Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Can someone please explain these!


  • Please log in to reply
1 reply to this topic

#1 misconduct

misconduct

  • Members
  • 62 posts
  • OFFLINE
  •  
  • Local time:09:30 AM

Posted 07 March 2009 - 11:51 AM

Ok,ill be honest with you i dont really know what im doing but think im making some progress. PLEASE TELL ME IF IM WRONG!
I ran an avira scan for the first time on my acer e38 desktop for the first time after a format and recieved a report saying 10 virus or unwanted programs detected.
- when the computer started up i was getting rundll errors so after a bit of research determined most likely cause was a virus of some sort.
- so i found this program called malawarebytes which i understand fixes mosy rundll errors and more. Installed and ran the program and it said I had numerous errors that needed to be fixed. I said ok and let it do its thing. It seems to have worked no more run dll errors at startup , computer i feel is faster,internet seems faster.
-i ran another scan with avira it detected 2 virus or unwanted programs. (my maths not that good but im sure 2 is better than 10 in this case ). both in different locations than the first ten.

Although Im happy with fixing the dll erreor , I still want to remove the virus on my computerfor obvious reasons. This is where after alot of reading on how to do so i would like to ask for some professional advise before proceeding and maybe the best course of action to take.

Below are the log files of each scan i did in order
Thanks for the help

avscan1!


Avira AntiVir Personal
Report file date: Thursday, March 05, 2009 19:14

Scanning for 1285039 virus strains and unwanted programs.

Licensed to: Avira AntiVir PersonalEdition Classic
Serial number: 0000149996-ADJIE-0001
Platform: Windows XP
Windows version: (Service Pack 2) [5.1.2600]
Boot mode: Normally booted
Username: SYSTEM
Computer name: ANNA

Version information:
BUILD.DAT : 8.2.0.337 16934 Bytes 11/18/2008 13:05:00
AVSCAN.EXE : 8.1.4.10 315649 Bytes 11/18/2008 17:21:26
AVSCAN.DLL : 8.1.4.0 40705 Bytes 5/26/2008 16:56:40
LUKE.DLL : 8.1.4.5 164097 Bytes 6/12/2008 21:44:19
LUKERES.DLL : 8.1.4.0 12033 Bytes 5/26/2008 16:58:52
ANTIVIR0.VDF : 7.1.0.0 15603712 Bytes 10/27/2008 20:30:36
ANTIVIR1.VDF : 7.1.2.12 3336192 Bytes 2/11/2009 03:07:51
ANTIVIR2.VDF : 7.1.2.105 513536 Bytes 3/3/2009 03:07:53
ANTIVIR3.VDF : 7.1.2.128 113664 Bytes 3/5/2009 03:07:54
Engineversion : 8.2.0.105
AEVDF.DLL : 8.1.1.0 106868 Bytes 3/6/2009 03:08:02
AESCRIPT.DLL : 8.1.1.57 356729 Bytes 3/6/2009 03:08:01
AESCN.DLL : 8.1.1.8 127346 Bytes 3/6/2009 03:08:00
AERDL.DLL : 8.1.1.3 438645 Bytes 11/4/2008 22:58:38
AEPACK.DLL : 8.1.3.10 397686 Bytes 3/6/2009 03:08:00
AEOFFICE.DLL : 8.1.0.36 196987 Bytes 3/6/2009 03:07:59
AEHEUR.DLL : 8.1.0.104 1634679 Bytes 3/6/2009 03:07:58
AEHELP.DLL : 8.1.2.2 119158 Bytes 3/6/2009 03:07:56
AEGEN.DLL : 8.1.1.25 336243 Bytes 3/6/2009 03:07:55
AEEMU.DLL : 8.1.0.9 393588 Bytes 10/14/2008 19:05:56
AECORE.DLL : 8.1.6.6 176501 Bytes 3/6/2009 03:07:54
AEBB.DLL : 8.1.0.3 53618 Bytes 10/14/2008 19:05:56
AVWINLL.DLL : 1.0.0.12 15105 Bytes 7/9/2008 17:40:05
AVPREF.DLL : 8.0.2.0 38657 Bytes 5/16/2008 18:28:01
AVREP.DLL : 8.0.0.2 98344 Bytes 7/31/2008 21:02:15
AVREG.DLL : 8.0.0.1 33537 Bytes 5/9/2008 20:26:40
AVARKT.DLL : 1.0.0.23 307457 Bytes 2/12/2008 17:29:23
AVEVTLOG.DLL : 8.0.0.16 119041 Bytes 6/12/2008 21:27:49
SQLITE3.DLL : 3.3.17.1 339968 Bytes 1/23/2008 02:28:02
SMTPLIB.DLL : 1.2.0.23 28929 Bytes 6/12/2008 21:49:40
NETNT.DLL : 8.0.0.1 7937 Bytes 1/25/2008 21:05:10
RCIMAGE.DLL : 8.0.0.51 2371841 Bytes 6/12/2008 22:48:07
RCTEXT.DLL : 8.0.52.0 86273 Bytes 6/27/2008 22:34:37

Configuration settings for the scan:
Jobname..........................: Complete system scan
Configuration file...............: c:\program files\avira\antivir personaledition classic\sysscan.avp
Logging..........................: low
Primary action...................: interactive
Secondary action.................: ignore
Scan master boot sector..........: on
Scan boot sector.................: on
Boot sectors.....................: C:, E:,
Process scan.....................: on
Scan registry....................: on
Search for rootkits..............: off
Scan all files...................: Intelligent file selection
Scan archives....................: on
Recursion depth..................: 20
Smart extensions.................: on
Macro heuristic..................: on
File heuristic...................: medium

Start of the scan: Thursday, March 05, 2009 19:14

The scan of running processes will be started
Scan process 'avscan.exe' - '1' Module(s) have been scanned
Scan process 'avcenter.exe' - '1' Module(s) have been scanned
Scan process 'avgnt.exe' - '1' Module(s) have been scanned
Scan process 'wmiadap.exe' - '1' Module(s) have been scanned
Scan process 'avguard.exe' - '1' Module(s) have been scanned
Scan process 'sched.exe' - '1' Module(s) have been scanned
Scan process 'alg.exe' - '1' Module(s) have been scanned
Scan process 'o2flash.exe' - '1' Module(s) have been scanned
Scan process 'ZDWlan.exe' - '1' Module(s) have been scanned
Scan process 'msmsgs.exe' - '1' Module(s) have been scanned
Scan process 'RTHDCPL.exe' - '1' Module(s) have been scanned
Scan process 'explorer.exe' - '1' Module(s) have been scanned
Scan process 'spoolsv.exe' - '1' Module(s) have been scanned
Scan process 'svchost.exe' - '1' Module(s) have been scanned
Scan process 'svchost.exe' - '1' Module(s) have been scanned
Scan process 'svchost.exe' - '1' Module(s) have been scanned
Scan process 'svchost.exe' - '1' Module(s) have been scanned
Scan process 'svchost.exe' - '1' Module(s) have been scanned
Scan process 'lsass.exe' - '1' Module(s) have been scanned
Scan process 'services.exe' - '1' Module(s) have been scanned
Scan process 'winlogon.exe' - '1' Module(s) have been scanned
Scan process 'csrss.exe' - '1' Module(s) have been scanned
Scan process 'smss.exe' - '1' Module(s) have been scanned
23 processes with 23 modules were scanned

Starting master boot sector scan:
Master boot sector HD0
[INFO] No virus was found!

Start scanning boot sectors:
Boot sector 'C:\'
[INFO] No virus was found!
Boot sector 'E:\'
[INFO] No virus was found!

Starting to scan the registry.
C:\WINDOWS\system32\buzakayo.dll
[DETECTION] Is the TR/Vundo.Gen Trojan
[WARNING] An error has occurred and the file was not deleted. ErrorID: 26003
[WARNING] The file could not be deleted!
[NOTE] Attempting to perform action using the ARK lib.
[NOTE] The file was moved to '49285fc3.qua'!

The registry was scanned ( '52' files ).


Starting the file scan:

Begin scan in 'C:\'
C:\ARK3.tmp
[DETECTION] Is the TR/Vundo.Gen Trojan
[WARNING] An error has occurred and the file was not deleted. ErrorID: 26003
[WARNING] The file could not be deleted!
[NOTE] Attempting to perform action using the ARK lib.
[NOTE] The file was moved to '4b70648c.qua'!
C:\pagefile.sys
[WARNING] The file could not be opened!
C:\Documents and Settings\Administrator\Desktop\Downloads\CRACK\WPA Kill.exe
[DETECTION] Is the TR/Tool.Wpakill.F Trojan
[NOTE] The file was moved to '49f19580.qua'!
C:\System Volume Information\_restore{B5A04D7E-4909-4048-86E8-8682CD273F45}\RP2\A0000007.exe
[DETECTION] Is the TR/Tool.Wpakill.F Trojan
[NOTE] The file was moved to '49e0bdda.qua'!
C:\WINDOWS\system32\howusubu.dll
[DETECTION] Is the TR/Crypt.XPACK.Gen Trojan
[NOTE] The file was moved to '4a27beaa.qua'!
C:\WINDOWS\system32\nahatona.dll
[DETECTION] Is the TR/Vundo.Gen Trojan
[WARNING] An error has occurred and the file was not deleted. ErrorID: 26003
[WARNING] The file could not be deleted!
[NOTE] Attempting to perform action using the ARK lib.
[NOTE] The file was moved to '48e37a75.qua'!
C:\WINDOWS\system32\rafomife.dll
[DETECTION] Is the TR/Vundo.Gen Trojan
[WARNING] An error has occurred and the file was not deleted. ErrorID: 26003
[WARNING] The file could not be deleted!
[NOTE] Attempting to perform action using the ARK lib.
[NOTE] The file was moved to '48ed7a7e.qua'!
C:\WINDOWS\system32\sosazeri.dll
[DETECTION] Is the TR/Vundo.Gen Trojan
[NOTE] The file was moved to '4a23bed1.qua'!
C:\WINDOWS\system32\vuseyiju.dll
[DETECTION] Is the TR/Vundo.Gen Trojan
[WARNING] An error has occurred and the file was not deleted. ErrorID: 26003
[WARNING] The file could not be deleted!
[NOTE] Attempting to perform action using the ARK lib.
[NOTE] The file was moved to '48d87a20.qua'!
C:\WINDOWS\system32\yonevena.dll
[DETECTION] Is the TR/Vundo.Gen Trojan
[WARNING] An error has occurred and the file was not deleted. ErrorID: 26003
[WARNING] The file could not be deleted!
[NOTE] Attempting to perform action using the ARK lib.
[NOTE] The file was moved to '48e57a22.qua'!
Begin scan in 'E:\'
Search path E:\ could not be opened!
System error [1005]: The volume does not contain a recognized file system.


End of the scan: Thursday, March 05, 2009 22:12
Used time: 2:58:07 Hour(s)

The scan has been done completely.

1728 Scanning directories
206044 Files were scanned
10 viruses and/or unwanted programs were found
0 Files were classified as suspicious:
0 files were deleted
0 files were repaired
10 files were moved to quarantine
0 files were renamed
1 Files cannot be scanned
206033 Files not concerned
18598 Archives were scanned
7 Warnings
10 Notes


Malawarebytes Scan!

Malwarebytes' Anti-Malware 1.34
Database version: 1825
Windows 5.1.2600 Service Pack 2

3/6/2009 11:20:17 PM
mbam-log-2009-03-06 (23-20-17).txt

Scan type: Quick Scan
Objects scanned: 65172
Time elapsed: 5 minute(s), 23 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 13
Registry Values Infected: 4
Registry Data Items Infected: 0
Folders Infected: 19
Files Infected: 133

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{99ca2121-ae08-444d-ab4b-a80a055871dd} (Trojan.Vundo.H) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{99ca2121-ae08-444d-ab4b-a80a055871dd} (Trojan.Vundo.H) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{ec43e3fd-5c60-46a6-97d7-e0b85dbdd6c4} (Trojan.BHO) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\VundoFixTool (Fake.VundoFixTool) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\MS Juan (Malware.Trace) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\contim (Trojan.Vundo) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\dslcnnct (Trojan.Vundo) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\MS Track System (Trojan.Vundo) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\rdfa (Trojan.Vundo) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\.pox (Malware.Trace) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\pofile (Malware.Trace) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{A14A8608-CF1C-4010-A348-7EA220C70305}_is1 (Rogue.PerfectOptimizer) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Miracle (Rogue.PerfectOptimizer) -> Quarantined and deleted successfully.

Registry Values Infected:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\b48cb6c9 (Trojan.Vundo.H) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\kibujabene (Trojan.Vundo.H) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\SharedTaskScheduler\{ec43e3fd-5c60-46a6-97d7-e0b85dbdd6c4} (Trojan.BHO) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\vundofixtool (Fake.VundoFixTool) -> Quarantined and deleted successfully.

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
C:\Program Files\Perfect Optimizer (Rogue.PerfectOptimzier) -> Quarantined and deleted successfully.
C:\Program Files\Perfect Optimizer\Backup (Rogue.PerfectOptimzier) -> Quarantined and deleted successfully.
C:\Program Files\Perfect Optimizer\Backup\Application (Rogue.PerfectOptimzier) -> Quarantined and deleted successfully.
C:\Program Files\Perfect Optimizer\Backup\Registry (Rogue.PerfectOptimzier) -> Quarantined and deleted successfully.
C:\Program Files\Perfect Optimizer\Backup\Registry\FirstBackup (Rogue.PerfectOptimzier) -> Quarantined and deleted successfully.
C:\Program Files\Perfect Optimizer\Backup\Registry\FullBackup (Rogue.PerfectOptimzier) -> Quarantined and deleted successfully.
C:\Program Files\Perfect Optimizer\Backup\Service (Rogue.PerfectOptimzier) -> Quarantined and deleted successfully.
C:\Program Files\Perfect Optimizer\Data (Rogue.PerfectOptimzier) -> Quarantined and deleted successfully.
C:\Program Files\Perfect Optimizer\Data\Service (Rogue.PerfectOptimzier) -> Quarantined and deleted successfully.
C:\Program Files\Perfect Optimizer\Res (Rogue.PerfectOptimzier) -> Quarantined and deleted successfully.
C:\Program Files\Perfect Optimizer\Res\Home (Rogue.PerfectOptimzier) -> Quarantined and deleted successfully.
C:\Program Files\Perfect Optimizer\Res\Icon (Rogue.PerfectOptimzier) -> Quarantined and deleted successfully.
C:\Program Files\Perfect Optimizer\Res\Jpg (Rogue.PerfectOptimzier) -> Quarantined and deleted successfully.
C:\Program Files\Perfect Optimizer\Res\Menu (Rogue.PerfectOptimzier) -> Quarantined and deleted successfully.
C:\Program Files\Perfect Optimizer\Temp (Rogue.PerfectOptimzier) -> Quarantined and deleted successfully.
C:\Program Files\Perfect Optimizer\Update (Rogue.PerfectOptimzier) -> Quarantined and deleted successfully.
C:\Documents and Settings\Administrator\Application Data\VundoFixTool (Fake.VundoFixTool) -> Quarantined and deleted successfully.
C:\Documents and Settings\Administrator\Application Data\VundoFixTool\Log (Fake.VundoFixTool) -> Quarantined and deleted successfully.
C:\Documents and Settings\Administrator\Application Data\VundoFixTool\Settings (Fake.VundoFixTool) -> Quarantined and deleted successfully.

Files Infected:
C:\Program Files\Perfect Optimizer\ActiveX.dat (Rogue.PerfectOptimzier) -> Quarantined and deleted successfully.
C:\Program Files\Perfect Optimizer\Apps.dat (Rogue.PerfectOptimzier) -> Quarantined and deleted successfully.
C:\Program Files\Perfect Optimizer\Components.dat (Rogue.PerfectOptimzier) -> Quarantined and deleted successfully.
C:\Program Files\Perfect Optimizer\MFC42D.DLL (Rogue.PerfectOptimzier) -> Quarantined and deleted successfully.
C:\Program Files\Perfect Optimizer\MFCO42D.DLL (Rogue.PerfectOptimzier) -> Quarantined and deleted successfully.
C:\Program Files\Perfect Optimizer\MSVCRTD.DLL (Rogue.PerfectOptimzier) -> Quarantined and deleted successfully.
C:\Program Files\Perfect Optimizer\Perfect Optimizer.url (Rogue.PerfectOptimzier) -> Quarantined and deleted successfully.
C:\Program Files\Perfect Optimizer\PerfectOptimizer.exe (Rogue.PerfectOptimzier) -> Quarantined and deleted successfully.
C:\Program Files\Perfect Optimizer\SEClean.dll (Rogue.PerfectOptimzier) -> Quarantined and deleted successfully.
C:\Program Files\Perfect Optimizer\SECleaner.dll (Rogue.PerfectOptimzier) -> Quarantined and deleted successfully.
C:\Program Files\Perfect Optimizer\SERepair.dll (Rogue.PerfectOptimzier) -> Quarantined and deleted successfully.
C:\Program Files\Perfect Optimizer\SEShred.dll (Rogue.PerfectOptimzier) -> Quarantined and deleted successfully.
C:\Program Files\Perfect Optimizer\SEStyle.dll (Rogue.PerfectOptimzier) -> Quarantined and deleted successfully.
C:\Program Files\Perfect Optimizer\unins000.dat (Rogue.PerfectOptimzier) -> Quarantined and deleted successfully.
C:\Program Files\Perfect Optimizer\unins000.exe (Rogue.PerfectOptimzier) -> Quarantined and deleted successfully.
C:\Program Files\Perfect Optimizer\Update.exe (Rogue.PerfectOptimzier) -> Quarantined and deleted successfully.
C:\Program Files\Perfect Optimizer\Backup\Registry\FirstBackup\20090306225450.Reg (Rogue.PerfectOptimzier) -> Quarantined and deleted successfully.
C:\Program Files\Perfect Optimizer\Res\Alert.png (Rogue.PerfectOptimzier) -> Quarantined and deleted successfully.
C:\Program Files\Perfect Optimizer\Res\Bad.png (Rogue.PerfectOptimzier) -> Quarantined and deleted successfully.
C:\Program Files\Perfect Optimizer\Res\Bad_24x24.png (Rogue.PerfectOptimzier) -> Quarantined and deleted successfully.
C:\Program Files\Perfect Optimizer\Res\Bad_32x32.png (Rogue.PerfectOptimzier) -> Quarantined and deleted successfully.
C:\Program Files\Perfect Optimizer\Res\Check.png (Rogue.PerfectOptimzier) -> Quarantined and deleted successfully.
C:\Program Files\Perfect Optimizer\Res\Data.png (Rogue.PerfectOptimzier) -> Quarantined and deleted successfully.
C:\Program Files\Perfect Optimizer\Res\Disk.png (Rogue.PerfectOptimzier) -> Quarantined and deleted successfully.
C:\Program Files\Perfect Optimizer\Res\DotLine.png (Rogue.PerfectOptimzier) -> Quarantined and deleted successfully.
C:\Program Files\Perfect Optimizer\Res\Error.png (Rogue.PerfectOptimzier) -> Quarantined and deleted successfully.
C:\Program Files\Perfect Optimizer\Res\Frame.png (Rogue.PerfectOptimzier) -> Quarantined and deleted successfully.
C:\Program Files\Perfect Optimizer\Res\Good_24x24.png (Rogue.PerfectOptimzier) -> Quarantined and deleted successfully.
C:\Program Files\Perfect Optimizer\Res\Good_32x32.png (Rogue.PerfectOptimzier) -> Quarantined and deleted successfully.
C:\Program Files\Perfect Optimizer\Res\Info.png (Rogue.PerfectOptimzier) -> Quarantined and deleted successfully.
C:\Program Files\Perfect Optimizer\Res\Progrss.bmp (Rogue.PerfectOptimzier) -> Quarantined and deleted successfully.
C:\Program Files\Perfect Optimizer\Res\Safe.png (Rogue.PerfectOptimzier) -> Quarantined and deleted successfully.
C:\Program Files\Perfect Optimizer\Res\Sys.png (Rogue.PerfectOptimzier) -> Quarantined and deleted successfully.
C:\Program Files\Perfect Optimizer\Res\Uncheck.png (Rogue.PerfectOptimzier) -> Quarantined and deleted successfully.
C:\Program Files\Perfect Optimizer\Res\Home\green.png (Rogue.PerfectOptimzier) -> Quarantined and deleted successfully.
C:\Program Files\Perfect Optimizer\Res\Home\orange.png (Rogue.PerfectOptimzier) -> Quarantined and deleted successfully.
C:\Program Files\Perfect Optimizer\Res\Home\Red.png (Rogue.PerfectOptimzier) -> Quarantined and deleted successfully.
C:\Program Files\Perfect Optimizer\Res\Home\yellow.png (Rogue.PerfectOptimzier) -> Quarantined and deleted successfully.
C:\Program Files\Perfect Optimizer\Res\Icon\block_activeX.png (Rogue.PerfectOptimzier) -> Quarantined and deleted successfully.
C:\Program Files\Perfect Optimizer\Res\Icon\evidence_clean.png (Rogue.PerfectOptimzier) -> Quarantined and deleted successfully.
C:\Program Files\Perfect Optimizer\Res\Icon\junk_file_clean.png (Rogue.PerfectOptimzier) -> Quarantined and deleted successfully.
C:\Program Files\Perfect Optimizer\Res\Icon\registry_clean.png (Rogue.PerfectOptimzier) -> Quarantined and deleted successfully.
C:\Program Files\Perfect Optimizer\Res\Icon\startup_optimize.png (Rogue.PerfectOptimzier) -> Quarantined and deleted successfully.
C:\Program Files\Perfect Optimizer\Res\Icon\system_optimize.png (Rogue.PerfectOptimzier) -> Quarantined and deleted successfully.
C:\Program Files\Perfect Optimizer\Res\Jpg\SEM_EC_Image_BG.jpg (Rogue.PerfectOptimzier) -> Quarantined and deleted successfully.
C:\Program Files\Perfect Optimizer\Res\Jpg\SEM_FSR_Image_BG.jpg (Rogue.PerfectOptimzier) -> Quarantined and deleted successfully.
C:\Program Files\Perfect Optimizer\Res\Jpg\SEM_FSS_Image_BG.jpg (Rogue.PerfectOptimzier) -> Quarantined and deleted successfully.
C:\Program Files\Perfect Optimizer\Res\Jpg\SEM_FST_Image_BG.jpg (Rogue.PerfectOptimzier) -> Quarantined and deleted successfully.
C:\Program Files\Perfect Optimizer\Res\Jpg\SEM_Home_Image_BG.jpg (Rogue.PerfectOptimzier) -> Quarantined and deleted successfully.
C:\Program Files\Perfect Optimizer\Res\Jpg\SEM_MO_Image_BG.jpg (Rogue.PerfectOptimzier) -> Quarantined and deleted successfully.
C:\Program Files\Perfect Optimizer\Res\Jpg\SEM_RSO_Image_BG.jpg (Rogue.PerfectOptimzier) -> Quarantined and deleted successfully.
C:\Program Files\Perfect Optimizer\Res\Jpg\SEM_RSO_Image_Info.jpg (Rogue.PerfectOptimzier) -> Quarantined and deleted successfully.
C:\Program Files\Perfect Optimizer\Res\Jpg\SEM_RSR_Image_BG.jpg (Rogue.PerfectOptimzier) -> Quarantined and deleted successfully.
C:\Program Files\Perfect Optimizer\Res\Jpg\SEM_RSS_Image_BG.jpg (Rogue.PerfectOptimzier) -> Quarantined and deleted successfully.
C:\Program Files\Perfect Optimizer\Res\Jpg\SEM_RST_Image_BG.jpg (Rogue.PerfectOptimzier) -> Quarantined and deleted successfully.
C:\Program Files\Perfect Optimizer\Res\Jpg\SEM_Top.jpg (Rogue.PerfectOptimzier) -> Quarantined and deleted successfully.
C:\Program Files\Perfect Optimizer\Res\Menu\SEM_BackGround.png (Rogue.PerfectOptimzier) -> Quarantined and deleted successfully.
C:\Program Files\Perfect Optimizer\Res\Menu\SEM_Button_BackGround.png (Rogue.PerfectOptimzier) -> Quarantined and deleted successfully.
C:\Program Files\Perfect Optimizer\Res\Menu\SEM_Button_Backup_Down.png (Rogue.PerfectOptimzier) -> Quarantined and deleted successfully.
C:\Program Files\Perfect Optimizer\Res\Menu\SEM_Button_Backup_Normal.png (Rogue.PerfectOptimzier) -> Quarantined and deleted successfully.
C:\Program Files\Perfect Optimizer\Res\Menu\SEM_Button_Backup_Over.png (Rogue.PerfectOptimzier) -> Quarantined and deleted successfully.
C:\Program Files\Perfect Optimizer\Res\Menu\SEM_Button_Clean_Down.png (Rogue.PerfectOptimzier) -> Quarantined and deleted successfully.
C:\Program Files\Perfect Optimizer\Res\Menu\SEM_Button_Clean_Normal.png (Rogue.PerfectOptimzier) -> Quarantined and deleted successfully.
C:\Program Files\Perfect Optimizer\Res\Menu\SEM_Button_Clean_Over.png (Rogue.PerfectOptimzier) -> Quarantined and deleted successfully.
C:\Program Files\Perfect Optimizer\Res\Menu\SEM_Button_DriveBackup_Down.png (Rogue.PerfectOptimzier) -> Quarantined and deleted successfully.
C:\Program Files\Perfect Optimizer\Res\Menu\SEM_Button_DriveBackup_Normal.png (Rogue.PerfectOptimzier) -> Quarantined and deleted successfully.
C:\Program Files\Perfect Optimizer\Res\Menu\SEM_Button_DriveBackup_Over.png (Rogue.PerfectOptimzier) -> Quarantined and deleted successfully.
C:\Program Files\Perfect Optimizer\Res\Menu\SEM_Button_EvidenceClean_Down.png (Rogue.PerfectOptimzier) -> Quarantined and deleted successfully.
C:\Program Files\Perfect Optimizer\Res\Menu\SEM_Button_EvidenceClean_Normal.png (Rogue.PerfectOptimzier) -> Quarantined and deleted successfully.
C:\Program Files\Perfect Optimizer\Res\Menu\SEM_Button_EvidenceClean_Over.png (Rogue.PerfectOptimzier) -> Quarantined and deleted successfully.
C:\Program Files\Perfect Optimizer\Res\Menu\SEM_Button_FavoritesBackup_Down.png (Rogue.PerfectOptimzier) -> Quarantined and deleted successfully.
C:\Program Files\Perfect Optimizer\Res\Menu\SEM_Button_FavoritesBackup_Normal.png (Rogue.PerfectOptimzier) -> Quarantined and deleted successfully.
C:\Program Files\Perfect Optimizer\Res\Menu\SEM_Button_FavoritesBackup_Over.png (Rogue.PerfectOptimzier) -> Quarantined and deleted successfully.
C:\Program Files\Perfect Optimizer\Res\Menu\SEM_Button_Home_Down.png (Rogue.PerfectOptimzier) -> Quarantined and deleted successfully.
C:\Program Files\Perfect Optimizer\Res\Menu\SEM_Button_Home_Normal.png (Rogue.PerfectOptimzier) -> Quarantined and deleted successfully.
C:\Program Files\Perfect Optimizer\Res\Menu\SEM_Button_Home_Over.png (Rogue.PerfectOptimzier) -> Quarantined and deleted successfully.
C:\Program Files\Perfect Optimizer\Res\Menu\SEM_Button_IERepair_Down.png (Rogue.PerfectOptimzier) -> Quarantined and deleted successfully.
C:\Program Files\Perfect Optimizer\Res\Menu\SEM_Button_IERepair_Normal.png (Rogue.PerfectOptimzier) -> Quarantined and deleted successfully.
C:\Program Files\Perfect Optimizer\Res\Menu\SEM_Button_IERepair_Over.png (Rogue.PerfectOptimzier) -> Quarantined and deleted successfully.
C:\Program Files\Perfect Optimizer\Res\Menu\SEM_Button_JunkFileClean_Down.png (Rogue.PerfectOptimzier) -> Quarantined and deleted successfully.
C:\Program Files\Perfect Optimizer\Res\Menu\SEM_Button_JunkFileClean_Normal.png (Rogue.PerfectOptimzier) -> Quarantined and deleted successfully.
C:\Program Files\Perfect Optimizer\Res\Menu\SEM_Button_JunkFileClean_Over.png (Rogue.PerfectOptimzier) -> Quarantined and deleted successfully.
C:\Program Files\Perfect Optimizer\Res\Menu\SEM_Button_MomeryOptimizer_Down.png (Rogue.PerfectOptimzier) -> Quarantined and deleted successfully.
C:\Program Files\Perfect Optimizer\Res\Menu\SEM_Button_MomeryOptimizer_Normal.png (Rogue.PerfectOptimzier) -> Quarantined and deleted successfully.
C:\Program Files\Perfect Optimizer\Res\Menu\SEM_Button_MomeryOptimizer_Over.png (Rogue.PerfectOptimzier) -> Quarantined and deleted successfully.
C:\Program Files\Perfect Optimizer\Res\Menu\SEM_Button_OneClick_Down.png (Rogue.PerfectOptimzier) -> Quarantined and deleted successfully.
C:\Program Files\Perfect Optimizer\Res\Menu\SEM_Button_OneClick_Normal.png (Rogue.PerfectOptimzier) -> Quarantined and deleted successfully.
C:\Program Files\Perfect Optimizer\Res\Menu\SEM_Button_OneClick_Over.png (Rogue.PerfectOptimzier) -> Quarantined and deleted successfully.
C:\Program Files\Perfect Optimizer\Res\Menu\SEM_Button_Optimize_Down.png (Rogue.PerfectOptimzier) -> Quarantined and deleted successfully.
C:\Program Files\Perfect Optimizer\Res\Menu\SEM_Button_Optimize_Normal.png (Rogue.PerfectOptimzier) -> Quarantined and deleted successfully.
C:\Program Files\Perfect Optimizer\Res\Menu\SEM_Button_Optimize_Over.png (Rogue.PerfectOptimzier) -> Quarantined and deleted successfully.
C:\Program Files\Perfect Optimizer\Res\Menu\SEM_Button_Options_Down.png (Rogue.PerfectOptimzier) -> Quarantined and deleted successfully.
C:\Program Files\Perfect Optimizer\Res\Menu\SEM_Button_Options_Normal.png (Rogue.PerfectOptimzier) -> Quarantined and deleted successfully.
C:\Program Files\Perfect Optimizer\Res\Menu\SEM_Button_Options_Over.png (Rogue.PerfectOptimzier) -> Quarantined and deleted successfully.
C:\Program Files\Perfect Optimizer\Res\Menu\SEM_Button_RegistryClean_Down.png (Rogue.PerfectOptimzier) -> Quarantined and deleted successfully.
C:\Program Files\Perfect Optimizer\Res\Menu\SEM_Button_RegistryClean_Normal.png (Rogue.PerfectOptimzier) -> Quarantined and deleted successfully.
C:\Program Files\Perfect Optimizer\Res\Menu\SEM_Button_RegistryClean_Over.png (Rogue.PerfectOptimzier) -> Quarantined and deleted successfully.
C:\Program Files\Perfect Optimizer\Res\Menu\SEM_Button_RegsitryBackup_Down.png (Rogue.PerfectOptimzier) -> Quarantined and deleted successfully.
C:\Program Files\Perfect Optimizer\Res\Menu\SEM_Button_RegsitryBackup_Normal.png (Rogue.PerfectOptimzier) -> Quarantined and deleted successfully.
C:\Program Files\Perfect Optimizer\Res\Menu\SEM_Button_RegsitryBackup_Over.png (Rogue.PerfectOptimzier) -> Quarantined and deleted successfully.
C:\Program Files\Perfect Optimizer\Res\Menu\SEM_Button_Repair_Down.png (Rogue.PerfectOptimzier) -> Quarantined and deleted successfully.
C:\Program Files\Perfect Optimizer\Res\Menu\SEM_Button_Repair_Normal.png (Rogue.PerfectOptimzier) -> Quarantined and deleted successfully.
C:\Program Files\Perfect Optimizer\Res\Menu\SEM_Button_Repair_Over.png (Rogue.PerfectOptimzier) -> Quarantined and deleted successfully.
C:\Program Files\Perfect Optimizer\Res\Menu\SEM_Button_Results_Down.png (Rogue.PerfectOptimzier) -> Quarantined and deleted successfully.
C:\Program Files\Perfect Optimizer\Res\Menu\SEM_Button_Results_Normal.png (Rogue.PerfectOptimzier) -> Quarantined and deleted successfully.
C:\Program Files\Perfect Optimizer\Res\Menu\SEM_Button_Results_Over.png (Rogue.PerfectOptimzier) -> Quarantined and deleted successfully.
C:\Program Files\Perfect Optimizer\Res\Menu\SEM_Button_Small_BackGround.png (Rogue.PerfectOptimzier) -> Quarantined and deleted successfully.
C:\Program Files\Perfect Optimizer\Res\Menu\SEM_Button_SpyClean_Down.png (Rogue.PerfectOptimzier) -> Quarantined and deleted successfully.
C:\Program Files\Perfect Optimizer\Res\Menu\SEM_Button_SpyClean_Normal.png (Rogue.PerfectOptimzier) -> Quarantined and deleted successfully.
C:\Program Files\Perfect Optimizer\Res\Menu\SEM_Button_SpyClean_Over.png (Rogue.PerfectOptimzier) -> Quarantined and deleted successfully.
C:\Program Files\Perfect Optimizer\Res\Menu\SEM_Button_StartupManager_Down.png (Rogue.PerfectOptimzier) -> Quarantined and deleted successfully.
C:\Program Files\Perfect Optimizer\Res\Menu\SEM_Button_StartupManager_Normal.png (Rogue.PerfectOptimzier) -> Quarantined and deleted successfully.
C:\Program Files\Perfect Optimizer\Res\Menu\SEM_Button_StartupManager_Over.png (Rogue.PerfectOptimzier) -> Quarantined and deleted successfully.
C:\Program Files\Perfect Optimizer\Res\Menu\SEM_Button_SystemOptimizer_Down.png (Rogue.PerfectOptimzier) -> Quarantined and deleted successfully.
C:\Program Files\Perfect Optimizer\Res\Menu\SEM_Button_SystemOptimizer_Normal.png (Rogue.PerfectOptimzier) -> Quarantined and deleted successfully.
C:\Program Files\Perfect Optimizer\Res\Menu\SEM_Button_SystemOptimizer_Over.png (Rogue.PerfectOptimzier) -> Quarantined and deleted successfully.
C:\Program Files\Perfect Optimizer\Res\Menu\SEM_Button_SystemRepair_Down.png (Rogue.PerfectOptimzier) -> Quarantined and deleted successfully.
C:\Program Files\Perfect Optimizer\Res\Menu\SEM_Button_SystemRepair_Normal.png (Rogue.PerfectOptimzier) -> Quarantined and deleted successfully.
C:\Program Files\Perfect Optimizer\Res\Menu\SEM_Button_SystemRepair_Over.png (Rogue.PerfectOptimzier) -> Quarantined and deleted successfully.
C:\Program Files\Perfect Optimizer\Res\Menu\SEM_Button_SystemRestore_Down.png (Rogue.PerfectOptimzier) -> Quarantined and deleted successfully.
C:\Program Files\Perfect Optimizer\Res\Menu\SEM_Button_SystemRestore_Normal.png (Rogue.PerfectOptimzier) -> Quarantined and deleted successfully.
C:\Program Files\Perfect Optimizer\Res\Menu\SEM_Button_SystemRestore_Over.png (Rogue.PerfectOptimzier) -> Quarantined and deleted successfully.
C:\Program Files\Perfect Optimizer\Res\Menu\SEM_Button_UninstallManager_Down.png (Rogue.PerfectOptimzier) -> Quarantined and deleted successfully.
C:\Program Files\Perfect Optimizer\Res\Menu\SEM_Button_UninstallManager_Normal.png (Rogue.PerfectOptimzier) -> Quarantined and deleted successfully.
C:\Program Files\Perfect Optimizer\Res\Menu\SEM_Button_UninstallManager_Over.png (Rogue.PerfectOptimzier) -> Quarantined and deleted successfully.
C:\Program Files\Perfect Optimizer\Res\Menu\SEM_Button_WindowsRepair_Down.png (Rogue.PerfectOptimzier) -> Quarantined and deleted successfully.
C:\Program Files\Perfect Optimizer\Res\Menu\SEM_Button_WindowsRepair_Normal.png (Rogue.PerfectOptimzier) -> Quarantined and deleted successfully.
C:\Program Files\Perfect Optimizer\Res\Menu\SEM_Button_WindowsRepair_Over.png (Rogue.PerfectOptimzier) -> Quarantined and deleted successfully.
C:\Documents and Settings\Administrator\Application Data\VundoFixTool\rs.dat (Fake.VundoFixTool) -> Quarantined and deleted successfully.
C:\Documents and Settings\Administrator\Application Data\VundoFixTool\Log\2009 Mar 04 - 02_10_15 AM_000.log (Fake.VundoFixTool) -> Quarantined and deleted successfully.
C:\Documents and Settings\Administrator\Application Data\VundoFixTool\Settings\ScanResults.pie (Fake.VundoFixTool) -> Quarantined and deleted successfully.
C:\WINDOWS\Tasks\VundoFixTool Scheduled Scan.job (Fake.VundoFixTool) -> Quarantined and deleted successfully.
C:\WINDOWS\Tasks\PerfectOptimzier_OneClick.job (Rogue.PerfectOptimzier) -> Quarantined and deleted successfully.

avscan2!


Avira AntiVir Personal
Report file date: Friday, March 06, 2009 23:33

Scanning for 1288153 virus strains and unwanted programs.

Licensed to: Avira AntiVir PersonalEdition Classic
Serial number: 0000149996-ADJIE-0001
Platform: Windows XP
Windows version: (Service Pack 2) [5.1.2600]
Boot mode: Normally booted
Username: SYSTEM
Computer name: ANNA

Version information:
BUILD.DAT : 8.2.0.337 16934 Bytes 11/18/2008 13:05:00
AVSCAN.EXE : 8.1.4.10 315649 Bytes 11/18/2008 17:21:26
AVSCAN.DLL : 8.1.4.0 40705 Bytes 5/26/2008 16:56:40
LUKE.DLL : 8.1.4.5 164097 Bytes 6/12/2008 21:44:19
LUKERES.DLL : 8.1.4.0 12033 Bytes 5/26/2008 16:58:52
ANTIVIR0.VDF : 7.1.0.0 15603712 Bytes 10/27/2008 20:30:36
ANTIVIR1.VDF : 7.1.2.12 3336192 Bytes 2/11/2009 03:07:51
ANTIVIR2.VDF : 7.1.2.105 513536 Bytes 3/3/2009 03:07:53
ANTIVIR3.VDF : 7.1.2.134 157696 Bytes 3/6/2009 03:07:27
Engineversion : 8.2.0.105
AEVDF.DLL : 8.1.1.0 106868 Bytes 3/6/2009 03:08:02
AESCRIPT.DLL : 8.1.1.57 356729 Bytes 3/6/2009 03:08:01
AESCN.DLL : 8.1.1.8 127346 Bytes 3/6/2009 03:08:00
AERDL.DLL : 8.1.1.3 438645 Bytes 11/4/2008 22:58:38
AEPACK.DLL : 8.1.3.10 397686 Bytes 3/6/2009 03:08:00
AEOFFICE.DLL : 8.1.0.36 196987 Bytes 3/6/2009 03:07:59
AEHEUR.DLL : 8.1.0.104 1634679 Bytes 3/6/2009 03:07:58
AEHELP.DLL : 8.1.2.2 119158 Bytes 3/6/2009 03:07:56
AEGEN.DLL : 8.1.1.25 336243 Bytes 3/6/2009 03:07:55
AEEMU.DLL : 8.1.0.9 393588 Bytes 10/14/2008 19:05:56
AECORE.DLL : 8.1.6.6 176501 Bytes 3/6/2009 03:07:54
AEBB.DLL : 8.1.0.3 53618 Bytes 10/14/2008 19:05:56
AVWINLL.DLL : 1.0.0.12 15105 Bytes 7/9/2008 17:40:05
AVPREF.DLL : 8.0.2.0 38657 Bytes 5/16/2008 18:28:01
AVREP.DLL : 8.0.0.2 98344 Bytes 7/31/2008 21:02:15
AVREG.DLL : 8.0.0.1 33537 Bytes 5/9/2008 20:26:40
AVARKT.DLL : 1.0.0.23 307457 Bytes 2/12/2008 17:29:23
AVEVTLOG.DLL : 8.0.0.16 119041 Bytes 6/12/2008 21:27:49
SQLITE3.DLL : 3.3.17.1 339968 Bytes 1/23/2008 02:28:02
SMTPLIB.DLL : 1.2.0.23 28929 Bytes 6/12/2008 21:49:40
NETNT.DLL : 8.0.0.1 7937 Bytes 1/25/2008 21:05:10
RCIMAGE.DLL : 8.0.0.51 2371841 Bytes 6/12/2008 22:48:07
RCTEXT.DLL : 8.0.52.0 86273 Bytes 6/27/2008 22:34:37

Configuration settings for the scan:
Jobname..........................: Complete system scan
Configuration file...............: c:\program files\avira\antivir personaledition classic\sysscan.avp
Logging..........................: low
Primary action...................: interactive
Secondary action.................: ignore
Scan master boot sector..........: on
Scan boot sector.................: on
Boot sectors.....................: C:, E:, F:,
Process scan.....................: on
Scan registry....................: on
Search for rootkits..............: off
Scan all files...................: Intelligent file selection
Scan archives....................: on
Recursion depth..................: 20
Smart extensions.................: on
Macro heuristic..................: on
File heuristic...................: medium

Start of the scan: Friday, March 06, 2009 23:33

The scan of running processes will be started
Scan process 'avscan.exe' - '1' Module(s) have been scanned
Scan process 'svchost.exe' - '1' Module(s) have been scanned
Scan process 'iTunes.exe' - '1' Module(s) have been scanned
Scan process 'alg.exe' - '1' Module(s) have been scanned
Scan process 'iPodService.exe' - '1' Module(s) have been scanned
Scan process 'avcenter.exe' - '1' Module(s) have been scanned
Scan process 'svchost.exe' - '1' Module(s) have been scanned
Scan process 'o2flash.exe' - '1' Module(s) have been scanned
Scan process 'nvsvc32.exe' - '1' Module(s) have been scanned
Scan process 'AppleMobileDeviceService.exe' - '1' Module(s) have been scanned
Scan process 'avguard.exe' - '1' Module(s) have been scanned
Scan process 'ZDWlan.exe' - '1' Module(s) have been scanned
Scan process 'msmsgs.exe' - '1' Module(s) have been scanned
Scan process 'rundll32.exe' - '1' Module(s) have been scanned
Scan process 'lxczbmon.exe' - '1' Module(s) have been scanned
Scan process 'iTunesHelper.exe' - '1' Module(s) have been scanned
Scan process 'lxczbmgr.exe' - '1' Module(s) have been scanned
Scan process 'avgnt.exe' - '1' Module(s) have been scanned
Scan process 'RTHDCPL.exe' - '1' Module(s) have been scanned
Scan process 'explorer.exe' - '1' Module(s) have been scanned
Scan process 'sched.exe' - '1' Module(s) have been scanned
Scan process 'LEXPPS.EXE' - '1' Module(s) have been scanned
Scan process 'spoolsv.exe' - '1' Module(s) have been scanned
Scan process 'LEXBCES.EXE' - '1' Module(s) have been scanned
Scan process 'svchost.exe' - '1' Module(s) have been scanned
Scan process 'svchost.exe' - '1' Module(s) have been scanned
Scan process 'svchost.exe' - '1' Module(s) have been scanned
Scan process 'svchost.exe' - '1' Module(s) have been scanned
Scan process 'svchost.exe' - '1' Module(s) have been scanned
Scan process 'lsass.exe' - '1' Module(s) have been scanned
Scan process 'services.exe' - '1' Module(s) have been scanned
Scan process 'winlogon.exe' - '1' Module(s) have been scanned
Scan process 'csrss.exe' - '1' Module(s) have been scanned
Scan process 'smss.exe' - '1' Module(s) have been scanned
34 processes with 34 modules were scanned

Starting master boot sector scan:
Master boot sector HD0
[INFO] No virus was found!
Master boot sector HD1
[INFO] No virus was found!
[WARNING] System error [87]: The parameter is incorrect.

Start scanning boot sectors:
Boot sector 'C:\'
[INFO] No virus was found!
Boot sector 'E:\'
[INFO] No virus was found!
Boot sector 'F:\'
[INFO] No virus was found!

Starting to scan the registry.
The registry was scanned ( '54' files ).


Starting the file scan:

Begin scan in 'C:\'
C:\pagefile.sys
[WARNING] The file could not be opened!
C:\System Volume Information\_restore{B5A04D7E-4909-4048-86E8-8682CD273F45}\RP2\A0000008.dll
[DETECTION] Is the TR/Crypt.XPACK.Gen Trojan
[NOTE] The file was moved to '49e2282a.qua'!
C:\System Volume Information\_restore{B5A04D7E-4909-4048-86E8-8682CD273F45}\RP2\A0000009.dll
[DETECTION] Is the TR/Vundo.Gen Trojan
[NOTE] The file was moved to '49e2282f.qua'!
Begin scan in 'E:\'
Begin scan in 'F:\' <New Volume>


End of the scan: Saturday, March 07, 2009 00:08
Used time: 35:11 Minute(s)

The scan has been done completely.

3350 Scanning directories
168509 Files were scanned
2 viruses and/or unwanted programs were found
0 Files were classified as suspicious:
0 files were deleted
0 files were repaired
2 files were moved to quarantine
0 files were renamed
1 Files cannot be scanned
168506 Files not concerned
2869 Archives were scanned
2 Warnings
2 Notes

BC AdBot (Login to Remove)

 


#2 Budapest

Budapest

    Bleepin' Cynic


  • Moderator
  • 23,573 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:11:30 PM

Posted 09 March 2009 - 05:58 PM

Please download ATF Cleaner by Atribune & save it to your desktop. alternate download link DO NOT use yet.
Please download and install SUPERAntiSpyware Free
  • Double-click SUPERAntiSypware.exe and use the default settings for installation.
  • An icon will be created on your desktop. Double-click that icon to launch the program.
  • If asked to update the program definitions, click "Yes". If not, update the definitions before scanning by selecting "Check for Updates". (If you encounter any problems while downloading the updates, manually download them from here and unzip into the program's folder.)
  • Under the "Configuration and Preferences", click the Preferences... button.
  • Click the "General and Startup" tab, and under Start-up Options, make sure "Start SUPERAntiSpyware when Windows starts" box is unchecked.
  • Click the "Scanning Control" tab, and under Scanner Options, make sure the following are checked (leave all others unchecked):
    • Close browsers before scanning.
    • Scan for tracking cookies.
    • Terminate memory threats before quarantining.
  • Click the "Close" button to leave the control center screen and exit the program.
  • Do not run a scan just yet.
Reboot your computer in "Safe Mode" using the F8 method. To do this, restart your computer and after hearing your computer beep once during startup (but before the Windows icon appears) press the F8 key repeatedly. A menu will appear with several options. Use the arrow keys to navigate and select the option to run Windows in "Safe Mode".

Double-click ATF-Cleaner.exe to run the program.
  • Under Main "Select Files to Delete" choose: Select All.
  • Click the Empty Selected button.
  • If you use Firefox browser click Firefox at the top and choose: Select All
  • Click the Empty Selected button.
    If you would like to keep your saved passwords, please click No at the prompt.
  • If you use Opera browser click Opera at the top and choose: Select All
  • Click the Empty Selected button.
    If you would like to keep your saved passwords, please click No at the prompt.
  • Click Exit on the Main menu to close the program.
Note: On Vista, "Windows Temp" is disabled. To empty "Windows Temp" ATF-Cleaner must be "Run as an Administrator".

Scan with SUPERAntiSpyware as follows:
  • Launch the program and back on the main screen, under "Scan for Harmful Software" click Scan your computer.
  • On the left, make sure you check C:\Fixed Drive.
  • On the right, under "Complete Scan", choose Perform Complete Scan and click "Next".
  • After the scan is complete, a Scan Summary box will appear with potentially harmful items that were detected. Click "OK".
  • Make sure everything has a checkmark next to it and click "Next".
  • A notification will appear that "Quarantine and Removal is Complete". Click "OK" and then click the "Finish" button to return to the main menu.
  • If asked if you want to reboot, click "Yes" and reboot normally.
  • To retrieve the removal information after reboot, launch SUPERAntispyware again.
    • Click Preferences, then click the Statistics/Logs tab.
    • Under Scanner Logs, double-click SUPERAntiSpyware Scan Log.
    • If there are several logs, click the current dated log and press View log. A text file will open in your default text editor.
    • Please copy and paste the Scan Log results in your next reply.
  • Click Close to exit the program.

The power of accurate observation is commonly called cynicism by those who haven't got it.

—George Bernard Shaw




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users