This topic is locked
The MalWarrior icon has disappeared from my desktop does this mean it is gone? I am attaching the log and please forgive me if i did anything stupid as this is quite new for me. I wont be able to get back to this till tomorrow night as it is 11pm here (Ireland) and i have to work tomorrow.
ComboFix 08-05-12.1 - LEONA 2008-05-13 22:26:38.2 - NTFSx86
Microsoft Windows XP Home Edition 5.1.2600.2.1252.1.1033.18.119 [GMT 1:00]
Running from: C:\DOCUME~1\LEONA\LOCALS~1\Temp\Rar$EX01.687\ComboFix.exe
WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !!
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
---- Previous Run -------
.
C:\Documents and Settings\All Users\Application Data\Starware368
C:\Documents and Settings\All Users\Application Data\Starware368\buttons\503_button_1b_def.bmp
C:\Documents and Settings\All Users\Application Data\Starware368\buttons\503_button_1b_over.bmp
C:\Documents and Settings\All Users\Application Data\Starware368\buttons\512_button_1b_def.bmp
C:\Documents and Settings\All Users\Application Data\Starware368\buttons\512_button_1b_over.bmp
C:\Documents and Settings\All Users\Application Data\Starware368\buttons\513_button_1b_def.bmp
C:\Documents and Settings\All Users\Application Data\Starware368\buttons\513_button_1b_over.bmp
C:\Documents and Settings\All Users\Application Data\Starware368\buttons\Button_60.bmp
C:\Documents and Settings\All Users\Application Data\Starware368\buttons\Button_70.bmp
C:\Documents and Settings\All Users\Application Data\Starware368\buttons\Button_80.bmp
C:\Documents and Settings\All Users\Application Data\Starware368\buttons\FindIt.bmp
C:\Documents and Settings\All Users\Application Data\Starware368\buttons\FindItHot.bmp
C:\Documents and Settings\All Users\Application Data\Starware368\buttons\findithotxp.png
C:\Documents and Settings\All Users\Application Data\Starware368\buttons\finditxp.png
C:\Documents and Settings\All Users\Application Data\Starware368\buttons\logo.bmp
C:\Documents and Settings\All Users\Application Data\Starware368\buttons\logoxp.bmp
C:\Documents and Settings\All Users\Application Data\Starware368\contexts\error.xml
C:\Documents and Settings\All Users\Application Data\Starware368\contexts\Related.xml
C:\Documents and Settings\All Users\Application Data\Starware368\contexts\Travel.xml
C:\Documents and Settings\All Users\Application Data\Starware368\SimpleUpdate\ProductMessagingConfig.xml
C:\Documents and Settings\All Users\Application Data\Starware368\SimpleUpdate\ProductMessagingConfig.xml.backup
C:\Documents and Settings\All Users\Application Data\Starware368\SimpleUpdate\SimpleUpdateConfig.xml
C:\Documents and Settings\All Users\Application Data\Starware368\SimpleUpdate\SimpleUpdateConfig.xml.backup
C:\Documents and Settings\All Users\Application Data\Starware368\SimpleUpdate\TimerManagerConfig.xml
C:\Documents and Settings\All Users\Application Data\Starware368\SimpleUpdate\TimerManagerConfig.xml.backup
C:\Documents and Settings\LEONA\Application Data\Starware368
C:\Documents and Settings\LEONA\Application Data\Starware368\BrowserSearch\BrowserSearch.xml
C:\Documents and Settings\LEONA\Application Data\Starware368\BrowserSearch\BrowserSearch.xml.backup
C:\Documents and Settings\LEONA\Application Data\Starware368\Button_6\Button_6Options.xml
C:\Documents and Settings\LEONA\Application Data\Starware368\Button_6\Button_6Options.xml.backup
C:\Documents and Settings\LEONA\Application Data\Starware368\Button_7\Button_7Options.xml
C:\Documents and Settings\LEONA\Application Data\Starware368\Button_7\Button_7Options.xml.backup
C:\Documents and Settings\LEONA\Application Data\Starware368\Button_8\Button_8Options.xml
C:\Documents and Settings\LEONA\Application Data\Starware368\Button_8\Button_8Options.xml.backup
C:\Documents and Settings\LEONA\Application Data\Starware368\Configurator\Configurator.xml
C:\Documents and Settings\LEONA\Application Data\Starware368\Configurator\Configurator.xml.backup
C:\Documents and Settings\LEONA\Application Data\Starware368\Download\DownloadOptions.xml
C:\Documents and Settings\LEONA\Application Data\Starware368\Download\DownloadOptions.xml.backup
C:\Documents and Settings\LEONA\Application Data\Starware368\ErrorSearch\ErrorSearchOptions.xml
C:\Documents and Settings\LEONA\Application Data\Starware368\ErrorSearch\ErrorSearchOptions.xml.backup
C:\Documents and Settings\LEONA\Application Data\Starware368\Layouts\ToolbarLayout.xml
C:\Documents and Settings\LEONA\Application Data\Starware368\Layouts\ToolbarLayout.xml.backup
C:\Documents and Settings\LEONA\Application Data\Starware368\Lyrics\LyricsOptions.xml
C:\Documents and Settings\LEONA\Application Data\Starware368\Lyrics\LyricsOptions.xml.backup
C:\Documents and Settings\LEONA\Application Data\Starware368\Manager\ManagerOptions.xml
C:\Documents and Settings\LEONA\Application Data\Starware368\Manager\ManagerOptions.xml.backup
C:\Documents and Settings\LEONA\Application Data\Starware368\Music_Search\Music_SearchOptions.xml
C:\Documents and Settings\LEONA\Application Data\Starware368\Music_Search\Music_SearchOptions.xml.backup
C:\Documents and Settings\LEONA\Application Data\Starware368\Radio_UK\Radio_UKOptions.xml
C:\Documents and Settings\LEONA\Application Data\Starware368\Radio_UK\Radio_UKOptions.xml.backup
C:\Documents and Settings\LEONA\Application Data\Starware368\RelatedSearch\RelatedSearchOptions.xml
C:\Documents and Settings\LEONA\Application Data\Starware368\RelatedSearch\RelatedSearchOptions.xml.backup
C:\Documents and Settings\LEONA\Application Data\Starware368\Toolbar\TBProductsOptions.xml
C:\Documents and Settings\LEONA\Application Data\Starware368\Toolbar\TBProductsOptions.xml.backup
C:\Documents and Settings\LEONA\Application Data\Starware368\ToolbarLogo\ToolbarLogoOptions.xml
C:\Documents and Settings\LEONA\Application Data\Starware368\ToolbarLogo\ToolbarLogoOptions.xml.backup
C:\Documents and Settings\LEONA\Application Data\Starware368\ToolbarSearch\ToolbarSearchOptions.xml
C:\Documents and Settings\LEONA\Application Data\Starware368\ToolbarSearch\ToolbarSearchOptions.xml.backup
C:\Documents and Settings\LEONA\Application Data\Starware368\TravelSearch\TravelSearchOptions.xml
C:\Documents and Settings\LEONA\Application Data\Starware368\TravelSearch\TravelSearchOptions.xml.backup
C:\Documents and Settings\RONNIE\Application Data\FunWebProducts
C:\Documents and Settings\RONNIE\Application Data\FunWebProducts\Data\RONNIE\avatar.dat
C:\Documents and Settings\RONNIE\Favorites\Error Cleaner.url
C:\Documents and Settings\RONNIE\Favorites\Privacy Protector.url
C:\Documents and Settings\RONNIE\Favorites\Spyware&Malware Protection.url
C:\Program Files\FunWebProducts
C:\Program Files\FunWebProducts\ScreenSaver\Images\0034CFE5.urr
C:\Program Files\FunWebProducts\ScreenSaver\Images\01CFDD06.urr
C:\Program Files\FunWebProducts\Shared\Cache\CursorManiaBtn.html
C:\Program Files\FunWebProducts\Shared\Cache\MailStampBtn.html
C:\Program Files\FunWebProducts\Shared\Cache\MyStationeryBtn.html
C:\Program Files\FunWebProducts\Shared\Cache\SmileyCentralBtn.html
C:\Program Files\internet explorer\msimg32.dll
C:\Program Files\MyWebSearch
C:\Program Files\MyWebSearch\bar\1.bin\F3BKGERR.JPG
C:\Program Files\MyWebSearch\bar\1.bin\F3BROVLY.DLL
C:\Program Files\MyWebSearch\bar\1.bin\F3CJPEG.DLL
C:\Program Files\MyWebSearch\bar\1.bin\F3DTACTL.DLL
C:\Program Files\MyWebSearch\bar\1.bin\F3HISTSW.DLL
C:\Program Files\MyWebSearch\bar\1.bin\F3HTMLMU.DLL
C:\Program Files\MyWebSearch\bar\1.bin\F3HTTPCT.DLL
C:\Program Files\MyWebSearch\bar\1.bin\F3IMSTUB.DLL
C:\Program Files\MyWebSearch\bar\1.bin\F3POPSWT.DLL
C:\Program Files\MyWebSearch\bar\1.bin\F3PSSAVR.SCR
C:\Program Files\MyWebSearch\bar\1.bin\F3REPROX.DLL
C:\Program Files\MyWebSearch\bar\1.bin\F3RESTUB.DLL
C:\Program Files\MyWebSearch\bar\1.bin\F3SCHMON.EXE
C:\Program Files\MyWebSearch\bar\1.bin\F3SCRCTR.DLL
C:\Program Files\MyWebSearch\bar\1.bin\F3SHLLVW.DLL
C:\Program Files\MyWebSearch\bar\1.bin\F3SPACER.WMV
C:\Program Files\MyWebSearch\bar\1.bin\F3WALLPP.DAT
C:\Program Files\MyWebSearch\bar\1.bin\F3WPHOOK.DLL
C:\Program Files\MyWebSearch\bar\1.bin\M3FFXTBR.JAR
C:\Program Files\MyWebSearch\bar\1.bin\M3FFXTBR.MANIFEST
C:\Program Files\MyWebSearch\bar\1.bin\M3HTML.DLL
C:\Program Files\MyWebSearch\bar\1.bin\M3IDLE.DLL
C:\Program Files\MyWebSearch\bar\1.bin\M3IMPIPE.EXE
C:\Program Files\MyWebSearch\bar\1.bin\M3MSG.DLL
C:\Program Files\MyWebSearch\bar\1.bin\M3NTSTBR.JAR
C:\Program Files\MyWebSearch\bar\1.bin\M3NTSTBR.MANIFEST
C:\Program Files\MyWebSearch\bar\1.bin\M3OUTLCN.DLL
C:\Program Files\MyWebSearch\bar\1.bin\M3PLUGIN.DLL
C:\Program Files\MyWebSearch\bar\1.bin\M3SKIN.DLL
C:\Program Files\MyWebSearch\bar\1.bin\M3SKPLAY.EXE
C:\Program Files\MyWebSearch\bar\1.bin\M3SLSRCH.EXE
C:\Program Files\MyWebSearch\bar\1.bin\M3SRCHMN.EXE
C:\Program Files\MyWebSearch\bar\1.bin\MWSBAR.DLL
C:\Program Files\MyWebSearch\bar\1.bin\MWSOEMON.EXE
C:\Program Files\MyWebSearch\bar\1.bin\MWSOEPLG.DLL
C:\Program Files\MyWebSearch\bar\1.bin\MWSOESTB.DLL
C:\Program Files\MyWebSearch\bar\1.bin\NPMYWEBS.DLL
C:\Program Files\MyWebSearch\bar\Avatar\COMMON.F3S
C:\Program Files\MyWebSearch\bar\Cache\00195D49
C:\Program Files\MyWebSearch\bar\Cache\001964BB
C:\Program Files\MyWebSearch\bar\Cache\00196632.bin
C:\Program Files\MyWebSearch\bar\Cache\001968D2.bin
C:\Program Files\MyWebSearch\bar\Cache\00196E6F.bin
C:\Program Files\MyWebSearch\bar\Cache\00197C0C.bin
C:\Program Files\MyWebSearch\bar\Cache\004B7419.bin
C:\Program Files\MyWebSearch\bar\Cache\004B7850.bin
C:\Program Files\MyWebSearch\bar\Cache\004B7A44.bin
C:\Program Files\MyWebSearch\bar\Cache\004B7E1C.bin
C:\Program Files\MyWebSearch\bar\Cache\files.ini
C:\Program Files\MyWebSearch\bar\Game\CHECKERS.F3S
C:\Program Files\MyWebSearch\bar\Game\CHESS.F3S
C:\Program Files\MyWebSearch\bar\Game\REVERSI.F3S
C:\Program Files\MyWebSearch\bar\History\search2
C:\Program Files\MyWebSearch\bar\icons\CM.ICO
C:\Program Files\MyWebSearch\bar\icons\MFC.ICO
C:\Program Files\MyWebSearch\bar\icons\PSS.ICO
C:\Program Files\MyWebSearch\bar\icons\SMILEY.ICO
C:\Program Files\MyWebSearch\bar\icons\WB.ICO
C:\Program Files\MyWebSearch\bar\icons\ZWINKY.ICO
C:\Program Files\MyWebSearch\bar\Message\COMMON.F3S
C:\Program Files\MyWebSearch\bar\Message\COMMON\ask_logo.gif
C:\Program Files\MyWebSearch\bar\Message\COMMON\autoup.gif
C:\Program Files\MyWebSearch\bar\Message\COMMON\autoup.htm
C:\Program Files\MyWebSearch\bar\Message\COMMON\center.htm
C:\Program Files\MyWebSearch\bar\Message\COMMON\index.htm
C:\Program Files\MyWebSearch\bar\Message\COMMON\mid_dots.gif
C:\Program Files\MyWebSearch\bar\Message\COMMON\mws_logo.gif
C:\Program Files\MyWebSearch\bar\Message\COMMON\protect.htm
C:\Program Files\MyWebSearch\bar\Message\COMMON\shocked.gif
C:\Program Files\MyWebSearch\bar\Message\COMMON\stop.gif
C:\Program Files\MyWebSearch\bar\Message\COMMON\systray.htm
C:\Program Files\MyWebSearch\bar\Message\COMMON\systrayp.htm
C:\Program Files\MyWebSearch\bar\Message\COMMON\tp_grad.gif
C:\Program Files\MyWebSearch\bar\Message\COMMON\warn.gif
C:\Program Files\MyWebSearch\bar\Notifier\COMMON.F3S
C:\Program Files\MyWebSearch\bar\Notifier\DOG.F3S
C:\Program Files\MyWebSearch\bar\Notifier\FISH.F3S
C:\Program Files\MyWebSearch\bar\Notifier\KUNGFU.F3S
C:\Program Files\MyWebSearch\bar\Notifier\LIFEGARD.F3S
C:\Program Files\MyWebSearch\bar\Notifier\MAID.F3S
C:\Program Files\MyWebSearch\bar\Notifier\MAILBOX.F3S
C:\Program Files\MyWebSearch\bar\Notifier\OPERA.F3S
C:\Program Files\MyWebSearch\bar\Notifier\ROBOT.F3S
C:\Program Files\MyWebSearch\bar\Notifier\SEDUCT.F3S
C:\Program Files\MyWebSearch\bar\Notifier\SURFER.F3S
C:\Program Files\MyWebSearch\bar\Settings\prevcfg2.htm
C:\Program Files\MyWebSearch\bar\Settings\s_pid.dat
C:\Program Files\MyWebSearch\SrchAstt\1.bin\MWSSRCAS.DLL
C:\Program Files\Starware368
C:\Program Files\Starware368\bin\Starware368.dll
C:\Program Files\Starware368\brand.bmp
C:\Program Files\Starware368\icons\star_16.ico
C:\Program Files\Starware368\Starware368Config.xml
C:\Program Files\Starware368\Starware368Uninstall.exe
C:\WINDOWS\cookies.ini
C:\WINDOWS\dat.txt
C:\WINDOWS\Downloaded Program Files\setup.inf
C:\WINDOWS\system32\dbxDgrevCheck.dll
C:\WINDOWS\system32\drivers\Lwb30.sys
C:\WINDOWS\system32\eogypvkg.ini
C:\WINDOWS\system32\f3PSSavr.scr
C:\WINDOWS\SYSTEM32\giRXwyxx.ini
C:\WINDOWS\SYSTEM32\giRXwyxx.ini2
C:\WINDOWS\system32\jmjusnoo.ini
C:\WINDOWS\system32\jtmwxnww.ini
C:\WINDOWS\system32\loleilxi.ini
C:\WINDOWS\system32\mcrh.tmp
C:\WINDOWS\SYSTEM32\nTvCeMoq.ini
C:\WINDOWS\SYSTEM32\nTvCeMoq.ini2
C:\WINDOWS\system32\WinData.cab
.
((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))
.
-------\Legacy_LWB30
-------\Service_Lwb30
-------\Service_pjsapdg
((((((((((((((((((((((((( Files Created from 2008-04-13 to 2008-05-13 )))))))))))))))))))))))))))))))
.
2008-05-13 22:27 . 2008-05-13 22:27 294 ---hs---- C:\WINDOWS\SYSTEM32\jtmwxnww.ini
2008-05-13 18:30 . 2008-05-13 18:30 <DIR> d-------- C:\Documents and Settings\LocalService\Application Data\SiteAdvisor
2008-05-13 18:30 . 2008-05-13 18:30 <DIR> d-------- C:\Documents and Settings\LEONA\Application Data\PC Tools
2008-05-12 22:00 . 2008-05-13 21:47 9,957 --a------ C:\WINDOWS\SYSTEM32\Config.MPF
2008-05-12 21:59 . 2008-05-13 22:25 <DIR> d-------- C:\Program Files\SiteAdvisor
2008-05-12 21:59 . 2008-05-12 22:44 <DIR> d-------- C:\Documents and Settings\LEONA\Application Data\SiteAdvisor
2008-05-12 21:59 . 2008-05-12 21:59 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\SiteAdvisor
2008-05-12 21:57 . 2006-03-03 08:07 143,360 --a------ C:\WINDOWS\SYSTEM32\dunzip32.dll
2008-05-12 21:54 . 2007-11-22 06:44 201,320 --a------ C:\WINDOWS\SYSTEM32\DRIVERS\mfehidk.sys
2008-05-12 21:54 . 2007-11-22 06:44 79,304 --a------ C:\WINDOWS\SYSTEM32\DRIVERS\mfeavfk.sys
2008-05-12 21:54 . 2007-12-02 12:51 40,488 --a------ C:\WINDOWS\SYSTEM32\DRIVERS\mfesmfk.sys
2008-05-12 21:54 . 2007-11-22 06:44 35,240 --a------ C:\WINDOWS\SYSTEM32\DRIVERS\mfebopk.sys
2008-05-12 21:54 . 2007-11-22 06:44 33,832 --a------ C:\WINDOWS\SYSTEM32\DRIVERS\mferkdk.sys
2008-05-12 21:53 . 2007-07-13 06:20 113,952 --a------ C:\WINDOWS\SYSTEM32\DRIVERS\Mpfp.sys
2008-05-12 21:52 . 2008-05-13 18:28 <DIR> d-------- C:\Program Files\McAfee.com
2008-05-12 21:52 . 2008-05-13 18:28 <DIR> d-------- C:\Program Files\Common Files\McAfee
2008-05-12 21:51 . 2008-05-13 18:27 <DIR> d-------- C:\Program Files\McAfee
2008-05-12 21:06 . 2008-05-12 21:06 91,264 --a------ C:\WINDOWS\SYSTEM32\wwnxwmtj.dll
2008-05-12 20:30 . 2008-05-12 22:01 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\McAfee
2008-05-11 22:59 . 2007-12-10 13:53 81,288 --a------ C:\WINDOWS\SYSTEM32\DRIVERS\iksyssec.sys
2008-05-11 22:59 . 2007-12-10 13:53 66,952 --a------ C:\WINDOWS\SYSTEM32\DRIVERS\iksysflt.sys
2008-05-11 22:59 . 2008-02-01 11:55 42,376 --a------ C:\WINDOWS\SYSTEM32\DRIVERS\ikfilesec.sys
2008-05-11 22:59 . 2007-12-10 13:53 29,576 --a------ C:\WINDOWS\SYSTEM32\DRIVERS\kcom.sys
2008-05-11 14:24 . 2008-05-13 18:30 <DIR> d-------- C:\WINDOWS\SYSTEM32\Adobe
2008-05-11 14:05 . 2008-05-11 14:06 320,640 --a------ C:\WINDOWS\SYSTEM32\xxywXRig.dll
2008-05-11 13:58 . 2008-05-11 13:58 62,910 --a------ C:\Program Files\Uninstall.exe
2008-05-11 13:58 . 2008-05-11 13:58 0 --a------ C:\Program Files\uninstall.dat
2008-05-10 22:33 . 2008-05-10 22:33 320,640 --a------ C:\WINDOWS\SYSTEM32\qoMeCvTn.dll
2008-05-10 22:28 . 2008-05-10 22:28 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Adsl Software Limited
2008-05-10 22:28 . 2008-05-10 22:28 69,632 --a------ C:\ftklhae.exe
2008-05-10 22:28 . 2008-05-10 22:28 4,096 --a------ C:\syowpheg.exe
2008-05-10 22:28 . 2008-05-10 22:28 2 --a------ C:\-1730962822
2008-05-10 22:06 . 2008-05-10 22:06 <DIR> d-------- C:\~QTWTMP.TMP
2008-05-10 22:06 . 2008-05-10 22:06 812 --a------ C:\WINDOWS\QT$INST$.~PC
2008-05-10 13:59 . 2008-05-10 13:59 <DIR> d-------- C:\Documents and Settings\LEONA\Application Data\Apple Computer
2008-05-09 10:22 . 2008-05-09 10:22 <DIR> d-------- C:\Program Files\Common Files\xing shared
2008-05-01 17:55 . 2008-05-01 17:55 <DIR> d-------- C:\Documents and Settings\SEAN\Application Data\Roxio
2008-04-28 19:27 . 2008-04-28 19:27 1,002,464 --a------ C:\WINDOWS\dbplugin.exe
2008-04-26 09:40 . 2008-04-26 10:04 <DIR> d-------- C:\Temp\slieve russel
2008-04-25 13:43 . 2008-04-25 13:43 <DIR> d-------- C:\Program Files\MSECache
2008-04-21 13:31 . 2008-04-21 13:31 <DIR> d-------- C:\Program Files\Apple Software Update
2008-04-20 21:17 . 2008-04-20 21:17 <DIR> d-------- C:\Documents and Settings\LEONA\Application Data\Roxio
2008-04-19 16:00 . 2008-04-19 16:00 <DIR> d-------- C:\Documents and Settings\JASON\Application Data\Roxio
2008-04-19 13:29 . 2008-04-19 13:29 <DIR> d-------- C:\Program Files\MSXML 4.0
2008-04-18 21:43 . 2008-04-18 21:43 <DIR> d-------- C:\Documents and Settings\RONNIE\Application Data\Roxio
2008-04-18 21:43 . 2008-04-18 21:43 <DIR> d-------- C:\Documents and Settings\LocalService\Application Data\Roxio
2008-04-18 21:33 . 2008-04-18 21:33 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Sonic
2008-04-18 21:33 . 2008-04-18 21:33 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\InstallShield
2008-04-18 21:30 . 2008-04-18 21:33 <DIR> d-------- C:\Program Files\Roxio
2008-04-18 21:30 . 2008-04-18 21:32 <DIR> d-------- C:\Program Files\Common Files\Roxio Shared
2008-04-18 17:33 . 2008-04-18 21:19 <DIR> d-------- C:\WINDOWS\SYSTEM32\URTTemp
2008-04-16 19:22 . 2008-04-16 19:22 <DIR> d-------- C:\Documents and Settings\RONNIE\Application Data\Apple Computer
2008-04-15 22:29 . 2008-05-13 21:42 54,156 --ah----- C:\WINDOWS\QTFont.qfn
2008-04-15 22:29 . 2008-04-15 22:29 1,409 --a------ C:\WINDOWS\QTFont.for
2008-04-15 22:28 . 2008-04-15 22:28 <DIR> d-------- C:\Documents and Settings\JASON\Application Data\Apple Computer
2008-04-15 22:27 . 2008-04-15 22:28 <DIR> d-------- C:\Program Files\iTunes
2008-04-15 22:27 . 2008-04-15 22:27 <DIR> d-------- C:\Program Files\iPod
2008-04-15 22:27 . 2008-04-15 22:27 <DIR> d-------- C:\Program Files\Bonjour
2008-04-15 22:25 . 2008-04-15 22:27 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Apple Computer
2008-04-15 22:23 . 2008-04-15 22:23 <DIR> d-------- C:\Program Files\Common Files\Apple
2008-04-15 22:23 . 2008-04-15 22:23 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Apple
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-05-13 21:12 --------- d---a-w C:\Documents and Settings\All Users\Application Data\TEMP
2008-05-13 19:09 --------- d-----w C:\Documents and Settings\All Users\Application Data\Google Updater
2008-05-13 17:30 --------- d-----w C:\Program Files\Spyware Doctor
2008-05-13 17:30 --------- d-----w C:\Program Files\FreeGamesWay.com
2008-05-13 17:30 --------- d-----w C:\Documents and Settings\VISITOR\Application Data\AVG7
2008-05-13 17:30 --------- d-----w C:\Documents and Settings\JASON\Application Data\AVG7
2008-05-13 17:30 --------- d-----w C:\Documents and Settings\All Users\Application Data\Grisoft
2008-05-13 17:30 --------- d-----w C:\Documents and Settings\All Users\Application Data\Avg7
2008-05-13 17:28 --------- d-----w C:\Documents and Settings\SEAN\Application Data\AVG7
2008-05-13 17:28 --------- d-----w C:\Documents and Settings\RONNIE\Application Data\AVG7
2008-05-13 17:28 --------- d-----w C:\Documents and Settings\LEONA\Application Data\AVG7
2008-05-13 17:27 --------- d-----w C:\Program Files\Performanceoptimizer (Free)
2008-05-10 13:20 --------- d-----w C:\Program Files\Microsoft Image Composer
2008-05-09 09:22 --------- d-----w C:\Program Files\Common Files\Real
2008-04-28 18:06 --------- d-----w C:\Program Files\FrostWire
2008-04-24 20:42 --------- d-----w C:\Program Files\Google
2008-04-23 20:58 --------- d-----w C:\Documents and Settings\LEONA\Application Data\LimeWire
2008-04-23 20:40 --------- d-----w C:\Documents and Settings\LEONA\Application Data\FrostWire
2008-04-18 20:33 --------- d-----w C:\Program Files\Common Files\SureThing Shared
2008-04-18 20:32 --------- d-----w C:\Program Files\Common Files\Sonic Shared
2008-04-18 20:18 --------- d-----w C:\Program Files\Sonic
2008-04-15 21:26 --------- d-----w C:\Program Files\QuickTime
2008-04-12 20:49 --------- d-----w C:\Program Files\Picasa2
2008-04-05 16:37 --------- d-----w C:\Program Files\AskSBar
2008-03-17 22:19 --------- d-----w C:\Program Files\libraries
2008-03-17 22:19 --------- d-----w C:\Program Files\includes
2008-03-17 22:19 --------- d-----w C:\Program Files\images
2008-03-03 19:07 13,575,265 ----a-w C:\military_setup.exe
2008-02-27 19:28 12,247,247 ------w C:\avg7qt.dat
2008-02-08 16:38 304 ----a-w C:\Program Files\robots.txt
2004-12-07 21:46 2,421,920 -c--a-w C:\Program Files\winzip90.exe
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{0579B4B1-0293-4d73-B02D-5EBB0BA0F0A2}]
2008-04-05 17:37 66912 --a------ C:\Program Files\AskSBar\SrchAstt\1.bin\A2SRCHAS.DLL
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{1f14c084-987a-4e33-9cd6-879c0dc42729}]
2008-03-05 14:30 1470488 --a------ C:\Program Files\Free_games_way\tbFre1.dll
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{A4743FF7-98CF-4AC5-B49A-D7BCA30E30AE}]
2008-05-10 22:33 320640 --a------ C:\WINDOWS\system32\qoMeCvTn.dll
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
"{1F14C084-987A-4E33-9CD6-879C0DC42729}"= "C:\Program Files\Free_games_way\tbFre1.dll" [2008-03-05 14:30 1470488]
"{F0D4B239-DA4B-4DAF-81E4-DFEE4931A4AA}"= "C:\Program Files\AskSBar\bar\1.bin\ASKSBAR.DLL" [2008-03-07 16:20 267592]
[HKEY_CLASSES_ROOT\clsid\{1f14c084-987a-4e33-9cd6-879c0dc42729}]
[HKEY_CLASSES_ROOT\clsid\{f0d4b239-da4b-4daf-81e4-dfee4931a4aa}]
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-04 08:56 15360]
"swg"="C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2007-04-04 20:12 68856]
"MalWarrior"="C:\Documents and Settings\All Users\Application Data\Adsl Software Limited\MalWarrior 2008\Malwarrior.exe" [2008-05-10 22:29 1026560]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"EPSON Stylus Photo R240 Series"="C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATIAHE.exe" [2005-04-25 05:00 98304]
"My Web Search Bar Search Scope Monitor"="C:\PROGRA~1\MYWEBS~1\bar\1.bin\m3SrchMn.exe" [ ]
"QuickTime Task"="C:\Program Files\QuickTime\QTTask.exe" [2008-03-28 23:37 413696]
"EPSON Stylus Photo R240 Series (Copy 1)"="C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATIAHE.exe" [2005-04-25 05:00 98304]
"Adobe Reader Speed Launcher"="C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2008-01-11 23:16 39792]
"SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe" [2008-02-22 05:25 144784]
"iTunesHelper"="C:\Program Files\iTunes\iTunesHelper.exe" [2008-03-30 10:36 267048]
"RoxWatchTray"="C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxWatchTray9.exe" [2006-11-28 21:08 228088]
"ISUSPM Startup"="C:\PROGRA~1\COMMON~1\INSTAL~1\UPDATE~1\ISUSPM.exe" [2006-08-25 11:11 221184]
"ISUSScheduler"="C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" [2006-08-25 11:11 81920]
"TkBellExe"="C:\Program Files\Common Files\Real\Update_OB\realsched.exe" [2008-05-09 10:20 185896]
"ISTray"="C:\Program Files\Spyware Doctor\pctsTray.exe" [2008-04-10 15:14 1107848]
"98d39ad5"="C:\WINDOWS\system32\wwnxwmtj.dll" [2008-05-12 21:06 91264]
"mcagent_exe"="C:\Program Files\McAfee.com\Agent\mcagent.exe" [2007-11-01 19:12 582992]
"SiteAdvisor"="C:\Program Files\SiteAdvisor\6253\SiteAdv.exe" [2007-08-24 22:57 36640]
"McENUI"="C:\PROGRA~1\McAfee\MHN\McENUI.exe" [2007-11-30 05:42 1164576]
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="C:\WINDOWS\System32\CTFMON.EXE" [2004-08-04 08:56 15360]
C:\Documents and Settings\All Users\Start Menu\Programs\Startup\
Microsoft Office.lnk - C:\Program Files\Microsoft Office\Office\OSA9.EXE [2000-01-21 09:15:54 65588]
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\efcDUmnk]
efcDUmnk.dll
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]
"AppInit_DLLs"=C:\PROGRA~1\Google\GOOGLE~4\GOEC62~1.DLL
[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Belkin Wireless USB Utility.lnk]
path=C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Belkin Wireless USB Utility.lnk
backup=C:\WINDOWS\pss\Belkin Wireless USB Utility.lnkCommon Startup
[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Digital Line Detect.lnk]
path=C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Digital Line Detect.lnk
backup=C:\WINDOWS\pss\Digital Line Detect.lnkCommon Startup
[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Google Updater.lnk]
path=C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Google Updater.lnk
backup=C:\WINDOWS\pss\Google Updater.lnkCommon Startup
[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Mavis Beacon Teaches Typing Deluxe Version 11.lnk]
path=C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Mavis Beacon Teaches Typing Deluxe Version 11.lnk
backup=C:\WINDOWS\pss\Mavis Beacon Teaches Typing Deluxe Version 11.lnkCommon Startup
[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Microsoft Office.lnk]
path=C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Microsoft Office.lnk
backup=C:\WINDOWS\pss\Microsoft Office.lnkCommon Startup
[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Run Google Web Accelerator.lnk]
path=C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Run Google Web Accelerator.lnk
backup=C:\WINDOWS\pss\Run Google Web Accelerator.lnkCommon Startup
[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^WinZip Quick Pick.lnk]
path=C:\Documents and Settings\All Users\Start Menu\Programs\Startup\WinZip Quick Pick.lnk
backup=C:\WINDOWS\pss\WinZip Quick Pick.lnkCommon Startup
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AdaptecDirectCD]
C:\Program Files\Roxio\Easy CD Creator 5\DirectCD\DirectCD.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Photo Downloader]
--a------ 2007-03-09 11:09 63712 C:\Program Files\Adobe\Photoshop Album Starter Edition\3.2\Apps\apdproxy.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Reader Speed Launcher]
--a------ 2008-01-11 23:16 39792 C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ctfmon.exe]
--a--c--- 2004-08-04 08:56 15360 C:\WINDOWS\system32\ctfmon.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\dla]
C:\WINDOWS\system32\dla\tfswctrl.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DVDSentry]
--a------ 2003-08-13 10:27 28672 C:\WINDOWS\System32\DSentry.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\eBayToolbar]
--a------ 2008-02-24 16:59 623856 C:\Program Files\eBay\eBay Toolbar2\eBayTBDaemon.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Google Desktop Search]
--a------ 2007-08-14 00:59 1838592 C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HotKeysCmds]
--a------ 2005-10-19 08:59 126976 C:\WINDOWS\system32\hkcmd.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HPDJ Taskbar Utility]
--a------ 2003-09-01 12:42 176128 C:\WINDOWS\System32\spool\drivers\w32x86\3\hpztsb09.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\IgfxTray]
--a------ 2005-10-19 08:59 155648 C:\WINDOWS\system32\igfxtray.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\LVCOMS]
--a------ 2002-04-05 16:35 102400 C:\WINDOWS\System32\LVComS.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MSMSGS]
--a------ 2004-10-13 17:24 1694208 C:\Program Files\Messenger\msmsgs.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\My Web Search Bar Search Scope Monitor]
C:\PROGRA~1\MYWEBS~1\bar\1.bin\m3SrchMn.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MyWebSearch Email Plugin]
C:\PROGRA~1\MYWEBS~1\bar\1.bin\mwsoemon.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PCMService]
--------- 2003-08-26 19:47 204800 C:\Program Files\Dell\Media Experience\PCMService.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
--a------ 2008-03-28 23:37 413696 C:\Program Files\QuickTime\qttask.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Skype]
C:\Program Files\Skype\Phone\Skype.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Sonic RecordNow!]
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SpywareBot]
C:\Program Files\SpywareBot\SpywareBot.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched]
--a------ 2003-11-19 17:48 32881 C:\Program Files\Java\j2re1.4.2_03\bin\jusched.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\swg]
--a------ 2007-04-04 20:12 68856 C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\TkBellExe]
--a------ 2008-05-09 10:20 185896 C:\Program Files\Common Files\Real\Update_OB\realsched.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\UpdateManager]
--a------ 2003-08-19 02:01 110592 C:\Program Files\Common Files\Sonic\Update Manager\sgtray.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\WinampAgent]
--a------ 2003-12-13 01:50 33792 C:\Program Files\Winamp\winampa.exe
[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"AntiVirusDisableNotify"=dword:00000001
"AntiVirusOverride"=dword:00000001
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\McAfeeAntiVirus]
"DisableMonitoring"=dword:00000001
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\McAfeeFirewall]
"DisableMonitoring"=dword:00000001
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"C:\\Program Files\\Real\\RealPlayer\\realplay.exe"=
"C:\\Program Files\\Messenger\\msmsgs.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"C:\\Program Files\\Bonjour\\mDNSResponder.exe"=
"C:\\Program Files\\iTunes\\iTunes.exe"=
"C:\\Program Files\\Common Files\\McAfee\\MNA\\McNASvc.exe"=
S3 SMALUSB;Digital Camera Driver;C:\WINDOWS\system32\DRIVERS\smallogi.sys [2002-08-15 14:27]
*Newly Created Service* - SITEADVISOR_SERVICE
.
Contents of the 'Scheduled Tasks' folder
"2008-04-21 12:31:18 C:\WINDOWS\Tasks\AppleSoftwareUpdate.job"
- C:\Program Files\Apple Software Update\SoftwareUpdate.exe
"2008-05-12 20:53:05 C:\WINDOWS\Tasks\McDefragTask.job"
- c:\PROGRA~1\mcafee\mqc\QcConsol.exe'
"2008-05-12 20:53:03 C:\WINDOWS\Tasks\McQcTask.job"
- c:\PROGRA~1\mcafee\mqc\QcConsol.exe
"2008-04-11 02:30:00 C:\WINDOWS\Tasks\RegClean Scheduled Scan.job"
- C:\Program Files\RegClean\RegClean.ex
- C:\Program Files\RegClean.RONNIE)Runs RegClean to optimize your registry.
"2005-03-09 17:38:52 C:\WINDOWS\Tasks\Symantec NetDetect.job"
- C:\Program Files\Symantec\LiveUpdate\NDETECT.EXE
.
**************************************************************************
scanning hidden processes ...
scanning hidden autostart entries ...
scanning hidden files ...
scan completed successfully
hidden files:
**************************************************************************
.
--------------------- DLLs Loaded Under Running Processes ---------------------
PROCESS: C:\WINDOWS\explorer.exe
-> C:\Program Files\SiteAdvisor\6253\saHook.dll
-> C:\WINDOWS\system32\wwnxwmtj.dll
.
Completion time: 2008-05-13 22:36:27
ComboFix-quarantined-files.txt 2008-05-13 21:36:18
Pre-Run: 48,089,550,848 bytes free
Post-Run: 48,086,786,048 bytes free
463 --- E O F --- 2008-04-25 14:56:03
Sign In
Create Account
