Welcome to MalwareRemoval.com,
What if we told you that you could get malware removal help from experts, and that it was 100% free? MalwareRemoval.com provides free support for people with infected computers. Our help, and the tools we use are always 100% free. No hidden catch. We simply enjoy helping others. You enjoy a clean, safe computer.

Malware Removal Instructions

Swizzor.gen.b HELP!!!! Crash every time try to remove

MalwareRemoval.com provides free support for people with infected computers. Using plain language that anyone can understand, our community of volunteer experts will walk you through each step.

Re: Swizzor.gen.b HELP!!!! Crash every time try to remove

Unread postby cctek » July 13th, 2008, 12:08 pm

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 12:05:44 PM, on 7/13/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16674)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Creative\Shared Files\Module Loader\DLLML.exe
C:\WINDOWS\system32\RUNDLL32.EXE
C:\Program Files\McAfee.com\Agent\mcagent.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\WINDOWS\system32\cisvc.exe
C:\WINDOWS\System32\CTsvcCDA.exe
C:\Program Files\Diskeeper Corporation\Diskeeper\DkService.exe
C:\PROGRA~1\McAfee\MSC\mcmscsvc.exe
c:\PROGRA~1\COMMON~1\mcafee\mna\mcnasvc.exe
c:\PROGRA~1\COMMON~1\mcafee\mcproxy\mcproxy.exe
C:\PROGRA~1\McAfee\VIRUSS~1\mcshield.exe
C:\Program Files\McAfee\MPF\MPFSrv.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\system32\PnkBstrA.exe
C:\WINDOWS\system32\PnkBstrB.exe
C:\WINDOWS\System32\snmp.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\MsPMSPSv.exe
C:\WINDOWS\System32\mqsvc.exe
C:\Program Files\Canon\CAL\CALMAIN.exe
C:\WINDOWS\System32\mqtgsvc.exe
C:\PROGRA~1\McAfee\VIRUSS~1\mcsysmon.exe
C:\WINDOWS\system32\cidaemon.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://g.msn.com/1me10enus/2
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.msnbc.msn.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch = http://search.yahoo.com/search/preferences?vl=lang_{SUB_RFC1766}&pref_done=http%3A%2F%2Fsearch.yahoo.com%2Fsearch%2Fpreferences%3Fp%3D
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page =
R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - (no file)
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: WormRadar.com IESiteBlocker.NavFilter - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - (no file)
O2 - BHO: NavigationTool - {4B8AE75C-A139-558A-AB5B-5F07BC2FD566} - (no file)
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O2 - BHO: scriptproxy - {7DB2D5A0-7241-4E79-B68D-6309F01C5231} - C:\Program Files\McAfee\VirusScan\scriptsn.dll
O2 - BHO: (no name) - {911C4A8E-0F75-4B83-BEB9-02BDDF29D11E} - (no file)
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files\Google\Google Toolbar\GoogleToolbar.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\4.1.509.5470\swg.dll
O3 - Toolbar: (no name) - {28BC2EC4-5EAD-45E1-9F9F-82CD5E293601} - (no file)
O3 - Toolbar: (no name) - {4E7BD74F-2B8D-469E-93BE-BE2DF4D9AE29} - (no file)
O4 - HKLM\..\Run: [AudioDrvEmulator] "C:\Program Files\Creative\Shared Files\Module Loader\DLLML.exe" -1 AudioDrvEmulator "C:\Program Files\Creative\Shared Files\Module Loader\Audio Emulator\AudDrvEm.dll"
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [DiskeeperSystray] "C:\Program Files\Diskeeper Corporation\Diskeeper\DkIcon.exe"
O4 - HKLM\..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k
O4 - HKLM\..\Run: [mcagent_exe] C:\Program Files\McAfee.com\Agent\mcagent.exe /runkey
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~4\OFFICE11\EXCEL.EXE/3000
O8 - Extra context menu item: Search with &Google - C:\Documents and Settings\Administrator\Application Data\TuneUp Software\TuneUp Utilities\Web\gsearch.htm
O15 - Trusted Zone: http://a248.e.akamai.net
O15 - Trusted Zone: http://kb.bitdefender.com
O15 - Trusted Zone: http://asia.msi.com.tw
O15 - Trusted Zone: http://global.msi.com.tw
O15 - Trusted Zone: http://www.msi.com.tw
O15 - Trusted Zone: http://*.mcafee.com
O15 - Trusted Zone: http://ssl-hints.netflame.cc
O15 - Trusted Zone: http://*.photobucket.com
O16 - DPF: {0006F063-0000-0000-C000-000000000046} (Microsoft Outlook View Control) - http://activex.microsoft.com/activex/co ... tlctlx.CAB
O16 - DPF: {01A88BB1-1174-41EC-ACCB-963509EAE56B} (SysProWmi Class) - http://support.dell.com/systemprofiler/SysPro.CAB
O16 - DPF: {03A89EFD-E023-8600-A22D-45F77558EB4C} (ILINCInstall86 Class) - http://e2icommconf.e2impact.com/download/ilinci86.dll
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
O16 - DPF: {4ED9DDF0-7479-4BBE-9335-5A1EDB1D8A21} -
O16 - DPF: {5AE58FCF-6F6A-49B2-B064-02492C66E3F4} (MUCatalogWebControl Class) - http://catalog.update.microsoft.com/v7/ ... 5835713609
O16 - DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} - http://download.bitdefender.com/resourc ... oscan8.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://www.update.microsoft.com/microso ... 6867691484
O16 - DPF: {67A5F8DC-1A4B-4D66-9F24-A704AD929EEE} (System Requirements Lab) - http://www.systemrequirementslab.com/sysreqlab2.cab
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://www.update.microsoft.com/microso ... 6865861921
O16 - DPF: {8167C273-DF59-4416-B647-C8BB2C7EE83E} (WebSDev Control) - http://liveupdate.msi.com.tw/autobios/L ... nstall.cab
O16 - DPF: {BCC0FF27-31D9-4614-A68E-C18E1ADA4389} - http://download.mcafee.com/molbin/share ... cgdmgr.cab
O16 - DPF: {BDD2F926-8158-4F62-9E0D-B3B75FD1F07F} (McObjectFactory Class) - http://download.mcafee.com/molbin/share ... cmysec.cab
O16 - DPF: {CF40ACC5-E1BB-4AFF-AC72-04C2F616BCA7} (get_atlcom Class) - http://www.adobe.com/products/acrobat/nos/gp.cab
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/s ... wflash.cab
O16 - DPF: {E87F6C8E-16C0-11D3-BEF7-009027438003} (Persits Software XUpload) - https://www.secure-session.com/include/XUpload.ocx
O16 - DPF: {EF791A6B-FC12-4C68-99EF-FB9E207A39E6} (McFreeScan Class) - http://download.mcafee.com/molbin/iss-l ... cfscan.cab
O23 - Service: McAfee Application Installer Cleanup (0317881215953490) (0317881215953490mcinstcleanup) - McAfee, Inc. - C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\031788~1.EXE
O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: Canon Camera Access Library 8 (CCALib8) - Canon Inc. - C:\Program Files\Canon\CAL\CALMAIN.exe
O23 - Service: Creative Service for CDROM Access - Creative Technology Ltd - C:\WINDOWS\System32\CTsvcCDA.exe
O23 - Service: Diskeeper - Diskeeper Corporation - C:\Program Files\Diskeeper Corporation\Diskeeper\DkService.exe
O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: McAfee Services (mcmscsvc) - McAfee, Inc. - C:\PROGRA~1\McAfee\MSC\mcmscsvc.exe
O23 - Service: McAfee Network Agent (McNASvc) - McAfee, Inc. - c:\PROGRA~1\COMMON~1\mcafee\mna\mcnasvc.exe
O23 - Service: McAfee Scanner (McODS) - McAfee, Inc. - C:\PROGRA~1\McAfee\VIRUSS~1\mcods.exe
O23 - Service: McAfee Proxy Service (McProxy) - McAfee, Inc. - c:\PROGRA~1\COMMON~1\mcafee\mcproxy\mcproxy.exe
O23 - Service: McAfee Real-time Scanner (McShield) - McAfee, Inc. - C:\PROGRA~1\McAfee\VIRUSS~1\mcshield.exe
O23 - Service: McAfee SystemGuards (McSysmon) - McAfee, Inc. - C:\PROGRA~1\McAfee\VIRUSS~1\mcsysmon.exe
O23 - Service: McAfee Personal Firewall Service (MpfService) - McAfee, Inc. - C:\Program Files\McAfee\MPF\MPFSrv.exe
O23 - Service: MSCSPTISRV - Sony Corporation - C:\Program Files\Common Files\Sony Shared\AVLib\MSCSPTISRV.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: PACSPTISVR - Sony Corporation - C:\Program Files\Common Files\Sony Shared\AVLib\PACSPTISVR.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\System32\HPZipm12.exe
O23 - Service: PnkBstrA - Unknown owner - C:\WINDOWS\system32\PnkBstrA.exe
O23 - Service: PnkBstrB - Unknown owner - C:\WINDOWS\system32\PnkBstrB.exe
O23 - Service: PC Tools Auxiliary Service (sdAuxService) - PC Tools - C:\Program Files\Spyware Doctor\pctsAuxs.exe
O23 - Service: PC Tools Security Service (sdCoreService) - PC Tools - C:\Program Files\Spyware Doctor\pctsSvc.exe
O23 - Service: Sony SPTI Service (SPTISRV) - Sony Corporation - C:\Program Files\Common Files\Sony Shared\AVLib\SPTISRV.exe
O23 - Service: TuneUp WinStyler Theme Service (TUWinStylerThemeSvc) - TuneUp Software GmbH - C:\Program Files\TuneUp Utilities 2004\WinStylerThemeSvc.exe

--
End of file - 10530 bytes
cctek
Regular Member
 
Posts: 22
Joined: July 8th, 2008, 4:53 pm
Advertisement
Register to Remove

Re: Swizzor.gen.b HELP!!!! Crash every time try to remove

Unread postby Shaba » July 13th, 2008, 12:42 pm

Hi

Those are scanning errors. Have you ran chkdsk lately?

These are leftovers, you can fix them with HijackThis:


R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - (no file)
O2 - BHO: WormRadar.com IESiteBlocker.NavFilter - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - (no file)
O2 - BHO: NavigationTool - {4B8AE75C-A139-558A-AB5B-5F07BC2FD566} - (no file)
O2 - BHO: (no name) - {911C4A8E-0F75-4B83-BEB9-02BDDF29D11E} - (no file)
O3 - Toolbar: (no name) - {28BC2EC4-5EAD-45E1-9F9F-82CD5E293601} - (no file)
O3 - Toolbar: (no name) - {4E7BD74F-2B8D-469E-93BE-BE2DF4D9AE29} - (no file)
User avatar
Shaba
Admin/Teacher Emeritus
 
Posts: 26974
Joined: March 24th, 2006, 4:42 am
Location: Finland

Re: Swizzor.gen.b HELP!!!! Crash every time try to remove

Unread postby cctek » July 13th, 2008, 1:08 pm

ok so I can just check the ones that say no file in the Highjackthis box and fix? correct?
I didnt know what they were so I thought it may help. I know I have a virus as when I scan before my system crashes it does say virus detected, but I cant get any virus check to complete in order to fix or remove. I dont know what program to use or what to use at this point. In the very beginning about almost a week ago when I first ran SDAT I noticed as it ran one of the lines said Swizzer. gen.b detected...renamed..then the process kept looping.
cctek
Regular Member
 
Posts: 22
Joined: July 8th, 2008, 4:53 pm

Re: Swizzor.gen.b HELP!!!! Crash every time try to remove

Unread postby Shaba » July 13th, 2008, 1:15 pm

Hi

"ok so I can just check the ones that say no file in the Highjackthis box and fix? correct?"

Yes :)

I recommend that you run chkdsk /f (start - run - cmd - ok - chkdsk/f - enter and reboot if asked) and try again after that.
User avatar
Shaba
Admin/Teacher Emeritus
 
Posts: 26974
Joined: March 24th, 2006, 4:42 am
Location: Finland

Re: Swizzor.gen.b HELP!!!! Crash every time try to remove

Unread postby cctek » July 13th, 2008, 1:36 pm

ok I ran chkdsk in safe mode and this is what I got:
Repairing Usn journal file record segmant
CHKDSK discover free space marked allocated in the master boot file table<MTF> bitmap
CHKDSK deisovered free space marked as allocated in the volume bitmap
windows found problems with the file system

then it says I should do a chldsk /f to fix

I will removed those entries in HJT then run from command chkdsk and after do a chkdsk/f
Correct?
cctek
Regular Member
 
Posts: 22
Joined: July 8th, 2008, 4:53 pm

Re: Swizzor.gen.b HELP!!!! Crash every time try to remove

Unread postby Shaba » July 13th, 2008, 1:38 pm

Yes :)
User avatar
Shaba
Admin/Teacher Emeritus
 
Posts: 26974
Joined: March 24th, 2006, 4:42 am
Location: Finland

Re: Swizzor.gen.b HELP!!!! Crash every time try to remove

Unread postby cctek » July 13th, 2008, 2:13 pm

Ok ran chkdsk/f went through it then ran chkdsk ....took care of everything but "windows found problems with the file system"
Ran again same thing... hmm :(
cctek
Regular Member
 
Posts: 22
Joined: July 8th, 2008, 4:53 pm

Re: Swizzor.gen.b HELP!!!! Crash every time try to remove

Unread postby Shaba » July 13th, 2008, 2:27 pm

Hi

Then there might be some physical problems in hard disk.

You can try hdtune next and tell me if it finds bad sectors.
User avatar
Shaba
Admin/Teacher Emeritus
 
Posts: 26974
Joined: March 24th, 2006, 4:42 am
Location: Finland

Re: Swizzor.gen.b HELP!!!! Crash every time try to remove

Unread postby cctek » July 13th, 2008, 4:56 pm

Ran HDTune and everything is ok? what else can I try. :shock:
cctek
Regular Member
 
Posts: 22
Joined: July 8th, 2008, 4:53 pm

Re: Swizzor.gen.b HELP!!!! Crash every time try to remove

Unread postby cctek » July 13th, 2008, 7:18 pm

I have to say shaba, I really do appreciate you trying to help me with this. I have never seen anything like this one. Normally after a period of time I would just start over and reformat but I have too much important stuff on this one and my maxtor external wont even let me format it. I must have disconected it when it wasnt ready. How can I run a program on that to fix it so I can backup my system? Sorry another problem..lol..Maybe I will see if I can somehow use that hard drive program on it. but it doesnt recognize it.hmmm...guess we can cross that bridge when we get to it. just really wanted to say thx...I know you will think of something...Maybe we should change the Topic as operator malfunction...
cctek
Regular Member
 
Posts: 22
Joined: July 8th, 2008, 4:53 pm

Re: Swizzor.gen.b HELP!!!! Crash every time try to remove

Unread postby Shaba » July 14th, 2008, 2:10 am

Hi

You can try to plug into another computer as a slave; that might help.
User avatar
Shaba
Admin/Teacher Emeritus
 
Posts: 26974
Joined: March 24th, 2006, 4:42 am
Location: Finland

Re: Swizzor.gen.b HELP!!!! Crash every time try to remove

Unread postby cctek » July 14th, 2008, 10:22 am

lol..I thought of dipping into my graveyard of HD's. I did get the external running. But I still cannot run a complete virus scan on my PC. I know its infected and reallly want to fix it. If you cant give me anymore help on it I could do a wipe on the drive. I have so many programs on it and hate to go looking for them. :(
Are you giving up Shaba ? :) I guess I wouldnt blame you. Why would a system not let one not let a complete scan go through. temp is good. I always have lots of fans and keep the sides off. memory is corsair with heatsink and I have tested them. I am not an expert on virus's but I do know they can hide pretty well. this one is smart. the person who wrote it made it so you cant even detect it. Also no one has even heard of this virus.
lets give it one last try????
I have everything backed up except my email.
plus I have two other PC's
:)
cctek
Regular Member
 
Posts: 22
Joined: July 8th, 2008, 4:53 pm

Re: Swizzor.gen.b HELP!!!! Crash every time try to remove

Unread postby Shaba » July 14th, 2008, 10:36 am

Hi

There are no visible malware on HijackThis log.

So I think it might not be malware at all.

"I know its infected and reallly want to fix it"

How do you know that for sure?

It can be hardware (HD) related issue as well.

But we can check this:

Download and save this to desktop

Run it and post back log it creates, please.
User avatar
Shaba
Admin/Teacher Emeritus
 
Posts: 26974
Joined: March 24th, 2006, 4:42 am
Location: Finland

Re: Swizzor.gen.b HELP!!!! Crash every time try to remove

Unread postby cctek » July 14th, 2008, 4:05 pm

this is what I have from the post
Stealth MBR rootkit detector 0.2.4 by Gmer, http://www.gmer.net

device: opened successfully
user: MBR read successfully
kernel: MBR read successfully
user & kernel MBR OK
cctek
Regular Member
 
Posts: 22
Joined: July 8th, 2008, 4:53 pm

Re: Swizzor.gen.b HELP!!!! Crash every time try to remove

Unread postby cctek » July 14th, 2008, 5:52 pm

HA :bounce:
I was able to run avast at thorough...and I am sitting here looking at TROJAN HORSE WAS FOUND
Malware name: JS:ReDirector[Tri]
Malware type: Trojan Horse
VPS version 080714-0,07/14/2008

It give me the options of Move/rename....Delete...Move to chest...
Ok now that we found it what should I do....I know the obvious but its taken a long time to get here...I dont want to screw it up....please advize
cctek
Regular Member
 
Posts: 22
Joined: July 8th, 2008, 4:53 pm
Advertisement
Register to Remove

PreviousNext

  • Similar Topics
    Replies
    Views
    Last post

Return to Infected? Virus, malware, adware, ransomware, oh my!



Who is online

Users browsing this forum: No registered users and 485 guests

Contact us:

Advertisements do not imply our endorsement of that product or service. Register to remove all ads. The forum is run by volunteers who donate their time and expertise. We make every attempt to ensure that the help and advice posted is accurate and will not cause harm to your computer. However, we do not guarantee that they are accurate and they are to be used at your own risk. All trademarks are the property of their respective owners.

Member site: UNITE Against Malware