Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

TR/Dldr.Swizzor.Gen2


  • Please log in to reply
12 replies to this topic

#1 SoberSnake

SoberSnake

  • Members
  • 10 posts
  • OFFLINE
  •  
  • Gender:Female
  • Local time:04:53 AM

Posted 31 January 2010 - 08:47 PM

I found your site on google, and there was a similar problem but the topic is closed...
For several months i'm trying to get rid of TR/Dldr.Swizzor.Gen2. I've tried different antivirus programs (Avira, Kasperski, Nod...) and now the last option is to take the computer on re-installation and cleaning... You are my last chance!!!
Deleted, in quarantine, ignored... however, he always returns... 5-6 times a day. I am now at the stage of scanning computer 3 times a day, because i don't know what to do... so at least I have the feeling of doing something even though I know this doesn't solve anything...
My computer is now slow (although it is new), half of the program is not working, and the other half was apparently not installed correctly... To remind, the laptop is new (5-6 months old) and the first month everything is working properly. When the first problem appeared with him came and TR/Dldr.Swizzor.Gen2. Now the situation is worse every day, the computer is slower, every day TR/Dldr.Swizzor.Gen2 appears at least one time more than yesterday, programs are increasingly difficult to use, and I'm seriously losing my nerves!!!
Do you have any idea?
Please help me!!!
:thumbsup:

BC AdBot (Login to Remove)

 


#2 garmanma

garmanma

    Computer Masochist


  • Staff Emeritus
  • 27,809 posts
  • OFFLINE
  •  
  • Location:Cleveland, Ohio
  • Local time:10:53 PM

Posted 31 January 2010 - 11:00 PM

The process of cleaning your computer may require you to temporarily disable some security programs. If you are using SpyBot Search and Destroy, please refer to Note 2 at the bottom of this page.

Please download Malwarebytes Anti-Malware Free version and save it to your desktop.

NOTE: Before saving MBAM please rename it to zztoy.exe....now save it to your desktop.


alternate download link 1
alternate download link 2
  • Make sure you are connected to the Internet.
  • Double-click on mbam-setup.exe to install the application.
  • When the installation begins, follow the prompts and do not make any changes to default settings.
  • When installation has finished, make sure you leave both of these checked:
    • Update Malwarebytes' Anti-Malware
    • Launch Malwarebytes' Anti-Malware
  • Then click Finish.
MBAM will automatically start and you will be asked to update the program before performing a scan.
  • If an update is found, the program will automatically update itself.
  • Press the OK button to close that box and continue.
  • If you encounter any problems while downloading the updates, manually download them from here and just double-click on mbam-rules.exe to install.
On the Scanner tab:
  • Make sure the "Perform Quick Scan" option is selected.
  • Then click on the Scan button.
  • If asked to select the drives to scan, leave all the drives selected and click on the Start Scan button.
  • The scan will begin and "Scan in progress" will show at the top. It may take some time to complete so please be patient.
  • When the scan is finished, a message box will say "The scan completed successfully. Click 'Show Results' to display all objects found".
  • Click OK to close the message box and continue with the removal process.
Back at the main Scanner screen:
  • Click on the Show Results button to see a list of any malware that was found.
  • Make sure that everything is checked, and click Remove Selected.
  • When removal is completed, a log report will open in Notepad.
  • The log is automatically saved and can be viewed by clicking the Logs tab in MBAM.
  • Copy and paste the contents of that report in your next reply and exit MBAM.
Note:
-- If MBAM encounters a file that is difficult to remove, you may be asked to reboot your computer so it can proceed with the disinfection process. Regardless if prompted to restart the computer or not, please do so immediately. Failure to reboot normally (not into safe mode) will prevent MBAM from removing all the malware.

Note 2:
-- MBAM may make changes to your registry as part of its disinfection routine. If you're using other security programs that detect registry changes (like Spybot's Teatimer), they may interfere with the fix or alert you after scanning with MBAM. Please disable such programs until disinfection is complete or permit them to allow the changes. To disable these programs, please view this topic: How To Temporarily Disable Your Anti-virus, Firewall And Anti-malware Programs
---------------------------
Be sure to re-enable your AV and malware scan tools if they were disabled
Mark
Posted Image
why won't my laptop work?

Having grandkids is God's way of giving you a 2nd chance because you were too busy working your butt off the 1st time around
Do not send me PMs with problems that should be posted in the forums. Keep it in the forums, so everyone benefits
Become a BleepingComputer fan: Facebook and Twitter

#3 SoberSnake

SoberSnake
  • Topic Starter

  • Members
  • 10 posts
  • OFFLINE
  •  
  • Gender:Female
  • Local time:04:53 AM

Posted 01 February 2010 - 09:00 AM

Everything is finished ... What now? Now it should all be clean? Or do I need to do something else? It was too fast and too easy to be put an end to the suffering of the past few months...
Here are the results...



Malwarebytes' Anti-Malware 1.44
Database version: 3671
Windows 5.1.2600 Service Pack 3
Internet Explorer 7.0.5730.13

2/1/2010 2:48:33 PM
mbam-log-2010-02-01 (14-48-33).txt

Scan type: Quick Scan
Objects scanned: 107424
Time elapsed: 4 minute(s), 4 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 2
Registry Values Infected: 2
Registry Data Items Infected: 4
Folders Infected: 0
Files Infected: 1

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\DRM\amty (Worm.Autorun) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\XML (Trojan.FakeAlert) -> Quarantined and deleted successfully.

Registry Values Infected:
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\turbonet (Trojan.FakeAlert) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run\csrcs (Trojan.Agent) -> Quarantined and deleted successfully.

Registry Data Items Infected:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\AntiVirusDisableNotify (Disabled.SecurityCenter) -> Bad: (1) Good: (0) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\FirewallDisableNotify (Disabled.SecurityCenter) -> Bad: (1) Good: (0) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\UpdatesDisableNotify (Disabled.SecurityCenter) -> Bad: (1) Good: (0) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Shell (Hijack.Shell) -> Bad: (Explorer.exe csrcs.exe) Good: (Explorer.exe) -> Quarantined and deleted successfully.

Folders Infected:
(No malicious items detected)

Files Infected:
C:\WINDOWS\Tasks\{66BA574B-1E11-49b8-909C-8CC9E0E8E015}.job (Trojan.Downloader) -> Quarantined and deleted successfully.

#4 garmanma

garmanma

    Computer Masochist


  • Staff Emeritus
  • 27,809 posts
  • OFFLINE
  •  
  • Location:Cleveland, Ohio
  • Local time:10:53 PM

Posted 01 February 2010 - 07:09 PM

So far, it looks promising

:trumpet:
Update mbam and run a FULL scan
Please post the results
======================

:flowers:
Please download TFC by Old Timer and save it to your desktop.
alternate download link
  • Save any unsaved work. TFC will close ALL open programs including your browser!
  • Double-click on TFC.exe to run it. If you are using Vista, right-click on the file and choose Run As Administrator.
  • Click the Start button to begin the cleaning process and let it run uninterrupted to completion.
  • Important! If TFC prompts you to reboot, please do so immediately. If not prompted, manually reboot the machine anyway to ensure a complete clean.
===========================

:thumbsup:
SAS, may take a long time to scan
Please download and scan with SUPERAntiSpyware Free
  • Double-click SUPERAntiSypware.exe and use the default settings for installation.
  • An icon will be created on your desktop. Double-click that icon to launch the program.
  • If asked to update the program definitions, click "Yes". If not, update the definitions before scanning by selecting "Check for Updates". (If you encounter any problems while downloading the updates, manually download them from here. Double-click on the hyperlink for Download Installer and save SASDEFINITIONS.EXE to your desktop. Then double-click on SASDEFINITIONS.EXE to install the definitions.)
  • In the Main Menu, click the Preferences... button.
  • Click the "General and Startup" tab, and under Start-up Options, make sure "Start SUPERAntiSpyware when Windows starts" box is unchecked.
  • Click the "Scanning Control" tab, and under Scanner Options, make sure the following are checked (leave all others unchecked):
    • Close browsers before scanning.
    • Scan for tracking cookies.
    • Terminate memory threats before quarantining.
  • Click the "Close" button to leave the control center screen and exit the program.
  • Do not run a scan just yet.
    First
Reboot your computer in "Safe Mode" using the F8 method. To do this, restart your computer and after hearing your computer beep once during startup (but before the Windows icon appears) press the F8 key repeatedly. A menu will appear with several options. Use the arrow keys to navigate and select the option to run Windows in "Safe Mode".

Scan with SUPERAntiSpyware as follows:
  • Launch the program and back on the main screen, under "Scan for Harmful Software" click Scan your computer.
  • On the left, make sure you check C:\Fixed Drive.
  • On the right, under "Complete Scan", choose Perform Complete Scan and click "Next".
  • After the scan is complete, a Scan Summary box will appear with potentially harmful items that were detected. Click "OK".
  • Make sure everything has a checkmark next to it and click "Next".
  • A notification will appear that "Quarantine and Removal is Complete". Click "OK" and then click the "Finish" button to return to the main menu.
  • If asked if you want to reboot, click "Yes" and reboot normally.
  • To retrieve the removal information after reboot, launch SUPERAntispyware again.
    • Click Preferences, then click the Statistics/Logs tab.
    • Under Scanner Logs, double-click SUPERAntiSpyware Scan Log.
    • If there are several logs, click the current dated log and press View log. A text file will open in your default text editor.
    • Please copy and paste the Scan Log results in your next reply.
  • Click Close to exit the program.
Note.. SAS doesn't open the registry hives for other user accounts on the system, so scans should be done from each user account.
Mark
Posted Image
why won't my laptop work?

Having grandkids is God's way of giving you a 2nd chance because you were too busy working your butt off the 1st time around
Do not send me PMs with problems that should be posted in the forums. Keep it in the forums, so everyone benefits
Become a BleepingComputer fan: Facebook and Twitter

#5 SoberSnake

SoberSnake
  • Topic Starter

  • Members
  • 10 posts
  • OFFLINE
  •  
  • Gender:Female
  • Local time:04:53 AM

Posted 02 February 2010 - 10:01 AM

All completed ...

Here are the results:

Malwarebytes' Anti-Malware 1.44
Database version: 3675
Windows 5.1.2600 Service Pack 3
Internet Explorer 7.0.5730.13

2/2/2010 9:46:43 AM
mbam-log-2010-02-02 (09-46-43).txt

Scan type: Full Scan (C:\|F:\|G:\|)
Objects scanned: 164808
Time elapsed: 27 minute(s), 39 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 0
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 0

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
(No malicious items detected)

Registry Values Infected:
(No malicious items detected)

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
(No malicious items detected)

Files Infected:
(No malicious items detected)
_____________________________________




Trace Rules Database Version: 2358

Scan type : Complete Scan
Total Scan Time : 02:00:28

Memory items scanned : 204
Memory threats detected : 0
Registry items scanned : 5012
Registry threats detected : 0
File items scanned : 64585
File threats detected : 37

Adware.Tracking Cookie
C:\Documents and Settings\User\Cookies\user@statcounter[2].txt
C:\Documents and Settings\User\Cookies\user@ad.httpool[1].txt
C:\Documents and Settings\User\Cookies\user@serving-sys[2].txt
C:\Documents and Settings\User\Cookies\user@pointroll[1].txt
C:\Documents and Settings\User\Cookies\user@fastclick[2].txt
C:\Documents and Settings\User\Cookies\user@counter.surfcounters[2].txt
C:\Documents and Settings\User\Cookies\user@content.yieldmanager[3].txt
C:\Documents and Settings\User\Cookies\user@adtech[1].txt
C:\Documents and Settings\User\Cookies\user@www.googleadservices[1].txt
C:\Documents and Settings\User\Cookies\user@roiservice[1].txt
C:\Documents and Settings\User\Cookies\user@waterfrontmedia.112.2o7[1].txt
C:\Documents and Settings\User\Cookies\user@apmebf[1].txt
C:\Documents and Settings\User\Cookies\user@atwola[1].txt
C:\Documents and Settings\User\Cookies\user@ad.yieldmanager[1].txt
C:\Documents and Settings\User\Cookies\user@clickbank[2].txt
C:\Documents and Settings\User\Cookies\user@adsdot.adbureau[1].txt
C:\Documents and Settings\User\Cookies\user@content.yieldmanager[2].txt
C:\Documents and Settings\User\Cookies\user@questionmarket[1].txt
C:\Documents and Settings\User\Cookies\user@atdmt[1].txt
C:\Documents and Settings\User\Cookies\user@collective-media[1].txt
C:\Documents and Settings\User\Cookies\user@shopica[1].txt
C:\Documents and Settings\User\Cookies\user@tacoda[1].txt
C:\Documents and Settings\User\Cookies\user@overture[1].txt
C:\Documents and Settings\User\Cookies\user@at.atwola[2].txt
C:\Documents and Settings\User\Cookies\user@clickbank[1].txt
C:\Documents and Settings\User\Cookies\user@www.windowsmedia[1].txt
C:\Documents and Settings\User\Cookies\user@bs.serving-sys[2].txt
C:\Documents and Settings\User\Cookies\user@zedo[2].txt
C:\Documents and Settings\User\Cookies\user@doubleclick[1].txt
C:\Documents and Settings\User\Cookies\user@microsoftwindows.112.2o7[1].txt
C:\Documents and Settings\User\Cookies\user@msnportal.112.2o7[1].txt
C:\Documents and Settings\User\Cookies\user@chitika[2].txt
C:\Documents and Settings\User\Cookies\user@counter.hitslink[1].txt
C:\Documents and Settings\User\Cookies\user@advertising[2].txt
C:\Documents and Settings\User\Cookies\user@ads.pointroll[2].txt
C:\Documents and Settings\User\Cookies\user@ad.wsod[1].txt

Trojan.Downloader-Gen
C:\WINDOWS\SYSTEM32\CFTU.EXE
___________________________________________________________________________________________




But just in case I scanned with Avira before sending you the results. No viruses, but I got a warning...
Maybe it's nothing important, but not detrimental to inform you...





Avira AntiVir Personal
Report file date: Tuesday, February 02, 2010 15:22

Scanning for 1717297 virus strains and unwanted programs.

Licensee : Avira AntiVir Personal - FREE Antivirus
Serial number : 0000149996-ADJIE-0000001
Platform : Windows XP
Windows version : (Service Pack 3) [5.1.2600]
Boot mode : Normally booted
Username : SYSTEM
Computer name : TOSHIBA-A0366BB

Version information:
BUILD.DAT : 9.0.0.419 21701 Bytes 1/22/2010 18:29:00
AVSCAN.EXE : 9.0.3.10 466689 Bytes 12/8/2009 21:24:32
AVSCAN.DLL : 9.0.3.0 40705 Bytes 2/27/2009 10:58:24
LUKE.DLL : 9.0.3.2 209665 Bytes 2/20/2009 11:35:49
LUKERES.DLL : 9.0.2.0 12033 Bytes 2/27/2009 10:58:52
VBASE000.VDF : 7.10.0.0 19875328 Bytes 11/6/2009 17:08:47
VBASE001.VDF : 7.10.1.0 1372672 Bytes 11/19/2009 16:12:44
VBASE002.VDF : 7.10.3.1 3143680 Bytes 1/20/2010 14:30:39
VBASE003.VDF : 7.10.3.75 996864 Bytes 1/26/2010 18:49:31
VBASE004.VDF : 7.10.3.76 2048 Bytes 1/26/2010 18:49:32
VBASE005.VDF : 7.10.3.77 2048 Bytes 1/26/2010 18:49:32
VBASE006.VDF : 7.10.3.78 2048 Bytes 1/26/2010 18:49:32
VBASE007.VDF : 7.10.3.79 2048 Bytes 1/26/2010 18:49:32
VBASE008.VDF : 7.10.3.80 2048 Bytes 1/26/2010 18:49:32
VBASE009.VDF : 7.10.3.81 2048 Bytes 1/26/2010 18:49:32
VBASE010.VDF : 7.10.3.82 2048 Bytes 1/26/2010 18:49:32
VBASE011.VDF : 7.10.3.83 2048 Bytes 1/26/2010 18:49:33
VBASE012.VDF : 7.10.3.84 2048 Bytes 1/26/2010 18:49:34
VBASE013.VDF : 7.10.3.85 2048 Bytes 1/26/2010 18:49:34
VBASE014.VDF : 7.10.3.122 172544 Bytes 1/29/2010 18:17:45
VBASE015.VDF : 7.10.3.123 2048 Bytes 1/29/2010 18:17:45
VBASE016.VDF : 7.10.3.124 2048 Bytes 1/29/2010 18:17:45
VBASE017.VDF : 7.10.3.125 2048 Bytes 1/29/2010 18:17:45
VBASE018.VDF : 7.10.3.126 2048 Bytes 1/29/2010 18:17:45
VBASE019.VDF : 7.10.3.127 2048 Bytes 1/29/2010 18:17:45
VBASE020.VDF : 7.10.3.128 2048 Bytes 1/29/2010 18:17:45
VBASE021.VDF : 7.10.3.129 2048 Bytes 1/29/2010 18:17:45
VBASE022.VDF : 7.10.3.130 2048 Bytes 1/29/2010 18:17:45
VBASE023.VDF : 7.10.3.131 2048 Bytes 1/29/2010 18:17:45
VBASE024.VDF : 7.10.3.132 2048 Bytes 1/29/2010 18:17:45
VBASE025.VDF : 7.10.3.133 2048 Bytes 1/29/2010 18:17:45
VBASE026.VDF : 7.10.3.134 2048 Bytes 1/29/2010 18:17:45
VBASE027.VDF : 7.10.3.135 2048 Bytes 1/29/2010 18:17:45
VBASE028.VDF : 7.10.3.136 2048 Bytes 1/29/2010 18:17:46
VBASE029.VDF : 7.10.3.137 2048 Bytes 1/29/2010 18:17:46
VBASE030.VDF : 7.10.3.138 2048 Bytes 1/29/2010 18:17:46
VBASE031.VDF : 7.10.3.146 79872 Bytes 2/1/2010 18:18:07
Engineversion : 8.2.1.156
AEVDF.DLL : 8.1.1.3 106868 Bytes 1/23/2010 14:06:02
AESCRIPT.DLL : 8.1.3.13 823674 Bytes 2/1/2010 18:18:14
AESCN.DLL : 8.1.4.0 127348 Bytes 1/27/2010 18:53:10
AESBX.DLL : 8.1.1.1 246132 Bytes 11/19/2009 17:09:12
AERDL.DLL : 8.1.3.4 479605 Bytes 12/1/2009 02:04:35
AEPACK.DLL : 8.2.0.5 422262 Bytes 1/14/2010 14:46:50
AEOFFICE.DLL : 8.1.0.38 196987 Bytes 7/23/2009 09:59:39
AEHEUR.DLL : 8.1.1.1 2322805 Bytes 1/27/2010 18:53:07
AEHELP.DLL : 8.1.10.0 237942 Bytes 1/14/2010 14:46:12
AEGEN.DLL : 8.1.1.86 369012 Bytes 2/1/2010 18:18:10
AEEMU.DLL : 8.1.1.0 393587 Bytes 10/30/2009 01:32:53
AECORE.DLL : 8.1.11.1 184694 Bytes 2/1/2010 18:18:08
AEBB.DLL : 8.1.0.3 53618 Bytes 10/9/2008 14:32:40
AVWINLL.DLL : 9.0.0.3 18177 Bytes 12/12/2008 08:47:59
AVPREF.DLL : 9.0.3.0 44289 Bytes 12/8/2009 21:24:32
AVREP.DLL : 8.0.0.3 155905 Bytes 1/20/2009 14:34:28
AVREG.DLL : 9.0.0.0 36609 Bytes 12/5/2008 10:32:09
AVARKT.DLL : 9.0.0.3 292609 Bytes 3/24/2009 15:05:41
AVEVTLOG.DLL : 9.0.0.7 167169 Bytes 1/30/2009 10:37:08
SQLITE3.DLL : 3.6.1.0 326401 Bytes 1/28/2009 15:03:49
SMTPLIB.DLL : 9.2.0.25 28417 Bytes 2/2/2009 08:21:33
NETNT.DLL : 9.0.0.0 11521 Bytes 12/5/2008 10:32:10
RCIMAGE.DLL : 9.0.0.25 2438913 Bytes 5/15/2009 15:39:58
RCTEXT.DLL : 9.0.73.0 86785 Bytes 12/8/2009 21:24:32

Configuration settings for the scan:
Jobname.............................: Complete system scan
Configuration file..................: c:\program files\avira\antivir desktop\sysscan.avp
Logging.............................: low
Primary action......................: interactive
Secondary action....................: ignore
Scan master boot sector.............: on
Scan boot sector....................: on
Boot sectors........................: C:, F:, G:,
Process scan........................: on
Scan registry.......................: on
Search for rootkits.................: on
Integrity checking of system files..: off
Scan all files......................: All files
Scan archives.......................: on
Recursion depth.....................: 20
Smart extensions....................: on
Macro heuristic.....................: on
File heuristic......................: medium

Start of the scan: Tuesday, February 02, 2010 15:22

Starting search for hidden objects.
'53648' objects were checked, '0' hidden objects were found.

The scan of running processes will be started
Scan process 'wuauclt.exe' - '1' Module(s) have been scanned
Scan process 'avscan.exe' - '1' Module(s) have been scanned
Scan process 'avcenter.exe' - '1' Module(s) have been scanned
Scan process 'alg.exe' - '1' Module(s) have been scanned
Scan process 'wuauclt.exe' - '1' Module(s) have been scanned
Scan process 'svchost.exe' - '1' Module(s) have been scanned
Scan process 'jqs.exe' - '1' Module(s) have been scanned
Scan process 'avguard.exe' - '1' Module(s) have been scanned
Scan process 'ctfmon.exe' - '1' Module(s) have been scanned
Scan process 'reader_sl.exe' - '1' Module(s) have been scanned
Scan process 'igfxsrvc.exe' - '1' Module(s) have been scanned
Scan process 'jusched.exe' - '1' Module(s) have been scanned
Scan process 'Monitor.exe' - '1' Module(s) have been scanned
Scan process 'igfxpers.exe' - '1' Module(s) have been scanned
Scan process 'hkcmd.exe' - '1' Module(s) have been scanned
Scan process 'igfxtray.exe' - '1' Module(s) have been scanned
Scan process 'SynTPEnh.exe' - '1' Module(s) have been scanned
Scan process 'RTHDCPL.exe' - '1' Module(s) have been scanned
Scan process 'avgnt.exe' - '1' Module(s) have been scanned
Scan process 'svchost.exe' - '1' Module(s) have been scanned
Scan process 'brs.exe' - '1' Module(s) have been scanned
Scan process 'PDVD9Serv.exe' - '1' Module(s) have been scanned
Scan process 'sched.exe' - '1' Module(s) have been scanned
Scan process 'spoolsv.exe' - '1' Module(s) have been scanned
Scan process 'explorer.exe' - '1' Module(s) have been scanned
Scan process 'svchost.exe' - '1' Module(s) have been scanned
Scan process 'svchost.exe' - '1' Module(s) have been scanned
Scan process 'svchost.exe' - '1' Module(s) have been scanned
Scan process 'svchost.exe' - '1' Module(s) have been scanned
Scan process 'svchost.exe' - '1' Module(s) have been scanned
Scan process 'lsass.exe' - '1' Module(s) have been scanned
Scan process 'services.exe' - '1' Module(s) have been scanned
Scan process 'winlogon.exe' - '1' Module(s) have been scanned
Scan process 'csrss.exe' - '1' Module(s) have been scanned
Scan process 'smss.exe' - '1' Module(s) have been scanned
35 processes with 35 modules were scanned

Starting master boot sector scan:
Master boot sector HD0
[INFO] No virus was found!

Start scanning boot sectors:
Boot sector 'C:\'
[INFO] No virus was found!
Boot sector 'F:\'
[INFO] No virus was found!
Boot sector 'G:\'
[INFO] No virus was found!

Starting to scan executable files (registry).
The registry was scanned ( '69' files ).


Starting the file scan:

Begin scan in 'C:\'
C:\pagefile.sys
[WARNING] The file could not be opened!
[NOTE] This file is a Windows system file.
[NOTE] This file cannot be opened for scanning.
Begin scan in 'F:\' <SVASTARA>
Begin scan in 'G:\'


End of the scan: Tuesday, February 02, 2010 15:44
Used time: 21:45 Minute(s)

The scan has been done completely.

5565 Scanned directories
149273 Files were scanned
0 Viruses and/or unwanted programs were found
0 Files were classified as suspicious
0 files were deleted
0 Viruses and unwanted programs were repaired
0 Files were moved to quarantine
0 Files were renamed
1 Files cannot be scanned
149272 Files not concerned
4170 Archives were scanned
1 Warnings
1 Notes
53648 Objects were scanned with rootkit scan
0 Hidden objects were found

#6 garmanma

garmanma

    Computer Masochist


  • Staff Emeritus
  • 27,809 posts
  • OFFLINE
  •  
  • Location:Cleveland, Ohio
  • Local time:10:53 PM

Posted 02 February 2010 - 07:36 PM

Do not worry about the page file warning


Please download Sysclean Package and the latest Virus Pattern Files - (Pattern files are usually named lptxxx.zip, where xxx is the pattern file number) and save them to your desktop.
  • Be sure to print out and follow the instructions provided in the How to Use System Cleaner for performing a scan.
  • If you get a message that "required files are missing", click Ok and wait for sysclean.com to unpack them.
  • This tool generates a log file (sysclean.log) in the same folder where you ran it - C:\Sysclean.
-- When using Sysclean its best to use the Administrator's account or an account with Administrative rights otherwise you will not have access rights to scan some locations. You can Use the "Run As" Command to Start a Program as an Administrator. Even when doing that, the scanning process may result in "Access Denied" messages for some files. This is normal because these files are protected by the system.

-- Some anti-virus programs will alert you of a virus attack when running sysclean so it's best to disable them before performing a scan.

Edited by garmanma, 02 February 2010 - 07:38 PM.

Mark
Posted Image
why won't my laptop work?

Having grandkids is God's way of giving you a 2nd chance because you were too busy working your butt off the 1st time around
Do not send me PMs with problems that should be posted in the forums. Keep it in the forums, so everyone benefits
Become a BleepingComputer fan: Facebook and Twitter

#7 SoberSnake

SoberSnake
  • Topic Starter

  • Members
  • 10 posts
  • OFFLINE
  •  
  • Gender:Female
  • Local time:04:53 AM

Posted 03 February 2010 - 10:58 AM

Done...

6255 files have been read.
6255 files have been checked.
6239 files have been scanned.
6581 files have been scanned. (including files in archived)
0 files containing viruses.
Found 0 viruses totally.
Maybe 0 viruses totally.
Stop At: 2/3/2010 15:25:48
___________________________________________________


Is it now over? Or I still need to do something else?

#8 garmanma

garmanma

    Computer Masochist


  • Staff Emeritus
  • 27,809 posts
  • OFFLINE
  •  
  • Location:Cleveland, Ohio
  • Local time:10:53 PM

Posted 03 February 2010 - 08:31 PM

C:\WINDOWS\SYSTEM32\CFTU.EXE

This is a cause for concern
Please update SAS and run another scan
Mark
Posted Image
why won't my laptop work?

Having grandkids is God's way of giving you a 2nd chance because you were too busy working your butt off the 1st time around
Do not send me PMs with problems that should be posted in the forums. Keep it in the forums, so everyone benefits
Become a BleepingComputer fan: Facebook and Twitter

#9 SoberSnake

SoberSnake
  • Topic Starter

  • Members
  • 10 posts
  • OFFLINE
  •  
  • Gender:Female
  • Local time:04:53 AM

Posted 04 February 2010 - 12:34 PM

SUPERAntiSpyware Scan Log
http://www.superantispyware.com

Generated 02/04/2010 at 03:56 PM

Application Version : 4.33.1000

Core Rules Database Version : 4554
Trace Rules Database Version: 2366

Scan type : Complete Scan
Total Scan Time : 02:05:06

Memory items scanned : 205
Memory threats detected : 0
Registry items scanned : 5014
Registry threats detected : 0
File items scanned : 65412
File threats detected : 1

Adware.Tracking Cookie
C:\Documents and Settings\User\Cookies\user@atdmt[2].txt
__________________________________________________________________

What now?

#10 garmanma

garmanma

    Computer Masochist


  • Staff Emeritus
  • 27,809 posts
  • OFFLINE
  •  
  • Location:Cleveland, Ohio
  • Local time:10:53 PM

Posted 04 February 2010 - 07:29 PM

I believe you are go to go

Create a New Restore Point to prevent possible reinfection from an old one. Some of the malware you picked up could have been saved in System Restore. Since this is a protected directory your tools cannot access to delete these files, they sometimes can reinfect your system if you accidentally use an old restore point. Setting a new restore point AFTER cleaning your system will help prevent this and enable your computer to "roll-back" to a clean working state.

The easiest and safest way to do this is:
  • Go to Start > Programs > Accessories > System Tools and click "System Restore".
  • Choose the radio button marked "Create a Restore Point" on the first screen then click "Next". Give the R.P. a name, then click "Create". The new point will be stamped with the current date and time. Keep a log of this so you can find it easily should you need to use System Restore.
  • Then use Disk Cleanup to remove all but the most recently created Restore Point.
  • Go to Start > Run and type: Cleanmgr
  • Click "Ok"
  • Disk Cleanup will scan your files for several minutes, then open.
  • Click the "More Options" Tab.
  • Click the "Clean up" button under System Restore.
  • Click Ok. You will be prompted with "Are you sure you want to delete all but the most recent restore point?"
  • Click Yes, then click Ok.
  • Click Yes again when prompted with "Are you sure you want to perform these actions?"
  • Disk Cleanup will remove the files and close automatically.
Vista Users can refer to these links: Create a New Restore Point and Disk Cleanup.
Mark
Posted Image
why won't my laptop work?

Having grandkids is God's way of giving you a 2nd chance because you were too busy working your butt off the 1st time around
Do not send me PMs with problems that should be posted in the forums. Keep it in the forums, so everyone benefits
Become a BleepingComputer fan: Facebook and Twitter

#11 SoberSnake

SoberSnake
  • Topic Starter

  • Members
  • 10 posts
  • OFFLINE
  •  
  • Gender:Female
  • Local time:04:53 AM

Posted 09 February 2010 - 04:32 PM

Done!
And now it is over?

I know it will sound like commercia, but I really need advice for a reliable antivirus program... Can you help me with this one and I promise you I will not bother you ever again (at least I hope not to) :flowers: :thumbsup:

Thanks!!!

#12 garmanma

garmanma

    Computer Masochist


  • Staff Emeritus
  • 27,809 posts
  • OFFLINE
  •  
  • Location:Cleveland, Ohio
  • Local time:10:53 PM

Posted 09 February 2010 - 05:49 PM

You can find more discussions here:
The AntiVirus, Firewall and Privacy Products and Protection Methods forum
http://www.bleepingcomputer.com/forums/f/25/antivirus-firewall-and-privacy-products-and-protection-methods/

I use AVG free, Zone Alarm free firewall, plus Spywareguard and Spywareblaster. A lot of people hate AVG and ZA

If I'm surfing the web and I'm not sure about a site's content, I use Sandboxie free version
http://www.sandboxie.com/
Mark
Posted Image
why won't my laptop work?

Having grandkids is God's way of giving you a 2nd chance because you were too busy working your butt off the 1st time around
Do not send me PMs with problems that should be posted in the forums. Keep it in the forums, so everyone benefits
Become a BleepingComputer fan: Facebook and Twitter

#13 SoberSnake

SoberSnake
  • Topic Starter

  • Members
  • 10 posts
  • OFFLINE
  •  
  • Gender:Female
  • Local time:04:53 AM

Posted 09 February 2010 - 06:06 PM

OK THANKS!!! B)
Your my :thumbsup:
:huh:
:flowers: :trumpet: :inlove: :huh:




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users