# Seemingly Malicious Processes using 100% of CPU



## jbeaoe (Jul 28, 2009)

Summary of problems:

Several days ago, my computer began running very slowly, to the point of essentially not functioning. I opened the Task Manager, and saw two processes, each using approximately 50% of GPU:

UpdDlg.exe
myAgtScv.exe

I terminated the processes, and the computer seemed to return to normal. Results from a Google search appeared to indicate that those processes are part of McAfee, which is my antivirus software. I then noticed that the McAfee icon in the system tray was gray, with a red exclamation mark over it (indicating McAfee was not working properly). I opened McAfee and tried to get it to update itself. An update window opened, but then nothing further happened. The window just froze, and the process "UpdDlg.exe" again appeared, using 50% of CPU and bringing the computer to a crawl.

I tried turning the computer off and back on again, and updating my anti-spyware software (I have SpyBot). Neither of these things helped.

Since then, the following has been happening every time I turn on my computer: when I start the computer, it's extremely slow. I open the Task Manager, and the process "myAgtSvc.exe" is running, usually using 30%-50% of CPU. Other programs won't open, or will only open very slowly. The task bar is usually frozen. I terminate "myAgtScv.exe". After that, the process "XTray.exe" immediately pops up, also using around 50% of CPU. After I terminate it as well, the computer returns to normal, but McAfee remains off. I have tried several times to update McAfee, with the same results as the first time: the window just freezes and does nothing.

I run Windows XP.

Looking around for help, I came across a recommendation to run "netstat -an" in the Windows Command Line. I found a blog entry on how to read the results, but unfortunately I'm still confused. I've copied and pasted the results below.

Also, I have downloaded HiJackThis, and run a scan. The results are below the nstat -an readout.

Thank you for your help.

--

netstat -an results:

Proto Local Address Foreign Address State
TCP 0.0.0.0:135 0.0.0.0:0 LISTENING
TCP 0.0.0.0:445 0.0.0.0:0 LISTENING
TCP 0.0.0.0:990 0.0.0.0:0 LISTENING
TCP 117.8.197.141:1218 64.233.183.17:443 ESTABLISHED
TCP 117.8.197.141:1219 64.233.183.17:443 TIME_WAIT
TCP 117.8.197.141:1226 64.233.183.99:80 TIME_WAIT
TCP 117.8.197.141:1248 64.233.183.99:80 TIME_WAIT
TCP 117.8.197.141:1253 64.233.183.103:80 TIME_WAIT
TCP 117.8.197.141:1261 67.192.230.99:80 TIME_WAIT
TCP 117.8.197.141:1262 67.192.230.99:80 TIME_WAIT
TCP 117.8.197.141:1263 67.192.230.99:80 TIME_WAIT
TCP 117.8.197.141:1264 67.192.230.99:80 TIME_WAIT
TCP 117.8.197.141:1265 67.192.230.99:80 TIME_WAIT
TCP 117.8.197.141:1266 67.192.230.99:80 TIME_WAIT
TCP 117.8.197.141:1267 64.233.183.167:80 TIME_WAIT
TCP 117.8.197.141:1268 208.46.163.75:80 TIME_WAIT
TCP 117.8.197.141:1269 208.46.163.80:80 TIME_WAIT
TCP 117.8.197.141:1270 208.46.163.27:80 TIME_WAIT
TCP 117.8.197.141:1271 203.190.126.131:80 TIME_WAIT
TCP 117.8.197.141:1272 64.233.183.157:80 TIME_WAIT
TCP 117.8.197.141:1273 203.208.39.164:80 TIME_WAIT
TCP 117.8.197.141:1275 203.208.37.22:80 TIME_WAIT
TCP 117.8.197.141:1277 203.208.39.164:80 TIME_WAIT
TCP 117.8.197.141:1278 208.46.163.51:80 TIME_WAIT
TCP 117.8.197.141:1280 98.142.100.40:80 TIME_WAIT
TCP 117.8.197.141:1281 208.46.163.27:80 TIME_WAIT
TCP 117.8.197.141:1283 98.142.100.40:80 TIME_WAIT
TCP 117.8.197.141:1288 64.233.183.96:80 TIME_WAIT
TCP 117.8.197.141:1290 208.46.163.42:80 TIME_WAIT
TCP 117.8.197.141:1291 64.233.183.155:80 TIME_WAIT
TCP 117.8.197.141:1292 64.233.183.154:80 TIME_WAIT
TCP 117.8.197.141:1293 98.142.100.40:80 TIME_WAIT
TCP 117.8.197.141:1294 98.142.100.40:80 TIME_WAIT
TCP 117.8.197.141:1295 98.142.100.40:80 TIME_WAIT
TCP 117.8.197.141:1296 98.142.100.40:80 TIME_WAIT
TCP 117.8.197.141:1297 98.142.100.40:80 TIME_WAIT
TCP 117.8.197.141:1300 208.46.163.75:80 TIME_WAIT
TCP 117.8.197.141:1301 208.46.163.75:80 TIME_WAIT
TCP 117.8.197.141:1302 98.142.100.40:80 TIME_WAIT
TCP 117.8.197.141:1303 98.142.100.40:80 TIME_WAIT
TCP 117.8.197.141:1304 98.142.100.40:80 TIME_WAIT
TCP 117.8.197.141:1305 98.142.100.40:80 TIME_WAIT
TCP 117.8.197.141:1306 98.142.100.40:80 TIME_WAIT
TCP 117.8.197.141:1307 98.142.100.40:80 TIME_WAIT
TCP 117.8.197.141:1308 98.142.100.40:80 TIME_WAIT
TCP 117.8.197.141:1309 98.142.100.40:80 TIME_WAIT
TCP 117.8.197.141:1310 98.142.100.40:80 TIME_WAIT
TCP 117.8.197.141:1311 98.142.100.40:80 TIME_WAIT
TCP 117.8.197.141:1312 208.46.163.32:80 TIME_WAIT
TCP 117.8.197.141:1313 96.17.220.20:80 TIME_WAIT
TCP 117.8.197.141:1314 98.142.100.40:80 TIME_WAIT
TCP 117.8.197.141:1315 207.211.65.22:80 TIME_WAIT
TCP 117.8.197.141:1317 98.142.100.40:80 TIME_WAIT
TCP 117.8.197.141:1318 64.210.61.210:80 TIME_WAIT
TCP 117.8.197.141:1320 124.108.100.226:80 TIME_WAIT
TCP 117.8.197.141:1322 64.233.183.148:80 TIME_WAIT
TCP 117.8.197.141:1323 64.233.183.103:80 ESTABLISHED
TCP 117.8.197.141:1324 216.66.13.34:80 TIME_WAIT
TCP 117.8.197.141:1325 216.66.13.34:80 TIME_WAIT
TCP 117.8.197.141:1326 64.233.183.167:80 TIME_WAIT
TCP 117.8.197.141:1328 64.233.183.154:80 TIME_WAIT
TCP 117.8.197.141:1329 64.233.183.167:80 TIME_WAIT
TCP 117.8.197.141:1330 184.73.213.180:80 TIME_WAIT
TCP 117.8.197.141:1331 64.233.183.157:80 TIME_WAIT
TCP 117.8.197.141:1332 184.73.213.180:80 TIME_WAIT
TCP 117.8.197.141:1333 64.233.183.167:80 TIME_WAIT
TCP 117.8.197.141:1334 64.233.183.157:80 TIME_WAIT
TCP 117.8.197.141:1335 98.142.100.40:80 TIME_WAIT
TCP 117.8.197.141:1336 64.233.183.167:80 TIME_WAIT
TCP 117.8.197.141:1337 203.208.39.164:80 TIME_WAIT
TCP 117.8.197.141:1338 203.208.39.164:80 TIME_WAIT
TCP 117.8.197.141:1339 203.208.39.164:80 TIME_WAIT
TCP 117.8.197.141:1340 203.208.39.164:80 TIME_WAIT
TCP 117.8.197.141:1341 64.233.183.154:80 TIME_WAIT
TCP 117.8.197.141:1342 96.17.220.20:80 TIME_WAIT
TCP 117.8.197.141:1343 64.233.183.148:80 TIME_WAIT
TCP 117.8.197.141:1345 64.233.183.157:80 TIME_WAIT
TCP 117.8.197.141:1346 208.46.163.42:80 TIME_WAIT
TCP 117.8.197.141:1347 208.46.163.42:80 TIME_WAIT
TCP 117.8.197.141:1348 208.46.163.43:80 ESTABLISHED
TCP 117.8.197.141:1349 208.46.163.43:80 ESTABLISHED
TCP 117.8.197.141:1350 208.46.163.43:80 ESTABLISHED
TCP 117.8.197.141:1351 208.46.163.43:80 ESTABLISHED
TCP 117.8.197.141:1352 208.46.163.43:80 ESTABLISHED
TCP 117.8.197.141:1353 208.46.163.43:80 ESTABLISHED
TCP 117.8.197.141:1354 75.125.140.140:80 TIME_WAIT
TCP 117.8.197.141:1357 203.208.37.22:80 TIME_WAIT
TCP 117.8.197.141:1358 203.208.37.22:80 TIME_WAIT
TCP 117.8.197.141:1360 75.125.140.140:80 TIME_WAIT
TCP 117.8.197.141:1362 75.125.140.140:80 TIME_WAIT
TCP 117.8.197.141:1365 207.211.65.22:80 TIME_WAIT
TCP 117.8.197.141:1369 96.17.220.20:80 TIME_WAIT
TCP 117.8.197.141:1370 96.17.220.20:80 TIME_WAIT
TCP 117.8.197.141:1371 96.17.220.20:80 TIME_WAIT
TCP 117.8.197.141:1373 96.6.53.115:80 TIME_WAIT
TCP 117.8.197.141:1379 96.17.220.20:80 TIME_WAIT
TCP 117.8.197.141:1381 203.208.37.22:80 ESTABLISHED
TCP 117.8.197.141:1382 96.6.53.115:80 ESTABLISHED
TCP 117.8.197.141:1384 64.233.183.104:80 ESTABLISHED
TCP 117.8.197.141:1393 64.233.183.17:443 ESTABLISHED
TCP 127.0.0.1:1040 0.0.0.0:0 LISTENING
TCP 127.0.0.1:1069 127.0.0.1:1070 ESTABLISHED
TCP 127.0.0.1:1070 127.0.0.1:1069 ESTABLISHED
TCP 127.0.0.1:1076 127.0.0.1:1077 ESTABLISHED
TCP 127.0.0.1:1077 127.0.0.1:1076 ESTABLISHED
TCP 127.0.0.1:1119 0.0.0.0:0 LISTENING
TCP 127.0.0.1:1119 127.0.0.1:1120 ESTABLISHED
TCP 127.0.0.1:1120 127.0.0.1:1119 ESTABLISHED
TCP 127.0.0.1:5152 0.0.0.0:0 LISTENING
TCP 127.0.0.1:5152 127.0.0.1:1079 CLOSE_WAIT
TCP 127.0.0.1:5354 0.0.0.0:0 LISTENING
TCP 127.0.0.1:5679 0.0.0.0:0 LISTENING
TCP 127.0.0.1:7438 0.0.0.0:0 LISTENING
TCP 127.0.0.1:10001 0.0.0.0:0 LISTENING
TCP 127.0.0.1:27015 0.0.0.0:0 LISTENING
TCP 169.254.228.219:139 0.0.0.0:0 LISTENING
UDP 0.0.0.0:445 *:*
UDP 0.0.0.0:500 *:*
UDP 0.0.0.0:1029 *:*
UDP 0.0.0.0:1032 *:*
UDP 0.0.0.0:1045 *:*
UDP 0.0.0.0:1199 *:*
UDP 0.0.0.0:1240 *:*
UDP 0.0.0.0:4500 *:*
UDP 117.8.197.141:123 *:*
UDP 117.8.197.141:1900 *:*
UDP 127.0.0.1:123 *:*
UDP 127.0.0.1:1028 *:*
UDP 127.0.0.1:1033 *:*
UDP 127.0.0.1:1900 *:*
UDP 169.254.228.219:123 *:*
UDP 169.254.228.219:137 *:*
UDP 169.254.228.219:138 *:*
UDP 169.254.228.219:1900 *:*

HiJackThis scan results:

Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 16:14:32, on 2010-8-8
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v8.00 (8.00.6001.18702)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Google\Update\1.2.183.29\GoogleCrashHandler.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Apoint\Apoint.exe
C:\Program Files\SigmaTel\C-Major Audio\WDM\stsystra.exe
C:\WINDOWS\system32\hkcmd.exe
C:\WINDOWS\system32\igfxpers.exe
C:\Program Files\Java\jre6\bin\jusched.exe
C:\WINDOWS\system32\igfxsrvc.exe
C:\Program Files\Dell\QuickSet\quickset.exe
C:\Program Files\Intel\Wireless\bin\ZCfgSvc.exe
C:\Program Files\Apoint\ApMsgFwd.exe
C:\Program Files\Intel\Wireless\Bin\ifrmewrk.exe
C:\Program Files\Wave Systems Corp\Services Manager\Docmgr\bin\WavXDocMgr.exe
C:\Program Files\Wave Systems Corp\SecureUpgrade.exe
C:\Program Files\Apoint\HidFind.exe
C:\WINDOWS\system32\KADxMain.exe
C:\Program Files\Apoint\Apntex.exe
C:\Program Files\CyberLink\PowerDVD DX\PDVDDXSrv.exe
C:\WINDOWS\system32\conime.exe
C:\Program Files\Google\Google Updater\GoogleUpdater.exe
C:\WINDOWS\system32\Rundll32.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Tencent\QQMusic\QQMusic.exe
C:\Program Files\Common Files\InstallShield\UpdateService\ISUSPM.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
C:\Program Files\Microsoft ActiveSync\Wcescomm.exe
C:\Program Files\Messenger\msmsgs.exe
C:\Program Files\Digital Line Detect\DLG.exe
C:\PROGRA~1\MI3AA1~1\rapimgr.exe
C:\Program Files\McAfee Security Scan\2.0.181\SSScheduler.exe
C:\Program Files\Windows Desktop Search\WindowsSearch.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
C:\Program Files\Broadcom\ASFIPMon\AsfIpMon.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\McAfee\Managed VirusScan\VScan\EngineServer.exe
C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\Program Files\McAfee\SiteAdvisor Enterprise\McSACore.exe
C:\PROGRA~1\McAfee\MANAGE~1\VScan\McShield.exe
C:\Program Files\McAfee\MPF\MPFSrv.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Dell\QuickSet\NICCONFIGSVC.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
C:\Program Files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe
c:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe
C:\WINDOWS\system32\StacSV.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Wave Systems Corp\Trusted Drive Manager\TdmService.exe
C:\Program Files\Viewpoint\Common\ViewpointService.exe
C:\WINDOWS\system32\dllhost.exe
C:\Program Files\Intel\Wireless\Bin\WLKeeper.exe
C:\WINDOWS\system32\SearchIndexer.exe
C:\WINDOWS\system32\wscntfy.exe
C:\WINDOWS\system32\taskmgr.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\WINDOWS\system32\dllhost.exe
C:\Program Files\Intel\Wireless\Bin\Dot1XCfg.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Mozilla Firefox\plugin-container.exe
C:\Documents and Settings\Gandalf\Local Settings\Application Data\Google\Google Talk Plugin\googletalkplugin.exe
C:\Program Files\McAfee\Managed VirusScan\DesktopUI\xtray.exe
C:\WINDOWS\system32\cmd.exe
C:\Program Files\Microsoft Office\Office12\WINWORD.EXE
C:\WINDOWS\system32\msiexec.exe
C:\WINDOWS\system32\SearchProtocolHost.exe
C:\Program Files\Trend Micro\HiJackThis\HiJackThis.exe

R3 - URLSearchHook: (no name) - {DB8B2393-7A6C-4C76-88CE-6B1F6FF6FFE9} - (no file)
O1 - Hosts: 74.125.127.83 gmail.com
O1 - Hosts: 74.125.127.83 www.gmail.com
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - (no file)
O2 - BHO: Search Helper - {6EBF7485-159F-4bff-A14F-B9E3AAC4465B} - C:\Program Files\Microsoft\Search Enhancement Pack\Search Helper\SEPsearchhelperie.dll
O2 - BHO: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre6\bin\ssv.dll
O2 - BHO: scriptproxy - {7DB2D5A0-7241-4E79-B68D-6309F01C5231} - C:\Program Files\McAfee\Managed VirusScan\VScan\ScriptSn.20100803043345.dll
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.1.1309.3572\swg.dll
O2 - BHO: McAfee SiteAdvisor BHO - {B164E929-A1B6-4A06-B104-2CD0E90A88FF} - C:\Program Files\McAfee\SiteAdvisor Enterprise\McIEPlg.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: Windows Live Toolbar Helper - {E15A8DC0-8516-42A1-81EA-DC94EC1ACF10} - C:\Program Files\Windows Live\Toolbar\wltcore.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O3 - Toolbar: &Windows Live Toolbar - {21FA44EF-376D-4D53-9B0F-8A89D3229068} - C:\Program Files\Windows Live\Toolbar\wltcore.dll
O3 - Toolbar: McAfee SiteAdvisor Toolbar - {0EBBBE48-BAD4-4B4C-8E5A-516ABECAE064} - C:\Program Files\McAfee\SiteAdvisor Enterprise\McIEPlg.dll
O4 - HKLM\..\Run: [Apoint] C:\Program Files\Apoint\Apoint.exe
O4 - HKLM\..\Run: [SigmatelSysTrayApp] %ProgramFiles%\SigmaTel\C-Major Audio\WDM\stsystra.exe
O4 - HKLM\..\Run: [IgfxTray] C:\WINDOWS\system32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\system32\hkcmd.exe
O4 - HKLM\..\Run: [Persistence] C:\WINDOWS\system32\igfxpers.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe"
O4 - HKLM\..\Run: [Dell QuickSet] C:\Program Files\Dell\QuickSet\quickset.exe
O4 - HKLM\..\Run: [IntelZeroConfig] "C:\Program Files\Intel\Wireless\bin\ZCfgSvc.exe"
O4 - HKLM\..\Run: [IntelWireless] "C:\Program Files\Intel\Wireless\Bin\ifrmewrk.exe" /tf Intel PROSet/Wireless
O4 - HKLM\..\Run: [WavXMgr] C:\Program Files\Wave Systems Corp\Services Manager\Docmgr\bin\WavXDocMgr.exe
O4 - HKLM\..\Run: [SecureUpgrade] C:\Program Files\Wave Systems Corp\SecureUpgrade.exe
O4 - HKLM\..\Run: [KADxMain] C:\WINDOWS\system32\KADxMain.exe
O4 - HKLM\..\Run: [MVS Splash] "C:\Program Files\McAfee\Managed VirusScan\DesktopUI\XTray.exe" /LOGON
O4 - HKLM\..\Run: [McAfee Managed Services Tray] "C:\Program Files\McAfee\Managed VirusScan\Agent\StartMyagtTry.exe"
O4 - HKLM\..\Run: [PDVDDXSrv] "C:\Program Files\CyberLink\PowerDVD DX\PDVDDXSrv.exe"
O4 - HKLM\..\Run: [IMJPMIG8.1] "C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE" /Spoil /RemAdvDef /Migration32
O4 - HKLM\..\Run: [IMEKRMIG6.1] C:\WINDOWS\ime\imkr6_1\IMEKRMIG.EXE
O4 - HKLM\..\Run: [MSPY2002] C:\WINDOWS\system32\IME\PINTLGNT\ImScInst.exe /SYNC
O4 - HKLM\..\Run: [PHIME2002ASync] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /SYNC
O4 - HKLM\..\Run: [PHIME2002A] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /IMEName
O4 - HKLM\..\Run: [AppleSyncNotifier] C:\Program Files\Common Files\Apple\Mobile Device Support\AppleSyncNotifier.exe
O4 - HKLM\..\Run: [Google Updater] "C:\Program Files\Google\Google Updater\GoogleUpdater.exe" -systray -startup
O4 - HKLM\..\Run: [Microsoft Pinyin IME Migration] C:\PROGRA~1\COMMON~1\MICROS~1\IME12\IMESC\IMSCMIG.EXE /INSTALL
O4 - HKLM\..\Run: [stup.exe] Rundll32.exe C:\PROGRA~1\TENCENT\SSPlus\SPlus.dll,Rundll32 R
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [Adobe ARM] "C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
O4 - HKLM\..\Run: [QQDoctorRTP] "C:\Program Files\Tencent\QQDoctor\QQDoctorRtp.exe" /regrun
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [QQMusic] "C:\Program Files\Tencent\QQMusic\QQMusic.exe" /background
O4 - HKCU\..\Run: [ISUSPM] "C:\Program Files\Common Files\InstallShield\UpdateService\ISUSPM.exe" -scheduler
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
O4 - HKCU\..\Run: [Google Update] "C:\Documents and Settings\Gandalf\Local Settings\Application Data\Google\Update\GoogleUpdate.exe" /c
O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
O4 - HKCU\..\Run: [H/PC Connection Agent] "C:\Program Files\Microsoft ActiveSync\Wcescomm.exe"
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKUS\S-1-5-18\..\RunOnce: [RunNarrator] Narrator.exe (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\RunOnce: [RunNarrator] Narrator.exe (User 'Default user')
O4 - Startup: 腾讯QQ.lnk = C:\Program Files\Tencent\QQ\QQ.exe
O4 - Global Startup: Digital Line Detect.lnk = C:\Program Files\Digital Line Detect\DLG.exe
O4 - Global Startup: McAfee Security Scan Plus.lnk = ?
O4 - Global Startup: Windows Search.lnk = C:\Program Files\Windows Desktop Search\WindowsSearch.exe
O8 - Extra context menu item: Add to Google Photos Screensa&ver - res://C:\WINDOWS\system32\GPhotos.scr/200
O8 - Extra context menu item: 导出到 Microsoft Excel(&X) - res://C:\PROGRA~1\MI1933~1\Office12\EXCEL.EXE/3000
O8 - Extra context menu item: 添加到QQ表情 - C:\Program Files\Tencent\QQ\AddEmotion.htm
O9 - Extra button: Blog This - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra 'Tools' menuitem: &Blog This in Windows Live Writer - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra button: Create Mobile Favorite - {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MI3AA1~1\INetRepl.dll
O9 - Extra button: (no name) - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MI3AA1~1\INetRepl.dll
O9 - Extra 'Tools' menuitem: Create Mobile Favorite... - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MI3AA1~1\INetRepl.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MI1933~1\Office12\REFIEBAR.DLL
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O11 - Options group: [TBH] SOSO AddressBar Search
O15 - Trusted Zone: http://www.ccb.com
O15 - Trusted Zone: http://*.mcafee.com (HKLM)
O15 - Trusted Zone: http://betavscan.mcafeeasap.com (HKLM)
O15 - Trusted Zone: http://vs.mcafeeasap.com (HKLM)
O15 - Trusted Zone: http://www.mcafeeasap.com (HKLM)
O15 - ESC Trusted Zone: http://*.update.microsoft.com
O15 - ESC Trusted Zone: http://*.mcafee.com (HKLM)
O15 - ESC Trusted Zone: http://betavscan.mcafeeasap.com (HKLM)
O15 - ESC Trusted Zone: http://vs.mcafeeasap.com (HKLM)
O15 - ESC Trusted Zone: http://www.mcafeeasap.com (HKLM)
O16 - DPF: {3D3B42C2-11BF-4732-A304-A01384B70D68} (UploadListView Class) - http://picasaweb.google.com/s/v/59.15/uploader2.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{D5F5F7E8-0E4F-4C3F-A3A5-8E1B55105D08}: NameServer = 202.99.104.68 202.99.96.68
O18 - Protocol: dssrequest - {5513F07E-936B-4E52-9B00-067394E91CC5} - C:\Program Files\McAfee\SiteAdvisor Enterprise\McIEPlg.dll
O18 - Protocol: sacore - {5513F07E-936B-4E52-9B00-067394E91CC5} - C:\Program Files\McAfee\SiteAdvisor Enterprise\McIEPlg.dll
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O20 - Winlogon Notify: gemsafe - C:\Program Files\Gemplus\GemSafe Libraries\BIN\WLEventNotify.dll
O22 - SharedTaskScheduler: Browseui preloader - {438755C2-A8BA-11D1-B96B-00A0C90312E1} - C:\WINDOWS\system32\browseui.dll
O22 - SharedTaskScheduler: Component Categories cache daemon - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\WINDOWS\system32\browseui.dll
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
O23 - Service: Broadcom ASF IP and SMBIOS Mailbox Monitor (ASFIPmon) - Broadcom Corporation - C:\Program Files\Broadcom\ASFIPMon\AsfIpMon.exe
O23 - Service: Bonjour 服务 (Bonjour Service) - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: EngineServer - McAfee, Inc. - C:\Program Files\McAfee\Managed VirusScan\VScan\EngineServer.exe
O23 - Service: Intel(R) PROSet/Wireless Event Log (EvtEng) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
O23 - Service: Google 更新服务 (gupdate1c9c26d73fdb380) (gupdate1c9c26d73fdb380) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe
O23 - Service: Google Software Updater (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: iPod 服务 (iPod Service) - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe
O23 - Service: McAfee SiteAdvisor Enterprise Service - McAfee, Inc. - C:\Program Files\McAfee\SiteAdvisor Enterprise\McSACore.exe
O23 - Service: McAfee Security Scan Component Host Service (McComponentHostService) - McAfee, Inc. - C:\Program Files\McAfee Security Scan\2.0.181\McCHSvc.exe
O23 - Service: McShield - McAfee, Inc. - C:\PROGRA~1\McAfee\MANAGE~1\VScan\McShield.exe
O23 - Service: McAfee Personal Firewall Service (MpfService) - McAfee, Inc. - C:\Program Files\McAfee\MPF\MPFSrv.exe
O23 - Service: McAfee Virus and Spyware Protection Service (myAgtSvc) - McAfee, Inc. - C:\Program Files\McAfee\Managed VirusScan\Agent\myAgtSvc.exe
O23 - Service: NICCONFIGSVC - Dell Inc. - C:\Program Files\Dell\QuickSet\NICCONFIGSVC.exe
O23 - Service: OpenVPN Service (OpenVPNService) - Unknown owner - C:\Program Files\OpenVPN\bin\openvpnserv.exe
O23 - Service: Intel(R) PROSet/Wireless Registry Service (RegSrvc) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
O23 - Service: Intel(R) PROSet/Wireless Service (S24EventMonitor) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe
O23 - Service: SecureStorageService - Wave Systems Corp. - C:\Program Files\Wave Systems Corp\Secure Storage Manager\SecureStorageService.exe
O23 - Service: SigmaTel Audio Service (STacSV) - SigmaTel, Inc. - C:\WINDOWS\system32\StacSV.exe
O23 - Service: stllssvr - MicroVision Development, Inc. - C:\Program Files\Common Files\SureThing Shared\stllssvr.exe
O23 - Service: NTRU TSS v1.2.1.25 TCS (tcsd_win32.exe) - Unknown owner - C:\Program Files\NTRU Cryptosystems\NTRU TCG Software Stack\bin\tcsd_win32.exe
O23 - Service: TdmService - Wave Systems Corp. - C:\Program Files\Wave Systems Corp\Trusted Drive Manager\TdmService.exe
O23 - Service: Viewpoint Manager Service - Viewpoint Corporation - C:\Program Files\Viewpoint\Common\ViewpointService.exe
O23 - Service: WaveEnrollmentService - Wave Systems Corp. - C:\Program Files\Wave Systems Corp\Authentication Manager\WaveEnrollmentService.exe
O23 - Service: Intel(R) PROSet/Wireless SSO Service (WLANKEEPER) - Intel(R) Corporation - C:\Program Files\Intel\Wireless\Bin\WLKeeper.exe

--
End of file - 16326 bytes


----------



## jbeaoe (Jul 28, 2009)

Bump.


----------

