HJT scan and many improvements

D

DLTTHEHOOK

I got rid of Incredimail(but I see something is still
lingering in scan), Winferno, Microsoft AntiSpy,
redownloaded PPC and installed Registry Mechanic which
got rid of over 300 problems found. No more rolling
flashlight, things are very quick and I guess you could
say I have a smile instead of a sledge hammer standing
by. rkinner or johnf, should I run the scan again, check
& fix the Incredimail straggler below?

Logfile of HijackThis v1.99.1
Scan saved at 9:36:21 AM, on 5/5/2005
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\LEXBCES.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\LEXPPS.EXE
C:\WINDOWS\system32\netdde.exe
C:\WINDOWS\system32\clipsrv.exe
C:\WINDOWS\System32\snmp.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Intel\Modem Event Monitor\IntelMEM.exe
C:\WINDOWS\system32\hkcmd.exe
C:\WINDOWS\system32\dla\tfswctrl.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\Dell AIO Printer A920\dlbkbmgr.exe
C:\Program Files\Dell\Media Experience\PCMService.exe
C:\Program Files\Dell AIO Printer A920\dlbkbmon.exe
C:\PROGRA~1\PEOPLE~1\propelac.exe
c:\program files\mcafee.com\agent\mcagent.exe
c:\progra~1\mcafee.com\vso\mcvsescn.exe
C:\Program Files\Java\j2re1.4.2_06\bin\jusched.exe
C:\Program Files\MUSICMATCH\Musicmatch Jukebox\mm_tray.exe
C:\Program Files\MusicMatch\MusicMatch Jukebox\mmtask.exe
C:\Program Files\ISP50\Bin\Bartshel.exe
C:\Program Files\Yahoo!\Messenger\ypager.exe
C:\Program Files\Dell Support\DSAgnt.exe
C:\Program Files\FinePixViewer\QuickDCF.exe
C:\PROGRA~1\ISP50\bin\ppshared.exe
c:\progra~1\mcafee.com\vso\mcvsftsn.exe
C:\Program Files\Messenger\msmsgs.exe
C:\PROGRA~1\McAfee.com\PERSON~1\MpfAgent.exe
C:\PROGRA~1\McAfee.com\PERSON~1\MpfTray.exe
C:\PROGRA~1\McAfee.com\PERSON~1\MPFSERVICE.exe
c:\program files\mcafee.com\vso\mcvsshld.exe
c:\PROGRA~1\mcafee.com\vso\mcvsrte.exe
c:\PROGRA~1\mcafee.com\vso\mcshield.exe
C:\Documents and Settings\Donna
Timke\Desktop\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet
Explorer\Main,Default_Page_URL =
http://www.dell4me.com/mywaybiz
R1 - HKCU\Software\Microsoft\Internet
Explorer\Main,Search Bar = http://home.peoplepc.com/search
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start
Page = http://home.peoplepc.com/homepage
R1 - HKLM\Software\Microsoft\Internet
Explorer\Main,Default_Page_URL =
http://www.dell4me.com/mywaybiz
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start
Page = http://www.dell4me.com/mywaybiz
R0 - HKLM\Software\Microsoft\Internet
Explorer\Search,SearchAssistant =
http://home.peoplepc.com/search
R0 - HKLM\Software\Microsoft\Internet
Explorer\Search,CustomizeSearch =
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local
Page = \blank.htm
R1 - HKCU\Software\Microsoft\Internet Connection
Wizard,ShellNext = "C:\Program Files\Outlook
Express\msimn.exe" //eml:D:\McAfee\[JFB-31237] My
computer will be down_-Winferno.eml
R1 -
HKCU\Software\Microsoft\Windows\CurrentVersion\Internet
Settings,ProxyServer = http=localhost:8080
O2 - BHO: Yahoo! Companion BHO - {02478D38-C3F9-4efb-9B51-
7695ECA05670} - C:\Program Files\Yahoo!
\Companion\Installs\cpn1\ycomp5_5_7_0.dll
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-
784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0
\ActiveX\AcroIEHelper.dll
O2 - BHO: DriveLetterAccess - {5CA3D70E-1895-11CF-8E15-
001234567890} - C:\WINDOWS\system32\dla\tfswshx.dll
O2 - BHO: PeoplePal Toolbar - {A8FB8EB3-183B-4598-924D-
86F0E5E37085} - C:\Program
Files\PeoplePC\Toolbar\PPCToolbar.dll
O3 - Toolbar: McAfee VirusScan - {BA52B914-B692-46c4-B683-
905236F6F655} - c:\progra~1\mcafee.com\vso\mcvsshl.dll
O3 - Toolbar: PeoplePal Toolbar - {A8FB8EB3-183B-4598-
924D-86F0E5E37085} - C:\Program
Files\PeoplePC\Toolbar\PPCToolbar.dll
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-
0090271D4F88} - C:\Program Files\Yahoo!
\Companion\Installs\cpn1\ycomp5_5_7_0.dll
O4 - HKLM\..\Run: [IntelMeM] C:\Program Files\Intel\Modem
Event Monitor\IntelMEM.exe
O4 - HKLM\..\Run: [IgfxTray] C:\WINDOWS\system32
\igfxtray.exe
O4 - HKLM\..\Run: [UpdateManager] "C:\Program
Files\Common Files\Sonic\Update Manager\sgtray.exe" /r
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program
Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [PPCRunonce] C:\WINDOWS\system32
\PPCRunOnce.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\system32
\hkcmd.exe
O4 - HKLM\..\Run: [dla] C:\WINDOWS\system32
\dla\tfswctrl.exe
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common
Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [REGSHAVE] C:\Program
Files\REGSHAVE\REGSHAVE.EXE /AUTORUN
O4 - HKLM\..\Run: [Dell AIO Printer A920] "C:\Program
Files\Dell AIO Printer A920\dlbkbmgr.exe"
O4 - HKLM\..\Run: [PCMService] "C:\Program
Files\Dell\Media Experience\PCMService.exe"
O4 - HKLM\..\Run: [VSOCheckTask] "c:\PROGRA~1
\mcafee.com\vso\mcmnhdlr.exe" /checktask
O4 - HKLM\..\Run: [VirusScan Online] "c:\PROGRA~1
\mcafee.com\vso\mcvsshld.exe"
O4 - HKLM\..\Run: [Propel Accelerator] "C:\PROGRA~1
\PEOPLE~1\propelac.exe"
O4 - HKLM\..\Run: [MPFExe] C:\PROGRA~1\McAfee.com\PERSON~1
\MpfTray.exe
O4 - HKLM\..\Run: [MCAgentExe] c:\PROGRA~1
\mcafee.com\agent\mcagent.exe
O4 - HKLM\..\Run: [MCUpdateExe] C:\PROGRA~1
\mcafee.com\agent\McUpdate.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program
Files\Java\j2re1.4.2_06\bin\jusched.exe
O4 - HKLM\..\Run: [MMTray] C:\Program
Files\MUSICMATCH\Musicmatch Jukebox\mm_tray.exe
O4 - HKLM\..\Run: [mmtask] c:\Program
Files\MusicMatch\MusicMatch Jukebox\mmtask.exe
O4 - HKLM\..\Run: [CleanUp] C:\PROGRA~1
\McAfee.com\Shared\mcappins.exe /v=3 /cleanup
O4 - HKLM\..\Run: [RegistryMechanic] C:\Program
Files\Registry Mechanic\RegMech.exe /QS
O4 - HKCU\..\Run: [Yahoo! Pager] C:\Program Files\Yahoo!
\Messenger\ypager.exe -quiet
O4 - HKCU\..\Run: [DellSupport] "C:\Program Files\Dell
Support\DSAgnt.exe" /startup
O4 - HKCU\..\Run: [MSMSGS] "C:\Program
Files\Messenger\msmsgs.exe" /background
O4 - Global Startup: Adobe Reader Speed Launch.lnk =
C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: Exif Launcher.lnk = ?
O4 - Global Startup: Microsoft Office.lnk = C:\Program
Files\Microsoft Office\Office\OSA9.EXE
O6 - HKCU\Software\Policies\Microsoft\Internet
Explorer\Control Panel present
O8 - Extra context menu item: &Yahoo! Search -
file:///C:\Program Files\Yahoo!\Common/ycsrch.htm
O8 - Extra context menu item: Refresh Pa&ge with Full
Quality - C:\Program Files\PeoplePC Accelerated\pac-
page.html
O8 - Extra context menu item: Refresh Pi&cture with Full
Quality - C:\Program Files\PeoplePC Accelerated\pac-
image.html
O8 - Extra context menu item: Yahoo! &Dictionary -
file:///C:\Program Files\Yahoo!\Common/ycdict.htm
O8 - Extra context menu item: Yahoo! &Maps -
file:///C:\Program Files\Yahoo!\Common/ycdict.htm
O9 - Extra button: Messenger - {4528BBE0-4E08-11D5-AD55-
00010333D0AD} - C:\Program Files\Yahoo!
\Messenger\yhexbmes0521.dll
O9 - Extra 'Tools' menuitem: Yahoo! Messenger - {4528BBE0-
4E08-11D5-AD55-00010333D0AD} - C:\Program Files\Yahoo!
\Messenger\yhexbmes0521.dll
O9 - Extra button: MUSICMATCH MX Web Player - {d81ca86b-
ef63-42af-bee3-4502d9a03c2d} -
http://wwws.musicmatch.com/mmz/openWebRadio.html (file
missing)
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-
00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger -
{FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program
Files\Messenger\msmsgs.exe
O15 - Trusted Zone: *.BayLakeBank.com
O15 - Trusted Zone: http://www.brandsaver.com
O15 - Trusted Zone: www.carlsoncontracting.com
O15 - Trusted Zone: http://www.carlsoncontracting.com
O15 - Trusted Zone: *.Dell.com
O15 - Trusted Zone: *.directv.com
O15 - Trusted Zone: bin.mcafee.com
O15 - Trusted Zone: www.mcafee.com
O15 - Trusted Zone: download.nai.com
O15 - Trusted Zone: *.noadware.net
O15 - Trusted Zone: www.oppenheimerfunds.com
O15 - Trusted Zone: *.PCBugDoctor.com
O15 - Trusted Zone: *.peoplepc.com
O15 - Trusted Zone: *.thermador.com
O15 - Trusted Zone: *.windows update
O15 - Trusted Zone: *.www.PGbrandSAVER
O16 - DPF: {192F9A01-8030-48CE-9BC6-B03DE3E613C6}
(PeoplePC Web Installer) -
http://www.peoplepc.com/ppcos/ISP60/Download/ppcwebi.cab
O16 - DPF: {2A32B14F-4D29-4EA3-AC54-E9B19F436CE7}
(Scanner Class) -
http://www.windowsecurity.com/trojanscan/TDECntrl.CAB
O16 - DPF: {4ED9DDF0-7479-4BBE-9335-5A1EDB1D8A21}
(McAfee.com Operating System Class) -
http://download.mcafee.com/molbin/shared/mcinsctl/en-
us/4,0,0,90/mcinsctl.cab
O16 - DPF: {5F0C30E4-1E72-4DCC-85E5-57810F1CA97B}
(McUpdatePortalFactory Class) -
http://www.amiuptodate.com/vsc/bin/1,0,0,7/McUpdatePortal.
cab
O16 - DPF: {94B82441-A413-4E43-8422-D49930E69764}
(TLIEFlashObj Class) -
https://echat.us.dell.com/Media/VisitorChat/TLIEFlash.CAB
O16 - DPF: {F00F4763-7355-4725-82F7-0DA94A256D46}
(IncrediMail) -
http://www5.incredimail.com/contents/setup/downloader_sp1/
imloader.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{07800CA0-6957-
4E00-B298-95F3FE205703}: NameServer = 205.171.3.65
205.171.2.65
O17 - HKLM\System\CS1\Services\Tcpip\..\{07800CA0-6957-
4E00-B298-95F3FE205703}: NameServer = 205.171.3.65
205.171.2.65
O20 - Winlogon Notify: igfxcui - C:\WINDOWS\SYSTEM32
\igfxsrvc.dll
O23 - Service: LexBce Server (LexBceS) - Lexmark
International, Inc. - C:\WINDOWS\system32\LEXBCES.EXE
O23 - Service: McAfee.com McShield (McShield) - Unknown
owner - c:\PROGRA~1\mcafee.com\vso\mcshield.exe
O23 - Service: McAfee SecurityCenter Update Manager
(mcupdmgr.exe) - McAfee, Inc - C:\PROGRA~1
\McAfee.com\Agent\mcupdmgr.exe
O23 - Service: McAfee.com VirusScan Online Realtime
Engine (MCVSRte) - McAfee, Inc - c:\PROGRA~1
\mcafee.com\vso\mcvsrte.exe
O23 - Service: McAfee Personal Firewall Service
(MpfService) - McAfee Corporation - C:\PROGRA~1
\McAfee.com\PERSON~1\MPFSERVICE.exe
O23 - Service: Intel NCS NetService (NetSvc) - Intel(R)
Corporation - C:\Program
Files\Intel\PROSetWired\NCS\Sync\NetSvc.exe
 
D

D@annyBoy

you sho

DLTTHEHOOK wrote in news:[email protected]
I got rid of Incredimail(but I see something is still
lingering in scan), Winferno, Microsoft AntiSpy,
redownloaded PPC and installed Registry Mechanic which
got rid of over 300 problems found. No more rolling
flashlight, things are very quick and I guess you could
say I have a smile instead of a sledge hammer standing
by. rkinner or johnf, should I run the scan again, check
& fix the Incredimail straggler below?

Logfile of HijackThis v1.99.1
Scan saved at 9:36:21 AM, on 5/5/2005
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\LEXBCES.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\LEXPPS.EXE
C:\WINDOWS\system32\netdde.exe
C:\WINDOWS\system32\clipsrv.exe
C:\WINDOWS\System32\snmp.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Intel\Modem Event Monitor\IntelMEM.exe
C:\WINDOWS\system32\hkcmd.exe
C:\WINDOWS\system32\dla\tfswctrl.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\Dell AIO Printer A920\dlbkbmgr.exe
C:\Program Files\Dell\Media Experience\PCMService.exe
C:\Program Files\Dell AIO Printer A920\dlbkbmon.exe
C:\PROGRA~1\PEOPLE~1\propelac.exe
c:\program files\mcafee.com\agent\mcagent.exe
c:\progra~1\mcafee.com\vso\mcvsescn.exe
C:\Program Files\Java\j2re1.4.2_06\bin\jusched.exe
C:\Program Files\MUSICMATCH\Musicmatch Jukebox\mm_tray.exe
C:\Program Files\MusicMatch\MusicMatch Jukebox\mmtask.exe
C:\Program Files\ISP50\Bin\Bartshel.exe
C:\Program Files\Yahoo!\Messenger\ypager.exe
C:\Program Files\Dell Support\DSAgnt.exe
C:\Program Files\FinePixViewer\QuickDCF.exe
C:\PROGRA~1\ISP50\bin\ppshared.exe
c:\progra~1\mcafee.com\vso\mcvsftsn.exe
C:\Program Files\Messenger\msmsgs.exe
C:\PROGRA~1\McAfee.com\PERSON~1\MpfAgent.exe
C:\PROGRA~1\McAfee.com\PERSON~1\MpfTray.exe
C:\PROGRA~1\McAfee.com\PERSON~1\MPFSERVICE.exe
c:\program files\mcafee.com\vso\mcvsshld.exe
c:\PROGRA~1\mcafee.com\vso\mcvsrte.exe
c:\PROGRA~1\mcafee.com\vso\mcshield.exe
C:\Documents and Settings\Donna
Timke\Desktop\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet
Explorer\Main,Default_Page_URL =
http://www.dell4me.com/mywaybiz
R1 - HKCU\Software\Microsoft\Internet
Explorer\Main,Search Bar = http://home.peoplepc.com/search
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start
Page = http://home.peoplepc.com/homepage
R1 - HKLM\Software\Microsoft\Internet
Explorer\Main,Default_Page_URL =
http://www.dell4me.com/mywaybiz
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start
Page = http://www.dell4me.com/mywaybiz
R0 - HKLM\Software\Microsoft\Internet
Explorer\Search,SearchAssistant =
http://home.peoplepc.com/search
R0 - HKLM\Software\Microsoft\Internet
Explorer\Search,CustomizeSearch =
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local
Page = \blank.htm
R1 - HKCU\Software\Microsoft\Internet Connection
Wizard,ShellNext = "C:\Program Files\Outlook
Express\msimn.exe" //eml:D:\McAfee\[JFB-31237] My
computer will be down_-Winferno.eml
R1 -
HKCU\Software\Microsoft\Windows\CurrentVersion\Internet
Settings,ProxyServer = http=localhost:8080
O2 - BHO: Yahoo! Companion BHO - {02478D38-C3F9-4efb-9B51-
7695ECA05670} - C:\Program Files\Yahoo!
\Companion\Installs\cpn1\ycomp5_5_7_0.dll
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-
784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0
\ActiveX\AcroIEHelper.dll
O2 - BHO: DriveLetterAccess - {5CA3D70E-1895-11CF-8E15-
001234567890} - C:\WINDOWS\system32\dla\tfswshx.dll
O2 - BHO: PeoplePal Toolbar - {A8FB8EB3-183B-4598-924D-
86F0E5E37085} - C:\Program
Files\PeoplePC\Toolbar\PPCToolbar.dll
O3 - Toolbar: McAfee VirusScan - {BA52B914-B692-46c4-B683-
905236F6F655} - c:\progra~1\mcafee.com\vso\mcvsshl.dll
O3 - Toolbar: PeoplePal Toolbar - {A8FB8EB3-183B-4598-
924D-86F0E5E37085} - C:\Program
Files\PeoplePC\Toolbar\PPCToolbar.dll
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-
0090271D4F88} - C:\Program Files\Yahoo!
\Companion\Installs\cpn1\ycomp5_5_7_0.dll
O4 - HKLM\..\Run: [IntelMeM] C:\Program Files\Intel\Modem
Event Monitor\IntelMEM.exe
O4 - HKLM\..\Run: [IgfxTray] C:\WINDOWS\system32
\igfxtray.exe
O4 - HKLM\..\Run: [UpdateManager] "C:\Program
Files\Common Files\Sonic\Update Manager\sgtray.exe" /r
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program
Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [PPCRunonce] C:\WINDOWS\system32
\PPCRunOnce.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\system32
\hkcmd.exe
O4 - HKLM\..\Run: [dla] C:\WINDOWS\system32
\dla\tfswctrl.exe
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common
Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [REGSHAVE] C:\Program
Files\REGSHAVE\REGSHAVE.EXE /AUTORUN
O4 - HKLM\..\Run: [Dell AIO Printer A920] "C:\Program
Files\Dell AIO Printer A920\dlbkbmgr.exe"
O4 - HKLM\..\Run: [PCMService] "C:\Program
Files\Dell\Media Experience\PCMService.exe"
O4 - HKLM\..\Run: [VSOCheckTask] "c:\PROGRA~1
\mcafee.com\vso\mcmnhdlr.exe" /checktask
O4 - HKLM\..\Run: [VirusScan Online] "c:\PROGRA~1
\mcafee.com\vso\mcvsshld.exe"
O4 - HKLM\..\Run: [Propel Accelerator] "C:\PROGRA~1
\PEOPLE~1\propelac.exe"
O4 - HKLM\..\Run: [MPFExe] C:\PROGRA~1\McAfee.com\PERSON~1
\MpfTray.exe
O4 - HKLM\..\Run: [MCAgentExe] c:\PROGRA~1
\mcafee.com\agent\mcagent.exe
O4 - HKLM\..\Run: [MCUpdateExe] C:\PROGRA~1
\mcafee.com\agent\McUpdate.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program
Files\Java\j2re1.4.2_06\bin\jusched.exe
O4 - HKLM\..\Run: [MMTray] C:\Program
Files\MUSICMATCH\Musicmatch Jukebox\mm_tray.exe
O4 - HKLM\..\Run: [mmtask] c:\Program
Files\MusicMatch\MusicMatch Jukebox\mmtask.exe
O4 - HKLM\..\Run: [CleanUp] C:\PROGRA~1
\McAfee.com\Shared\mcappins.exe /v=3 /cleanup
O4 - HKLM\..\Run: [RegistryMechanic] C:\Program
Files\Registry Mechanic\RegMech.exe /QS
O4 - HKCU\..\Run: [Yahoo! Pager] C:\Program Files\Yahoo!
\Messenger\ypager.exe -quiet
O4 - HKCU\..\Run: [DellSupport] "C:\Program Files\Dell
Support\DSAgnt.exe" /startup
O4 - HKCU\..\Run: [MSMSGS] "C:\Program
Files\Messenger\msmsgs.exe" /background
O4 - Global Startup: Adobe Reader Speed Launch.lnk =
C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: Exif Launcher.lnk = ?
O4 - Global Startup: Microsoft Office.lnk = C:\Program
Files\Microsoft Office\Office\OSA9.EXE
O6 - HKCU\Software\Policies\Microsoft\Internet
Explorer\Control Panel present
O8 - Extra context menu item: &Yahoo! Search -
file:///C:\Program Files\Yahoo!\Common/ycsrch.htm
O8 - Extra context menu item: Refresh Pa&ge with Full
Quality - C:\Program Files\PeoplePC Accelerated\pac-
page.html
O8 - Extra context menu item: Refresh Pi&cture with Full
Quality - C:\Program Files\PeoplePC Accelerated\pac-
image.html
O8 - Extra context menu item: Yahoo! &Dictionary -
file:///C:\Program Files\Yahoo!\Common/ycdict.htm
O8 - Extra context menu item: Yahoo! &Maps -
file:///C:\Program Files\Yahoo!\Common/ycdict.htm
O9 - Extra button: Messenger - {4528BBE0-4E08-11D5-AD55-
00010333D0AD} - C:\Program Files\Yahoo!
\Messenger\yhexbmes0521.dll
O9 - Extra 'Tools' menuitem: Yahoo! Messenger - {4528BBE0-
4E08-11D5-AD55-00010333D0AD} - C:\Program Files\Yahoo!
\Messenger\yhexbmes0521.dll
O9 - Extra button: MUSICMATCH MX Web Player - {d81ca86b-
ef63-42af-bee3-4502d9a03c2d} -
http://wwws.musicmatch.com/mmz/openWebRadio.html (file
missing)
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-
00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger -
{FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program
Files\Messenger\msmsgs.exe
O15 - Trusted Zone: *.BayLakeBank.com
O15 - Trusted Zone: http://www.brandsaver.com
O15 - Trusted Zone: www.carlsoncontracting.com
O15 - Trusted Zone: http://www.carlsoncontracting.com
O15 - Trusted Zone: *.Dell.com
O15 - Trusted Zone: *.directv.com
O15 - Trusted Zone: bin.mcafee.com
O15 - Trusted Zone: www.mcafee.com
O15 - Trusted Zone: download.nai.com
O15 - Trusted Zone: *.noadware.net
O15 - Trusted Zone: www.oppenheimerfunds.com
O15 - Trusted Zone: *.PCBugDoctor.com
O15 - Trusted Zone: *.peoplepc.com
O15 - Trusted Zone: *.thermador.com
O15 - Trusted Zone: *.windows update
O15 - Trusted Zone: *.www.PGbrandSAVER
O16 - DPF: {192F9A01-8030-48CE-9BC6-B03DE3E613C6}
(PeoplePC Web Installer) -
http://www.peoplepc.com/ppcos/ISP60/Download/ppcwebi.cab
O16 - DPF: {2A32B14F-4D29-4EA3-AC54-E9B19F436CE7}
(Scanner Class) -
http://www.windowsecurity.com/trojanscan/TDECntrl.CAB
O16 - DPF: {4ED9DDF0-7479-4BBE-9335-5A1EDB1D8A21}
(McAfee.com Operating System Class) -
http://download.mcafee.com/molbin/shared/mcinsctl/en-
us/4,0,0,90/mcinsctl.cab
O16 - DPF: {5F0C30E4-1E72-4DCC-85E5-57810F1CA97B}
(McUpdatePortalFactory Class) -
http://www.amiuptodate.com/vsc/bin/1,0,0,7/McUpdatePortal.
cab
O16 - DPF: {94B82441-A413-4E43-8422-D49930E69764}
(TLIEFlashObj Class) -
https://echat.us.dell.com/Media/VisitorChat/TLIEFlash.CAB
O16 - DPF: {F00F4763-7355-4725-82F7-0DA94A256D46}
(IncrediMail) -
http://www5.incredimail.com/contents/setup/downloader_sp1/
imloader.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{07800CA0-6957-
4E00-B298-95F3FE205703}: NameServer = 205.171.3.65
205.171.2.65
O17 - HKLM\System\CS1\Services\Tcpip\..\{07800CA0-6957-
4E00-B298-95F3FE205703}: NameServer = 205.171.3.65
205.171.2.65
O20 - Winlogon Notify: igfxcui - C:\WINDOWS\SYSTEM32
\igfxsrvc.dll
O23 - Service: LexBce Server (LexBceS) - Lexmark
International, Inc. - C:\WINDOWS\system32\LEXBCES.EXE
O23 - Service: McAfee.com McShield (McShield) - Unknown
owner - c:\PROGRA~1\mcafee.com\vso\mcshield.exe
O23 - Service: McAfee SecurityCenter Update Manager
(mcupdmgr.exe) - McAfee, Inc - C:\PROGRA~1
\McAfee.com\Agent\mcupdmgr.exe
O23 - Service: McAfee.com VirusScan Online Realtime
Engine (MCVSRte) - McAfee, Inc - c:\PROGRA~1
\mcafee.com\vso\mcvsrte.exe
O23 - Service: McAfee Personal Firewall Service
(MpfService) - McAfee Corporation - C:\PROGRA~1
\McAfee.com\PERSON~1\MPFSERVICE.exe
O23 - Service: Intel NCS NetService (NetSvc) - Intel(R)
Corporation - C:\Program
Files\Intel\PROSetWired\NCS\Sync\NetSvc.exe
Click to expand...
 
D

D@annyBoy

you should never post the contents of the log here
and don't ask why

DLTTHEHOOK wrote in news:[email protected]
I got rid of Incredimail(but I see something is still
lingering in scan), Winferno, Microsoft AntiSpy,
redownloaded PPC and installed Registry Mechanic which
got rid of over 300 problems found. No more rolling
flashlight, things are very quick and I guess you could
say I have a smile instead of a sledge hammer standing
by. rkinner or johnf, should I run the scan again, check
& fix the Incredimail straggler below?

Logfile of HijackThis v1.99.1
Scan saved at 9:36:21 AM, on 5/5/2005
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\LEXBCES.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\LEXPPS.EXE
C:\WINDOWS\system32\netdde.exe
C:\WINDOWS\system32\clipsrv.exe
C:\WINDOWS\System32\snmp.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Intel\Modem Event Monitor\IntelMEM.exe
C:\WINDOWS\system32\hkcmd.exe
C:\WINDOWS\system32\dla\tfswctrl.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\Dell AIO Printer A920\dlbkbmgr.exe
C:\Program Files\Dell\Media Experience\PCMService.exe
C:\Program Files\Dell AIO Printer A920\dlbkbmon.exe
C:\PROGRA~1\PEOPLE~1\propelac.exe
c:\program files\mcafee.com\agent\mcagent.exe
c:\progra~1\mcafee.com\vso\mcvsescn.exe
C:\Program Files\Java\j2re1.4.2_06\bin\jusched.exe
C:\Program Files\MUSICMATCH\Musicmatch Jukebox\mm_tray.exe
C:\Program Files\MusicMatch\MusicMatch Jukebox\mmtask.exe
C:\Program Files\ISP50\Bin\Bartshel.exe
C:\Program Files\Yahoo!\Messenger\ypager.exe
C:\Program Files\Dell Support\DSAgnt.exe
C:\Program Files\FinePixViewer\QuickDCF.exe
C:\PROGRA~1\ISP50\bin\ppshared.exe
c:\progra~1\mcafee.com\vso\mcvsftsn.exe
C:\Program Files\Messenger\msmsgs.exe
C:\PROGRA~1\McAfee.com\PERSON~1\MpfAgent.exe
C:\PROGRA~1\McAfee.com\PERSON~1\MpfTray.exe
C:\PROGRA~1\McAfee.com\PERSON~1\MPFSERVICE.exe
c:\program files\mcafee.com\vso\mcvsshld.exe
c:\PROGRA~1\mcafee.com\vso\mcvsrte.exe
c:\PROGRA~1\mcafee.com\vso\mcshield.exe
C:\Documents and Settings\Donna
Timke\Desktop\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet
Explorer\Main,Default_Page_URL =
http://www.dell4me.com/mywaybiz
R1 - HKCU\Software\Microsoft\Internet
Explorer\Main,Search Bar = http://home.peoplepc.com/search
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start
Page = http://home.peoplepc.com/homepage
R1 - HKLM\Software\Microsoft\Internet
Explorer\Main,Default_Page_URL =
http://www.dell4me.com/mywaybiz
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start
Page = http://www.dell4me.com/mywaybiz
R0 - HKLM\Software\Microsoft\Internet
Explorer\Search,SearchAssistant =
http://home.peoplepc.com/search
R0 - HKLM\Software\Microsoft\Internet
Explorer\Search,CustomizeSearch =
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local
Page = \blank.htm
R1 - HKCU\Software\Microsoft\Internet Connection
Wizard,ShellNext = "C:\Program Files\Outlook
Express\msimn.exe" //eml:D:\McAfee\[JFB-31237] My
computer will be down_-Winferno.eml
R1 -
HKCU\Software\Microsoft\Windows\CurrentVersion\Internet
Settings,ProxyServer = http=localhost:8080
O2 - BHO: Yahoo! Companion BHO - {02478D38-C3F9-4efb-9B51-
7695ECA05670} - C:\Program Files\Yahoo!
\Companion\Installs\cpn1\ycomp5_5_7_0.dll
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-
784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0
\ActiveX\AcroIEHelper.dll
O2 - BHO: DriveLetterAccess - {5CA3D70E-1895-11CF-8E15-
001234567890} - C:\WINDOWS\system32\dla\tfswshx.dll
O2 - BHO: PeoplePal Toolbar - {A8FB8EB3-183B-4598-924D-
86F0E5E37085} - C:\Program
Files\PeoplePC\Toolbar\PPCToolbar.dll
O3 - Toolbar: McAfee VirusScan - {BA52B914-B692-46c4-B683-
905236F6F655} - c:\progra~1\mcafee.com\vso\mcvsshl.dll
O3 - Toolbar: PeoplePal Toolbar - {A8FB8EB3-183B-4598-
924D-86F0E5E37085} - C:\Program
Files\PeoplePC\Toolbar\PPCToolbar.dll
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-
0090271D4F88} - C:\Program Files\Yahoo!
\Companion\Installs\cpn1\ycomp5_5_7_0.dll
O4 - HKLM\..\Run: [IntelMeM] C:\Program Files\Intel\Modem
Event Monitor\IntelMEM.exe
O4 - HKLM\..\Run: [IgfxTray] C:\WINDOWS\system32
\igfxtray.exe
O4 - HKLM\..\Run: [UpdateManager] "C:\Program
Files\Common Files\Sonic\Update Manager\sgtray.exe" /r
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program
Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [PPCRunonce] C:\WINDOWS\system32
\PPCRunOnce.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\system32
\hkcmd.exe
O4 - HKLM\..\Run: [dla] C:\WINDOWS\system32
\dla\tfswctrl.exe
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common
Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [REGSHAVE] C:\Program
Files\REGSHAVE\REGSHAVE.EXE /AUTORUN
O4 - HKLM\..\Run: [Dell AIO Printer A920] "C:\Program
Files\Dell AIO Printer A920\dlbkbmgr.exe"
O4 - HKLM\..\Run: [PCMService] "C:\Program
Files\Dell\Media Experience\PCMService.exe"
O4 - HKLM\..\Run: [VSOCheckTask] "c:\PROGRA~1
\mcafee.com\vso\mcmnhdlr.exe" /checktask
O4 - HKLM\..\Run: [VirusScan Online] "c:\PROGRA~1
\mcafee.com\vso\mcvsshld.exe"
O4 - HKLM\..\Run: [Propel Accelerator] "C:\PROGRA~1
\PEOPLE~1\propelac.exe"
O4 - HKLM\..\Run: [MPFExe] C:\PROGRA~1\McAfee.com\PERSON~1
\MpfTray.exe
O4 - HKLM\..\Run: [MCAgentExe] c:\PROGRA~1
\mcafee.com\agent\mcagent.exe
O4 - HKLM\..\Run: [MCUpdateExe] C:\PROGRA~1
\mcafee.com\agent\McUpdate.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program
Files\Java\j2re1.4.2_06\bin\jusched.exe
O4 - HKLM\..\Run: [MMTray] C:\Program
Files\MUSICMATCH\Musicmatch Jukebox\mm_tray.exe
O4 - HKLM\..\Run: [mmtask] c:\Program
Files\MusicMatch\MusicMatch Jukebox\mmtask.exe
O4 - HKLM\..\Run: [CleanUp] C:\PROGRA~1
\McAfee.com\Shared\mcappins.exe /v=3 /cleanup
O4 - HKLM\..\Run: [RegistryMechanic] C:\Program
Files\Registry Mechanic\RegMech.exe /QS
O4 - HKCU\..\Run: [Yahoo! Pager] C:\Program Files\Yahoo!
\Messenger\ypager.exe -quiet
O4 - HKCU\..\Run: [DellSupport] "C:\Program Files\Dell
Support\DSAgnt.exe" /startup
O4 - HKCU\..\Run: [MSMSGS] "C:\Program
Files\Messenger\msmsgs.exe" /background
O4 - Global Startup: Adobe Reader Speed Launch.lnk =
C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: Exif Launcher.lnk = ?
O4 - Global Startup: Microsoft Office.lnk = C:\Program
Files\Microsoft Office\Office\OSA9.EXE
O6 - HKCU\Software\Policies\Microsoft\Internet
Explorer\Control Panel present
O8 - Extra context menu item: &Yahoo! Search -
file:///C:\Program Files\Yahoo!\Common/ycsrch.htm
O8 - Extra context menu item: Refresh Pa&ge with Full
Quality - C:\Program Files\PeoplePC Accelerated\pac-
page.html
O8 - Extra context menu item: Refresh Pi&cture with Full
Quality - C:\Program Files\PeoplePC Accelerated\pac-
image.html
O8 - Extra context menu item: Yahoo! &Dictionary -
file:///C:\Program Files\Yahoo!\Common/ycdict.htm
O8 - Extra context menu item: Yahoo! &Maps -
file:///C:\Program Files\Yahoo!\Common/ycdict.htm
O9 - Extra button: Messenger - {4528BBE0-4E08-11D5-AD55-
00010333D0AD} - C:\Program Files\Yahoo!
\Messenger\yhexbmes0521.dll
O9 - Extra 'Tools' menuitem: Yahoo! Messenger - {4528BBE0-
4E08-11D5-AD55-00010333D0AD} - C:\Program Files\Yahoo!
\Messenger\yhexbmes0521.dll
O9 - Extra button: MUSICMATCH MX Web Player - {d81ca86b-
ef63-42af-bee3-4502d9a03c2d} -
http://wwws.musicmatch.com/mmz/openWebRadio.html (file
missing)
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-
00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger -
{FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program
Files\Messenger\msmsgs.exe
O15 - Trusted Zone: *.BayLakeBank.com
O15 - Trusted Zone: http://www.brandsaver.com
O15 - Trusted Zone: www.carlsoncontracting.com
O15 - Trusted Zone: http://www.carlsoncontracting.com
O15 - Trusted Zone: *.Dell.com
O15 - Trusted Zone: *.directv.com
O15 - Trusted Zone: bin.mcafee.com
O15 - Trusted Zone: www.mcafee.com
O15 - Trusted Zone: download.nai.com
O15 - Trusted Zone: *.noadware.net
O15 - Trusted Zone: www.oppenheimerfunds.com
O15 - Trusted Zone: *.PCBugDoctor.com
O15 - Trusted Zone: *.peoplepc.com
O15 - Trusted Zone: *.thermador.com
O15 - Trusted Zone: *.windows update
O15 - Trusted Zone: *.www.PGbrandSAVER
O16 - DPF: {192F9A01-8030-48CE-9BC6-B03DE3E613C6}
(PeoplePC Web Installer) -
http://www.peoplepc.com/ppcos/ISP60/Download/ppcwebi.cab
O16 - DPF: {2A32B14F-4D29-4EA3-AC54-E9B19F436CE7}
(Scanner Class) -
http://www.windowsecurity.com/trojanscan/TDECntrl.CAB
O16 - DPF: {4ED9DDF0-7479-4BBE-9335-5A1EDB1D8A21}
(McAfee.com Operating System Class) -
http://download.mcafee.com/molbin/shared/mcinsctl/en-
us/4,0,0,90/mcinsctl.cab
O16 - DPF: {5F0C30E4-1E72-4DCC-85E5-57810F1CA97B}
(McUpdatePortalFactory Class) -
http://www.amiuptodate.com/vsc/bin/1,0,0,7/McUpdatePortal.
cab
O16 - DPF: {94B82441-A413-4E43-8422-D49930E69764}
(TLIEFlashObj Class) -
https://echat.us.dell.com/Media/VisitorChat/TLIEFlash.CAB
O16 - DPF: {F00F4763-7355-4725-82F7-0DA94A256D46}
(IncrediMail) -
http://www5.incredimail.com/contents/setup/downloader_sp1/
imloader.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{07800CA0-6957-
4E00-B298-95F3FE205703}: NameServer = 205.171.3.65
205.171.2.65
O17 - HKLM\System\CS1\Services\Tcpip\..\{07800CA0-6957-
4E00-B298-95F3FE205703}: NameServer = 205.171.3.65
205.171.2.65
O20 - Winlogon Notify: igfxcui - C:\WINDOWS\SYSTEM32
\igfxsrvc.dll
O23 - Service: LexBce Server (LexBceS) - Lexmark
International, Inc. - C:\WINDOWS\system32\LEXBCES.EXE
O23 - Service: McAfee.com McShield (McShield) - Unknown
owner - c:\PROGRA~1\mcafee.com\vso\mcshield.exe
O23 - Service: McAfee SecurityCenter Update Manager
(mcupdmgr.exe) - McAfee, Inc - C:\PROGRA~1
\McAfee.com\Agent\mcupdmgr.exe
O23 - Service: McAfee.com VirusScan Online Realtime
Engine (MCVSRte) - McAfee, Inc - c:\PROGRA~1
\mcafee.com\vso\mcvsrte.exe
O23 - Service: McAfee Personal Firewall Service
(MpfService) - McAfee Corporation - C:\PROGRA~1
\McAfee.com\PERSON~1\MPFSERVICE.exe
O23 - Service: Intel NCS NetService (NetSvc) - Intel(R)
Corporation - C:\Program
Files\Intel\PROSetWired\NCS\Sync\NetSvc.exe
Click to expand...
 
J

JohnF.

DLT,

Work with Ron Kinner on this one - send your hjt logs to:

- Ron's email address is (e-mail address removed)
- Put Hijack in the subject so he knows it's not spam
- He will tell you what to do next

Ignore DannyBoy, somebody must have put bugspray in his juice bottle
this morning!


I got rid of Incredimail(but I see something is still
lingering in scan), Winferno, Microsoft AntiSpy,
redownloaded PPC and installed Registry Mechanic which
got rid of over 300 problems found. No more rolling
flashlight, things are very quick and I guess you could
say I have a smile instead of a sledge hammer standing
by. rkinner or johnf, should I run the scan again, check
& fix the Incredimail straggler below?

Logfile of HijackThis v1.99.1
Scan saved at 9:36:21 AM, on 5/5/2005
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\LEXBCES.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\LEXPPS.EXE
C:\WINDOWS\system32\netdde.exe
C:\WINDOWS\system32\clipsrv.exe
C:\WINDOWS\System32\snmp.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Intel\Modem Event Monitor\IntelMEM.exe
C:\WINDOWS\system32\hkcmd.exe
C:\WINDOWS\system32\dla\tfswctrl.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\Dell AIO Printer A920\dlbkbmgr.exe
C:\Program Files\Dell\Media Experience\PCMService.exe
C:\Program Files\Dell AIO Printer A920\dlbkbmon.exe
C:\PROGRA~1\PEOPLE~1\propelac.exe
c:\program files\mcafee.com\agent\mcagent.exe
c:\progra~1\mcafee.com\vso\mcvsescn.exe
C:\Program Files\Java\j2re1.4.2_06\bin\jusched.exe
C:\Program Files\MUSICMATCH\Musicmatch Jukebox\mm_tray.exe
C:\Program Files\MusicMatch\MusicMatch Jukebox\mmtask.exe
C:\Program Files\ISP50\Bin\Bartshel.exe
C:\Program Files\Yahoo!\Messenger\ypager.exe
C:\Program Files\Dell Support\DSAgnt.exe
C:\Program Files\FinePixViewer\QuickDCF.exe
C:\PROGRA~1\ISP50\bin\ppshared.exe
c:\progra~1\mcafee.com\vso\mcvsftsn.exe
C:\Program Files\Messenger\msmsgs.exe
C:\PROGRA~1\McAfee.com\PERSON~1\MpfAgent.exe
C:\PROGRA~1\McAfee.com\PERSON~1\MpfTray.exe
C:\PROGRA~1\McAfee.com\PERSON~1\MPFSERVICE.exe
c:\program files\mcafee.com\vso\mcvsshld.exe
c:\PROGRA~1\mcafee.com\vso\mcvsrte.exe
c:\PROGRA~1\mcafee.com\vso\mcshield.exe
C:\Documents and Settings\Donna
Timke\Desktop\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet
Explorer\Main,Default_Page_URL =
http://www.dell4me.com/mywaybiz
R1 - HKCU\Software\Microsoft\Internet
Explorer\Main,Search Bar = http://home.peoplepc.com/search
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start
Page = http://home.peoplepc.com/homepage
R1 - HKLM\Software\Microsoft\Internet
Explorer\Main,Default_Page_URL =
http://www.dell4me.com/mywaybiz
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start
Page = http://www.dell4me.com/mywaybiz
R0 - HKLM\Software\Microsoft\Internet
Explorer\Search,SearchAssistant =
http://home.peoplepc.com/search
R0 - HKLM\Software\Microsoft\Internet
Explorer\Search,CustomizeSearch =
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local
Page = \blank.htm
R1 - HKCU\Software\Microsoft\Internet Connection
Wizard,ShellNext = "C:\Program Files\Outlook
Express\msimn.exe" //eml:D:\McAfee\[JFB-31237] My
computer will be down_-Winferno.eml
R1 -
HKCU\Software\Microsoft\Windows\CurrentVersion\Internet
Settings,ProxyServer = http=localhost:8080
O2 - BHO: Yahoo! Companion BHO - {02478D38-C3F9-4efb-9B51-
7695ECA05670} - C:\Program Files\Yahoo!
\Companion\Installs\cpn1\ycomp5_5_7_0.dll
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-
784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0
\ActiveX\AcroIEHelper.dll
O2 - BHO: DriveLetterAccess - {5CA3D70E-1895-11CF-8E15-
001234567890} - C:\WINDOWS\system32\dla\tfswshx.dll
O2 - BHO: PeoplePal Toolbar - {A8FB8EB3-183B-4598-924D-
86F0E5E37085} - C:\Program
Files\PeoplePC\Toolbar\PPCToolbar.dll
O3 - Toolbar: McAfee VirusScan - {BA52B914-B692-46c4-B683-
905236F6F655} - c:\progra~1\mcafee.com\vso\mcvsshl.dll
O3 - Toolbar: PeoplePal Toolbar - {A8FB8EB3-183B-4598-
924D-86F0E5E37085} - C:\Program
Files\PeoplePC\Toolbar\PPCToolbar.dll
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-
0090271D4F88} - C:\Program Files\Yahoo!
\Companion\Installs\cpn1\ycomp5_5_7_0.dll
O4 - HKLM\..\Run: [IntelMeM] C:\Program Files\Intel\Modem
Event Monitor\IntelMEM.exe
O4 - HKLM\..\Run: [IgfxTray] C:\WINDOWS\system32
\igfxtray.exe
O4 - HKLM\..\Run: [UpdateManager] "C:\Program
Files\Common Files\Sonic\Update Manager\sgtray.exe" /r
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program
Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [PPCRunonce] C:\WINDOWS\system32
\PPCRunOnce.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\system32
\hkcmd.exe
O4 - HKLM\..\Run: [dla] C:\WINDOWS\system32
\dla\tfswctrl.exe
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common
Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [REGSHAVE] C:\Program
Files\REGSHAVE\REGSHAVE.EXE /AUTORUN
O4 - HKLM\..\Run: [Dell AIO Printer A920] "C:\Program
Files\Dell AIO Printer A920\dlbkbmgr.exe"
O4 - HKLM\..\Run: [PCMService] "C:\Program
Files\Dell\Media Experience\PCMService.exe"
O4 - HKLM\..\Run: [VSOCheckTask] "c:\PROGRA~1
\mcafee.com\vso\mcmnhdlr.exe" /checktask
O4 - HKLM\..\Run: [VirusScan Online] "c:\PROGRA~1
\mcafee.com\vso\mcvsshld.exe"
O4 - HKLM\..\Run: [Propel Accelerator] "C:\PROGRA~1
\PEOPLE~1\propelac.exe"
O4 - HKLM\..\Run: [MPFExe] C:\PROGRA~1\McAfee.com\PERSON~1
\MpfTray.exe
O4 - HKLM\..\Run: [MCAgentExe] c:\PROGRA~1
\mcafee.com\agent\mcagent.exe
O4 - HKLM\..\Run: [MCUpdateExe] C:\PROGRA~1
\mcafee.com\agent\McUpdate.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program
Files\Java\j2re1.4.2_06\bin\jusched.exe
O4 - HKLM\..\Run: [MMTray] C:\Program
Files\MUSICMATCH\Musicmatch Jukebox\mm_tray.exe
O4 - HKLM\..\Run: [mmtask] c:\Program
Files\MusicMatch\MusicMatch Jukebox\mmtask.exe
O4 - HKLM\..\Run: [CleanUp] C:\PROGRA~1
\McAfee.com\Shared\mcappins.exe /v=3 /cleanup
O4 - HKLM\..\Run: [RegistryMechanic] C:\Program
Files\Registry Mechanic\RegMech.exe /QS
O4 - HKCU\..\Run: [Yahoo! Pager] C:\Program Files\Yahoo!
\Messenger\ypager.exe -quiet
O4 - HKCU\..\Run: [DellSupport] "C:\Program Files\Dell
Support\DSAgnt.exe" /startup
O4 - HKCU\..\Run: [MSMSGS] "C:\Program
Files\Messenger\msmsgs.exe" /background
O4 - Global Startup: Adobe Reader Speed Launch.lnk =
C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: Exif Launcher.lnk = ?
O4 - Global Startup: Microsoft Office.lnk = C:\Program
Files\Microsoft Office\Office\OSA9.EXE
O6 - HKCU\Software\Policies\Microsoft\Internet
Explorer\Control Panel present
O8 - Extra context menu item: &Yahoo! Search -
file:///C:\Program Files\Yahoo!\Common/ycsrch.htm
O8 - Extra context menu item: Refresh Pa&ge with Full
Quality - C:\Program Files\PeoplePC Accelerated\pac-
page.html
O8 - Extra context menu item: Refresh Pi&cture with Full
Quality - C:\Program Files\PeoplePC Accelerated\pac-
image.html
O8 - Extra context menu item: Yahoo! &Dictionary -
file:///C:\Program Files\Yahoo!\Common/ycdict.htm
O8 - Extra context menu item: Yahoo! &Maps -
file:///C:\Program Files\Yahoo!\Common/ycdict.htm
O9 - Extra button: Messenger - {4528BBE0-4E08-11D5-AD55-
00010333D0AD} - C:\Program Files\Yahoo!
\Messenger\yhexbmes0521.dll
O9 - Extra 'Tools' menuitem: Yahoo! Messenger - {4528BBE0-
4E08-11D5-AD55-00010333D0AD} - C:\Program Files\Yahoo!
\Messenger\yhexbmes0521.dll
O9 - Extra button: MUSICMATCH MX Web Player - {d81ca86b-
ef63-42af-bee3-4502d9a03c2d} -
http://wwws.musicmatch.com/mmz/openWebRadio.html (file
missing)
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-
00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger -
{FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program
Files\Messenger\msmsgs.exe
O15 - Trusted Zone: *.BayLakeBank.com
O15 - Trusted Zone: http://www.brandsaver.com
O15 - Trusted Zone: www.carlsoncontracting.com
O15 - Trusted Zone: http://www.carlsoncontracting.com
O15 - Trusted Zone: *.Dell.com
O15 - Trusted Zone: *.directv.com
O15 - Trusted Zone: bin.mcafee.com
O15 - Trusted Zone: www.mcafee.com
O15 - Trusted Zone: download.nai.com
O15 - Trusted Zone: *.noadware.net
O15 - Trusted Zone: www.oppenheimerfunds.com
O15 - Trusted Zone: *.PCBugDoctor.com
O15 - Trusted Zone: *.peoplepc.com
O15 - Trusted Zone: *.thermador.com
O15 - Trusted Zone: *.windows update
O15 - Trusted Zone: *.www.PGbrandSAVER
O16 - DPF: {192F9A01-8030-48CE-9BC6-B03DE3E613C6}
(PeoplePC Web Installer) -
http://www.peoplepc.com/ppcos/ISP60/Download/ppcwebi.cab
O16 - DPF: {2A32B14F-4D29-4EA3-AC54-E9B19F436CE7}
(Scanner Class) -
http://www.windowsecurity.com/trojanscan/TDECntrl.CAB
O16 - DPF: {4ED9DDF0-7479-4BBE-9335-5A1EDB1D8A21}
(McAfee.com Operating System Class) -
http://download.mcafee.com/molbin/shared/mcinsctl/en-
us/4,0,0,90/mcinsctl.cab
O16 - DPF: {5F0C30E4-1E72-4DCC-85E5-57810F1CA97B}
(McUpdatePortalFactory Class) -
http://www.amiuptodate.com/vsc/bin/1,0,0,7/McUpdatePortal.
cab
O16 - DPF: {94B82441-A413-4E43-8422-D49930E69764}
(TLIEFlashObj Class) -
https://echat.us.dell.com/Media/VisitorChat/TLIEFlash.CAB
O16 - DPF: {F00F4763-7355-4725-82F7-0DA94A256D46}
(IncrediMail) -
http://www5.incredimail.com/contents/setup/downloader_sp1/
imloader.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{07800CA0-6957-
4E00-B298-95F3FE205703}: NameServer = 205.171.3.65
205.171.2.65
O17 - HKLM\System\CS1\Services\Tcpip\..\{07800CA0-6957-
4E00-B298-95F3FE205703}: NameServer = 205.171.3.65
205.171.2.65
O20 - Winlogon Notify: igfxcui - C:\WINDOWS\SYSTEM32
\igfxsrvc.dll
O23 - Service: LexBce Server (LexBceS) - Lexmark
International, Inc. - C:\WINDOWS\system32\LEXBCES.EXE
O23 - Service: McAfee.com McShield (McShield) - Unknown
owner - c:\PROGRA~1\mcafee.com\vso\mcshield.exe
O23 - Service: McAfee SecurityCenter Update Manager
(mcupdmgr.exe) - McAfee, Inc - C:\PROGRA~1
\McAfee.com\Agent\mcupdmgr.exe
O23 - Service: McAfee.com VirusScan Online Realtime
Engine (MCVSRte) - McAfee, Inc - c:\PROGRA~1
\mcafee.com\vso\mcvsrte.exe
O23 - Service: McAfee Personal Firewall Service
(MpfService) - McAfee Corporation - C:\PROGRA~1
\McAfee.com\PERSON~1\MPFSERVICE.exe
O23 - Service: Intel NCS NetService (NetSvc) - Intel(R)
Corporation - C:\Program
Files\Intel\PROSetWired\NCS\Sync\NetSvc.exe
Click to expand...
 

Ask a Question

Want to reply to this thread or ask your own question?

You'll need to choose a username for the site, which only take a couple of moments. After that, you can post your question and our members will help you out.

Ask a Question

Similar Threads

Backdoor.Ryejet 1
Windows XP Control Panel Missing 7
Ads served by Adsite 2
Windows 7 "Windows cannot find svchost.exe?" 1
Virtumonde 0
cant get rid of trojan geeda.dll 0
lop.com (Help me remove this Please) 1
Ron Kinner could you help? 8

Top