Backdoor.Ryejet

D

DLTTHEHOOK

Found this with my NoAdware program. Microsoft AntiSpy
did not find, VirusScan did not find.
Logfile of HijackThis v1.99.1
Scan saved at 11:05:19 AM, on 4/28/2005
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\LEXBCES.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\LEXPPS.EXE
C:\WINDOWS\system32\netdde.exe
C:\PROGRA~1\COMMON~1\AOL\ACS\acsd.exe
C:\WINDOWS\system32\clipsrv.exe
c:\PROGRA~1\mcafee.com\vso\mcshield.exe
c:\PROGRA~1\mcafee.com\vso\mcvsrte.exe
C:\PROGRA~1\McAfee.com\PERSON~1\MPFSERVICE.exe
C:\WINDOWS\System32\snmp.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\wanmpsvc.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\fxssvc.exe
C:\WINDOWS\Explorer.EXE
C:\PROGRA~1\mcafee.com\agent\mcagent.exe
C:\PROGRA~1\mcafee.com\vso\mcvsshld.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\Winferno\SIEPIE\SIEPulse.exe
C:\PROGRA~1\PEOPLE~1\propelac.exe
c:\progra~1\mcafee.com\vso\mcvsescn.exe
C:\Program Files\Dell\Media Experience\PCMService.exe
C:\Program Files\Intel\Modem Event Monitor\IntelMEM.exe
C:\Program Files\Java\j2re1.4.2_06\bin\jusched.exe
C:\Program Files\ISP50\Bin\Bartshel.exe
C:\Program Files\MUSICMATCH\Musicmatch Jukebox\mm_tray.exe
C:\Program Files\MusicMatch\MusicMatch Jukebox\mmtask.exe
C:\WINDOWS\system32\hkcmd.exe
C:\Program Files\Microsoft AntiSpyware\gcasServ.exe
C:\WINDOWS\system32\dla\tfswctrl.exe
C:\Program Files\Dell AIO Printer A920\dlbkbmgr.exe
C:\Program Files\Microsoft AntiSpyware\gcasDtServ.exe
C:\PROGRA~1\McAfee.com\PERSON~1\MpfTray.exe
C:\Program Files\Dell AIO Printer A920\dlbkbmon.exe
C:\WINDOWS\System32\svchost.exe
C:\PROGRA~1\ISP50\bin\ppshared.exe
C:\PROGRA~1\McAfee.com\PERSON~1\MpfAgent.exe
C:\Program Files\Dell Support\DSAgnt.exe
C:\Program Files\Yahoo!\Messenger\ypager.exe
C:\Program Files\FinePixViewer\QuickDCF.exe
C:\PROGRA~1\INCRED~1\bin\IMApp.exe
c:\progra~1\mcafee.com\vso\mcvsftsn.exe
C:\Program Files\Messenger\msmsgs.exe
C:\Documents and Settings\Donna
Timke\Desktop\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet
Explorer\Main,Default_Page_URL =
http://www.dell4me.com/mywaybiz
R1 - HKCU\Software\Microsoft\Internet
Explorer\Main,Search Bar =
http://home.peoplepc.com/search/
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start
Page = http://home.peoplepc.com/
R1 - HKLM\Software\Microsoft\Internet
Explorer\Main,Default_Page_URL =
http://www.dell4me.com/mywaybiz
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start
Page = http://www.dell4me.com/mywaybiz
R0 - HKLM\Software\Microsoft\Internet
Explorer\Search,SearchAssistant =
http://home.peoplepc.com/search
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local
Page = \blank.htm
R1 - HKCU\Software\Microsoft\Internet Connection
Wizard,ShellNext = "C:\Program Files\Outlook
Express\msimn.exe" //eml:D:\McAfee\[JFB-31237] My
computer will be down_-Winferno.eml
R1 -
HKCU\Software\Microsoft\Windows\CurrentVersion\Internet
Settings,ProxyServer = http=localhost:8082
O2 - BHO: Yahoo! Companion BHO - {02478D38-C3F9-4efb-9B51-
7695ECA05670} - C:\Program Files\Yahoo!
\Companion\Installs\cpn1\ycomp5_5_7_0.dll
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-
784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0
\ActiveX\AcroIEHelper.dll
O2 - BHO: DriveLetterAccess - {5CA3D70E-1895-11CF-8E15-
001234567890} - C:\WINDOWS\system32\dla\tfswshx.dll
O2 - BHO: PeoplePal Toolbar - {A8FB8EB3-183B-4598-924D-
86F0E5E37085} - C:\Program
Files\PeoplePC\Toolbar\PPCToolbar.dll
O2 - BHO: PrivateIEBHO.CPrivateIEBHO - {BD0D4420-5E4C-
4FCC-AFC0-EEA69B608E75} - C:\Program
Files\Winferno\SIEPIE\PrivateIEBHO.dll
O3 - Toolbar: McAfee VirusScan - {BA52B914-B692-46c4-B683-
905236F6F655} - c:\progra~1\mcafee.com\vso\mcvsshl.dll
O3 - Toolbar: PeoplePal Toolbar - {A8FB8EB3-183B-4598-
924D-86F0E5E37085} - C:\Program
Files\PeoplePC\Toolbar\PPCToolbar.dll
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-
0090271D4F88} - C:\Program Files\Yahoo!
\Companion\Installs\cpn1\ycomp5_5_7_0.dll
O4 - HKLM\..\Run: [VSOCheckTask] "c:\PROGRA~1
\mcafee.com\vso\mcmnhdlr.exe" /checktask
O4 - HKLM\..\Run: [MCAgentExe] c:\PROGRA~1
\mcafee.com\agent\mcagent.exe
O4 - HKLM\..\Run: [MCUpdateExe] C:\PROGRA~1
\mcafee.com\agent\McUpdate.exe
O4 - HKLM\..\Run: [VirusScan Online] "c:\PROGRA~1
\mcafee.com\vso\mcvsshld.exe"
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common
Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [SIE2004] "C:\Program
Files\Winferno\SIEPIE\SIEPulse.exe"
O4 - HKLM\..\Run: [Propel Accelerator] "C:\PROGRA~1
\PEOPLE~1\propelac.exe"
O4 - HKLM\..\Run: [PCMService] "C:\Program
Files\Dell\Media Experience\PCMService.exe"
O4 - HKLM\..\Run: [IntelMeM] C:\Program Files\Intel\Modem
Event Monitor\IntelMEM.exe
O4 - HKLM\..\Run: [IgfxTray] C:\WINDOWS\system32
\igfxtray.exe
O4 - HKLM\..\Run: [Bart Station] C:\Program Files\ISP50
\BIN\PPCOLink -STATION
O4 - HKLM\..\Run: [UpdateManager] "C:\Program
Files\Common Files\Sonic\Update Manager\sgtray.exe" /r
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program
Files\Java\j2re1.4.2_06\bin\jusched.exe
O4 - HKLM\..\Run: [REGSHAVE] C:\Program
Files\REGSHAVE\REGSHAVE.EXE /AUTORUN
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program
Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [PPCRunonce] C:\WINDOWS\System32
\PPCRunOnce.exe
O4 - HKLM\..\Run: [MMTray] C:\Program
Files\MUSICMATCH\Musicmatch Jukebox\mm_tray.exe
O4 - HKLM\..\Run: [mmtask] c:\Program
Files\MusicMatch\MusicMatch Jukebox\mmtask.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\system32
\hkcmd.exe
O4 - HKLM\..\Run: [gcasServ] "C:\Program Files\Microsoft
AntiSpyware\gcasServ.exe"
O4 - HKLM\..\Run: [dla] C:\WINDOWS\system32
\dla\tfswctrl.exe
O4 - HKLM\..\Run: [Dell AIO Printer A920] "C:\Program
Files\Dell AIO Printer A920\dlbkbmgr.exe"
O4 - HKLM\..\Run: [MPFExe] C:\PROGRA~1\McAfee.com\PERSON~1
\MpfTray.exe
O4 - HKLM\..\Run: [UserFaultCheck] %systemroot%\system32
\dumprep 0 -u
O4 - HKCU\..\Run: [DellSupport] "C:\Program Files\Dell
Support\DSAgnt.exe" /startup
O4 - HKCU\..\Run: [Yahoo! Pager] C:\Program Files\Yahoo!
\Messenger\ypager.exe -quiet
O4 - HKCU\..\Run: [MSMSGS] "C:\Program
Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [IncrediMail] C:\Program
Files\IncrediMail\bin\IncMail.exe /c
O4 - HKCU\..\RunOnce: [DeleteCache] "C:\Program
Files\Winferno\SIEPIE\DeleteIndex.exe" C:\Documents and
Settings\Donna Timke\Local Settings\Temporary Internet
Files\index.dat
O4 - HKCU\..\RunOnce: [DeleteCookies] "C:\Program
Files\Winferno\SIEPIE\DeleteIndex.exe" C:\Documents and
Settings\Donna Timke\Cookies\index.dat
O4 - Global Startup: Adobe Reader Speed Launch.lnk =
C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: Exif Launcher.lnk = ?
O4 - Global Startup: Microsoft Office.lnk = C:\Program
Files\Microsoft Office\Office\OSA9.EXE
O8 - Extra context menu item: &Add animation to
IncrediMail Style Box - C:\PROGRA~1\INCRED~1
\bin\resources\WebMenuImg.htm
O8 - Extra context menu item: &Yahoo! Search -
file:///C:\Program Files\Yahoo!\Common/ycsrch.htm
O8 - Extra context menu item: Refresh Pa&ge with Full
Quality - C:\Program Files\PeoplePC Accelerated\pac-
page.html
O8 - Extra context menu item: Refresh Pi&cture with Full
Quality - C:\Program Files\PeoplePC Accelerated\pac-
image.html
O8 - Extra context menu item: Yahoo! &Dictionary -
file:///C:\Program Files\Yahoo!\Common/ycdict.htm
O8 - Extra context menu item: Yahoo! &Maps -
file:///C:\Program Files\Yahoo!\Common/ycdict.htm
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-
00401C608501} - C:\WINDOWS\System32\shdocvw.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-
4FCB-11CF-AAA5-00401C608501} - C:\WINDOWS\System32
\shdocvw.dll
O9 - Extra button: Messenger - {4528BBE0-4E08-11D5-AD55-
00010333D0AD} - C:\Program Files\Yahoo!
\Messenger\yhexbmes0521.dll
O9 - Extra 'Tools' menuitem: Yahoo! Messenger - {4528BBE0-
4E08-11D5-AD55-00010333D0AD} - C:\Program Files\Yahoo!
\Messenger\yhexbmes0521.dll
O9 - Extra button: Private IE - {644B7837-F1E9-4dba-853C-
7E304F51968B} - "C:\Program
Files\Winferno\SIEPIE\PrivateIE.exe" (file missing)
O9 - Extra button: (no name) - {B9030549-F0EA-40a7-8E3C-
62A9FB0812D0} - "C:\Program
Files\Winferno\SIEPIE\PrivateIE.exe" (file missing)
O9 - Extra 'Tools' menuitem: Private IE - {B9030549-F0EA-
40a7-8E3C-62A9FB0812D0} - "C:\Program
Files\Winferno\SIEPIE\PrivateIE.exe" (file missing)
O9 - Extra button: (no name) - {CD67F990-D8E9-11d2-98FE-
00C0F0318AFE} - (no file)
O9 - Extra button: MUSICMATCH MX Web Player - {d81ca86b-
ef63-42af-bee3-4502d9a03c2d} -
http://wwws.musicmatch.com/mmz/openWebRadio.html (file
missing)
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-
00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger -
{FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program
Files\Messenger\msmsgs.exe
O15 - Trusted Zone: *.BayLakeBank.com
O15 - Trusted Zone: http://www.brandsaver.com
O15 - Trusted Zone: www.carlsoncontracting.com
O15 - Trusted Zone: http://www.carlsoncontracting.com
O15 - Trusted Zone: *.Dell.com
O15 - Trusted Zone: *.directv.com
O15 - Trusted Zone: *.incredimail.com
O15 - Trusted Zone: bin.mcafee.com
O15 - Trusted Zone: www.mcafee.com
O15 - Trusted Zone: download.nai.com
O15 - Trusted Zone: *.noadware.net
O15 - Trusted Zone: www.oppenheimerfunds.com
O15 - Trusted Zone: *.PCBugDoctor.com
O15 - Trusted Zone: *.peoplepc.com
O15 - Trusted Zone: *.SecureIE.com
O15 - Trusted Zone: *[email protected]
O15 - Trusted Zone: *.thermador.com
O15 - Trusted Zone: *.windows update
O15 - Trusted Zone: http://www.winferno.com
O15 - Trusted Zone: *.www.PGbrandSAVER
O16 - DPF: {2A32B14F-4D29-4EA3-AC54-E9B19F436CE7}
(Scanner Class) -
http://www.windowsecurity.com/trojanscan/TDECntrl.CAB
O16 - DPF: {4ED9DDF0-7479-4BBE-9335-5A1EDB1D8A21}
(McAfee.com Operating System Class) -
http://download.mcafee.com/molbin/shared/mcinsctl/en-
us/4,0,0,90/mcinsctl.cab
O16 - DPF: {5F0C30E4-1E72-4DCC-85E5-57810F1CA97B}
(McUpdatePortalFactory Class) -
http://www.amiuptodate.com/vsc/bin/1,0,0,7/McUpdatePortal.
cab
O16 - DPF: {94B82441-A413-4E43-8422-D49930E69764}
(TLIEFlashObj Class) -
https://echat.us.dell.com/Media/VisitorChat/TLIEFlash.CAB
O16 - DPF: {F00F4763-7355-4725-82F7-0DA94A256D46}
(IncrediMail) -
http://www5.incredimail.com/contents/setup/downloader_sp1/
imloader.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{07800CA0-6957-
4E00-B298-95F3FE205703}: NameServer = 205.171.3.65
205.171.2.65
O17 - HKLM\System\CS1\Services\Tcpip\..\{07800CA0-6957-
4E00-B298-95F3FE205703}: NameServer = 205.171.3.65
205.171.2.65
O20 - Winlogon Notify: igfxcui - C:\WINDOWS\SYSTEM32
\igfxsrvc.dll
O23 - Service: AOL Connectivity Service (AOL ACS) -
America Online, Inc. - C:\PROGRA~1\COMMON~1
\AOL\ACS\acsd.exe
O23 - Service: LexBce Server (LexBceS) - Lexmark
International, Inc. - C:\WINDOWS\system32\LEXBCES.EXE
O23 - Service: McAfee.com McShield (McShield) - Unknown
owner - c:\PROGRA~1\mcafee.com\vso\mcshield.exe
O23 - Service: McAfee SecurityCenter Update Manager
(mcupdmgr.exe) - McAfee, Inc - C:\PROGRA~1
\McAfee.com\Agent\mcupdmgr.exe
O23 - Service: McAfee.com VirusScan Online Realtime
Engine (MCVSRte) - McAfee, Inc - c:\PROGRA~1
\mcafee.com\vso\mcvsrte.exe
O23 - Service: McAfee Personal Firewall Service
(MpfService) - McAfee Corporation - C:\PROGRA~1
\McAfee.com\PERSON~1\MPFSERVICE.exe
O23 - Service: Intel NCS NetService (NetSvc) - Intel(R)
Corporation - C:\Program
Files\Intel\PROSetWired\NCS\Sync\NetSvc.exe
O23 - Service: WAN Miniport (ATW) Service
(WANMiniportService) - America Online, Inc. -
C:\WINDOWS\wanmpsvc.exe
 
J

JohnF.

backdoor.ryejet uses rootkit functionality to hide from antispy and
antivirus programs - this is why we have to use more than one program to
solve malware problems.

Where did you pick up this little nasty?

http://securityresponse.symantec.com/avcenter/venc/data/backdoor.ryejet.html




DLTTHEHOOK said:
Found this with my NoAdware program. Microsoft AntiSpy
did not find, VirusScan did not find.
Logfile of HijackThis v1.99.1
Scan saved at 11:05:19 AM, on 4/28/2005
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\LEXBCES.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\LEXPPS.EXE
C:\WINDOWS\system32\netdde.exe
C:\PROGRA~1\COMMON~1\AOL\ACS\acsd.exe
C:\WINDOWS\system32\clipsrv.exe
c:\PROGRA~1\mcafee.com\vso\mcshield.exe
c:\PROGRA~1\mcafee.com\vso\mcvsrte.exe
C:\PROGRA~1\McAfee.com\PERSON~1\MPFSERVICE.exe
C:\WINDOWS\System32\snmp.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\wanmpsvc.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\fxssvc.exe
C:\WINDOWS\Explorer.EXE
C:\PROGRA~1\mcafee.com\agent\mcagent.exe
C:\PROGRA~1\mcafee.com\vso\mcvsshld.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\Winferno\SIEPIE\SIEPulse.exe
C:\PROGRA~1\PEOPLE~1\propelac.exe
c:\progra~1\mcafee.com\vso\mcvsescn.exe
C:\Program Files\Dell\Media Experience\PCMService.exe
C:\Program Files\Intel\Modem Event Monitor\IntelMEM.exe
C:\Program Files\Java\j2re1.4.2_06\bin\jusched.exe
C:\Program Files\ISP50\Bin\Bartshel.exe
C:\Program Files\MUSICMATCH\Musicmatch Jukebox\mm_tray.exe
C:\Program Files\MusicMatch\MusicMatch Jukebox\mmtask.exe
C:\WINDOWS\system32\hkcmd.exe
C:\Program Files\Microsoft AntiSpyware\gcasServ.exe
C:\WINDOWS\system32\dla\tfswctrl.exe
C:\Program Files\Dell AIO Printer A920\dlbkbmgr.exe
C:\Program Files\Microsoft AntiSpyware\gcasDtServ.exe
C:\PROGRA~1\McAfee.com\PERSON~1\MpfTray.exe
C:\Program Files\Dell AIO Printer A920\dlbkbmon.exe
C:\WINDOWS\System32\svchost.exe
C:\PROGRA~1\ISP50\bin\ppshared.exe
C:\PROGRA~1\McAfee.com\PERSON~1\MpfAgent.exe
C:\Program Files\Dell Support\DSAgnt.exe
C:\Program Files\Yahoo!\Messenger\ypager.exe
C:\Program Files\FinePixViewer\QuickDCF.exe
C:\PROGRA~1\INCRED~1\bin\IMApp.exe
c:\progra~1\mcafee.com\vso\mcvsftsn.exe
C:\Program Files\Messenger\msmsgs.exe
C:\Documents and Settings\Donna
Timke\Desktop\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet
Explorer\Main,Default_Page_URL =
http://www.dell4me.com/mywaybiz
R1 - HKCU\Software\Microsoft\Internet
Explorer\Main,Search Bar =
http://home.peoplepc.com/search/
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start
Page = http://home.peoplepc.com/
R1 - HKLM\Software\Microsoft\Internet
Explorer\Main,Default_Page_URL =
http://www.dell4me.com/mywaybiz
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start
Page = http://www.dell4me.com/mywaybiz
R0 - HKLM\Software\Microsoft\Internet
Explorer\Search,SearchAssistant =
http://home.peoplepc.com/search
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local
Page = \blank.htm
R1 - HKCU\Software\Microsoft\Internet Connection
Wizard,ShellNext = "C:\Program Files\Outlook
Express\msimn.exe" //eml:D:\McAfee\[JFB-31237] My
computer will be down_-Winferno.eml
R1 -
HKCU\Software\Microsoft\Windows\CurrentVersion\Internet
Settings,ProxyServer = http=localhost:8082
O2 - BHO: Yahoo! Companion BHO - {02478D38-C3F9-4efb-9B51-
7695ECA05670} - C:\Program Files\Yahoo!
\Companion\Installs\cpn1\ycomp5_5_7_0.dll
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-
784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0
\ActiveX\AcroIEHelper.dll
O2 - BHO: DriveLetterAccess - {5CA3D70E-1895-11CF-8E15-
001234567890} - C:\WINDOWS\system32\dla\tfswshx.dll
O2 - BHO: PeoplePal Toolbar - {A8FB8EB3-183B-4598-924D-
86F0E5E37085} - C:\Program
Files\PeoplePC\Toolbar\PPCToolbar.dll
O2 - BHO: PrivateIEBHO.CPrivateIEBHO - {BD0D4420-5E4C-
4FCC-AFC0-EEA69B608E75} - C:\Program
Files\Winferno\SIEPIE\PrivateIEBHO.dll
O3 - Toolbar: McAfee VirusScan - {BA52B914-B692-46c4-B683-
905236F6F655} - c:\progra~1\mcafee.com\vso\mcvsshl.dll
O3 - Toolbar: PeoplePal Toolbar - {A8FB8EB3-183B-4598-
924D-86F0E5E37085} - C:\Program
Files\PeoplePC\Toolbar\PPCToolbar.dll
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-
0090271D4F88} - C:\Program Files\Yahoo!
\Companion\Installs\cpn1\ycomp5_5_7_0.dll
O4 - HKLM\..\Run: [VSOCheckTask] "c:\PROGRA~1
\mcafee.com\vso\mcmnhdlr.exe" /checktask
O4 - HKLM\..\Run: [MCAgentExe] c:\PROGRA~1
\mcafee.com\agent\mcagent.exe
O4 - HKLM\..\Run: [MCUpdateExe] C:\PROGRA~1
\mcafee.com\agent\McUpdate.exe
O4 - HKLM\..\Run: [VirusScan Online] "c:\PROGRA~1
\mcafee.com\vso\mcvsshld.exe"
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common
Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [SIE2004] "C:\Program
Files\Winferno\SIEPIE\SIEPulse.exe"
O4 - HKLM\..\Run: [Propel Accelerator] "C:\PROGRA~1
\PEOPLE~1\propelac.exe"
O4 - HKLM\..\Run: [PCMService] "C:\Program
Files\Dell\Media Experience\PCMService.exe"
O4 - HKLM\..\Run: [IntelMeM] C:\Program Files\Intel\Modem
Event Monitor\IntelMEM.exe
O4 - HKLM\..\Run: [IgfxTray] C:\WINDOWS\system32
\igfxtray.exe
O4 - HKLM\..\Run: [Bart Station] C:\Program Files\ISP50
\BIN\PPCOLink -STATION
O4 - HKLM\..\Run: [UpdateManager] "C:\Program
Files\Common Files\Sonic\Update Manager\sgtray.exe" /r
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program
Files\Java\j2re1.4.2_06\bin\jusched.exe
O4 - HKLM\..\Run: [REGSHAVE] C:\Program
Files\REGSHAVE\REGSHAVE.EXE /AUTORUN
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program
Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [PPCRunonce] C:\WINDOWS\System32
\PPCRunOnce.exe
O4 - HKLM\..\Run: [MMTray] C:\Program
Files\MUSICMATCH\Musicmatch Jukebox\mm_tray.exe
O4 - HKLM\..\Run: [mmtask] c:\Program
Files\MusicMatch\MusicMatch Jukebox\mmtask.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\system32
\hkcmd.exe
O4 - HKLM\..\Run: [gcasServ] "C:\Program Files\Microsoft
AntiSpyware\gcasServ.exe"
O4 - HKLM\..\Run: [dla] C:\WINDOWS\system32
\dla\tfswctrl.exe
O4 - HKLM\..\Run: [Dell AIO Printer A920] "C:\Program
Files\Dell AIO Printer A920\dlbkbmgr.exe"
O4 - HKLM\..\Run: [MPFExe] C:\PROGRA~1\McAfee.com\PERSON~1
\MpfTray.exe
O4 - HKLM\..\Run: [UserFaultCheck] %systemroot%\system32
\dumprep 0 -u
O4 - HKCU\..\Run: [DellSupport] "C:\Program Files\Dell
Support\DSAgnt.exe" /startup
O4 - HKCU\..\Run: [Yahoo! Pager] C:\Program Files\Yahoo!
\Messenger\ypager.exe -quiet
O4 - HKCU\..\Run: [MSMSGS] "C:\Program
Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [IncrediMail] C:\Program
Files\IncrediMail\bin\IncMail.exe /c
O4 - HKCU\..\RunOnce: [DeleteCache] "C:\Program
Files\Winferno\SIEPIE\DeleteIndex.exe" C:\Documents and
Settings\Donna Timke\Local Settings\Temporary Internet
Files\index.dat
O4 - HKCU\..\RunOnce: [DeleteCookies] "C:\Program
Files\Winferno\SIEPIE\DeleteIndex.exe" C:\Documents and
Settings\Donna Timke\Cookies\index.dat
O4 - Global Startup: Adobe Reader Speed Launch.lnk =
C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: Exif Launcher.lnk = ?
O4 - Global Startup: Microsoft Office.lnk = C:\Program
Files\Microsoft Office\Office\OSA9.EXE
O8 - Extra context menu item: &Add animation to
IncrediMail Style Box - C:\PROGRA~1\INCRED~1
\bin\resources\WebMenuImg.htm
O8 - Extra context menu item: &Yahoo! Search -
file:///C:\Program Files\Yahoo!\Common/ycsrch.htm
O8 - Extra context menu item: Refresh Pa&ge with Full
Quality - C:\Program Files\PeoplePC Accelerated\pac-
page.html
O8 - Extra context menu item: Refresh Pi&cture with Full
Quality - C:\Program Files\PeoplePC Accelerated\pac-
image.html
O8 - Extra context menu item: Yahoo! &Dictionary -
file:///C:\Program Files\Yahoo!\Common/ycdict.htm
O8 - Extra context menu item: Yahoo! &Maps -
file:///C:\Program Files\Yahoo!\Common/ycdict.htm
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-
00401C608501} - C:\WINDOWS\System32\shdocvw.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-
4FCB-11CF-AAA5-00401C608501} - C:\WINDOWS\System32
\shdocvw.dll
O9 - Extra button: Messenger - {4528BBE0-4E08-11D5-AD55-
00010333D0AD} - C:\Program Files\Yahoo!
\Messenger\yhexbmes0521.dll
O9 - Extra 'Tools' menuitem: Yahoo! Messenger - {4528BBE0-
4E08-11D5-AD55-00010333D0AD} - C:\Program Files\Yahoo!
\Messenger\yhexbmes0521.dll
O9 - Extra button: Private IE - {644B7837-F1E9-4dba-853C-
7E304F51968B} - "C:\Program
Files\Winferno\SIEPIE\PrivateIE.exe" (file missing)
O9 - Extra button: (no name) - {B9030549-F0EA-40a7-8E3C-
62A9FB0812D0} - "C:\Program
Files\Winferno\SIEPIE\PrivateIE.exe" (file missing)
O9 - Extra 'Tools' menuitem: Private IE - {B9030549-F0EA-
40a7-8E3C-62A9FB0812D0} - "C:\Program
Files\Winferno\SIEPIE\PrivateIE.exe" (file missing)
O9 - Extra button: (no name) - {CD67F990-D8E9-11d2-98FE-
00C0F0318AFE} - (no file)
O9 - Extra button: MUSICMATCH MX Web Player - {d81ca86b-
ef63-42af-bee3-4502d9a03c2d} -
http://wwws.musicmatch.com/mmz/openWebRadio.html (file
missing)
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-
00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger -
{FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program
Files\Messenger\msmsgs.exe
O15 - Trusted Zone: *.BayLakeBank.com
O15 - Trusted Zone: http://www.brandsaver.com
O15 - Trusted Zone: www.carlsoncontracting.com
O15 - Trusted Zone: http://www.carlsoncontracting.com
O15 - Trusted Zone: *.Dell.com
O15 - Trusted Zone: *.directv.com
O15 - Trusted Zone: *.incredimail.com
O15 - Trusted Zone: bin.mcafee.com
O15 - Trusted Zone: www.mcafee.com
O15 - Trusted Zone: download.nai.com
O15 - Trusted Zone: *.noadware.net
O15 - Trusted Zone: www.oppenheimerfunds.com
O15 - Trusted Zone: *.PCBugDoctor.com
O15 - Trusted Zone: *.peoplepc.com
O15 - Trusted Zone: *.SecureIE.com
O15 - Trusted Zone: *[email protected]
O15 - Trusted Zone: *.thermador.com
O15 - Trusted Zone: *.windows update
O15 - Trusted Zone: http://www.winferno.com
O15 - Trusted Zone: *.www.PGbrandSAVER
O16 - DPF: {2A32B14F-4D29-4EA3-AC54-E9B19F436CE7}
(Scanner Class) -
http://www.windowsecurity.com/trojanscan/TDECntrl.CAB
O16 - DPF: {4ED9DDF0-7479-4BBE-9335-5A1EDB1D8A21}
(McAfee.com Operating System Class) -
http://download.mcafee.com/molbin/shared/mcinsctl/en-
us/4,0,0,90/mcinsctl.cab
O16 - DPF: {5F0C30E4-1E72-4DCC-85E5-57810F1CA97B}
(McUpdatePortalFactory Class) -
http://www.amiuptodate.com/vsc/bin/1,0,0,7/McUpdatePortal.
cab
O16 - DPF: {94B82441-A413-4E43-8422-D49930E69764}
(TLIEFlashObj Class) -
https://echat.us.dell.com/Media/VisitorChat/TLIEFlash.CAB
O16 - DPF: {F00F4763-7355-4725-82F7-0DA94A256D46}
(IncrediMail) -
http://www5.incredimail.com/contents/setup/downloader_sp1/
imloader.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{07800CA0-6957-
4E00-B298-95F3FE205703}: NameServer = 205.171.3.65
205.171.2.65
O17 - HKLM\System\CS1\Services\Tcpip\..\{07800CA0-6957-
4E00-B298-95F3FE205703}: NameServer = 205.171.3.65
205.171.2.65
O20 - Winlogon Notify: igfxcui - C:\WINDOWS\SYSTEM32
\igfxsrvc.dll
O23 - Service: AOL Connectivity Service (AOL ACS) -
America Online, Inc. - C:\PROGRA~1\COMMON~1
\AOL\ACS\acsd.exe
O23 - Service: LexBce Server (LexBceS) - Lexmark
International, Inc. - C:\WINDOWS\system32\LEXBCES.EXE
O23 - Service: McAfee.com McShield (McShield) - Unknown
owner - c:\PROGRA~1\mcafee.com\vso\mcshield.exe
O23 - Service: McAfee SecurityCenter Update Manager
(mcupdmgr.exe) - McAfee, Inc - C:\PROGRA~1
\McAfee.com\Agent\mcupdmgr.exe
O23 - Service: McAfee.com VirusScan Online Realtime
Engine (MCVSRte) - McAfee, Inc - c:\PROGRA~1
\mcafee.com\vso\mcvsrte.exe
O23 - Service: McAfee Personal Firewall Service
(MpfService) - McAfee Corporation - C:\PROGRA~1
\McAfee.com\PERSON~1\MPFSERVICE.exe
O23 - Service: Intel NCS NetService (NetSvc) - Intel(R)
Corporation - C:\Program
Files\Intel\PROSetWired\NCS\Sync\NetSvc.exe
O23 - Service: WAN Miniport (ATW) Service
(WANMiniportService) - America Online, Inc. -
C:\WINDOWS\wanmpsvc.exe
Click to expand...
 

Ask a Question

Want to reply to this thread or ask your own question?

You'll need to choose a username for the site, which only take a couple of moments. After that, you can post your question and our members will help you out.

Ask a Question

Similar Threads

HJT scan and many improvements 3
Ads served by Adsite 2
Windows XP Control Panel Missing 7
Windows 7 "Windows cannot find svchost.exe?" 1
Virtumonde 0
CoolWWW keeps trying 6
cant get rid of trojan geeda.dll 0
Malware taken over my PC help!! 4

Top