Avast WEBforum
Other => Viruses and worms => Topic started by: lam on April 05, 2009, 12:27:24 AM
-
I have been infected with several different things over the last two days. The alarm on Avast has been alerting me to the problems. I have moved all of the files into the virus chest.
I am still attempting on my own to rid my machine of what appears to be the last two nasty things Win32: Cutwail [trj](this one is hiding on c:windows\system 32\driver and about 10 different files and Win32: rootkit-gen which was found in a bunch of temp files. I have run a Spybot scan (nothing) and a Superantispyware scan. The following is the log of that scan:
SUPERAntiSpyware Scan Log
http://www.superantispyware.com
Generated 04/04/2009 at 05:15 PM
Application Version : 4.26.1000
Core Rules Database Version : 3829
Trace Rules Database Version: 1785
Scan type : Complete Scan
Total Scan Time : 02:29:23
Memory items scanned : 616
Memory threats detected : 0
Registry items scanned : 5811
Registry threats detected : 0
File items scanned : 21499
File threats detected : 0
Then I extracted one example of each and sent them to virustotal.com . The win 32:cutwail file came back as no bytes had been sent. The win 32:rootkit-gen file came back with the following report:
File BN1D.tmp received on 04.04.2009 23:47:42 (CET)
Current status: finished
Result: 11/40 (27.50%)
Compact Compact
Print results Print results
Antivirus Version Last Update Result ???
a-squared 4.0.0.101 2009.04.04 -
AhnLab-V3 5.0.0.2 2009.04.04 Dropper/Rootkit.32288
AntiVir 7.9.0.129 2009.04.03 TR/Drop.Agent.qkm
Antiy-AVL 2.0.3.1 2009.04.04 -
Authentium 5.1.2.4 2009.04.04 -
Avast 4.8.1335.0 2009.04.04 Win32:Rootkit-gen
AVG 8.5.0.285 2009.04.04 Small.BHE
BitDefender 7.2 2009.04.04 -
CAT-QuickHeal 10.00 2009.04.04 -
ClamAV 0.94.1 2009.04.04 -
Comodo 1099 2009.04.04 -
DrWeb 4.44.0.09170 2009.04.04 -
eSafe 7.0.17.0 2009.04.02 -
eTrust-Vet 31.6.6435 2009.04.03 -
F-Prot 4.4.4.56 2009.04.03 -
F-Secure 8.0.14470.0 2009.04.04 Trojan-Dropper.Win32.Agent.alhs
Fortinet 3.117.0.0 2009.04.04 -
GData 19 2009.04.04 Win32:Rootkit-gen
Ikarus T3.1.1.49.0 2009.04.04 -
K7AntiVirus 7.10.692 2009.04.03 -
Kaspersky 7.0.0.125 2009.04.04 Trojan-Dropper.Win32.Agent.alhs
McAfee 5574 2009.04.04 -
McAfee+Artemis 5574 2009.04.04 -
McAfee-GW-Edition 6.7.6 2009.04.03 Trojan.Drop.Agent.qkm
Microsoft 1.4502 2009.04.04 -
NOD32 3988 2009.04.04 Win32/Wigon
Norman 6.00.06 2009.04.03 -
nProtect 2009.1.8.0 2009.04.04 -
Panda 10.0.0.14 2009.04.04 -
PCTools 4.4.2.0 2009.04.04 -
Prevx1 V2 2009.04.04 High Risk Cloaked Malware
Rising 21.23.41.00 2009.04.03 -
Sophos 4.40.0 2009.04.04 -
Sunbelt 3.2.1858.2 2009.04.04 -
Symantec 1.4.4.12 2009.04.04 -
TheHacker 6.3.4.0.302 2009.04.04 -
TrendMicro 8.700.0.1004 2009.04.03 -
VBA32 3.12.10.2 2009.04.03 Trojan-Dropper.Win32.Agent.alhh
ViRobot 2009.4.4.1678 2009.04.04 -
VirusBuster 4.6.5.0 2009.04.04 -
Additional information
File size: 32288 bytes
MD5...: 3a15a0c028906de6fbf3e3af0dfa2ee8
SHA1..: 24c9cfa21b5cccface91a954b15e40eae913a016
SHA256: dd78c993eec332a3c7f128b6289b848c64956e0a2a91d18f997631fe9bbe22e5
SHA512: 3891173d1f643bc7e0eef86769212c585a25be1b13ac75751770983bbb1f09b7
a8c5d4e55e3c8d39ae018f0cb320e0a9d97e8e371ea06fb05c0ad47297d05b69
ssdeep: 768:HdaducpaiP/cIniDowDSIll8NFFuIZsf8pQG0RpWYmRfPy:H4ucp//clDo+Z
IFFuIZs9RoYi6
PEiD..: -
TrID..: File type identification
Win32 Executable Generic (42.3%)
Win32 Dynamic Link Library (generic) (37.6%)
Generic Win/DOS Executable (9.9%)
DOS Executable Generic (9.9%)
VXD Driver (0.1%)
PEInfo: PE Structure information
( base data )
entrypointaddress.: 0x13cf
timedatestamp.....: 0x49d20972 (Tue Mar 31 12:15:46 2009)
machinetype.......: 0x14c (I386)
( 3 sections )
name viradd virsiz rawdsiz ntrpy md5
.text 0x1000 0x91c 0x920 6.51 fdb8f122796434d6b26128f17fe1c015
.data 0x2000 0x436 0x438 4.86 fade022292b13c278bb5aaee6ffd33bf
.rsrc 0x3000 0x6c20 0x6c20 7.99 7f3ee7eebe55bcaa22423e7fe82c240f
( 2 imports )
> KERNEL32.dll: GetLastError, GetModuleHandleA, GetSystemInfo, GetVersionExA, LocalAlloc, ExitProcess
> USER32.dll: BeginPaint, CharUpperA, CreateDialogParamA, CreateWindowExA, DefWindowProcA, DispatchMessageA, EndDialog, EndPaint, FindWindowA, GetClassInfoExA, GetMessageA, GetSystemMetrics, GetTopWindow, LoadCursorA, LoadIconA, MessageBoxA, PostQuitMessage, RegisterClassExA, RegisterWindowMessageA, SendMessageA, SetDlgItemInt, SetFocus, SetWindowTextA, ShowWindow, TranslateMessage, UpdateWindow
( 0 exports )
RDS...: NSRL Reference Data Set
-
Prevx info: http://info.prevx.com/aboutprogramtext.asp?PX5=3D25F34F20A6D6847EF20064F94599009E99E11B
I will post a copy of my avast log in another post or two
-
Avast log for previous post:
The following is a portion of my Avast virus log for yesterday:
4/3/2009 12:04:52 AM SYSTEM 748 Sign of "Win32:Cutwail [trj]" has been found in "C:\WINDOWS\system32\drivers\port135sik.sys\[Embedded_Ix#19b0]" file.
4/3/2009 12:13:37 AM SYSTEM 748 Sign of "Win32:Cutwail [trj]" has been found in "C:\WINDOWS\system32\drivers\ksi32sk.sys\[Embedded_Ix#19b0]" file.
4/3/2009 12:17:29 AM SYSTEM 748 Sign of "Win32:Cutwail [trj]" has been found in "C:\WINDOWS\system32\drivers\ws2_32sik.sys\[Embedded_Ix#19b0]" file.
4/3/2009 1:18:32 AM SYSTEM 748 Sign of "Win32:Cutwail [trj]" has been found in "C:\WINDOWS\system32\drivers\i386si.sys\[Embedded_Ix#19b0]" file.
4/3/2009 2:19:34 AM SYSTEM 748 Sign of "Win32:Cutwail [trj]" has been found in "C:\WINDOWS\system32\drivers\port135sik.sys\[Embedded_Ix#19b0]" file.
4/3/2009 6:43:42 AM SYSTEM 748 Sign of "Win32:Cutwail [trj]" has been found in "C:\WINDOWS\system32\drivers\ksi32sk.sys\[Embedded_Ix#19b0]" file.
4/3/2009 6:43:46 AM SYSTEM 748 Sign of "Win32:Cutwail [trj]" has been found in "C:\WINDOWS\system32\drivers\ksi32sk.sys\[Embedded_Ix#19b0]" file.
4/3/2009 7:19:09 AM SYSTEM 748 Sign of "Win32:Cutwail [trj]" has been found in "C:\WINDOWS\system32\drivers\ws2_32sik.sys\[Embedded_Ix#19b0]" file.
4/3/2009 7:19:38 AM SYSTEM 748 Sign of "Win32:Cutwail [trj]" has been found in "C:\WINDOWS\system32\drivers\netsik.sys\[Embedded_Ix#19b0]" file.
4/3/2009 7:28:49 AM SYSTEM 748 Sign of "Win32:Cutwail [trj]" has been found in "C:\WINDOWS\system32\drivers\acpi32.sys\[Embedded_Ix#19b0]" file.
4/3/2009 8:59:51 AM Lynn1 336 Sign of "Win32:Agent-LVZ [Rtk]" has been found in "C:\WINDOWS\new_drv.sys" file.
4/3/2009 6:36:00 PM Lynn1 336 Sign of "Win32:Trojan-gen {Other}" has been found in "C:\Documents and Settings\Lynn1\Local Settings\Temporary Internet Files\Content.IE5\B0RYF3B0\731l1[1].exe" file.
4/3/2009 6:37:13 PM Lynn1 336 Sign of "Win32:Trojan-gen {Other}" has been found in "C:\WINDOWS\TEMP\CF91.tmp" file.
4/3/2009 7:09:51 PM Lynn1 2132 Function setifaceUpdatePackages() has failed. Return code is 0x000004C7, dwRes is 000004C7.
4/3/2009 9:12:44 PM Lynn1 312 Sign of "Win32:Cutwail [trj]" has been found in "C:\WINDOWS\system32\drivers\ws2_32sik.sys\[Embedded_Ix#19b0]" file.
4/3/2009 10:50:16 PM Lynn1 760 Sign of "Win32:Cutwail [trj]" has been found in "C:\WINDOWS\system32\drivers\netsik.sys\[Embedded_Ix#19b0]" file.
4/3/2009 11:02:48 PM Lynn1 760 Sign of "Win32:Cutwail [trj]" has been found in "C:\WINDOWS\system32\drivers\ws2_32sik.sys\[Embedded_Ix#19b0]" file.
4/3/2009 11:09:01 PM Lynn1 760 Sign of "Win32:Cutwail [trj]" has been found in "C:\WINDOWS\system32\drivers\netsik.sys\[Embedded_Ix#19b0]" file.
4/3/2009 11:14:04 PM Lynn1 760 Sign of "Win32:Cutwail [trj]" has been found in "C:\WINDOWS\system32\drivers\amd64si.sys\[Embedded_Ix#19b0]" file.
4/3/2009 11:16:51 PM Lynn1 760 Sign of "Win32:Cutwail [trj]" has been found in "C:\WINDOWS\system32\drivers\amd64si.sys\[Embedded_Ix#19b0]" file.
4/3/2009 11:24:16 PM Lynn1 760 Sign of "Win32:Cutwail [trj]" has been found in "C:\WINDOWS\system32\drivers\netsik.sys\[Embedded_Ix#19b0]" file.
4/3/2009 11:28:43 PM Lynn1 760 Sign of "Win32:Cutwail [trj]" has been found in "C:\WINDOWS\system32\drivers\amd64si.sys\[Embedded_Ix#19b0]" file.
4/3/2009 11:34:16 PM Lynn1 760 Sign of "Win32:Cutwail [trj]" has been found in "C:\WINDOWS\system32\drivers\systemntmi.sys\[Embedded_Ix#19b0]" file.
4/3/2009 11:38:14 PM Lynn1 760 Sign of "Win32:Cutwail [trj]" has been found in "C:\WINDOWS\system32\drivers\nicsk32.sys\[Embedded_Ix#19b0]" file.
4/3/2009 11:43:34 PM Lynn1 760 Sign of "Win32:Cutwail [trj]" has been found in "C:\WINDOWS\system32\drivers\i386si.sys\[Embedded_Ix#19b0]" file.
4/3/2009 11:49:41 PM Lynn1 760 Sign of "Win32:Cutwail [trj]" has been found in "C:\WINDOWS\system32\drivers\acpi32.sys\[Embedded_Ix#19b0]" file.
4/3/2009 11:51:07 PM Lynn1 760 Sign of "Win32:Cutwail [trj]" has been found in "C:\WINDOWS\system32\drivers\port135sik.sys\[Embedded_Ix#19b0]" file.
4/3/2009 11:56:51 PM Lynn1 760 Sign of "Win32:Cutwail [trj]" has been found in "C:\WINDOWS\system32\drivers\acpi32.sys\[Embedded_Ix#19b0]" file.
Is there anything else I can do to get rid of these????
-
Today's log for previous post:
4/4/2009 12:02:04 AM Lynn1 760 Sign of "Win32:Cutwail [trj]" has been found in "C:\WINDOWS\system32\drivers\i386si.sys\[Embedded_Ix#19b0]" file.
4/4/2009 12:07:15 AM Lynn1 760 Sign of "Win32:Cutwail [trj]" has been found in "C:\WINDOWS\system32\drivers\nicsk32.sys\[Embedded_Ix#19b0]" file.
4/4/2009 12:14:43 AM Lynn1 760 Sign of "Win32:Cutwail [trj]" has been found in "C:\WINDOWS\system32\drivers\i386si.sys\[Embedded_Ix#19b0]" file.
4/4/2009 12:16:49 AM Lynn1 760 Sign of "Win32:Cutwail [trj]" has been found in "C:\WINDOWS\system32\drivers\acpi32.sys\[Embedded_Ix#19b0]" file.
4/4/2009 12:21:51 AM Lynn1 760 Sign of "Win32:Cutwail [trj]" has been found in "C:\WINDOWS\system32\drivers\port135sik.sys\[Embedded_Ix#19b0]" file.
4/4/2009 12:26:50 AM Lynn1 760 Sign of "Win32:Cutwail [trj]" has been found in "C:\WINDOWS\system32\drivers\systemntmi.sys\[Embedded_Ix#19b0]" file.
4/4/2009 9:37:23 AM Lynn1 308 Sign of "Win32:Cutwail [trj]" has been found in "C:\WINDOWS\system32\drivers\i386si.sys\[Embedded_Ix#19b0]" file.
4/4/2009 12:08:56 PM Lynn1 224 Sign of "Win32:Cutwail [trj]" has been found in "C:\WINDOWS\system32\drivers\acpi32.sys\[Embedded_Ix#19b0]" file.
4/4/2009 12:12:50 PM Lynn1 224 Sign of "Win32:Rootkit-gen [Rtk]" has been found in "C:\DOCUME~1\Lynn1\LOCALS~1\Temp\BNF.tmp" file.
4/4/2009 12:22:25 PM Lynn1 224 Sign of "Win32:Rootkit-gen [Rtk]" has been found in "C:\DOCUME~1\Lynn1\LOCALS~1\Temp\BN13.tmp" file.
4/4/2009 12:27:58 PM Lynn1 224 Sign of "Win32:Rootkit-gen [Rtk]" has been found in "C:\DOCUME~1\Lynn1\LOCALS~1\Temp\BN1D.tmp" file.
4/4/2009 12:34:41 PM Lynn1 224 Sign of "Win32:Rootkit-gen [Rtk]" has been found in "C:\DOCUME~1\Lynn1\LOCALS~1\Temp\BN1F.tmp" file.
4/4/2009 12:37:44 PM Lynn1 224 Sign of "Win32:Rootkit-gen [Rtk]" has been found in "C:\DOCUME~1\Lynn1\LOCALS~1\Temp\BN26.tmp" file.
4/4/2009 12:47:09 PM Lynn1 224 Sign of "Win32:Rootkit-gen [Rtk]" has been found in "C:\DOCUME~1\Lynn1\LOCALS~1\Temp\BN2B.tmp" file.
4/4/2009 12:52:53 PM Lynn1 224 Sign of "Win32:Rootkit-gen [Rtk]" has been found in "C:\DOCUME~1\Lynn1\LOCALS~1\Temp\BN2D.tmp" file.
4/4/2009 12:57:53 PM Lynn1 224 Sign of "Win32:Rootkit-gen [Rtk]" has been found in "C:\DOCUME~1\Lynn1\LOCALS~1\Temp\BN2F.tmp" file.
4/4/2009 1:02:54 PM Lynn1 224 Sign of "Win32:Rootkit-gen [Rtk]" has been found in "C:\DOCUME~1\Lynn1\LOCALS~1\Temp\BN31.tmp" file.
4/4/2009 1:11:48 PM Lynn1 224 Sign of "Win32:Rootkit-gen [Rtk]" has been found in "C:\DOCUME~1\Lynn1\LOCALS~1\Temp\BN33.tmp" file.
4/4/2009 2:12:59 PM Lynn1 224 Sign of "Win32:Rootkit-gen [Rtk]" has been found in "C:\DOCUME~1\Lynn1\LOCALS~1\Temp\BN96.tmp" file.
4/4/2009 2:26:48 PM Lynn1 120 Sign of "Win32:Rootkit-gen [Rtk]" has been found in "C:\DOCUME~1\Lynn1\LOCALS~1\Temp\BN24.tmp" file.
4/4/2009 2:33:52 PM Lynn1 120 Sign of "Win32:Rootkit-gen [Rtk]" has been found in "C:\DOCUME~1\Lynn1\LOCALS~1\Temp\BN26.tmp" file.
4/4/2009 2:39:10 PM Lynn1 120 Sign of "Win32:Rootkit-gen [Rtk]" has been found in "C:\DOCUME~1\Lynn1\LOCALS~1\Temp\BN28.tmp" file.
4/4/2009 2:45:10 PM Lynn1 120 Sign of "Win32:Rootkit-gen [Rtk]" has been found in "C:\DOCUME~1\Lynn1\LOCALS~1\Temp\BN30.tmp" file.
4/4/2009 2:49:05 PM Lynn1 120 Sign of "Win32:Rootkit-gen [Rtk]" has been found in "C:\DOCUME~1\Lynn1\LOCALS~1\Temp\BN32.tmp" file.
4/4/2009 4:13:01 PM Lynn1 120 Sign of "Win32:Rootkit-gen [Rtk]" has been found in "C:\DOCUMENTS AND SETTINGS\LYNN1\LOCAL SETTINGS\TEMP\BN32.TMP" file.
4/4/2009 4:13:12 PM Lynn1 120 Sign of "Win32:Rootkit-gen [Rtk]" has been found in "C:\DOCUME~1\Lynn1\LOCALS~1\Temp\BN34.tmp" file.
4/4/2009 4:13:14 PM Lynn1 120 Sign of "Win32:Rootkit-gen [Rtk]" has been found in "C:\DOCUME~1\Lynn1\LOCALS~1\Temp\BN32.tmp" file.
4/4/2009 4:13:34 PM Lynn1 120 Sign of "Win32:Rootkit-gen [Rtk]" has been found in "C:\DOCUME~1\Lynn1\LOCALS~1\Temp\BN34.tmp" file.
4/4/2009 4:16:59 PM Lynn1 120 Sign of "Win32:Rootkit-gen [Rtk]" has been found in "C:\DOCUME~1\Lynn1\LOCALS~1\Temp\BN3B.tmp" file.
4/4/2009 4:21:53 PM Lynn1 120 Sign of "Win32:Rootkit-gen [Rtk]" has been found in "C:\DOCUME~1\Lynn1\LOCALS~1\Temp\BN3D.tmp" file.
4/4/2009 4:28:33 PM Lynn1 120 Sign of "Win32:Rootkit-gen [Rtk]" has been found in "C:\DOCUME~1\Lynn1\LOCALS~1\Temp\BN3F.tmp" file.
4/4/2009 4:34:13 PM Lynn1 120 Sign of "Win32:Rootkit-gen [Rtk]" has been found in "C:\DOCUME~1\Lynn1\LOCALS~1\Temp\BN41.tmp" file.
4/4/2009 4:39:16 PM Lynn1 120 Sign of "Win32:Rootkit-gen [Rtk]" has been found in "C:\DOCUME~1\Lynn1\LOCALS~1\Temp\BN43.tmp" file.
4/4/2009 4:45:07 PM Lynn1 120 Sign of "Win32:Rootkit-gen [Rtk]" has been found in "C:\DOCUME~1\Lynn1\LOCALS~1\Temp\BN57.tmp" file.
4/4/2009 4:51:48 PM Lynn1 120 Sign of "Win32:Rootkit-gen [Rtk]" has been found in "C:\DOCUME~1\Lynn1\LOCALS~1\Temp\BN59.tmp" file.
4/4/2009 5:00:54 PM Lynn1 120 Sign of "Win32:Rootkit-gen [Rtk]" has been found in "C:\DOCUME~1\Lynn1\LOCALS~1\Temp\BN5B.tmp" file.
4/4/2009 5:09:21 PM Lynn1 120 AAVM - scanning warning: x_AavmCheckFileDirectEx [UNI]: C:\WINDOWS\SOFTWAREDISTRIBUTION\DOWNLOAD\S-1-5-18\7F9ED00B8AB9F384A670920F20096EC5\BITB2.TMP (C:\WINDOWS\SOFTWAREDISTRIBUTION\DOWNLOAD\S-1-5-18\7F9ED00B8AB9F384A670920F20096EC5\BITB2.TMP) returning error, 00000026.
4/4/2009 5:10:02 PM Lynn1 120 Sign of "Win32:Rootkit-gen [Rtk]" has been found in "C:\DOCUME~1\Lynn1\LOCALS~1\Temp\BN5D.tmp" file.
4/4/2009 5:14:33 PM Lynn1 120 Sign of "Win32:Rootkit-gen [Rtk]" has been found in "C:\DOCUME~1\Lynn1\LOCALS~1\Temp\BN5F.tmp" file.
4/4/2009 5:40:05 PM Lynn1 120 Sign of "Win32:Cutwail [trj]" has been found in "C:\Documents and
-
As I learned, if it says 0 bytes received, go into avast's settings and exclude the file from scanning for that moment.
-
John2009
I excluded the entire file from scanning. The file that had a report was in the same file so I don't know what the problem is.
Thanks for your input.
-
Have you tried any anti rootkit programs. Here are a few of the more user friendly ones
http://www.free-av.com/en/products/4/avira_antirootkit_tool.html (http://www.free-av.com/en/products/4/avira_antirootkit_tool.html)
http://www.sophos.com/products/free-tools/sophos-anti-rootkit.html (http://www.sophos.com/products/free-tools/sophos-anti-rootkit.html)
http://download.cnet.com/Rootkit-Buster/3000-8022_4-10720133.html (http://download.cnet.com/Rootkit-Buster/3000-8022_4-10720133.html)
You could try those, then try DrWeb in safe mode
http://www.freedrweb.com/
-
I suggest:
1. Clean your temporary files.
2. Schedule a boot time scanning with avast with archive scanning turned on. If avast does not detect it, you can try DrWeb CureIT! (http://www.freedrweb.com/cureit/) instead.
3. Use SUPERantispyware (http://www.superantispyware.com) (although seems a lack of detection of SAS in this case...), MBAM (http://malwarebytes.org/mbam.php) or Spyware Terminator (http://www.spywareterminator.com/) to scan for spywares and trojans. If any infection is detected, better and safer is send the file to Quarantine than to simple delete them.
4. Test your machine with anti-rootkit applications (http://www.antirootkit.com/software/index.htm). I suggest avast! antirootkit (http://files.avast.com/files/beta/aswar.exe) or Trend Micro RootkitBuster (http://www.trendmicro.com/download/rbuster.asp).
5. Make a HijackThis (http://www.bleepingcomputer.com/files/hijackthis.php) log to post here or this analysis site (http://www.hijackthis.de/#anl). Or even submit the RunScanner (http://www.runscanner.net/) log to to on-line analysis.
6. Disable System Restore and then reenable it again.
7. Immunize your system with SpywareBlaster (http://www.javacoolsoftware.com/spywareblaster.html).
8. Check if you have insecure applications with Secunia Software Inspector (http://secunia.com/software_inspector/).
-
Tech I followed your suggestions (cleaned temp files, ran boot scan, ran spyware terminator, ran avast anti-rootkit, ran runscanner, did the system restore thing and then ran spyware blaster and downloaded updates for all software) and I still am getting notice from avast that the rootkit-gen is still being found in my temp files.
Here is my log from Runscanner:
Runscanner logfile
* = signed file
- = file not found
General info
------------
Computer name : LYNNLAPTOP
Creation time : 4/5/2009 4:06:16 PM
Hosts <> 127.0.0.1 : 0
Hosts file location : %SystemRoot%\System32\drivers\etc
IE version : 7.0.5730.13
OS : Microsoft Windows XP
OS Build : 2600
OS SP : Service Pack 3
RunScanner Version : 1.8.0.0
User Language : English (United States)
User rights : Administrator
Windows folder : C:\WINDOWS
Running processes
-----------------
C:\Program Files\Adobe\Photoshop Album Starter Edition\3.0\Apps\apdproxy.exe (Adobe Systems Incorporated)
* C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe (Apple Inc.)
* C:\WINDOWS\System32\alg.exe (Microsoft Corporation)
* C:\Program Files\AskBarDis\bar\bin\AskService.exe
* C:\Program Files\Alwil Software\Avast4\ashServ.exe (ALWIL Software)
* C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe (ALWIL Software)
* C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe (ALWIL Software)
* C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe (ALWIL Software)
* C:\Program Files\Alwil Software\Avast4\ashWebSv.exe (ALWIL Software)
* C:\Program Files\Bonjour\mDNSResponder.exe (Apple Inc.)
* C:\WINDOWS\system32\csrss.exe (Microsoft Corporation)
C:\Program Files\Corel\Corel Photo Album 6\MediaDetect.exe (Corel, Inc.)
* C:\WINDOWS\system32\ctfmon.exe (Microsoft Corporation)
C:\Program Files\CyberLink\PowerDVD\DVDLauncher.exe (CyberLink Corp.)
C:\WINDOWS\System32\bcmwltry.exe (Dell Inc)
C:\WINDOWS\system32\WLTRAY.exe (Dell Inc)
C:\Program Files\Digital Line Detect\DLG.exe (BVRP Software)
C:\WINDOWS\system32\dla\tfswctrl.exe (Sonic Solutions)
C:\Program Files\filehippo.com\UpdateChecker.exe (FileHippo.com)
* C:\WINDOWS\System32\svchost.exe (Microsoft Corporation)
* C:\WINDOWS\System32\svchost.exe (Microsoft Corporation)
* C:\WINDOWS\System32\svchost.exe (Microsoft Corporation)
* C:\WINDOWS\System32\svchost.exe (Microsoft Corporation)
* C:\WINDOWS\system32\svchost.exe (Microsoft Corporation)
* C:\WINDOWS\System32\svchost.exe (Microsoft Corporation)
* C:\WINDOWS\System32\svchost.exe (Microsoft Corporation)
* C:\WINDOWS\System32\svchost.exe (Microsoft Corporation)
* C:\WINDOWS\System32\svchost.exe (Microsoft Corporation)
* C:\WINDOWS\System32\svchost.exe (Microsoft Corporation)
* C:\WINDOWS\system32\svchost.exe (Microsoft Corporation)
* C:\WINDOWS\System32\svchost.exe (Microsoft Corporation)
* C:\WINDOWS\System32\svchost.exe (Microsoft Corporation)
* C:\WINDOWS\system32\svchost.exe (Microsoft Corporation)
* C:\WINDOWS\system32\svchost.exe (Microsoft Corporation)
* C:\WINDOWS\system32\svchost.exe (Microsoft Corporation)
* C:\WINDOWS\System32\svchost.exe (Microsoft Corporation)
* C:\WINDOWS\system32\svchost.exe (Microsoft Corporation)
* C:\WINDOWS\System32\svchost.exe (Microsoft Corporation)
* C:\WINDOWS\System32\svchost.exe (Microsoft Corporation)
* C:\WINDOWS\System32\svchost.exe (Microsoft Corporation)
* C:\WINDOWS\system32\hkcmd.exe (Intel Corporation)
* C:\WINDOWS\system32\igfxsrvc.exe (Intel Corporation)
C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe (InstallShield Software Corporation)
C:\Program Files\Dell\NICCONFIGSVC\NICCONFIGSVC.exe (Dell Inc.)
* C:\Program Files\iPod\bin\iPodService.exe (Apple Inc.)
* C:\Program Files\iTunes\iTunesHelper.exe (Apple Inc.)
* C:\WINDOWS\system32\LEXBCES.EXE (Lexmark International, Inc.)
* C:\WINDOWS\system32\LEXPPS.EXE (Lexmark International, Inc.)
* C:\WINDOWS\system32\lsass.exe (Microsoft Corporation)
C:\Documents and Settings\Lynn1\Lynn1.exe
* C:\Program Files\MSN Messenger\MsnMsgr.Exe (Microsoft Corporation)
C:\Program Files\Verizon Online\bin\mpbtn.exe (Motive Communications, Inc.)
C:\PROGRA~1\VERIZO~1\SMARTB~1\MotiveSB.exe (Motive Communications, Inc.)
* C:\WINDOWS\system32\igfxpers.exe (Intel Corporation)
C:\Program Files\Intel\PROSetWired\NCS\PROSet\PRONoMgr.exe (Intel(R) Corporation)
C:\Program Files\Real\RealPlayer\RealPlay.exe (RealNetworks, Inc.)
* C:\DOCUME~1\Lynn1\LOCALS~1\Temp\Temporary Directory 1 for runscanner.zip\RunScanner.exe (Runscanner.net)
* C:\Program Files\SanDisk\Sansa Updater\SansaDispatch.exe (SanDisk Corporation)
* C:\WINDOWS\system32\services.exe (Microsoft Corporation)
C:\WINDOWS\SnoopFreeUI.exe (SnoopFree Software)
C:\WINDOWS\System32\SnoopFreeSvc.exe
* C:\WINDOWS\system32\spoolsv.exe (Microsoft Corporation)
C:\Program Files\Spyware Terminator\SpywareTerminatorShield.exe (Crawler.com)
C:\Program Files\Spyware Terminator\sp_rsser.exe (Crawler.com)
C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe (SUPERAntiSpyware.com)
* C:\Program Files\Synaptics\SynTP\SynTPEnh.exe (Synaptics, Inc.)
* C:\WINDOWS\system32\SNDVOL32.EXE (Microsoft Corporation)
* C:\Program Files\Windows Desktop Search\WindowsSearchIndexer.exe (Microsoft Corporation)
* C:\Program Files\Windows Desktop Search\WindowsSearchFilter.exe (Microsoft Corporation)
* C:\Program Files\Windows Desktop Search\WindowsSearch.exe (Microsoft Corporation)
* C:\WINDOWS\Explorer.EXE (Microsoft Corporation)
* C:\WINDOWS\system32\winlogon.exe (Microsoft Corporation)
* c:\windows\System32\smss.exe (Microsoft Corporation)
C:\WINDOWS\System32\wltrysvc.exe
* C:\WINDOWS\system32\wbem\wmiprvse.exe (Microsoft Corporation)
C:\Program Files\Yahoo!\Widgets\YahooWidgets.exe (Yahoo! Inc.)
rest of report in next post
-
Continuation
Unrated items
-------------
002 C:\Program Files\Adobe\Photoshop Album Starter Edition\3.0\Apps\apdproxy.exe (Adobe Systems Incorporated)
002 * C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe (ALWIL Software)
002 C:\Program Files\Corel\Corel Photo Album 6\MediaDetect.exe (Corel, Inc.)
002 C:\WINDOWS\system32\WLTRAY.exe (Dell Inc)
002 C:\WINDOWS\system32\dla\tfswctrl.exe (Sonic Solutions)
002 C:\Program Files\CyberLink\PowerDVD\DVDLauncher.exe (CyberLink Corp.)
002 C:\Program Files\Common Files\InstallShield\UpdateService\isuspm.exe (InstallShield Software Corporation)
002 C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe (InstallShield Software Corporation)
002 C:\PROGRA~1\VERIZO~1\SMARTB~1\MotiveSB.exe (Motive Communications, Inc.)
002 C:\Program Files\Intel\PROSetWired\NCS\PROSet\PRONoMgr.exe (Intel(R) Corporation)
002 C:\Program Files\QuickTime\qttask.exe (Apple Inc.)
002 C:\Program Files\Real\RealPlayer\RealPlay.exe (RealNetworks, Inc.)
002 * C:\Program Files\SanDisk\Sansa Updater\SansaDispatch.exe (SanDisk Corporation)
002 C:\WINDOWS\SnoopFreeUI.exe (SnoopFree Software)
002 C:\Program Files\Spyware Terminator\SpywareTerminatorShield.exe (Crawler.com)
003 C:\Program Files\filehippo.com\UpdateChecker.exe (FileHippo.com)
003 C:\Documents and Settings\Lynn1\Lynn1.exe
003 C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe (Safer-Networking Ltd.)
003 C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe (SUPERAntiSpyware.com)
004 C:\Program Files\Yahoo!\Widgets\YahooWidgets.exe (Yahoo! Inc.)
005 C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe (Adobe Systems Incorporated)
005 C:\Program Files\Digital Line Detect\DLG.exe (BVRP Software)
005 C:\Program Files\Dell Photo Printer 720\dlbcserv.exe
005 C:\Program Files\Verizon Online\bin\matcli.exe (Motive Communications, Inc.)
010 * C:\Program Files\AskBarDis\bar\bin\AskService.exe (ASKService)
010 * C:\Program Files\Alwil Software\Avast4\ashServ.exe (avast! Antivirus)
010 * C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe (avast! iAVS4 Control Service)
010 * C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe (avast! Mail Scanner)
010 * C:\Program Files\Alwil Software\Avast4\ashWebSv.exe (avast! Web Scanner)
010 C:\WINDOWS\System32\wltrysvc.exe (Dell Wireless WLAN Tray Service)
010 C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe (InstallDriver Table Manager)
010 C:\Program Files\Intel\PROSetWired\NCS\Sync\NetSvc.exe (Intel NCS NetService)
010 C:\Program Files\Dell\NICCONFIGSVC\NICCONFIGSVC.exe (NICCONFIGSVC)
010 C:\WINDOWS\System32\SnoopFreeSvc.exe (Snoop Free Service)
010 C:\Program Files\Spyware Terminator\sp_rsser.exe (Spyware Terminator Realtime Shield Service)
011 C:\WINDOWS\system32\DRIVERS\AegisP.sys (AEGIS Protocol (IEEE 802.1x) v3.2.0.3)
011 C:\Program Files\Dell\NICCONFIGSVC\Appdrv.sys (Appdrv)
011 C:\WINDOWS\system32\drivers\ASCTRM.sys (ASCTRM)
011 * C:\WINDOWS\system32\DRIVERS\aswFsBlk.sys (aswFsBlk)
011 * C:\WINDOWS\system32\drivers\aswRdr.sys (aswRdr)
011 * C:\WINDOWS\system32\drivers\Aavmker4.sys (avast! Asynchronous Virus Monitor)
011 * C:\WINDOWS\system32\drivers\aswTdi.sys (avast! Network Shield Support)
011 * C:\WINDOWS\system32\drivers\aswSP.sys (avast! Self Protection)
011 * C:\WINDOWS\system32\drivers\aswMon2.sys (avast! Standard Shield Support)
011 C:\WINDOWS\system32\drivers\drvmcdb.sys (drvmcdb)
011 C:\WINDOWS\system32\drivers\drvnddm.sys (drvnddm)
011 * C:\WINDOWS\System32\Drivers\GEARAspiWDM.sys (GEAR ASPI Filter Driver)
011 C:\WINDOWS\system32\drivers\MCSTRM.sys (MCSTRM)
011 C:\WINDOWS\system32\DRIVERS\omci.sys (OMCI WDM Device Driver)
011 C:\WINDOWS\System32\Drivers\PxHelp20.sys (PxHelp20)
011 C:\Program Files\SUPERAntiSpyware\SASDIFSV.SYS (SASDIFSV)
011 C:\Program Files\SUPERAntiSpyware\SASENUM.SYS (SASENUM)
011 C:\Program Files\SUPERAntiSpyware\SASKUTIL.sys (SASKUTIL)
011 C:\WINDOWS\System32\Drivers\SnopFree.sys (SnoopFree Driver)
011 C:\WINDOWS\system32\drivers\sp_rsdrv2.sys (Spyware Terminator Driver 2)
011 C:\WINDOWS\system32\drivers\sscdbhk5.sys (sscdbhk5)
011 C:\WINDOWS\system32\drivers\ssrtln.sys (ssrtln)
011 C:\WINDOWS\system32\dla\tfsnboio.sys (tfsnboio)
011 C:\WINDOWS\system32\dla\tfsncofs.sys (tfsncofs)
011 C:\WINDOWS\system32\dla\tfsndrct.sys (tfsndrct)
011 C:\WINDOWS\system32\dla\tfsndres.sys (tfsndres)
011 C:\WINDOWS\system32\dla\tfsnifs.sys (tfsnifs)
011 C:\WINDOWS\system32\dla\tfsnopio.sys (tfsnopio)
011 C:\WINDOWS\system32\dla\tfsnpool.sys (tfsnpool)
011 C:\WINDOWS\system32\dla\tfsnudf.sys (tfsnudf)
011 C:\WINDOWS\system32\dla\tfsnudfa.sys (tfsnudfa)
030 C:\WINDOWS\system32\mscoree.dll (Microsoft Corporation) {1E66F26B-79EE-11D2-8710-00C04F79ED0D}
030 C:\WINDOWS\system32\mscoree.dll (Microsoft Corporation) {1E66F26B-79EE-11D2-8710-00C04F79ED0D}
030 C:\WINDOWS\system32\mscoree.dll (Microsoft Corporation) {1E66F26B-79EE-11D2-8710-00C04F79ED0D}
030 * C:\WINDOWS\system32\SHELL32.dll (Microsoft Corporation) {733AC4CB-F1A4-11d0-B951-00A0C90312E1}
031 C:\PROGRA~1\Crawler\Toolbar\ctbr.dll (Crawler.com) {4D25FB7A-8902-4291-960E-9ADA051CFBBF}
035 C:\WINDOWS\system32\mscories.dll (Microsoft Corporation) {89B4C1CD-B018-4511-B0A1-5476DBF70820}
040 C:\PROGRA~1\Crawler\Toolbar\ctbr.dll (Crawler.com) {1CB20BF0-BBAE-40A7-93F4-6435FF3D0411}
041 * C:\Program Files\AskBarDis\bar\bin\askBar1.dll (Ask.com) {3041d03e-fd4b-44e0-b742-2d9b88305f98}
041 C:\PROGRA~1\Crawler\Toolbar\ctbr.dll (Crawler.com) {4B3803EA-5230-4DC3-A7FC-33638F3D3542}
045 C:\PROGRA~1\Crawler\Toolbar\ctbr.dll (Crawler.com) {4B3803EA-5230-4DC3-A7FC-33638F3D3542}
045 * C:\WINDOWS\system32\SHELL32.dll (Microsoft Corporation) {0E5CBF21-D15F-11D0-8301-00AA005B4383}
050 C:\Program Files\SUPERAntiSpyware\SASSEH.DLL (SuperAdBlocker.com) {5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}
050 C:\Program Files\Windows Desktop Search\MSNLNamespaceMgr.dll (Microsoft Corporation) {56F9679E-7826-4C84-81F3-532071A8BCC5}
052 GUID / CLSID not found {7E853D72-626A-48EC-A868-BA8D5E23E045}
052 * C:\Program Files\AskBarDis\bar\bin\askBar1.dll (Ask.com) {201f27d4-3704-41d6-89c1-aa35e39143ed}
052 C:\PROGRA~1\Crawler\Toolbar\ctbr.dll (Crawler.com) {1CB20BF0-BBAE-40A7-93F4-6435FF3D0411}
052 C:\WINDOWS\system32\dla\tfswshx.dll (Sonic Solutions) {5CA3D70E-1895-11CF-8E15-001234567890}
060 * C:\WINDOWS\system32\SHELL32.dll (Microsoft Corporation) {fbeb8a05-beee-4442-804e-409d6c4515e9}
060 * C:\WINDOWS\system32\SHELL32.dll (Microsoft Corporation) {7849596a-48ea-486e-8937-a2a3009f31a9}
061 * C:\Program Files\Alwil Software\Avast4\ashShell.dll (ALWIL Software) {472083B0-C522-11CF-8763-00608CC02F24}
061 C:\WINDOWS\system32\dla\tfswshx.dll (Sonic Solutions) {5CA3D70E-1895-11CF-8E15-001234567890}
061 C:\WINDOWS\system32\mscoree.dll (Microsoft Corporation) {1D2680C9-0E2A-469d-B787-065558BC7D43}
061 C:\WINDOWS\system32\dfshim.dll (Microsoft Corporation) {E37E2028-CE1A-4f42-AF05-6CEABC4E5D75}
061 C:\WINDOWS\system32\dfshim.dll (Microsoft Corporation) {e82a2d71-5b2f-43a0-97b8-81be15854de8}
061 C:\Program Files\Spyware Terminator\sptcontmenu.dll (Crawler.com) {BD88A479-9623-4897-8546-BC62B9628F44}
061 C:\Program Files\Windows Desktop Search\msnlExt.dll (Microsoft Corporation) {13E7F612-F261-4391-BEA2-39DF4F3FA311}
061 C:\Program Files\Windows Desktop Search\OEPH.dll (Microsoft Corporation) {D426CFD0-87FC-4906-98D9-A23F5D515D61}
062 GUID / CLSID not found {7D4D6379-F301-4311-BEBA-E26EB0561882}
062 C:\Program Files\Adobe\Acrobat 7.0\ActiveX\PDFShell.dll (Adobe Systems, Inc.) {F9DB5320-233E-11D1-9F84-707F02C10627}
062 * C:\WINDOWS\system32\SHELL32.dll (Microsoft Corporation) {0D2E74C4-3C34-11d2-A27E-00C04FC30871}
062 * C:\WINDOWS\system32\SHELL32.dll (Microsoft Corporation) {24F14F01-7B1C-11d1-838f-0000F80461CF}
062 * C:\WINDOWS\system32\SHELL32.dll (Microsoft Corporation) {24F14F02-7B1C-11d1-838f-0000F80461CF}
062 * C:\WINDOWS\system32\SHELL32.dll (Microsoft Corporation) {66742402-F9B9-11D1-A202-0000F81FEDEE}
064 * C:\WINDOWS\system32\shell32.dll (Microsoft Corporation)
067 C:\Program Files\SUPERAntiSpyware\SASWINLO.dll (SUPERAntiSpyware.com)
100 CustomizeSearch HKLM : http://dnl.crawler.com/support/sa_customize.aspx?TbId=60341
100 ProxyOverride HKCU : 127.0.0.1;*.local
100 SearchAssistant HKLM : http://www.crawler.com/search/ie.aspx?tb_id=60341
100 SearchUrl HKCU : http://g.msn.com/0SEENUS/SAOS01?FORM=TOOLBR
100 Start Page HKCU : http://www.msn.com/
102 * C:\WINDOWS\system32\SHELL32.dll (Microsoft Corporation) {C4EE31F3-4768-11D2-BE5C-00A0C9A83DA1}
104 C:\WINDOWS\opuc.dll (Microsoft Corporation) {3E68E405-C6DE-49FF-83AE-41EE9F4C36CE}
104 C:\WINDOWS\Downloaded Program Files\SnapfishActivia1000.ocx (Snapfish) {406B5949-7190-4245-91A9-30A17DE16AD0}
104 * C:\WINDOWS\DOWNLO~1\CMAIDCTL.OCX {7FE26BE2-B923-4B41-9834-E84DA1CC1F96}
104 GUID / CLSID not found {8FFBE65D-2C9C-4669-84BD-5829DC0B603C}
104 C:\Program Files\Java\j2re1.4.2_03\bin\npjpi142_03.dll (JavaSoft / Sun Microsystems, Inc.) {CAFEEFAC-0014-0002-0003-ABCDEFFEDCBA}
continued next post
-
Can you install CCleaner and run it to get rid of temporary files?
-
last part of runscanner report
105 &Windows Live Search :
105 Crawler Search : tbr:iemenu
105 E&xport to Microsoft Excel :
107 C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
172 C:\WINDOWS\System32\BCMLogon.dll (Broadcom Corporation)
173 * C:\Program Files\Alwil Software\Avast4\ashShell.dll (ALWIL Software) {472083B0-C522-11CF-8763-00608CC02F24}
173 * C:\WINDOWS\system32\SHELL32.dll (Microsoft Corporation) {09799AFB-AD67-11d1-ABCD-00C04FC30936}
173 * C:\WINDOWS\system32\SHELL32.dll (Microsoft Corporation) {A470F8CF-A1E8-4f65-8335-227475AA5C46}
173 C:\Program Files\Spyware Terminator\sptcontmenu.dll (Crawler.com) {BD88A479-9623-4897-8546-BC62B9628F44}
173 * C:\WINDOWS\system32\SHELL32.dll (Microsoft Corporation) Start Menu Pin
173 C:\Program Files\SUPERAntiSpyware\SASCTXMN.DLL (SUPERAntiSpyware.com) SUPERAntiSpyware Context Menu
221 * C:\Program Files\Alwil Software\Avast4\ashShell.dll (ALWIL Software) {472083B0-C522-11CF-8763-00608CC02F24}
221 * C:\WINDOWS\system32\SHELL32.dll (Microsoft Corporation) {09799AFB-AD67-11d1-ABCD-00C04FC30936}
221 * C:\WINDOWS\system32\SHELL32.dll (Microsoft Corporation) {A470F8CF-A1E8-4f65-8335-227475AA5C46}
221 C:\Program Files\Spyware Terminator\sptcontmenu.dll (Crawler.com) {BD88A479-9623-4897-8546-BC62B9628F44}
221 * C:\WINDOWS\system32\SHELL32.dll (Microsoft Corporation) Start Menu Pin
221 C:\Program Files\SUPERAntiSpyware\SASCTXMN.DLL (SUPERAntiSpyware.com) SUPERAntiSpyware Context Menu
223 * C:\WINDOWS\system32\SHELL32.dll (Microsoft Corporation) {7BA4C740-9E81-11CF-99D3-00AA004AE837}
223 C:\Program Files\Spyware Terminator\sptcontmenu.dll (Crawler.com) {BD88A479-9623-4897-8546-BC62B9628F44}
225 * C:\Program Files\Alwil Software\Avast4\ashShell.dll (ALWIL Software) {472083B0-C522-11CF-8763-00608CC02F24}
225 * C:\Program Files\Alwil Software\Avast4\ashShell.dll (ALWIL Software) {472083B0-C522-11CF-8763-00608CC02F24}
225 C:\Program Files\Spyware Terminator\sptcontmenu.dll (Crawler.com) {BD88A479-9623-4897-8546-BC62B9628F44}
225 C:\Program Files\Spyware Terminator\sptcontmenu.dll (Crawler.com) {BD88A479-9623-4897-8546-BC62B9628F44}
227 * C:\WINDOWS\system32\SHELL32.dll (Microsoft Corporation) {A470F8CF-A1E8-4f65-8335-227475AA5C46}
227 C:\Program Files\SUPERAntiSpyware\SASCTXMN.DLL (SUPERAntiSpyware.com) SUPERAntiSpyware Context Menu
229 * C:\WINDOWS\system32\SHELL32.dll (Microsoft Corporation) {D969A300-E7FF-11d0-A93B-00A0C90F2719}
231 GUID / CLSID not found NeroDigitalExt.NeroDigitalColumnHandler
231 C:\Program Files\Adobe\Acrobat 7.0\ActiveX\PDFShell.dll (Adobe Systems, Inc.) PDF Column Info
231 * C:\WINDOWS\system32\SHELL32.dll (Microsoft Corporation)
231 * C:\WINDOWS\system32\SHELL32.dll (Microsoft Corporation)
231 * C:\WINDOWS\system32\SHELL32.dll (Microsoft Corporation)
231 * C:\WINDOWS\system32\SHELL32.dll (Microsoft Corporation)
253 * C:\WINDOWS\system32\SHELL32.dll (Microsoft Corporation)
254 * C:\WINDOWS\system32\shell32.dll (Microsoft Corporation) {217FC9C0-3AEA-1069-A2DB-08002B30309D}
Missing files
-------------
010 C:\Program Files\Common Files\Ahead\Lib\NMIndexingService.exe
011 C:\WINDOWS\system32\drivers\Abiosdsk.sys
011 C:\DOCUME~1\Lynn1\LOCALS~1\Temp\aswArKrn.sys
011 C:\WINDOWS\system32\drivers\Atdisk.sys
011 C:\WINDOWS\system32\drivers\bvrp_pci.sys
011 C:\WINDOWS\system32\drivers\Changer.sys
011 C:\WINDOWS\system32\drivers\lbrtfdc.sys
011 C:\WINDOWS\system32\drivers\PCIDump.sys
011 C:\WINDOWS\system32\drivers\PDCOMP.sys
011 C:\WINDOWS\system32\drivers\PDFRAME.sys
011 C:\WINDOWS\system32\drivers\PDRELI.sys
011 C:\WINDOWS\system32\drivers\PDRFRAME.sys
011 C:\WINDOWS\system32\drivers\Simbad.sys
011 c:\windows\system32\DRIVERS\wanatw4.sys
011 C:\WINDOWS\system32\drivers\WDICA.sys
061 deskpan.dll
Any other suggestions?? ???
-
I used ccleaner to clear my temp files.
-
I used ccleaner to clear my temp files.
Did you run avast at boot time?
-
I think I did ???
I scheduled a boot time scan and the computer rebooted and did the scan. Is that the same thing? Sorry not really knowledgeable about tech stuff
-
Yes, the boot-time scan happens before windows fully starts.
-
Still having problems ???
Boot Scan finally found 4 infected files but when I moved them to the virus chest I got this message:
Function setiface UpdatePackages () has failed Return Code ox2000004, dwRes is 2000004.
Anyone know what that means?
-
Not really, as the error message doesn't seem to have anything to do with what you were doing, e.g moving files to the chest, when the error seems to relate to updating.
You say "when I moved them to the virus chest" surely in the boot-time scan you would be moving them individually or are you saying you got this error at the same time, as this is an error from the log viewer and I don't know if during a boot-time scan anything is written to the warning section of the log viewer.
I get these all the time, how do I know this, only when I look in the logs to find something in relation to the forums. Me I keep my nose out of the log viewer as most of the information there is verbose and useful to the developers but not a user. Not to mention the message isn't what I would call a hard error, e.g. not displayed to the screen and I don't go looking in the logs unless I have a specific problem or errors are displayed to the screen.
So unless your are getting update failures displayed to the screen (red pop-up where the green update notification would be displayed) I wouldn't worry.
-
Function setiface UpdatePackages () has failed Return Code ox2000004, dwRes is 2000004.
I consider this verbose of the logs.
-
Ran another boot scan and at about 44% complete it ran into the 4 files that are infected. I pushed 5 to move each one to the virus chest and the scan stopped and the computer booted up.
Is something wrong with AVAST? I have also not gotten a message that the database has updated today.
-
Try scanning with the following in safe mode:
Dr.Web CureIt
Avast! Anti-Virus Professional Edition
Spybot - Search and Destroy
Malwarebytes' Anti-Malware
SUPERAnti-Virus Professional
Avast! Cleaner
Avast! Anti-Rootkit
Symantec Endpoint Protection
-
***
Just for information, the core (virus definitions & scanning engine) of avast is the same in both Home and Pro versions. Also, the cleaner & anti-root kit are included in both versions.
Using those on the list in safe mode is not a bad idea with the exception of HJT which should only be done in Normal mode.
EDIT marked in BOLD.
***
-
<snip>
Is something wrong with AVAST? I have also not gotten a message that the database has updated today.
There isn't a specific schedule for update though it does tend to happen daily and on occasion more than once in a day, the latest VPS version is 090407-0.