: outgoing)

11:53:13 aaron IP-BLOCK 208.73.210.29 (Type: outgoing)

11:54:51 aaron IP-BLOCK 208.73.210.29 (Type: outgoing)

11:54:54 aaron IP-BLOCK 208.73.210.29 (Type: outgoing)

11:55:00 aaron IP-BLOCK 208.73.210.29 (Type: outgoing)

11:56:57 aaron IP-BLOCK 208.73.210.29 (Type: outgoing)

11:56:59 aaron IP-BLOCK 208.73.210.29 (Type: outgoing)

11:57:00 aaron IP-BLOCK 208.73.210.29 (Type: outgoing)

11:57:00 aaron IP-BLOCK 208.73.210.29 (Type: outgoing)

11:57:02 aaron IP-BLOCK 208.73.210.29 (Type: outgoing)

11:57:06 aaron IP-BLOCK 208.73.210.29 (Type: outgoing)

11:57:18 aaron IP-BLOCK 208.73.210.29 (Type: outgoing)

11:57:21 aaron IP-BLOCK 208.73.210.29 (Type: outgoing)

11:57:27 aaron IP-BLOCK 208.73.210.29 (Type: outgoing)

11:57:39 aaron IP-BLOCK 208.73.210.29 (Type: outgoing)

11:57:41 aaron IP-BLOCK 208.73.210.29 (Type: outgoing)

11:57:42 aaron IP-BLOCK 208.73.210.29 (Type: outgoing)

11:57:43 aaron IP-BLOCK 208.73.210.29 (Type: outgoing)

11:57:44 aaron IP-BLOCK 208.73.210.29 (Type: outgoing)

11:57:48 aaron IP-BLOCK 208.73.210.29 (Type: outgoing)

11:57:59 aaron IP-BLOCK 68.168.212.18 (Type: incoming)

11:58:28 aaron IP-BLOCK 208.73.210.29 (Type: outgoing)

11:58:31 aaron IP-BLOCK 208.73.210.29 (Type: outgoing)

11:58:37 aaron IP-BLOCK 208.73.210.29 (Type: outgoing)

11:58:49 aaron IP-BLOCK 208.73.210.29 (Type: outgoing)

11:58:52 aaron IP-BLOCK 208.73.210.29 (Type: outgoing)

11:58:58 aaron IP-BLOCK 208.73.210.29 (Type: outgoing)

11:59:10 aaron IP-BLOCK 208.73.210.29 (Type: outgoing)

11:59:13 aaron IP-BLOCK 208.73.210.29 (Type: outgoing)

11:59:19 aaron IP-BLOCK 208.73.210.29 (Type: outgoing)

11:59:38 aaron IP-BLOCK 208.73.210.29 (Type: outgoing)

11:59:40 aaron IP-BLOCK 208.73.210.29 (Type: outgoing)

11:59:41 aaron IP-BLOCK 208.73.210.29 (Type: outgoing)

11:59:42 aaron IP-BLOCK 208.73.210.29 (Type: outgoing)

11:59:43 aaron IP-BLOCK 208.73.210.29 (Type: outgoing)

11:59:47 aaron IP-BLOCK 208.73.210.29 (Type: outgoing)

11:59:59 aaron IP-BLOCK 208.73.210.29 (Type: outgoing)

12:00:02 aaron IP-BLOCK 208.73.210.29 (Type: outgoing)

12:00:08 aaron IP-BLOCK 208.73.210.29 (Type: outgoing)

12:00:20 aaron IP-BLOCK 208.73.210.29 (Type: outgoing)

12:00:23 aaron IP-BLOCK 208.73.210.29 (Type: outgoing)

12:00:29 aaron IP-BLOCK 208.73.210.29 (Type: outgoing)

12:02:07 aaron IP-BLOCK 208.73.210.29 (Type: outgoing)

12:02:09 aaron IP-BLOCK 208.73.210.29 (Type: outgoing)

12:02:10 aaron IP-BLOCK 208.73.210.29 (Type: outgoing)

12:02:11 aaron IP-BLOCK 208.73.210.29 (Type: outgoing)

12:02:12 aaron IP-BLOCK 208.73.210.29 (Type: outgoing)

12:02:16 aaron IP-BLOCK 208.73.210.29 (Type: outgoing)

12:02:28 aaron IP-BLOCK 208.73.210.29 (Type: outgoing)

12:02:31 aaron IP-BLOCK 208.73.210.29 (Type: outgoing)

12:02:37 aaron IP-BLOCK 208.73.210.29 (Type: outgoing)

12:02:49 aaron IP-BLOCK 208.73.210.29 (Type: outgoing)

12:02:52 aaron IP-BLOCK 208.73.210.29 (Type: outgoing)

12:02:58 aaron IP-BLOCK 208.73.210.29 (Type: outgoing)

12:03:12 aaron IP-BLOCK 208.73.210.29 (Type: outgoing)

12:03:15 aaron IP-BLOCK 208.73.210.29 (Type: outgoing)

12:03:21 aaron IP-BLOCK 208.73.210.29 (Type: outgoing)

12:03:33 aaron IP-BLOCK 208.73.210.29 (Type: outgoing)

12:03:36 aaron IP-BLOCK 208.73.210.29 (Type: outgoing)

12:03:42 aaron IP-BLOCK 208.73.210.29 (Type: outgoing)

12:03:54 aaron IP-BLOCK 208.73.210.29 (Type: outgoing)

12:03:57 aaron IP-BLOCK 208.73.210.29 (Type: outgoing)

12:03:57 aaron IP-BLOCK 208.73.210.29 (Type: outgoing)

12:03:58 aaron IP-BLOCK 208.73.210.29 (Type: outgoing)

12:04:00 aaron IP-BLOCK 208.73.210.29 (Type: outgoing)

12:04:03 aaron IP-BLOCK 208.73.210.29 (Type: outgoing)

12:04:43 aaron IP-BLOCK 208.73.210.29 (Type: outgoing)

12:04:45 aaron IP-BLOCK 208.73.210.29 (Type: outgoing)

12:04:46 aaron IP-BLOCK 208.73.210.29 (Type: outgoing)

12:04:47 aaron IP-BLOCK 208.73.210.29 (Type: outgoing)

12:04:48 aaron IP-BLOCK 208.73.210.29 (Type: outgoing)

12:04:52 aaron IP-BLOCK 208.73.210.29 (Type: outgoing)

12:05:04 aaron IP-BLOCK 208.73.210.29 (Type: outgoing)

12:05:07 aaron IP-BLOCK 208.73.210.29 (Type: outgoing)

12:05:13 aaron IP-BLOCK 208.73.210.29 (Type: outgoing)

12:05:25 aaron IP-BLOCK 208.73.210.29 (Type: outgoing)

12:05:28 aaron IP-BLOCK 208.73.210.29 (Type: outgoing)

12:05:34 aaron IP-BLOCK 208.73.210.29 (Type: outgoing)

12:06:00 aaron IP-BLOCK 208.73.210.29 (Type: outgoing)

12:06:02 aaron IP-BLOCK 208.73.210.29 (Type: outgoing)

12:06:03 aaron IP-BLOCK 208.73.210.29 (Type: outgoing)

12:06:04 aaron IP-BLOCK 208.73.210.29 (Type: outgoing)

12:06:05 aaron IP-BLOCK 208.73.210.29 (Type: outgoing)

12:06:09 aaron IP-BLOCK 208.73.210.29 (Type: outgoing)

12:10:41 aaron IP-BLOCK 208.73.210.29 (Type: outgoing)

12:10:44 aaron IP-BLOCK 208.73.210.29 (Type: outgoing)

12:10:50 aaron IP-BLOCK 208.73.210.29 (Type: outgoing)

12:19:00 aaron IP-BLOCK 68.168.212.21 (Type: outgoing)

12:19:03 aaron IP-BLOCK 68.168.212.21 (Type: outgoing)

12:19:09 aaron IP-BLOCK 68.168.212.21 (Type: outgoing)

12:22:13 aaron IP-BLOCK 208.73.210.29 (Type: outgoing)

12:22:15 aaron IP-BLOCK 208.73.210.29 (Type: outgoing)

12:22:22 aaron IP-BLOCK 208.73.210.29 (Type: outgoing)

12:47:25 aaron IP-BLOCK 208.73.210.29 (Type: outgoing)

12:47:28 aaron IP-BLOCK 208.73.210.29 (Type: outgoing)

12:47:34 aaron IP-BLOCK 208.73.210.29 (Type: outgoing)

13:12:05 aaron IP-BLOCK 208.73.210.29 (Type: outgoing)

13:12:08 aaron IP-BLOCK 208.73.210.29 (Type: outgoing)

13:12:14 aaron IP-BLOCK 208.73.210.29 (Type: outgoing)

13:30:39 aaron MESSAGE IP Protection stopped

DDS (Ver_2011-06-23.01) - NTFSx86

Internet Explorer: 6.0.2900.5512

Run by aaron at 12:14:22 on 2011-08-17

Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.510.139 [GMT -4:00]

.

AV: Microsoft Forefront Endpoint Protection 2010 *Enabled/Updated* {1F383481-F70E-4E7A-8B69-C4B4A23928E4}

AV: Microsoft Forefront Client Security *Disabled/Outdated* {926A3D4F-E4E7-4F47-9902-4EDD55FFE1AF}

.

============== Running Processes ===============

.

C:\WINDOWS\system32\svchost -k DcomLaunch

svchost.exe

c:\Program Files\Microsoft Security Client\Antimalware\MsMpEng.exe

C:\WINDOWS\System32\svchost.exe -k netsvcs

svchost.exe

svchost.exe

C:\WINDOWS\system32\spoolsv.exe

svchost.exe

C:\Program Files\Intel\ASF Agent\ASFAgent.exe

C:\Program Files\Dell\OpenManage\Client\Iap.exe

C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe

C:\WINDOWS\Explorer.EXE

C:\Program Files\Intel\NCS\PROSet\PRONoMgr.exe

C:\WINDOWS\system32\hkcmd.exe

C:\WINDOWS\system32\igfxpers.exe

C:\PaperPort\pptd40nt.exe

C:\Program Files\Microsoft Security Client\msseces.exe

C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe

C:\Program Files\Adobe\Acrobat 6.0\Distillr\acrotray.exe

C:\WINDOWS\System32\svchost.exe -k HTTPFilter

C:\DOCUME~1\aaron\LOCALS~1\Temp\TeamViewer\Version6\TeamViewer.exe

c:\docume~1\aaron\locals~1\temp\teamviewer\version6\TeamViewer_Desktop.exe

C:\DOCUME~1\aaron\LOCALS~1\Temp\TeamViewer\Version6\tv_w32.exe

C:\Program Files\Internet Explorer\iexplore.exe

.

============== Pseudo HJT Report ===============

.

uStart Page = hxxp://www.dell.com/

uDefault_Page_URL = hxxp://www.dell.com

mDefault_Page_URL = hxxp://www.dell.com

mStart Page = hxxp://www.dell.com

BHO: AcroIEHlprObj Class: {06849e9f-c8d7-4d59-b87d-784b7d6be0b3} - c:\program files\adobe\acrobat 6.0\acrobat\activex\AcroIEHelper.dll

BHO: WhiteSmoke Toolbar: {52794457-af6c-4c50-9def-f2e24f4c8889} - c:\program files\whitesmoketoolbar\whitesmoketoolbarX.dll

BHO: AcroIEToolbarHelper Class: {ae7cd045-e861-484f-8273-0445ee161910} - c:\program files\adobe\acrobat 6.0\acrobat\AcroIEFavClient.dll

TB: Adobe PDF: {47833539-d0c5-4125-9fa8-0819e2eaac93} - c:\program files\adobe\acrobat 6.0\acrobat\AcroIEFavClient.dll

TB: WhiteSmoke Toolbar: {52794457-af6c-4c50-9def-f2e24f4c8889} - c:\program files\whitesmoketoolbar\whitesmoketoolbarX.dll

EB: Adobe PDF: {182ec0be-5110-49c8-a062-beb1d02a220b} - c:\program files\adobe\acrobat 6.0\acrobat\AcroIEFavClient.dll

EB: {32683183-48a0-441b-a342-7c2a440a9478} - No File

mRun: [PRONoMgr.exe] c:\program files\intel\ncs\proset\PRONoMgr.exe

mRun: [HP Component Manager] "c:\program files\hp\hpcoretech\hpcmpmgr.exe"

mRun: [igfxtray] c:\windows\system32\igfxtray.exe

mRun: [igfxhkcmd] c:\windows\system32\hkcmd.exe

mRun: [igfxpers] c:\windows\system32\igfxpers.exe

mRun: [sSBkgdUpdate] "c:\program files\common files\scansoft shared\ssbkgdupdate\SSBkgdupdate.exe" -Embedding -boot

mRun: [PaperPort PTD] "c:\paperport\pptd40nt.exe"

mRun: [indexSearch] "c:\paperport\IndexSearch.exe"

mRun: [MSC] "c:\program files\microsoft security client\msseces.exe" -hide -runkey

mRun: [Malwarebytes' Anti-Malware] "c:\program files\malwarebytes' anti-malware\mbamgui.exe" /starttray

dRun: [JP595IR86O] c:\windows\temp\Tdl.exe

dRun: [MFJJEC0A1L] c:\windows\temp\Tdk.exe

dRun: [ctfmon.exe] c:\windows\system32\ctfmon.exe

StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\acroba~1.lnk - c:\program files\adobe\acrobat 6.0\distillr\acrotray.exe

StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\micros~1.lnk - c:\program files\microsoft office\office10\OSA.EXE

IE: E&xport to Microsoft Excel - c:\progra~1\micros~2\office10\EXCEL.EXE/3000

IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe

IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe

IE: {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - c:\windows\system32\msjava.dll

DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} - hxxp://v5.windowsupdate.microsoft.com/v5consumer/V5Controls/en/x86/client/wuweb_site.cab?1109694392867

DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} - hxxp://www.update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1311780463375

DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/products/plugin/autodl/jinstall-142-windows-i586.cab

DPF: {CAFEEFAC-0014-0002-0000-ABCDEFFEDCBA} - hxxp://java.sun.com/products/plugin/autodl/jinstall-142-windows-i586.cab

DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} - hxxp://download.macromedia.com/pub/shockwave/cabs/flash/swflash.cab

TCP: DhcpNameServer = 204.246.1.20

TCP: Interfaces\{E7F78874-C75E-46A3-809A-050938586AA6} : DhcpNameServer = 204.246.1.20

Handler: cdo - {CD00020A-8B95-11D1-82DB-00C04FB1625D} - c:\program files\common files\microsoft shared\web folders\PKMCDO.DLL

Handler: cetihpz - {CF184AD3-CDCB-4168-A3F7-8E447D129300} - c:\program files\hp\hpcoretech\comp\hpuiprot.dll

Notify: igfxcui - igfxdev.dll

.

============= SERVICES / DRIVERS ===============

.

R1 MpFilter;Microsoft Malware Protection Driver;c:\windows\system32\drivers\MpFilter.sys [2010-10-24 165264]

R1 MpKsla0a852d9;MpKsla0a852d9;c:\documents and settings\all users\application data\microsoft\microsoft antimalware\definition updates\{57a85683-883a-4aae-a2fe-7bcb8941f5bd}\MpKsla0a852d9.sys [2011-8-17 28752]

R2 ASFAgent;ASF Agent;c:\program files\intel\asf agent\ASFAgent.exe [2003-2-10 114688]

R2 AsfAlrt;AsfAlrt;c:\windows\system32\drivers\Asfalrt.sys [2002-12-18 36064]

R3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [2011-8-17 22712]

S3 {E6759E0C-470B-44DC-A4A1-627E68BB3A85};AIM 3.0 SI164;c:\windows\system32\drivers\a302.sys [1980-1-1 11319]

S3 MBAMSwissArmy;MBAMSwissArmy;c:\windows\system32\drivers\mbamswissarmy.sys [2011-8-17 41272]

.

=============== Created Last 30 ================

.

2011-08-17 15:44:56 28752 ----a-w- c:\documents and settings\all users\application data\microsoft\microsoft antimalware\definition updates\{57a85683-883a-4aae-a2fe-7bcb8941f5bd}\MpKsla0a852d9.sys

2011-08-17 15:06:48 -------- d-----w- c:\documents and settings\aaron\application data\Malwarebytes

2011-08-17 15:06:37 41272 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys

2011-08-17 15:06:33 -------- d-----w- c:\documents and settings\all users\application data\Malwarebytes

2011-08-17 15:06:28 22712 ----a-w- c:\windows\system32\drivers\mbam.sys

2011-08-17 15:06:27 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware

2011-08-17 13:50:33 7152464 ----a-w- c:\documents and settings\all users\application data\microsoft\microsoft antimalware\definition updates\{57a85683-883a-4aae-a2fe-7bcb8941f5bd}\mpengine.dll

2011-08-17 13:21:12 -------- d-----w- C:\855523f801ba93e7399672ab9770

2011-08-17 13:21:12 -------- d-----w- C:\114430f7d516db9d4c39

2011-08-03 21:13:17 6881616 ----a-w- c:\documents and settings\all users\application data\microsoft\microsoft antimalware\definition updates\backup\mpengine.dll

2011-07-28 20:46:23 222080 ------w- c:\windows\system32\MpSigStub.exe

2011-07-28 20:36:33 -------- d-----w- c:\program files\Microsoft Security Client

2011-07-27 16:34:11 79872 ------w- c:\windows\system32\dllcache\msxml6r.dll

2011-07-27 16:34:11 1372672 ------w- c:\windows\system32\dllcache\msxml6.dll

2011-07-27 16:34:04 1001472 ------w- c:\windows\system32\dllcache\wmvdmoe2.dll

2011-07-27 16:34:03 897024 ------w- c:\windows\system32\dllcache\wmspdmoe.dll

2011-07-27 16:34:03 1119744 ------w- c:\windows\system32\dllcache\wmsdmoe2.dll

2011-07-27 16:34:00 98304 ------w- c:\windows\system32\dllcache\wmpband.dll

2011-07-27 16:32:59 32768 ------w- c:\windows\system32\setupn.exe

2011-07-27 16:26:42 87040 ------w- c:\windows\system32\dllcache\drmstor.dll

2011-07-27 16:22:24 -------- d-----w- c:\windows\network diagnostic

2011-07-27 16:22:19 144384 ------w- c:\windows\system32\drivers\hdaudbus.sys

2011-07-27 16:22:17 10240 ------w- c:\windows\system32\drivers\sffp_mmc.sys

2011-07-27 16:17:44 19569 ----a-w- c:\windows\006015_.tmp

2011-07-27 15:21:12 -------- d-----w- c:\program files\Microsoft Forefront

2011-07-27 15:06:50 -------- d-----w- C:\front

2011-07-27 14:48:29 -------- d-----w- c:\documents and settings\aaron\application data\TeamViewer

.

==================== Find3M ====================

.

2011-08-17 15:54:06 404640 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl

.

=================== ROOTKIT ====================

.

Stealth MBR rootkit/Mebroot/Sinowal/TDL4 detector 0.4.2 by Gmer, http://www.gmer.net

Windows 5.1.2600 Disk: HITACHI_DK23EB-20 rev.00K1A0C0 -> Harddisk0\DR0 -> \Device\Ide\IdePort0 P0T0L0-3

.

device: opened successfully

user: MBR read successfully

.

Disk trace:

called modules: ntoskrnl.exe CLASSPNP.SYS disk.sys >>UNKNOWN [0x82F7A555]<<

_asm { PUSH EBP; MOV EBP, ESP; PUSH ECX; MOV EAX, [EBP+0x8]; CMP EAX, [0x82f807b0]; MOV EAX, [0x82f8082c]; PUSH EBX; PUSH ESI; MOV ESI, [EBP+0xc]; MOV EBX, [ESI+0x60]; PUSH EDI; JNZ 0x20; MOV [EBP+0x8], EAX; }

1 nt!IofCallDriver[0x804E37D5] -> \Device\Harddisk0\DR0[0x82F58AB8]

3 CLASSPNP[0xF8688FD7] -> nt!IofCallDriver[0x804E37D5] -> [0x82ED9B98]

\Driver\atapi[0x82F8C198] -> IRP_MJ_CREATE -> 0x82F7A555

kernel: MBR read successfully

_asm { XOR AX, AX; MOV SS, AX; MOV SP, 0x7c00; STI ; PUSH AX; POP ES; PUSH AX; POP DS; CLD ; MOV SI, 0x7c1b; MOV DI, 0x61b; PUSH AX; PUSH DI; MOV CX, 0x1e5; REP MOVSB ; RETF ; MOV BP, 0x7be; MOV CL, 0x4; CMP [bP+0x0], CH; JL 0x2e; JNZ 0x3a; }

detected disk devices:

\Device\Ide\IdeDeviceP0T0L0-3 -> \??\IDE#DiskHITACHI_DK23EB-20_______________________00K1A0C0#5&211d19d3&0&0.0.0#{53f56307-b6bf-11d0-94f2-00a0c91efb8b} device not found

detected hooks:

\Driver\atapi DriverStartIo -> 0x82F7A39B

user & kernel MBR OK

Warning: possible TDL3 rootkit infection !

.

============= FINISH: 12:18:42.08 ===============

attach.zip

Link to post
Share on other sites

hi :welcome:

Before we begin, I would like to make a few things clear so that we can fix your problem as efficiently as possible:

  • Be sure to follow all my instructions carefully! If there is anything you don''t understand, don't hesitate to ask.
  • Please do not do anything or perform other steps unless I have asked you to do so.
  • Please make sure you post all logs I ask you to, and make sure that the entire log gets posted.

Step 1

Download aswMBR.exe ( 1.8mb ) to your desktop.

Double click the aswMBR.exe to run it

Click the "Scan" button to start scan

aswMBR2-1.gif

On completion of the scan click save log, save it to your desktop and post in your next reply

aswMBR2.png

Step 2

Download OTL to your Desktop

  • Double click on the icon to run it. Make sure all other windows are closed and to let it run uninterrupted.
  • Select All Users
  • Under the Custom Scan box paste this in
    netsvcs
    %SYSTEMDRIVE%\*.exe
    /md5start
    explorer.exe
    winlogon.exe
    Userinit.exe
    svchost.exe
    /md5stop
    %systemroot%\*. /mp /s
    hklm\software\clients\startmenuinternet|command /rs
    hklm\software\clients\startmenuinternet|command /64 /rs
    CREATERESTOREPOINT

  • Click the Quick Scan button. Do not change any settings unless otherwise told to do so. The scan wont take long.
    • When the scan completes, it will open two notepad windows. OTL.Txt and Extras.Txt. These are saved in the same location as OTL.
    • Post both logs

Things I would like to see in your reply:

  • aswMBR log
  • OTL.txt and Extras.txt

Link to post
Share on other sites

  • 3 weeks later...
  • Staff

Due to the lack of feedback this topic is closed to prevent others from posting here. If you need this topic reopened, please send a Private Message to any one of the moderating team members. Please include a link to this thread with your request. This applies only to the originator of this thread.

Other members who need assistance please start your own topic in a new thread. Thanks!

Link to post
Share on other sites

Guest
This topic is now closed to further replies.
  • Recently Browsing   0 members

    • No registered users viewing this page.
Back to top
×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.