Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Internet running slowly, spam sending out


  • This topic is locked This topic is locked
22 replies to this topic

#1 richa2002

richa2002

  • Members
  • 49 posts
  • OFFLINE
  •  
  • Local time:10:52 AM

Posted 31 March 2009 - 12:02 PM

The problem I'm having is that my internet is running slowly and I think this is due to a virus sending out spam. I know this because the avast on-access scanner shows spam looking e-mails being sent over certain periods of time. Here's my Malwarebytes Anti-Malware log from 3 hours or so ago where 4 infections were found:
Malwarebytes' Anti-Malware 1.35
Database version: 1920
Windows 5.1.2600 Service Pack 3

31/03/2009 15:49:11
mbam-log-2009-03-31 (15-49-11).txt

Scan type: Full Scan (C:\|L:\|M:\|)
Objects scanned: 1059485
Time elapsed: 5 hour(s), 1 minute(s), 50 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 1
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 3

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
HKEY_LOCAL_MACHINE\SOFTWARE\AGprotect (Malware.Trace) -> Quarantined and deleted successfully.

Registry Values Infected:
(No malicious items detected)

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
(No malicious items detected)

Files Infected:
C:\WINDOWS\SoftwareDistribution\Download\16b2c96a0c41f4dfdb4d3cc228a4f819\wadv07nt.sys (Rootkit.Agent.V) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\dllcache\wadv07nt.sys (Rootkit.Agent.V) -> Quarantined and deleted successfully.
C:\WINDOWS\ServicePackFiles\i386\wadv07nt.sys (Rootkit.Agent.V) -> Quarantined and deleted successfully.

And here's the most recent one which I did a few minutes ago:
Malwarebytes' Anti-Malware 1.35
Database version: 1924
Windows 5.1.2600 Service Pack 3

31/03/2009 17:57:24
mbam-log-2009-03-31 (17-57-24).txt

Scan type: Quick Scan
Objects scanned: 105029
Time elapsed: 10 minute(s), 29 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 1
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 0

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
HKEY_LOCAL_MACHINE\SOFTWARE\AGprotect (Malware.Trace) -> Quarantined and deleted successfully.

Registry Values Infected:
(No malicious items detected)

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
(No malicious items detected)

Files Infected:
(No malicious items detected)

Thanks

BC AdBot (Login to Remove)

 


#2 quietman7

quietman7

    Bleepin' Janitor


  • Global Moderator
  • 51,391 posts
  • ONLINE
  •  
  • Gender:Male
  • Location:Virginia, USA
  • Local time:06:52 AM

Posted 31 March 2009 - 01:27 PM

Lets do another scan to see if we find anything else that MBAM may have missed.

Please download ATF Cleaner by Atribune & save it to your desktop. DO NOT use yet.
alternate download link

Please download and install SUPERAntiSpyware Free
  • Double-click SUPERAntiSypware.exe and use the default settings for installation.
  • An icon will be created on your desktop. Double-click that icon to launch the program.
  • If it will not start, go to Start > All Prgrams > SUPERAntiSpyware and click on Alternate Start.
  • If asked to update the program definitions, click "Yes". If not, update the definitions before scanning by selecting "Check for Updates". (If you encounter any problems while downloading the updates, manually download them from here. Double-click on the hyperlink for Download Installer and save SASDEFINITIONS.EXE to your desktop. Then double-click on SASDEFINITIONS.EXE to install the definitions.)
  • In the Main Menu, click the Preferences... button.
  • Click the "General and Startup" tab, and under Start-up Options, make sure "Start SUPERAntiSpyware when Windows starts" box is unchecked.
  • Click the "Scanning Control" tab, and under Scanner Options, make sure the following are checked (leave all others unchecked):
    • Close browsers before scanning.
    • Scan for tracking cookies.
    • Terminate memory threats before quarantining.
  • Click the "Close" button to leave the control center screen and exit the program.
  • Do not run a scan just yet.
Reboot your computer in "Safe Mode" using the F8 method. To do this, restart your computer and after hearing your computer beep once during startup (but before the Windows icon appears) press the F8 key repeatedly. A menu will appear with several options. Use the arrow keys to navigate and select the option to run Windows in "Safe Mode".

Double-click ATF-Cleaner.exe to run the program.
  • Under Main "Select Files to Delete" choose: Select All.
  • Click the Empty Selected button.
  • If you use Firefox browser click Firefox at the top and choose: Select All
  • Click the Empty Selected button.
    If you would like to keep your saved passwords, please click No at the prompt.
  • If you use Opera browser click Opera at the top and choose: Select All
  • Click the Empty Selected button.
    If you would like to keep your saved passwords, please click No at the prompt.
  • Click Exit on the Main menu to close the program.
Note: On Vista, "Windows Temp" is disabled. To empty "Windows Temp" ATF-Cleaner must be "Run as an Administrator".

Scan with SUPERAntiSpyware as follows:
  • Launch the program and back on the main screen, under "Scan for Harmful Software" click Scan your computer.
  • On the left, make sure you check C:\Fixed Drive.
  • On the right, under "Complete Scan", choose Perform Complete Scan and click "Next".
  • After the scan is complete, a Scan Summary box will appear with potentially harmful items that were detected. Click "OK".
  • Make sure everything has a checkmark next to it and click "Next".
  • A notification will appear that "Quarantine and Removal is Complete". Click "OK" and then click the "Finish" button to return to the main menu.
  • If asked if you want to reboot, click "Yes" and reboot normally.
  • To retrieve the removal information after reboot, launch SUPERAntispyware again.
    • Click Preferences, then click the Statistics/Logs tab.
    • Under Scanner Logs, double-click SUPERAntiSpyware Scan Log.
    • If there are several logs, click the current dated log and press View log. A text file will open in your default text editor.
    • Please copy and paste the Scan Log results in your next reply.
  • Click Close to exit the program.
If you cannot boot into safe mode, then perform your scans in normal mode.
.
.
Windows Insider MVP 2017-2018
Microsoft MVP Reconnect 2016
Microsoft MVP Consumer Security 2007-2015 kO7xOZh.gif
Member of UNITE, Unified Network of Instructors and Trusted Eliminators

If I have been helpful & you'd like to consider a donation, click 38WxTfO.gif

#3 richa2002

richa2002
  • Topic Starter

  • Members
  • 49 posts
  • OFFLINE
  •  
  • Local time:10:52 AM

Posted 01 April 2009 - 03:35 AM

Thanks for you help. Here's the result of the scan:
SUPERAntiSpyware Scan Log
http://www.superantispyware.com

Generated 04/01/2009 at 05:53 AM

Application Version : 4.26.1000

Core Rules Database Version : 3822
Trace Rules Database Version: 1776

Scan type : Complete Scan
Total Scan Time : 06:06:25

Memory items scanned : 292
Memory threats detected : 0
Registry items scanned : 11340
Registry threats detected : 26
File items scanned : 81705
File threats detected : 71

Spyware.WebSearch (WinTools/Huntbar)
HKLM\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_WINTOOLSSVC
HKLM\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_WINTOOLSSVC\0000
HKLM\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_WINTOOLSSVC\0000#Service
HKLM\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_WINTOOLSSVC\0000#Legacy
HKLM\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_WINTOOLSSVC\0000#ConfigFlags
HKLM\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_WINTOOLSSVC\0000#Class
HKLM\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_WINTOOLSSVC\0000#ClassGUID
HKLM\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_WINTOOLSSVC\0000#DeviceDesc

Trojan.Malware
HKCR\MezziaCodec.Chl
HKCR\MezziaCodec.Chl\CLSID

Adware.MyWay
HKCR\TypeLib\{0494D0D0-F8E0-41AD-92A3-14154ECE70AC}
HKCR\TypeLib\{0494D0D0-F8E0-41AD-92A3-14154ECE70AC}\1.0
HKCR\TypeLib\{0494D0D0-F8E0-41AD-92A3-14154ECE70AC}\1.0\0
HKCR\TypeLib\{0494D0D0-F8E0-41AD-92A3-14154ECE70AC}\1.0\0\win32
HKCR\TypeLib\{0494D0D0-F8E0-41AD-92A3-14154ECE70AC}\1.0\FLAGS
HKCR\TypeLib\{0494D0D0-F8E0-41AD-92A3-14154ECE70AC}\1.0\HELPDIR
HKCR\Interface\{0494D0D4-F8E0-41AD-92A3-14154ECE70AC}
HKCR\Interface\{0494D0D4-F8E0-41AD-92A3-14154ECE70AC}\ProxyStubClsid
HKCR\Interface\{0494D0D4-F8E0-41AD-92A3-14154ECE70AC}\ProxyStubClsid32
HKCR\Interface\{0494D0D4-F8E0-41AD-92A3-14154ECE70AC}\TypeLib
HKCR\Interface\{0494D0D4-F8E0-41AD-92A3-14154ECE70AC}\TypeLib#Version
HKCR\Interface\{0494D0D6-F8E0-41AD-92A3-14154ECE70AC}
HKCR\Interface\{0494D0D6-F8E0-41AD-92A3-14154ECE70AC}\ProxyStubClsid
HKCR\Interface\{0494D0D6-F8E0-41AD-92A3-14154ECE70AC}\ProxyStubClsid32
HKCR\Interface\{0494D0D6-F8E0-41AD-92A3-14154ECE70AC}\TypeLib
HKCR\Interface\{0494D0D6-F8E0-41AD-92A3-14154ECE70AC}\TypeLib#Version

Adware.Tracking Cookie
.doubleclick.net [ C:\Documents and Settings\Rodney\Application Data\Mozilla\Firefox\Profiles\7q6pxj3q.default\cookies.txt ]
.mediaplex.com [ C:\Documents and Settings\Rodney\Application Data\Mozilla\Firefox\Profiles\7q6pxj3q.default\cookies.txt ]
.apmebf.com [ C:\Documents and Settings\Rodney\Application Data\Mozilla\Firefox\Profiles\7q6pxj3q.default\cookies.txt ]
.atdmt.com [ C:\Documents and Settings\Rodney\Application Data\Mozilla\Firefox\Profiles\7q6pxj3q.default\cookies.txt ]
.microsoftwindows.112.2o7.net [ C:\Documents and Settings\Rodney\Application Data\Mozilla\Firefox\Profiles\7q6pxj3q.default\cookies.txt ]
.fastclick.net [ C:\Documents and Settings\Rodney\Application Data\Mozilla\Firefox\Profiles\7q6pxj3q.default\cookies.txt ]
.fastclick.net [ C:\Documents and Settings\Rodney\Application Data\Mozilla\Firefox\Profiles\7q6pxj3q.default\cookies.txt ]
.fastclick.net [ C:\Documents and Settings\Rodney\Application Data\Mozilla\Firefox\Profiles\7q6pxj3q.default\cookies.txt ]
ad.yieldmanager.com [ C:\Documents and Settings\Rodney\Application Data\Mozilla\Firefox\Profiles\7q6pxj3q.default\cookies.txt ]
ad.yieldmanager.com [ C:\Documents and Settings\Rodney\Application Data\Mozilla\Firefox\Profiles\7q6pxj3q.default\cookies.txt ]
ad.yieldmanager.com [ C:\Documents and Settings\Rodney\Application Data\Mozilla\Firefox\Profiles\7q6pxj3q.default\cookies.txt ]
.media6degrees.com [ C:\Documents and Settings\Rodney\Application Data\Mozilla\Firefox\Profiles\7q6pxj3q.default\cookies.txt ]
.media6degrees.com [ C:\Documents and Settings\Rodney\Application Data\Mozilla\Firefox\Profiles\7q6pxj3q.default\cookies.txt ]
.media6degrees.com [ C:\Documents and Settings\Rodney\Application Data\Mozilla\Firefox\Profiles\7q6pxj3q.default\cookies.txt ]
.media6degrees.com [ C:\Documents and Settings\Rodney\Application Data\Mozilla\Firefox\Profiles\7q6pxj3q.default\cookies.txt ]
.media6degrees.com [ C:\Documents and Settings\Rodney\Application Data\Mozilla\Firefox\Profiles\7q6pxj3q.default\cookies.txt ]
ad.yieldmanager.com [ C:\Documents and Settings\Rodney\Application Data\Mozilla\Firefox\Profiles\7q6pxj3q.default\cookies.txt ]
www.fpctraffic2.com [ C:\Documents and Settings\Rodney\Application Data\Mozilla\Firefox\Profiles\7q6pxj3q.default\cookies.txt ]
www.fpctraffic2.com [ C:\Documents and Settings\Rodney\Application Data\Mozilla\Firefox\Profiles\7q6pxj3q.default\cookies.txt ]
.adbrite.com [ C:\Documents and Settings\Rodney\Application Data\Mozilla\Firefox\Profiles\7q6pxj3q.default\cookies.txt ]
.adbrite.com [ C:\Documents and Settings\Rodney\Application Data\Mozilla\Firefox\Profiles\7q6pxj3q.default\cookies.txt ]
.adbrite.com [ C:\Documents and Settings\Rodney\Application Data\Mozilla\Firefox\Profiles\7q6pxj3q.default\cookies.txt ]
.adbrite.com [ C:\Documents and Settings\Rodney\Application Data\Mozilla\Firefox\Profiles\7q6pxj3q.default\cookies.txt ]
.revsci.net [ C:\Documents and Settings\Rodney\Application Data\Mozilla\Firefox\Profiles\7q6pxj3q.default\cookies.txt ]
.revsci.net [ C:\Documents and Settings\Rodney\Application Data\Mozilla\Firefox\Profiles\7q6pxj3q.default\cookies.txt ]
.revsci.net [ C:\Documents and Settings\Rodney\Application Data\Mozilla\Firefox\Profiles\7q6pxj3q.default\cookies.txt ]
.revsci.net [ C:\Documents and Settings\Rodney\Application Data\Mozilla\Firefox\Profiles\7q6pxj3q.default\cookies.txt ]
.hearstugo.112.2o7.net [ C:\Documents and Settings\Rodney\Application Data\Mozilla\Firefox\Profiles\7q6pxj3q.default\cookies.txt ]
.imrworldwide.com [ C:\Documents and Settings\Rodney\Application Data\Mozilla\Firefox\Profiles\7q6pxj3q.default\cookies.txt ]
.imrworldwide.com [ C:\Documents and Settings\Rodney\Application Data\Mozilla\Firefox\Profiles\7q6pxj3q.default\cookies.txt ]
.zango.com [ C:\Documents and Settings\Rodney\Application Data\Mozilla\Firefox\Profiles\7q6pxj3q.default\cookies.txt ]
.zedo.com [ C:\Documents and Settings\Rodney\Application Data\Mozilla\Firefox\Profiles\7q6pxj3q.default\cookies.txt ]
.zango.com [ C:\Documents and Settings\Rodney\Application Data\Mozilla\Firefox\Profiles\7q6pxj3q.default\cookies.txt ]
.zango.com [ C:\Documents and Settings\Rodney\Application Data\Mozilla\Firefox\Profiles\7q6pxj3q.default\cookies.txt ]
.yadro.ru [ C:\Documents and Settings\Rodney\Application Data\Mozilla\Firefox\Profiles\7q6pxj3q.default\cookies.txt ]
.yourmedia.com [ C:\Documents and Settings\Rodney\Application Data\Mozilla\Firefox\Profiles\7q6pxj3q.default\cookies.txt ]
.zedo.com [ C:\Documents and Settings\Rodney\Application Data\Mozilla\Firefox\Profiles\7q6pxj3q.default\cookies.txt ]
.www1.addfreestats.com [ C:\Documents and Settings\Rodney\Application Data\Mozilla\Firefox\Profiles\7q6pxj3q.default\cookies.txt ]
.www7.addfreestats.com [ C:\Documents and Settings\Rodney\Application Data\Mozilla\Firefox\Profiles\7q6pxj3q.default\cookies.txt ]
.www.zango.com [ C:\Documents and Settings\Rodney\Application Data\Mozilla\Firefox\Profiles\7q6pxj3q.default\cookies.txt ]
.www8.addfreestats.com [ C:\Documents and Settings\Rodney\Application Data\Mozilla\Firefox\Profiles\7q6pxj3q.default\cookies.txt ]
.www3.addfreestats.com [ C:\Documents and Settings\Rodney\Application Data\Mozilla\Firefox\Profiles\7q6pxj3q.default\cookies.txt ]
.www6.addfreestats.com [ C:\Documents and Settings\Rodney\Application Data\Mozilla\Firefox\Profiles\7q6pxj3q.default\cookies.txt ]
.www4.addfreestats.com [ C:\Documents and Settings\Rodney\Application Data\Mozilla\Firefox\Profiles\7q6pxj3q.default\cookies.txt ]
.xiti.com [ C:\Documents and Settings\Rodney\Application Data\Mozilla\Firefox\Profiles\7q6pxj3q.default\cookies.txt ]
.www5.addfreestats.com [ C:\Documents and Settings\Rodney\Application Data\Mozilla\Firefox\Profiles\7q6pxj3q.default\cookies.txt ]
.www.wessex-trains.com [ C:\Documents and Settings\Rodney\Application Data\Mozilla\Firefox\Profiles\7q6pxj3q.default\cookies.txt ]
.www.wessex-trains.com [ C:\Documents and Settings\Rodney\Application Data\Mozilla\Firefox\Profiles\7q6pxj3q.default\cookies.txt ]
.www.warez-bb.org [ C:\Documents and Settings\Rodney\Application Data\Mozilla\Firefox\Profiles\7q6pxj3q.default\cookies.txt ]
.www.zango.com [ C:\Documents and Settings\Rodney\Application Data\Mozilla\Firefox\Profiles\7q6pxj3q.default\cookies.txt ]
.www.wareznet.net [ C:\Documents and Settings\Rodney\Application Data\Mozilla\Firefox\Profiles\7q6pxj3q.default\cookies.txt ]
.www.stats.tso.co.uk [ C:\Documents and Settings\Rodney\Application Data\Mozilla\Firefox\Profiles\7q6pxj3q.default\cookies.txt ]
.www.railtrack.co.uk [ C:\Documents and Settings\Rodney\Application Data\Mozilla\Firefox\Profiles\7q6pxj3q.default\cookies.txt ]
.www.riverbelle.com [ C:\Documents and Settings\Rodney\Application Data\Mozilla\Firefox\Profiles\7q6pxj3q.default\cookies.txt ]
.www.riverbelle.com [ C:\Documents and Settings\Rodney\Application Data\Mozilla\Firefox\Profiles\7q6pxj3q.default\cookies.txt ]
.www.opentracker.net [ C:\Documents and Settings\Rodney\Application Data\Mozilla\Firefox\Profiles\7q6pxj3q.default\cookies.txt ]
.www.makingtracks-online.co.uk [ C:\Documents and Settings\Rodney\Application Data\Mozilla\Firefox\Profiles\7q6pxj3q.default\cookies.txt ]
.www.googleadservices.com [ C:\Documents and Settings\Rodney\Application Data\Mozilla\Firefox\Profiles\7q6pxj3q.default\cookies.txt ]
.www.googleadservices.com [ C:\Documents and Settings\Rodney\Application Data\Mozilla\Firefox\Profiles\7q6pxj3q.default\cookies.txt ]

#4 quietman7

quietman7

    Bleepin' Janitor


  • Global Moderator
  • 51,391 posts
  • ONLINE
  •  
  • Gender:Male
  • Location:Virginia, USA
  • Local time:06:52 AM

Posted 01 April 2009 - 07:30 AM

How is your computer running now? Are there any more reports/signs of infection?
.
.
Windows Insider MVP 2017-2018
Microsoft MVP Reconnect 2016
Microsoft MVP Consumer Security 2007-2015 kO7xOZh.gif
Member of UNITE, Unified Network of Instructors and Trusted Eliminators

If I have been helpful & you'd like to consider a donation, click 38WxTfO.gif

#5 richa2002

richa2002
  • Topic Starter

  • Members
  • 49 posts
  • OFFLINE
  •  
  • Local time:10:52 AM

Posted 01 April 2009 - 09:21 AM

Unfortunately, my internet does still slow right down when I connect my main computer to the computer and it naturally slows down other computers in the house. When the main computer is disconnected though, other computers return to the expected internet speed.

Thanks if you can help more.

#6 quietman7

quietman7

    Bleepin' Janitor


  • Global Moderator
  • 51,391 posts
  • ONLINE
  •  
  • Gender:Male
  • Location:Virginia, USA
  • Local time:06:52 AM

Posted 01 April 2009 - 09:40 AM

Perform an anti-rootkit (ARK) scan with at least one of the following:Before performing an ARK scan it is recommended to do the following to ensure more accurate results and avoid common issues that may cause false detections.
  • Disconnect from the Internet or physically unplug you Internet cable connection.
  • Clean out your temporary files.
  • Close all open programs, scheduling/updating tasks and background processes that might activate during the scan including the screensaver.
  • Temporarily disable your anti-virus and real-time anti-spyware protection.
  • After starting the scan, do not use the computer until the scan has completed.
  • When finished, re-enable your anti-virus/anti-malware (or reboot) and then you can reconnect to the Internet.
Note: Not all hidden components detected by ARKs are malicious. It is normal for a Firewall, some Anti-virus and Anti-malware software (ProcessGuard, Prevx1, AVG AS), sandboxes, virtual machines and Host based Intrusion Prevention Systems (HIPS) to hook into the OS kernal/SSDT in order to protect your system. SSDT (System Service Descriptor Table) is a table that stores addresses of functions that are used by Windows. Both Legitimate programs and rootkits can hook into and alter this table. You should not be alarmed if you see any hidden entries created by these programs after performing a scan.
.
.
Windows Insider MVP 2017-2018
Microsoft MVP Reconnect 2016
Microsoft MVP Consumer Security 2007-2015 kO7xOZh.gif
Member of UNITE, Unified Network of Instructors and Trusted Eliminators

If I have been helpful & you'd like to consider a donation, click 38WxTfO.gif

#7 kelate

kelate

  • Members
  • 2 posts
  • OFFLINE
  •  
  • Local time:06:52 PM

Posted 01 April 2009 - 12:04 PM

mine is also slow....perhaps it was caused by the confick malware that keeps banging the servers?

#8 quietman7

quietman7

    Bleepin' Janitor


  • Global Moderator
  • 51,391 posts
  • ONLINE
  •  
  • Gender:Male
  • Location:Virginia, USA
  • Local time:06:52 AM

Posted 01 April 2009 - 12:12 PM

Welcome to BC kelate

If you have an issue or problem you would like to discuss, please start your own topic. Doing that will help to avoid the confusion that often occurs when trying to help two or more members at the same time in the same thread. Even if your problem is similar to the original poster's problem, the solution could be different based on the kind of hardware, software, system requirements, etc. you are using and the presence of other malware. Further, posting for assistance in someone else's topic is not considered proper forum etiquette.

Thanks for your cooperation.
The BC Staff
.
.
Windows Insider MVP 2017-2018
Microsoft MVP Reconnect 2016
Microsoft MVP Consumer Security 2007-2015 kO7xOZh.gif
Member of UNITE, Unified Network of Instructors and Trusted Eliminators

If I have been helpful & you'd like to consider a donation, click 38WxTfO.gif

#9 richa2002

richa2002
  • Topic Starter

  • Members
  • 49 posts
  • OFFLINE
  •  
  • Local time:10:52 AM

Posted 01 April 2009 - 12:51 PM

Thanks once again for your help. I tried three out of the four (bottom three) and two produced no result with one producing but I'm not sure it's too relevant:
Avira AntiRootkit Tool - Beta (1.0.1.17)

========================================================================================================
- Scan started 01 April 2009 - 16:54:02
========================================================================================================

--------------------------------------------------------------------------------------------------------
Configuration:
--------------------------------------------------------------------------------------------------------
- [X] Scan files
- [X] Scan registry
- [X] Scan processes
- [ ] Fast scan
- Working disk total size : 596.17 GB
- Working disk free size : 80.43 GB (13 %)
--------------------------------------------------------------------------------------------------------

Results:
Hidden value : HKEY_USERS\S-1-5-21-701479376-2065804727-786531039-1006\Software\SecuROM\License information -> datasecu
Hidden value : HKEY_USERS\S-1-5-21-701479376-2065804727-786531039-1006\Software\SecuROM\License information -> rkeysecu
Hidden value : HKEY_LOCAL_MACHINE\Software\Classes\CLSID\{47629D4B-2AD3-4e50-B716-A66C15C63153}\InprocServer32 -> threadingmodel
Hidden value : HKEY_LOCAL_MACHINE\Software\Classes\CLSID\{47629D4B-2AD3-4e50-B716-A66C15C63153}\InprocServer32 -> cd042efbbd7f7af1647644e76e06692b
Hidden value : HKEY_LOCAL_MACHINE\Software\Classes\CLSID\{604BB98A-A94F-4a5c-A67C-D8D3582C741C}\InprocServer32 -> threadingmodel
Hidden value : HKEY_LOCAL_MACHINE\Software\Classes\CLSID\{604BB98A-A94F-4a5c-A67C-D8D3582C741C}\InprocServer32 -> bca643cdc5c2726b20d2ecedcc62c59b
Hidden value : HKEY_LOCAL_MACHINE\Software\Classes\CLSID\{684373FB-9CD8-4e47-B990-5A4466C16034}\InprocServer32 -> threadingmodel
Hidden value : HKEY_LOCAL_MACHINE\Software\Classes\CLSID\{684373FB-9CD8-4e47-B990-5A4466C16034}\InprocServer32 -> 2c81e34222e8052573023a60d06dd016
Hidden value : HKEY_LOCAL_MACHINE\Software\Classes\CLSID\{74554CCD-F60F-4708-AD98-D0152D08C8B9}\InprocServer32 -> threadingmodel
Hidden value : HKEY_LOCAL_MACHINE\Software\Classes\CLSID\{74554CCD-F60F-4708-AD98-D0152D08C8B9}\InprocServer32 -> 2582ae41fb52324423be06337561aa48
Hidden value : HKEY_LOCAL_MACHINE\Software\Classes\CLSID\{7EB537F9-A916-4339-B91B-DED8E83632C0}\InprocServer32 -> threadingmodel
Hidden value : HKEY_LOCAL_MACHINE\Software\Classes\CLSID\{7EB537F9-A916-4339-B91B-DED8E83632C0}\InprocServer32 -> caaeda5fd7a9ed7697d9686d4b818472
Hidden value : HKEY_LOCAL_MACHINE\Software\Classes\CLSID\{948395E8-7A56-4fb1-843B-3E52D94DB145}\InprocServer32 -> threadingmodel
Hidden value : HKEY_LOCAL_MACHINE\Software\Classes\CLSID\{948395E8-7A56-4fb1-843B-3E52D94DB145}\InprocServer32 -> a4a1bcf2cc2b8bc3716b74b2b4522f5d
Hidden value : HKEY_LOCAL_MACHINE\Software\Classes\CLSID\{AC3ED30B-6F1A-4bfc-A4F6-2EBDCCD34C19}\InprocServer32 -> threadingmodel
Hidden value : HKEY_LOCAL_MACHINE\Software\Classes\CLSID\{AC3ED30B-6F1A-4bfc-A4F6-2EBDCCD34C19}\InprocServer32 -> 4d370831d2c43cd13623e232fed27b7b
Hidden value : HKEY_LOCAL_MACHINE\Software\Classes\CLSID\{DE5654CA-EB84-4df9-915B-37E957082D6D}\InprocServer32 -> threadingmodel
Hidden value : HKEY_LOCAL_MACHINE\Software\Classes\CLSID\{DE5654CA-EB84-4df9-915B-37E957082D6D}\InprocServer32 -> 1d68fe701cdea33e477eb204b76f993d
Hidden value : HKEY_LOCAL_MACHINE\Software\Classes\CLSID\{E39C35E8-7488-4926-92B2-2F94619AC1A5}\InprocServer32 -> threadingmodel
Hidden value : HKEY_LOCAL_MACHINE\Software\Classes\CLSID\{E39C35E8-7488-4926-92B2-2F94619AC1A5}\InprocServer32 -> 1fac81b91d8e3c5aa4b0a51804d844a3
Hidden value : HKEY_LOCAL_MACHINE\Software\Classes\CLSID\{EACAFCE5-B0E2-4288-8073-C02FF9619B6F}\InprocServer32 -> threadingmodel
Hidden value : HKEY_LOCAL_MACHINE\Software\Classes\CLSID\{EACAFCE5-B0E2-4288-8073-C02FF9619B6F}\InprocServer32 -> f5f62a6129303efb32fbe080bb27835b
Hidden value : HKEY_LOCAL_MACHINE\Software\Classes\CLSID\{F8F02ADD-7366-4186-9488-C21CB8B3DCEC}\InprocServer32 -> threadingmodel
Hidden value : HKEY_LOCAL_MACHINE\Software\Classes\CLSID\{F8F02ADD-7366-4186-9488-C21CB8B3DCEC}\InprocServer32 -> fd4e2e1a3940b94dceb5a6a021f2e3c6
Hidden value : HKEY_LOCAL_MACHINE\Software\Classes\CLSID\{FEE45DE2-A467-4bf9-BF2D-1411304BCD84}\InprocServer32 -> threadingmodel
Hidden value : HKEY_LOCAL_MACHINE\Software\Classes\CLSID\{FEE45DE2-A467-4bf9-BF2D-1411304BCD84}\InprocServer32 -> 8a8aec57dd6508a385616fbc86791ec2
Hidden value : HKEY_LOCAL_MACHINE\Software\LicCtrl\LicCtrl\LicCtrl\LicCtrl\E07E2E0BA8832060 -> 1
Hidden value : HKEY_LOCAL_MACHINE\Software\LicCtrl\LicCtrl\LicCtrl\LicCtrl\E07E2E0BA8832060 -> 2
Hidden value : HKEY_LOCAL_MACHINE\Software\LicCtrl\LicCtrl\LicCtrl\LicCtrl\E07E2E0BA8832060 -> 3
Hidden value : HKEY_LOCAL_MACHINE\Software\LicCtrl\LicCtrl\LicCtrl\LicCtrl\E07E2E0BA8832060\812AB6DF785DC81371F7CEBBF3486B36 -> 1
Hidden value : HKEY_LOCAL_MACHINE\Software\LicCtrl\LicCtrl\LicCtrl\LicCtrl\E07E2E0BA8832060\812AB6DF785DC81371F7CEBBF3486B36 -> 2
Hidden value : HKEY_LOCAL_MACHINE\Software\LicCtrl\LicCtrl\LicCtrl\LicCtrl\E07E2E0BA8832060\812AB6DF785DC81371F7CEBBF3486B36 -> 3
Hidden value : HKEY_LOCAL_MACHINE\Software\LicCtrl\LicCtrl\LicCtrl\LicCtrl\E07E2E0BA8832060\812AB6DF785DC81371F7CEBBF3486B36 -> 4
Hidden value : HKEY_LOCAL_MACHINE\Software\LicCtrl\LicCtrl\LicCtrl\LicCtrl\E07E2E0BA8832060\812AB6DF785DC81371F7CEBBF3486B36 -> 5
Hidden value : HKEY_LOCAL_MACHINE\Software\LicCtrl\LicCtrl\LicCtrl\LicCtrl\E07E2E0BA8832060\812AB6DF785DC81371F7CEBBF3486B36 -> 6
Hidden value : HKEY_LOCAL_MACHINE\Software\LicCtrl\LicCtrl\LicCtrl\LicCtrl\E07E2E0BA8832060\812AB6DF785DC81371F7CEBBF3486B36 -> 7
Hidden value : HKEY_LOCAL_MACHINE\Software\LicCtrl\LicCtrl\LicCtrl\LicCtrl\E07E2E0BA8832060\812AB6DF785DC81371F7CEBBF3486B36 -> 8
Hidden value : HKEY_LOCAL_MACHINE\Software\LicCtrl\LicCtrl\LicCtrl\LicCtrl\E07E2E0BA8832060\812AB6DF785DC81371F7CEBBF3486B36 -> 9
Hidden value : HKEY_LOCAL_MACHINE\Software\LicCtrl\LicCtrl\LicCtrl\LicCtrl\E07E2E0BA8832060\812AB6DF785DC81371F7CEBBF3486B36 -> 18
Hidden value : HKEY_LOCAL_MACHINE\Software\LicCtrl\LicCtrl\LicCtrl\LicCtrl\E07E2E0BA8832060\812AB6DF785DC81371F7CEBBF3486B36 -> 10
Hidden value : HKEY_LOCAL_MACHINE\Software\LicCtrl\LicCtrl\LicCtrl\LicCtrl\E07E2E0BA8832060\812AB6DF785DC81371F7CEBBF3486B36 -> 11
Hidden value : HKEY_LOCAL_MACHINE\Software\LicCtrl\LicCtrl\LicCtrl\LicCtrl\E07E2E0BA8832060\812AB6DF785DC81371F7CEBBF3486B36 -> 12
Hidden value : HKEY_LOCAL_MACHINE\Software\LicCtrl\LicCtrl\LicCtrl\LicCtrl\E07E2E0BA8832060\812AB6DF785DC81371F7CEBBF3486B36 -> 13
Hidden value : HKEY_LOCAL_MACHINE\Software\LicCtrl\LicCtrl\LicCtrl\LicCtrl\E07E2E0BA8832060\812AB6DF785DC81371F7CEBBF3486B36 -> 14
Hidden value : HKEY_LOCAL_MACHINE\Software\LicCtrl\LicCtrl\LicCtrl\LicCtrl\E07E2E0BA8832060\812AB6DF785DC81371F7CEBBF3486B36 -> 24
Hidden value : HKEY_LOCAL_MACHINE\Software\LicCtrl\LicCtrl\LicCtrl\LicCtrl\E07E2E0BA8832060\812AB6DF785DC81371F7CEBBF3486B36 -> 26
Hidden value : HKEY_LOCAL_MACHINE\Software\LicCtrl\LicCtrl\LicCtrl\LicCtrl\E07E2E0BA8832060\812AB6DF785DC81371F7CEBBF3486B36 -> 27
Hidden value : HKEY_LOCAL_MACHINE\Software\LicCtrl\LicCtrl\LicCtrl\LicCtrl\E07E2E0BA8832060\812AB6DF785DC81371F7CEBBF3486B36 -> 19
Hidden value : HKEY_LOCAL_MACHINE\Software\LicCtrl\LicCtrl\LicCtrl\LicCtrl\E07E2E0BA8832060\812AB6DF785DC81371F7CEBBF3486B36 -> 22
Hidden value : HKEY_LOCAL_MACHINE\Software\LicCtrl\LicCtrl\LicCtrl\LicCtrl\E07E2E0BA8832060\812AB6DF785DC81371F7CEBBF3486B36 -> 15
Hidden value : HKEY_LOCAL_MACHINE\Software\LicCtrl\LicCtrl\LicCtrl\LicCtrl\E07E2E0BA8832060\BD2C97675F6543DBD20329C28FCDF74C -> 1
Hidden value : HKEY_LOCAL_MACHINE\Software\LicCtrl\LicCtrl\LicCtrl\LicCtrl\E07E2E0BA8832060\BD2C97675F6543DBD20329C28FCDF74C -> 2
Hidden value : HKEY_LOCAL_MACHINE\Software\LicCtrl\LicCtrl\LicCtrl\LicCtrl\E07E2E0BA8832060\BD2C97675F6543DBD20329C28FCDF74C -> 3
Hidden value : HKEY_LOCAL_MACHINE\Software\LicCtrl\LicCtrl\LicCtrl\LicCtrl\E07E2E0BA8832060\BD2C97675F6543DBD20329C28FCDF74C -> 4
Hidden value : HKEY_LOCAL_MACHINE\Software\LicCtrl\LicCtrl\LicCtrl\LicCtrl\E07E2E0BA8832060\BD2C97675F6543DBD20329C28FCDF74C -> 5
Hidden value : HKEY_LOCAL_MACHINE\Software\LicCtrl\LicCtrl\LicCtrl\LicCtrl\E07E2E0BA8832060\BD2C97675F6543DBD20329C28FCDF74C -> 6
Hidden value : HKEY_LOCAL_MACHINE\Software\LicCtrl\LicCtrl\LicCtrl\LicCtrl\E07E2E0BA8832060\BD2C97675F6543DBD20329C28FCDF74C -> 7
Hidden value : HKEY_LOCAL_MACHINE\Software\LicCtrl\LicCtrl\LicCtrl\LicCtrl\E07E2E0BA8832060\BD2C97675F6543DBD20329C28FCDF74C -> 8
Hidden value : HKEY_LOCAL_MACHINE\Software\LicCtrl\LicCtrl\LicCtrl\LicCtrl\E07E2E0BA8832060\BD2C97675F6543DBD20329C28FCDF74C -> 9
Hidden value : HKEY_LOCAL_MACHINE\Software\LicCtrl\LicCtrl\LicCtrl\LicCtrl\E07E2E0BA8832060\BD2C97675F6543DBD20329C28FCDF74C -> 18
Hidden value : HKEY_LOCAL_MACHINE\Software\LicCtrl\LicCtrl\LicCtrl\LicCtrl\E07E2E0BA8832060\BD2C97675F6543DBD20329C28FCDF74C -> 10
Hidden value : HKEY_LOCAL_MACHINE\Software\LicCtrl\LicCtrl\LicCtrl\LicCtrl\E07E2E0BA8832060\BD2C97675F6543DBD20329C28FCDF74C -> 11
Hidden value : HKEY_LOCAL_MACHINE\Software\LicCtrl\LicCtrl\LicCtrl\LicCtrl\E07E2E0BA8832060\BD2C97675F6543DBD20329C28FCDF74C -> 12
Hidden value : HKEY_LOCAL_MACHINE\Software\LicCtrl\LicCtrl\LicCtrl\LicCtrl\E07E2E0BA8832060\BD2C97675F6543DBD20329C28FCDF74C -> 13
Hidden value : HKEY_LOCAL_MACHINE\Software\LicCtrl\LicCtrl\LicCtrl\LicCtrl\E07E2E0BA8832060\BD2C97675F6543DBD20329C28FCDF74C -> 14
Hidden value : HKEY_LOCAL_MACHINE\Software\LicCtrl\LicCtrl\LicCtrl\LicCtrl\E07E2E0BA8832060\BD2C97675F6543DBD20329C28FCDF74C -> 24
Hidden value : HKEY_LOCAL_MACHINE\Software\LicCtrl\LicCtrl\LicCtrl\LicCtrl\E07E2E0BA8832060\BD2C97675F6543DBD20329C28FCDF74C -> 26
Hidden value : HKEY_LOCAL_MACHINE\Software\LicCtrl\LicCtrl\LicCtrl\LicCtrl\E07E2E0BA8832060\BD2C97675F6543DBD20329C28FCDF74C -> 27
Hidden value : HKEY_LOCAL_MACHINE\Software\LicCtrl\LicCtrl\LicCtrl\LicCtrl\E07E2E0BA8832060\BD2C97675F6543DBD20329C28FCDF74C -> 19
Hidden value : HKEY_LOCAL_MACHINE\Software\LicCtrl\LicCtrl\LicCtrl\LicCtrl\E07E2E0BA8832060\BD2C97675F6543DBD20329C28FCDF74C -> 22
Hidden value : HKEY_LOCAL_MACHINE\Software\LicCtrl\LicCtrl\LicCtrl\LicCtrl\E07E2E0BA8832060\D690859E0F7F8CE3B3633A2FCA2A76FF -> 1
Hidden value : HKEY_LOCAL_MACHINE\Software\LicCtrl\LicCtrl\LicCtrl\LicCtrl\E07E2E0BA8832060\D690859E0F7F8CE3B3633A2FCA2A76FF -> 2
Hidden value : HKEY_LOCAL_MACHINE\Software\LicCtrl\LicCtrl\LicCtrl\LicCtrl\E07E2E0BA8832060\D690859E0F7F8CE3B3633A2FCA2A76FF -> 3
Hidden value : HKEY_LOCAL_MACHINE\Software\LicCtrl\LicCtrl\LicCtrl\LicCtrl\E07E2E0BA8832060\D690859E0F7F8CE3B3633A2FCA2A76FF -> 4
Hidden value : HKEY_LOCAL_MACHINE\Software\LicCtrl\LicCtrl\LicCtrl\LicCtrl\E07E2E0BA8832060\D690859E0F7F8CE3B3633A2FCA2A76FF -> 5
Hidden value : HKEY_LOCAL_MACHINE\Software\LicCtrl\LicCtrl\LicCtrl\LicCtrl\E07E2E0BA8832060\D690859E0F7F8CE3B3633A2FCA2A76FF -> 6
Hidden value : HKEY_LOCAL_MACHINE\Software\LicCtrl\LicCtrl\LicCtrl\LicCtrl\E07E2E0BA8832060\D690859E0F7F8CE3B3633A2FCA2A76FF -> 7
Hidden value : HKEY_LOCAL_MACHINE\Software\LicCtrl\LicCtrl\LicCtrl\LicCtrl\E07E2E0BA8832060\D690859E0F7F8CE3B3633A2FCA2A76FF -> 8
Hidden value : HKEY_LOCAL_MACHINE\Software\LicCtrl\LicCtrl\LicCtrl\LicCtrl\E07E2E0BA8832060\D690859E0F7F8CE3B3633A2FCA2A76FF -> 9
Hidden value : HKEY_LOCAL_MACHINE\Software\LicCtrl\LicCtrl\LicCtrl\LicCtrl\E07E2E0BA8832060\D690859E0F7F8CE3B3633A2FCA2A76FF -> 18
Hidden value : HKEY_LOCAL_MACHINE\Software\LicCtrl\LicCtrl\LicCtrl\LicCtrl\E07E2E0BA8832060\D690859E0F7F8CE3B3633A2FCA2A76FF -> 10
Hidden value : HKEY_LOCAL_MACHINE\Software\LicCtrl\LicCtrl\LicCtrl\LicCtrl\E07E2E0BA8832060\D690859E0F7F8CE3B3633A2FCA2A76FF -> 11
Hidden value : HKEY_LOCAL_MACHINE\Software\LicCtrl\LicCtrl\LicCtrl\LicCtrl\E07E2E0BA8832060\D690859E0F7F8CE3B3633A2FCA2A76FF -> 12
Hidden value : HKEY_LOCAL_MACHINE\Software\LicCtrl\LicCtrl\LicCtrl\LicCtrl\E07E2E0BA8832060\D690859E0F7F8CE3B3633A2FCA2A76FF -> 13
Hidden value : HKEY_LOCAL_MACHINE\Software\LicCtrl\LicCtrl\LicCtrl\LicCtrl\E07E2E0BA8832060\D690859E0F7F8CE3B3633A2FCA2A76FF -> 14
Hidden value : HKEY_LOCAL_MACHINE\Software\LicCtrl\LicCtrl\LicCtrl\LicCtrl\E07E2E0BA8832060\D690859E0F7F8CE3B3633A2FCA2A76FF -> 24
Hidden value : HKEY_LOCAL_MACHINE\Software\LicCtrl\LicCtrl\LicCtrl\LicCtrl\E07E2E0BA8832060\D690859E0F7F8CE3B3633A2FCA2A76FF -> 26
Hidden value : HKEY_LOCAL_MACHINE\Software\LicCtrl\LicCtrl\LicCtrl\LicCtrl\E07E2E0BA8832060\D690859E0F7F8CE3B3633A2FCA2A76FF -> 27
Hidden value : HKEY_LOCAL_MACHINE\Software\LicCtrl\LicCtrl\LicCtrl\LicCtrl\E07E2E0BA8832060\D690859E0F7F8CE3B3633A2FCA2A76FF -> 19
Hidden value : HKEY_LOCAL_MACHINE\Software\LicCtrl\LicCtrl\LicCtrl\LicCtrl\E07E2E0BA8832060\D690859E0F7F8CE3B3633A2FCA2A76FF -> 22
Hidden value : HKEY_LOCAL_MACHINE\Software\LicCtrl\LicCtrl\LicCtrl\LicCtrl\E07E2E0BA8832060\D690859E0F7F8CE3B3633A2FCA2A76FF -> 15
Hidden value : HKEY_LOCAL_MACHINE\Software\LicCtrl\LicCtrl\LicCtrl\LicCtrl\E07E2E0BA8832060\E24DE05B514515AA3895F93D301E4A48 -> 1
Hidden value : HKEY_LOCAL_MACHINE\Software\LicCtrl\LicCtrl\LicCtrl\LicCtrl\E07E2E0BA8832060\E24DE05B514515AA3895F93D301E4A48 -> 2
Hidden value : HKEY_LOCAL_MACHINE\Software\LicCtrl\LicCtrl\LicCtrl\LicCtrl\E07E2E0BA8832060\E24DE05B514515AA3895F93D301E4A48 -> 3
Hidden value : HKEY_LOCAL_MACHINE\Software\LicCtrl\LicCtrl\LicCtrl\LicCtrl\E07E2E0BA8832060\E24DE05B514515AA3895F93D301E4A48 -> 4
Hidden value : HKEY_LOCAL_MACHINE\Software\LicCtrl\LicCtrl\LicCtrl\LicCtrl\E07E2E0BA8832060\E24DE05B514515AA3895F93D301E4A48 -> 5
Hidden value : HKEY_LOCAL_MACHINE\Software\LicCtrl\LicCtrl\LicCtrl\LicCtrl\E07E2E0BA8832060\E24DE05B514515AA3895F93D301E4A48 -> 6
Hidden value : HKEY_LOCAL_MACHINE\Software\LicCtrl\LicCtrl\LicCtrl\LicCtrl\E07E2E0BA8832060\E24DE05B514515AA3895F93D301E4A48 -> 7
Hidden value : HKEY_LOCAL_MACHINE\Software\LicCtrl\LicCtrl\LicCtrl\LicCtrl\E07E2E0BA8832060\E24DE05B514515AA3895F93D301E4A48 -> 8
Hidden value : HKEY_LOCAL_MACHINE\Software\LicCtrl\LicCtrl\LicCtrl\LicCtrl\E07E2E0BA8832060\E24DE05B514515AA3895F93D301E4A48 -> 9
Hidden value : HKEY_LOCAL_MACHINE\Software\LicCtrl\LicCtrl\LicCtrl\LicCtrl\E07E2E0BA8832060\E24DE05B514515AA3895F93D301E4A48 -> 18
Hidden value : HKEY_LOCAL_MACHINE\Software\LicCtrl\LicCtrl\LicCtrl\LicCtrl\E07E2E0BA8832060\E24DE05B514515AA3895F93D301E4A48 -> 10
Hidden value : HKEY_LOCAL_MACHINE\Software\LicCtrl\LicCtrl\LicCtrl\LicCtrl\E07E2E0BA8832060\E24DE05B514515AA3895F93D301E4A48 -> 11
Hidden value : HKEY_LOCAL_MACHINE\Software\LicCtrl\LicCtrl\LicCtrl\LicCtrl\E07E2E0BA8832060\E24DE05B514515AA3895F93D301E4A48 -> 12
Hidden value : HKEY_LOCAL_MACHINE\Software\LicCtrl\LicCtrl\LicCtrl\LicCtrl\E07E2E0BA8832060\E24DE05B514515AA3895F93D301E4A48 -> 13
Hidden value : HKEY_LOCAL_MACHINE\Software\LicCtrl\LicCtrl\LicCtrl\LicCtrl\E07E2E0BA8832060\E24DE05B514515AA3895F93D301E4A48 -> 14
Hidden value : HKEY_LOCAL_MACHINE\Software\LicCtrl\LicCtrl\LicCtrl\LicCtrl\E07E2E0BA8832060\E24DE05B514515AA3895F93D301E4A48 -> 24
Hidden value : HKEY_LOCAL_MACHINE\Software\LicCtrl\LicCtrl\LicCtrl\LicCtrl\E07E2E0BA8832060\E24DE05B514515AA3895F93D301E4A48 -> 26
Hidden value : HKEY_LOCAL_MACHINE\Software\LicCtrl\LicCtrl\LicCtrl\LicCtrl\E07E2E0BA8832060\E24DE05B514515AA3895F93D301E4A48 -> 27
Hidden value : HKEY_LOCAL_MACHINE\Software\LicCtrl\LicCtrl\LicCtrl\LicCtrl\E07E2E0BA8832060\E24DE05B514515AA3895F93D301E4A48 -> 19
Hidden value : HKEY_LOCAL_MACHINE\Software\LicCtrl\LicCtrl\LicCtrl\LicCtrl\E07E2E0BA8832060\E24DE05B514515AA3895F93D301E4A48 -> 22
Hidden value : HKEY_LOCAL_MACHINE\Software\LicCtrl\LicCtrl\LicCtrl\LicCtrl\E07E2E0BA8832060\E24DE05B514515AA3895F93D301E4A48 -> 15

--------------------------------------------------------------------------------------------------------
Files: 0/998421
Registry items: 112/873265
Processes: 0/69
Scan time: 00:26:21
--------------------------------------------------------------------------------------------------------
Active processes:
- zasnhjrf.exe (PID 3916) (Avira AntiRootkit Tool - Beta)
- System (PID 4)
- smss.exe (PID 540)
- csrss.exe (PID 1136)
- winlogon.exe (PID 1164)
- services.exe (PID 1208)
- lsass.exe (PID 1224)
- svchost.exe (PID 1432)
- svchost.exe (PID 1508)
- MsMpEng.exe (PID 1548)
- svchost.exe (PID 1588)
- svchost.exe (PID 1620)
- svchost.exe (PID 1688)
- svchost.exe (PID 1744)
- aswUpdSv.exe (PID 1860)
- ashServ.exe (PID 1916)
- spoolsv.exe (PID 320)
- CTAudSvc.exe (PID 444)
- schedul2.exe (PID 588)
- AppleMobileDeviceService.exe (PID 608)
- mDNSResponder.exe (PID 620)
- Crypserv.exe (PID 644)
- jqs.exe (PID 720)
- Runservice.exe (PID 760)
- LVComSer.exe (PID 784)
- LVPrcSrv.exe (PID 804)
- nvsvc32.exe (PID 1024)
- PD91Agent.exe (PID 1116)
- schedul2.exe (PID 1184)
- svchost.exe (PID 1560)
- TrueImageTryStartService.exe (PID 1668)
- GoogleUpdate.exe (PID 2276)
- explorer.exe (PID 2644)
- wmiapsrv.exe (PID 3028)
- wscntfy.exe (PID 3240)
- LVComSer.exe (PID 3328)
- alg.exe (PID 3432)
- VolPanlu.exe (PID 3776)
- DLLML.exe (PID 3788)
- CtHelper.exe (PID 3816)
- SSAAD.exe (PID 3844)
- schedhlp.exe (PID 3880)
- SixEngine.exe (PID 3924)
- schedhlp.exe (PID 3976)
- CTxfispi.exe (PID 2416)
- TimounterMonitor.exe (PID 2556)
- DLACTRLW.EXE (PID 2052)
- Communications_Helper.exe (PID 3576)
- Quickcam.exe (PID 2916)
- jusched.exe (PID 2788)
- iTunesHelper.exe (PID 2616)
- Ctxfihlp.exe (PID 2732)
- rundll32.exe (PID 220)
- svchost.exe (PID 2908)
- MSASCui.exe (PID 3176)
- ashDisp.exe (PID 4060)
- FreeRAM XP Pro.exe (PID 1364)
- COCIManager.exe (PID 4192)
- Skype.exe (PID 4356)
- ctfmon.exe (PID 4432)
- GoogleToolbarNotifier.exe (PID 4468)
- iPodService.exe (PID 4616)
- mcupdate_1238597468.exe (PID 4628)
- fraps.exe (PID 4928)
- MagicDisc.exe (PID 4996)
- msimn.exe (PID 5028)
- SPUVolumeWatcher.exe (PID 5052)
- msmsgs.exe (PID 5180)
- avirarkd.exe (PID 3756)
========================================================================================================
- Scan finished 01 April 2009 - 17:20:23
========================================================================================================

#10 richa2002

richa2002
  • Topic Starter

  • Members
  • 49 posts
  • OFFLINE
  •  
  • Local time:10:52 AM

Posted 01 April 2009 - 01:03 PM

*mistake post*

Edited by richa2002, 01 April 2009 - 01:04 PM.


#11 quietman7

quietman7

    Bleepin' Janitor


  • Global Moderator
  • 51,391 posts
  • ONLINE
  •  
  • Gender:Male
  • Location:Virginia, USA
  • Local time:06:52 AM

Posted 01 April 2009 - 01:21 PM

zasnhjrf.exe <- Go to Jotti's virusscan or VirusTotal. In the "File to upload & scan" box, browse to the location of the suspicious file(s) and submit (upload) it for scanning/analysis.
-- Then post back with the results of the file analysis.

FreeRAM XP Pro.exe <- Remove any third party "Memory Manager" or "Optimizer". Windows XP memory management was designed to make the best use of RAM and these memory management utilities defeat that purpose. They push applications out of RAM into the pagefile, creating holes in the RAM and by doing so, slow down your computer.

jqs.exe <- Java Quick Starter (JQS.exe) adds a service to improve the initial startup time of Java applets and applications but it is not required. To disable the JQS service if you don't want to use it:
  • Go to Start > Control Panel > Java > Advanced > Miscellaneous and uncheck the box for Java Quick Starter.
  • Click Ok and reboot your computer.

.
.
Windows Insider MVP 2017-2018
Microsoft MVP Reconnect 2016
Microsoft MVP Consumer Security 2007-2015 kO7xOZh.gif
Member of UNITE, Unified Network of Instructors and Trusted Eliminators

If I have been helpful & you'd like to consider a donation, click 38WxTfO.gif

#12 richa2002

richa2002
  • Topic Starter

  • Members
  • 49 posts
  • OFFLINE
  •  
  • Local time:10:52 AM

Posted 01 April 2009 - 02:40 PM

Thanks again, I have done everything you suggested. I scanned that file you singled out and it was cleared as being 'OK'.

#13 quietman7

quietman7

    Bleepin' Janitor


  • Global Moderator
  • 51,391 posts
  • ONLINE
  •  
  • Gender:Male
  • Location:Virginia, USA
  • Local time:06:52 AM

Posted 01 April 2009 - 04:59 PM

Are you still having problems?
.
.
Windows Insider MVP 2017-2018
Microsoft MVP Reconnect 2016
Microsoft MVP Consumer Security 2007-2015 kO7xOZh.gif
Member of UNITE, Unified Network of Instructors and Trusted Eliminators

If I have been helpful & you'd like to consider a donation, click 38WxTfO.gif

#14 richa2002

richa2002
  • Topic Starter

  • Members
  • 49 posts
  • OFFLINE
  •  
  • Local time:10:52 AM

Posted 01 April 2009 - 05:53 PM

Ah yes, I do, sorry for not saying in my earlier post.

#15 quietman7

quietman7

    Bleepin' Janitor


  • Global Moderator
  • 51,391 posts
  • ONLINE
  •  
  • Gender:Male
  • Location:Virginia, USA
  • Local time:06:52 AM

Posted 02 April 2009 - 08:38 AM

If the issues are general slowness, please refer to and try some of the suggestions provided in Slow Computer/Browser? Check here first; it may not be malware.
.
.
Windows Insider MVP 2017-2018
Microsoft MVP Reconnect 2016
Microsoft MVP Consumer Security 2007-2015 kO7xOZh.gif
Member of UNITE, Unified Network of Instructors and Trusted Eliminators

If I have been helpful & you'd like to consider a donation, click 38WxTfO.gif




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users