[A] Windows update problems, rootkits, trojans oh my.

By exmatt · 8 replies
Jan 2, 2012
  1. Hello, This is our desktop computer and I can't get windows update to work first. I was getting code 66c and then one night code 66a and c popped up. Everything started with blue screens constantly, and then there'd be breaks where everything was fine and then blue screen again. We haven't had one in a while. If my notes correct Avasts had caught and deleted a rootkit. I had downloaded trojan hunter demo and it had found 5 trojan files which I ran scans afterwards..and later I had redownloaded the demo and it just found a bunch of directory not found and two suspicious. I have those two logs as well if you want them. MY last and major annoyance on this computer is that I can't uninstall what I want from the control panal nor can I seem to get access to ALL files no matter what I seem to try to do. Files I can get on my laptop or such I can't here and that just doesn't make sense to me. Any help would be great. ****DDS wouldn't download from the 5 step can I get a different link or something? it just brings me to an about:blank page and then nothing..no download.

    Malwarebytes' Anti-Malware 1.50

    Database version: 5302

    Windows 6.0.6002 Service Pack 2
    Internet Explorer 8.0.6001.18975

    12/12/2010 6:21:31 PM
    mbam-log-2010-12-12 (18-21-31).txt

    Scan type: Full scan (C:\|D:\|)
    Objects scanned: 368594
    Time elapsed: 1 hour(s), 55 minute(s), 31 second(s)

    Memory Processes Infected: 0
    Memory Modules Infected: 0
    Registry Keys Infected: 3
    Registry Values Infected: 1
    Registry Data Items Infected: 0
    Folders Infected: 0
    Files Infected: 1

    Memory Processes Infected:
    (No malicious items detected)

    Memory Modules Infected:
    (No malicious items detected)

    Registry Keys Infected:
    HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Settings\{07B18EA9-A523-4961-B6BB-170DE4475CCA} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
    HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{07B18EA9-A523-4961-B6BB-170DE4475CCA} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
    HKEY_CURRENT_USER\SOFTWARE\The Weather Channel (Adware.Hotbar) -> Quarantined and deleted successfully.

    Registry Values Infected:
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Control Panel\Cpls\wxfw.dll (Adware.Hotbar) -> Value: wxfw.dll -> Quarantined and deleted successfully.

    Registry Data Items Infected:
    (No malicious items detected)

    Folders Infected:
    (No malicious items detected)

    Files Infected:
    c:\program files\windows live\messenger\msimg32.dll (PUP.FunWebProducts) -> Quarantined and deleted successfully.

    GMER - http://www.gmer.net
    Rootkit quick scan 2012-01-02 12:46:11
    Windows 6.0.6002 Service Pack 2 Harddisk0\DR0 -> \Device\00000051 ST316081 rev.3.CH
    Running: 41j9wy8r.exe; Driver: C:\Users\Roots\AppData\Local\Temp\awlyraow.sys

    ---- System - GMER 1.0.15 ----

    Code \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/AVAST Software) ZwCreateProcessEx [0x8D42C7A2]
    Code \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/AVAST Software) ObInsertObject
    Code \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/AVAST Software) ObMakeTemporaryObject

    ---- Devices - GMER 1.0.15 ----

    Device \FileSystem\Ntfs \Ntfs aswSP.SYS (avast! self protection module/AVAST Software)

    AttachedDevice \Driver\tdx \Device\Tcp aswTdi.SYS (avast! TDI Filter Driver/AVAST Software)
    AttachedDevice \Driver\tdx \Device\Udp aswTdi.SYS (avast! TDI Filter Driver/AVAST Software)

    ---- EOF - GMER 1.0.15 ----
  2. Broni

    Broni Malware Annihilator Posts: 54,257   +383

    Please, observe following rules:
    • Read all of my instructions very carefully. Your mistakes during cleaning process may have very serious consequences, like unbootable computer.
    • If you're stuck, or you're not sure about certain step, always ask before doing anything else.
    • Please refrain from running tools or applying updates other than those I suggest.
    • Never run more than one scan at a time.
    • Keep updating me regarding your computer behavior, good, or bad.
    • The cleaning process, once started, has to be completed. Even if your computer appears to act better, it may still be infected. Once the computer is totally clean, I'll certainly let you know.
    • If you leave the topic without explanation in the middle of a cleaning process, you may not be eligible to receive any more help in malware removal forum.
    • I close my topics if you have not replied in 5 days. If you need more time, simply let me know. If I closed your topic and you need it to be reopened, simply PM me.


    Download aswMBR to your desktop.
    Double click the aswMBR.exe to run it.
    If you see this question: Would you like to download latest Avast! virus definitions?" say "Yes".
    Click the "Scan" button to start scan.
    On completion of the scan click "Save log", save it to your desktop and post in your next reply.

    NOTE. aswMBR will create MBR.dat file on your desktop. This is a copy of your MBR. Do NOT delete it.


    Please download ComboFix from Here or Here to your Desktop.

    **Note: In the event you already have Combofix, this is a new version that I need you to download. It is important that it is saved directly to your desktop**
    1. Please, never rename Combofix unless instructed.
    2. Close any open browsers.
    3. Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.
      • Very Important! Temporarily disable your anti-virus, script blocking and any anti-malware real-time protection before performing a scan. They can interfere with ComboFix or remove some of its embedded files which may cause "unpredictable results".
      • Click on this link to see a list of programs that should be disabled. The list is not all inclusive. If yours is not listed and you don't know how to disable it, please ask.
      NOTE1. If Combofix asks you to install Recovery Console, please allow it.
      NOTE 2. If Combofix asks you to update the program, always do so.
      • Close any open browsers.
      • WARNING: Combofix will disconnect your machine from the Internet as soon as it starts
      • Please do not attempt to re-connect your machine back to the Internet until Combofix has completely finished.
      • If there is no internet connection after running Combofix, then restart your computer to restore back your connection.
    4. Double click on combofix.exe & follow the prompts.
    5. When finished, it will produce a report for you.
    6. Please post the "C:\ComboFix.txt"
    **Note 1: Do not mouseclick combofix's window while it's running. That may cause it to stall
    **Note 2 for AVG and CA Internet Security users: ComboFix will not run until AVG/CA Internet Security is uninstalled as a protective measure against the anti-virus. This is because AVG/CA Internet Security "falsely" detects ComboFix (or its embedded files) as a threat and may remove them resulting in the tool not working correctly which in turn can cause "unpredictable results". Since AVG/CA Internet Security cannot be effectively disabled before running ComboFix, the author recommends you to uninstall AVG/CA Internet Security first.
    Use AppRemover to uninstall it: http://www.appremover.com/
    We can reinstall it when we're done with CF.

    **Note 3: If you receive an error "Illegal operation attempted on a registery key that has been marked for deletion", restart computer to fix the issue.

    Make sure, you re-enable your security programs, when you're done with Combofix.


    If, for some reason, Combofix refuses to run, try one of the following:

    1. Run Combofix from Safe Mode (How to...)

    2. Delete Combofix file, download fresh one, but rename combofix.exe to yourname.exe BEFORE saving it to your desktop.
    Do NOT run it yet.

    Please download and run the below tool named Rkill (courtesy of BleepingComputer.com) which may help allow other programs to run.

    There are 4 different versions. If one of them won't run then download and try to run the other one.

    Vista and Win7 users need to right click Rkill and choose Run as Administrator

    You only need to get one of these to run, not all of them. You may get warnings from your antivirus about this tool, ignore them or shutdown your antivirus.


    • Double-click on the Rkill desktop icon to run the tool.
    • If using Vista or Windows 7 right-click on it and choose Run As Administrator.
    • A black DOS box will briefly flash and then disappear. This is normal and indicates the tool ran successfully.
    • If not, delete the file, then download and use the one provided in Link 2.
    • If it does not work, repeat the process and attempt to use one of the remaining links until the tool runs.
    • Do not reboot until instructed.
    • If the tool does not run from any of the links provided, please let me know.

    Once you've gotten one of them to run, immediately run your_name.exe by double clicking on it.

    If normal mode still doesn't work, run BOTH tools from safe mode.

    In case #2, please post BOTH logs, rKill and Combofix.

    DO NOT make any other changes to your computer (like installing programs, using other cleaning tools, etc.), until it's officially declared clean!!!
  3. exmatt

    exmatt TS Member Topic Starter Posts: 60

    Does the whole 'denied' stuff in the combofix report have something to do with why I can't get to so many of the hidden files? or is that just normal?

    aswMBR version Copyright(c) 2011 AVAST Software
    Run date: 2012-01-06 12:43:51
    12:43:51.292 OS Version: Windows 6.0.6002 Service Pack 2
    12:43:51.292 Number of processors: 2 586 0x6B01
    12:43:51.294 ComputerName: ROOTS-DESKTOP UserName: Roots
    12:44:21.193 Initialize success
    12:44:30.570 AVAST engine defs: 12010600
    12:44:51.734 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\00000051
    12:44:51.737 Disk 0 Vendor: ST316081 3.CH Size: 152627MB BusType: 6
    12:44:51.782 Disk 0 MBR read successfully
    12:44:51.785 Disk 0 MBR scan
    12:44:51.985 Disk 0 unknown MBR code
    12:44:52.050 Disk 0 Partition 1 80 (A) 07 HPFS/NTFS NTFS 144046 MB offset 63
    12:44:52.220 Disk 0 Partition 2 00 07 HPFS/NTFS NTFS 8578 MB offset 295006320
    12:44:52.257 Disk 0 scanning sectors +312575760
    12:44:52.517 Disk 0 scanning C:\Windows\system32\drivers
    12:45:55.180 Service scanning
    12:45:59.888 Modules scanning
    12:47:12.972 Disk 0 trace - called modules:
    12:47:13.010 ntkrnlpa.exe CLASSPNP.SYS disk.sys acpi.sys hal.dll storport.sys nvstor32.sys tcpip.sys NETIO.SYS partmgr.sys volmgr.sys ecache.sys volsnap.sys Ntfs.sys dxgkrnl.sys nvlddmkm.sys
    12:47:13.752 1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0x851872c8]
    12:47:13.784 3 CLASSPNP.SYS[8699e8b3] -> nt!IofCallDriver -> [0x83e6ada8]
    12:47:13.790 5 acpi.sys[8060d6bc] -> nt!IofCallDriver -> \Device\00000051[0x8427d640]
    12:47:29.938 AVAST engine scan C:\Windows
    12:47:58.908 AVAST engine scan C:\Windows\system32
    12:53:21.464 AVAST engine scan C:\Windows\system32\drivers
    12:53:33.789 AVAST engine scan C:\Users\Roots
    12:58:11.893 AVAST engine scan C:\ProgramData
    12:59:14.346 Scan finished successfully
    13:00:51.542 Disk 0 MBR has been saved successfully to "C:\Users\Roots\Desktop\MBR.dat"
    13:00:51.618 The log file has been saved successfully to "C:\Users\Roots\Desktop\aswMBR.txt"

    ComboFix 12-01-06.01 - Roots 01/06/2012 13:09:48.2.2 - x86
    Microsoft® Windows Vista™ Home Basic 6.0.6002.2.1252.1.1033.18.894.297 [GMT -5:00]
    Running from: c:\users\Roots\Desktop\ComboFix.exe
    AV: avast! Antivirus *Disabled/Updated* {2B2D1395-420B-D5C9-657E-930FE358FC3C}
    SP: avast! Antivirus *Disabled/Updated* {904CF271-6431-DA47-5FCE-A87D98DFB681}
    SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
    ((((((((((((((((((((((((( Files Created from 2011-12-06 to 2012-01-06 )))))))))))))))))))))))))))))))
    2012-01-06 18:28 . 2012-01-06 18:28 -------- d-----w- c:\users\Roots\AppData\Local\temp
    2012-01-06 18:28 . 2012-01-06 18:28 -------- d-----w- c:\users\Public\AppData\Local\temp
    2012-01-06 18:28 . 2012-01-06 18:28 -------- d-----w- c:\users\Default\AppData\Local\temp
    2011-12-27 08:01 . 2011-12-27 08:02 -------- d-----w- C:\debaf21ac0f0c2b95bbfb0ac6efc7c
    2011-12-14 07:24 . 2011-11-23 13:37 2043904 ----a-w- c:\windows\system32\win32k.sys
    2011-12-14 07:24 . 2011-10-27 08:01 3602816 ----a-w- c:\windows\system32\ntkrnlpa.exe
    2011-12-14 07:24 . 2011-10-27 08:01 3550080 ----a-w- c:\windows\system32\ntoskrnl.exe
    2011-12-14 07:24 . 2011-11-08 12:10 2409784 ----a-w- c:\program files\Windows Mail\OESpamFilter.dat
    2011-12-14 07:24 . 2011-10-14 16:02 429056 ----a-w- c:\windows\system32\EncDec.dll
    2011-12-14 07:24 . 2011-10-25 15:56 49152 ----a-w- c:\windows\system32\csrsrv.dll
    2011-12-14 07:24 . 2011-11-08 14:42 2048 ----a-w- c:\windows\system32\tzres.dll
    2011-12-12 18:55 . 2011-12-12 18:55 -------- d-----w- c:\users\Roots\AppData\Local\ElevatedDiagnostics
    2011-12-12 18:23 . 2011-08-31 22:00 22216 ----a-w- c:\windows\system32\drivers\mbam.sys
    (((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
    2011-11-28 18:01 . 2010-12-12 23:35 41184 ----a-w- c:\windows\avastSS.scr
    2011-11-28 18:01 . 2010-12-12 23:30 199816 ----a-w- c:\windows\system32\aswBoot.exe
    2011-11-28 17:53 . 2011-10-05 19:52 435032 ----a-w- c:\windows\system32\drivers\aswSnx.sys
    2011-11-28 17:53 . 2010-12-12 23:31 314456 ----a-w- c:\windows\system32\drivers\aswSP.sys
    2011-11-28 17:52 . 2010-12-12 23:31 34392 ----a-w- c:\windows\system32\drivers\aswRdr.sys
    2011-11-28 17:52 . 2010-12-12 23:31 52952 ----a-w- c:\windows\system32\drivers\aswTdi.sys
    2011-11-28 17:52 . 2010-12-12 23:31 55128 ----a-w- c:\windows\system32\drivers\aswMonFlt.sys
    2011-11-28 17:51 . 2010-12-12 23:31 20568 ----a-w- c:\windows\system32\drivers\aswFsBlk.sys
    ((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
    *Note* empty entries & legit default entries are not shown
    2011-11-28 18:01 122512 ----a-w- c:\program files\Alwil Software\Avast5\ashShell.dll
    "Sidebar"="c:\program files\Windows Sidebar\sidebar.exe" [2009-04-11 1233920]
    "pdfSaver3"="c:\program files\PDF\pdfSaver\pdfSaver3.exe" [2004-05-19 385024]
    "NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2008-05-22 13539872]
    "NvMediaCenter"="c:\windows\system32\NvMcTray.dll" [2008-05-22 92704]
    "QuickTime Task"="c:\program files\QuickTime\QTTask.exe" [2011-07-05 421888]
    "602PC SUITE PDF Saver"="c:\program files\Common Files\soft602\pdfSaver.exe" [2004-12-06 49152]
    "EnableUIADesktopToggle"= 0 (0x0)
    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\602PC SUITE PDF Saver]
    2004-12-06 15:10 49152 ----a-w- c:\program files\Common Files\soft602\pdfSaver.exe
    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ArcSoft Connection Service]
    2008-02-22 14:33 72192 ----a-w- c:\program files\Common Files\ArcSoft\Connection Service\Bin\ACDaemon.exe
    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DXM6Patch_981116]
    1998-11-30 22:04 497376 ----a-w- c:\windows\p_981116.exe
    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\InstaLAN]
    2010-07-28 21:33 1485208 ----a-w- c:\program files\Belkin\Router Setup and Monitor\BelkinRouterMonitor.exe
    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Malwarebytes' Anti-Malware (reboot)]
    2011-08-31 22:00 1047208 ----a-w- c:\program files\Malwarebytes' Anti-Malware\mbam.exe
    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
    2011-07-05 22:36 421888 ----a-w- c:\program files\QuickTime\QTTask.exe
    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RtHDVCpl]
    2008-01-15 15:26 4874240 ----a-w- c:\windows\RtHDVCpl.exe
    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Windows Defender]
    2008-01-19 07:38 1008184 ----a-w- c:\program files\Windows Defender\MSASCui.exe
    [HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring]
    [HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\McAfeeAntiSpyware]
    [HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]
    [HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall]
    --- Other Services/Drivers In Memory ---
    *Deregistered* - aswMBR
    [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
    LocalServiceNoNetwork REG_MULTI_SZ PLA DPS BFE mpssvc
    LocalServiceAndNoImpersonation REG_MULTI_SZ FontCache
    Contents of the 'Scheduled Tasks' folder
    2012-01-06 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
    - c:\program files\Google\Update\GoogleUpdate.exe [2009-12-26 00:29]
    2012-01-03 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
    - c:\program files\Google\Update\GoogleUpdate.exe [2009-12-26 00:29]
    2012-01-02 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1778406413-1203963834-3200763824-1000Core.job
    - c:\users\Roots\AppData\Local\Google\Update\GoogleUpdate.exe [2009-05-03 14:01]
    2012-01-03 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1778406413-1203963834-3200763824-1000UA.job
    - c:\users\Roots\AppData\Local\Google\Update\GoogleUpdate.exe [2009-05-03 14:01]
    2012-01-03 c:\windows\Tasks\HP WEP.job
    - c:\program files\HP\Dfawep\bin\hpbdfawep.exe [2007-04-25 18:28]
    ------- Supplementary Scan -------
    uStart Page = hxxp://www.aol.com/
    mStart Page = hxxp://www.aol.com/?src=customie7
    mSearch Bar = hxxp://us.rd.yahoo.com/customize/ie/defaults/sb/msgr8/*http://www.yahoo.com/ext/search/search.html
    uInternet Settings,ProxyOverride = *.local
    uSearchURL,(Default) = hxxp://us.rd.yahoo.com/customize/ie/defaults/su/msgr8/*http://www.yahoo.com
    IE: Open with WordPerfect - c:\program files\Corel\WordPerfect Office X4\Programs\WPLauncher.hta
    Trusted Zone: adobe.com\www
    Trusted Zone: runescape.com\www
    TCP: DhcpNameServer =
    - - - - ORPHANS REMOVED - - - -
    HKLM-Run-pdfSaver3 - (no file)
    MSConfigStartUp-iTunesHelper - c:\program files\iTunes\iTunesHelper.exe
    catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
    Rootkit scan 2012-01-06 13:28
    Windows 6.0.6002 Service Pack 2 NTFS
    scanning hidden processes ...
    scanning hidden autostart entries ...
    scanning hidden files ...
    scan completed successfully
    hidden files: 0
    --------------------- LOCKED REGISTRY KEYS ---------------------
    @Denied: (A) (Users)
    @Denied: (A) (Everyone)
    @Allowed: (B 1 2 3 4 5) (S-1-5-20)
    @Denied: (A) (Users)
    @Denied: (A) (Everyone)
    @Allowed: (B 1 2 3 4 5) (S-1-5-20)
    @Denied: (A) (Users)
    @Denied: (A) (Everyone)
    @Allowed: (B 1 2 3 4 5) (S-1-5-20)
    Completion time: 2012-01-06 13:34:59
    ComboFix-quarantined-files.txt 2012-01-06 18:34
    ComboFix2.txt 2011-09-07 01:02
    Pre-Run: 96,442,306,560 bytes free
    Post-Run: 96,516,579,328 bytes free
    - - End Of File - - 8AABAB1C5C9C495AF43D8A1BC4DEF80F
  4. Broni

    Broni Malware Annihilator Posts: 54,257   +383

    What exact files you can't access?

    Let's see, if we can recover your missing features.
    Download and run UnHide
    Let me know, if it worked.
  5. Broni

    Broni Malware Annihilator Posts: 54,257   +383

  6. exmatt

    exmatt TS Member Topic Starter Posts: 60

    It was just any file that was hidden. Like after I pressed show, I could see but it would say I didn't have permissions. But now I can't find any file that's saying it so I guess it's fixed!
  7. Broni

    Broni Malware Annihilator Posts: 54,257   +383

    Any other issues?

    Download OTL to your Desktop.

    • Double click on the icon to run it. Make sure all other windows are closed and to let it run uninterrupted.
    • Click the Scan All Users checkbox.
    • Under the Custom Scan box paste this in:

    %systemroot%\*. /mp /s
    %PROGRAMFILES%\bak. /s
    %systemroot%\system32\bak. /s
    %ALLUSERSPROFILE%\Start Menu\*.lnk /x
    %systemroot%\system32\config\systemprofile\*.dat /x
    %APPDATA%\Microsoft\Internet Explorer\Quick Launch\*.lnk /x
    %PROGRAMFILES%\Common Files\*.*
    %APPDATA%\Roaming\Microsoft\Windows\Recent\*.lnk /x
    %PROGRAMFILES%\Internet Explorer\*.tmp
    %PROGRAMFILES%\Internet Explorer\*.dat
    %USERPROFILE%\My Documents\*.exe
    %systemroot%\SECURITY\Database\*.sdb /x
    %systemroot%\Driver Cache\*.*
    %PROGRAMFILES%\Mozilla Firefox\0*.exe
    %ProgramFiles%\Microsoft Common\*.*
    %USERPROFILE%\Favorites\*.url /x
    %ALLUSERSPROFILE%\*.dat /x
    dir /b "%systemroot%\system32\*.exe" | find /i " " /c
    dir /b "%systemroot%\*.exe" | find /i " " /c
    %PROGRAMFILES%\Mozilla Firefox\*.dat
    %USERPROFILE%\Cookies\*.txt /x
    %systemroot%\pchealth\helpctr\System\*.exe /s
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WindowsUpdate\Auto Update\Results\Install|LastSuccessTime /rs

    • Click the Quick Scan button. Do not change any settings unless otherwise told to do so. The scan wont take long.
    • When the scan completes, it will open two notepad windows: OTL.txt and Extras.txt. These are saved in the same location as OTL.
    • Please copy (Edit->Select All, Edit->Copy) the contents of these files, one at a time, and post them back here.
  8. exmatt

    exmatt TS Member Topic Starter Posts: 60

    I'm letting it sit to see if it will ever start but for some reason it won't download. It just sits down there saying "starting...".
  9. Broni

    Broni Malware Annihilator Posts: 54,257   +383

    Download or run?
Topic Status:
Not open for further replies.

Similar Topics

Add your comment to this article

You need to be a member to leave a comment. Join thousands of tech enthusiasts and participate.
TechSpot Account You may also...