rootkit infection

[rwoodall]

MS Forefront will find what it calls trojan:DOS/Alureon.A rootkit:AlureonMbr but cannot clean or quaranteen it If you need anything else please let me know. Thanks for your help

11:09:34 aaron MESSAGE Protection started successfully

11:09:47 aaron MESSAGE IP Protection started successfully

11:11:01 aaron IP-BLOCK 208.73.210.29 (Type: incoming)

11:12:47 aaron IP-BLOCK 208.73.210.29 (Type: incoming)

11:16:48 aaron IP-BLOCK 208.73.210.29 (Type: incoming)

11:29:07 aaron IP-BLOCK 208.73.210.29 (Type: outgoing)

11:29:10 aaron IP-BLOCK 208.73.210.29 (Type: outgoing)

11:29:16 aaron IP-BLOCK 208.73.210.29 (Type: outgoing)

11:52:09 aaron MESSAGE Protection started successfully

11:52:19 aaron MESSAGE IP Protection started successfully

11:53:04 aaron IP-BLOCK 208.73.210.29 (Type: outgoing)

11:53:07 aaron IP-BLOCK 208.73.210.29 (Type: outgoing)

11:53:13 aaron IP-BLOCK 208.73.210.29 (Type: outgoing)

11:54:51 aaron IP-BLOCK 208.73.210.29 (Type: outgoing)

11:54:54 aaron IP-BLOCK 208.73.210.29 (Type: outgoing)

11:55:00 aaron IP-BLOCK 208.73.210.29 (Type: outgoing)

11:56:57 aaron IP-BLOCK 208.73.210.29 (Type: outgoing)

11:56:59 aaron IP-BLOCK 208.73.210.29 (Type: outgoing)

11:57:00 aaron IP-BLOCK 208.73.210.29 (Type: outgoing)

11:57:00 aaron IP-BLOCK 208.73.210.29 (Type: outgoing)

11:57:02 aaron IP-BLOCK 208.73.210.29 (Type: outgoing)

11:57:06 aaron IP-BLOCK 208.73.210.29 (Type: outgoing)

11:57:18 aaron IP-BLOCK 208.73.210.29 (Type: outgoing)

11:57:21 aaron IP-BLOCK 208.73.210.29 (Type: outgoing)

11:57:27 aaron IP-BLOCK 208.73.210.29 (Type: outgoing)

11:57:39 aaron IP-BLOCK 208.73.210.29 (Type: outgoing)

11:57:41 aaron IP-BLOCK 208.73.210.29 (Type: outgoing)

11:57:42 aaron IP-BLOCK 208.73.210.29 (Type: outgoing)

11:57:43 aaron IP-BLOCK 208.73.210.29 (Type: outgoing)

11:57:44 aaron IP-BLOCK 208.73.210.29 (Type: outgoing)

11:57:48 aaron IP-BLOCK 208.73.210.29 (Type: outgoing)

11:57:59 aaron IP-BLOCK 68.168.212.18 (Type: incoming)

11:58:28 aaron IP-BLOCK 208.73.210.29 (Type: outgoing)

11:58:31 aaron IP-BLOCK 208.73.210.29 (Type: outgoing)

11:58:37 aaron IP-BLOCK 208.73.210.29 (Type: outgoing)

11:58:49 aaron IP-BLOCK 208.73.210.29 (Type: outgoing)

11:58:52 aaron IP-BLOCK 208.73.210.29 (Type: outgoing)

11:58:58 aaron IP-BLOCK 208.73.210.29 (Type: outgoing)

11:59:10 aaron IP-BLOCK 208.73.210.29 (Type: outgoing)

11:59:13 aaron IP-BLOCK 208.73.210.29 (Type: outgoing)

11:59:19 aaron IP-BLOCK 208.73.210.29 (Type: outgoing)

11:59:38 aaron IP-BLOCK 208.73.210.29 (Type: outgoing)

11:59:40 aaron IP-BLOCK 208.73.210.29 (Type: outgoing)

11:59:41 aaron IP-BLOCK 208.73.210.29 (Type: outgoing)

11:59:42 aaron IP-BLOCK 208.73.210.29 (Type: outgoing)

11:59:43 aaron IP-BLOCK 208.73.210.29 (Type: outgoing)

11:59:47 aaron IP-BLOCK 208.73.210.29 (Type: outgoing)

11:59:59 aaron IP-BLOCK 208.73.210.29 (Type: outgoing)

12:00:02 aaron IP-BLOCK 208.73.210.29 (Type: outgoing)

12:00:08 aaron IP-BLOCK 208.73.210.29 (Type: outgoing)

12:00:20 aaron IP-BLOCK 208.73.210.29 (Type: outgoing)

12:00:23 aaron IP-BLOCK 208.73.210.29 (Type: outgoing)

12:00:29 aaron IP-BLOCK 208.73.210.29 (Type: outgoing)

12:02:07 aaron IP-BLOCK 208.73.210.29 (Type: outgoing)

12:02:09 aaron IP-BLOCK 208.73.210.29 (Type: outgoing)

12:02:10 aaron IP-BLOCK 208.73.210.29 (Type: outgoing)

12:02:11 aaron IP-BLOCK 208.73.210.29 (Type: outgoing)

12:02:12 aaron IP-BLOCK 208.73.210.29 (Type: outgoing)

12:02:16 aaron IP-BLOCK 208.73.210.29 (Type: outgoing)

12:02:28 aaron IP-BLOCK 208.73.210.29 (Type: outgoing)

12:02:31 aaron IP-BLOCK 208.73.210.29 (Type: outgoing)

12:02:37 aaron IP-BLOCK 208.73.210.29 (Type: outgoing)

12:02:49 aaron IP-BLOCK 208.73.210.29 (Type: outgoing)

12:02:52 aaron IP-BLOCK 208.73.210.29 (Type: outgoing)

12:02:58 aaron IP-BLOCK 208.73.210.29 (Type: outgoing)

12:03:12 aaron IP-BLOCK 208.73.210.29 (Type: outgoing)

12:03:15 aaron IP-BLOCK 208.73.210.29 (Type: outgoing)

12:03:21 aaron IP-BLOCK 208.73.210.29 (Type: outgoing)

12:03:33 aaron IP-BLOCK 208.73.210.29 (Type: outgoing)

12:03:36 aaron IP-BLOCK 208.73.210.29 (Type: outgoing)

12:03:42 aaron IP-BLOCK 208.73.210.29 (Type: outgoing)

12:03:54 aaron IP-BLOCK 208.73.210.29 (Type: outgoing)

12:03:57 aaron IP-BLOCK 208.73.210.29 (Type: outgoing)

12:03:57 aaron IP-BLOCK 208.73.210.29 (Type: outgoing)

12:03:58 aaron IP-BLOCK 208.73.210.29 (Type: outgoing)

12:04:00 aaron IP-BLOCK 208.73.210.29 (Type: outgoing)

12:04:03 aaron IP-BLOCK 208.73.210.29 (Type: outgoing)

12:04:43 aaron IP-BLOCK 208.73.210.29 (Type: outgoing)

12:04:45 aaron IP-BLOCK 208.73.210.29 (Type: outgoing)

12:04:46 aaron IP-BLOCK 208.73.210.29 (Type: outgoing)

12:04:47 aaron IP-BLOCK 208.73.210.29 (Type: outgoing)

12:04:48 aaron IP-BLOCK 208.73.210.29 (Type: outgoing)

12:04:52 aaron IP-BLOCK 208.73.210.29 (Type: outgoing)

12:05:04 aaron IP-BLOCK 208.73.210.29 (Type: outgoing)

12:05:07 aaron IP-BLOCK 208.73.210.29 (Type: outgoing)

12:05:13 aaron IP-BLOCK 208.73.210.29 (Type: outgoing)

12:05:25 aaron IP-BLOCK 208.73.210.29 (Type: outgoing)

12:05:28 aaron IP-BLOCK 208.73.210.29 (Type: outgoing)

12:05:34 aaron IP-BLOCK 208.73.210.29 (Type: outgoing)

12:06:00 aaron IP-BLOCK 208.73.210.29 (Type: outgoing)

12:06:02 aaron IP-BLOCK 208.73.210.29 (Type: outgoing)

12:06:03 aaron IP-BLOCK 208.73.210.29 (Type: outgoing)

12:06:04 aaron IP-BLOCK 208.73.210.29 (Type: outgoing)

12:06:05 aaron IP-BLOCK 208.73.210.29 (Type: outgoing)

12:06:09 aaron IP-BLOCK 208.73.210.29 (Type: outgoing)

12:10:41 aaron IP-BLOCK 208.73.210.29 (Type: outgoing)

12:10:44 aaron IP-BLOCK 208.73.210.29 (Type: outgoing)

12:10:50 aaron IP-BLOCK 208.73.210.29 (Type: outgoing)

12:19:00 aaron IP-BLOCK 68.168.212.21 (Type: outgoing)

12:19:03 aaron IP-BLOCK 68.168.212.21 (Type: outgoing)

12:19:09 aaron IP-BLOCK 68.168.212.21 (Type: outgoing)

12:22:13 aaron IP-BLOCK 208.73.210.29 (Type: outgoing)

12:22:15 aaron IP-BLOCK 208.73.210.29 (Type: outgoing)

12:22:22 aaron IP-BLOCK 208.73.210.29 (Type: outgoing)

12:47:25 aaron IP-BLOCK 208.73.210.29 (Type: outgoing)

12:47:28 aaron IP-BLOCK 208.73.210.29 (Type: outgoing)

12:47:34 aaron IP-BLOCK 208.73.210.29 (Type: outgoing)

13:12:05 aaron IP-BLOCK 208.73.210.29 (Type: outgoing)

13:12:08 aaron IP-BLOCK 208.73.210.29 (Type: outgoing)

13:12:14 aaron IP-BLOCK 208.73.210.29 (Type: outgoing)

13:30:39 aaron MESSAGE IP Protection stopped

DDS (Ver_2011-06-23.01) - NTFSx86

Internet Explorer: 6.0.2900.5512

Run by aaron at 12:14:22 on 2011-08-17

Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.510.139 [GMT -4:00]

.

AV: Microsoft Forefront Endpoint Protection 2010 *Enabled/Updated* {1F383481-F70E-4E7A-8B69-C4B4A23928E4}

AV: Microsoft Forefront Client Security *Disabled/Outdated* {926A3D4F-E4E7-4F47-9902-4EDD55FFE1AF}

.

============== Running Processes ===============

.

C:\WINDOWS\system32\svchost -k DcomLaunch

svchost.exe

c:\Program Files\Microsoft Security Client\Antimalware\MsMpEng.exe

C:\WINDOWS\System32\svchost.exe -k netsvcs

svchost.exe

svchost.exe

C:\WINDOWS\system32\spoolsv.exe

svchost.exe

C:\Program Files\Intel\ASF Agent\ASFAgent.exe

C:\Program Files\Dell\OpenManage\Client\Iap.exe

C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe

C:\WINDOWS\Explorer.EXE

C:\Program Files\Intel\NCS\PROSet\PRONoMgr.exe

C:\WINDOWS\system32\hkcmd.exe

C:\WINDOWS\system32\igfxpers.exe

C:\PaperPort\pptd40nt.exe

C:\Program Files\Microsoft Security Client\msseces.exe

C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe

C:\Program Files\Adobe\Acrobat 6.0\Distillr\acrotray.exe

C:\WINDOWS\System32\svchost.exe -k HTTPFilter

C:\DOCUME~1\aaron\LOCALS~1\Temp\TeamViewer\Version6\TeamViewer.exe

c:\docume~1\aaron\locals~1\temp\teamviewer\version6\TeamViewer_Desktop.exe

C:\DOCUME~1\aaron\LOCALS~1\Temp\TeamViewer\Version6\tv_w32.exe

C:\Program Files\Internet Explorer\iexplore.exe

.

============== Pseudo HJT Report ===============

.

uStart Page = hxxp://www.dell.com/

uDefault_Page_URL = hxxp://www.dell.com

mDefault_Page_URL = hxxp://www.dell.com

mStart Page = hxxp://www.dell.com

BHO: AcroIEHlprObj Class: {06849e9f-c8d7-4d59-b87d-784b7d6be0b3} - c:\program files\adobe\acrobat 6.0\acrobat\activex\AcroIEHelper.dll

BHO: WhiteSmoke Toolbar: {52794457-af6c-4c50-9def-f2e24f4c8889} - c:\program files\whitesmoketoolbar\whitesmoketoolbarX.dll

BHO: AcroIEToolbarHelper Class: {ae7cd045-e861-484f-8273-0445ee161910} - c:\program files\adobe\acrobat 6.0\acrobat\AcroIEFavClient.dll

TB: Adobe PDF: {47833539-d0c5-4125-9fa8-0819e2eaac93} - c:\program files\adobe\acrobat 6.0\acrobat\AcroIEFavClient.dll

TB: WhiteSmoke Toolbar: {52794457-af6c-4c50-9def-f2e24f4c8889} - c:\program files\whitesmoketoolbar\whitesmoketoolbarX.dll

EB: Adobe PDF: {182ec0be-5110-49c8-a062-beb1d02a220b} - c:\program files\adobe\acrobat 6.0\acrobat\AcroIEFavClient.dll

EB: {32683183-48a0-441b-a342-7c2a440a9478} - No File

mRun: [PRONoMgr.exe] c:\program files\intel\ncs\proset\PRONoMgr.exe

mRun: [HP Component Manager] "c:\program files\hp\hpcoretech\hpcmpmgr.exe"

mRun: [igfxtray] c:\windows\system32\igfxtray.exe

mRun: [igfxhkcmd] c:\windows\system32\hkcmd.exe

mRun: [igfxpers] c:\windows\system32\igfxpers.exe

mRun: [sSBkgdUpdate] "c:\program files\common files\scansoft shared\ssbkgdupdate\SSBkgdupdate.exe" -Embedding -boot

mRun: [PaperPort PTD] "c:\paperport\pptd40nt.exe"

mRun: [indexSearch] "c:\paperport\IndexSearch.exe"

mRun: [MSC] "c:\program files\microsoft security client\msseces.exe" -hide -runkey

mRun: [Malwarebytes' Anti-Malware] "c:\program files\malwarebytes' anti-malware\mbamgui.exe" /starttray

dRun: [JP595IR86O] c:\windows\temp\Tdl.exe

dRun: [MFJJEC0A1L] c:\windows\temp\Tdk.exe

dRun: [ctfmon.exe] c:\windows\system32\ctfmon.exe

StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\acroba~1.lnk - c:\program files\adobe\acrobat 6.0\distillr\acrotray.exe

StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\micros~1.lnk - c:\program files\microsoft office\office10\OSA.EXE

IE: E&xport to Microsoft Excel - c:\progra~1\micros~2\office10\EXCEL.EXE/3000

IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe

IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe

IE: {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - c:\windows\system32\msjava.dll

DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} - hxxp://v5.windowsupdate.microsoft.com/v5consumer/V5Controls/en/x86/client/wuweb_site.cab?1109694392867

DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} - hxxp://www.update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1311780463375

DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/products/plugin/autodl/jinstall-142-windows-i586.cab

DPF: {CAFEEFAC-0014-0002-0000-ABCDEFFEDCBA} - hxxp://java.sun.com/products/plugin/autodl/jinstall-142-windows-i586.cab

DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} - hxxp://download.macromedia.com/pub/shockwave/cabs/flash/swflash.cab

TCP: DhcpNameServer = 204.246.1.20

TCP: Interfaces\{E7F78874-C75E-46A3-809A-050938586AA6} : DhcpNameServer = 204.246.1.20

Handler: cdo - {CD00020A-8B95-11D1-82DB-00C04FB1625D} - c:\program files\common files\microsoft shared\web folders\PKMCDO.DLL

Handler: cetihpz - {CF184AD3-CDCB-4168-A3F7-8E447D129300} - c:\program files\hp\hpcoretech\comp\hpuiprot.dll

Notify: igfxcui - igfxdev.dll

.

============= SERVICES / DRIVERS ===============

.

R1 MpFilter;Microsoft Malware Protection Driver;c:\windows\system32\drivers\MpFilter.sys [2010-10-24 165264]

R1 MpKsla0a852d9;MpKsla0a852d9;c:\documents and settings\all users\application data\microsoft\microsoft antimalware\definition updates\{57a85683-883a-4aae-a2fe-7bcb8941f5bd}\MpKsla0a852d9.sys [2011-8-17 28752]

R2 ASFAgent;ASF Agent;c:\program files\intel\asf agent\ASFAgent.exe [2003-2-10 114688]

R2 AsfAlrt;AsfAlrt;c:\windows\system32\drivers\Asfalrt.sys [2002-12-18 36064]

R3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [2011-8-17 22712]

S3 {E6759E0C-470B-44DC-A4A1-627E68BB3A85};AIM 3.0 SI164;c:\windows\system32\drivers\a302.sys [1980-1-1 11319]

S3 MBAMSwissArmy;MBAMSwissArmy;c:\windows\system32\drivers\mbamswissarmy.sys [2011-8-17 41272]

.

=============== Created Last 30 ================

.

2011-08-17 15:44:56 28752 ----a-w- c:\documents and settings\all users\application data\microsoft\microsoft antimalware\definition updates\{57a85683-883a-4aae-a2fe-7bcb8941f5bd}\MpKsla0a852d9.sys

2011-08-17 15:06:48 -------- d-----w- c:\documents and settings\aaron\application data\Malwarebytes

2011-08-17 15:06:37 41272 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys

2011-08-17 15:06:33 -------- d-----w- c:\documents and settings\all users\application data\Malwarebytes

2011-08-17 15:06:28 22712 ----a-w- c:\windows\system32\drivers\mbam.sys

2011-08-17 15:06:27 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware

2011-08-17 13:50:33 7152464 ----a-w- c:\documents and settings\all users\application data\microsoft\microsoft antimalware\definition updates\{57a85683-883a-4aae-a2fe-7bcb8941f5bd}\mpengine.dll

2011-08-17 13:21:12 -------- d-----w- C:\855523f801ba93e7399672ab9770

2011-08-17 13:21:12 -------- d-----w- C:\114430f7d516db9d4c39

2011-08-03 21:13:17 6881616 ----a-w- c:\documents and settings\all users\application data\microsoft\microsoft antimalware\definition updates\backup\mpengine.dll

2011-07-28 20:46:23 222080 ------w- c:\windows\system32\MpSigStub.exe

2011-07-28 20:36:33 -------- d-----w- c:\program files\Microsoft Security Client

2011-07-27 16:34:11 79872 ------w- c:\windows\system32\dllcache\msxml6r.dll

2011-07-27 16:34:11 1372672 ------w- c:\windows\system32\dllcache\msxml6.dll

2011-07-27 16:34:04 1001472 ------w- c:\windows\system32\dllcache\wmvdmoe2.dll

2011-07-27 16:34:03 897024 ------w- c:\windows\system32\dllcache\wmspdmoe.dll

2011-07-27 16:34:03 1119744 ------w- c:\windows\system32\dllcache\wmsdmoe2.dll

2011-07-27 16:34:00 98304 ------w- c:\windows\system32\dllcache\wmpband.dll

2011-07-27 16:32:59 32768 ------w- c:\windows\system32\setupn.exe

2011-07-27 16:26:42 87040 ------w- c:\windows\system32\dllcache\drmstor.dll

2011-07-27 16:22:24 -------- d-----w- c:\windows\network diagnostic

2011-07-27 16:22:19 144384 ------w- c:\windows\system32\drivers\hdaudbus.sys

2011-07-27 16:22:17 10240 ------w- c:\windows\system32\drivers\sffp_mmc.sys

2011-07-27 16:17:44 19569 ----a-w- c:\windows\006015_.tmp

2011-07-27 15:21:12 -------- d-----w- c:\program files\Microsoft Forefront

2011-07-27 15:06:50 -------- d-----w- C:\front

2011-07-27 14:48:29 -------- d-----w- c:\documents and settings\aaron\application data\TeamViewer

.

==================== Find3M ====================

.

2011-08-17 15:54:06 404640 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl

.

=================== ROOTKIT ====================

.

Stealth MBR rootkit/Mebroot/Sinowal/TDL4 detector 0.4.2 by Gmer, http://www.gmer.net

Windows 5.1.2600 Disk: HITACHI_DK23EB-20 rev.00K1A0C0 -> Harddisk0\DR0 -> \Device\Ide\IdePort0 P0T0L0-3

.

device: opened successfully

user: MBR read successfully

.

Disk trace:

called modules: ntoskrnl.exe CLASSPNP.SYS disk.sys >>UNKNOWN [0x82F7A555]<<

_asm { PUSH EBP; MOV EBP, ESP; PUSH ECX; MOV EAX, [EBP+0x8]; CMP EAX, [0x82f807b0]; MOV EAX, [0x82f8082c]; PUSH EBX; PUSH ESI; MOV ESI, [EBP+0xc]; MOV EBX, [ESI+0x60]; PUSH EDI; JNZ 0x20; MOV [EBP+0x8], EAX; }

1 nt!IofCallDriver[0x804E37D5] -> \Device\Harddisk0\DR0[0x82F58AB8]

3 CLASSPNP[0xF8688FD7] -> nt!IofCallDriver[0x804E37D5] -> [0x82ED9B98]

\Driver\atapi[0x82F8C198] -> IRP_MJ_CREATE -> 0x82F7A555

kernel: MBR read successfully

_asm { XOR AX, AX; MOV SS, AX; MOV SP, 0x7c00; STI ; PUSH AX; POP ES; PUSH AX; POP DS; CLD ; MOV SI, 0x7c1b; MOV DI, 0x61b; PUSH AX; PUSH DI; MOV CX, 0x1e5; REP MOVSB ; RETF ; MOV BP, 0x7be; MOV CL, 0x4; CMP [bP+0x0], CH; JL 0x2e; JNZ 0x3a; }

detected disk devices:

\Device\Ide\IdeDeviceP0T0L0-3 -> \??\IDE#DiskHITACHI_DK23EB-20_______________________00K1A0C0#5&211d19d3&0&0.0.0#{53f56307-b6bf-11d0-94f2-00a0c91efb8b} device not found

detected hooks:

\Driver\atapi DriverStartIo -> 0x82F7A39B

user & kernel MBR OK

Warning: possible TDL3 rootkit infection !

.

============= FINISH: 12:18:42.08 ===============

attach.zip

[aliB]

hi

Before we begin, I would like to make a few things clear so that we can fix your problem as efficiently as possible:

• Be sure to follow all my instructions carefully! If there is anything you don''t understand, don't hesitate to ask.
  
• Please do not do anything or perform other steps unless I have asked you to do so.
  
• Please make sure you post all logs I ask you to, and make sure that the entire log gets posted.
  

Step 1

Download aswMBR.exe ( 1.8mb ) to your desktop.

Double click the aswMBR.exe to run it

Click the "Scan" button to start scan

On completion of the scan click save log, save it to your desktop and post in your next reply

Step 2

Download OTL to your Desktop

• Double click on the icon to run it. Make sure all other windows are closed and to let it run uninterrupted.
  
• Select All Users
  
• Under the Custom Scan box paste this in
  netsvcs
  %SYSTEMDRIVE%\*.exe
  /md5start
  explorer.exe
  winlogon.exe
  Userinit.exe
  svchost.exe
  /md5stop
  %systemroot%\*. /mp /s
  hklm\software\clients\startmenuinternet|command /rs
  hklm\software\clients\startmenuinternet|command /64 /rs
  CREATERESTOREPOINT
  
  
• Click the Quick Scan button. Do not change any settings unless otherwise told to do so. The scan wont take long.
  
  • When the scan completes, it will open two notepad windows. OTL.Txt and Extras.Txt. These are saved in the same location as OTL.
    
  • Post both logs
    

Things I would like to see in your reply:

• aswMBR log
  
• OTL.txt and Extras.txt

[screen317]

Due to the lack of feedback this topic is closed to prevent others from posting here. If you need this topic reopened, please send a Private Message to any one of the moderating team members. Please include a link to this thread with your request. This applies only to the originator of this thread.

Other members who need assistance please start your own topic in a new thread. Thanks!