Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Pc Checkup


  • This topic is locked This topic is locked
6 replies to this topic

#1 utopian86

utopian86

  • Members
  • 87 posts
  • OFFLINE
  •  
  • Local time:09:39 AM

Posted 14 March 2008 - 09:39 PM

Hi i'm just doing my pc check up.
Could u help me to check if my pc is in healthy condition?

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 10:30:48 AM, on 3/15/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe
C:\Program Files\Intel\Wireless\Bin\WLKeeper.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\Ati2evxx.exe
c:\program files\common files\logishrd\lvmvfm\LVPrcSrv.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe
C:\Program Files\Intel\Wireless\bin\ZCfgSvc.exe
C:\Program Files\Intel\Wireless\Bin\ifrmewrk.exe
C:\WINDOWS\stsystra.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Program Files\ATI Technologies\ATI.ACE\cli.exe
C:\WINDOWS\system32\dla\tfswctrl.exe
C:\Program Files\Dell\MediaDirect\PCMService.exe
C:\Program Files\Common Files\LogiShrd\LComMgr\Communications_Helper.exe
C:\Program Files\McAfee\MSK\MskAgent.exe
C:\Program Files\SiteAdvisor\6253\SiteAdv.exe
C:\Program Files\Dell\QuickSet\Quickset.exe
C:\Program Files\Dell Support\DSAgnt.exe
C:\Program Files\Rainlendar2\Rainlendar2.exe
C:\Program Files\I8kfanGUI\I8kfanGUI.exe
C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe
C:\Program Files\Digital Line Detect\DLG.exe
C:\PROGRA~1\WIDCOMM\BLUETO~1\BTSTAC~1.EXE
C:\Program Files\WIDCOMM\Bluetooth Software\bin\btwdins.exe
C:\Program Files\Common Files\McAfee\HackerWatch\HWAPI.exe
C:\PROGRA~1\McAfee\MSC\mcmscsvc.exe
c:\program files\common files\mcafee\mna\mcnasvc.exe
C:\PROGRA~1\McAfee\VIRUSS~1\mcods.exe
C:\PROGRA~1\McAfee\MSC\mcpromgr.exe
c:\PROGRA~1\COMMON~1\mcafee\mcproxy\mcproxy.exe
c:\PROGRA~1\COMMON~1\mcafee\redirsvc\redirsvc.exe
C:\PROGRA~1\McAfee\VIRUSS~1\mcshield.exe
C:\PROGRA~1\McAfee\VIRUSS~1\mcsysmon.exe
C:\Program Files\McAfee\MPF\MPFSrv.exe
C:\PROGRA~1\McAfee\MPS\mps.exe
C:\Program Files\McAfee\MSK\MskSrver.exe
C:\Program Files\McAfee\MPS\mpsevh.exe
C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
C:\Program Files\SiteAdvisor\6253\SAService.exe
C:\WINDOWS\system32\svchost.exe
C:\PROGRA~1\mcafee.com\agent\mcagent.exe
C:\Program Files\MSN Messenger\msnmsgr.exe
C:\PROGRA~1\Intel\Wireless\Bin\Dot1XCfg.exe
C:\Program Files\ATI Technologies\ATI.ACE\cli.exe
C:\Program Files\MSN Messenger\usnsvc.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Winamp\winamp.exe
C:\Program Files\mIRC\mirc.exe
C:\Program Files\World of Warcraft\BackgroundDownloader.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www1.ap.dell.com/content/default.as...;l=en&s=gen
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www1.ap.dell.com/content/default.as...;l=en&s=gen
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www1.ap.dell.com/content/default.as...;l=en&s=gen
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://www1.ap.dell.com/content/default.as...;l=en&s=gen
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {089FD14D-132B-48FC-8861-0048AE113215} - C:\Program Files\SiteAdvisor\6253\SiteAdv.dll
O2 - BHO: flashget urlcatch - {2F364306-AA45-47B5-9F9D-39A8B94E7EF7} - C:\Program Files\FlashGet\jccatch.dll
O2 - BHO: DriveLetterAccess - {5CA3D70E-1895-11CF-8E15-001234567890} - C:\WINDOWS\system32\dla\tfswshx.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O2 - BHO: scriptproxy - {7DB2D5A0-7241-4E79-B68D-6309F01C5231} - c:\PROGRA~1\mcafee\VIRUSS~1\scriptcl.dll
O2 - BHO: FlashGet GetFlash Class - {F156768E-81EF-470C-9057-481BA8380DBA} - C:\Program Files\FlashGet\getflash.dll
O3 - Toolbar: McAfee SiteAdvisor - {0BF43445-2F28-4351-9252-17FE6E806AA0} - C:\Program Files\SiteAdvisor\6253\SiteAdv.dll
O3 - Toolbar: FlashGet - {E0E899AB-F487-11D5-8D29-0050BA6940E3} - C:\Program Files\FlashGet\fgiebar.dll
O4 - HKLM\..\Run: [IMJPMIG8.1] "C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE" /Spoil /RemAdvDef /Migration32
O4 - HKLM\..\Run: [MSPY2002] C:\WINDOWS\system32\IME\PINTLGNT\ImScInst.exe /SYNC
O4 - HKLM\..\Run: [PHIME2002ASync] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /SYNC
O4 - HKLM\..\Run: [PHIME2002A] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /IMEName
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe"
O4 - HKLM\..\Run: [IntelZeroConfig] "C:\Program Files\Intel\Wireless\bin\ZCfgSvc.exe"
O4 - HKLM\..\Run: [IntelWireless] "C:\Program Files\Intel\Wireless\Bin\ifrmewrk.exe" /tf Intel PROSet/Wireless
O4 - HKLM\..\Run: [SigmatelSysTrayApp] stsystra.exe
O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [ATICCC] "C:\Program Files\ATI Technologies\ATI.ACE\cli.exe" runtime -Delay
O4 - HKLM\..\Run: [dla] C:\WINDOWS\system32\dla\tfswctrl.exe
O4 - HKLM\..\Run: [ISUSPM Startup] C:\PROGRA~1\COMMON~1\INSTAL~1\UPDATE~1\ISUSPM.exe -startup
O4 - HKLM\..\Run: [PCMService] "C:\Program Files\Dell\MediaDirect\PCMService.exe"
O4 - HKLM\..\Run: [LogitechCommunicationsManager] "C:\Program Files\Common Files\LogiShrd\LComMgr\Communications_Helper.exe"
O4 - HKLM\..\Run: [MskAgentexe] C:\Program Files\McAfee\MSK\MskAgent.exe
O4 - HKLM\..\Run: [SiteAdvisor] C:\Program Files\SiteAdvisor\6253\SiteAdv.exe
O4 - HKLM\..\Run: [Dell QuickSet] C:\Program Files\Dell\QuickSet\Quickset.exe
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKCU\..\Run: [DellSupport] "C:\Program Files\Dell Support\DSAgnt.exe" /startup
O4 - HKCU\..\Run: [Rainlendar2] C:\Program Files\Rainlendar2\Rainlendar2.exe
O4 - HKCU\..\Run: [i8kfangui] C:\Program Files\I8kfanGUI\I8kfanGUI.exe /startup
O4 - HKCU\..\Run: [CLHomeMediaServer] C:\Program Files\CyberLink\CyberLink Live\CLHomeMediaServer.exe
O4 - HKCU\..\Run: [Skype] "C:\Program Files\Skype\Phone\Skype.exe" /nosplash /minimized
O4 - HKUS\S-1-5-18\..\Run: [PcSync] C:\Program Files\Nokia\Nokia PC Suite 6\PcSync2.exe /NoDialog (User 'SYSTEM')
O4 - HKUS\S-1-5-18\..\Run: [Picasa Media Detector] C:\Program Files\Picasa2\PicasaMediaDetector.exe (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [PcSync] C:\Program Files\Nokia\Nokia PC Suite 6\PcSync2.exe /NoDialog (User 'Default user')
O4 - Global Startup: Bluetooth.lnk = ?
O4 - Global Startup: Digital Line Detect.lnk = ?
O8 - Extra context menu item: &Download All with FlashGet - C:\Program Files\FlashGet\jc_all.htm
O8 - Extra context menu item: &Download with FlashGet - C:\Program Files\FlashGet\jc_link.htm
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~3\OFFICE11\EXCEL.EXE/3000
O8 - Extra context menu item: Send to &Bluetooth Device... - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~3\OFFICE11\REFIEBAR.DLL
O9 - Extra button: FlashGet - {D6E814A0-E0C5-11d4-8D29-0050BA6940E3} - C:\Program Files\FlashGet\FlashGet.exe
O9 - Extra 'Tools' menuitem: FlashGet - {D6E814A0-E0C5-11d4-8D29-0050BA6940E3} - C:\Program Files\FlashGet\FlashGet.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {0E5F0222-96B9-11D3-8997-00104BD12D94} (PCPitstop Utility) - http://www.pcpitstop.com/pcpitstop/PCPitStop.CAB
O16 - DPF: {0EB0E74A-2A76-4AB3-A7FB-9BD8C29F7F75} (CKAVWebScan Object) - http://www.kaspersky.com/kos/eng/partner/d...can_unicode.cab
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
O16 - DPF: {4ED9DDF0-7479-4BBE-9335-5A1EDB1D8A21} (McAfee.com Operating System Class) - http://download.mcafee.com/molbin/shared/m...01/mcinsctl.cab
O16 - DPF: {5D6F45B3-9043-443D-A792-115447494D24} (UnoCtrl Class) - http://messenger.zone.msn.com/EN-MY/a-UNO1/GAME_UNO1.cab
O16 - DPF: {8436FE12-31DB-48BF-83BF-FE682F9160B4} (NanoInstaller Class) - http://www.nanoscan.com/cabs/nanoinst.cab
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://www.nanoscan.com/as/v1/cabs/asinst.cab
O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/Messe...nt.cab56907.cab
O16 - DPF: {EDDA7B3F-CA25-4D98-81AC-8BA0E4AE65F6} (dcCertUtils.clsOperation) - https://ef.hasil.org.my/scrs-lhdn_malay/dcCertUtils.CAB
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: Bluetooth Service (btwdins) - Broadcom Corporation. - C:\Program Files\WIDCOMM\Bluetooth Software\bin\btwdins.exe
O23 - Service: McAfee E-mail Proxy (Emproxy) - McAfee, Inc. - C:\PROGRA~1\COMMON~1\McAfee\EmProxy\emproxy.exe
O23 - Service: Intel® PROSet/Wireless Event Log (EvtEng) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: Process Monitor (LVPrcSrv) - Logitech Inc. - c:\program files\common files\logishrd\lvmvfm\LVPrcSrv.exe
O23 - Service: LVSrvLauncher - Logitech Inc. - C:\Program Files\Common Files\LogiShrd\SrvLnch\SrvLnch.exe
O23 - Service: McAfee HackerWatch Service - McAfee, Inc. - C:\Program Files\Common Files\McAfee\HackerWatch\HWAPI.exe
O23 - Service: McAfee Update Manager (mcmispupdmgr) - McAfee, Inc. - C:\PROGRA~1\McAfee\MSC\mcupdmgr.exe
O23 - Service: McAfee Services (mcmscsvc) - McAfee, Inc. - C:\PROGRA~1\McAfee\MSC\mcmscsvc.exe
O23 - Service: McAfee Network Agent (McNASvc) - McAfee, Inc. - c:\program files\common files\mcafee\mna\mcnasvc.exe
O23 - Service: McAfee Scanner (McODS) - McAfee, Inc. - C:\PROGRA~1\McAfee\VIRUSS~1\mcods.exe
O23 - Service: McAfee Protection Manager (mcpromgr) - McAfee, Inc. - C:\PROGRA~1\McAfee\MSC\mcpromgr.exe
O23 - Service: McAfee Proxy Service (McProxy) - McAfee, Inc. - c:\PROGRA~1\COMMON~1\mcafee\mcproxy\mcproxy.exe
O23 - Service: McAfee Redirector Service (McRedirector) - McAfee, Inc. - c:\PROGRA~1\COMMON~1\mcafee\redirsvc\redirsvc.exe
O23 - Service: McAfee Real-time Scanner (McShield) - McAfee, Inc. - C:\PROGRA~1\McAfee\VIRUSS~1\mcshield.exe
O23 - Service: McAfee SystemGuards (McSysmon) - McAfee, Inc. - C:\PROGRA~1\McAfee\VIRUSS~1\mcsysmon.exe
O23 - Service: McAfee Personal Firewall Service (MpfService) - McAfee, Inc. - C:\Program Files\McAfee\MPF\MPFSrv.exe
O23 - Service: McAfee Privacy Service (MPS9) - McAfee, Inc. - C:\PROGRA~1\McAfee\MPS\mps.exe
O23 - Service: McAfee SpamKiller Service (MSK80Service) - McAfee Inc. - C:\Program Files\McAfee\MSK\MskSrver.exe
O23 - Service: Intel® PROSet/Wireless Registry Service (RegSrvc) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
O23 - Service: Intel® PROSet/Wireless Service (S24EventMonitor) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe
O23 - Service: ServiceLayer - Nokia. - C:\Program Files\PC Connectivity Solution\ServiceLayer.exe
O23 - Service: SiteAdvisor Service - Unknown owner - C:\Program Files\SiteAdvisor\6253\SAService.exe
O23 - Service: Intel® PROSet/Wireless SSO Service (WLANKEEPER) - Intel® Corporation - C:\Program Files\Intel\Wireless\Bin\WLKeeper.exe

--
End of file - 12360 bytes


Edit
Did a scan using the mcafee stinger.


McAfee® Rootkit Detective 1.1 scan report
On 15-03-2008 at 11:00:15
OS-Version 5.1.2600
Service Pack 2.0
====================================

Object-Type: Registry-key
Object-Name: DataAfee® Rootkit Detective 1.1 scan report

Object-Path: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Protected Storage System Provider\*Local Machine*\Data
Status: Hidden

Object-Type: Registry-key
Object-Name: a5c5c2e4-6bee-4ef9-a0f5-f76a07cce771 System Provider\*Local Machine*\Data
Object-Path: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Protected Storage System Provider\*Local Machine*\Data\a5c5c2e4-6bee-4ef9-a0f5-f76a07cce771
Status: Hidden

Object-Type: Registry-key
Object-Name: 00000000-0000-0000-0000-000000000000 System Provider\*Local Machine*\Data\a5c5c2e4-6bee-4ef9-a0f5-f76a07cce771
Object-Path: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Protected Storage System Provider\*Local Machine*\Data\a5c5c2e4-6bee-4ef9-a0f5-f76a07cce771\00000000-0000-0000-0000-000000000000
Status: Hidden

Object-Type: Registry-key
Object-Name: {6340E680-FF06-435f-8767-B79D88AEBD4D}ystem Provider\*Local Machine*\Data\a5c5c2e4-6bee-4ef9-a0f5-f76a07cce771\00000000-0000-0000-0000-000000000000
Object-Path: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Protected Storage System Provider\*Local Machine*\Data\a5c5c2e4-6bee-4ef9-a0f5-f76a07cce771\00000000-0000-0000-0000-000000000000\{6340E680-FF06-435f-8767-B79D88AEBD4D}
Status: Hidden

Object-Type: Registry-value
Object-Name: Item Data
Object-Path: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Protected Storage System Provider\*Local Machine*\Data\a5c5c2e4-6bee-4ef9-a0f5-f76a07cce771\00000000-0000-0000-0000-000000000000\{6340E680-FF06-435f-8767-B79D88AEBD4D}
Status: Hidden

Object-Type: Registry-value
Object-Name: Display String
Object-Path: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Protected Storage System Provider\*Local Machine*\Data\a5c5c2e4-6bee-4ef9-a0f5-f76a07cce771\00000000-0000-0000-0000-000000000000
Status: Hidden

Object-Type: Registry-value
Object-Name: Display String
Object-Path: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Protected Storage System Provider\*Local Machine*\Data\a5c5c2e4-6bee-4ef9-a0f5-f76a07cce771
Status: Hidden

Object-Type: Registry-key
Object-Name: Data 2RE\Microsoft\Protected Storage System Provider\*Local Machine*\Data\a5c5c2e4-6bee-4ef9-a0f5-f76a07cce771
Object-Path: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Protected Storage System Provider\*Local Machine*\Data 2
Status: Hidden

Object-Type: Registry-key
Object-Name: WindowsE\Microsoft\Protected Storage System Provider\*Local Machine*\Data 2
Object-Path: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Protected Storage System Provider\*Local Machine*\Data 2\Windows
Status: Hidden

Object-Type: Registry-value
Object-Name: Value
Object-Path: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Protected Storage System Provider\*Local Machine*\Data 2\Windows
Status: Hidden

Object-Type: Process
Object-Name: ati2evxx.exe
Pid: 712
Object-Path: C:\WINDOWS\system32\Ati2evxx.exe
Status: Visible

Object-Type: Process
Object-Name: HWAPI.exe
Pid: 3316
Object-Path: C:\Program Files\Common Files\McAfee\HackerWatch\HWAPI.exe
Status: Visible

Object-Type: Process
Object-Name: System Idle Process
Pid: 0
Object-Path:
Status: Visible

Object-Type: Process
Object-Name: winlogon.exe
Pid: 992
Object-Path: C:\WINDOWS\system32\winlogon.exe
Status: Visible

Object-Type: Process
Object-Name: svchost.exe
Pid: 1612
Object-Path: C:\WINDOWS\system32\svchost.exe
Status: Visible

Object-Type: Process
Object-Name: WLKEEPER.exe
Pid: 1736
Object-Path: C:\Program Files\Intel\Wireless\Bin\WLKeeper.exe
Status: Visible

Object-Type: Process
Object-Name: spoolsv.exe
Pid: 684
Object-Path: C:\WINDOWS\system32\spoolsv.exe
Status: Visible

Object-Type: Process
Object-Name: mcmscsvc.exe
Pid: 3412
Object-Path: C:\PROGRA~1\McAfee\MSC\mcmscsvc.exe
Status: Visible

Object-Type: Process
Object-Name: mpsevh.exe
Pid: 4032
Object-Path: C:\Program Files\McAfee\MPS\mpsevh.exe
Status: Visible

Object-Type: Process
Object-Name: Dot1XCfg.exe
Pid: 5520
Object-Path: C:\PROGRA~1\Intel\Wireless\Bin\Dot1XCfg.exe
Status: Visible

Object-Type: Process
Object-Name: csrss.exe
Pid: 964
Object-Path: C:\WINDOWS\system32\csrss.exe
Status: Visible

Object-Type: Process
Object-Name: mcsysmon.exe
Pid: 3692
Object-Path: C:\PROGRA~1\McAfee\VIRUSS~1\mcsysmon.exe
Status: Visible

Object-Type: Process
Object-Name: System
Pid: 4
Object-Path:
Status: Visible

Object-Type: Process
Object-Name: ati2evxx.exe
Pid: 1244
Object-Path: C:\WINDOWS\system32\Ati2evxx.exe
Status: Visible

Object-Type: Process
Object-Name: iFrmewrk.exe
Pid: 1492
Object-Path: C:\Program Files\Intel\Wireless\Bin\ifrmewrk.exe
Status: Visible

Object-Type: Process
Object-Name: btwdins.exe
Pid: 3228
Object-Path: C:\Program Files\WIDCOMM\Bluetooth Software\bin\btwdins.exe
Status: Visible

Object-Type: Process
Object-Name: SiteAdv.exe
Pid: 1836
Object-Path: C:\Program Files\SiteAdvisor\6253\SiteAdv.exe
Status: Visible

Object-Type: Process
Object-Name: MpfSrv.exe
Pid: 3760
Object-Path: C:\Program Files\McAfee\MPF\MPFSrv.exe
Status: Visible

Object-Type: Process
Object-Name: SAService.exe
Pid: 164
Object-Path: C:\Program Files\SiteAdvisor\6253\SAService.exe
Status: Visible

Object-Type: Process
Object-Name: BackgroundDownl
Pid: 5248
Object-Path: C:\Program Files\World of Warcraft\BackgroundDownloader.exe
Status: Visible

Object-Type: Process
Object-Name: PCMService.exe
Pid: 1560
Object-Path: C:\Program Files\Dell\MediaDirect\PCMService.exe
Status: Visible

Object-Type: Process
Object-Name: I8kfanGUI.exe
Pid: 724
Object-Path: C:\Program Files\I8kfanGUI\I8kfanGUI.exe
Status: Visible

Object-Type: Process
Object-Name: BTTray.exe
Pid: 1592
Object-Path: C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe
Status: Visible

Object-Type: Process
Object-Name: msksrver.exe
Pid: 3948
Object-Path: C:\Program Files\McAfee\MSK\MskSrver.exe
Status: Visible

Object-Type: Process
Object-Name: RegSrvc.exe
Pid: 4072
Object-Path: C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
Status: Visible

Object-Type: Process
Object-Name: usnsvc.exe
Pid: 2708
Object-Path: C:\Program Files\MSN Messenger\usnsvc.exe
Status: Visible

Object-Type: Process
Object-Name: stsystra.exe
Pid: 1500
Object-Path: C:\WINDOWS\stsystra.exe
Status: Visible

Object-Type: Process
Object-Name: msnmsgr.exe
Pid: 5096
Object-Path: C:\Program Files\MSN Messenger\msnmsgr.exe
Status: Visible

Object-Type: Process
Object-Name: services.exe
Pid: 1036
Object-Path: C:\WINDOWS\system32\services.exe
Status: Visible

Object-Type: Process
Object-Name: explorer.exe
Pid: 912
Object-Path: C:\WINDOWS\Explorer.EXE
Status: Visible

Object-Type: Process
Object-Name: tfswctrl.exe
Pid: 1532
Object-Path: C:\WINDOWS\system32\dla\tfswctrl.exe
Status: Visible

Object-Type: Process
Object-Name: Communications_
Pid: 1656
Object-Path: C:\Program Files\Common Files\LogiShrd\LComMgr\Communications_Helper.exe
Status: Visible

Object-Type: Process
Object-Name: mcpromgr.exe
Pid: 3516
Object-Path: C:\PROGRA~1\McAfee\MSC\mcpromgr.exe
Status: Visible

Object-Type: Process
Object-Name: mps.exe
Pid: 3796
Object-Path: C:\PROGRA~1\McAfee\MPS\mps.exe
Status: Visible

Object-Type: Process
Object-Name: jusched.exe
Pid: 1472
Object-Path: C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe
Status: Visible

Object-Type: Process
Object-Name: LVPrcSrv.exe
Pid: 884
Object-Path: c:\program files\common files\logishrd\lvmvfm\LVPrcSrv.exe
Status: Visible

Object-Type: Process
Object-Name: RedirSvc.exe
Pid: 3612
Object-Path: c:\PROGRA~1\COMMON~1\mcafee\redirsvc\redirsvc.exe
Status: Visible

Object-Type: Process
Object-Name: wmiprvse.exe
Pid: 2744
Object-Path: C:\WINDOWS\system32\wbem\wmiprvse.exe
Status: Visible

Object-Type: Process
Object-Name: winamp.exe
Pid: 264
Object-Path: C:\Program Files\Winamp\winamp.exe
Status: Visible

Object-Type: Process
Object-Name: smss.exe
Pid: 792
Object-Path: C:\WINDOWS\System32\smss.exe
Status: Visible

Object-Type: Process
Object-Name: EvtEng.exe
Pid: 1660
Object-Path: C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
Status: Visible

Object-Type: Process
Object-Name: svchost.exe
Pid: 1908
Object-Path: C:\WINDOWS\system32\svchost.exe
Status: Visible

Object-Type: Process
Object-Name: svchost.exe
Pid: 2064
Object-Path: C:\WINDOWS\system32\svchost.exe
Status: Visible

Object-Type: Process
Object-Name: Rainlendar2.exe
Pid: 484
Object-Path: C:\Program Files\Rainlendar2\Rainlendar2.exe
Status: Visible

Object-Type: Process
Object-Name: DLG.exe
Pid: 1600
Object-Path: C:\Program Files\Digital Line Detect\DLG.exe
Status: Visible

Object-Type: Process
Object-Name: svchost.exe
Pid: 1260
Object-Path: C:\WINDOWS\system32\svchost.exe
Status: Visible

Object-Type: Process
Object-Name: SynTPEnh.exe
Pid: 1508
Object-Path: C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
Status: Visible

Object-Type: Process
Object-Name: quickset.exe
Pid: 1880
Object-Path: C:\Program Files\Dell\QuickSet\Quickset.exe
Status: Visible

Object-Type: Process
Object-Name: BTStackServer.e
Pid: 2128
Object-Path: C:\PROGRA~1\WIDCOMM\BLUETO~1\BTSTAC~1.EXE
Status: Visible

Object-Type: Process
Object-Name: mcods.exe
Pid: 3492
Object-Path: C:\PROGRA~1\McAfee\VIRUSS~1\mcods.exe
Status: Visible

Object-Type: Process
Object-Name: firefox.exe
Pid: 5724
Object-Path: C:\Program Files\Mozilla Firefox\firefox.exe
Status: Visible

Object-Type: Process
Object-Name: svchost.exe
Pid: 1324
Object-Path: C:\WINDOWS\system32\svchost.exe
Status: Visible

Object-Type: Process
Object-Name: svchost.exe
Pid: 1572
Object-Path: C:\WINDOWS\System32\svchost.exe
Status: Visible

Object-Type: Process
Object-Name: svchost.exe
Pid: 332
Object-Path: C:\WINDOWS\system32\svchost.exe
Status: Visible

Object-Type: Process
Object-Name: mskagent.exe
Pid: 1820
Object-Path: C:\Program Files\McAfee\MSK\MskAgent.exe
Status: Visible

Object-Type: Process
Object-Name: McProxy.exe
Pid: 3556
Object-Path: c:\PROGRA~1\COMMON~1\mcafee\mcproxy\mcproxy.exe
Status: Visible

Object-Type: Process
Object-Name: Rootkit_Detecti
Pid: 5820
Object-Path: C:\Documents and Settings\Ian Lau\Desktop\Rootkit_Detective.exe
Status: Visible

Object-Type: Process
Object-Name: CLI.exe
Pid: 5480
Object-Path: C:\Program Files\ATI Technologies\ATI.ACE\cli.exe
Status: Visible

Object-Type: Process
Object-Name: lsass.exe
Pid: 1048
Object-Path: C:\WINDOWS\system32\lsass.exe
Status: Visible

Object-Type: Process
Object-Name: DSAgnt.exe
Pid: 304
Object-Path: C:\Program Files\Dell Support\DSAgnt.exe
Status: Visible

Object-Type: Process
Object-Name: Mcshield.exe
Pid: 3652
Object-Path: C:\PROGRA~1\McAfee\VIRUSS~1\mcshield.exe
Status: Visible

Object-Type: Process
Object-Name: S24EvMon.exe
Pid: 1700
Object-Path: C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe
Status: Visible

Object-Type: Process
Object-Name: McNASvc.exe
Pid: 3436
Object-Path: c:\program files\common files\mcafee\mna\mcnasvc.exe
Status: Visible

Object-Type: Process
Object-Name: ZCfgSvc.exe
Pid: 1484
Object-Path: C:\Program Files\Intel\Wireless\bin\ZCfgSvc.exe
Status: Visible

Object-Type: Process
Object-Name: CLI.exe
Pid: 1516
Object-Path: C:\Program Files\ATI Technologies\ATI.ACE\cli.exe
Status: Visible

Object-Type: Process
Object-Name: mcagent.exe
Pid: 2880
Object-Path: C:\PROGRA~1\mcafee.com\agent\mcagent.exe
Status: Visible

Object-Type: Process
Object-Name: alg.exe
Pid: 5732
Object-Path: C:\WINDOWS\System32\alg.exe
Status: Visible

Scan complete. Hidden registry keys/values: 10
McAfee® Rootkit Detective 1.1 scan report
On 15-03-2008 at 11:05:35
OS-Version 5.1.2600
Service Pack 2.0
====================================

Object-Type: Registry-key
Object-Name: DataAfee® Rootkit Detective 1.1 scan report

Object-Path: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Protected Storage System Provider\*Local Machine*\Data
Status: Hidden

Object-Type: Registry-key
Object-Name: a5c5c2e4-6bee-4ef9-a0f5-f76a07cce771 System Provider\*Local Machine*\Data
Object-Path: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Protected Storage System Provider\*Local Machine*\Data\a5c5c2e4-6bee-4ef9-a0f5-f76a07cce771
Status: Hidden

Object-Type: Registry-key
Object-Name: 00000000-0000-0000-0000-000000000000 System Provider\*Local Machine*\Data\a5c5c2e4-6bee-4ef9-a0f5-f76a07cce771
Object-Path: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Protected Storage System Provider\*Local Machine*\Data\a5c5c2e4-6bee-4ef9-a0f5-f76a07cce771\00000000-0000-0000-0000-000000000000
Status: Hidden

Object-Type: Registry-key
Object-Name: {6340E680-FF06-435f-8767-B79D88AEBD4D}ystem Provider\*Local Machine*\Data\a5c5c2e4-6bee-4ef9-a0f5-f76a07cce771\00000000-0000-0000-0000-000000000000
Object-Path: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Protected Storage System Provider\*Local Machine*\Data\a5c5c2e4-6bee-4ef9-a0f5-f76a07cce771\00000000-0000-0000-0000-000000000000\{6340E680-FF06-435f-8767-B79D88AEBD4D}
Status: Hidden

Object-Type: Registry-value
Object-Name: Item Data
Object-Path: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Protected Storage System Provider\*Local Machine*\Data\a5c5c2e4-6bee-4ef9-a0f5-f76a07cce771\00000000-0000-0000-0000-000000000000\{6340E680-FF06-435f-8767-B79D88AEBD4D}
Status: Hidden

Object-Type: Registry-value
Object-Name: Display String
Object-Path: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Protected Storage System Provider\*Local Machine*\Data\a5c5c2e4-6bee-4ef9-a0f5-f76a07cce771\00000000-0000-0000-0000-000000000000
Status: Hidden

Object-Type: Registry-value
Object-Name: Display String
Object-Path: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Protected Storage System Provider\*Local Machine*\Data\a5c5c2e4-6bee-4ef9-a0f5-f76a07cce771
Status: Hidden

Object-Type: Registry-key
Object-Name: Data 2RE\Microsoft\Protected Storage System Provider\*Local Machine*\Data\a5c5c2e4-6bee-4ef9-a0f5-f76a07cce771
Object-Path: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Protected Storage System Provider\*Local Machine*\Data 2
Status: Hidden

Object-Type: Registry-key
Object-Name: WindowsE\Microsoft\Protected Storage System Provider\*Local Machine*\Data 2
Object-Path: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Protected Storage System Provider\*Local Machine*\Data 2\Windows
Status: Hidden

Object-Type: Registry-value
Object-Name: Value
Object-Path: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Protected Storage System Provider\*Local Machine*\Data 2\Windows
Status: Hidden

Object-Type: Process
Object-Name: ati2evxx.exe
Pid: 712
Object-Path: C:\WINDOWS\system32\Ati2evxx.exe
Status: Visible

Object-Type: Process
Object-Name: HWAPI.exe
Pid: 3316
Object-Path: C:\Program Files\Common Files\McAfee\HackerWatch\HWAPI.exe
Status: Visible

Object-Type: Process
Object-Name: System Idle Process
Pid: 0
Object-Path:
Status: Visible

Object-Type: Process
Object-Name: winlogon.exe
Pid: 992
Object-Path: C:\WINDOWS\system32\winlogon.exe
Status: Visible

Object-Type: Process
Object-Name: svchost.exe
Pid: 1612
Object-Path: C:\WINDOWS\system32\svchost.exe
Status: Visible

Object-Type: Process
Object-Name: WLKEEPER.exe
Pid: 1736
Object-Path: C:\Program Files\Intel\Wireless\Bin\WLKeeper.exe
Status: Visible

Object-Type: Process
Object-Name: spoolsv.exe
Pid: 684
Object-Path: C:\WINDOWS\system32\spoolsv.exe
Status: Visible

Object-Type: Process
Object-Name: mcmscsvc.exe
Pid: 3412
Object-Path: C:\PROGRA~1\McAfee\MSC\mcmscsvc.exe
Status: Visible

Object-Type: Process
Object-Name: mpsevh.exe
Pid: 4032
Object-Path: C:\Program Files\McAfee\MPS\mpsevh.exe
Status: Visible

Object-Type: Process
Object-Name: Dot1XCfg.exe
Pid: 5520
Object-Path: C:\PROGRA~1\Intel\Wireless\Bin\Dot1XCfg.exe
Status: Visible

Object-Type: Process
Object-Name: csrss.exe
Pid: 964
Object-Path: C:\WINDOWS\system32\csrss.exe
Status: Visible

Object-Type: Process
Object-Name: mcsysmon.exe
Pid: 3692
Object-Path: C:\PROGRA~1\McAfee\VIRUSS~1\mcsysmon.exe
Status: Visible

Object-Type: Process
Object-Name: System
Pid: 4
Object-Path:
Status: Visible

Object-Type: Process
Object-Name: ati2evxx.exe
Pid: 1244
Object-Path: C:\WINDOWS\system32\Ati2evxx.exe
Status: Visible

Object-Type: Process
Object-Name: iFrmewrk.exe
Pid: 1492
Object-Path: C:\Program Files\Intel\Wireless\Bin\ifrmewrk.exe
Status: Visible

Object-Type: Process
Object-Name: btwdins.exe
Pid: 3228
Object-Path: C:\Program Files\WIDCOMM\Bluetooth Software\bin\btwdins.exe
Status: Visible

Object-Type: Process
Object-Name: SiteAdv.exe
Pid: 1836
Object-Path: C:\Program Files\SiteAdvisor\6253\SiteAdv.exe
Status: Visible

Object-Type: Process
Object-Name: MpfSrv.exe
Pid: 3760
Object-Path: C:\Program Files\McAfee\MPF\MPFSrv.exe
Status: Visible

Object-Type: Process
Object-Name: SAService.exe
Pid: 164
Object-Path: C:\Program Files\SiteAdvisor\6253\SAService.exe
Status: Visible

Object-Type: Process
Object-Name: BackgroundDownl
Pid: 5248
Object-Path: C:\Program Files\World of Warcraft\BackgroundDownloader.exe
Status: Visible

Object-Type: Process
Object-Name: PCMService.exe
Pid: 1560
Object-Path: C:\Program Files\Dell\MediaDirect\PCMService.exe
Status: Visible

Object-Type: Process
Object-Name: I8kfanGUI.exe
Pid: 724
Object-Path: C:\Program Files\I8kfanGUI\I8kfanGUI.exe
Status: Visible

Object-Type: Process
Object-Name: BTTray.exe
Pid: 1592
Object-Path: C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe
Status: Visible

Object-Type: Process
Object-Name: msksrver.exe
Pid: 3948
Object-Path: C:\Program Files\McAfee\MSK\MskSrver.exe
Status: Visible

Object-Type: Process
Object-Name: RegSrvc.exe
Pid: 4072
Object-Path: C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
Status: Visible

Object-Type: Process
Object-Name: usnsvc.exe
Pid: 2708
Object-Path: C:\Program Files\MSN Messenger\usnsvc.exe
Status: Visible

Object-Type: Process
Object-Name: stsystra.exe
Pid: 1500
Object-Path: C:\WINDOWS\stsystra.exe
Status: Visible

Object-Type: Process
Object-Name: msnmsgr.exe
Pid: 5096
Object-Path: C:\Program Files\MSN Messenger\msnmsgr.exe
Status: Visible

Object-Type: Process
Object-Name: services.exe
Pid: 1036
Object-Path: C:\WINDOWS\system32\services.exe
Status: Visible

Object-Type: Process
Object-Name: explorer.exe
Pid: 912
Object-Path: C:\WINDOWS\Explorer.EXE
Status: Visible

Object-Type: Process
Object-Name: tfswctrl.exe
Pid: 1532
Object-Path: C:\WINDOWS\system32\dla\tfswctrl.exe
Status: Visible

Object-Type: Process
Object-Name: Communications_
Pid: 1656
Object-Path: C:\Program Files\Common Files\LogiShrd\LComMgr\Communications_Helper.exe
Status: Visible

Object-Type: Process
Object-Name: mcpromgr.exe
Pid: 3516
Object-Path: C:\PROGRA~1\McAfee\MSC\mcpromgr.exe
Status: Visible

Object-Type: Process
Object-Name: mps.exe
Pid: 3796
Object-Path: C:\PROGRA~1\McAfee\MPS\mps.exe
Status: Visible

Object-Type: Process
Object-Name: jusched.exe
Pid: 1472
Object-Path: C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe
Status: Visible

Object-Type: Process
Object-Name: LVPrcSrv.exe
Pid: 884
Object-Path: c:\program files\common files\logishrd\lvmvfm\LVPrcSrv.exe
Status: Visible

Object-Type: Process
Object-Name: System
Pid: 3612
Object-Path: c:\PROGRA~1\COMMON~1\mcafee\redirsvc\redirsvc.exe
Status: Visible

Object-Type: Process
Object-Name: wmiprvse.exe
Pid: 2744
Object-Path: C:\WINDOWS\system32\wbem\wmiprvse.exe
Status: Visible

Object-Type: Process
Object-Name: winamp.exe
Pid: 264
Object-Path: C:\Program Files\Winamp\winamp.exe
Status: Visible

Object-Type: Process
Object-Name: smss.exe
Pid: 792
Object-Path: C:\WINDOWS\System32\smss.exe
Status: Visible

Object-Type: Process
Object-Name: EvtEng.exe
Pid: 1660
Object-Path: C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
Status: Visible

Object-Type: Process
Object-Name: svchost.exe
Pid: 1908
Object-Path: C:\WINDOWS\system32\svchost.exe
Status: Visible

Object-Type: Process
Object-Name: svchost.exe
Pid: 2064
Object-Path: C:\WINDOWS\system32\svchost.exe
Status: Visible

Object-Type: Process
Object-Name: Rainlendar2.exe
Pid: 484
Object-Path: C:\Program Files\Rainlendar2\Rainlendar2.exe
Status: Visible

Object-Type: Process
Object-Name: DLG.exe
Pid: 1600
Object-Path: C:\Program Files\Digital Line Detect\DLG.exe
Status: Visible

Object-Type: Process
Object-Name: svchost.exe
Pid: 1260
Object-Path: C:\WINDOWS\system32\svchost.exe
Status: Visible

Object-Type: Process
Object-Name: SynTPEnh.exe
Pid: 1508
Object-Path: C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
Status: Visible

Object-Type: Process
Object-Name: quickset.exe
Pid: 1880
Object-Path: C:\Program Files\Dell\QuickSet\Quickset.exe
Status: Visible

Object-Type: Process
Object-Name: BTStackServer.e
Pid: 2128
Object-Path: C:\PROGRA~1\WIDCOMM\BLUETO~1\BTSTAC~1.EXE
Status: Visible

Object-Type: Process
Object-Name: mcods.exe
Pid: 3492
Object-Path: C:\PROGRA~1\McAfee\VIRUSS~1\mcods.exe
Status: Visible

Object-Type: Process
Object-Name: firefox.exe
Pid: 5724
Object-Path: C:\Program Files\Mozilla Firefox\firefox.exe
Status: Visible

Object-Type: Process
Object-Name: svchost.exe
Pid: 1324
Object-Path: C:\WINDOWS\system32\svchost.exe
Status: Visible

Object-Type: Process
Object-Name: svchost.exe
Pid: 1572
Object-Path: C:\WINDOWS\System32\svchost.exe
Status: Visible

Object-Type: Process
Object-Name: svchost.exe
Pid: 332
Object-Path: C:\WINDOWS\system32\svchost.exe
Status: Visible

Object-Type: Process
Object-Name: mskagent.exe
Pid: 1820
Object-Path: C:\Program Files\McAfee\MSK\MskAgent.exe
Status: Visible

Object-Type: Process
Object-Name: McProxy.exe
Pid: 3556
Object-Path: c:\PROGRA~1\COMMON~1\mcafee\mcproxy\mcproxy.exe
Status: Visible

Object-Type: Process
Object-Name: Rootkit_Detecti
Pid: 5820
Object-Path: C:\Documents and Settings\Ian Lau\Desktop\Rootkit_Detective.exe
Status: Visible

Object-Type: Process
Object-Name: CLI.exe
Pid: 5480
Object-Path: C:\Program Files\ATI Technologies\ATI.ACE\cli.exe
Status: Visible

Object-Type: Process
Object-Name: lsass.exe
Pid: 1048
Object-Path: C:\WINDOWS\system32\lsass.exe
Status: Visible

Object-Type: Process
Object-Name: DSAgnt.exe
Pid: 304
Object-Path: C:\Program Files\Dell Support\DSAgnt.exe
Status: Visible

Object-Type: Process
Object-Name: Mcshield.exe
Pid: 3652
Object-Path: C:\PROGRA~1\McAfee\VIRUSS~1\mcshield.exe
Status: Visible

Object-Type: Process
Object-Name: S24EvMon.exe
Pid: 1700
Object-Path: C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe
Status: Visible

Object-Type: Process
Object-Name: McNASvc.exe
Pid: 3436
Object-Path: c:\program files\common files\mcafee\mna\mcnasvc.exe
Status: Visible

Object-Type: Process
Object-Name: ZCfgSvc.exe
Pid: 1484
Object-Path: C:\Program Files\Intel\Wireless\bin\ZCfgSvc.exe
Status: Visible

Object-Type: Process
Object-Name: CLI.exe
Pid: 1516
Object-Path: C:\Program Files\ATI Technologies\ATI.ACE\cli.exe
Status: Visible

Object-Type: Process
Object-Name: mcagent.exe
Pid: 2880
Object-Path: C:\PROGRA~1\mcafee.com\agent\mcagent.exe
Status: Visible

Object-Type: Process
Object-Name: alg.exe
Pid: 5732
Object-Path: C:\WINDOWS\System32\alg.exe
Status: Visible

Scan complete. Hidden registry keys/values: 10

Edited by utopian86, 14 March 2008 - 10:18 PM.


BC AdBot (Login to Remove)

 


#2 teacup61

teacup61

    Bleepin' Texan!


  • Malware Response Team
  • 17,075 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:Wills Point, Texas
  • Local time:07:39 PM

Posted 19 March 2008 - 02:47 PM

Hello utopian86,

Welcome back to Bleeping Computer :thumbsup:

Sorry about the delay.:blink: If you still need help, please post a new HijackThis log to make sure nothing has changed, and I'll be happy to look at it for you.

Thanks,
tea
Please make a donation so I can keep helping people just like you.
Every little bit helps! :)
You can even use your credit card! Thank you!

Posted Image


Error reading poptart in Drive A: Delete kids y/n?

#3 utopian86

utopian86
  • Topic Starter

  • Members
  • 87 posts
  • OFFLINE
  •  
  • Local time:09:39 AM

Posted 19 March 2008 - 10:35 PM

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 11:30:42 AM, on 3/20/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe
C:\Program Files\Intel\Wireless\Bin\WLKeeper.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
c:\program files\common files\logishrd\lvmvfm\LVPrcSrv.exe
C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe
C:\Program Files\Intel\Wireless\bin\ZCfgSvc.exe
C:\Program Files\Intel\Wireless\Bin\ifrmewrk.exe
C:\WINDOWS\stsystra.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Program Files\ATI Technologies\ATI.ACE\cli.exe
C:\WINDOWS\system32\dla\tfswctrl.exe
C:\Program Files\Dell\MediaDirect\PCMService.exe
C:\Program Files\Common Files\LogiShrd\LComMgr\Communications_Helper.exe
C:\Program Files\McAfee\MSK\MskAgent.exe
C:\Program Files\SiteAdvisor\6253\SiteAdv.exe
C:\Program Files\Dell\QuickSet\Quickset.exe
C:\Program Files\Dell Support\DSAgnt.exe
C:\Program Files\Rainlendar2\Rainlendar2.exe
C:\Program Files\I8kfanGUI\I8kfanGUI.exe
C:\Program Files\Skype\Phone\Skype.exe
C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe
C:\Program Files\Digital Line Detect\DLG.exe
C:\PROGRA~1\WIDCOMM\BLUETO~1\BTSTAC~1.EXE
C:\Program Files\Skype\Plugin Manager\SkypePM.exe
C:\Program Files\WIDCOMM\Bluetooth Software\bin\btwdins.exe
C:\Program Files\Common Files\McAfee\HackerWatch\HWAPI.exe
C:\PROGRA~1\McAfee\MSC\mcmscsvc.exe
c:\program files\common files\mcafee\mna\mcnasvc.exe
C:\PROGRA~1\McAfee\VIRUSS~1\mcods.exe
C:\PROGRA~1\McAfee\MSC\mcpromgr.exe
c:\PROGRA~1\COMMON~1\mcafee\mcproxy\mcproxy.exe
c:\PROGRA~1\COMMON~1\mcafee\redirsvc\redirsvc.exe
C:\PROGRA~1\McAfee\VIRUSS~1\mcshield.exe
C:\PROGRA~1\McAfee\VIRUSS~1\mcsysmon.exe
C:\Program Files\McAfee\MPF\MPFSrv.exe
C:\PROGRA~1\McAfee\MPS\mps.exe
C:\Program Files\McAfee\MSK\MskSrver.exe
C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
C:\Program Files\SiteAdvisor\6253\SAService.exe
C:\Program Files\McAfee\MPS\mpsevh.exe
C:\WINDOWS\system32\svchost.exe
C:\PROGRA~1\mcafee.com\agent\mcagent.exe
C:\PROGRA~1\Intel\Wireless\Bin\Dot1XCfg.exe
C:\Program Files\ATI Technologies\ATI.ACE\cli.exe
C:\Program Files\Windows Live\Messenger\msnmsgr.exe
C:\Program Files\Windows Live\Messenger\usnsvc.exe
C:\Program Files\Winamp\winamp.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www1.ap.dell.com/content/default.as...;l=en&s=gen
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www1.ap.dell.com/content/default.as...;l=en&s=gen
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www1.ap.dell.com/content/default.as...;l=en&s=gen
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://www1.ap.dell.com/content/default.as...;l=en&s=gen
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {089FD14D-132B-48FC-8861-0048AE113215} - C:\Program Files\SiteAdvisor\6253\SiteAdv.dll
O2 - BHO: flashget urlcatch - {2F364306-AA45-47B5-9F9D-39A8B94E7EF7} - C:\Program Files\FlashGet\jccatch.dll
O2 - BHO: DriveLetterAccess - {5CA3D70E-1895-11CF-8E15-001234567890} - C:\WINDOWS\system32\dla\tfswshx.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O2 - BHO: scriptproxy - {7DB2D5A0-7241-4E79-B68D-6309F01C5231} - c:\PROGRA~1\mcafee\VIRUSS~1\scriptcl.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: FlashGet GetFlash Class - {F156768E-81EF-470C-9057-481BA8380DBA} - C:\Program Files\FlashGet\getflash.dll
O3 - Toolbar: McAfee SiteAdvisor - {0BF43445-2F28-4351-9252-17FE6E806AA0} - C:\Program Files\SiteAdvisor\6253\SiteAdv.dll
O3 - Toolbar: FlashGet - {E0E899AB-F487-11D5-8D29-0050BA6940E3} - C:\Program Files\FlashGet\fgiebar.dll
O4 - HKLM\..\Run: [IMJPMIG8.1] "C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE" /Spoil /RemAdvDef /Migration32
O4 - HKLM\..\Run: [MSPY2002] C:\WINDOWS\system32\IME\PINTLGNT\ImScInst.exe /SYNC
O4 - HKLM\..\Run: [PHIME2002ASync] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /SYNC
O4 - HKLM\..\Run: [PHIME2002A] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /IMEName
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe"
O4 - HKLM\..\Run: [IntelZeroConfig] "C:\Program Files\Intel\Wireless\bin\ZCfgSvc.exe"
O4 - HKLM\..\Run: [IntelWireless] "C:\Program Files\Intel\Wireless\Bin\ifrmewrk.exe" /tf Intel PROSet/Wireless
O4 - HKLM\..\Run: [SigmatelSysTrayApp] stsystra.exe
O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [ATICCC] "C:\Program Files\ATI Technologies\ATI.ACE\cli.exe" runtime -Delay
O4 - HKLM\..\Run: [dla] C:\WINDOWS\system32\dla\tfswctrl.exe
O4 - HKLM\..\Run: [ISUSPM Startup] C:\PROGRA~1\COMMON~1\INSTAL~1\UPDATE~1\ISUSPM.exe -startup
O4 - HKLM\..\Run: [PCMService] "C:\Program Files\Dell\MediaDirect\PCMService.exe"
O4 - HKLM\..\Run: [LogitechCommunicationsManager] "C:\Program Files\Common Files\LogiShrd\LComMgr\Communications_Helper.exe"
O4 - HKLM\..\Run: [MskAgentexe] C:\Program Files\McAfee\MSK\MskAgent.exe
O4 - HKLM\..\Run: [SiteAdvisor] C:\Program Files\SiteAdvisor\6253\SiteAdv.exe
O4 - HKLM\..\Run: [Dell QuickSet] C:\Program Files\Dell\QuickSet\Quickset.exe
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKCU\..\Run: [DellSupport] "C:\Program Files\Dell Support\DSAgnt.exe" /startup
O4 - HKCU\..\Run: [Rainlendar2] C:\Program Files\Rainlendar2\Rainlendar2.exe
O4 - HKCU\..\Run: [i8kfangui] C:\Program Files\I8kfanGUI\I8kfanGUI.exe /startup
O4 - HKCU\..\Run: [CLHomeMediaServer] C:\Program Files\CyberLink\CyberLink Live\CLHomeMediaServer.exe
O4 - HKCU\..\Run: [Skype] "C:\Program Files\Skype\Phone\Skype.exe" /nosplash /minimized
O4 - HKUS\S-1-5-18\..\Run: [PcSync] C:\Program Files\Nokia\Nokia PC Suite 6\PcSync2.exe /NoDialog (User 'SYSTEM')
O4 - HKUS\S-1-5-18\..\Run: [Picasa Media Detector] C:\Program Files\Picasa2\PicasaMediaDetector.exe (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [PcSync] C:\Program Files\Nokia\Nokia PC Suite 6\PcSync2.exe /NoDialog (User 'Default user')
O4 - Global Startup: Bluetooth.lnk = ?
O4 - Global Startup: Digital Line Detect.lnk = ?
O8 - Extra context menu item: &Download All with FlashGet - C:\Program Files\FlashGet\jc_all.htm
O8 - Extra context menu item: &Download with FlashGet - C:\Program Files\FlashGet\jc_link.htm
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~3\OFFICE11\EXCEL.EXE/3000
O8 - Extra context menu item: Send to &Bluetooth Device... - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O9 - Extra button: Blog This - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra 'Tools' menuitem: &Blog This in Windows Live Writer - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~3\OFFICE11\REFIEBAR.DLL
O9 - Extra button: FlashGet - {D6E814A0-E0C5-11d4-8D29-0050BA6940E3} - C:\Program Files\FlashGet\FlashGet.exe
O9 - Extra 'Tools' menuitem: FlashGet - {D6E814A0-E0C5-11d4-8D29-0050BA6940E3} - C:\Program Files\FlashGet\FlashGet.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {0E5F0222-96B9-11D3-8997-00104BD12D94} (PCPitstop Utility) - http://www.pcpitstop.com/pcpitstop/PCPitStop.CAB
O16 - DPF: {0EB0E74A-2A76-4AB3-A7FB-9BD8C29F7F75} (CKAVWebScan Object) - http://www.kaspersky.com/kos/eng/partner/d...can_unicode.cab
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
O16 - DPF: {4ED9DDF0-7479-4BBE-9335-5A1EDB1D8A21} (McAfee.com Operating System Class) - http://download.mcafee.com/molbin/shared/m...01/mcinsctl.cab
O16 - DPF: {5D6F45B3-9043-443D-A792-115447494D24} (UnoCtrl Class) - http://messenger.zone.msn.com/EN-MY/a-UNO1/GAME_UNO1.cab
O16 - DPF: {8436FE12-31DB-48BF-83BF-FE682F9160B4} (NanoInstaller Class) - http://www.nanoscan.com/cabs/nanoinst.cab
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://www.nanoscan.com/as/v1/cabs/asinst.cab
O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/Messe...nt.cab56907.cab
O16 - DPF: {EDDA7B3F-CA25-4D98-81AC-8BA0E4AE65F6} (dcCertUtils.clsOperation) - https://ef.hasil.org.my/scrs-lhdn_malay/dcCertUtils.CAB
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: Bluetooth Service (btwdins) - Broadcom Corporation. - C:\Program Files\WIDCOMM\Bluetooth Software\bin\btwdins.exe
O23 - Service: McAfee E-mail Proxy (Emproxy) - McAfee, Inc. - C:\PROGRA~1\COMMON~1\McAfee\EmProxy\emproxy.exe
O23 - Service: Intel® PROSet/Wireless Event Log (EvtEng) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: Process Monitor (LVPrcSrv) - Logitech Inc. - c:\program files\common files\logishrd\lvmvfm\LVPrcSrv.exe
O23 - Service: LVSrvLauncher - Logitech Inc. - C:\Program Files\Common Files\LogiShrd\SrvLnch\SrvLnch.exe
O23 - Service: McAfee HackerWatch Service - McAfee, Inc. - C:\Program Files\Common Files\McAfee\HackerWatch\HWAPI.exe
O23 - Service: McAfee Update Manager (mcmispupdmgr) - McAfee, Inc. - C:\PROGRA~1\McAfee\MSC\mcupdmgr.exe
O23 - Service: McAfee Services (mcmscsvc) - McAfee, Inc. - C:\PROGRA~1\McAfee\MSC\mcmscsvc.exe
O23 - Service: McAfee Network Agent (McNASvc) - McAfee, Inc. - c:\program files\common files\mcafee\mna\mcnasvc.exe
O23 - Service: McAfee Scanner (McODS) - McAfee, Inc. - C:\PROGRA~1\McAfee\VIRUSS~1\mcods.exe
O23 - Service: McAfee Protection Manager (mcpromgr) - McAfee, Inc. - C:\PROGRA~1\McAfee\MSC\mcpromgr.exe
O23 - Service: McAfee Proxy Service (McProxy) - McAfee, Inc. - c:\PROGRA~1\COMMON~1\mcafee\mcproxy\mcproxy.exe
O23 - Service: McAfee Redirector Service (McRedirector) - McAfee, Inc. - c:\PROGRA~1\COMMON~1\mcafee\redirsvc\redirsvc.exe
O23 - Service: McAfee Real-time Scanner (McShield) - McAfee, Inc. - C:\PROGRA~1\McAfee\VIRUSS~1\mcshield.exe
O23 - Service: McAfee SystemGuards (McSysmon) - McAfee, Inc. - C:\PROGRA~1\McAfee\VIRUSS~1\mcsysmon.exe
O23 - Service: McAfee Personal Firewall Service (MpfService) - McAfee, Inc. - C:\Program Files\McAfee\MPF\MPFSrv.exe
O23 - Service: McAfee Privacy Service (MPS9) - McAfee, Inc. - C:\PROGRA~1\McAfee\MPS\mps.exe
O23 - Service: McAfee SpamKiller Service (MSK80Service) - McAfee Inc. - C:\Program Files\McAfee\MSK\MskSrver.exe
O23 - Service: Intel® PROSet/Wireless Registry Service (RegSrvc) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
O23 - Service: Intel® PROSet/Wireless Service (S24EventMonitor) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe
O23 - Service: ServiceLayer - Nokia. - C:\Program Files\PC Connectivity Solution\ServiceLayer.exe
O23 - Service: SiteAdvisor Service - Unknown owner - C:\Program Files\SiteAdvisor\6253\SAService.exe
O23 - Service: Intel® PROSet/Wireless SSO Service (WLANKEEPER) - Intel® Corporation - C:\Program Files\Intel\Wireless\Bin\WLKeeper.exe

--
End of file - 12921 bytes


there u go :thumbsup:

#4 teacup61

teacup61

    Bleepin' Texan!


  • Malware Response Team
  • 17,075 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:Wills Point, Texas
  • Local time:07:39 PM

Posted 19 March 2008 - 10:40 PM

Hi there,

I don't see anything bad going on.....how is it running? :thumbsup:

tea
Please make a donation so I can keep helping people just like you.
Every little bit helps! :)
You can even use your credit card! Thank you!

Posted Image


Error reading poptart in Drive A: Delete kids y/n?

#5 utopian86

utopian86
  • Topic Starter

  • Members
  • 87 posts
  • OFFLINE
  •  
  • Local time:09:39 AM

Posted 20 March 2008 - 02:15 AM

My startup and shut down become slower after i install WOW. I just want to check if the program affect the system or not.

thanks.

#6 teacup61

teacup61

    Bleepin' Texan!


  • Malware Response Team
  • 17,075 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:Wills Point, Texas
  • Local time:07:39 PM

Posted 21 March 2008 - 12:28 PM

If anything is affecting startup, it'll be WOW. As far as malware goes I don't see any. :thumbsup:

Take care!
tea
Please make a donation so I can keep helping people just like you.
Every little bit helps! :)
You can even use your credit card! Thank you!

Posted Image


Error reading poptart in Drive A: Delete kids y/n?

#7 teacup61

teacup61

    Bleepin' Texan!


  • Malware Response Team
  • 17,075 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:Wills Point, Texas
  • Local time:07:39 PM

Posted 31 March 2008 - 03:31 PM

Since this issue appears resolved ... this Topic is closed.

If you need this topic reopened, please request this by sending the moderating team a PM with the address of the thread. This applies only to the original topic starter.

Everyone else please begin a New Topic.
Please make a donation so I can keep helping people just like you.
Every little bit helps! :)
You can even use your credit card! Thank you!

Posted Image


Error reading poptart in Drive A: Delete kids y/n?




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users