Page 1 of 2 12 LastLast
Results 1 to 10 of 11

Thread: Mmmc2.bin

  1. #1
    Member
    Join Date
    Dec 2007
    Posts
    7
    Points
    0

    Default Mmmc2.bin

    I have a Dell Dimension E510 that is running XP. I have started getting a pop-up error that states
    "mmc2.bin-unable to locate component'
    "This application has hailed to start because iil10.dll was not found. Re-installing the application may fix this problem." I've attached a screen shot.

    I ran a windows search for mmc2.bin and only wound it located in my windows root directory.

    Any suggestions on what is going-on and how to fix it?

    Thanks!

  2. #2
    Member
    Join Date
    Dec 2002
    Posts
    12,000
    Points
    1191

    Default

    I believe the error is ijl10.dll, not iil10.dll.

    Please go to VirusTotal here

    http://www.virustotal.com/en/indexf.html

    In the middle of the page you'll find a Browse button.



    Copy and paste the following:

    C:\WINDOWS\mmc2.bin

    (I am assuming root drive is your "C")

    Click the Send File button

    Copy the report it create and paste that report in your next reply.

    BG

  3. #3
    Member
    Join Date
    Dec 2007
    Posts
    7
    Points
    0

    Default

    Here is the report it generated:

    File mmc2.bin received on 12.04.2007 20:23:59 (CET)
    Current status: Loading ... queued waiting scanning finished NOT FOUND STOPPED


    Result: 6/32 (18.75%)
    Loading server information...
    Your file is queued in position: ___.
    Estimated start time is between ___ and ___ .
    Do not close the window until scan is complete.
    The scanner that was processing your file is stopped at this moment, we are going to wait a few seconds to try to recover your result.
    If you are waiting for more than five minutes you have to resend your file.
    Your file is being scanned by VirusTotal in this moment,
    results will be shown as they're generated.
    Compact Print results
    Your file has expired or does not exists.
    Service is stopped in this moments, your file is waiting to be scanned (position: ) for an undefined time.

    You can wait for web response (automatic reload) or type your email in the form below and click "request" so the system sends you a notification when the scan is finished.
    Email:


    Antivirus Version Last Update Result
    AhnLab-V3 - - -
    AntiVir - - -
    Authentium - - -
    Avast - - -
    AVG - - -
    BitDefender - - -
    CAT-QuickHeal - - -
    ClamAV - - Trojan.Dropper-3177
    DrWeb - - Trojan.DownLoader.37467
    eSafe - - suspicious Trojan/Worm
    eTrust-Vet - - -
    Ewido - - -
    FileAdvisor - - -
    Fortinet - - -
    F-Prot - - -
    F-Secure - - -
    Ikarus - - -
    Kaspersky - - -
    McAfee - - -
    Microsoft - - -
    NOD32v2 - - -
    Norman - - -
    Panda - - Trj/AccountMaker.A
    Prevx1 - - Malware.Gen
    Rising - - -
    Sophos - - -
    Sunbelt - - -
    Symantec - - -
    TheHacker - - -
    VBA32 - - suspected of Malware.Delf.69
    VirusBuster - - -
    Webwasher-Gateway - - -

  4. #4
    Member
    Join Date
    Dec 2002
    Posts
    12,000
    Points
    1191

    Default

    Perform an online scan with Internet Explorer with Panda ActiveScan
    1. Click on located at the bottom of the page.
    2. A "pop up" window will appear. * Please ensure that your pop up blocker doesn't block it *
    3. Enter your e-mail address, country, and state & click "Free Online Scan" *The download of the 8 MB Panda's ActiveX control will take place*
    Begin the scan by selecting
    • If it finds any malware, it will offer you a report.
    • Please ignore any entry it finds and the offer to buy the program to remove the entry, as we will address this later.
    • Click on then click
    * You needn't remain online while it's doing the scan but you have to re-connect after it has finished to see the report.
    * Turn off the real time scanner of any existing antivirus program while performing the online scan.

    Next...........

    Download ...

    HiJackThis log - Trend Micro HijackThis 2.0.2
    Click here to download HJTInstall.exe
    • Save HJTInstall.exe to your desktop.
    • Doubleclick on the HJTInstall.exe icon on your desktop.
    • By default it will install to C:\Program Files\Trend Micro\HijackThis .
    • Click on Install.
    • It will create a HijackThis icon on the desktop.
    • Once installed, it will launch Hijackthis.
    • Click on the Do a system scan and save a logfile button. It will scan and the log should open in notepad.
    • Click on "Edit > Select All" then click on "Edit > Copy" and Paste the entire contents of the log (no attachments) into your next post.

    DO NOT use the AnalyseThis button, its findings are dangerous if misinterpreted.
    DO NOT have Hijackthis fix anything yet. Most of what HJT lists will be harmless or even required by your Operating System, a spyware fighter will guide you.

    We need to see the Saved Panda log and the HJT log in your next post.

    BG

  5. #5
    Member
    Join Date
    Dec 2007
    Posts
    7
    Points
    0

    Default results of scans

    thanks for all your help. i followed your instructions and below are the text files generated from the two scans. i should mention that i have mcafee also installed and have scanned the last two days with each day finding a new junk. i keep getting various windows pop-ups informing me of error with vaariopus files (i.e. mmoc.bin, mmoc1.exe, nm_tmpyh_co.exe) when i disk scan these files are in c;:/windows and have created dates for yesterday and today. really freaky was this morning when i opend an ie browser several other browser we also opened...


    Incident Status Location

    Adware:Adware/CWS Not disinfected c:\windows\mmall.exe
    Spyware:Cookie/2o7 Not disinfected C:\Documents and Settings\Robert Hoffman\Cookies\robert hoffman@112.2o7[1].txt
    Spyware:Cookie/Adrevolver Not disinfected C:\Documents and Settings\Robert Hoffman\Cookies\robert hoffman@adrevolver[2].txt
    Spyware:Cookie/Adrevolver Not disinfected C:\Documents and Settings\Robert Hoffman\Cookies\robert hoffman@adrevolver[3].txt
    Spyware:Cookie/Adserver Not disinfected C:\Documents and Settings\Robert Hoffman\Cookies\robert hoffman@adserver.easyad[1].txt
    Spyware:Cookie/Adtech Not disinfected C:\Documents and Settings\Robert Hoffman\Cookies\robert hoffman@adtech[1].txt
    Spyware:Cookie/Apmebf Not disinfected C:\Documents and Settings\Robert Hoffman\Cookies\robert hoffman@apmebf[1].txt
    Spyware:Cookie/Atlas DMT Not disinfected C:\Documents and Settings\Robert Hoffman\Cookies\robert hoffman@atdmt[2].txt
    Spyware:Cookie/Atwola Not disinfected C:\Documents and Settings\Robert Hoffman\Cookies\robert hoffman@atwola[2].txt
    Spyware:Cookie/Bfast Not disinfected C:\Documents and Settings\Robert Hoffman\Cookies\robert hoffman@bfast[1].txt
    Spyware:Cookie/Bluestreak Not disinfected C:\Documents and Settings\Robert Hoffman\Cookies\robert hoffman@bluestreak[2].txt
    Spyware:Cookie/bravenetA Not disinfected C:\Documents and Settings\Robert Hoffman\Cookies\robert hoffman@bravenet[2].txt
    Spyware:Cookie/Serving-sys Not disinfected C:\Documents and Settings\Robert Hoffman\Cookies\robert hoffman@bs.serving-sys[2].txt
    Spyware:Cookie/Com.com Not disinfected C:\Documents and Settings\Robert Hoffman\Cookies\robert hoffman@com[1].txt
    Spyware:Cookie/Hitslink Not disinfected C:\Documents and Settings\Robert Hoffman\Cookies\robert hoffman@counter.hitslink[1].txt
    Spyware:Cookie/did-it Not disinfected C:\Documents and Settings\Robert Hoffman\Cookies\robert hoffman@did-it[1].txt
    Spyware:Cookie/Doubleclick Not disinfected C:\Documents and Settings\Robert Hoffman\Cookies\robert hoffman@doubleclick[1].txt
    Spyware:Cookie/Hitbox Not disinfected C:\Documents and Settings\Robert Hoffman\Cookies\robert hoffman@ehg-dig.hitbox[2].txt
    Spyware:Cookie/Go Not disinfected C:\Documents and Settings\Robert Hoffman\Cookies\robert hoffman@go[2].txt
    Spyware:Cookie/Humanclick Not disinfected C:\Documents and Settings\Robert Hoffman\Cookies\robert hoffman@hc2.humanclick[1].txt
    Spyware:Cookie/Itrack Not disinfected C:\Documents and Settings\Robert Hoffman\Cookies\robert hoffman@ilead.itrack[1].txt
    Spyware:Cookie/Linksynergy Not disinfected C:\Documents and Settings\Robert Hoffman\Cookies\robert hoffman@linksynergy[1].txt
    Spyware:Cookie/Mediaplex Not disinfected C:\Documents and Settings\Robert Hoffman\Cookies\robert hoffman@mediaplex[2].txt
    Spyware:Cookie/Overture Not disinfected C:\Documents and Settings\Robert Hoffman\Cookies\robert hoffman@perf.overture[1].txt
    Spyware:Cookie/Hitbox Not disinfected C:\Documents and Settings\Robert Hoffman\Cookies\robert hoffman@phg.hitbox[1].txt
    Spyware:Cookie/RealMedia Not disinfected C:\Documents and Settings\Robert Hoffman\Cookies\robert hoffman@realmedia[2].txt
    Spyware:Cookie/Server.iad.Liveperson Not disinfected C:\Documents and Settings\Robert Hoffman\Cookies\robert hoffman@server.iad.liveperson[1].txt
    Spyware:Cookie/Serving-sys Not disinfected C:\Documents and Settings\Robert Hoffman\Cookies\robert hoffman@serving-sys[2].txt
    Spyware:Cookie/Statcounter Not disinfected C:\Documents and Settings\Robert Hoffman\Cookies\robert hoffman@statcounter[2].txt
    Spyware:Cookie/Target Not disinfected C:\Documents and Settings\Robert Hoffman\Cookies\robert hoffman@target[1].txt
    Spyware:Cookie/BurstBeacon Not disinfected C:\Documents and Settings\Robert Hoffman\Cookies\robert hoffman@www.burstbeacon[1].txt
    Spyware:Cookie/Xiti Not disinfected C:\Documents and Settings\Robert Hoffman\Cookies\robert hoffman@xiti[1].txt
    Spyware:Cookie/YieldManager Not disinfected C:\Documents and Settings\Robert Hoffman\Cookies\robert_hoffman@ad.yieldmanager[2].txt
    Spyware:Cookie/AdDynamix Not disinfected C:\Documents and Settings\Robert Hoffman\Cookies\robert_hoffman@ads.addynamix[2].txt
    Spyware:Cookie/PointRoll Not disinfected C:\Documents and Settings\Robert Hoffman\Cookies\robert_hoffman@ads.pointroll[1].txt
    Spyware:Cookie/Advertising Not disinfected C:\Documents and Settings\Robert Hoffman\Cookies\robert_hoffman@advertising[1].txt
    Spyware:Cookie/BurstNet Not disinfected C:\Documents and Settings\Robert Hoffman\Cookies\robert_hoffman@burstnet[1].txt
    Spyware:Cookie/Casalemedia Not disinfected C:\Documents and Settings\Robert Hoffman\Cookies\robert_hoffman@casalemedia[2].txt
    Spyware:Cookie/Bridgetrack Not disinfected C:\Documents and Settings\Robert Hoffman\Cookies\robert_hoffman@citi.bridgetrack[1].txt
    Spyware:Cookie/FastClick Not disinfected C:\Documents and Settings\Robert Hoffman\Cookies\robert_hoffman@fastclick[1].txt
    Spyware:Cookie/Overture Not disinfected C:\Documents and Settings\Robert Hoffman\Cookies\robert_hoffman@overture[2].txt
    Spyware:Cookie/WebtrendsLive Not disinfected C:\Documents and Settings\Robert Hoffman\Cookies\robert_hoffman@statse.webtrendslive[2].txt
    Spyware:Cookie/Traffic Marketplace Not disinfected C:\Documents and Settings\Robert Hoffman\Cookies\robert_hoffman@trafficmp[2].txt
    Spyware:Cookie/Tribalfusion Not disinfected C:\Documents and Settings\Robert Hoffman\Cookies\robert_hoffman@tribalfusion[2].txt
    Spyware:Cookie/Zedo Not disinfected C:\Documents and Settings\Robert Hoffman\Cookies\robert_hoffman@zedo[2].txt
    Virus:Generic Malware Disinfected C:\Program Files\DIGStream\digstream.exe
    Virus:Trj/AccountMaker.A Disinfected C:\WINDOWS\mmc2.bin
    Virus:Trj/AccountMaker.A Disinfected C:\WINDOWS\mmoc.bin
    Virus:Trj/AccountMaker.A Disinfected C:\WINDOWS\mm_tmpc2.bin
    Virus:Trj/AccountMaker.A Disinfected C:\WINDOWS\mm_tmpoc.bin
    Virus:Trj/Spammer.ADX Disinfected C:\WINDOWS\system32\drivers\smtpdrv.sys
    XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX


    Logfile of Trend Micro HijackThis v2.0.2
    Scan saved at 10:10:45 AM, on 12/8/2007
    Platform: Windows XP SP2 (WinNT 5.01.2600)
    MSIE: Internet Explorer v7.00 (7.00.6000.16544)
    Boot mode: Normal

    Running processes:
    C:\WINDOWS\System32\smss.exe
    C:\WINDOWS\system32\winlogon.exe
    C:\WINDOWS\system32\services.exe
    C:\WINDOWS\system32\lsass.exe
    C:\WINDOWS\system32\Ati2evxx.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\System32\svchost.exe
    C:\WINDOWS\system32\spoolsv.exe
    C:\WINDOWS\Explorer.EXE
    C:\WINDOWS\ehome\ehtray.exe
    C:\WINDOWS\stsystra.exe
    C:\Program Files\Dell\Media Experience\DMXLauncher.exe
    C:\Program Files\Creative\SBAudigy\Surround Mixer\CTSysVol.exe
    C:\WINDOWS\system32\Rundll32.exe
    C:\Program Files\Creative\VoiceCenter\AndreaVC.exe
    C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe
    C:\DOCUME~1\ROBERT~1\LOCALS~1\Temp\clclean.0001
    C:\WINDOWS\System32\DLA\DLACTRLW.EXE
    C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATIADA.EXE
    C:\Program Files\Common Files\Microsoft Shared\Works Shared\WkUFind.exe
    C:\Program Files\Real\RealPlayer\RealPlay.exe
    C:\Program Files\SiteAdvisor\6172\SiteAdv.exe
    C:\Program Files\McAfee.com\Agent\mcagent.exe
    C:\Program Files\iTunes\iTunesHelper.exe
    C:\Program Files\Creative\MediaSource\Detector\CTDetect.exe
    C:\Program Files\DellSupport\DSAgnt.exe
    C:\WINDOWS\system32\ctfmon.exe
    C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
    C:\WINDOWS\mmall.exe
    C:\Program Files\Palm\Hotsync.exe
    C:\PROGRA~1\COMMON~1\AOL\ACS\AOLacsd.exe
    C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
    C:\WINDOWS\system32\CTsvcCDA.exe
    C:\WINDOWS\eHome\ehRecvr.exe
    C:\WINDOWS\eHome\ehSched.exe
    C:\PROGRA~1\McAfee\MSC\mcmscsvc.exe
    c:\program files\common files\mcafee\mna\mcnasvc.exe
    c:\PROGRA~1\COMMON~1\mcafee\mcproxy\mcproxy.exe
    C:\PROGRA~1\McAfee\VIRUSS~1\mcshield.exe
    C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
    C:\Program Files\McAfee\MPF\MPFSrv.exe
    C:\Program Files\McAfee\MSK\MskSrver.exe
    C:\Program Files\Pinnacle\MediaServer\Microsoft SQL Server\MSSQL$PINNACLESYS\Binn\sqlservr.exe
    C:\Program Files\SiteAdvisor\6172\SAService.exe
    C:\WINDOWS\system32\svchost.exe
    C:\Program Files\Canon\CAL\CALMAIN.exe
    c:\program files\pinnacle\shared files\programs\mediaserver\pmshost.exe
    C:\Program Files\Common Files\Creative Labs Shared\Service\CreativeLicensing.exe
    C:\WINDOWS\eHome\ehmsas.exe
    C:\Program Files\iPod\bin\iPodService.exe
    C:\WINDOWS\system32\dllhost.exe
    C:\WINDOWS\System32\svchost.exe
    C:\Program Files\Internet Explorer\IEXPLORE.EXE
    C:\PROGRA~1\McAfee\VIRUSS~1\mcsysmon.exe
    C:\Program Files\Internet Explorer\iexplore.exe
    C:\WINDOWS\mmyh_co.exe
    C:\WINDOWS\mmoc1.exe
    C:\WINDOWS\mmhr.exe
    C:\WINDOWS\system32\ctfmon.exe
    C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.adelphia.net/index.php
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
    R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
    F3 - REG:win.ini: run=C:\WINDOWS\mmall.exe
    F2 - REG:system.ini: UserInit=userinit.exe
    O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll
    O2 - BHO: (no name) - {089FD14D-132B-48FC-8861-0048AE113215} - C:\Program Files\SiteAdvisor\6172\SiteAdv.dll
    O2 - BHO: McAntiPhishingBHO - {377C180E-6F0E-4D4C-980F-F45BD3D40CF4} - c:\PROGRA~1\mcafee\msk\mcapbho.dll
    O2 - BHO: DriveLetterAccess - {5CA3D70E-1895-11CF-8E15-001234567890} - C:\WINDOWS\System32\DLA\DLASHX_W.DLL
    O2 - BHO: scriptproxy - {7DB2D5A0-7241-4E79-B68D-6309F01C5231} - C:\Program Files\McAfee\VirusScan\scriptsn.dll
    O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar1.dll
    O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\2.0.301.7164\swg.dll
    O2 - BHO: EpsonToolBandKicker Class - {E99421FB-68DD-40F0-B4AC-B7027CAE2F1A} - C:\Program Files\EPSON\EPSON Web-To-Page\EPSON Web-To-Page.dll
    O3 - Toolbar: EPSON Web-To-Page - {EE5D279F-081B-4404-994D-C6B60AAEBA6D} - C:\Program Files\EPSON\EPSON Web-To-Page\EPSON Web-To-Page.dll
    O3 - Toolbar: McAfee SiteAdvisor - {0BF43445-2F28-4351-9252-17FE6E806AA0} - C:\Program Files\SiteAdvisor\6172\SiteAdv.dll
    O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll
    O4 - HKLM\..\Run: [ehTray] C:\WINDOWS\ehome\ehtray.exe
    O4 - HKLM\..\Run: [SigmatelSysTrayApp] stsystra.exe
    O4 - HKLM\..\Run: [ATIPTA] "C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe"
    O4 - HKLM\..\Run: [DMXLauncher] C:\Program Files\Dell\Media Experience\DMXLauncher.exe
    O4 - HKLM\..\Run: [CTSysVol] C:\Program Files\Creative\SBAudigy\Surround Mixer\CTSysVol.exe /r
    O4 - HKLM\..\Run: [MBMon] Rundll32 CTMBHA.DLL,MBMon
    O4 - HKLM\..\Run: [UpdReg] C:\WINDOWS\UpdReg.EXE
    O4 - HKLM\..\Run: [VoiceCenter] "C:\Program Files\Creative\VoiceCenter\AndreaVC.exe" /tray
    O4 - HKLM\..\Run: [ISUSPM Startup] "C:\Program Files\Common Files\InstallShield\UpdateService\isuspm.exe" -startup
    O4 - HKLM\..\Run: [ISUSScheduler] "C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" -start
    O4 - HKLM\..\Run: [DLA] C:\WINDOWS\System32\DLA\DLACTRLW.EXE
    O4 - HKLM\..\Run: [EPSON Stylus CX4800 Series] C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATIADA.EXE /P26 "EPSON Stylus CX4800 Series" /O6 "USB001" /M "Stylus CX4800"
    O4 - HKLM\..\Run: [Microsoft Works Update Detection] C:\Program Files\Common Files\Microsoft Shared\Works Shared\WkUFind.exe
    O4 - HKLM\..\Run: [RealTray] C:\Program Files\Real\RealPlayer\RealPlay.exe SYSTEMBOOTHIDEPLAYER
    O4 - HKLM\..\Run: [SiteAdvisor] C:\Program Files\SiteAdvisor\6172\SiteAdv.exe
    O4 - HKLM\..\Run: [mcagent_exe] C:\Program Files\McAfee.com\Agent\mcagent.exe /runkey
    O4 - HKLM\..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k
    O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
    O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
    O4 - HKLM\..\Run: [PinnacleDriverCheck] C:\WINDOWS\system32\\PSDrvCheck.exe
    O4 - HKLM\..\Run: [Microsoft all] C:\WINDOWS\mmall.exe
    O4 - HKCU\..\Run: [SetDefaultMIDI] MIDIDef.exe
    O4 - HKCU\..\Run: [Creative Detector] "C:\Program Files\Creative\MediaSource\Detector\CTDetect.exe" /R
    O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
    O4 - HKCU\..\Run: [DellSupport] "C:\Program Files\DellSupport\DSAgnt.exe" /startup
    O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
    O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
    O4 - HKCU\..\Run: [Microsoft all] C:\WINDOWS\mmall.exe
    O4 - Global Startup: Billminder.lnk = C:\Program Files\Quicken\billmind.exe
    O4 - Global Startup: HotSync Manager.lnk = C:\Program Files\Palm\Hotsync.exe
    O4 - Global Startup: Quicken Scheduled Updates.lnk = C:\Program Files\Quicken\bagent.exe
    O4 - Global Startup: Quicken Startup.lnk = C:\Program Files\Quicken\QWDLLS.EXE
    O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
    O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\j2re1.4.2_03\bin\npjpi142_03.dll
    O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\j2re1.4.2_03\bin\npjpi142_03.dll
    O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
    O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\system32\Shdocvw.dll
    O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
    O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
    O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
    O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
    O16 - DPF: {01A88BB1-1174-41EC-ACCB-963509EAE56B} (SysProWmi Class) - http://support.dell.com/systemprofiler/SysPro.CAB
    O16 - DPF: {4ED9DDF0-7479-4BBE-9335-5A1EDB1D8A21} (McAfee.com Operating System Class) - http://download.mcafee.com/molbin/sh...1/mcinsctl.cab
    O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://acs.pandasoftware.com/actives...ree/asinst.cab
    O23 - Service: McAfee Application Installer Cleanup (0172721197124584) (0172721197124584mcinstcleanup) - McAfee, Inc. - C:\WINDOWS\TEMP\017272~1.EXE
    O23 - Service: AOL Connectivity Service (AOL ACS) - America Online, Inc. - C:\PROGRA~1\COMMON~1\AOL\ACS\AOLacsd.exe
    O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
    O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
    O23 - Service: Canon Camera Access Library 8 (CCALib8) - Canon Inc. - C:\Program Files\Canon\CAL\CALMAIN.exe
    O23 - Service: Creative Labs Licensing Service - Creative Labs - C:\Program Files\Common Files\Creative Labs Shared\Service\CreativeLicensing.exe
    O23 - Service: Creative Service for CDROM Access - Creative Technology Ltd - C:\WINDOWS\system32\CTsvcCDA.exe
    O23 - Service: DSBrokerService - Unknown owner - C:\Program Files\DellSupport\brkrsvc.exe
    O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
    O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
    O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
    O23 - Service: McAfee Services (mcmscsvc) - McAfee, Inc. - C:\PROGRA~1\McAfee\MSC\mcmscsvc.exe
    O23 - Service: McAfee Network Agent (McNASvc) - McAfee, Inc. - c:\program files\common files\mcafee\mna\mcnasvc.exe
    O23 - Service: McAfee Scanner (McODS) - McAfee, Inc. - C:\PROGRA~1\McAfee\VIRUSS~1\mcods.exe
    O23 - Service: McAfee Proxy Service (McProxy) - McAfee, Inc. - c:\PROGRA~1\COMMON~1\mcafee\mcproxy\mcproxy.exe
    O23 - Service: McAfee Real-time Scanner (McShield) - McAfee, Inc. - C:\PROGRA~1\McAfee\VIRUSS~1\mcshield.exe
    O23 - Service: McAfee SystemGuards (McSysmon) - McAfee, Inc. - C:\PROGRA~1\McAfee\VIRUSS~1\mcsysmon.exe
    O23 - Service: McAfee Personal Firewall Service (MpfService) - McAfee, Inc. - C:\Program Files\McAfee\MPF\MPFSrv.exe
    O23 - Service: McAfee SpamKiller Service (MSK80Service) - McAfee, Inc. - C:\Program Files\McAfee\MSK\MskSrver.exe
    O23 - Service: Intel NCS NetService (NetSvc) - Intel(R) Corporation - C:\Program Files\Intel\PROSetWired\NCS\Sync\NetSvc.exe
    O23 - Service: Pinnacle Systems Media Service (PinnacleSys.MediaServer) - Pinnacle Systems - c:\program files\pinnacle\shared files\programs\mediaserver\pmshost.exe
    O23 - Service: SiteAdvisor Service - Unknown owner - C:\Program Files\SiteAdvisor\6172\SAService.exe

    --
    End of file - 11683 bytes

  6. #6
    Member steamwiz's Avatar
    Join Date
    Sep 2003
    Location
    Yorkshire U.K.
    Posts
    14,022
    Points
    2335

    Default

    HI

    We'll get back to the malware shown in your Pandascan & hijackthis log later ...

    First... please do this :-

    Download Superantispyware.

    http://www.superantispyware.com/

    Once downloaded and installed update the definitions
    and then run a full system scan quarantine what it finds!

    * Double-click SUPERAntiSypware.exe and use the default settings for installation.
    * An icon will be created on your desktop. Double-click that icon to launch the program.
    * If asked to update the program definitions, click "Yes". If not, update the definitions before scanning by selecting "Check for Updates". (If you encounter any problems while downloading the updates, manually download and unzip them from here.)

    http://www.superantispyware.com/definitions.html

    * Under "Configuration and Preferences", click the Preferences button.
    * Click the Scanning Control tab.
    * Under Scanner Options make sure the following are checked (leave all others unchecked):
    o Close browsers before scanning.
    o Scan for tracking cookies.
    o Terminate memory threats before quarantining.
    * Click the "Close" button to leave the control center screen.
    * Back on the main screen, under "Scan for Harmful Software" click Scan your computer.
    * On the left, make sure you check C:\Fixed Drive.
    * On the right, under "Complete Scan", choose Perform Complete Scan.
    * Click "Next" to start the scan. Please be patient while it scans your computer.
    * After the scan is complete, a Scan Summary box will appear with potentially harmful items that were detected. Click "OK".
    * Make sure everything has a checkmark next to it and click "Next".
    * A notification will appear that "Quarantine and Removal is Complete". Click "OK" and then click the "Finish" button to return to the main menu.
    * If asked if you want to reboot, click "Yes".
    * To retrieve the removal information after reboot, launch SUPERAntispyware again.
    o Click Preferences, then click the Statistics/Logs tab.
    o Under Scanner Logs, double-click SUPERAntiSpyware Scan Log.
    o If there are several logs, click the current dated log and press View log. A text file will open in your default text editor.
    o Please copy and paste the Scan Log results in your next reply.
    * Click Close to exit the program.

    THEN ...

    Please download Combofix: http://download.bleepingcomputer.com...a/ComboFix.exe
    and save to the desktop.

    1. Double click on combo.exe & follow the prompts.
    2. When finished, it will produce a logfile located at C:\ComboFix.txt.
    3. Post the contents of that log in your next reply with a new hijackthis log.

    Notes:
    * Do not mouseclick combofix's window while it is running. That may cause your system to stall/hang.
    * Disable script blocking if you have NAV installed so it will not interfere with the fix. Trojan Hunter has been reported to detect combofix as Worm.Qiv.100.

    Please remember to post :-


    1. SUPERAntiSpyware Scan Log
    2. C:\ComboFix.txt

    steam
    Look here for Ways to keep your computer safe
    M'SOFT MVP -Windows Security 2004/8 .member ASAP -

  7. #7
    Member
    Join Date
    Dec 2007
    Posts
    7
    Points
    0

    Default logs from combofix and superantispyware

    thanks for all the help. after the scans and file deletions i am still infected with something that starts an iexplorer.exe process before i ever launch ie. this iexplorer.exe seems to spawn atleast 4 other processes (mmoc1.exe, mmhr.exe, mmyh_co.exe and others). there is a lot of mouse clicking noises (like windows closing) although no windows are being visibly opened...
    i've posted the logs

    SUPERAntiSpyware Scan Log
    http://www.superantispyware.com

    Generated 12/09/2007 at 10:40 PM

    Application Version : 3.9.1008

    Core Rules Database Version : 3358
    Trace Rules Database Version: 1357

    Scan type : Complete Scan
    Total Scan Time : 02:16:26

    Memory items scanned : 701
    Memory threats detected : 0
    Registry items scanned : 7262
    Registry threats detected : 11
    File items scanned : 140396
    File threats detected : 210

    Trojan.IP6FW/Rootkit
    HKLM\System\ControlSet001\Services\Ip6Fw
    C:\WINDOWS\SYSTEM32\DRIVERS\IP6FW.SYS
    HKLM\System\ControlSet003\Services\Ip6Fw
    HKLM\System\CurrentControlSet\Services\Ip6Fw

    Rootkit.RunTime2
    HKLM\System\ControlSet001\Services\runtime2
    C:\WINDOWS\SYSTEM32\DRIVERS\RUNTIME2.SYS
    HKLM\System\ControlSet003\Services\runtime2
    HKLM\System\CurrentControlSet\Services\runtime2
    HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\runtime2.sys
    HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\runtime2.sys

    Rootkit.SMTPDrv-Variant
    HKLM\System\ControlSet001\Services\smtpdrv
    C:\WINDOWS\SYSTEM32\DRIVERS\SMTPDRV.SYS
    HKLM\System\ControlSet003\Services\smtpdrv
    HKLM\System\CurrentControlSet\Services\smtpdrv

    Adware.Tracking Cookie
    C:\Documents and Settings\Robert Hoffman\Cookies\robert hoffman@msnportal.112.2o7[1].txt
    C:\Documents and Settings\Robert Hoffman\Cookies\robert_hoffman@specificclick[1].txt
    C:\Documents and Settings\Robert Hoffman\Cookies\robert_hoffman@sales.liveperson[1].txt
    C:\Documents and Settings\Robert Hoffman\Cookies\robert_hoffman@ads.addynamix[1].txt
    C:\Documents and Settings\Robert Hoffman\Cookies\robert hoffman@112.2o7[1].txt
    C:\Documents and Settings\Robert Hoffman\Cookies\robert hoffman@bluestreak[2].txt
    C:\Documents and Settings\Robert Hoffman\Cookies\robert hoffman@ads.expedia[1].txt
    C:\Documents and Settings\Robert Hoffman\Cookies\robert_hoffman@richmedia.yahoo[2].txt
    C:\Documents and Settings\Robert Hoffman\Cookies\robert_hoffman@advertising[2].txt
    C:\Documents and Settings\Robert Hoffman\Cookies\robert hoffman@dealtime[2].txt
    C:\Documents and Settings\Robert Hoffman\Cookies\robert hoffman@e-2dj6wjkocjc5aeq.stats.esomniture[1].txt
    C:\Documents and Settings\Robert Hoffman\Cookies\robert hoffman@crushent.directtrack[2].txt
    C:\Documents and Settings\Robert Hoffman\Cookies\robert hoffman@www.burstbeacon[1].txt
    C:\Documents and Settings\Robert Hoffman\Cookies\robert hoffman@images.crossmediaservices[1].txt
    C:\Documents and Settings\Robert Hoffman\Cookies\robert hoffman@2.go.globaladsales[1].txt
    C:\Documents and Settings\Robert Hoffman\Cookies\robert_hoffman@revsci[2].txt
    C:\Documents and Settings\Robert Hoffman\Cookies\robert_hoffman@questionmarket[2].txt
    C:\Documents and Settings\Robert Hoffman\Cookies\robert_hoffman@zedo[2].txt
    C:\Documents and Settings\Robert Hoffman\Cookies\robert hoffman@ehg-veohnetworksinc.hitbox[1].txt
    C:\Documents and Settings\Robert Hoffman\Cookies\robert_hoffman@fastclick[1].txt
    C:\Documents and Settings\Robert Hoffman\Cookies\robert hoffman@apmebf[1].txt
    C:\Documents and Settings\Robert Hoffman\Cookies\robert hoffman@media.hotels[1].txt
    C:\Documents and Settings\Robert Hoffman\Cookies\robert hoffman@monstersandcritics.advertserve[1].txt
    C:\Documents and Settings\Robert Hoffman\Cookies\robert hoffman@brightcove.112.2o7[1].txt
    C:\Documents and Settings\Robert Hoffman\Cookies\robert hoffman@counter.hitslink[1].txt
    C:\Documents and Settings\Robert Hoffman\Cookies\robert hoffman@mcclatchy.112.2o7[1].txt
    C:\Documents and Settings\Robert Hoffman\Cookies\robert_hoffman@bizrate[1].txt
    C:\Documents and Settings\Robert Hoffman\Cookies\robert hoffman@ads.costumesinc[1].txt
    C:\Documents and Settings\Robert Hoffman\Cookies\robert hoffman@e-2dj6wjnysnd5akp.stats.esomniture[2].txt
    C:\Documents and Settings\Robert Hoffman\Cookies\robert hoffman@adlegend[1].txt
    C:\Documents and Settings\Robert Hoffman\Cookies\robert hoffman@e-2dj6wjlianczodo.stats.esomniture[2].txt
    C:\Documents and Settings\Robert Hoffman\Cookies\robert_hoffman@statcounter[2].txt
    C:\Documents and Settings\Robert Hoffman\Cookies\robert_hoffman@tacoda[1].txt
    C:\Documents and Settings\Robert Hoffman\Cookies\robert hoffman@stat.dealtime[1].txt
    C:\Documents and Settings\Robert Hoffman\Cookies\robert hoffman@eyewonder[2].txt
    C:\Documents and Settings\Robert Hoffman\Cookies\robert hoffman@pinnaclesystems.122.2o7[1].txt
    C:\Documents and Settings\Robert Hoffman\Cookies\robert hoffman@S113678[2].txt
    C:\Documents and Settings\Robert Hoffman\Cookies\robert hoffman@messagespace.advertserve[1].txt
    C:\Documents and Settings\Robert Hoffman\Cookies\robert hoffman@fdau.adbureau[1].txt
    C:\Documents and Settings\Robert Hoffman\Cookies\robert hoffman@realmedia[2].txt
    C:\Documents and Settings\Robert Hoffman\Cookies\robert_hoffman@tribalfusion[2].txt
    C:\Documents and Settings\Robert Hoffman\Cookies\robert_hoffman@ads.revsci[1].txt
    C:\Documents and Settings\Robert Hoffman\Cookies\robert hoffman@stats.searchtrack[1].txt
    C:\Documents and Settings\Robert Hoffman\Cookies\robert_hoffman@ehg-uniontrib.hitbox[2].txt
    C:\Documents and Settings\Robert Hoffman\Cookies\robert_hoffman@ads.pointroll[2].txt
    C:\Documents and Settings\Robert Hoffman\Cookies\robert hoffman@pitchforkmedia[2].txt
    C:\Documents and Settings\Robert Hoffman\Cookies\robert hoffman@bs.serving-sys[2].txt
    C:\Documents and Settings\Robert Hoffman\Cookies\robert hoffman@ads.cartoondollemporium[2].txt
    C:\Documents and Settings\Robert Hoffman\Cookies\robert hoffman@shopping.112.2o7[1].txt
    C:\Documents and Settings\Robert Hoffman\Cookies\robert_hoffman@ad.yieldmanager[1].txt
    C:\Documents and Settings\Robert Hoffman\Cookies\robert_hoffman@tremor.adbureau[1].txt
    C:\Documents and Settings\Robert Hoffman\Cookies\robert hoffman@collective-media[2].txt
    C:\Documents and Settings\Robert Hoffman\Cookies\robert_hoffman@ads.adbrite[2].txt
    C:\Documents and Settings\Robert Hoffman\Cookies\robert hoffman@e-2dj6wjmiumczoco.stats.esomniture[1].txt
    C:\Documents and Settings\Robert Hoffman\Cookies\robert hoffman@ads.as4x.tmcs[1].txt
    C:\Documents and Settings\Robert Hoffman\Cookies\robert hoffman@adrevolver[3].txt
    C:\Documents and Settings\Robert Hoffman\Cookies\robert_hoffman@trafficmp[2].txt
    C:\Documents and Settings\Robert Hoffman\Cookies\robert_hoffman@adbrite[1].txt
    C:\Documents and Settings\Robert Hoffman\Cookies\robert hoffman@track.bestbuy[1].txt
    C:\Documents and Settings\Robert Hoffman\Cookies\robert hoffman@15744040[2].txt
    C:\Documents and Settings\Robert Hoffman\Cookies\robert hoffman@perf.overture[1].txt
    C:\Documents and Settings\Robert Hoffman\Cookies\robert hoffman@ads.cnn[1].txt
    C:\Documents and Settings\Robert Hoffman\Cookies\robert hoffman@partner2profit[1].txt
    C:\Documents and Settings\Robert Hoffman\Cookies\robert hoffman@optimize.indieclick[2].txt
    C:\Documents and Settings\Robert Hoffman\Cookies\robert_hoffman@adopt.specificclick[2].txt
    C:\Documents and Settings\Robert Hoffman\Cookies\robert_hoffman@statse.webtrendslive[2].txt
    C:\Documents and Settings\Robert Hoffman\Cookies\robert hoffman@nextag[1].txt
    C:\Documents and Settings\Robert Hoffman\Cookies\robert hoffman@surfline.112.2o7[1].txt
    C:\Documents and Settings\Robert Hoffman\Cookies\robert hoffman@ehg-twi.hitbox[1].txt
    C:\Documents and Settings\Robert Hoffman\Cookies\robert hoffman@pro-market[1].txt
    C:\Documents and Settings\Robert Hoffman\Cookies\robert hoffman@ads.bridgetrack[1].txt
    C:\Documents and Settings\Robert Hoffman\Cookies\robert hoffman@usatourist.advertserve[1].txt
    C:\Documents and Settings\Robert Hoffman\Cookies\robert_hoffman@citi.bridgetrack[1].txt
    C:\Documents and Settings\Robert Hoffman\Cookies\robert hoffman@atwola[2].txt
    C:\Documents and Settings\Robert Hoffman\Cookies\robert hoffman@mediaplex[2].txt
    C:\Documents and Settings\Robert Hoffman\Cookies\robert hoffman@m1.webstats.motigo[2].txt
    C:\Documents and Settings\Robert Hoffman\Cookies\robert hoffman@eas.apm.emediate[1].txt
    C:\Documents and Settings\Robert Hoffman\Cookies\robert hoffman@4.adbrite[2].txt
    C:\Documents and Settings\Robert Hoffman\Cookies\robert hoffman@meetupcom.122.2o7[1].txt
    C:\Documents and Settings\Robert Hoffman\Cookies\robert hoffman@linksynergy[1].txt
    C:\Documents and Settings\Robert Hoffman\Cookies\robert_hoffman@2o7[2].txt
    C:\Documents and Settings\Robert Hoffman\Cookies\robert hoffman@serving-sys[2].txt
    C:\Documents and Settings\Robert Hoffman\Cookies\robert hoffman@clicksor[2].txt
    C:\Documents and Settings\Robert Hoffman\Cookies\robert hoffman@leeenterprises.112.2o7[1].txt
    C:\Documents and Settings\Robert Hoffman\Cookies\robert hoffman@eb.adbureau[2].txt
    C:\Documents and Settings\Robert Hoffman\Cookies\robert hoffman@e-2dj6wfkykhcziko.stats.esomniture[2].txt
    C:\Documents and Settings\Robert Hoffman\Cookies\robert hoffman@ehg-bestbuy.hitbox[1].txt
    C:\Documents and Settings\Robert Hoffman\Cookies\robert hoffman@adrevolver[2].txt
    C:\Documents and Settings\Robert Hoffman\Cookies\robert hoffman@adultadworld[2].txt
    C:\Documents and Settings\Robert Hoffman\Cookies\robert hoffman@www.burstnet[2].txt
    C:\Documents and Settings\Robert Hoffman\Cookies\robert hoffman@adinterax[2].txt
    C:\Documents and Settings\Robert Hoffman\Cookies\robert_hoffman@anat.tacoda[2].txt
    C:\Documents and Settings\Robert Hoffman\Cookies\robert hoffman@tase[1].txt
    C:\Documents and Settings\Robert Hoffman\Cookies\robert hoffman@ilead.itrack[1].txt
    C:\Documents and Settings\Robert Hoffman\Cookies\robert hoffman@cgi-bin[2].txt
    C:\Documents and Settings\Robert Hoffman\Cookies\robert hoffman@valueclick[2].txt
    C:\Documents and Settings\Robert Hoffman\Cookies\robert hoffman@s.clickability[2].txt
    C:\Documents and Settings\Robert Hoffman\Cookies\robert hoffman@ehg-starbucks.hitbox[1].txt
    C:\Documents and Settings\Robert Hoffman\Cookies\robert hoffman@doubleclick[1].txt
    C:\Documents and Settings\Robert Hoffman\Cookies\robert hoffman@media.adrevolver[1].txt
    C:\Documents and Settings\Robert Hoffman\Cookies\robert hoffman@adserving[1].txt
    C:\Documents and Settings\Robert Hoffman\Cookies\robert hoffman@divavillage.advertserve[1].txt
    C:\Documents and Settings\Robert Hoffman\Cookies\robert_hoffman@hitbox[2].txt
    C:\Documents and Settings\Robert Hoffman\Cookies\robert hoffman@msapple.freestats[1].txt
    C:\Documents and Settings\Robert Hoffman\Cookies\robert_hoffman@casalemedia[2].txt
    C:\Documents and Settings\Robert Hoffman\Cookies\robert hoffman@74613876[2].txt
    C:\Documents and Settings\Robert Hoffman\Cookies\robert_hoffman@burstnet[1].txt
    C:\Documents and Settings\Robert Hoffman\Cookies\robert_hoffman@overture[2].txt
    C:\Documents and Settings\Robert Hoffman\Cookies\robert hoffman@atdmt[2].txt
    C:\Documents and Settings\Robert Hoffman\Cookies\robert_hoffman@anad.tacoda[1].txt
    C:\Documents and Settings\Robert Hoffman\Cookies\robert hoffman@ehg-dig.hitbox[2].txt
    C:\Documents and Settings\Robert Hoffman\Cookies\robert hoffman@e-2dj6wjlyekc5mhp.stats.esomniture[2].txt
    C:\Documents and Settings\Robert Hoffman\Cookies\robert hoffman@adecn[1].txt
    C:\Documents and Settings\Robert Hoffman\Cookies\robert_hoffman@adopt.euroclick[1].txt
    C:\Documents and Settings\Robert Hoffman\Cookies\robert hoffman@reference[2].txt
    C:\Documents and Settings\Robert Hoffman\Cookies\robert_hoffman@www.googleadservices[4].txt
    C:\Documents and Settings\Robert Hoffman\Cookies\robert hoffman@e-2dj6wjnyuhd5mcq.stats.esomniture[2].txt
    C:\Documents and Settings\Robert Hoffman\Cookies\robert hoffman@a[1].txt
    C:\Documents and Settings\Robert Hoffman\Cookies\robert hoffman@e-2dj6wjnyohcpeep.stats.esomniture[2].txt
    C:\Documents and Settings\Robert Hoffman\Cookies\robert hoffman@adserver.easyad[1].txt
    C:\Documents and Settings\Robert Hoffman\Cookies\robert_hoffman@pandasoftware.112.2o7[1].txt
    C:\Documents and Settings\Robert Hoffman\Cookies\robert_hoffman@ads.telegraph.co[1].txt
    C:\Documents and Settings\Robert Hoffman\Cookies\robert hoffman@e-2dj6wjkycjd5mep.stats.esomniture[2].txt
    C:\Documents and Settings\Robert Hoffman\Cookies\robert hoffman@ehg-reddoorinteractive.hitbox[2].txt
    C:\Documents and Settings\Robert Hoffman\Cookies\robert hoffman@login.tracking101[1].txt
    C:\Documents and Settings\Robert Hoffman\Cookies\robert hoffman@ads4.blastro[2].txt
    C:\Documents and Settings\Robert Hoffman\Cookies\robert hoffman@e-2dj6wjmyulcjelo.stats.esomniture[1].txt
    C:\Documents and Settings\Robert Hoffman\Cookies\robert hoffman@ehg-linksys.hitbox[1].txt
    C:\Documents and Settings\Robert Hoffman\Cookies\robert hoffman@e-2dj6wfkyoodjiep.stats.esomniture[2].txt
    C:\Documents and Settings\Robert Hoffman\Cookies\robert hoffman@iacas.adbureau[2].txt
    C:\Documents and Settings\Robert Hoffman\Cookies\robert hoffman@ads.as4x.tmcs.ticketmaster[2].txt
    C:\Documents and Settings\Robert Hoffman\Cookies\robert hoffman@ads.jossip[1].txt
    C:\Documents and Settings\Robert Hoffman\Cookies\robert hoffman@www.fatpenguinmedia[2].txt
    C:\Documents and Settings\Robert Hoffman\Cookies\robert hoffman@xiti[1].txt
    C:\Documents and Settings\Robert Hoffman\Cookies\robert_hoffman@5.go.globaladsales[1].txt
    C:\Documents and Settings\Robert Hoffman\Cookies\robert hoffman@2.adbrite[2].txt
    C:\Documents and Settings\Robert Hoffman\Cookies\robert hoffman@cbs.112.2o7[1].txt
    C:\Documents and Settings\Robert Hoffman\Cookies\robert hoffman@ehg-marshalls.hitbox[1].txt
    C:\Documents and Settings\Robert Hoffman\Cookies\robert hoffman@ehg-viacom.hitbox[1].txt
    C:\Documents and Settings\Robert Hoffman\Cookies\robert hoffman@adtech[1].txt
    C:\Documents and Settings\Robert Hoffman\Cookies\robert hoffman@ehg-foxsports.hitbox[1].txt
    C:\Documents and Settings\Robert Hoffman\Cookies\robert hoffman@reduxads.valuead[1].txt
    C:\Documents and Settings\Robert Hoffman\Cookies\robert_hoffman@roiservice[1].txt
    C:\Documents and Settings\Robert Hoffman\Cookies\robert hoffman@76887998[2].txt
    C:\Documents and Settings\Robert Hoffman\Cookies\robert hoffman@phg.hitbox[1].txt
    C:\Documents and Settings\Robert Hoffman\Cookies\robert_hoffman@www.ticketsnow[1].txt
    C:\Documents and Settings\Robert Hoffman\Cookies\robert hoffman@snapfish.112.2o7[1].txt
    C:\Documents and Settings\Robert Hoffman\Cookies\robert hoffman@1066181895[1].txt
    C:\Documents and Settings\Robert Hoffman\Cookies\robert hoffman@57386690[1].txt
    C:\Documents and Settings\Robert Hoffman\Cookies\robert_hoffman@ticketsnow[1].txt
    C:\Documents and Settings\Robert Hoffman\Cookies\robert hoffman@cgi-bin[1].txt
    C:\Documents and Settings\Robert Hoffman\Cookies\robert hoffman@track.vivid[1].txt
    C:\Documents and Settings\Robert Hoffman\Cookies\robert_hoffman@www.googleadservices[2].txt
    C:\Documents and Settings\Robert Hoffman\Cookies\robert hoffman@1069870899[1].txt
    C:\Documents and Settings\Robert Hoffman\Cookies\robert hoffman@zillow.adbureau[2].txt
    C:\Documents and Settings\Robert Hoffman\Cookies\robert hoffman@e-2dj6wjnyoldpekp.stats.esomniture[2].txt
    C:\Documents and Settings\Robert Hoffman\Cookies\robert hoffman@h.starware[1].txt
    C:\Documents and Settings\Robert Hoffman\Cookies\robert hoffman@cybersoftwaresolutions.122.2o7[1].txt
    C:\Documents and Settings\Robert Hoffman\Cookies\robert hoffman@upi.112.2o7[1].txt
    C:\Documents and Settings\Robert Hoffman\Cookies\robert hoffman@76226072[1].txt
    C:\Documents and Settings\Robert Hoffman\Cookies\robert_hoffman@sales.liveperson[3].txt
    C:\Documents and Settings\Robert Hoffman\Cookies\robert hoffman@directtrack[1].txt
    C:\Documents and Settings\Robert Hoffman\Cookies\robert hoffman@rotator.adjuggler[2].txt
    C:\Documents and Settings\Robert Hoffman\Cookies\robert_hoffman@www.directnetadvertising[2].txt
    C:\Documents and Settings\Robert Hoffman\Cookies\robert_hoffman@affiliate1.ticketcity[1].txt
    C:\Documents and Settings\Robert Hoffman\Cookies\robert_hoffman@oyaka.112.2o7[1].txt
    C:\Documents and Settings\Robert Hoffman\Cookies\robert hoffman@tjx.112.2o7[1].txt
    C:\Documents and Settings\Robert Hoffman\Cookies\robert hoffman@hc2.humanclick[1].txt
    C:\Documents and Settings\Robert Hoffman\Cookies\robert hoffman@e-2dj6wbkigmcpsfo.stats.esomniture[1].txt
    C:\Documents and Settings\Robert Hoffman\Cookies\robert hoffman@e-2dj6wfmyahazoao.stats.esomniture[2].txt
    C:\Documents and Settings\Robert Hoffman\Cookies\robert hoffman@maxim.122.2o7[1].txt
    C:\Documents and Settings\Robert Hoffman\Cookies\robert hoffman@celebrateexpress.122.2o7[1].txt
    C:\Documents and Settings\Robert Hoffman\Cookies\robert_hoffman@www.googleadservices[1].txt
    C:\Documents and Settings\Robert Hoffman\Cookies\robert_hoffman@ticketcity[1].txt
    C:\Documents and Settings\Robert Hoffman\Cookies\robert_hoffman@www.googleadservices[3].txt
    C:\Documents and Settings\Robert Hoffman\Cookies\robert hoffman@1071633922[1].txt
    C:\Documents and Settings\Robert Hoffman\Cookies\robert_hoffman@qnsr[1].txt
    C:\Documents and Settings\Robert Hoffman\Cookies\robert hoffman@nintendo.112.2o7[1].txt
    C:\Documents and Settings\Robert Hoffman\Cookies\robert_hoffman@data3.perf.overture[1].txt
    C:\Documents and Settings\Robert Hoffman\Cookies\robert hoffman@path.pureadstracking[2].txt
    C:\Documents and Settings\Robert Hoffman\Cookies\robert hoffman@server.iad.liveperson[1].txt
    C:\Documents and Settings\Robert Hoffman\Cookies\robert hoffman@try.starware[1].txt
    C:\Documents and Settings\Robert Hoffman\Cookies\robert_hoffman@ehg-theviptour.hitbox[1].txt
    C:\Documents and Settings\Robert Hoffman\Cookies\robert hoffman@1069928730[1].txt
    C:\Documents and Settings\Robert Hoffman\Cookies\robert hoffman@e-2dj6wjnyghajsbo.stats.esomniture[2].txt
    C:\Documents and Settings\Robert Hoffman\Cookies\robert hoffman@timeinc.122.2o7[1].txt
    C:\Documents and Settings\Robert Hoffman\Cookies\robert_hoffman@www.ticketcity[1].txt
    C:\Documents and Settings\Robert Hoffman\Cookies\robert_hoffman@ticketsnow.112.2o7[1].txt
    C:\Documents and Settings\Robert Hoffman\Cookies\robert_hoffman@clickbank[1].txt
    C:\Documents and Settings\Robert Hoffman\Cookies\robert hoffman@www.clickmanage[2].txt
    C:\Documents and Settings\Robert Hoffman\Cookies\robert hoffman@gcc[1].txt
    C:\Documents and Settings\Robert Hoffman\Cookies\robert hoffman@www.coolsavings[2].txt
    C:\Documents and Settings\Robert Hoffman\Cookies\robert_hoffman@www.googleadservices[5].txt

    Adware.WsnPoem
    C:\WINDOWS\system32\wsnpoem\audio.dll
    C:\WINDOWS\system32\wsnpoem\video.dll
    C:\WINDOWS\system32\wsnpoem\video.dll.cla
    C:\WINDOWS\system32\wsnpoem

    Malware.Installer-Pkg/Gen
    C:\PROGRAM FILES\WILDTANGENT\APPS\DELL GAME CONSOLE\DOWNLOADS\INSTALLERS\{26D2C2C3-CF14-4ED7-B1FC-0BE64AFBA3B3}.EXE
    C:\PROGRAM FILES\WILDTANGENT\APPS\DELL GAME CONSOLE\DOWNLOADS\INSTALLERS\{3C48F877-A164-45E9-B9DA-26A049FFC207}.EXE
    C:\PROGRAM FILES\WILDTANGENT\APPS\DELL GAME CONSOLE\DOWNLOADS\INSTALLERS\{6293BC00-4EB8-4C65-8548-53E2FC3BF937}.EXE
    C:\PROGRAM FILES\WILDTANGENT\APPS\DELL GAME CONSOLE\DOWNLOADS\INSTALLERS\{651956B7-1969-42AA-9453-E0B813019D54}.EXE
    C:\PROGRAM FILES\WILDTANGENT\APPS\DELL GAME CONSOLE\DOWNLOADS\INSTALLERS\{6B6A7665-DB48-4762-AB5D-BEEB9E1CD7FA}.EXE
    C:\PROGRAM FILES\WILDTANGENT\APPS\DELL GAME CONSOLE\DOWNLOADS\INSTALLERS\{989E4C3B-B2C9-4486-9A09-D5A8F953837C}.EXE
    C:\PROGRAM FILES\WILDTANGENT\APPS\DELL GAME CONSOLE\DOWNLOADS\INSTALLERS\{C0A0AA4D-C79B-48CA-8843-2B02B626C9E6}.EXE
    C:\PROGRAM FILES\WILDTANGENT\APPS\DELL GAME CONSOLE\DOWNLOADS\INSTALLERS\{C2D8F0E2-6978-4409-8351-BA8785DA11EE}.EXE
    C:\PROGRAM FILES\WILDTANGENT\APPS\DELL GAME CONSOLE\DOWNLOADS\INSTALLERS\{D1A6F3FD-7B40-443F-8767-BADB25A0D222}.EXE
    C:\PROGRAM FILES\WILDTANGENT\APPS\DELL GAME CONSOLE\DOWNLOADS\INSTALLERS\{E0814F95-5380-4892-B8C8-7FA4B349EF46}.EXE



    ComboFix 07-12-10.2 - Robert Hoffman 2007-12-10 18:18:37.1 - NTFSx86
    Microsoft Windows XP Professional 5.1.2600.2.1252.1.1033.18.934 [GMT -8:00]
    Running from: C:\Documents and Settings\Robert Hoffman\Desktop\anti-virus\ComboFix.exe
    * Created a new restore point
    .

    ((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
    .

    C:\WINDOWS\system32\2_exception.nls
    C:\WINDOWS\system32\drivers\ctl_w32.sys

    .
    ((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))

    .
    -------\LEGACY_CTL_W32
    -------\LEGACY_RUNTIME
    -------\LEGACY_RUNTIME2
    -------\LEGACY_SMTPDRV
    -------\runtime
    -------\smtpdrv


    ((((((((((((((((((((((((( Files Created from 2007-11-11 to 2007-12-11 )))))))))))))))))))))))))))))))
    .

    2007-12-09 20:18 . 2007-12-09 20:21 d-------- C:\Program Files\SUPERAntiSpyware
    2007-12-09 20:18 . 2007-12-09 20:18 d-------- C:\Program Files\Common Files\Wise Installation Wizard
    2007-12-09 20:18 . 2007-12-09 20:18 d-------- C:\Documents and Settings\Robert Hoffman\Application Data\SUPERAntiSpyware.com
    2007-12-09 20:18 . 2007-12-09 20:18 d-------- C:\Documents and Settings\All Users\Application Data\SUPERAntiSpyware.com
    2007-12-08 15:34 . 2007-12-08 15:44 d-------- C:\sdat
    2007-12-08 15:31 . 2007-12-08 15:31 26,696,966 --a------ C:\sdat5181.exe
    2007-12-08 14:56 . 2007-12-08 14:56 d-------- C:\Documents and Settings\All Users\Application Data\Citrix
    2007-12-08 10:10 . 2007-12-08 10:10 d-------- C:\Program Files\Trend Micro
    2007-12-08 08:14 . 2007-12-08 08:33 d-------- C:\WINDOWS\system32\ActiveScan
    2007-12-08 08:14 . 2007-12-08 08:31 30,590 --a------ C:\WINDOWS\system32\pavas.ico
    2007-12-08 08:14 . 2007-12-08 08:31 2,550 --a------ C:\WINDOWS\system32\Uninstall.ico
    2007-12-08 08:14 . 2007-12-08 08:31 1,406 --a------ C:\WINDOWS\system32\Help.ico
    2007-12-07 07:04 . 2007-12-09 19:13 532,480 --a------ C:\WINDOWS\mmoc1.exe
    2007-12-07 07:04 . 2007-12-10 06:11 532,480 --a------ C:\WINDOWS\mm_tmpoc1.exe
    2007-12-07 07:04 . 2007-12-10 18:15 38,400 --a------ C:\WINDOWS\mmyh_co.exe
    2007-12-07 07:04 . 2007-12-10 18:15 4 --a------ C:\WINDOWS\c.pid
    2007-12-07 07:03 . 2007-12-10 18:14 38,400 --a------ C:\WINDOWS\mm_tmpyh_co.exe
    2007-12-05 05:14 . 2007-08-20 02:04 6,058,496 --------- C:\WINDOWS\system32\dllcache\ieframe.dll
    2007-12-05 05:14 . 2007-04-17 01:32 2,455,488 --------- C:\WINDOWS\system32\dllcache\ieapfltr.dat
    2007-12-05 05:14 . 2007-03-07 21:10 991,232 --------- C:\WINDOWS\system32\dllcache\ieframe.dll.mui
    2007-12-05 05:14 . 2007-08-20 02:04 459,264 --------- C:\WINDOWS\system32\dllcache\msfeeds.dll
    2007-12-05 05:14 . 2007-08-20 02:04 383,488 --------- C:\WINDOWS\system32\dllcache\ieapfltr.dll
    2007-12-05 05:14 . 2007-08-20 02:04 267,776 --------- C:\WINDOWS\system32\dllcache\iertutil.dll
    2007-12-05 05:14 . 2007-08-20 02:04 63,488 --------- C:\WINDOWS\system32\dllcache\icardie.dll
    2007-12-05 05:14 . 2007-08-20 02:04 52,224 --------- C:\WINDOWS\system32\dllcache\msfeedsbs.dll
    2007-12-05 05:14 . 2007-08-17 02:20 13,824 --------- C:\WINDOWS\system32\dllcache\ieudinit.exe
    2007-12-05 05:10 . 2007-08-13 18:54 33,792 --a------ C:\WINDOWS\system32\dllcache\custsat.dll
    2007-12-04 06:32 . 2007-12-10 18:15 40,960 --a------ C:\WINDOWS\mmhr.exe
    2007-12-04 06:32 . 2007-12-04 19:37 40,960 --a------ C:\WINDOWS\mm_tmphr.exe
    2007-12-04 06:31 . 2007-12-04 17:49 41,472 --a------ C:\WINDOWS\mmyr.exe
    2007-12-04 06:31 . 2007-12-04 17:48 41,472 --a------ C:\WINDOWS\mm_tmpyr.exe
    2007-12-04 06:30 . 2007-12-04 06:30 81,408 --a------ C:\WINDOWS\mmrd.exe
    2007-12-04 06:30 . 2007-12-04 06:30 81,408 --a------ C:\WINDOWS\mm_tmprd.exe
    2007-11-30 07:06 . 2007-12-03 20:58 41,472 --a------ C:\WINDOWS\mmregalka.exe
    2007-11-30 07:06 . 2007-12-03 20:58 41,472 --a------ C:\WINDOWS\mm_tmpregalka.exe
    2007-11-30 07:06 . 2007-12-04 16:47 36,352 --a------ C:\WINDOWS\mmgr.exe
    2007-11-30 07:05 . 2007-12-03 06:43 81,408 --a------ C:\WINDOWS\mmres_drop.exe
    2007-11-30 07:05 . 2007-12-03 06:43 81,408 --a------ C:\WINDOWS\mm_tmpres_drop.exe
    2007-11-30 07:05 . 2007-12-10 06:12 36,352 --a------ C:\WINDOWS\mm_tmpgr.exe
    2007-11-30 07:05 . 2007-11-30 07:04 23,552 --a------ C:\WINDOWS\mmall.exe

    .
    (((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
    .
    2007-12-10 14:09 --------- d-----w C:\Program Files\McAfee
    2007-12-10 14:06 --------- d-----w C:\Documents and Settings\Robert Hoffman\Application Data\SiteAdvisor
    2007-12-10 04:12 --------- d-----w C:\Documents and Settings\Robert Hoffman\Application Data\MSN6
    2007-12-08 17:31 --------- d-----w C:\Program Files\Palm
    2007-12-08 17:27 --------- d-----w C:\Program Files\iTunes
    2007-12-08 17:26 --------- d-----w C:\Program Files\Google
    2007-12-08 17:25 --------- d-----w C:\Program Files\DIGStream
    2007-12-08 17:25 --------- d-----w C:\Program Files\DellSupport
    2007-12-07 15:02 --------- d-----w C:\Documents and Settings\LocalService\Application Data\SiteAdvisor
    2007-10-15 00:22 --------- d-----w C:\Documents and Settings\Robert Hoffman\Application Data\AdobeUM
    2006-11-20 14:10 85,312 ----a-w C:\Program Files\Mc
    2007-08-03 16:20 88 --sh--r C:\WINDOWS\system32\68F2791184.sys
    .

    ((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
    .
    .
    *Note* empty entries & legit default entries are not shown
    REGEDIT4

    [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "SetDefaultMIDI"="MIDIDef.exe" [2004-12-22 14:40 C:\WINDOWS\MIDIDEF.EXE]
    "Creative Detector"="C:\Program Files\Creative\MediaSource\Detector\CTDetect.exe" [2004-12-02 15:23]
    "MSMSGS"="C:\Program Files\Messenger\msmsgs.exe" [2004-10-13 08:24]
    "DellSupport"="C:\Program Files\DellSupport\DSAgnt.exe" [2007-03-15 10:09]
    "ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-10 02:00]
    "swg"="C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2007-11-15 20:33]
    "Microsoft all"="C:\WINDOWS\mmall.exe" [2007-11-30 07:04]
    "SUPERAntiSpyware"="C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe" [2007-06-21 14:06]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "ehTray"="C:\WINDOWS\ehome\ehtray.exe" [2005-09-29 11:01]
    "SigmatelSysTrayApp"="stsystra.exe" [2005-03-22 21:20 C:\WINDOWS\stsystra.exe]
    "ATIPTA"="C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe" [2005-08-05 18:05]
    "DMXLauncher"="C:\Program Files\Dell\Media Experience\DMXLauncher.exe" [2005-10-05 00:12]
    "CTSysVol"="C:\Program Files\Creative\SBAudigy\Surround Mixer\CTSysVol.exe" [2005-09-15 06:47]
    "MBMon"="Rundll32 CTMBHA.DLL" []
    "UpdReg"="C:\WINDOWS\UpdReg.EXE" [2000-05-10 22:00]
    "VoiceCenter"="C:\Program Files\Creative\VoiceCenter\AndreaVC.exe" [2005-09-19 04:42]
    "ISUSPM Startup"="C:\Program Files\Common Files\InstallShield\UpdateService\isuspm.exe" [2005-06-10 07:44]
    "ISUSScheduler"="C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" [2005-06-10 07:44]
    "DLA"="C:\WINDOWS\System32\DLA\DLACTRLW.EXE" [2005-09-08 02:20]
    "EPSON Stylus CX4800 Series"="C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATIADA.exe" [2005-02-01 19:00]
    "Microsoft Works Update Detection"="C:\Program Files\Common Files\Microsoft Shared\Works Shared\WkUFind.exe" [2003-09-13 20:36]
    "RealTray"="C:\Program Files\Real\RealPlayer\RealPlay.exe" [2006-04-28 21:50]
    "SiteAdvisor"="C:\Program Files\SiteAdvisor\6172\SiteAdv.exe" [2007-02-08 18:39]
    "mcagent_exe"="C:\Program Files\McAfee.com\Agent\mcagent.exe" [2007-08-04 01:33]
    "QuickTime Task"="C:\Program Files\QuickTime\qttask.exe" [2007-06-29 05:24]
    "iTunesHelper"="C:\Program Files\iTunes\iTunesHelper.exe" [2007-09-26 13:42]
    "PinnacleDriverCheck"="C:\WINDOWS\system32\\PSDrvCheck.exe" [2004-03-10 23:26]
    "Microsoft all"="C:\WINDOWS\mmall.exe" [2007-11-30 07:04]

    C:\Documents and Settings\All Users\Start Menu\Programs\Startup\
    Billminder.lnk - C:\Program Files\Quicken\billmind.exe [2002-07-30 12:34:16]
    HotSync Manager.lnk - C:\Program Files\Palm\Hotsync.exe [2004-06-09 13:27:34]
    Quicken Scheduled Updates.lnk - C:\Program Files\Quicken\bagent.exe [2002-07-30 12:34:30]
    Quicken Startup.lnk - C:\Program Files\Quicken\QWDLLS.EXE [2002-07-30 12:34:34]

    [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
    "InstallVisualStyle"= C:\WINDOWS\Resources\Themes\Royale\Royale.msstyles
    "InstallTheme"= C:\WINDOWS\Resources\Themes\Royale.theme

    [hkey_local_machine\software\microsoft\windows\currentversion\explorer\shellexecutehooks]
    "{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"= C:\Program Files\SUPERAntiSpyware\SASSEH.DLL [2006-12-20 13:55 77824]

    [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\!SASWinLogon]
    C:\Program Files\SUPERAntiSpyware\SASWINLO.dll 2007-04-19 13:41 294912 C:\Program Files\SUPERAntiSpyware\SASWINLO.dll

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\mcmscsvc]
    @=""

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MCODS]
    @=""


    [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{361ac05d-0e0d-11da-9aa9-806d6172696f}]
    \Shell\AutoRun\command - E:\setup.exe

    .
    Contents of the 'Scheduled Tasks' folder
    "2007-12-04 20:25:02 C:\WINDOWS\Tasks\AppleSoftwareUpdate.job"
    - C:\Program Files\Apple Software Update\SoftwareUpdate.exe
    "2007-05-15 09:49:57 C:\WINDOWS\Tasks\McDefragTask.job"
    - c:\program files\mcafee\mqc\QcConsol.exe'
    "2007-12-01 09:03:28 C:\WINDOWS\Tasks\McQcTask.job"
    - c:\program files\mcafee\mqc\QcConsol.exe
    .
    **************************************************************************

    catchme 0.3.1333 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
    Rootkit scan 2007-12-10 18:25:44
    Windows 5.1.2600 Service Pack 2 NTFS

    scanning hidden processes ...

    scanning hidden autostart entries ...

    scanning hidden files ...

    scan completed successfully
    hidden files: 0

    **************************************************************************
    .
    Completion time: 2007-12-10 18:26:55 - machine was rebooted
    .
    --- E O F --- 2007-12-07 02:54:37



    what do you think i should do next?

  8. #8
    Member
    Join Date
    Dec 2007
    Posts
    7
    Points
    0

    Default

    PrevxCSI scan identified mmall.exe and 7 other files that were running in my proccess. paid the $25 for liscence and it removed them all. Seems to have done the job.

    should i post scan file from HJT to make sure everything is gone? i am a newbie at this and would appreciate any further help. thanks.

  9. #9
    Member steamwiz's Avatar
    Join Date
    Sep 2003
    Location
    Yorkshire U.K.
    Posts
    14,022
    Points
    2335

    Default

    Hi

    We could have saved you the $25 ...

    WE would have removed "C:\WINDOWS\mmall.exe" & it's run keys (there are more than one) for free ... & the other 19 files (yes 19) not 7 ...

    Did prevx remove everything ... no idea ...

    Need to see a new...

    Hijackthis log
    Combofix log
    superantispyware log
    Pandascan log

    Then I will be in a better position to tell you ...

    steam
    Look here for Ways to keep your computer safe
    M'SOFT MVP -Windows Security 2004/8 .member ASAP -

  10. #10
    Member
    Join Date
    Dec 2007
    Posts
    7
    Points
    0

    Default

    steamwiz, thanks for your help. here are the scan logs:

    SUPERAntiSpyware Scan Log
    http://www.superantispyware.com

    Generated 12/11/2007 at 08:33 PM

    Application Version : 3.9.1008

    Core Rules Database Version : 3358
    Trace Rules Database Version: 1357

    Scan type : Complete Scan
    Total Scan Time : 02:16:56

    Memory items scanned : 712
    Memory threats detected : 0
    Registry items scanned : 7251
    Registry threats detected : 5
    File items scanned : 125660
    File threats detected : 15

    Adware.Tracking Cookie
    C:\Documents and Settings\Robert Hoffman\Cookies\robert_hoffman@msnportal.112.2o7[1].txt
    C:\Documents and Settings\Robert Hoffman\Cookies\robert_hoffman@specificclick[1].txt
    C:\Documents and Settings\Robert Hoffman\Cookies\robert_hoffman@advertising[1].txt
    C:\Documents and Settings\Robert Hoffman\Cookies\robert_hoffman@questionmarket[1].txt
    C:\Documents and Settings\Robert Hoffman\Cookies\robert_hoffman@paypal.112.2o7[1].txt
    C:\Documents and Settings\Robert Hoffman\Cookies\robert_hoffman@ads.pointroll[2].txt
    C:\Documents and Settings\Robert Hoffman\Cookies\robert_hoffman@www.googleadservices[1].txt
    C:\Documents and Settings\Robert Hoffman\Cookies\robert_hoffman@adopt.specificclick[1].txt
    C:\Documents and Settings\Robert Hoffman\Cookies\robert_hoffman@mediaplex[1].txt
    C:\Documents and Settings\Robert Hoffman\Cookies\robert_hoffman@2o7[1].txt
    C:\Documents and Settings\Robert Hoffman\Cookies\robert_hoffman@clickbank[1].txt
    C:\Documents and Settings\Robert Hoffman\Cookies\robert_hoffman@doubleclick[1].txt
    C:\Documents and Settings\Robert Hoffman\Cookies\robert_hoffman@casalemedia[1].txt
    C:\Documents and Settings\Robert Hoffman\Cookies\robert_hoffman@atdmt[2].txt
    C:\Documents and Settings\Robert Hoffman\Cookies\robert_hoffman@anad.tacoda[1].txt

    Rootkit.RunTime2/CTLW32
    HKLM\SYSTEM\CurrentControlSet\Services\ctl_w32
    HKLM\SYSTEM\CurrentControlSet\Services\ctl_w32#ImagePath
    HKLM\SYSTEM\CurrentControlSet\Services\ctl_w32#Type
    HKLM\SYSTEM\CurrentControlSet\Services\ctl_w32#Start
    HKLM\SYSTEM\CurrentControlSet\Services\ctl_w32#DependOnGroup


    ComboFix 07-12-10.2 - Robert Hoffman 2007-12-11 20:56:47.2 - NTFSx86
    Microsoft Windows XP Professional 5.1.2600.2.1252.1.1033.18.1447 [GMT -8:00]
    Running from: C:\Documents and Settings\Robert Hoffman\Desktop\anti-virus\ComboFix.exe
    .

    ((((((((((((((((((((((((( Files Created from 2007-11-12 to 2007-12-12 )))))))))))))))))))))))))))))))
    .

    2007-12-10 22:02 . 2007-12-10 22:02 d-------- C:\Program Files\PrevxCSI
    2007-12-10 21:24 . 2007-12-10 22:02 d-------- C:\Documents and Settings\Robert Hoffman\Application Data\PrevxCSI
    2007-12-10 21:24 . 2007-12-10 21:24 d-------- C:\Documents and Settings\All Users\Application Data\Prevx
    2007-12-09 20:18 . 2007-12-11 20:48 d-------- C:\Program Files\SUPERAntiSpyware
    2007-12-09 20:18 . 2007-12-09 20:18 d-------- C:\Program Files\Common Files\Wise Installation Wizard
    2007-12-09 20:18 . 2007-12-09 20:18 d-------- C:\Documents and Settings\Robert Hoffman\Application Data\SUPERAntiSpyware.com
    2007-12-09 20:18 . 2007-12-09 20:18 d-------- C:\Documents and Settings\All Users\Application Data\SUPERAntiSpyware.com
    2007-12-08 15:34 . 2007-12-08 15:44 d-------- C:\sdat
    2007-12-08 15:31 . 2007-12-08 15:31 26,696,966 --a------ C:\sdat5181.exe
    2007-12-08 14:56 . 2007-12-08 14:56 d-------- C:\Documents and Settings\All Users\Application Data\Citrix
    2007-12-08 10:10 . 2007-12-08 10:10 d-------- C:\Program Files\Trend Micro
    2007-12-08 08:14 . 2007-12-08 08:33 d-------- C:\WINDOWS\system32\ActiveScan
    2007-12-08 08:14 . 2007-12-08 08:31 30,590 --a------ C:\WINDOWS\system32\pavas.ico
    2007-12-08 08:14 . 2007-12-08 08:31 2,550 --a------ C:\WINDOWS\system32\Uninstall.ico
    2007-12-08 08:14 . 2007-12-08 08:31 1,406 --a------ C:\WINDOWS\system32\Help.ico
    2007-12-07 07:04 . 2007-12-09 19:13 532,480 --a------ C:\WINDOWS\mmoc1.exe
    2007-12-07 07:04 . 2007-12-10 06:11 532,480 --a------ C:\WINDOWS\mm_tmpoc1.exe
    2007-12-07 07:04 . 2007-12-10 21:29 38,400 --a------ C:\WINDOWS\mmyh_co.exe
    2007-12-07 07:04 . 2007-12-10 21:29 4 --a------ C:\WINDOWS\c.pid
    2007-12-07 07:03 . 2007-12-10 21:29 38,400 --a------ C:\WINDOWS\mm_tmpyh_co.exe
    2007-12-05 05:14 . 2007-08-20 02:04 6,058,496 --------- C:\WINDOWS\system32\dllcache\ieframe.dll
    2007-12-05 05:14 . 2007-04-17 01:32 2,455,488 --------- C:\WINDOWS\system32\dllcache\ieapfltr.dat
    2007-12-05 05:14 . 2007-03-07 21:10 991,232 --------- C:\WINDOWS\system32\dllcache\ieframe.dll.mui
    2007-12-05 05:14 . 2007-08-20 02:04 459,264 --------- C:\WINDOWS\system32\dllcache\msfeeds.dll
    2007-12-05 05:14 . 2007-08-20 02:04 383,488 --------- C:\WINDOWS\system32\dllcache\ieapfltr.dll
    2007-12-05 05:14 . 2007-08-20 02:04 267,776 --------- C:\WINDOWS\system32\dllcache\iertutil.dll
    2007-12-05 05:14 . 2007-08-20 02:04 63,488 --------- C:\WINDOWS\system32\dllcache\icardie.dll
    2007-12-05 05:14 . 2007-08-20 02:04 52,224 --------- C:\WINDOWS\system32\dllcache\msfeedsbs.dll
    2007-12-05 05:14 . 2007-08-17 02:20 13,824 --------- C:\WINDOWS\system32\dllcache\ieudinit.exe
    2007-12-05 05:10 . 2007-08-13 18:54 33,792 --a------ C:\WINDOWS\system32\dllcache\custsat.dll
    2007-12-04 06:32 . 2007-12-10 21:30 40,960 --a------ C:\WINDOWS\mmhr.exe
    2007-12-04 06:32 . 2007-12-04 19:37 40,960 --a------ C:\WINDOWS\mm_tmphr.exe

    .
    (((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
    .
    2007-12-12 04:45 --------- d-----w C:\Program Files\McAfee
    2007-12-11 22:07 --------- d-----w C:\Documents and Settings\Robert Hoffman\Application Data\MSN6
    2007-12-10 14:06 --------- d-----w C:\Documents and Settings\Robert Hoffman\Application Data\SiteAdvisor
    2007-12-08 17:31 --------- d-----w C:\Program Files\Palm
    2007-12-08 17:27 --------- d-----w C:\Program Files\iTunes
    2007-12-08 17:26 --------- d-----w C:\Program Files\Google
    2007-12-08 17:25 --------- d-----w C:\Program Files\DIGStream
    2007-12-08 17:25 --------- d-----w C:\Program Files\DellSupport
    2007-12-07 15:02 --------- d-----w C:\Documents and Settings\LocalService\Application Data\SiteAdvisor
    2007-11-21 20:46 5,852 --sha-w C:\WINDOWS\system32\KGyGaAvL.sys
    2007-10-26 03:34 8,460,288 ----a-w C:\WINDOWS\system32\dllcache\shell32.dll
    2007-10-15 00:22 --------- d-----w C:\Documents and Settings\Robert Hoffman\Application Data\AdobeUM
    2006-11-20 14:10 85,312 ----a-w C:\Program Files\Mc
    2007-08-03 16:20 88 --sh--r C:\WINDOWS\system32\68F2791184.sys
    .

    ((((((((((((((((((((((((((((( snapshot@2007-12-10_18.26.13.06 )))))))))))))))))))))))))))))))))))))))))
    .
    - 2007-12-11 02:18:28 32,768 ----a-w C:\WINDOWS\system32\config\systemprofile\Cookies\index.dat
    + 2007-12-12 00:33:23 32,768 ----a-w C:\WINDOWS\system32\config\systemprofile\Cookies\index.dat
    - 2007-12-11 02:18:28 32,768 ----a-w C:\WINDOWS\system32\config\systemprofile\Local Settings\History\History.IE5\index.dat
    + 2007-12-12 00:33:23 32,768 ----a-w C:\WINDOWS\system32\config\systemprofile\Local Settings\History\History.IE5\index.dat
    - 2007-12-11 02:18:28 32,768 ----a-w C:\WINDOWS\system32\config\systemprofile\Local Settings\Temporary Internet Files\Content.IE5\index.dat
    + 2007-12-12 00:33:23 32,768 ----a-w C:\WINDOWS\system32\config\systemprofile\Local Settings\Temporary Internet Files\Content.IE5\index.dat
    - 2007-12-11 02:18:27 61,052 ----a-w C:\WINDOWS\system32\perfc009.dat
    + 2007-12-12 04:50:10 61,052 ----a-w C:\WINDOWS\system32\perfc009.dat
    - 2007-12-11 02:18:27 399,522 ----a-w C:\WINDOWS\system32\perfh009.dat
    + 2007-12-12 04:50:10 399,522 ----a-w C:\WINDOWS\system32\perfh009.dat
    + 2007-12-12 04:46:02 16,384 ----atw C:\WINDOWS\Temp\Perflib_Perfdata_9f0.dat
    .
    ((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
    .
    .
    *Note* empty entries & legit default entries are not shown
    REGEDIT4

    [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "SetDefaultMIDI"="MIDIDef.exe" [2004-12-22 14:40 C:\WINDOWS\MIDIDEF.EXE]
    "Creative Detector"="C:\Program Files\Creative\MediaSource\Detector\CTDetect.exe" [2004-12-02 15:23]
    "MSMSGS"="C:\Program Files\Messenger\msmsgs.exe" [2004-10-13 08:24]
    "DellSupport"="C:\Program Files\DellSupport\DSAgnt.exe" [2007-03-15 10:09]
    "ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-10 02:00]
    "swg"="C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2007-11-15 20:33]
    "Microsoft all"="C:\WINDOWS\mmall.exe" []
    "SUPERAntiSpyware"="C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe" [2007-06-21 14:06]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "ehTray"="C:\WINDOWS\ehome\ehtray.exe" [2005-09-29 11:01]
    "SigmatelSysTrayApp"="stsystra.exe" [2005-03-22 21:20 C:\WINDOWS\stsystra.exe]
    "ATIPTA"="C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe" [2005-08-05 18:05]
    "DMXLauncher"="C:\Program Files\Dell\Media Experience\DMXLauncher.exe" [2005-10-05 00:12]
    "CTSysVol"="C:\Program Files\Creative\SBAudigy\Surround Mixer\CTSysVol.exe" [2005-09-15 06:47]
    "MBMon"="Rundll32 CTMBHA.DLL" []
    "UpdReg"="C:\WINDOWS\UpdReg.EXE" [2000-05-10 22:00]
    "VoiceCenter"="C:\Program Files\Creative\VoiceCenter\AndreaVC.exe" [2005-09-19 04:42]
    "ISUSPM Startup"="C:\Program Files\Common Files\InstallShield\UpdateService\isuspm.exe" [2005-06-10 07:44]
    "ISUSScheduler"="C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" [2005-06-10 07:44]
    "DLA"="C:\WINDOWS\System32\DLA\DLACTRLW.EXE" [2005-09-08 02:20]
    "EPSON Stylus CX4800 Series"="C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATIADA.exe" [2005-02-01 19:00]
    "Microsoft Works Update Detection"="C:\Program Files\Common Files\Microsoft Shared\Works Shared\WkUFind.exe" [2003-09-13 20:36]
    "RealTray"="C:\Program Files\Real\RealPlayer\RealPlay.exe" [2006-04-28 21:50]
    "SiteAdvisor"="C:\Program Files\SiteAdvisor\6172\SiteAdv.exe" [2007-02-08 18:39]
    "mcagent_exe"="C:\Program Files\McAfee.com\Agent\mcagent.exe" [2007-08-04 01:33]
    "QuickTime Task"="C:\Program Files\QuickTime\qttask.exe" [2007-06-29 05:24]
    "iTunesHelper"="C:\Program Files\iTunes\iTunesHelper.exe" [2007-09-26 13:42]
    "PinnacleDriverCheck"="C:\WINDOWS\system32\\PSDrvCheck.exe" [2004-03-10 23:26]
    "PrevxCSI"="C:\Program Files\PrevxCSI\prevxcsi.exe" [2007-12-10 21:24]

    C:\Documents and Settings\All Users\Start Menu\Programs\Startup\
    Billminder.lnk - C:\Program Files\Quicken\billmind.exe [2002-07-30 12:34:16]
    HotSync Manager.lnk - C:\Program Files\Palm\Hotsync.exe [2004-06-09 13:27:34]
    Quicken Scheduled Updates.lnk - C:\Program Files\Quicken\bagent.exe [2002-07-30 12:34:30]
    Quicken Startup.lnk - C:\Program Files\Quicken\QWDLLS.EXE [2002-07-30 12:34:34]

    [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
    "InstallVisualStyle"= C:\WINDOWS\Resources\Themes\Royale\Royale.msstyles
    "InstallTheme"= C:\WINDOWS\Resources\Themes\Royale.theme

    [hkey_local_machine\software\microsoft\windows\currentversion\explorer\shellexecutehooks]
    "{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"= C:\Program Files\SUPERAntiSpyware\SASSEH.DLL [2006-12-20 13:55 77824]

    [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\!SASWinLogon]
    C:\Program Files\SUPERAntiSpyware\SASWINLO.dll 2007-04-19 13:41 294912 C:\Program Files\SUPERAntiSpyware\SASWINLO.dll

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\mcmscsvc]
    @=""

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MCODS]
    @=""


    [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{361ac05d-0e0d-11da-9aa9-806d6172696f}]
    \Shell\AutoRun\command - E:\setup.exe

    .
    Contents of the 'Scheduled Tasks' folder
    "2007-12-11 20:25:01 C:\WINDOWS\Tasks\AppleSoftwareUpdate.job"
    - C:\Program Files\Apple Software Update\SoftwareUpdate.exe
    "2007-05-15 09:49:57 C:\WINDOWS\Tasks\McDefragTask.job"
    - c:\program files\mcafee\mqc\QcConsol.exe'
    "2007-12-01 09:03:28 C:\WINDOWS\Tasks\McQcTask.job"
    - c:\program files\mcafee\mqc\QcConsol.exe
    .
    **************************************************************************

    catchme 0.3.1333 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
    Rootkit scan 2007-12-11 20:59:50
    Windows 5.1.2600 Service Pack 2 NTFS

    scanning hidden processes ...

    scanning hidden autostart entries ...

    scanning hidden files ...

    scan completed successfully
    hidden files: 0

    **************************************************************************
    .
    Completion time: 2007-12-11 21:00:32
    C:\ComboFix2.txt ... 2007-12-10 18:26
    .
    --- E O F --- 2007-12-07 02:54:37


    Logfile of Trend Micro HijackThis v2.0.2
    Scan saved at 6:14:37 PM, on 12/11/2007
    Platform: Windows XP SP2 (WinNT 5.01.2600)
    MSIE: Internet Explorer v7.00 (7.00.6000.16544)
    Boot mode: Normal

    Running processes:
    C:\WINDOWS\System32\smss.exe
    C:\WINDOWS\system32\winlogon.exe
    C:\WINDOWS\system32\services.exe
    C:\WINDOWS\system32\lsass.exe
    C:\WINDOWS\system32\Ati2evxx.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\System32\svchost.exe
    C:\WINDOWS\system32\spoolsv.exe
    C:\WINDOWS\Explorer.EXE
    C:\WINDOWS\ehome\ehtray.exe
    C:\WINDOWS\stsystra.exe
    C:\Program Files\Dell\Media Experience\DMXLauncher.exe
    C:\Program Files\Creative\SBAudigy\Surround Mixer\CTSysVol.exe
    C:\WINDOWS\system32\Rundll32.exe
    C:\Program Files\Creative\VoiceCenter\AndreaVC.exe
    C:\DOCUME~1\ROBERT~1\LOCALS~1\Temp\clclean.0001
    C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe
    C:\WINDOWS\System32\DLA\DLACTRLW.EXE
    C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATIADA.EXE
    C:\Program Files\Common Files\Microsoft Shared\Works Shared\WkUFind.exe
    C:\Program Files\Real\RealPlayer\RealPlay.exe
    C:\Program Files\SiteAdvisor\6172\SiteAdv.exe
    C:\Program Files\McAfee.com\Agent\mcagent.exe
    C:\Program Files\iTunes\iTunesHelper.exe
    C:\Program Files\PrevxCSI\prevxcsi.exe
    C:\Program Files\Creative\MediaSource\Detector\CTDetect.exe
    C:\Program Files\DellSupport\DSAgnt.exe
    C:\WINDOWS\system32\ctfmon.exe
    C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
    C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
    C:\PROGRA~1\COMMON~1\AOL\ACS\AOLacsd.exe
    C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
    C:\WINDOWS\system32\CTsvcCDA.exe
    C:\WINDOWS\eHome\ehRecvr.exe
    C:\WINDOWS\eHome\ehSched.exe
    C:\PROGRA~1\McAfee\MSC\mcmscsvc.exe
    c:\program files\common files\mcafee\mna\mcnasvc.exe
    c:\PROGRA~1\COMMON~1\mcafee\mcproxy\mcproxy.exe
    C:\PROGRA~1\McAfee\VIRUSS~1\mcshield.exe
    C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
    C:\Program Files\McAfee\MPF\MPFSrv.exe
    C:\Program Files\McAfee\MSK\MskSrver.exe
    C:\Program Files\Pinnacle\MediaServer\Microsoft SQL Server\MSSQL$PINNACLESYS\Binn\sqlservr.exe
    C:\Program Files\SiteAdvisor\6172\SAService.exe
    C:\WINDOWS\system32\svchost.exe
    c:\program files\pinnacle\shared files\programs\mediaserver\pmshost.exe
    C:\Program Files\Canon\CAL\CALMAIN.exe
    C:\Program Files\Common Files\Creative Labs Shared\Service\CreativeLicensing.exe
    C:\WINDOWS\eHome\ehmsas.exe
    C:\Program Files\iPod\bin\iPodService.exe
    C:\WINDOWS\system32\dllhost.exe
    C:\WINDOWS\System32\svchost.exe
    C:\Program Files\Palm\Hotsync.exe
    C:\PROGRA~1\McAfee\VIRUSS~1\mcsysmon.exe
    C:\Program Files\MSN Messenger\msnmsgr.exe
    C:\WINDOWS\system32\wuauclt.exe
    C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.adelphia.net/index.php
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
    R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
    O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll
    O2 - BHO: (no name) - {089FD14D-132B-48FC-8861-0048AE113215} - C:\Program Files\SiteAdvisor\6172\SiteAdv.dll
    O2 - BHO: McAntiPhishingBHO - {377C180E-6F0E-4D4C-980F-F45BD3D40CF4} - c:\PROGRA~1\mcafee\msk\mcapbho.dll
    O2 - BHO: DriveLetterAccess - {5CA3D70E-1895-11CF-8E15-001234567890} - C:\WINDOWS\System32\DLA\DLASHX_W.DLL
    O2 - BHO: scriptproxy - {7DB2D5A0-7241-4E79-B68D-6309F01C5231} - C:\Program Files\McAfee\VirusScan\scriptsn.dll
    O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar1.dll
    O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\2.0.301.7164\swg.dll
    O2 - BHO: EpsonToolBandKicker Class - {E99421FB-68DD-40F0-B4AC-B7027CAE2F1A} - C:\Program Files\EPSON\EPSON Web-To-Page\EPSON Web-To-Page.dll
    O3 - Toolbar: EPSON Web-To-Page - {EE5D279F-081B-4404-994D-C6B60AAEBA6D} - C:\Program Files\EPSON\EPSON Web-To-Page\EPSON Web-To-Page.dll
    O3 - Toolbar: McAfee SiteAdvisor - {0BF43445-2F28-4351-9252-17FE6E806AA0} - C:\Program Files\SiteAdvisor\6172\SiteAdv.dll
    O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll
    O4 - HKLM\..\Run: [ehTray] C:\WINDOWS\ehome\ehtray.exe
    O4 - HKLM\..\Run: [SigmatelSysTrayApp] stsystra.exe
    O4 - HKLM\..\Run: [ATIPTA] "C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe"
    O4 - HKLM\..\Run: [DMXLauncher] C:\Program Files\Dell\Media Experience\DMXLauncher.exe
    O4 - HKLM\..\Run: [CTSysVol] C:\Program Files\Creative\SBAudigy\Surround Mixer\CTSysVol.exe /r
    O4 - HKLM\..\Run: [MBMon] Rundll32 CTMBHA.DLL,MBMon
    O4 - HKLM\..\Run: [UpdReg] C:\WINDOWS\UpdReg.EXE
    O4 - HKLM\..\Run: [VoiceCenter] "C:\Program Files\Creative\VoiceCenter\AndreaVC.exe" /tray
    O4 - HKLM\..\Run: [ISUSPM Startup] "C:\Program Files\Common Files\InstallShield\UpdateService\isuspm.exe" -startup
    O4 - HKLM\..\Run: [ISUSScheduler] "C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" -start
    O4 - HKLM\..\Run: [DLA] C:\WINDOWS\System32\DLA\DLACTRLW.EXE
    O4 - HKLM\..\Run: [EPSON Stylus CX4800 Series] C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATIADA.EXE /P26 "EPSON Stylus CX4800 Series" /O6 "USB001" /M "Stylus CX4800"
    O4 - HKLM\..\Run: [Microsoft Works Update Detection] C:\Program Files\Common Files\Microsoft Shared\Works Shared\WkUFind.exe
    O4 - HKLM\..\Run: [RealTray] C:\Program Files\Real\RealPlayer\RealPlay.exe SYSTEMBOOTHIDEPLAYER
    O4 - HKLM\..\Run: [SiteAdvisor] C:\Program Files\SiteAdvisor\6172\SiteAdv.exe
    O4 - HKLM\..\Run: [mcagent_exe] C:\Program Files\McAfee.com\Agent\mcagent.exe /runkey
    O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
    O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
    O4 - HKLM\..\Run: [PinnacleDriverCheck] C:\WINDOWS\system32\\PSDrvCheck.exe
    O4 - HKLM\..\Run: [PrevxCSI] "C:\Program Files\PrevxCSI\prevxcsi.exe" -boot
    O4 - HKCU\..\Run: [SetDefaultMIDI] MIDIDef.exe
    O4 - HKCU\..\Run: [Creative Detector] "C:\Program Files\Creative\MediaSource\Detector\CTDetect.exe" /R
    O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
    O4 - HKCU\..\Run: [DellSupport] "C:\Program Files\DellSupport\DSAgnt.exe" /startup
    O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
    O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
    O4 - HKCU\..\Run: [Microsoft all] C:\WINDOWS\mmall.exe
    O4 - HKCU\..\Run: [SUPERAntiSpyware] C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
    O4 - Global Startup: Billminder.lnk = C:\Program Files\Quicken\billmind.exe
    O4 - Global Startup: HotSync Manager.lnk = C:\Program Files\Palm\Hotsync.exe
    O4 - Global Startup: Quicken Scheduled Updates.lnk = C:\Program Files\Quicken\bagent.exe
    O4 - Global Startup: Quicken Startup.lnk = C:\Program Files\Quicken\QWDLLS.EXE
    O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
    O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\j2re1.4.2_03\bin\npjpi142_03.dll
    O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\j2re1.4.2_03\bin\npjpi142_03.dll
    O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
    O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\system32\Shdocvw.dll
    O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
    O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
    O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
    O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
    O16 - DPF: {01A88BB1-1174-41EC-ACCB-963509EAE56B} (SysProWmi Class) - http://support.dell.com/systemprofiler/SysPro.CAB
    O16 - DPF: {4ED9DDF0-7479-4BBE-9335-5A1EDB1D8A21} (McAfee.com Operating System Class) - http://download.mcafee.com/molbin/sh...1/mcinsctl.cab
    O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://acs.pandasoftware.com/actives...ree/asinst.cab
    O20 - Winlogon Notify: !SASWinLogon - C:\Program Files\SUPERAntiSpyware\SASWINLO.dll
    O23 - Service: McAfee Application Installer Cleanup (0157651197385016) (0157651197385016mcinstcleanup) - McAfee, Inc. - C:\WINDOWS\TEMP\015765~1.EXE
    O23 - Service: AOL Connectivity Service (AOL ACS) - America Online, Inc. - C:\PROGRA~1\COMMON~1\AOL\ACS\AOLacsd.exe
    O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
    O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
    O23 - Service: Canon Camera Access Library 8 (CCALib8) - Canon Inc. - C:\Program Files\Canon\CAL\CALMAIN.exe
    O23 - Service: Creative Labs Licensing Service - Creative Labs - C:\Program Files\Common Files\Creative Labs Shared\Service\CreativeLicensing.exe
    O23 - Service: Creative Service for CDROM Access - Creative Technology Ltd - C:\WINDOWS\system32\CTsvcCDA.exe
    O23 - Service: DSBrokerService - Unknown owner - C:\Program Files\DellSupport\brkrsvc.exe
    O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
    O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
    O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
    O23 - Service: McAfee Services (mcmscsvc) - McAfee, Inc. - C:\PROGRA~1\McAfee\MSC\mcmscsvc.exe
    O23 - Service: McAfee Network Agent (McNASvc) - McAfee, Inc. - c:\program files\common files\mcafee\mna\mcnasvc.exe
    O23 - Service: McAfee Scanner (McODS) - McAfee, Inc. - C:\PROGRA~1\McAfee\VIRUSS~1\mcods.exe
    O23 - Service: McAfee Proxy Service (McProxy) - McAfee, Inc. - c:\PROGRA~1\COMMON~1\mcafee\mcproxy\mcproxy.exe
    O23 - Service: McAfee Real-time Scanner (McShield) - McAfee, Inc. - C:\PROGRA~1\McAfee\VIRUSS~1\mcshield.exe
    O23 - Service: McAfee SystemGuards (McSysmon) - McAfee, Inc. - C:\PROGRA~1\McAfee\VIRUSS~1\mcsysmon.exe
    O23 - Service: McAfee Personal Firewall Service (MpfService) - McAfee, Inc. - C:\Program Files\McAfee\MPF\MPFSrv.exe
    O23 - Service: McAfee SpamKiller Service (MSK80Service) - McAfee, Inc. - C:\Program Files\McAfee\MSK\MskSrver.exe
    O23 - Service: Intel NCS NetService (NetSvc) - Intel(R) Corporation - C:\Program Files\Intel\PROSetWired\NCS\Sync\NetSvc.exe
    O23 - Service: Pinnacle Systems Media Service (PinnacleSys.MediaServer) - Pinnacle Systems - c:\program files\pinnacle\shared files\programs\mediaserver\pmshost.exe
    O23 - Service: SiteAdvisor Service - Unknown owner - C:\Program Files\SiteAdvisor\6172\SAService.exe

    --
    End of file - 11676 bytes

Page 1 of 2 12 LastLast