BitDefender detects Trojan.Inject.TM but can't delete.
#1
Posted 01 September 2010 - 02:06 PM
Register to Remove
#2 Guest_NightWizard_*
Posted 02 September 2010 - 03:37 AM
My name is NightWizard and I will be your helper.
While I go through your log, I would very much appreciate it if you read the following.
- I aim provide you with the best instructions possible to resolve your issue. However, I ask that you understand that malware is complex and the process usually takes a few attempts before successfully cleaning everything out. In severe cases cleaning may not be possible and a reformat may be our only option.
- If you are unresponsive to this thread within three days, the thread will be locked due to inactivity. However, if you will be away, let us know and we will be sure to keep the thread open.
- Please do not make any new threads about this issue here or any other malware removal forum; it wastes other helpers' time and it can be dangerous for your PC.
- If you don't understand a set of instructions or you are having trouble performing some of the fix, don't panic! Let me know and I will be happy to help in any way I can.
- Please remember that the absence of symptoms does not mean you are clean. I request that you stick to this log until the very end - I will inform you when your system is clean.
- Please do not use any tools other than the ones I instruct you to use. Some of the tools available can be dangerous if used incorrectly.
Please be advised that I am still in training at this forum. My posts will be checked by experts before I post in this thread. This is to ensure you get the best possible help available. This may cause delay however I will do my best to limit the time gaps between posts.
Thanks for choosing WhatTheTech and I will be back with a fix shortly!
-NightWizard
#3 Guest_NightWizard_*
Posted 02 September 2010 - 04:07 PM
Please work your way through the following steps:
Step One
It is possible that the infection you are trying to remove will not allow you to download files on the infected computer. If this is the case, then you will need to download the files requested in this guide on another computer and then transfer them to the infected computer. You can transfer the files via a CD/DVD, external drive, or USB flash drive.
Do not reboot your computer after running rkill as the malware programs will start again.
Please download and run the following tool to help allow other programs to run. (courtesy of BleepingComputer.com)
There are 5 different versions. If one of them won't run then download and try to run the other one.
Vista and Win7 users need to right click and choose Run as Admin
You only need to get one of them to run, not all of them.
Do not reboot your computer after running rkill as the malware programs will start again.
Step Two
Download OTL to your Desktop from one of the following links:
- Double click on the icon to run it. Make sure all other windows are closed and to let it run uninterrupted.
- Click on Minimal Output at the top
- Download the following file scan.txt to your Desktop from HERE.
- Double click inside the Custom Scan box at the bottom
- A window will appear saying "Click Ok to load a custom scan from a file or Cancel to cancel"
- Click the Ok button and navigate to the file scan.txt which we just saved to your desktop
- Select scan.txt and click Open. Writing will now appear under the Custom Scan box
- Click the Quick Scan button. Do not change any settings unless otherwise told to do so. The scan wont take long.
- When the scan completes, it will open two notepad windows. OTL.Txt and Extras.Txt. These are saved in the same location as OTL.
- Please copy (Edit->Select All, Edit->Copy) the contents of these files, one at a time, and post them in this thread.
Step Three
Download GMER Rootkit Scanner from here to your desktop. It will be a randomly named executable.
- Double click the exe file.
- If it gives you a warning about rootkit activity and asks if you want to run scan...click on NO, then use the following settings for a more complete scan.
Click the image to enlarge it
- In the right panel, you will see several boxes that have been checked. Ensure the following are unchecked
- IAT/EAT
- Drives/Partition other than Systemdrive (typically C:\)
- Show All (don't miss this one)
- Then click the Scan button & wait for it to finish.
- Once done click on the [Save..] button, and in the File name area, type in "Gmer.txt" or it will save as a .log file which cannot be uploaded to your post.
- Save it where you can easily find it, such as your desktop, and attach it in reply.
**Caution**
Rootkit scans often produce false positives. Do NOT take any action on any "<--- ROOKIT" entries
In your next reply please include:
- The OTL log.
- The GMER log.
#4 Guest_NightWizard_*
Posted 07 September 2010 - 12:14 AM
#5
Posted 07 September 2010 - 02:45 PM
If you need help please start a new thread.
New members follow the instructions here http://forums.whatth...ed_t106388.html and start a new topic
Proud Graduate of the WTT Classroom
#6
Posted 09 September 2010 - 10:46 AM
Edited by Perk, 09 September 2010 - 11:01 AM.
#7 Guest_NightWizard_*
Posted 11 September 2010 - 06:36 PM
Please work your way through the following:
Step 1 - Rill
Note: If your security software warns about Rkill, ignore & allow the download to continue.
Download RKill by Grinler from Here & save it to your Desktop.
Alternate download links:
Two
Three
Four
- Double click Rkill to run it
- A command window will open then disappear upon completion, this is normal
- If this does not happen... delete the file, then download & use the next link provided
- If it does not work, repeat the process & attempt to use one of the remaining links until the tool runs
- Do not reboot your machine until asked to do so. If no version of Rkill would run, please let me know
- When finished, Notepad will open with a log file, automatically saved at C:\rkill.log
- Copy/paste the contents of the rkill.log file in your next reply
- Leave Rkill on the Desktop unless instructed otherwise
After running RKill continue to do the following, it is important in this time you do not reboot your PC.
Step 2
Download OTL to your Desktop
- Double click on the icon to run it. Make sure all other windows are closed and to let it run uninterrupted.
- Click on Minimal Output at the top
- Download the following file scan.txt to your Desktop. Click here to download it. You may need to right click on it and select "Save"
- Double click inside the Custom Scan box at the bottom
- A window will appear saying "Click Ok to load a custom scan from a file or Cancel to cancel"
- Click the Ok button and navigate to the file scan.txt which we just saved to your desktop
- Select scan.txt and click Open. Writing will now appear under the Custom Scan box
- Click the Quick Scan button. Do not change any settings unless otherwise told to do so. The scan wont take long.
- When the scan completes, it will open two notepad windows. OTL.Txt and Extras.Txt. These are saved in the same location as OTL.
- Please copy (Edit->Select All, Edit->Copy) the contents of these files, one at a time and post them in your topic
Step 3
Download GMER Rootkit Scanner from here to your desktop. It will be a randomly named executable.
- Double click the exe file.
- If it gives you a warning about rootkit activity and asks if you want to run scan...click on NO, then use the following settings for a more complete scan.
Click the image to enlarge it
- In the right panel, you will see several boxes that have been checked. Ensure the following are unchecked
- IAT/EAT
- Drives/Partition other than Systemdrive (typically C:\)
- Show All (don't miss this one)
- Then click the Scan button & wait for it to finish.
- Once done click on the [Save..] button, and in the File name area, type in "Gmer.txt" or it will save as a .log file which cannot be uploaded to your post.
- Save it where you can easily find it, such as your desktop, and attach it in reply.
**Caution**
Rootkit scans often produce false positives. Do NOT take any action on any "<--- ROOKIT" entries
In your next reply please include:
- The Rkill log.
- The two OTL logs.
- The GMER log.
#8
Posted 13 September 2010 - 09:49 AM
Please post this only if requested to by the person helping you.
Otherwise you can close this log when you wish.
Ran as Byron on 09/12/2010 at 20:58:35.
Services Stopped:
Processes terminated by Rkill or while it was running:
C:\Windows\system32\DllHost.exe
C:\Windows\system32\DllHost.exe
C:\Users\Byron\Downloads\rkill.com
Rkill completed on 09/12/2010 at 20:58:43.
OTL logfile created on: 9/13/2010 7:47:46 AM - Run 1
OTL by OldTimer - Version 3.2.9.1 Folder = C:\Users\Byron\Downloads
Windows Vista Home Premium Edition Service Pack 1 (Version = 6.0.6001) - Type = NTWorkstation
Internet Explorer (Version = 7.0.6001.18000)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy
3.00 Gb Total Physical Memory | 2.00 Gb Available Physical Memory | 59.00% Memory free
6.00 Gb Paging File | 5.00 Gb Available in Paging File | 80.00% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 287.17 Gb Total Space | 203.84 Gb Free Space | 70.98% Space Free | Partition Type: NTFS
Drive D: | 10.92 Gb Total Space | 1.79 Gb Free Space | 16.39% Space Free | Partition Type: NTFS
Drive E: | 7.47 Gb Total Space | 0.00 Gb Free Space | 0.00% Space Free | Partition Type: UDF
F: Drive not present or media not loaded
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded
Computer Name: BYRON-PC
Current User Name: Byron
Logged in as Administrator.
Current Boot Mode: Normal
Scan Mode: Current user
Company Name Whitelist: On
Skip Microsoft Files: On
File Age = 90 Days
Output = Minimal
Quick Scan
========== Processes (SafeList) ==========
PRC - C:\Users\Byron\Downloads\OTL.exe (OldTimer Tools)
PRC - C:\Program Files\Mozilla Firefox\plugin-container.exe (Mozilla Corporation)
PRC - C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation)
PRC - C:\Program Files\CA\CA Internet Security Suite\ccschedulersvc.exe (Computer Associates International, Inc.)
PRC - C:\Program Files\CA\CA Internet Security Suite\CA Website Inspector\1.2.1.24.00317165\Toolbar\CAGlobal.exe (CallingID Ltd.)
PRC - C:\Program Files\CA\CA Internet Security Suite\CA Website Inspector\1.2.1.24.00317165\Light\CAGlobalLight.exe (CallingID Ltd.)
PRC - C:\Program Files\CA\CA Internet Security Suite\CA Anti-Virus Plus\isafe.exe (Computer Associates International, Inc.)
PRC - C:\Program Files\Common Files\Adobe\OOBE\PDApp\UWA\AAM Updates Notifier.exe (Adobe Systems Incorporated)
PRC - C:\WINDOWS\System32\svcprs32.exe ()
PRC - C:\WINDOWS\System32\mdmcls32.exe ()
PRC - C:\Program Files\CA\SharedComponents\HIPSEngine\UmxAgent.exe (CA)
PRC - C:\Program Files\CA\SharedComponents\HIPSEngine\UmxFwHlp.exe (CA)
PRC - C:\Program Files\CA\SharedComponents\HIPSEngine\UmxPol.exe (CA)
PRC - C:\Program Files\CA\SharedComponents\HIPSEngine\UmxCfg.exe (CA)
PRC - C:\WINDOWS\explorer.exe (Microsoft Corporation)
PRC - C:\Program Files\Yahoo!\SoftwareUpdate\YahooAUService.exe (Yahoo! Inc.)
PRC - C:\Program Files\SMINST\BLService.exe ()
PRC - C:\WINDOWS\System32\regsvr32.exe (Microsoft Corporation)
========== Modules (SafeList) ==========
MOD - C:\Users\Byron\Downloads\OTL.exe (OldTimer Tools)
MOD - C:\WINDOWS\System32\UmxSbxExw.dll (CA)
MOD - C:\WINDOWS\System32\UmxSbxw.dll (CA)
MOD - C:\WINDOWS\System32\msscript.ocx (Microsoft Corporation)
MOD - C:\WINDOWS\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.6001.18000_none_5cdbaa5a083979cc\comctl32.dll (Microsoft Corporation)
========== Win32 Services (SafeList) ==========
SRV - (Norton Internet Security) -- C:\Program Files\Norton Internet Security\Engine\16.0.0.125\ccSvcHst.exe File not found
SRV - (ccSchedulerSVC) -- C:\Program Files\CA\CA Internet Security Suite\ccschedulersvc.exe (Computer Associates International, Inc.)
SRV - (CaCCProvSP) -- C:\Program Files\CA\CA Internet Security Suite\ccprovsp.exe (CA, Inc.)
SRV - (CAISafe) -- C:\Program Files\CA\CA Internet Security Suite\CA Anti-Virus Plus\isafe.exe (Computer Associates International, Inc.)
SRV - (WinSvchostManager) -- C:\WINDOWS\System32\svcprs32.exe ()
SRV - (WinExtManager) -- C:\WINDOWS\System32\mdmcls32.exe ()
SRV - (SwitchBoard) -- C:\Program Files\Common Files\Adobe\SwitchBoard\SwitchBoard.exe (Adobe Systems Incorporated)
SRV - (UmxAgent) -- C:\Program Files\CA\SharedComponents\HIPSEngine\UmxAgent.exe (CA)
SRV - (UmxFwHlp) -- C:\Program Files\CA\SharedComponents\HIPSEngine\UmxFwHlp.exe (CA)
SRV - (UmxPol) -- C:\Program Files\CA\SharedComponents\HIPSEngine\UmxPol.exe (CA)
SRV - (UmxCfg) -- C:\Program Files\CA\SharedComponents\HIPSEngine\UmxCfg.exe (CA)
SRV - (YahooAUService) -- C:\Program Files\Yahoo!\SoftwareUpdate\YahooAUService.exe (Yahoo! Inc.)
SRV - (Recovery Service for Windows) -- C:\Program Files\SMINST\BLService.exe ()
SRV - (WinDefend) -- C:\Program Files\Windows Defender\MpSvc.dll (Microsoft Corporation)
========== Driver Services (SafeList) ==========
DRV - (SRTSPX) -- C:\Windows\System32\drivers\NIS\1000000.07D\SRTSPX.SYS File not found
DRV - (SRTSP) -- C:\Windows\System32\drivers\NIS\1000000.07D\SRTSP.SYS File not found
DRV - (NwlnkFwd) -- C:\Windows\System32\DRIVERS\nwlnkfwd.sys File not found
DRV - (NwlnkFlt) -- C:\Windows\System32\DRIVERS\nwlnkflt.sys File not found
DRV - (NAVEX15) -- C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\Norton\Definitions\VirusDefs\20080829.024\NAVEX15.SYS File not found
DRV - (NAVENG) -- C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\Norton\Definitions\VirusDefs\20080829.024\NAVENG.SYS File not found
DRV - (IpInIp) -- C:\Windows\System32\DRIVERS\ipinip.sys File not found
DRV - (KmxAMRT) -- C:\Windows\system32\DRIVERS\KmxAMRT.sys (CA)
DRV - (KmxAgent) -- C:\WINDOWS\System32\drivers\KmxAgent.sys (CA)
DRV - (KmxCfg) -- C:\WINDOWS\System32\drivers\KmxCfg.sys (CA)
DRV - (KmxSbx) -- C:\WINDOWS\System32\drivers\KmxSbx.sys (CA)
DRV - (KmxFile) -- C:\WINDOWS\System32\drivers\KmxFile.sys (CA)
DRV - (KmxCF) -- C:\WINDOWS\System32\drivers\KmxCF.sys (CA)
DRV - (KmxFw) -- C:\Windows\System32\DRIVERS\kmxfw.sys (CA)
DRV - (KmxFilter) -- C:\WINDOWS\System32\drivers\KmxFilter.sys (CA)
DRV - (NuidFltr) -- C:\WINDOWS\System32\drivers\nuidfltr.sys (Microsoft Corporation)
DRV - (viaide) -- C:\Windows\system32\drivers\viaide.sys (VIA Technologies, Inc.)
DRV - (cmdide) -- C:\Windows\system32\drivers\cmdide.sys (CMD Technology, Inc.)
DRV - (aliide) -- C:\Windows\system32\drivers\aliide.sys (Acer Laboratories Inc.)
DRV - (KmxAMVet) -- C:\WINDOWS\System32\drivers\KmxAMVet.sys (Computer Associates International, Inc.)
DRV - (athr) -- C:\WINDOWS\System32\drivers\athr.sys (Atheros Communications, Inc.)
DRV - (RTSTOR) -- C:\WINDOWS\System32\drivers\RTSTOR.sys (Realtek Semiconductor Corp.)
DRV - (igfx) -- C:\WINDOWS\System32\drivers\igdkmd32.sys (Intel Corporation)
DRV - (IntcHdmiAddService) Intel® -- C:\WINDOWS\System32\drivers\IntcHdmi.sys (Intel® Corporation)
DRV - (RTL8169) -- C:\WINDOWS\System32\drivers\Rtlh86.sys (Realtek Corporation )
DRV - (CnxtHdAudService) -- C:\WINDOWS\System32\drivers\CHDRT32.sys (Conexant Systems Inc.)
DRV - (SynTP) -- C:\WINDOWS\System32\drivers\SynTP.sys (Synaptics, Inc.)
DRV - (MegaSR) -- C:\Windows\system32\drivers\megasr.sys (LSI Corporation, Inc.)
DRV - (adpu320) -- C:\Windows\system32\drivers\adpu320.sys (Adaptec, Inc.)
DRV - (megasas) -- C:\Windows\system32\drivers\megasas.sys (LSI Corporation)
DRV - (adpu160m) -- C:\Windows\system32\drivers\adpu160m.sys (Adaptec, Inc.)
DRV - (SiSRaid4) -- C:\Windows\system32\drivers\sisraid4.sys (Silicon Integrated Systems)
DRV - (HpCISSs) -- C:\Windows\system32\drivers\hpcisss.sys (Hewlett-Packard Company)
DRV - (adpahci) -- C:\Windows\system32\drivers\adpahci.sys (Adaptec, Inc.)
DRV - (LSI_SAS) -- C:\Windows\system32\drivers\lsi_sas.sys (LSI Logic)
DRV - (ql2300) -- C:\Windows\system32\drivers\ql2300.sys (QLogic Corporation)
DRV - (E1G60) Intel® -- C:\WINDOWS\System32\drivers\E1G60I32.sys (Intel Corporation)
DRV - (arcsas) -- C:\Windows\system32\drivers\arcsas.sys (Adaptec, Inc.)
DRV - (iaStorV) -- C:\Windows\system32\drivers\iastorv.sys (Intel Corporation)
DRV - (vsmraid) -- C:\Windows\system32\drivers\vsmraid.sys (VIA Technologies Inc.,Ltd)
DRV - (ulsata2) -- C:\Windows\system32\drivers\ulsata2.sys (Promise Technology, Inc.)
DRV - (LSI_SCSI) -- C:\Windows\system32\drivers\lsi_scsi.sys (LSI Logic)
DRV - (LSI_FC) -- C:\Windows\system32\drivers\lsi_fc.sys (LSI Logic)
DRV - (arc) -- C:\Windows\system32\drivers\arc.sys (Adaptec, Inc.)
DRV - (elxstor) -- C:\Windows\system32\drivers\elxstor.sys (Emulex)
DRV - (adp94xx) -- C:\Windows\system32\drivers\adp94xx.sys (Adaptec, Inc.)
DRV - (nvraid) -- C:\Windows\system32\drivers\nvraid.sys (NVIDIA Corporation)
DRV - (nvstor) -- C:\Windows\system32\drivers\nvstor.sys (NVIDIA Corporation)
DRV - (NETw3v32) Intel® -- C:\WINDOWS\System32\drivers\NETw3v32.sys (Intel Corporation)
DRV - (uliahci) -- C:\Windows\system32\drivers\uliahci.sys (ULi Electronics Inc.)
DRV - (HSF_DPV) -- C:\WINDOWS\System32\drivers\HSX_DPV.sys (Conexant Systems, Inc.)
DRV - (HSXHWAZL) -- C:\WINDOWS\System32\drivers\HSXHWAZL.sys (Conexant Systems, Inc.)
DRV - (winachsf) -- C:\WINDOWS\System32\drivers\HSX_CNXT.sys (Conexant Systems, Inc.)
DRV - (XAudio) -- C:\WINDOWS\System32\drivers\XAudio.sys (Conexant Systems, Inc.)
DRV - (HpqKbFiltr) -- C:\WINDOWS\System32\drivers\HpqKbFiltr.sys (Hewlett-Packard Development Company, L.P.)
DRV - (ql40xx) -- C:\Windows\system32\drivers\ql40xx.sys (QLogic Corporation)
DRV - (UlSata) -- C:\Windows\system32\drivers\ulsata.sys (Promise Technology, Inc.)
DRV - (nfrd960) -- C:\Windows\system32\drivers\nfrd960.sys (IBM Corporation)
DRV - (iirsp) -- C:\Windows\system32\drivers\iirsp.sys (Intel Corp./ICP vortex GmbH)
DRV - (aic78xx) -- C:\Windows\system32\drivers\djsvs.sys (Adaptec, Inc.)
DRV - (iteraid) -- C:\Windows\system32\drivers\iteraid.sys (Integrated Technology Express, Inc.)
DRV - (iteatapi) -- C:\Windows\system32\drivers\iteatapi.sys (Integrated Technology Express, Inc.)
DRV - (Symc8xx) -- C:\Windows\system32\drivers\symc8xx.sys (LSI Logic)
DRV - (Sym_u3) -- C:\Windows\system32\drivers\sym_u3.sys (LSI Logic)
DRV - (Mraid35x) -- C:\Windows\system32\drivers\mraid35x.sys (LSI Logic Corporation)
DRV - (Sym_hi) -- C:\Windows\system32\drivers\sym_hi.sys (LSI Logic)
DRV - (Brserid) Brother MFC Serial Port Interface Driver (WDM) -- C:\Windows\system32\drivers\brserid.sys (Brother Industries Ltd.)
DRV - (BrUsbSer) -- C:\Windows\system32\drivers\brusbser.sys (Brother Industries Ltd.)
DRV - (BrFiltUp) -- C:\Windows\system32\drivers\brfiltup.sys (Brother Industries, Ltd.)
DRV - (BrFiltLo) -- C:\Windows\system32\drivers\brfiltlo.sys (Brother Industries, Ltd.)
DRV - (BrSerWdm) -- C:\Windows\system32\drivers\brserwdm.sys (Brother Industries Ltd.)
DRV - (BrUsbMdm) -- C:\Windows\system32\drivers\brusbmdm.sys (Brother Industries Ltd.)
DRV - (ntrigdigi) -- C:\Windows\system32\drivers\ntrigdigi.sys (N-trig Innovative Technologies)
DRV - (yukonwlh) -- C:\WINDOWS\System32\drivers\yk60x86.sys (Marvell)
I posted 4 logs but the post was too long so i had to select all and copy and paste this way. I hope everything is here.
#9 Guest_NightWizard_*
Posted 13 September 2010 - 04:29 PM
#10
Posted 14 September 2010 - 06:32 PM
Register to Remove
#11 Guest_NightWizard_*
Posted 15 September 2010 - 11:03 PM
Please navigate to http://tinypaste.com/ and copy/paste your log into the main text area, then click submit (bottom right). You will then be redirected to a page with a link on it. Please post that link here for me to see.
Please be sure to make a separate paste for each log.
Thanks
#13 Guest_NightWizard_*
Posted 19 September 2010 - 07:05 AM
Please work your way through the following steps:
Step 1 - P2P Programs
I notice there are signs of one or more P2P (Person to Person) File Sharing Programs on your computer.
LimeWire
BitTorrent
References for the risk of these programs can be found in these links:
http://www.microsoft...protection.mspx
http://www.techweb.com/wire/160500554
http://www.internetw...cles/art053.htm
Note: Even if you are using a "safe" P2P program, it is only the program that is safe. You will be sharing files from uncertified sources, and these are often infected. The bad guys use P2P filesharing as a major conduit to spread their wares.
My recommendation is you go to Control Panel > Add/Remove Programs and uninstall the programs listed above (in red).
If you choose not to remove them, please do not use them until this computer is clean.
Step 2 - 2 Anti-Virus Programs Running!
You are operating your computer with multiple Anti-virus programs:
- BitDefender
- CA
It is not safe to have more than one anti-virus installed on a computer, and doing so not only does not provide better protection, it will actually cause additional problems.
Anti-virus programs hook deep into the system to provide their protection and take up an enormous amount of your computer's resources when they are actively scanning your computer.
Having multiple anti-virus programs on one computer can cause your computer to run very slow, become unstable and even crash, You must remove all but one anti-virus program now.
To do this click Start > Run then copy/paste this: control.exe appwiz.cpl and click Ok. Then remove your chosen AV's from the list presented.
Step 3
Run OTL.exe
- Copy/paste the following text written inside of the code box into the Custom Scans/Fixes box located at the bottom of OTL
:OTL O4 - HKCU..\Run: [MSVirtual] File not found O33 - MountPoints2\G\Shell - "" = AutoRun O33 - MountPoints2\G\Shell\AutoRun\command - "" = G:\LaunchU3.exe -- File not found :Files C:\Users\Byron\Desktop\Magic ISO Maker 5.4 with serial C:\Users\Byron\Desktop\Business Plan Pro 2007 Premier Edition v9.06.0006 Incl Keymaker :Commands [purity] [emptytemp] [emptyflash] [resethosts]
- Then click the Run Fix button at the top
- Let the program run unhindered, reboot when it is done
- After rebooting, please post the OTL you are presented with on startup.
Step 4
Download the Norton Removal Tool from HERE and save it to your desktop.
Next Double click on Norton_Removal_Tool.exe to run the tool.
Follow the on-screen instructions.
Your computer may be restarted more than once, and you may be asked to repeat some steps after the computer restarts.
Step 5
Please download Malwarebytes' AntiMalware.
Double click mbam-setup.exe to install the application.
- Make sure a checkmark is placed next to Update Malwarebytes' Anti-Malware and Launch Malwarebytes' Anti-Malware, then click Finish.
- If an update is found, it will download and install the latest version.
- Once the program has loaded, select Perform Full Scan, then click Scan.
The scan may take some time to finish,so please be patient. - When the scan is complete, click OK, then Show Results to view the results.
- Make sure that everything is checked, and click Remove Selected.
- When disinfection is completed, a log will open in Notepad and you may be prompted to restart. Restart if it tells you to.
- The log is automatically saved by MBAM and can be viewed by clicking the Logs tab in MBAM.
- Copy and paste the entire report in your next reply.
In your next reply please include:
- The OTL log.
- The MBAM log.
#14
Posted 19 September 2010 - 12:59 PM
#15
Posted 19 September 2010 - 01:23 PM
0 user(s) are reading this topic
0 members, 0 guests, 0 anonymous users