Author Topic: Need win32 gen help (Read 9389 times)

lam · « **on:** April 05, 2009, 12:27:24 AM »

I have been infected with several different things over the last two days. The alarm on Avast has been alerting me to the problems. I have moved all of the files into the virus chest.

I am still attempting on my own to rid my machine of what appears to be the last two nasty things Win32: Cutwail [trj](this one is hiding on c:windows\system 32\driver and about 10 different files and Win32: rootkit-gen which was found in a bunch of temp files. I have run a Spybot scan (nothing) and a Superantispyware scan. The following is the log of that scan:

SUPERAntiSpyware Scan Log
http://www.superantispyware.com

Generated 04/04/2009 at 05:15 PM

Application Version : 4.26.1000

Core Rules Database Version : 3829
Trace Rules Database Version: 1785

Scan type : Complete Scan
Total Scan Time : 02:29:23

Memory items scanned : 616
Memory threats detected : 0
Registry items scanned : 5811
Registry threats detected : 0
File items scanned : 21499
File threats detected : 0

Then I extracted one example of each and sent them to virustotal.com . The win 32:cutwail file came back as no bytes had been sent. The win 32:rootkit-gen file came back with the following report:

File BN1D.tmp received on 04.04.2009 23:47:42 (CET)
Current status: finished
Result: 11/40 (27.50%)
Compact Compact
Print results Print results
Antivirus Version Last Update Result

a-squared    4.0.0.101    2009.04.04    -
AhnLab-V3    5.0.0.2    2009.04.04    Dropper/Rootkit.32288
AntiVir    7.9.0.129    2009.04.03    TR/Drop.Agent.qkm
Antiy-AVL    2.0.3.1    2009.04.04    -
Authentium    5.1.2.4    2009.04.04    -
Avast    4.8.1335.0    2009.04.04    Win32:Rootkit-gen
AVG    8.5.0.285    2009.04.04    Small.BHE
BitDefender    7.2    2009.04.04    -
CAT-QuickHeal    10.00    2009.04.04    -
ClamAV    0.94.1    2009.04.04    -
Comodo    1099    2009.04.04    -
DrWeb    4.44.0.09170    2009.04.04    -
eSafe    7.0.17.0    2009.04.02    -
eTrust-Vet    31.6.6435    2009.04.03    -
F-Prot    4.4.4.56    2009.04.03    -
F-Secure    8.0.14470.0    2009.04.04    Trojan-Dropper.Win32.Agent.alhs
Fortinet    3.117.0.0    2009.04.04    -
GData    19    2009.04.04    Win32:Rootkit-gen
Ikarus    T3.1.1.49.0    2009.04.04    -
K7AntiVirus    7.10.692    2009.04.03    -
Kaspersky    7.0.0.125    2009.04.04    Trojan-Dropper.Win32.Agent.alhs
McAfee    5574    2009.04.04    -
McAfee+Artemis    5574    2009.04.04    -
McAfee-GW-Edition    6.7.6    2009.04.03    Trojan.Drop.Agent.qkm
Microsoft    1.4502    2009.04.04    -
NOD32    3988    2009.04.04    Win32/Wigon
Norman    6.00.06    2009.04.03    -
nProtect    2009.1.8.0    2009.04.04    -
Panda    10.0.0.14    2009.04.04    -
PCTools    4.4.2.0    2009.04.04    -
Prevx1    V2    2009.04.04    High Risk Cloaked Malware
Rising    21.23.41.00    2009.04.03    -
Sophos    4.40.0    2009.04.04    -
Sunbelt    3.2.1858.2    2009.04.04    -
Symantec    1.4.4.12    2009.04.04    -
TheHacker    6.3.4.0.302    2009.04.04    -
TrendMicro    8.700.0.1004    2009.04.03    -
VBA32    3.12.10.2    2009.04.03    Trojan-Dropper.Win32.Agent.alhh
ViRobot    2009.4.4.1678    2009.04.04    -
VirusBuster    4.6.5.0    2009.04.04    -
Additional information
File size: 32288 bytes
MD5...: 3a15a0c028906de6fbf3e3af0dfa2ee8
SHA1..: 24c9cfa21b5cccface91a954b15e40eae913a016
SHA256: dd78c993eec332a3c7f128b6289b848c64956e0a2a91d18f997631fe9bbe22e5
SHA512: 3891173d1f643bc7e0eef86769212c585a25be1b13ac75751770983bbb1f09b7
a8c5d4e55e3c8d39ae018f0cb320e0a9d97e8e371ea06fb05c0ad47297d05b69
ssdeep: 768:HdaducpaiP/cIniDowDSIll8NFFuIZsf8pQG0RpWYmRfPy:H4ucp//clDo+Z
IFFuIZs9RoYi6
PEiD..: -
TrID..: File type identification
Win32 Executable Generic (42.3%)
Win32 Dynamic Link Library (generic) (37.6%)
Generic Win/DOS Executable (9.9%)
DOS Executable Generic (9.9%)
VXD Driver (0.1%)
PEInfo: PE Structure information

( base data )
entrypointaddress.: 0x13cf
timedatestamp.....: 0x49d20972 (Tue Mar 31 12:15:46 2009)
machinetype.......: 0x14c (I386)

( 3 sections )
name viradd virsiz rawdsiz ntrpy md5
.text 0x1000 0x91c 0x920 6.51 fdb8f122796434d6b26128f17fe1c015
.data 0x2000 0x436 0x438 4.86 fade022292b13c278bb5aaee6ffd33bf
.rsrc 0x3000 0x6c20 0x6c20 7.99 7f3ee7eebe55bcaa22423e7fe82c240f

( 2 imports )
> KERNEL32.dll: GetLastError, GetModuleHandleA, GetSystemInfo, GetVersionExA, LocalAlloc, ExitProcess
> USER32.dll: BeginPaint, CharUpperA, CreateDialogParamA, CreateWindowExA, DefWindowProcA, DispatchMessageA, EndDialog, EndPaint, FindWindowA, GetClassInfoExA, GetMessageA, GetSystemMetrics, GetTopWindow, LoadCursorA, LoadIconA, MessageBoxA, PostQuitMessage, RegisterClassExA, RegisterWindowMessageA, SendMessageA, SetDlgItemInt, SetFocus, SetWindowTextA, ShowWindow, TranslateMessage, UpdateWindow

( 0 exports )
RDS...: NSRL Reference Data Set
-
Prevx info: http://info.prevx.com/aboutprogramtext.asp?PX5=3D25F34F20A6D6847EF20064F94599009E99E11B

I will post a copy of my avast log in another post or two

lam · « **Reply #1 on:** April 05, 2009, 12:30:10 AM »

Avast log for previous post:

The following is a portion of my Avast virus log for yesterday:

4/3/2009 12:04:52 AM   SYSTEM   748   Sign of "Win32:Cutwail [trj]" has been found in "C:\WINDOWS\system32\drivers\port135sik.sys\[Embedded_Ix#19b0]" file.
4/3/2009 12:13:37 AM   SYSTEM   748   Sign of "Win32:Cutwail [trj]" has been found in "C:\WINDOWS\system32\drivers\ksi32sk.sys\[Embedded_Ix#19b0]" file.
4/3/2009 12:17:29 AM   SYSTEM   748   Sign of "Win32:Cutwail [trj]" has been found in "C:\WINDOWS\system32\drivers\ws2_32sik.sys\[Embedded_Ix#19b0]" file.
4/3/2009 1:18:32 AM   SYSTEM   748   Sign of "Win32:Cutwail [trj]" has been found in "C:\WINDOWS\system32\drivers\i386si.sys\[Embedded_Ix#19b0]" file.
4/3/2009 2:19:34 AM   SYSTEM   748   Sign of "Win32:Cutwail [trj]" has been found in "C:\WINDOWS\system32\drivers\port135sik.sys\[Embedded_Ix#19b0]" file.
4/3/2009 6:43:42 AM   SYSTEM   748   Sign of "Win32:Cutwail [trj]" has been found in "C:\WINDOWS\system32\drivers\ksi32sk.sys\[Embedded_Ix#19b0]" file.
4/3/2009 6:43:46 AM   SYSTEM   748   Sign of "Win32:Cutwail [trj]" has been found in "C:\WINDOWS\system32\drivers\ksi32sk.sys\[Embedded_Ix#19b0]" file.
4/3/2009 7:19:09 AM   SYSTEM   748   Sign of "Win32:Cutwail [trj]" has been found in "C:\WINDOWS\system32\drivers\ws2_32sik.sys\[Embedded_Ix#19b0]" file.
4/3/2009 7:19:38 AM   SYSTEM   748   Sign of "Win32:Cutwail [trj]" has been found in "C:\WINDOWS\system32\drivers\netsik.sys\[Embedded_Ix#19b0]" file.
4/3/2009 7:28:49 AM   SYSTEM   748   Sign of "Win32:Cutwail [trj]" has been found in "C:\WINDOWS\system32\drivers\acpi32.sys\[Embedded_Ix#19b0]" file.
4/3/2009 8:59:51 AM   Lynn1   336   Sign of "Win32:Agent-LVZ [Rtk]" has been found in "C:\WINDOWS\new_drv.sys" file.
4/3/2009 6:36:00 PM   Lynn1   336   Sign of "Win32:Trojan-gen {Other}" has been found in "C:\Documents and Settings\Lynn1\Local Settings\Temporary Internet Files\Content.IE5\B0RYF3B0\731l1[1].exe" file.
4/3/2009 6:37:13 PM   Lynn1   336   Sign of "Win32:Trojan-gen {Other}" has been found in "C:\WINDOWS\TEMP\CF91.tmp" file.
4/3/2009 7:09:51 PM   Lynn1   2132   Function setifaceUpdatePackages() has failed. Return code is 0x000004C7, dwRes is 000004C7.
4/3/2009 9:12:44 PM   Lynn1   312   Sign of "Win32:Cutwail [trj]" has been found in "C:\WINDOWS\system32\drivers\ws2_32sik.sys\[Embedded_Ix#19b0]" file.
4/3/2009 10:50:16 PM   Lynn1   760   Sign of "Win32:Cutwail [trj]" has been found in "C:\WINDOWS\system32\drivers\netsik.sys\[Embedded_Ix#19b0]" file.
4/3/2009 11:02:48 PM   Lynn1   760   Sign of "Win32:Cutwail [trj]" has been found in "C:\WINDOWS\system32\drivers\ws2_32sik.sys\[Embedded_Ix#19b0]" file.
4/3/2009 11:09:01 PM   Lynn1   760   Sign of "Win32:Cutwail [trj]" has been found in "C:\WINDOWS\system32\drivers\netsik.sys\[Embedded_Ix#19b0]" file.
4/3/2009 11:14:04 PM   Lynn1   760   Sign of "Win32:Cutwail [trj]" has been found in "C:\WINDOWS\system32\drivers\amd64si.sys\[Embedded_Ix#19b0]" file.
4/3/2009 11:16:51 PM   Lynn1   760   Sign of "Win32:Cutwail [trj]" has been found in "C:\WINDOWS\system32\drivers\amd64si.sys\[Embedded_Ix#19b0]" file.
4/3/2009 11:24:16 PM   Lynn1   760   Sign of "Win32:Cutwail [trj]" has been found in "C:\WINDOWS\system32\drivers\netsik.sys\[Embedded_Ix#19b0]" file.
4/3/2009 11:28:43 PM   Lynn1   760   Sign of "Win32:Cutwail [trj]" has been found in "C:\WINDOWS\system32\drivers\amd64si.sys\[Embedded_Ix#19b0]" file.
4/3/2009 11:34:16 PM   Lynn1   760   Sign of "Win32:Cutwail [trj]" has been found in "C:\WINDOWS\system32\drivers\systemntmi.sys\[Embedded_Ix#19b0]" file.
4/3/2009 11:38:14 PM   Lynn1   760   Sign of "Win32:Cutwail [trj]" has been found in "C:\WINDOWS\system32\drivers\nicsk32.sys\[Embedded_Ix#19b0]" file.
4/3/2009 11:43:34 PM   Lynn1   760   Sign of "Win32:Cutwail [trj]" has been found in "C:\WINDOWS\system32\drivers\i386si.sys\[Embedded_Ix#19b0]" file.
4/3/2009 11:49:41 PM   Lynn1   760   Sign of "Win32:Cutwail [trj]" has been found in "C:\WINDOWS\system32\drivers\acpi32.sys\[Embedded_Ix#19b0]" file.
4/3/2009 11:51:07 PM   Lynn1   760   Sign of "Win32:Cutwail [trj]" has been found in "C:\WINDOWS\system32\drivers\port135sik.sys\[Embedded_Ix#19b0]" file.
4/3/2009 11:56:51 PM   Lynn1   760   Sign of "Win32:Cutwail [trj]" has been found in "C:\WINDOWS\system32\drivers\acpi32.sys\[Embedded_Ix#19b0]" file.

Is there anything else I can do to get rid of these?

lam · « **Reply #2 on:** April 05, 2009, 12:31:02 AM »

Today's log for previous post:

4/4/2009 12:02:04 AM   Lynn1   760   Sign of "Win32:Cutwail [trj]" has been found in "C:\WINDOWS\system32\drivers\i386si.sys\[Embedded_Ix#19b0]" file.
4/4/2009 12:07:15 AM   Lynn1   760   Sign of "Win32:Cutwail [trj]" has been found in "C:\WINDOWS\system32\drivers\nicsk32.sys\[Embedded_Ix#19b0]" file.
4/4/2009 12:14:43 AM   Lynn1   760   Sign of "Win32:Cutwail [trj]" has been found in "C:\WINDOWS\system32\drivers\i386si.sys\[Embedded_Ix#19b0]" file.
4/4/2009 12:16:49 AM   Lynn1   760   Sign of "Win32:Cutwail [trj]" has been found in "C:\WINDOWS\system32\drivers\acpi32.sys\[Embedded_Ix#19b0]" file.
4/4/2009 12:21:51 AM   Lynn1   760   Sign of "Win32:Cutwail [trj]" has been found in "C:\WINDOWS\system32\drivers\port135sik.sys\[Embedded_Ix#19b0]" file.
4/4/2009 12:26:50 AM   Lynn1   760   Sign of "Win32:Cutwail [trj]" has been found in "C:\WINDOWS\system32\drivers\systemntmi.sys\[Embedded_Ix#19b0]" file.
4/4/2009 9:37:23 AM   Lynn1   308   Sign of "Win32:Cutwail [trj]" has been found in "C:\WINDOWS\system32\drivers\i386si.sys\[Embedded_Ix#19b0]" file.
4/4/2009 12:08:56 PM   Lynn1   224   Sign of "Win32:Cutwail [trj]" has been found in "C:\WINDOWS\system32\drivers\acpi32.sys\[Embedded_Ix#19b0]" file.
4/4/2009 12:12:50 PM   Lynn1   224   Sign of "Win32:Rootkit-gen [Rtk]" has been found in "C:\DOCUME~1\Lynn1\LOCALS~1\Temp\BNF.tmp" file.
4/4/2009 12:22:25 PM   Lynn1   224   Sign of "Win32:Rootkit-gen [Rtk]" has been found in "C:\DOCUME~1\Lynn1\LOCALS~1\Temp\BN13.tmp" file.
4/4/2009 12:27:58 PM   Lynn1   224   Sign of "Win32:Rootkit-gen [Rtk]" has been found in "C:\DOCUME~1\Lynn1\LOCALS~1\Temp\BN1D.tmp" file.
4/4/2009 12:34:41 PM   Lynn1   224   Sign of "Win32:Rootkit-gen [Rtk]" has been found in "C:\DOCUME~1\Lynn1\LOCALS~1\Temp\BN1F.tmp" file.
4/4/2009 12:37:44 PM   Lynn1   224   Sign of "Win32:Rootkit-gen [Rtk]" has been found in "C:\DOCUME~1\Lynn1\LOCALS~1\Temp\BN26.tmp" file.
4/4/2009 12:47:09 PM   Lynn1   224   Sign of "Win32:Rootkit-gen [Rtk]" has been found in "C:\DOCUME~1\Lynn1\LOCALS~1\Temp\BN2B.tmp" file.
4/4/2009 12:52:53 PM   Lynn1   224   Sign of "Win32:Rootkit-gen [Rtk]" has been found in "C:\DOCUME~1\Lynn1\LOCALS~1\Temp\BN2D.tmp" file.
4/4/2009 12:57:53 PM   Lynn1   224   Sign of "Win32:Rootkit-gen [Rtk]" has been found in "C:\DOCUME~1\Lynn1\LOCALS~1\Temp\BN2F.tmp" file.
4/4/2009 1:02:54 PM   Lynn1   224   Sign of "Win32:Rootkit-gen [Rtk]" has been found in "C:\DOCUME~1\Lynn1\LOCALS~1\Temp\BN31.tmp" file.
4/4/2009 1:11:48 PM   Lynn1   224   Sign of "Win32:Rootkit-gen [Rtk]" has been found in "C:\DOCUME~1\Lynn1\LOCALS~1\Temp\BN33.tmp" file.
4/4/2009 2:12:59 PM   Lynn1   224   Sign of "Win32:Rootkit-gen [Rtk]" has been found in "C:\DOCUME~1\Lynn1\LOCALS~1\Temp\BN96.tmp" file.
4/4/2009 2:26:48 PM   Lynn1   120   Sign of "Win32:Rootkit-gen [Rtk]" has been found in "C:\DOCUME~1\Lynn1\LOCALS~1\Temp\BN24.tmp" file.
4/4/2009 2:33:52 PM   Lynn1   120   Sign of "Win32:Rootkit-gen [Rtk]" has been found in "C:\DOCUME~1\Lynn1\LOCALS~1\Temp\BN26.tmp" file.
4/4/2009 2:39:10 PM   Lynn1   120   Sign of "Win32:Rootkit-gen [Rtk]" has been found in "C:\DOCUME~1\Lynn1\LOCALS~1\Temp\BN28.tmp" file.
4/4/2009 2:45:10 PM   Lynn1   120   Sign of "Win32:Rootkit-gen [Rtk]" has been found in "C:\DOCUME~1\Lynn1\LOCALS~1\Temp\BN30.tmp" file.
4/4/2009 2:49:05 PM   Lynn1   120   Sign of "Win32:Rootkit-gen [Rtk]" has been found in "C:\DOCUME~1\Lynn1\LOCALS~1\Temp\BN32.tmp" file.
4/4/2009 4:13:01 PM   Lynn1   120   Sign of "Win32:Rootkit-gen [Rtk]" has been found in "C:\DOCUMENTS AND SETTINGS\LYNN1\LOCAL SETTINGS\TEMP\BN32.TMP" file.
4/4/2009 4:13:12 PM   Lynn1   120   Sign of "Win32:Rootkit-gen [Rtk]" has been found in "C:\DOCUME~1\Lynn1\LOCALS~1\Temp\BN34.tmp" file.
4/4/2009 4:13:14 PM   Lynn1   120   Sign of "Win32:Rootkit-gen [Rtk]" has been found in "C:\DOCUME~1\Lynn1\LOCALS~1\Temp\BN32.tmp" file.
4/4/2009 4:13:34 PM   Lynn1   120   Sign of "Win32:Rootkit-gen [Rtk]" has been found in "C:\DOCUME~1\Lynn1\LOCALS~1\Temp\BN34.tmp" file.
4/4/2009 4:16:59 PM   Lynn1   120   Sign of "Win32:Rootkit-gen [Rtk]" has been found in "C:\DOCUME~1\Lynn1\LOCALS~1\Temp\BN3B.tmp" file.
4/4/2009 4:21:53 PM   Lynn1   120   Sign of "Win32:Rootkit-gen [Rtk]" has been found in "C:\DOCUME~1\Lynn1\LOCALS~1\Temp\BN3D.tmp" file.
4/4/2009 4:28:33 PM   Lynn1   120   Sign of "Win32:Rootkit-gen [Rtk]" has been found in "C:\DOCUME~1\Lynn1\LOCALS~1\Temp\BN3F.tmp" file.
4/4/2009 4:34:13 PM   Lynn1   120   Sign of "Win32:Rootkit-gen [Rtk]" has been found in "C:\DOCUME~1\Lynn1\LOCALS~1\Temp\BN41.tmp" file.
4/4/2009 4:39:16 PM   Lynn1   120   Sign of "Win32:Rootkit-gen [Rtk]" has been found in "C:\DOCUME~1\Lynn1\LOCALS~1\Temp\BN43.tmp" file.
4/4/2009 4:45:07 PM   Lynn1   120   Sign of "Win32:Rootkit-gen [Rtk]" has been found in "C:\DOCUME~1\Lynn1\LOCALS~1\Temp\BN57.tmp" file.
4/4/2009 4:51:48 PM   Lynn1   120   Sign of "Win32:Rootkit-gen [Rtk]" has been found in "C:\DOCUME~1\Lynn1\LOCALS~1\Temp\BN59.tmp" file.
4/4/2009 5:00:54 PM   Lynn1   120   Sign of "Win32:Rootkit-gen [Rtk]" has been found in "C:\DOCUME~1\Lynn1\LOCALS~1\Temp\BN5B.tmp" file.
4/4/2009 5:09:21 PM   Lynn1   120   AAVM - scanning warning: x_AavmCheckFileDirectEx [UNI]: C:\WINDOWS\SOFTWAREDISTRIBUTION\DOWNLOAD\S-1-5-18\7F9ED00B8AB9F384A670920F20096EC5\BITB2.TMP (C:\WINDOWS\SOFTWAREDISTRIBUTION\DOWNLOAD\S-1-5-18\7F9ED00B8AB9F384A670920F20096EC5\BITB2.TMP) returning error, 00000026.
4/4/2009 5:10:02 PM   Lynn1   120   Sign of "Win32:Rootkit-gen [Rtk]" has been found in "C:\DOCUME~1\Lynn1\LOCALS~1\Temp\BN5D.tmp" file.
4/4/2009 5:14:33 PM   Lynn1   120   Sign of "Win32:Rootkit-gen [Rtk]" has been found in "C:\DOCUME~1\Lynn1\LOCALS~1\Temp\BN5F.tmp" file.
4/4/2009 5:40:05 PM   Lynn1   120   Sign of "Win32:Cutwail [trj]" has been found in "C:\Documents and

John2009 · « **Reply #3 on:** April 05, 2009, 12:59:10 AM »

As I learned, if it says 0 bytes received, go into avast's settings and exclude the file from scanning for that moment.

lam · « **Reply #4 on:** April 05, 2009, 01:46:45 AM »

John2009

I excluded the entire file from scanning. The file that had a report was in the same file so I don't know what the problem is.

Thanks for your input.

micky77 · « **Reply #5 on:** April 05, 2009, 12:21:32 PM »

Have you tried any anti rootkit programs. Here are a few of the more user friendly ones

http://www.free-av.com/en/products/4/avira_antirootkit_tool.html

http://www.sophos.com/products/free-tools/sophos-anti-rootkit.html

http://download.cnet.com/Rootkit-Buster/3000-8022_4-10720133.html

You could try those, then try DrWeb in safe mode

http://www.freedrweb.com/

Lisandro · « **Reply #6 on:** April 05, 2009, 03:32:18 PM »

I suggest:

1. Clean your temporary files.
2. Schedule a boot time scanning with avast with archive scanning turned on. If avast does not detect it, you can try DrWeb CureIT! instead.
3. Use SUPERantispyware (although seems a lack of detection of SAS in this case...), MBAM or Spyware Terminator to scan for spywares and trojans. If any infection is detected, better and safer is send the file to Quarantine than to simple delete them.
4. Test your machine with anti-rootkit applications. I suggest avast! antirootkit or Trend Micro RootkitBuster.
5. Make a HijackThis log to post here or this analysis site. Or even submit the RunScanner log to to on-line analysis.
6. Disable System Restore and then reenable it again.
7. Immunize your system with SpywareBlaster.
8. Check if you have insecure applications with Secunia Software Inspector.

lam · « **Reply #7 on:** April 06, 2009, 01:13:24 AM »

Tech I followed your suggestions (cleaned temp files, ran boot scan, ran spyware terminator, ran avast anti-rootkit, ran runscanner, did the system restore thing and then ran spyware blaster and downloaded updates for all software) and I still am getting notice from avast that the rootkit-gen is still being found in my temp files.

Here is my log from Runscanner:

Runscanner logfile

* = signed file
- = file not found

General info
------------
Computer name : LYNNLAPTOP
Creation time : 4/5/2009 4:06:16 PM
Hosts <> 127.0.0.1 : 0
Hosts file location : %SystemRoot%\System32\drivers\etc
IE version : 7.0.5730.13
OS : Microsoft Windows XP
OS Build : 2600
OS SP : Service Pack 3
RunScanner Version : 1.8.0.0
User Language : English (United States)
User rights : Administrator
Windows folder : C:\WINDOWS

Running processes
-----------------
  C:\Program Files\Adobe\Photoshop Album Starter Edition\3.0\Apps\apdproxy.exe (Adobe Systems Incorporated)
* C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe (Apple Inc.)
* C:\WINDOWS\System32\alg.exe (Microsoft Corporation)
* C:\Program Files\AskBarDis\bar\bin\AskService.exe
* C:\Program Files\Alwil Software\Avast4\ashServ.exe (ALWIL Software)
* C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe (ALWIL Software)
* C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe (ALWIL Software)
* C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe (ALWIL Software)
* C:\Program Files\Alwil Software\Avast4\ashWebSv.exe (ALWIL Software)
* C:\Program Files\Bonjour\mDNSResponder.exe (Apple Inc.)
* C:\WINDOWS\system32\csrss.exe (Microsoft Corporation)
  C:\Program Files\Corel\Corel Photo Album 6\MediaDetect.exe (Corel, Inc.)
* C:\WINDOWS\system32\ctfmon.exe (Microsoft Corporation)
  C:\Program Files\CyberLink\PowerDVD\DVDLauncher.exe (CyberLink Corp.)
  C:\WINDOWS\System32\bcmwltry.exe (Dell Inc)
  C:\WINDOWS\system32\WLTRAY.exe (Dell Inc)
  C:\Program Files\Digital Line Detect\DLG.exe (BVRP Software)
  C:\WINDOWS\system32\dla\tfswctrl.exe (Sonic Solutions)
  C:\Program Files\filehippo.com\UpdateChecker.exe (FileHippo.com)
* C:\WINDOWS\System32\svchost.exe (Microsoft Corporation)
* C:\WINDOWS\System32\svchost.exe (Microsoft Corporation)
* C:\WINDOWS\System32\svchost.exe (Microsoft Corporation)
* C:\WINDOWS\System32\svchost.exe (Microsoft Corporation)
* C:\WINDOWS\system32\svchost.exe (Microsoft Corporation)
* C:\WINDOWS\System32\svchost.exe (Microsoft Corporation)
* C:\WINDOWS\System32\svchost.exe (Microsoft Corporation)
* C:\WINDOWS\System32\svchost.exe (Microsoft Corporation)
* C:\WINDOWS\System32\svchost.exe (Microsoft Corporation)
* C:\WINDOWS\System32\svchost.exe (Microsoft Corporation)
* C:\WINDOWS\system32\svchost.exe (Microsoft Corporation)
* C:\WINDOWS\System32\svchost.exe (Microsoft Corporation)
* C:\WINDOWS\System32\svchost.exe (Microsoft Corporation)
* C:\WINDOWS\system32\svchost.exe (Microsoft Corporation)
* C:\WINDOWS\system32\svchost.exe (Microsoft Corporation)
* C:\WINDOWS\system32\svchost.exe (Microsoft Corporation)
* C:\WINDOWS\System32\svchost.exe (Microsoft Corporation)
* C:\WINDOWS\system32\svchost.exe (Microsoft Corporation)
* C:\WINDOWS\System32\svchost.exe (Microsoft Corporation)
* C:\WINDOWS\System32\svchost.exe (Microsoft Corporation)
* C:\WINDOWS\System32\svchost.exe (Microsoft Corporation)
* C:\WINDOWS\system32\hkcmd.exe (Intel Corporation)
* C:\WINDOWS\system32\igfxsrvc.exe (Intel Corporation)
  C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe (InstallShield Software Corporation)
  C:\Program Files\Dell\NICCONFIGSVC\NICCONFIGSVC.exe (Dell Inc.)
* C:\Program Files\iPod\bin\iPodService.exe (Apple Inc.)
* C:\Program Files\iTunes\iTunesHelper.exe (Apple Inc.)
* C:\WINDOWS\system32\LEXBCES.EXE (Lexmark International, Inc.)
* C:\WINDOWS\system32\LEXPPS.EXE (Lexmark International, Inc.)
* C:\WINDOWS\system32\lsass.exe (Microsoft Corporation)
  C:\Documents and Settings\Lynn1\Lynn1.exe
* C:\Program Files\MSN Messenger\MsnMsgr.Exe (Microsoft Corporation)
  C:\Program Files\Verizon Online\bin\mpbtn.exe (Motive Communications, Inc.)
  C:\PROGRA~1\VERIZO~1\SMARTB~1\MotiveSB.exe (Motive Communications, Inc.)
* C:\WINDOWS\system32\igfxpers.exe (Intel Corporation)
  C:\Program Files\Intel\PROSetWired\NCS\PROSet\PRONoMgr.exe (Intel(R) Corporation)
  C:\Program Files\Real\RealPlayer\RealPlay.exe (RealNetworks, Inc.)
* C:\DOCUME~1\Lynn1\LOCALS~1\Temp\Temporary Directory 1 for runscanner.zip\RunScanner.exe (Runscanner.net)
* C:\Program Files\SanDisk\Sansa Updater\SansaDispatch.exe (SanDisk Corporation)
* C:\WINDOWS\system32\services.exe (Microsoft Corporation)
  C:\WINDOWS\SnoopFreeUI.exe (SnoopFree Software)
  C:\WINDOWS\System32\SnoopFreeSvc.exe
* C:\WINDOWS\system32\spoolsv.exe (Microsoft Corporation)
  C:\Program Files\Spyware Terminator\SpywareTerminatorShield.exe (Crawler.com)
  C:\Program Files\Spyware Terminator\sp_rsser.exe (Crawler.com)
  C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe (SUPERAntiSpyware.com)
* C:\Program Files\Synaptics\SynTP\SynTPEnh.exe (Synaptics, Inc.)
* C:\WINDOWS\system32\SNDVOL32.EXE (Microsoft Corporation)
* C:\Program Files\Windows Desktop Search\WindowsSearchIndexer.exe (Microsoft Corporation)
* C:\Program Files\Windows Desktop Search\WindowsSearchFilter.exe (Microsoft Corporation)
* C:\Program Files\Windows Desktop Search\WindowsSearch.exe (Microsoft Corporation)
* C:\WINDOWS\Explorer.EXE (Microsoft Corporation)
* C:\WINDOWS\system32\winlogon.exe (Microsoft Corporation)
* c:\windows\System32\smss.exe (Microsoft Corporation)
  C:\WINDOWS\System32\wltrysvc.exe
* C:\WINDOWS\system32\wbem\wmiprvse.exe (Microsoft Corporation)
  C:\Program Files\Yahoo!\Widgets\YahooWidgets.exe (Yahoo! Inc.)

rest of report in next post

lam · « **Reply #8 on:** April 06, 2009, 01:15:49 AM »

Continuation

Unrated items
-------------
002 C:\Program Files\Adobe\Photoshop Album Starter Edition\3.0\Apps\apdproxy.exe (Adobe Systems Incorporated)
002 * C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe (ALWIL Software)
002 C:\Program Files\Corel\Corel Photo Album 6\MediaDetect.exe (Corel, Inc.)
002 C:\WINDOWS\system32\WLTRAY.exe (Dell Inc)
002 C:\WINDOWS\system32\dla\tfswctrl.exe (Sonic Solutions)
002 C:\Program Files\CyberLink\PowerDVD\DVDLauncher.exe (CyberLink Corp.)
002 C:\Program Files\Common Files\InstallShield\UpdateService\isuspm.exe (InstallShield Software Corporation)
002 C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe (InstallShield Software Corporation)
002 C:\PROGRA~1\VERIZO~1\SMARTB~1\MotiveSB.exe (Motive Communications, Inc.)
002 C:\Program Files\Intel\PROSetWired\NCS\PROSet\PRONoMgr.exe (Intel(R) Corporation)
002 C:\Program Files\QuickTime\qttask.exe (Apple Inc.)
002 C:\Program Files\Real\RealPlayer\RealPlay.exe (RealNetworks, Inc.)
002 * C:\Program Files\SanDisk\Sansa Updater\SansaDispatch.exe (SanDisk Corporation)
002 C:\WINDOWS\SnoopFreeUI.exe (SnoopFree Software)
002 C:\Program Files\Spyware Terminator\SpywareTerminatorShield.exe (Crawler.com)
003 C:\Program Files\filehippo.com\UpdateChecker.exe (FileHippo.com)
003 C:\Documents and Settings\Lynn1\Lynn1.exe
003 C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe (Safer-Networking Ltd.)
003 C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe (SUPERAntiSpyware.com)
004 C:\Program Files\Yahoo!\Widgets\YahooWidgets.exe (Yahoo! Inc.)
005 C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe (Adobe Systems Incorporated)
005 C:\Program Files\Digital Line Detect\DLG.exe (BVRP Software)
005 C:\Program Files\Dell Photo Printer 720\dlbcserv.exe
005 C:\Program Files\Verizon Online\bin\matcli.exe (Motive Communications, Inc.)
010 * C:\Program Files\AskBarDis\bar\bin\AskService.exe (ASKService)
010 * C:\Program Files\Alwil Software\Avast4\ashServ.exe (avast! Antivirus)
010 * C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe (avast! iAVS4 Control Service)
010 * C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe (avast! Mail Scanner)
010 * C:\Program Files\Alwil Software\Avast4\ashWebSv.exe (avast! Web Scanner)
010 C:\WINDOWS\System32\wltrysvc.exe (Dell Wireless WLAN Tray Service)
010 C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe (InstallDriver Table Manager)
010 C:\Program Files\Intel\PROSetWired\NCS\Sync\NetSvc.exe (Intel NCS NetService)
010 C:\Program Files\Dell\NICCONFIGSVC\NICCONFIGSVC.exe (NICCONFIGSVC)
010 C:\WINDOWS\System32\SnoopFreeSvc.exe (Snoop Free Service)
010 C:\Program Files\Spyware Terminator\sp_rsser.exe (Spyware Terminator Realtime Shield Service)
011 C:\WINDOWS\system32\DRIVERS\AegisP.sys (AEGIS Protocol (IEEE 802.1x) v3.2.0.3)
011 C:\Program Files\Dell\NICCONFIGSVC\Appdrv.sys (Appdrv)
011 C:\WINDOWS\system32\drivers\ASCTRM.sys (ASCTRM)
011 * C:\WINDOWS\system32\DRIVERS\aswFsBlk.sys (aswFsBlk)
011 * C:\WINDOWS\system32\drivers\aswRdr.sys (aswRdr)
011 * C:\WINDOWS\system32\drivers\Aavmker4.sys (avast! Asynchronous Virus Monitor)
011 * C:\WINDOWS\system32\drivers\aswTdi.sys (avast! Network Shield Support)
011 * C:\WINDOWS\system32\drivers\aswSP.sys (avast! Self Protection)
011 * C:\WINDOWS\system32\drivers\aswMon2.sys (avast! Standard Shield Support)
011 C:\WINDOWS\system32\drivers\drvmcdb.sys (drvmcdb)
011 C:\WINDOWS\system32\drivers\drvnddm.sys (drvnddm)
011 * C:\WINDOWS\System32\Drivers\GEARAspiWDM.sys (GEAR ASPI Filter Driver)
011 C:\WINDOWS\system32\drivers\MCSTRM.sys (MCSTRM)
011 C:\WINDOWS\system32\DRIVERS\omci.sys (OMCI WDM Device Driver)
011 C:\WINDOWS\System32\Drivers\PxHelp20.sys (PxHelp20)
011 C:\Program Files\SUPERAntiSpyware\SASDIFSV.SYS (SASDIFSV)
011 C:\Program Files\SUPERAntiSpyware\SASENUM.SYS (SASENUM)
011 C:\Program Files\SUPERAntiSpyware\SASKUTIL.sys (SASKUTIL)
011 C:\WINDOWS\System32\Drivers\SnopFree.sys (SnoopFree Driver)
011 C:\WINDOWS\system32\drivers\sp_rsdrv2.sys (Spyware Terminator Driver 2)
011 C:\WINDOWS\system32\drivers\sscdbhk5.sys (sscdbhk5)
011 C:\WINDOWS\system32\drivers\ssrtln.sys (ssrtln)
011 C:\WINDOWS\system32\dla\tfsnboio.sys (tfsnboio)
011 C:\WINDOWS\system32\dla\tfsncofs.sys (tfsncofs)
011 C:\WINDOWS\system32\dla\tfsndrct.sys (tfsndrct)
011 C:\WINDOWS\system32\dla\tfsndres.sys (tfsndres)
011 C:\WINDOWS\system32\dla\tfsnifs.sys (tfsnifs)
011 C:\WINDOWS\system32\dla\tfsnopio.sys (tfsnopio)
011 C:\WINDOWS\system32\dla\tfsnpool.sys (tfsnpool)
011 C:\WINDOWS\system32\dla\tfsnudf.sys (tfsnudf)
011 C:\WINDOWS\system32\dla\tfsnudfa.sys (tfsnudfa)
030 C:\WINDOWS\system32\mscoree.dll (Microsoft Corporation) {1E66F26B-79EE-11D2-8710-00C04F79ED0D}
030 C:\WINDOWS\system32\mscoree.dll (Microsoft Corporation) {1E66F26B-79EE-11D2-8710-00C04F79ED0D}
030 C:\WINDOWS\system32\mscoree.dll (Microsoft Corporation) {1E66F26B-79EE-11D2-8710-00C04F79ED0D}
030 * C:\WINDOWS\system32\SHELL32.dll (Microsoft Corporation) {733AC4CB-F1A4-11d0-B951-00A0C90312E1}
031 C:\PROGRA~1\Crawler\Toolbar\ctbr.dll (Crawler.com) {4D25FB7A-8902-4291-960E-9ADA051CFBBF}
035 C:\WINDOWS\system32\mscories.dll (Microsoft Corporation) {89B4C1CD-B018-4511-B0A1-5476DBF70820}
040 C:\PROGRA~1\Crawler\Toolbar\ctbr.dll (Crawler.com) {1CB20BF0-BBAE-40A7-93F4-6435FF3D0411}
041 * C:\Program Files\AskBarDis\bar\bin\askBar1.dll (Ask.com) {3041d03e-fd4b-44e0-b742-2d9b88305f98}
041 C:\PROGRA~1\Crawler\Toolbar\ctbr.dll (Crawler.com) {4B3803EA-5230-4DC3-A7FC-33638F3D3542}
045 C:\PROGRA~1\Crawler\Toolbar\ctbr.dll (Crawler.com) {4B3803EA-5230-4DC3-A7FC-33638F3D3542}
045 * C:\WINDOWS\system32\SHELL32.dll (Microsoft Corporation) {0E5CBF21-D15F-11D0-8301-00AA005B4383}
050 C:\Program Files\SUPERAntiSpyware\SASSEH.DLL (SuperAdBlocker.com) {5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}
050 C:\Program Files\Windows Desktop Search\MSNLNamespaceMgr.dll (Microsoft Corporation) {56F9679E-7826-4C84-81F3-532071A8BCC5}
052 GUID / CLSID not found {7E853D72-626A-48EC-A868-BA8D5E23E045}
052 * C:\Program Files\AskBarDis\bar\bin\askBar1.dll (Ask.com) {201f27d4-3704-41d6-89c1-aa35e39143ed}
052 C:\PROGRA~1\Crawler\Toolbar\ctbr.dll (Crawler.com) {1CB20BF0-BBAE-40A7-93F4-6435FF3D0411}
052 C:\WINDOWS\system32\dla\tfswshx.dll (Sonic Solutions) {5CA3D70E-1895-11CF-8E15-001234567890}
060 * C:\WINDOWS\system32\SHELL32.dll (Microsoft Corporation) {fbeb8a05-beee-4442-804e-409d6c4515e9}
060 * C:\WINDOWS\system32\SHELL32.dll (Microsoft Corporation) {7849596a-48ea-486e-8937-a2a3009f31a9}
061 * C:\Program Files\Alwil Software\Avast4\ashShell.dll (ALWIL Software) {472083B0-C522-11CF-8763-00608CC02F24}
061 C:\WINDOWS\system32\dla\tfswshx.dll (Sonic Solutions) {5CA3D70E-1895-11CF-8E15-001234567890}
061 C:\WINDOWS\system32\mscoree.dll (Microsoft Corporation) {1D2680C9-0E2A-469d-B787-065558BC7D43}
061 C:\WINDOWS\system32\dfshim.dll (Microsoft Corporation) {E37E2028-CE1A-4f42-AF05-6CEABC4E5D75}
061 C:\WINDOWS\system32\dfshim.dll (Microsoft Corporation) {e82a2d71-5b2f-43a0-97b8-81be15854de8}
061 C:\Program Files\Spyware Terminator\sptcontmenu.dll (Crawler.com) {BD88A479-9623-4897-8546-BC62B9628F44}
061 C:\Program Files\Windows Desktop Search\msnlExt.dll (Microsoft Corporation) {13E7F612-F261-4391-BEA2-39DF4F3FA311}
061 C:\Program Files\Windows Desktop Search\OEPH.dll (Microsoft Corporation) {D426CFD0-87FC-4906-98D9-A23F5D515D61}
062 GUID / CLSID not found {7D4D6379-F301-4311-BEBA-E26EB0561882}
062 C:\Program Files\Adobe\Acrobat 7.0\ActiveX\PDFShell.dll (Adobe Systems, Inc.) {F9DB5320-233E-11D1-9F84-707F02C10627}
062 * C:\WINDOWS\system32\SHELL32.dll (Microsoft Corporation) {0D2E74C4-3C34-11d2-A27E-00C04FC30871}
062 * C:\WINDOWS\system32\SHELL32.dll (Microsoft Corporation) {24F14F01-7B1C-11d1-838f-0000F80461CF}
062 * C:\WINDOWS\system32\SHELL32.dll (Microsoft Corporation) {24F14F02-7B1C-11d1-838f-0000F80461CF}
062 * C:\WINDOWS\system32\SHELL32.dll (Microsoft Corporation) {66742402-F9B9-11D1-A202-0000F81FEDEE}
064 * C:\WINDOWS\system32\shell32.dll (Microsoft Corporation)
067 C:\Program Files\SUPERAntiSpyware\SASWINLO.dll (SUPERAntiSpyware.com)
100 CustomizeSearch HKLM : http://dnl.crawler.com/support/sa_customize.aspx?TbId=60341
100 ProxyOverride HKCU : 127.0.0.1;*.local
100 SearchAssistant HKLM : http://www.crawler.com/search/ie.aspx?tb_id=60341
100 SearchUrl HKCU : http://g.msn.com/0SEENUS/SAOS01?FORM=TOOLBR
100 Start Page HKCU : http://www.msn.com/
102 * C:\WINDOWS\system32\SHELL32.dll (Microsoft Corporation) {C4EE31F3-4768-11D2-BE5C-00A0C9A83DA1}
104 C:\WINDOWS\opuc.dll (Microsoft Corporation) {3E68E405-C6DE-49FF-83AE-41EE9F4C36CE}
104 C:\WINDOWS\Downloaded Program Files\SnapfishActivia1000.ocx (Snapfish) {406B5949-7190-4245-91A9-30A17DE16AD0}
104 * C:\WINDOWS\DOWNLO~1\CMAIDCTL.OCX {7FE26BE2-B923-4B41-9834-E84DA1CC1F96}
104 GUID / CLSID not found {8FFBE65D-2C9C-4669-84BD-5829DC0B603C}
104 C:\Program Files\Java\j2re1.4.2_03\bin\npjpi142_03.dll (JavaSoft / Sun Microsystems, Inc.) {CAFEEFAC-0014-0002-0003-ABCDEFFEDCBA}

continued next post

Lisandro · « **Reply #9 on:** April 06, 2009, 01:16:45 AM »

Can you install CCleaner and run it to get rid of temporary files?

lam · « **Reply #10 on:** April 06, 2009, 01:17:03 AM »

last part of runscanner report

105 &Windows Live Search :
105 Crawler Search : tbr:iemenu
105 E&xport to Microsoft Excel :
107 C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
172 C:\WINDOWS\System32\BCMLogon.dll (Broadcom Corporation)
173 * C:\Program Files\Alwil Software\Avast4\ashShell.dll (ALWIL Software) {472083B0-C522-11CF-8763-00608CC02F24}
173 * C:\WINDOWS\system32\SHELL32.dll (Microsoft Corporation) {09799AFB-AD67-11d1-ABCD-00C04FC30936}
173 * C:\WINDOWS\system32\SHELL32.dll (Microsoft Corporation) {A470F8CF-A1E8-4f65-8335-227475AA5C46}
173 C:\Program Files\Spyware Terminator\sptcontmenu.dll (Crawler.com) {BD88A479-9623-4897-8546-BC62B9628F44}
173 * C:\WINDOWS\system32\SHELL32.dll (Microsoft Corporation) Start Menu Pin
173 C:\Program Files\SUPERAntiSpyware\SASCTXMN.DLL (SUPERAntiSpyware.com) SUPERAntiSpyware Context Menu
221 * C:\Program Files\Alwil Software\Avast4\ashShell.dll (ALWIL Software) {472083B0-C522-11CF-8763-00608CC02F24}
221 * C:\WINDOWS\system32\SHELL32.dll (Microsoft Corporation) {09799AFB-AD67-11d1-ABCD-00C04FC30936}
221 * C:\WINDOWS\system32\SHELL32.dll (Microsoft Corporation) {A470F8CF-A1E8-4f65-8335-227475AA5C46}
221 C:\Program Files\Spyware Terminator\sptcontmenu.dll (Crawler.com) {BD88A479-9623-4897-8546-BC62B9628F44}
221 * C:\WINDOWS\system32\SHELL32.dll (Microsoft Corporation) Start Menu Pin
221 C:\Program Files\SUPERAntiSpyware\SASCTXMN.DLL (SUPERAntiSpyware.com) SUPERAntiSpyware Context Menu
223 * C:\WINDOWS\system32\SHELL32.dll (Microsoft Corporation) {7BA4C740-9E81-11CF-99D3-00AA004AE837}
223 C:\Program Files\Spyware Terminator\sptcontmenu.dll (Crawler.com) {BD88A479-9623-4897-8546-BC62B9628F44}
225 * C:\Program Files\Alwil Software\Avast4\ashShell.dll (ALWIL Software) {472083B0-C522-11CF-8763-00608CC02F24}
225 * C:\Program Files\Alwil Software\Avast4\ashShell.dll (ALWIL Software) {472083B0-C522-11CF-8763-00608CC02F24}
225 C:\Program Files\Spyware Terminator\sptcontmenu.dll (Crawler.com) {BD88A479-9623-4897-8546-BC62B9628F44}
225 C:\Program Files\Spyware Terminator\sptcontmenu.dll (Crawler.com) {BD88A479-9623-4897-8546-BC62B9628F44}
227 * C:\WINDOWS\system32\SHELL32.dll (Microsoft Corporation) {A470F8CF-A1E8-4f65-8335-227475AA5C46}
227 C:\Program Files\SUPERAntiSpyware\SASCTXMN.DLL (SUPERAntiSpyware.com) SUPERAntiSpyware Context Menu
229 * C:\WINDOWS\system32\SHELL32.dll (Microsoft Corporation) {D969A300-E7FF-11d0-A93B-00A0C90F2719}
231 GUID / CLSID not found NeroDigitalExt.NeroDigitalColumnHandler
231 C:\Program Files\Adobe\Acrobat 7.0\ActiveX\PDFShell.dll (Adobe Systems, Inc.) PDF Column Info
231 * C:\WINDOWS\system32\SHELL32.dll (Microsoft Corporation)
231 * C:\WINDOWS\system32\SHELL32.dll (Microsoft Corporation)
231 * C:\WINDOWS\system32\SHELL32.dll (Microsoft Corporation)
231 * C:\WINDOWS\system32\SHELL32.dll (Microsoft Corporation)
253 * C:\WINDOWS\system32\SHELL32.dll (Microsoft Corporation)
254 * C:\WINDOWS\system32\shell32.dll (Microsoft Corporation) {217FC9C0-3AEA-1069-A2DB-08002B30309D}

Missing files
-------------
010 C:\Program Files\Common Files\Ahead\Lib\NMIndexingService.exe
011 C:\WINDOWS\system32\drivers\Abiosdsk.sys
011 C:\DOCUME~1\Lynn1\LOCALS~1\Temp\aswArKrn.sys
011 C:\WINDOWS\system32\drivers\Atdisk.sys
011 C:\WINDOWS\system32\drivers\bvrp_pci.sys
011 C:\WINDOWS\system32\drivers\Changer.sys
011 C:\WINDOWS\system32\drivers\lbrtfdc.sys
011 C:\WINDOWS\system32\drivers\PCIDump.sys
011 C:\WINDOWS\system32\drivers\PDCOMP.sys
011 C:\WINDOWS\system32\drivers\PDFRAME.sys
011 C:\WINDOWS\system32\drivers\PDRELI.sys
011 C:\WINDOWS\system32\drivers\PDRFRAME.sys
011 C:\WINDOWS\system32\drivers\Simbad.sys
011 c:\windows\system32\DRIVERS\wanatw4.sys
011 C:\WINDOWS\system32\drivers\WDICA.sys
061 deskpan.dll

Any other suggestions??

lam · « **Reply #11 on:** April 06, 2009, 01:18:07 AM »

I used ccleaner to clear my temp files.

Lisandro · « **Reply #12 on:** April 06, 2009, 01:20:12 AM »

Quote from: lam on April 06, 2009, 01:18:07 AM

I used ccleaner to clear my temp files.

Did you run avast at boot time?

lam · « **Reply #13 on:** April 06, 2009, 01:41:40 AM »

I think I did

I scheduled a boot time scan and the computer rebooted and did the scan. Is that the same thing? Sorry not really knowledgeable about tech stuff

DavidR · « **Reply #14 on:** April 06, 2009, 02:53:05 AM »

Yes, the boot-time scan happens before windows fully starts.

Author Topic: Need win32 gen help (Read 9389 times)

lam

Need win32 gen help

lam

Re: Need win32 gen help

lam

Re: Need win32 gen help

John2009

Re: Need win32 gen help

lam

Re: Need win32 gen help

micky77

Re: Need win32 gen help

Lisandro

Re: Need win32 gen help

lam

Re: Need win32 gen help

lam

Re: Need win32 gen help

Lisandro

Re: Need win32 gen help

lam

Re: Need win32 gen help

lam

Re: Need win32 gen help

Lisandro

Re: Need win32 gen help

lam

Re: Need win32 gen help

DavidR

Re: Need win32 gen help