Mobile/PDA About Us Advertise here
User User name Password  
  Not registered yet? Register here.
Lost your password? Click here. 		 
  Home   News   Guides   Downloads   Glossary   Hardware   Profiles   Forums   v4  
 Advertise at AfterDawn.com     Link to us!     Private messages     Compose a private message     List of all updated threads     Threads without replies     Search messages
Monday 10.3.2025 / 19:30
Search AfterDawn Forums:        In English   Suomeksi   På svenska
afterdawn.com > forums > software, operating systems and more > windows - virus and spyware problems > possible virus...need help
Show topics
 
Forums
Forums
Possible Virus...Need Help
  Jump to:
 
Posted Message
eoquest69
Newbie
_ 		5. September 2007 @ 23:48 _ Link to this message    Send private message to this user   
I McAfee Rootkit Dectective and it found 10 hidden registry keys/values, but i'm not sure if i should delete them. does anyone know if i should delete or keep them. it also found some other stuff, but i'm not sure what to do with that either. the log is below.



McAfee(R) Rootkit Detective 1.0 scan report
On 06-09-2007 at 01:04:24
OS-Version 5.1.2600
Service Pack 2.0
====================================

Object-Type: SSDT-hook
Object-Name: ZwConnectPort
Object-Path: (NULL)

Object-Type: Registry-key
Object-Name: DataAfee(R) Rootkit Detective 1.0 scan report
Object-Path: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Protected Storage System Provider\*Local Machine*\Data
Status: Hidden

Object-Type: Registry-key
Object-Name: a5c5c2e4-6bee-4ef9-a0f5-f76a07cce771 System Provider\*Local Machine*\Data
Object-Path: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Protected Storage System Provider\*Local Machine*\Data\a5c5c2e4-6bee-4ef9-a0f5-f76a07cce771
Status: Hidden

Object-Type: Registry-key
Object-Name: 00000000-0000-0000-0000-000000000000 System Provider\*Local Machine*\Data\a5c5c2e4-6bee-4ef9-a0f5-f76a07cce771
Object-Path: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Protected Storage System Provider\*Local Machine*\Data\a5c5c2e4-6bee-4ef9-a0f5-f76a07cce771\00000000-0000-0000-0000-000000000000
Status: Hidden

Object-Type: Registry-key
Object-Name: {6340E680-FF06-435f-8767-B79D88AEBD4D}ystem Provider\*Local Machine*\Data\a5c5c2e4-6bee-4ef9-a0f5-f76a07cce771\00000000-0000-0000-0000-000000000000
Object-Path: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Protected Storage System Provider\*Local Machine*\Data\a5c5c2e4-6bee-4ef9-a0f5-f76a07cce771\00000000-0000-0000-0000-000000000000\{6340E680-FF06-435f-8767-B79D88AEBD4D}
Status: Hidden

Object-Type: Registry-value
Object-Name: Item Data
Object-Path: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Protected Storage System Provider\*Local Machine*\Data\a5c5c2e4-6bee-4ef9-a0f5-f76a07cce771\00000000-0000-0000-0000-000000000000\{6340E680-FF06-435f-8767-B79D88AEBD4D}
Status: Hidden

Object-Type: Registry-value
Object-Name: Display String
Object-Path: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Protected Storage System Provider\*Local Machine*\Data\a5c5c2e4-6bee-4ef9-a0f5-f76a07cce771\00000000-0000-0000-0000-000000000000
Status: Hidden

Object-Type: Registry-value
Object-Name: Display String
Object-Path: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Protected Storage System Provider\*Local Machine*\Data\a5c5c2e4-6bee-4ef9-a0f5-f76a07cce771
Status: Hidden

Object-Type: Registry-key
Object-Name: Data 2RE\Microsoft\Protected Storage System Provider\*Local Machine*\Data\a5c5c2e4-6bee-4ef9-a0f5-f76a07cce771
Object-Path: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Protected Storage System Provider\*Local Machine*\Data 2
Status: Hidden

Object-Type: Registry-key
Object-Name: WindowsE\Microsoft\Protected Storage System Provider\*Local Machine*\Data 2
Object-Path: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Protected Storage System Provider\*Local Machine*\Data 2\Windows
Status: Hidden

Object-Type: Registry-value
Object-Name: Value
Object-Path: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Protected Storage System Provider\*Local Machine*\Data 2\Windows
Status: Hidden

Object-Type: IAT/EAT-hook
PID: 1700
Details: Import : Function : USER32.dll:KERNEL32.dll!LoadLibraryW Should be : KERNEL32.dll:7C80AE4B But is : C:\Program Files\Yahoo!\Shared\ybskin2.dll:63602AA2
Object-Path: C:\Program Files\Yahoo!\Shared\ybskin2.dll
Status: Hooked

Object-Type: IAT/EAT-hook
PID: 1700
Details: Import : Function : USER32.dll:KERNEL32.dll!LoadLibraryA Should be : KERNEL32.dll:7C801D77 But is : C:\Program Files\Yahoo!\Shared\ybskin2.dll:63602A5B
Object-Path: C:\Program Files\Yahoo!\Shared\ybskin2.dll
Status: Hooked

Object-Type: IAT/EAT-hook
PID: 1700
Details: Import : Function : SHELL32.dll:KERNEL32.dll!LoadLibraryW Should be : KERNEL32.dll:7C80AE4B But is : C:\Program Files\Yahoo!\Shared\ybskin2.dll:63602AA2
Object-Path: C:\Program Files\Yahoo!\Shared\ybskin2.dll
Status: Hooked

Object-Type: IAT/EAT-hook
PID: 1700
Details: Import : Function : SHELL32.dll:KERNEL32.dll!LoadLibraryA Should be : KERNEL32.dll:7C801D77 But is : C:\Program Files\Yahoo!\Shared\ybskin2.dll:63602A5B
Object-Path: C:\Program Files\Yahoo!\Shared\ybskin2.dll
Status: Hooked

Object-Type: IAT/EAT-hook
PID: 1700
Details: Import : Function : SHLWAPI.dll:KERNEL32.dll!LoadLibraryA Should be : KERNEL32.dll:7C801D77 But is : C:\Program Files\Yahoo!\Shared\ybskin2.dll:63602A5B
Object-Path: C:\Program Files\Yahoo!\Shared\ybskin2.dll
Status: Hooked

Object-Type: IAT/EAT-hook
PID: 1700
Details: Import : Function : SHLWAPI.dll:KERNEL32.dll!LoadLibraryW Should be : KERNEL32.dll:7C80AE4B But is : C:\Program Files\Yahoo!\Shared\ybskin2.dll:63602AA2
Object-Path: C:\Program Files\Yahoo!\Shared\ybskin2.dll
Status: Hooked

Object-Type: IAT/EAT-hook
PID: 1700
Details: Import : Function : GDI32.dll:KERNEL32.dll!LoadLibraryW Should be : KERNEL32.dll:7C80AE4B But is : C:\Program Files\Yahoo!\Shared\ybskin2.dll:63602AA2
Object-Path: C:\Program Files\Yahoo!\Shared\ybskin2.dll
Status: Hooked

Object-Type: IAT/EAT-hook
PID: 1700
Details: Import : Function : GDI32.dll:KERNEL32.dll!LoadLibraryA Should be : KERNEL32.dll:7C801D77 But is : C:\Program Files\Yahoo!\Shared\ybskin2.dll:63602A5B
Object-Path: C:\Program Files\Yahoo!\Shared\ybskin2.dll
Status: Hooked

Object-Type: IAT/EAT-hook
PID: 1700
Details: Import : Function : COMCTL32.dll:KERNEL32.dll!LoadLibraryW Should be : KERNEL32.dll:7C80AE4B But is : C:\Program Files\Yahoo!\Shared\ybskin2.dll:63602AA2
Object-Path: C:\Program Files\Yahoo!\Shared\ybskin2.dll
Status: Hooked

Object-Type: IAT/EAT-hook
PID: 1700
Details: Import : Function : COMCTL32.dll:KERNEL32.dll!LoadLibraryA Should be : KERNEL32.dll:7C801D77 But is : C:\Program Files\Yahoo!\Shared\ybskin2.dll:63602A5B
Object-Path: C:\Program Files\Yahoo!\Shared\ybskin2.dll
Status: Hooked

Object-Type: IAT/EAT-hook
PID: 1700
Details: Import : Function : USP10.dll:KERNEL32.dll!LoadLibraryA Should be : KERNEL32.dll:7C801D77 But is : C:\Program Files\Yahoo!\Shared\ybskin2.dll:63602A5B
Object-Path: C:\Program Files\Yahoo!\Shared\ybskin2.dll
Status: Hooked

Object-Type: IAT/EAT-hook
PID: 1700
Details: Import : Function : MSCTF.dll:KERNEL32.dll!LoadLibraryW Should be : KERNEL32.dll:7C80AE4B But is : C:\Program Files\Yahoo!\Shared\ybskin2.dll:63602AA2
Object-Path: C:\Program Files\Yahoo!\Shared\ybskin2.dll
Status: Hooked

Object-Type: IAT/EAT-hook
PID: 1700
Details: Import : Function : MSCTF.dll:KERNEL32.dll!LoadLibraryA Should be : KERNEL32.dll:7C801D77 But is : C:\Program Files\Yahoo!\Shared\ybskin2.dll:63602A5B
Object-Path: C:\Program Files\Yahoo!\Shared\ybskin2.dll
Status: Hooked

Object-Type: IAT/EAT-hook
PID: 1700
Details: Import : Function : uxtheme.dll:KERNEL32.dll!LoadLibraryW Should be : KERNEL32.dll:7C80AE4B But is : C:\Program Files\Yahoo!\Shared\ybskin2.dll:63602AA2
Object-Path: C:\Program Files\Yahoo!\Shared\ybskin2.dll
Status: Hooked

Object-Type: IAT/EAT-hook
PID: 1700
Details: Import : Function : helpers.dll:KERNEL32.dll!LoadLibraryA Should be : KERNEL32.dll:7C801D77 But is : C:\Program Files\Yahoo!\Shared\ybskin2.dll:63602A5B
Object-Path: C:\Program Files\Yahoo!\Shared\ybskin2.dll
Status: Hooked

Object-Type: IAT/EAT-hook
PID: 1700
Details: Import : Function : YDBAntiVirus.dll:KERNEL32.dll!LoadLibraryA Should be : KERNEL32.dll:7C801D77 But is : C:\Program Files\Yahoo!\Shared\ybskin2.dll:63602A5B
Object-Path: C:\Program Files\Yahoo!\Shared\ybskin2.dll
Status: Hooked

Object-Type: IAT/EAT-hook
PID: 1700
Details: Import : Function : yop.exe:KERNEL32.dll!LoadLibraryA Should be : KERNEL32.dll:7C801D77 But is : C:\Program Files\Yahoo!\Shared\ybskin2.dll:63602A5B
Object-Path: C:\Program Files\Yahoo!\Shared\ybskin2.dll
Status: Hooked
[ + quote]
afterdawn.com > forums > software, operating systems and more > windows - virus and spyware problems > possible virus...need help
 

Digital video: AfterDawn.com | AfterDawn Forums
Music: MP3Lizard.com
Gaming: Blasteroids.com | Blasteroids Forums | Compare game prices
Software: Software downloads
Blogs: User profile pages
RSS feeds: AfterDawn.com News | Software updates | AfterDawn Forums
International: AfterDawn in Finnish | AfterDawn in Swedish | AfterDawn in Norwegian | download.fi
Navigate: Search | Site map
About us: About AfterDawn Ltd | Advertise on our sites | Rules, Restrictions, Legal disclaimer & Privacy policy
Contact us: Send feedback | Contact our media sales team
 
  © 1999-2025 by AfterDawn Ltd.

  IDG TechNetwork