Help
This topic is locked
Quote
ComboFix 09-05-26.05 - Quinn 05/27/2009 22:20.1 - NTFSx86
Microsoft® Windows Vista™ Home Premium 6.0.6001.1.1252.1.1033.18.1918.825 [GMT -7:00]
Running from: c:\users\Quinn\Downloads\ComboFix.exe
AV: AVG Anti-Virus Free *On-access scanning enabled* (Updated) {17DDD097-36FF-435F-9E1B-52D74245D6BF}
SP: AVG Anti-Virus Free *enabled* (Updated) {17DDD097-36FF-435F-9E1B-52D74245D6BF}
SP: Spybot - Search and Destroy *disabled* (Updated) {ED588FAF-1B8F-43B4-ACA8-8E3C85DADBE9}
SP: Windows Defender *enabled* (Updated) {D68DDC3A-831F-4FAE-9E44-DA132C1ACF46}
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
c:\users\Quinn\AppData\Local\Temp\sfamcc00001.dll
c:\users\Quinn\AppData\Local\Temp\sfareca00001.dll
D:\Desktop.ini
G:\Autorun.inf
.
((((((((((((((((((((((((( Files Created from 2009-04-28 to 2009-05-28 )))))))))))))))))))))))))))))))
.
2009-05-28 05:24 . 2009-05-28 05:27 -------- d-----w c:\users\Quinn\AppData\Local\temp
2009-05-27 23:18 . 2009-05-27 23:18 -------- d-----w c:\users\Quinn\AppData\Roaming\Malwarebytes
2009-05-27 23:18 . 2009-05-26 20:20 40160 ----a-w c:\windows\system32\drivers\mbamswissarmy.sys
2009-05-27 23:18 . 2009-05-27 23:18 -------- d-----w c:\program files\Malwarebytes' Anti-Malware
2009-05-27 23:18 . 2009-05-27 23:18 -------- d-----w c:\programdata\Malwarebytes
2009-05-27 23:18 . 2009-05-26 20:19 19096 ----a-w c:\windows\system32\drivers\mbam.sys
2009-05-26 00:49 . 2009-05-06 18:06 4784464 ----a-w c:\programdata\Microsoft\Windows Defender\Definition Updates\{92C6E36E-DE16-4E43-A232-4D748E98E89D}\mpengine.dll
2009-05-25 17:47 . 2009-05-25 17:47 -------- d-----w c:\program files\KeyTweak
2009-05-25 17:39 . 2009-05-28 05:26 -------- d-----w c:\program files\SpeedFan
2009-05-25 17:31 . 2009-05-25 17:31 -------- d-----w c:\program files\OpenPandora
2009-05-25 16:46 . 2009-05-26 03:52 -------- d-----w c:\users\Quinn\AppData\Roaming\FileZilla
2009-05-25 16:45 . 2009-05-25 16:45 -------- d-----w c:\program files\FileZilla FTP Client
2009-05-25 06:41 . 2009-05-25 06:46 -------- d-----w c:\users\Quinn\AppData\Roaming\AtomPark
2009-05-25 06:41 . 2009-05-25 06:41 -------- d-----w c:\program files\AtomPark
2009-05-20 00:53 . 2009-05-02 23:54 3288344 ----a-w c:\programdata\avg8\update\backup\setup.exe
2009-05-20 00:53 . 2009-05-02 23:54 424472 ----a-w c:\programdata\avg8\update\backup\avgwdwsc.dll
2009-05-20 00:53 . 2009-05-02 23:54 312088 ----a-w c:\programdata\avg8\update\backup\avglngx.dll
2009-05-20 00:53 . 2009-05-02 23:54 177432 ----a-w c:\programdata\avg8\update\backup\avgmail.dll
2009-05-20 00:53 . 2009-05-02 23:54 354584 ----a-w c:\programdata\avg8\update\backup\avgxch32.dll
2009-05-20 00:46 . 2007-06-19 00:12 16768 ----a-w c:\windows\system32\drivers\HpqKbFiltr.sys
2009-05-20 00:46 . 2006-11-02 14:09 1419232 ----a-w c:\windows\system32\drivers\wdfcoinstaller01005.dll
2009-05-20 00:46 . 2008-04-14 21:39 9344 ----a-w c:\windows\system32\drivers\CPQBttn.sys
2009-05-18 20:50 . 2009-05-18 21:06 -------- d-----w c:\windows\system32\no-NO
2009-05-18 20:50 . 2009-05-18 21:06 6656 ----a-w c:\windows\system32\bcmwlrc.dll
2009-05-18 20:50 . 2009-05-18 20:50 -------- d-----w c:\program files\Broadcom
2009-05-18 20:49 . 2009-05-18 20:49 -------- d-----w c:\users\Quinn\AppData\Roaming\InstallShield
2009-05-16 02:18 . 2009-05-16 02:18 -------- d-----w c:\users\Quinn\AppData\Local\LogMeIn
2009-05-16 02:18 . 2009-05-16 02:18 -------- d-----w c:\programdata\LogMeIn
2009-05-16 02:17 . 2008-10-17 03:35 28984 ----a-w c:\windows\system32\LMIport.dll
2009-05-16 02:17 . 2008-10-17 03:35 83288 ----a-w c:\windows\system32\LMIRfsClientNP.dll
2009-05-16 02:17 . 2008-07-25 01:46 47640 ----a-w c:\windows\system32\drivers\LMIRfsDriver.sys
2009-05-16 02:15 . 2008-10-17 03:35 87352 ----a-w c:\windows\system32\LMIinit.dll
2009-05-16 02:14 . 2009-05-27 09:12 -------- d-----w c:\program files\LogMeIn
2009-05-15 01:00 . 2009-05-15 01:00 -------- d-----w c:\users\Quinn\AppData\Roaming\Jasc
2009-05-15 00:59 . 2009-05-15 01:00 -------- d-----w c:\program files\Jasc Software Inc
2009-05-15 00:27 . 2009-05-15 00:27 -------- d-----w c:\users\Quinn\AppData\Roaming\MonkeyJam
2009-05-15 00:26 . 2009-05-15 00:26 -------- d-----w c:\program files\MonkeyJam
2009-05-15 00:19 . 2008-12-18 06:30 2587400 -c--a-w c:\programdata\{17A03471-20EB-4604-8E72-66EF7398750D}\setup_blazemp.exe
2009-05-15 00:19 . 2009-05-15 00:19 225280 ----atw c:\users\Quinn\AppData\Roaming\Microsoft\AdjMmsVista.dll
2009-05-15 00:18 . 2009-05-15 00:18 -------- d-----w c:\program files\Blaze Media Pro
2009-05-15 00:17 . 2009-05-15 00:19 -------- dc-h--w c:\programdata\{17A03471-20EB-4604-8E72-66EF7398750D}
2009-05-14 20:14 . 2009-05-14 20:14 -------- d-----w c:\program files\WinHTTrack
2009-05-14 20:04 . 2009-05-14 20:04 -------- d-----w c:\program files\Topaz Labs
2009-05-13 21:06 . 2009-05-02 23:54 2302232 ----a-w c:\programdata\avg8\update\backup\avguiadv.dll
2009-05-13 21:06 . 2009-05-02 23:54 3399960 ----a-w c:\programdata\avg8\update\backup\avgui.exe
2009-05-13 08:10 . 2009-05-13 08:10 -------- d-----w c:\users\Quinn\AppData\Roaming\CyberLink
2009-05-13 08:10 . 2009-05-13 08:10 -------- d-----w c:\users\Quinn\AppData\Roaming\HP
2009-05-13 07:37 . 2009-05-13 07:37 -------- d-----w c:\users\Quinn\AppData\Local\Cooliris
2009-05-13 07:37 . 2009-04-17 23:58 1161626 ----a-w c:\users\Quinn\AppData\Roaming\Mozilla\Firefox\Profiles\c4ho3rfm.default\extensions\piclens@cooliris.com\libs\avcodec-51.dll
2009-05-13 07:37 . 2009-04-17 23:58 954368 ----a-w c:\users\Quinn\AppData\Roaming\Mozilla\Firefox\Profiles\c4ho3rfm.default\extensions\piclens@cooliris.com\libs\PicLensHelper.exe
2009-05-13 07:37 . 2009-04-17 23:58 103424 ----a-w c:\users\Quinn\AppData\Roaming\Mozilla\Firefox\Profiles\c4ho3rfm.default\extensions\piclens@cooliris.com\libs\pixomatic.dll
2009-05-13 07:37 . 2009-04-17 23:58 65536 ----a-w c:\users\Quinn\AppData\Roaming\Mozilla\Firefox\Profiles\c4ho3rfm.default\extensions\piclens@cooliris.com\components\coolirisstub.dll
2009-05-13 07:37 . 2009-04-17 23:58 71652 ----a-w c:\users\Quinn\AppData\Roaming\Mozilla\Firefox\Profiles\c4ho3rfm.default\extensions\piclens@cooliris.com\libs\avutil-49.dll
2009-05-13 07:37 . 2009-04-17 23:58 4579328 ----a-w c:\users\Quinn\AppData\Roaming\Mozilla\Firefox\Profiles\c4ho3rfm.default\extensions\piclens@cooliris.com\libs\cooliris18.dll
2009-05-13 07:37 . 2009-04-17 23:58 344064 ----a-w c:\users\Quinn\AppData\Roaming\Mozilla\Firefox\Profiles\c4ho3rfm.default\extensions\piclens@cooliris.com\libs\LaunchCooliris.exe
2009-05-13 07:37 . 2009-04-17 23:58 4534272 ----a-w c:\users\Quinn\AppData\Roaming\Mozilla\Firefox\Profiles\c4ho3rfm.default\extensions\piclens@cooliris.com\libs\cooliris19.dll
2009-05-13 07:37 . 2009-04-17 23:58 131868 ----a-w c:\users\Quinn\AppData\Roaming\Mozilla\Firefox\Profiles\c4ho3rfm.default\extensions\piclens@cooliris.com\libs\avformat-52.dll
2009-05-12 20:19 . 2009-05-24 14:31 -------- d-----w c:\programdata\DVD Shrink
2009-05-12 20:19 . 2009-05-12 20:19 -------- d-----w c:\program files\DVD Shrink
2009-05-12 02:05 . 2009-05-12 02:05 -------- d-----w c:\program files\DVD Decrypter
2009-05-11 16:05 . 2009-05-11 16:12 -------- d-----w c:\program files\Cheat Engine
2009-05-11 16:05 . 2007-12-27 00:30 679936 ----a-w c:\windows\system32\D3DX81ab.dll
2009-05-11 16:05 . 2007-12-27 00:30 1970176 ----a-w c:\windows\system32\d3dx9.dll
2009-05-05 21:29 . 2009-05-05 21:29 -------- d-----w c:\program files\Texter
2009-05-05 09:06 . 2009-05-05 09:06 -------- d-----w c:\users\Quinn\AppData\Roaming\GarageGames
2009-05-04 20:48 . 2009-05-13 03:32 -------- d-----w c:\program files\Google
2009-05-04 20:44 . 2009-05-04 20:44 4478976 ----a-w c:\windows\system32\tliclean20.dll
2009-05-04 19:35 . 2009-05-04 23:34 -------- d-----w c:\program files\Spybot - Search & Destroy
2009-05-04 19:35 . 2009-05-04 19:39 -------- d-----w c:\programdata\Spybot - Search & Destroy
2009-05-04 18:51 . 2009-05-04 18:51 -------- d-----w c:\users\Quinn\AppData\Local\OgameBodyguard_Corp
2009-05-02 23:55 . 2009-05-02 23:54 486168 ----a-w c:\programdata\avg8\update\backup\avgrsx.exe
2009-05-02 23:53 . 2009-05-02 23:53 1437464 ----a-w c:\programdata\avg8\update\backup\avgupd.dll
2009-05-02 23:53 . 2009-05-02 23:53 755992 ----a-w c:\programdata\avg8\update\backup\avginet.dll
2009-05-01 09:47 . 2009-05-01 09:47 -------- d-----w c:\program files\NYKO
2009-04-30 19:53 . 2009-04-30 19:53 -------- d-----w c:\users\Quinn\dwhelper
2009-04-30 00:23 . 2009-04-30 00:23 -------- d-----w c:\users\Quinn\AppData\Roaming\WildTangent
2009-04-29 21:11 . 2007-12-28 18:15 172032 ----a-w c:\users\Quinn\AppData\Roaming\Mozilla\Firefox\Profiles\c4ho3rfm.default\extensions\{a7c6cf7f-112c-4500-a7ea-39801a327e5f}\platform\WINNT_x86-msvc\puttygen.exe
2009-04-29 21:11 . 2007-10-08 08:57 307200 ----a-w c:\users\Quinn\AppData\Roaming\Mozilla\Firefox\Profiles\c4ho3rfm.default\extensions\{a7c6cf7f-112c-4500-a7ea-39801a327e5f}\platform\WINNT_x86-msvc\psftp.exe
2009-04-29 21:11 . 2008-02-18 00:16 90112 ----a-w c:\users\Quinn\AppData\Roaming\Mozilla\Firefox\Profiles\c4ho3rfm.default\extensions\{a7c6cf7f-112c-4500-a7ea-39801a327e5f}\platform\WINNT_x86-msvc\components\ipc.dll
2009-04-29 18:38 . 2009-04-29 18:38 -------- d-----w c:\programdata\Raxco
2009-04-29 18:37 . 2009-04-29 18:38 -------- d-----w c:\program files\Raxco
2009-04-29 18:13 . 2009-04-29 18:13 -------- d-----w c:\programdata\PaperlessPrinter Data
2009-04-29 18:12 . 2009-04-29 18:12 -------- d-----w c:\program files\RareFind
2009-04-29 18:01 . 2009-04-29 18:01 -------- d-----w c:\program files\Topaz Labs LLC
2009-04-29 15:44 . 2009-04-29 15:44 -------- d-----w c:\program files\Microsoft CAPICOM 2.1.0.2
2009-04-29 15:32 . 2009-04-29 15:32 488960 ----a-w c:\users\Quinn\AppData\Roaming\Macromedia\Flash Player\www.macromedia.com\bin\octoshape\pmv302-0811070-0-main.dll
2009-04-29 15:32 . 2009-04-29 15:32 319488 ----a-w c:\users\Quinn\AppData\Roaming\Macromedia\Flash Player\www.macromedia.com\bin\octoshape\octoshape.exe
2009-04-29 12:38 . 2009-03-24 21:43 43008 ----a-w c:\users\Quinn\AppData\Roaming\Mozilla\Firefox\Profiles\c4ho3rfm.default\extensions\{3112ca9c-de6d-4884-a869-9855de68056c}\components\metricsloader.dll
2009-04-29 12:38 . 2009-03-24 21:43 43008 ----a-w c:\users\Quinn\AppData\Roaming\Mozilla\Firefox\Profiles\c4ho3rfm.default\extensions\{3112ca9c-de6d-4884-a869-9855de68056c}\components\googletoolbarloader.dll
2009-04-29 12:38 . 2009-03-24 21:43 235520 ----a-w c:\users\Quinn\AppData\Roaming\Mozilla\Firefox\Profiles\c4ho3rfm.default\extensions\{3112ca9c-de6d-4884-a869-9855de68056c}\libraries\metrics-ff2.dll
2009-04-29 12:38 . 2009-03-24 21:43 338432 ----a-w c:\users\Quinn\AppData\Roaming\Mozilla\Firefox\Profiles\c4ho3rfm.default\extensions\{3112ca9c-de6d-4884-a869-9855de68056c}\libraries\googletoolbar-ff2.dll
2009-04-29 12:38 . 2009-03-24 21:42 235008 ----a-w c:\users\Quinn\AppData\Roaming\Mozilla\Firefox\Profiles\c4ho3rfm.default\extensions\{3112ca9c-de6d-4884-a869-9855de68056c}\libraries\metrics-ff3.dll
2009-04-29 12:38 . 2009-03-24 21:42 345088 ----a-w c:\users\Quinn\AppData\Roaming\Mozilla\Firefox\Profiles\c4ho3rfm.default\extensions\{3112ca9c-de6d-4884-a869-9855de68056c}\libraries\googletoolbar-ff3.dll
2009-04-28 21:31 . 2008-12-04 08:25 120832 ----a-w c:\users\Quinn\AppData\Roaming\Mozilla\Firefox\Profiles\c4ho3rfm.default\extensions\{77b819fa-95ad-4f2c-ac7c-486b356188a9}\plugins\npietab.dll
2009-04-28 21:26 . 2009-04-29 19:54 -------- d-----w c:\users\Quinn\AppData\Roaming\Auslogics
2009-04-28 21:25 . 2009-04-28 21:25 -------- d-----w c:\program files\Auslogics
2009-04-28 18:47 . 2009-04-28 18:47 -------- d-----w c:\program files\Better File Rename
2009-04-28 18:25 . 2009-04-28 18:25 -------- d-----w c:\windows\Sun
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-05-28 05:26 . 2009-04-25 00:22 92927 ----a-w c:\programdata\nvModes.dat
2009-05-28 05:26 . 2009-04-25 00:53 -------- d-----w c:\users\Quinn\AppData\Roaming\DNA
2009-05-28 05:26 . 2009-04-25 00:53 -------- d-----w c:\program files\DNA
2009-05-27 08:37 . 2009-04-25 00:54 -------- d-----w c:\users\Quinn\AppData\Roaming\BitTorrent
2009-05-25 17:05 . 2009-04-24 01:39 -------- d-----w c:\program files\Yahoo!
2009-05-18 21:13 . 2009-04-24 00:42 -------- d--h--w c:\program files\InstallShield Installation Information
2009-05-18 21:12 . 2009-04-24 00:38 -------- d-----w c:\program files\Hewlett-Packard
2009-05-18 21:09 . 2009-04-24 13:27 -------- d-----w c:\users\Quinn\AppData\Roaming\Hewlett-Packard
2009-05-18 21:08 . 2009-04-24 01:25 -------- d-----w c:\program files\HP
2009-05-18 21:04 . 2009-04-25 00:22 -------- d-----w c:\programdata\NVIDIA
2009-05-14 23:28 . 2009-04-24 01:26 -------- d-----w c:\programdata\CyberLink
2009-05-13 08:10 . 2009-04-24 01:35 -------- d-----w c:\programdata\HP
2009-05-02 23:54 . 2009-04-25 00:48 11952 ----a-w c:\windows\system32\avgrsstx.dll
2009-05-02 23:54 . 2009-04-25 00:48 325896 ----a-w c:\windows\system32\drivers\avgldx86.sys
2009-05-02 23:54 . 2009-04-25 00:48 27784 ----a-w c:\windows\system32\drivers\avgmfx86.sys
2009-05-02 23:54 . 2009-04-27 00:17 2051864 ----a-w c:\programdata\avg8\update\backup\avgcorex.dll
2009-05-02 23:54 . 2009-04-25 00:48 108552 ----a-w c:\windows\system32\drivers\avgtdix.sys
2009-04-30 00:24 . 2009-04-24 01:39 -------- d-----w c:\programdata\WildTangent
2009-04-29 20:49 . 2009-04-24 13:36 109096 ----a-w c:\users\Quinn\AppData\Local\GDIPFONTCACHEV1.DAT
2009-04-29 17:49 . 2009-04-24 01:36 -------- d-----w c:\program files\Common Files\Adobe
2009-04-29 15:44 . 2009-04-24 01:21 -------- d-----w c:\programdata\Microsoft Help
2009-04-29 15:42 . 2009-04-24 01:20 -------- d-----w c:\program files\Microsoft Works
2009-04-28 03:18 . 2009-04-28 03:18 -------- d-----w c:\programdata\FLEXnet
2009-04-28 02:53 . 2009-04-28 02:53 -------- d-----w c:\program files\Adobe Media Player
2009-04-28 02:48 . 2009-04-28 02:48 -------- d-----w c:\program files\Common Files\Adobe AIR
2009-04-28 02:46 . 2009-04-28 02:46 -------- d-----w c:\program files\Common Files\Macrovision Shared
2009-04-26 02:56 . 2009-04-26 02:56 0 ---ha-w c:\windows\system32\drivers\Msft_User_WpdFs_01_00_00.Wdf
2009-04-26 02:19 . 2009-04-26 02:13 -------- d-----w c:\users\Quinn\AppData\Roaming\TrueCrypt
2009-04-26 02:12 . 2009-04-26 02:12 215872 ----a-w c:\windows\system32\drivers\truecrypt.sys
2009-04-26 02:12 . 2009-04-26 02:12 -------- d-----w c:\program files\TrueCrypt
2009-04-26 01:59 . 2006-11-02 12:37 -------- d-----w c:\program files\Windows Calendar
2009-04-26 01:58 . 2006-11-02 12:37 -------- d-----w c:\program files\Windows Sidebar
2009-04-26 01:58 . 2006-11-02 11:18 -------- d-----w c:\program files\Windows Mail
2009-04-26 01:58 . 2006-11-02 12:37 -------- d-----w c:\program files\Windows Collaboration
2009-04-26 01:58 . 2006-11-02 12:37 -------- d-----w c:\program files\Windows Journal
2009-04-26 01:58 . 2006-11-02 12:37 -------- d-----w c:\program files\Windows Photo Gallery
2009-04-26 01:58 . 2006-11-02 12:37 -------- d-----w c:\program files\Windows Defender
2009-04-26 01:50 . 2006-11-02 10:25 665600 ----a-w c:\windows\inf\drvindex.dat
2009-04-26 01:34 . 2006-11-02 10:32 101888 ----a-w c:\windows\system32\ifxcardm.dll
2009-04-26 01:34 . 2006-11-02 10:32 82432 ----a-w c:\windows\system32\axaltocm.dll
2009-04-26 00:10 . 2009-04-26 00:10 -------- d-----w c:\users\Quinn\AppData\Roaming\IObit
2009-04-25 12:45 . 2009-04-25 12:45 -------- d-----w c:\users\Quinn\AppData\Roaming\Apple Computer
2009-04-25 12:45 . 2009-04-25 12:44 -------- d-----w c:\programdata\{8CD7F5AF-ECFA-4793-BF40-D8F42DBFF906}
2009-04-25 12:45 . 2009-04-25 12:44 -------- d-----w c:\program files\iTunes
2009-04-25 12:45 . 2009-04-25 12:45 -------- d-----w c:\program files\iPod
2009-04-25 12:45 . 2009-04-25 02:39 -------- d-----w c:\program files\Common Files\Apple
2009-04-25 12:44 . 2009-04-25 12:40 -------- d-----w c:\programdata\Apple Computer
2009-04-25 12:41 . 2009-04-25 12:41 -------- d-----w c:\program files\Bonjour
2009-04-25 12:41 . 2009-04-25 12:40 -------- d-----w c:\program files\QuickTime
2009-04-25 12:39 . 2009-04-25 12:39 -------- d-----w c:\program files\Apple Software Update
2009-04-25 12:31 . 2009-04-25 02:16 -------- d-----w c:\program files\McAfee
2009-04-25 03:49 . 2009-04-25 03:49 296960 ----a-w c:\windows\system32\gdi32.dll
2009-04-25 03:49 . 2009-04-25 03:49 269312 ----a-w c:\windows\system32\es.dll
2009-04-25 03:48 . 2009-04-25 03:48 2048 ----a-w c:\windows\system32\tzres.dll
2009-04-25 03:33 . 2009-04-25 03:33 1793536 ----a-w c:\windows\system32\NlsLexicons0045.dll
2009-04-25 03:33 . 2009-04-25 03:33 1808896 ----a-w c:\windows\system32\NlsLexicons0046.dll
2009-04-25 03:33 . 2009-04-25 03:33 1411072 ----a-w c:\windows\system32\NlsLexicons0047.dll
2009-04-25 03:31 . 2009-04-25 03:31 11722752 ----a-w c:\windows\system32\NlsLexicons0001.dll
2009-04-25 03:31 . 2009-04-25 03:31 4164096 ----a-w c:\windows\system32\NlsLexicons0002.dll
2009-04-25 03:31 . 2009-04-25 03:31 1452544 ----a-w c:\windows\system32\NlsLexicons0003.dll
2009-04-25 03:31 . 2009-04-25 03:31 12240896 ----a-w c:\windows\system32\NlsLexicons0007.dll
2009-04-25 03:31 . 2009-04-25 03:31 2644480 ----a-w c:\windows\system32\NlsLexicons0009.dll
2009-04-25 03:31 . 2009-04-25 03:31 3419136 ----a-w c:\windows\system32\NlsLexicons004a.dll
2009-04-25 03:31 . 2009-04-25 03:31 1702912 ----a-w c:\windows\system32\NlsLexicons004b.dll
2009-04-25 03:31 . 2009-04-25 03:31 4093440 ----a-w c:\windows\system32\NlsLexicons004c.dll
2009-04-25 03:31 . 2009-04-25 03:31 1972736 ----a-w c:\windows\system32\NlsLexicons004e.dll
2009-04-25 03:31 . 2009-04-25 03:31 4045824 ----a-w c:\windows\system32\NlsLexicons003e.dll
2009-04-25 03:31 . 2009-04-25 03:31 4096 ----a-w c:\windows\system32\NlsLexicons002a.dll
2009-04-25 03:30 . 2009-04-25 03:30 6014976 ----a-w c:\windows\system32\NlsLexicons001a.dll
2009-04-25 03:30 . 2009-04-25 03:30 6585856 ----a-w c:\windows\system32\NlsLexicons001b.dll
2009-04-25 03:30 . 2009-04-25 03:30 6346240 ----a-w c:\windows\system32\NlsLexicons001d.dll
2009-04-25 03:30 . 2009-04-25 03:30 9892864 ----a-w c:\windows\system32\NlsLexicons000a.dll
2009-04-25 03:30 . 2009-04-25 03:30 6237696 ----a-w c:\windows\system32\NlsLexicons000c.dll
2009-04-25 03:30 . 2009-04-25 03:30 1722368 ----a-w c:\windows\system32\NlsLexicons000d.dll
2009-04-25 03:30 . 2009-04-25 03:30 5654528 ----a-w c:\windows\system32\NlsLexicons000f.dll
2009-04-25 03:30 . 2009-04-25 03:30 4616192 ----a-w c:\windows\system32\NlsLexicons0414.dll
2009-04-25 03:30 . 2009-04-25 03:30 5090816 ----a-w c:\windows\system32\NlsLexicons0416.dll
2009-04-25 03:30 . 2009-04-25 03:30 5031936 ----a-w c:\windows\system32\NlsLexicons0816.dll
2009-04-25 03:23 . 2009-04-25 03:23 6656 ----a-w c:\windows\system32\kbd106n.dll
2009-04-25 03:23 . 2009-04-25 03:23 988216 ----a-w c:\windows\system32\winload.exe
2009-04-25 03:23 . 2009-04-25 03:23 927288 ----a-w c:\windows\system32\winresume.exe
2009-04-25 03:23 . 2009-04-25 03:23 40960 ----a-w c:\windows\system32\srclient.dll
2009-04-25 03:23 . 2009-04-25 03:23 378368 ----a-w c:\windows\system32\srcore.dll
2009-04-25 03:23 . 2009-04-25 03:23 318464 ----a-w c:\windows\system32\rstrui.exe
2009-04-25 03:23 . 2009-04-25 03:23 19000 ----a-w c:\windows\system32\kd1394.dll
2009-04-25 03:23 . 2009-04-25 03:23 14848 ----a-w c:\windows\system32\srdelayed.exe
2009-04-25 03:23 . 2009-04-25 03:23 46592 ----a-w c:\windows\system32\setbcdlocale.dll
2009-04-25 03:23 . 2009-04-25 03:23 615992 ----a-w c:\windows\system32\ci.dll
2009-04-25 02:54 . 2009-04-24 01:04 -------- d-----w c:\programdata\Roxio
2009-04-25 02:54 . 2009-04-24 01:01 -------- d-----w c:\program files\Common Files\Roxio Shared
2009-04-25 02:53 . 2009-04-24 01:01 -------- d-----w c:\program files\Common Files\Sonic Shared
2009-04-25 02:39 . 2009-04-25 02:39 -------- d-----w c:\programdata\Apple
2009-04-25 02:36 . 2009-04-25 02:36 -------- d-----w c:\users\Quinn\AppData\Roaming\vlc
2009-04-25 02:35 . 2009-04-25 02:35 -------- d-----w c:\program files\VideoLAN
2009-04-25 02:29 . 2009-04-25 02:29 -------- d-----w c:\program files\GraphingCalcEmu
2009-04-25 02:28 . 2006-11-02 12:37 -------- d-----w c:\program files\MSBuild
2009-04-25 02:17 . 2009-04-25 02:17 -------- d-----w c:\program files\Microsoft Visual Studio 8
2009-04-25 02:17 . 2009-04-25 02:17 -------- d-----w c:\programdata\SiteAdvisor
2009-04-25 02:16 . 2009-04-25 02:16 -------- d-----w c:\programdata\McAfee
2009-04-25 02:16 . 2009-04-25 02:16 -------- d-----w c:\program files\Common Files\McAfee
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"DesktopIconToy"="c:\program files\Desktop Icon Toy\DesktopIconToy.exe" [2008-10-12 450560]
"BitTorrent DNA"="c:\program files\DNA\btdna.exe" [2009-04-25 321344]
"Meebo Notifier"="c:\users\Quinn\AppData\Local\Meebo\Meebo Notifier\MeeboNotifier.exe" [2009-05-21 790528]
"Auslogics BoostSpeed 4"="c:\program files\Auslogics\AusLogics BoostSpeed\boostspeed.exe" [2008-04-08 255088]
"SpybotSD TeaTimer"="c:\program files\Spybot - Search & Destroy\TeaTimer.exe" [2009-03-05 2260480]
"WMPNSCFG"="c:\program files\Windows Media Player\WMPNSCFG.exe" [2008-01-19 202240]
"Sidebar"="c:\program files\Windows Sidebar\sidebar.exe" [2008-01-19 1233920]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SynTPEnh"="c:\program files\Synaptics\SynTP\SynTPEnh.exe" [2008-03-28 1045800]
"QPService"="c:\program files\HP\QuickPlay\QPService.exe" [2007-04-24 176128]
"hpWirelessAssistant"="c:\program files\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe" [2007-03-01 472776]
"WAWifiMessage"="c:\program files\Hewlett-Packard\HP Wireless Assistant\WiFiMsg.exe" [2007-01-10 317128]
"CognizanceTS"="c:\progra~1\BIOSCR~1\VeriSoft\Bin\ASTSVCC.dll" [2003-12-22 17920]
"QuickTime Task"="c:\program files\QuickTime\QTTask.exe" [2009-01-05 413696]
"AdobeCS4ServiceManager"="c:\program files\Common Files\Adobe\CS4ServiceManager\CS4ServiceManager.exe" [2008-08-14 611712]
"LogMeIn GUI"="c:\program files\LogMeIn\x86\LogMeInSystray.exe" [2008-07-25 63048]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2008-12-04 13556256]
"NvMediaCenter"="c:\windows\system32\NvMcTray.dll" [2008-12-04 92704]
"HP Software Update"="c:\program files\Hp\HP Software Update\HPWuSchd2.exe" [2007-05-08 54840]
"QlbCtrl.exe"="c:\program files\Hewlett-Packard\HP Quick Launch Buttons\QlbCtrl.exe" [2008-08-01 202032]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce]
"Launcher"="c:\windows\SMINST\launcher.exe" [2006-11-08 44128]
c:\users\Quinn\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
SpeedFan.lnk - c:\program files\SpeedFan\speedfan.exe [2009-4-22 3921528]
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"EnableLUA"= 0 (0x0)
"EnableUIADesktopToggle"= 0 (0x0)
"DisableStartupSound"= 1 (0x1)
"DisableStatusMessages"= 1 (0x1)
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]
"AppInit_DLLs"=c:\windows\System32\APSHook.dll c:\windows\System32\avgrsstx.dll
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\session manager]
BootExecute REG_MULTI_SZ PDBoot.exe\0autocheck autochk *
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
Notification Packages REG_MULTI_SZ scecli ASWLNPkg
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys]
@="Driver"
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WinDefend]
@="Service"
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring]
"DisableMonitoring"=dword:00000001
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]
"DisableMonitoring"=dword:00000001
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall]
"DisableMonitoring"=dword:00000001
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\FirewallRules]
"EarthLink2"= TCP:Profile=Private|Profile=Public|c:\program files\earthlink totalaccess\taskpanl.exe:taskpanl
"EarthLink1"= UDP:Profile=Private|Profile=Public|c:\program files\earthlink totalaccess\taskpanl.exe:taskpanl
"{7AB50765-3E73-46AF-91C5-F3730C670F1C}"= UDP:c:\program files\DNA\btdna.exe:DNA (TCP-In)
"{2BD35767-2339-4C50-9574-0CB30B705EE5}"= TCP:c:\program files\DNA\btdna.exe:DNA (UDP-In)
"TCP Query User{834C755F-BA19-4BA0-8D6F-6D8AF895384A}c:\\program files\\dna\\btdna.exe"= UDP:c:\program files\dna\btdna.exe:DNA
"UDP Query User{859CDE24-3028-4C22-9720-8B77A054FB2B}c:\\program files\\dna\\btdna.exe"= TCP:c:\program files\dna\btdna.exe:DNA
"{8A8EB4F5-220B-483C-8F78-4291AC662178}"= UDP:c:\program files\BitTorrent\bittorrent.exe:BitTorrent (TCP-In)
"{F9C5F40E-F3C4-449E-BF9C-E98FA1BD82CE}"= TCP:c:\program files\BitTorrent\bittorrent.exe:BitTorrent (UDP-In)
"TCP Query User{48F3B17F-00D6-4379-9248-6034339D8D8E}c:\\program files\\internet explorer\\iexplore.exe"= UDP:c:\program files\internet explorer\iexplore.exe:Internet Explorer
"UDP Query User{B447A8E0-CF39-4DCC-9DBA-A985CA9BA5A8}c:\\program files\\internet explorer\\iexplore.exe"= TCP:c:\program files\internet explorer\iexplore.exe:Internet Explorer
"{1F0233B6-73C8-4366-8937-7C7D35788EAA}"= UDP:c:\program files\AtomPark\Atomic Mail Sender\AtomicMailSender.exe:Atomic Mail Sender
"{8862EDE1-C0E7-4E27-977D-CBF716896E84}"= TCP:c:\program files\AtomPark\Atomic Mail Sender\AtomicMailSender.exe:Atomic Mail Sender
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\StandardProfile\AuthorizedApplications\List]
"c:\\Program Files\\EarthLink TotalAccess\\TaskPanl.exe"= c:\program files\EarthLink TotalAccess\TaskPanl.exe:*:Enabled:Earthlink
"c:\\Program Files\\BitTorrent\\bittorrent.exe"= c:\program files\BitTorrent\bittorrent.exe:*:Enabled:BitTorrent
R1 AvgLdx86;AVG Free AVI Loader Driver x86;c:\windows\System32\drivers\avgldx86.sys [4/24/2009 5:48 PM 325896]
R1 AvgTdiX;AVG Free8 Network Redirector;c:\windows\System32\drivers\avgtdix.sys [4/24/2009 5:48 PM 108552]
R2 ASBroker;Logon Session Broker;c:\windows\System32\svchost.exe -k Cognizance [4/25/2009 8:19 AM 21504]
R2 ASChannel;Local Communication Channel;c:\windows\System32\svchost.exe -k Cognizance [4/25/2009 8:19 AM 21504]
R2 LMIInfo;LogMeIn Kernel Information Provider;c:\program files\LogMeIn\x86\rainfo.sys [7/24/2008 6:46 PM 12856]
R2 LMIRfsDriver;LogMeIn Remote File System Driver;c:\windows\System32\drivers\LMIRfsDriver.sys [5/15/2009 7:17 PM 47640]
R2 McAfee SiteAdvisor Service;McAfee SiteAdvisor Service;c:\program files\McAfee\SiteAdvisor\McSACore.exe [4/24/2009 7:16 PM 210216]
R2 SBSDWSCService;SBSD Security Center Service;c:\program files\Spybot - Search & Destroy\SDWinSec.exe [5/4/2009 12:35 PM 1153368]
R3 Com4QLBEx;Com4QLBEx;c:\program files\Hewlett-Packard\HP Quick Launch Buttons\Com4QLBEx.exe [5/19/2009 5:46 PM 193840]
S2 gupdate1c9ccf9b8d054a5;Google Update Service (gupdate1c9ccf9b8d054a5);c:\program files\Google\Update\GoogleUpdate.exe [5/4/2009 1:48 PM 133104]
S4 avg8emc;AVG Free8 E-mail Scanner;c:\progra~1\AVG\AVG8\avgemc.exe [4/24/2009 5:48 PM 908568]
S4 avg8wd;AVG Free8 WatchDog;c:\progra~1\AVG\AVG8\avgwdsvc.exe [4/24/2009 5:48 PM 298776]
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
Cognizance REG_MULTI_SZ ASBroker ASChannel
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{10880D85-AAD9-4558-ABDC-2AB1552D831F}]
"c:\program files\Common Files\LightScribe\LSRunOnce.exe"
.
Contents of the 'Scheduled Tasks' folder
2009-05-28 c:\windows\Tasks\GoogleUpdateTaskMachine.job
- c:\program files\Google\Update\GoogleUpdate.exe [2009-05-04 20:48]
.
- - - - ORPHANS REMOVED - - - -
SafeBoot-procexp90.Sys
.
------- Supplementary Scan -------
.
uStart Page = https://secure.logmein.com/home.asp?lang=en
mStart Page = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=EN_US&c=73&bd=Pavilion&pf=laptop
uInternet Settings,ProxyOverride = *.local
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~3\Office12\EXCEL.EXE/3000
FF - ProfilePath - c:\users\Quinn\AppData\Roaming\Mozilla\Firefox\Profiles\c4ho3rfm.default\
FF - prefs.js: browser.search.selectedEngine - The Pirate Bay
FF - prefs.js: browser.startup.homepage - hxxp://www.facebook.com/home.php?
FF - prefs.js: keyword.URL - hxxp://www.google.com/search?&q=
FF - component: c:\program files\AVG\AVG8\Firefox\components\avgssff.dll
FF - component: c:\program files\Google\Google Gears\Firefox\components\gears.dll
FF - component: c:\program files\McAfee\SiteAdvisor\components\McFFPlg.dll
FF - component: c:\users\Quinn\AppData\Roaming\Mozilla\Firefox\Profiles\c4ho3rfm.default\extensions\{a7c6cf7f-112c-4500-a7ea-39801a327e5f}\platform\WINNT_x86-msvc\components\ipc.dll
FF - component: c:\users\Quinn\AppData\Roaming\Mozilla\Firefox\Profiles\c4ho3rfm.default\extensions\piclens@cooliris.com\components\coolirisstub.dll
FF - plugin: c:\program files\Google\Update\1.2.145.5\npGoogleOneClick8.dll
FF - plugin: c:\program files\Java\jre1.6.0\bin\npjava11.dll
FF - plugin: c:\program files\Java\jre1.6.0\bin\npjava12.dll
FF - plugin: c:\program files\Java\jre1.6.0\bin\npjava13.dll
FF - plugin: c:\program files\Java\jre1.6.0\bin\npjava14.dll
FF - plugin: c:\program files\Java\jre1.6.0\bin\npjava32.dll
FF - plugin: c:\program files\Java\jre1.6.0\bin\npjpi160.dll
FF - plugin: c:\program files\Java\jre1.6.0\bin\npoji610.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\npbittorrent.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\npyaxmpb.dll
FF - plugin: c:\users\Quinn\AppData\Roaming\Mozilla\Firefox\Profiles\c4ho3rfm.default\extensions\iaplayer@instantaction.com\plugins\npiaplayer.dll
.
**************************************************************************
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2009-05-27 22:27
Windows 6.0.6001 Service Pack 1 NTFS
scanning hidden processes ...
scanning hidden autostart entries ...
scanning hidden files ...
scan completed successfully
hidden files: 0
**************************************************************************
.
--------------------- LOCKED REGISTRY KEYS ---------------------
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
--------------------- DLLs Loaded Under Running Processes ---------------------
- - - - - - - > 'lsass.exe'(788)
c:\program files\Bioscrypt\VeriSoft\bin\ASWLNPkg.dll
c:\program files\Bioscrypt\VeriSoft\bin\ItMsg.dll
- - - - - - - > 'Explorer.exe'(4068)
c:\windows\system32\APSHook.dll
c:\program files\McAfee\SiteAdvisor\saHook.dll
c:\program files\Desktop Icon Toy\HookManager.dll
c:\windows\System32\SyncCenter.dll
c:\program files\Common Files\Adobe\Adobe Drive CS4\AdobeDriveCS4_NP.dll
.
------------------------ Other Running Processes ------------------------
.
c:\windows\System32\nvvsvc.exe
c:\windows\System32\audiodg.exe
c:\windows\System32\rundll32.exe
c:\windows\System32\wlanext.exe
c:\program files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
c:\program files\Bonjour\mDNSResponder.exe
c:\program files\HP\QuickPlay\Kernel\TV\CLCapSvc.exe
c:\program files\Common Files\LightScribe\LSSrvc.exe
c:\program files\LogMeIn\x86\ramaint.exe
c:\program files\LogMeIn\x86\LogMeIn.exe
c:\program files\LogMeIn\x86\LMIGuardian.exe
c:\program files\Raxco\PerfectDisk10\PDAgent.exe
c:\windows\System32\rundll32.exe
c:\windows\System32\drivers\XAudio.exe
c:\program files\Hewlett-Packard\Shared\hpqwmiex.exe
c:\program files\Bioscrypt\VeriSoft\Bin\asghost.exe
c:\program files\LogMeIn\x86\LMIGuardian.exe
c:\windows\System32\rundll32.exe
c:\program files\Hewlett-Packard\Shared\HpqToaster.exe
c:\program files\Synaptics\SynTP\SynTPHelper.exe
c:\program files\Windows Media Player\wmpnetwk.exe
c:\program files\Raxco\PerfectDisk10\PDAgentS1.exe
c:\program files\Hewlett-Packard\HP Health Check\HPHC_Service.exe
c:\windows\servicing\TrustedInstaller.exe
.
**************************************************************************
.
Completion time: 2009-05-28 22:31 - machine was rebooted
ComboFix-quarantined-files.txt 2009-05-28 05:31
Pre-Run: 68,444,155,904 bytes free
Post-Run: 68,349,755,392 bytes free
399 --- E O F --- 2009-05-26 00:50
Microsoft® Windows Vista™ Home Premium 6.0.6001.1.1252.1.1033.18.1918.825 [GMT -7:00]
Running from: c:\users\Quinn\Downloads\ComboFix.exe
AV: AVG Anti-Virus Free *On-access scanning enabled* (Updated) {17DDD097-36FF-435F-9E1B-52D74245D6BF}
SP: AVG Anti-Virus Free *enabled* (Updated) {17DDD097-36FF-435F-9E1B-52D74245D6BF}
SP: Spybot - Search and Destroy *disabled* (Updated) {ED588FAF-1B8F-43B4-ACA8-8E3C85DADBE9}
SP: Windows Defender *enabled* (Updated) {D68DDC3A-831F-4FAE-9E44-DA132C1ACF46}
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
c:\users\Quinn\AppData\Local\Temp\sfamcc00001.dll
c:\users\Quinn\AppData\Local\Temp\sfareca00001.dll
D:\Desktop.ini
G:\Autorun.inf
.
((((((((((((((((((((((((( Files Created from 2009-04-28 to 2009-05-28 )))))))))))))))))))))))))))))))
.
2009-05-28 05:24 . 2009-05-28 05:27 -------- d-----w c:\users\Quinn\AppData\Local\temp
2009-05-27 23:18 . 2009-05-27 23:18 -------- d-----w c:\users\Quinn\AppData\Roaming\Malwarebytes
2009-05-27 23:18 . 2009-05-26 20:20 40160 ----a-w c:\windows\system32\drivers\mbamswissarmy.sys
2009-05-27 23:18 . 2009-05-27 23:18 -------- d-----w c:\program files\Malwarebytes' Anti-Malware
2009-05-27 23:18 . 2009-05-27 23:18 -------- d-----w c:\programdata\Malwarebytes
2009-05-27 23:18 . 2009-05-26 20:19 19096 ----a-w c:\windows\system32\drivers\mbam.sys
2009-05-26 00:49 . 2009-05-06 18:06 4784464 ----a-w c:\programdata\Microsoft\Windows Defender\Definition Updates\{92C6E36E-DE16-4E43-A232-4D748E98E89D}\mpengine.dll
2009-05-25 17:47 . 2009-05-25 17:47 -------- d-----w c:\program files\KeyTweak
2009-05-25 17:39 . 2009-05-28 05:26 -------- d-----w c:\program files\SpeedFan
2009-05-25 17:31 . 2009-05-25 17:31 -------- d-----w c:\program files\OpenPandora
2009-05-25 16:46 . 2009-05-26 03:52 -------- d-----w c:\users\Quinn\AppData\Roaming\FileZilla
2009-05-25 16:45 . 2009-05-25 16:45 -------- d-----w c:\program files\FileZilla FTP Client
2009-05-25 06:41 . 2009-05-25 06:46 -------- d-----w c:\users\Quinn\AppData\Roaming\AtomPark
2009-05-25 06:41 . 2009-05-25 06:41 -------- d-----w c:\program files\AtomPark
2009-05-20 00:53 . 2009-05-02 23:54 3288344 ----a-w c:\programdata\avg8\update\backup\setup.exe
2009-05-20 00:53 . 2009-05-02 23:54 424472 ----a-w c:\programdata\avg8\update\backup\avgwdwsc.dll
2009-05-20 00:53 . 2009-05-02 23:54 312088 ----a-w c:\programdata\avg8\update\backup\avglngx.dll
2009-05-20 00:53 . 2009-05-02 23:54 177432 ----a-w c:\programdata\avg8\update\backup\avgmail.dll
2009-05-20 00:53 . 2009-05-02 23:54 354584 ----a-w c:\programdata\avg8\update\backup\avgxch32.dll
2009-05-20 00:46 . 2007-06-19 00:12 16768 ----a-w c:\windows\system32\drivers\HpqKbFiltr.sys
2009-05-20 00:46 . 2006-11-02 14:09 1419232 ----a-w c:\windows\system32\drivers\wdfcoinstaller01005.dll
2009-05-20 00:46 . 2008-04-14 21:39 9344 ----a-w c:\windows\system32\drivers\CPQBttn.sys
2009-05-18 20:50 . 2009-05-18 21:06 -------- d-----w c:\windows\system32\no-NO
2009-05-18 20:50 . 2009-05-18 21:06 6656 ----a-w c:\windows\system32\bcmwlrc.dll
2009-05-18 20:50 . 2009-05-18 20:50 -------- d-----w c:\program files\Broadcom
2009-05-18 20:49 . 2009-05-18 20:49 -------- d-----w c:\users\Quinn\AppData\Roaming\InstallShield
2009-05-16 02:18 . 2009-05-16 02:18 -------- d-----w c:\users\Quinn\AppData\Local\LogMeIn
2009-05-16 02:18 . 2009-05-16 02:18 -------- d-----w c:\programdata\LogMeIn
2009-05-16 02:17 . 2008-10-17 03:35 28984 ----a-w c:\windows\system32\LMIport.dll
2009-05-16 02:17 . 2008-10-17 03:35 83288 ----a-w c:\windows\system32\LMIRfsClientNP.dll
2009-05-16 02:17 . 2008-07-25 01:46 47640 ----a-w c:\windows\system32\drivers\LMIRfsDriver.sys
2009-05-16 02:15 . 2008-10-17 03:35 87352 ----a-w c:\windows\system32\LMIinit.dll
2009-05-16 02:14 . 2009-05-27 09:12 -------- d-----w c:\program files\LogMeIn
2009-05-15 01:00 . 2009-05-15 01:00 -------- d-----w c:\users\Quinn\AppData\Roaming\Jasc
2009-05-15 00:59 . 2009-05-15 01:00 -------- d-----w c:\program files\Jasc Software Inc
2009-05-15 00:27 . 2009-05-15 00:27 -------- d-----w c:\users\Quinn\AppData\Roaming\MonkeyJam
2009-05-15 00:26 . 2009-05-15 00:26 -------- d-----w c:\program files\MonkeyJam
2009-05-15 00:19 . 2008-12-18 06:30 2587400 -c--a-w c:\programdata\{17A03471-20EB-4604-8E72-66EF7398750D}\setup_blazemp.exe
2009-05-15 00:19 . 2009-05-15 00:19 225280 ----atw c:\users\Quinn\AppData\Roaming\Microsoft\AdjMmsVista.dll
2009-05-15 00:18 . 2009-05-15 00:18 -------- d-----w c:\program files\Blaze Media Pro
2009-05-15 00:17 . 2009-05-15 00:19 -------- dc-h--w c:\programdata\{17A03471-20EB-4604-8E72-66EF7398750D}
2009-05-14 20:14 . 2009-05-14 20:14 -------- d-----w c:\program files\WinHTTrack
2009-05-14 20:04 . 2009-05-14 20:04 -------- d-----w c:\program files\Topaz Labs
2009-05-13 21:06 . 2009-05-02 23:54 2302232 ----a-w c:\programdata\avg8\update\backup\avguiadv.dll
2009-05-13 21:06 . 2009-05-02 23:54 3399960 ----a-w c:\programdata\avg8\update\backup\avgui.exe
2009-05-13 08:10 . 2009-05-13 08:10 -------- d-----w c:\users\Quinn\AppData\Roaming\CyberLink
2009-05-13 08:10 . 2009-05-13 08:10 -------- d-----w c:\users\Quinn\AppData\Roaming\HP
2009-05-13 07:37 . 2009-05-13 07:37 -------- d-----w c:\users\Quinn\AppData\Local\Cooliris
2009-05-13 07:37 . 2009-04-17 23:58 1161626 ----a-w c:\users\Quinn\AppData\Roaming\Mozilla\Firefox\Profiles\c4ho3rfm.default\extensions\piclens@cooliris.com\libs\avcodec-51.dll
2009-05-13 07:37 . 2009-04-17 23:58 954368 ----a-w c:\users\Quinn\AppData\Roaming\Mozilla\Firefox\Profiles\c4ho3rfm.default\extensions\piclens@cooliris.com\libs\PicLensHelper.exe
2009-05-13 07:37 . 2009-04-17 23:58 103424 ----a-w c:\users\Quinn\AppData\Roaming\Mozilla\Firefox\Profiles\c4ho3rfm.default\extensions\piclens@cooliris.com\libs\pixomatic.dll
2009-05-13 07:37 . 2009-04-17 23:58 65536 ----a-w c:\users\Quinn\AppData\Roaming\Mozilla\Firefox\Profiles\c4ho3rfm.default\extensions\piclens@cooliris.com\components\coolirisstub.dll
2009-05-13 07:37 . 2009-04-17 23:58 71652 ----a-w c:\users\Quinn\AppData\Roaming\Mozilla\Firefox\Profiles\c4ho3rfm.default\extensions\piclens@cooliris.com\libs\avutil-49.dll
2009-05-13 07:37 . 2009-04-17 23:58 4579328 ----a-w c:\users\Quinn\AppData\Roaming\Mozilla\Firefox\Profiles\c4ho3rfm.default\extensions\piclens@cooliris.com\libs\cooliris18.dll
2009-05-13 07:37 . 2009-04-17 23:58 344064 ----a-w c:\users\Quinn\AppData\Roaming\Mozilla\Firefox\Profiles\c4ho3rfm.default\extensions\piclens@cooliris.com\libs\LaunchCooliris.exe
2009-05-13 07:37 . 2009-04-17 23:58 4534272 ----a-w c:\users\Quinn\AppData\Roaming\Mozilla\Firefox\Profiles\c4ho3rfm.default\extensions\piclens@cooliris.com\libs\cooliris19.dll
2009-05-13 07:37 . 2009-04-17 23:58 131868 ----a-w c:\users\Quinn\AppData\Roaming\Mozilla\Firefox\Profiles\c4ho3rfm.default\extensions\piclens@cooliris.com\libs\avformat-52.dll
2009-05-12 20:19 . 2009-05-24 14:31 -------- d-----w c:\programdata\DVD Shrink
2009-05-12 20:19 . 2009-05-12 20:19 -------- d-----w c:\program files\DVD Shrink
2009-05-12 02:05 . 2009-05-12 02:05 -------- d-----w c:\program files\DVD Decrypter
2009-05-11 16:05 . 2009-05-11 16:12 -------- d-----w c:\program files\Cheat Engine
2009-05-11 16:05 . 2007-12-27 00:30 679936 ----a-w c:\windows\system32\D3DX81ab.dll
2009-05-11 16:05 . 2007-12-27 00:30 1970176 ----a-w c:\windows\system32\d3dx9.dll
2009-05-05 21:29 . 2009-05-05 21:29 -------- d-----w c:\program files\Texter
2009-05-05 09:06 . 2009-05-05 09:06 -------- d-----w c:\users\Quinn\AppData\Roaming\GarageGames
2009-05-04 20:48 . 2009-05-13 03:32 -------- d-----w c:\program files\Google
2009-05-04 20:44 . 2009-05-04 20:44 4478976 ----a-w c:\windows\system32\tliclean20.dll
2009-05-04 19:35 . 2009-05-04 23:34 -------- d-----w c:\program files\Spybot - Search & Destroy
2009-05-04 19:35 . 2009-05-04 19:39 -------- d-----w c:\programdata\Spybot - Search & Destroy
2009-05-04 18:51 . 2009-05-04 18:51 -------- d-----w c:\users\Quinn\AppData\Local\OgameBodyguard_Corp
2009-05-02 23:55 . 2009-05-02 23:54 486168 ----a-w c:\programdata\avg8\update\backup\avgrsx.exe
2009-05-02 23:53 . 2009-05-02 23:53 1437464 ----a-w c:\programdata\avg8\update\backup\avgupd.dll
2009-05-02 23:53 . 2009-05-02 23:53 755992 ----a-w c:\programdata\avg8\update\backup\avginet.dll
2009-05-01 09:47 . 2009-05-01 09:47 -------- d-----w c:\program files\NYKO
2009-04-30 19:53 . 2009-04-30 19:53 -------- d-----w c:\users\Quinn\dwhelper
2009-04-30 00:23 . 2009-04-30 00:23 -------- d-----w c:\users\Quinn\AppData\Roaming\WildTangent
2009-04-29 21:11 . 2007-12-28 18:15 172032 ----a-w c:\users\Quinn\AppData\Roaming\Mozilla\Firefox\Profiles\c4ho3rfm.default\extensions\{a7c6cf7f-112c-4500-a7ea-39801a327e5f}\platform\WINNT_x86-msvc\puttygen.exe
2009-04-29 21:11 . 2007-10-08 08:57 307200 ----a-w c:\users\Quinn\AppData\Roaming\Mozilla\Firefox\Profiles\c4ho3rfm.default\extensions\{a7c6cf7f-112c-4500-a7ea-39801a327e5f}\platform\WINNT_x86-msvc\psftp.exe
2009-04-29 21:11 . 2008-02-18 00:16 90112 ----a-w c:\users\Quinn\AppData\Roaming\Mozilla\Firefox\Profiles\c4ho3rfm.default\extensions\{a7c6cf7f-112c-4500-a7ea-39801a327e5f}\platform\WINNT_x86-msvc\components\ipc.dll
2009-04-29 18:38 . 2009-04-29 18:38 -------- d-----w c:\programdata\Raxco
2009-04-29 18:37 . 2009-04-29 18:38 -------- d-----w c:\program files\Raxco
2009-04-29 18:13 . 2009-04-29 18:13 -------- d-----w c:\programdata\PaperlessPrinter Data
2009-04-29 18:12 . 2009-04-29 18:12 -------- d-----w c:\program files\RareFind
2009-04-29 18:01 . 2009-04-29 18:01 -------- d-----w c:\program files\Topaz Labs LLC
2009-04-29 15:44 . 2009-04-29 15:44 -------- d-----w c:\program files\Microsoft CAPICOM 2.1.0.2
2009-04-29 15:32 . 2009-04-29 15:32 488960 ----a-w c:\users\Quinn\AppData\Roaming\Macromedia\Flash Player\www.macromedia.com\bin\octoshape\pmv302-0811070-0-main.dll
2009-04-29 15:32 . 2009-04-29 15:32 319488 ----a-w c:\users\Quinn\AppData\Roaming\Macromedia\Flash Player\www.macromedia.com\bin\octoshape\octoshape.exe
2009-04-29 12:38 . 2009-03-24 21:43 43008 ----a-w c:\users\Quinn\AppData\Roaming\Mozilla\Firefox\Profiles\c4ho3rfm.default\extensions\{3112ca9c-de6d-4884-a869-9855de68056c}\components\metricsloader.dll
2009-04-29 12:38 . 2009-03-24 21:43 43008 ----a-w c:\users\Quinn\AppData\Roaming\Mozilla\Firefox\Profiles\c4ho3rfm.default\extensions\{3112ca9c-de6d-4884-a869-9855de68056c}\components\googletoolbarloader.dll
2009-04-29 12:38 . 2009-03-24 21:43 235520 ----a-w c:\users\Quinn\AppData\Roaming\Mozilla\Firefox\Profiles\c4ho3rfm.default\extensions\{3112ca9c-de6d-4884-a869-9855de68056c}\libraries\metrics-ff2.dll
2009-04-29 12:38 . 2009-03-24 21:43 338432 ----a-w c:\users\Quinn\AppData\Roaming\Mozilla\Firefox\Profiles\c4ho3rfm.default\extensions\{3112ca9c-de6d-4884-a869-9855de68056c}\libraries\googletoolbar-ff2.dll
2009-04-29 12:38 . 2009-03-24 21:42 235008 ----a-w c:\users\Quinn\AppData\Roaming\Mozilla\Firefox\Profiles\c4ho3rfm.default\extensions\{3112ca9c-de6d-4884-a869-9855de68056c}\libraries\metrics-ff3.dll
2009-04-29 12:38 . 2009-03-24 21:42 345088 ----a-w c:\users\Quinn\AppData\Roaming\Mozilla\Firefox\Profiles\c4ho3rfm.default\extensions\{3112ca9c-de6d-4884-a869-9855de68056c}\libraries\googletoolbar-ff3.dll
2009-04-28 21:31 . 2008-12-04 08:25 120832 ----a-w c:\users\Quinn\AppData\Roaming\Mozilla\Firefox\Profiles\c4ho3rfm.default\extensions\{77b819fa-95ad-4f2c-ac7c-486b356188a9}\plugins\npietab.dll
2009-04-28 21:26 . 2009-04-29 19:54 -------- d-----w c:\users\Quinn\AppData\Roaming\Auslogics
2009-04-28 21:25 . 2009-04-28 21:25 -------- d-----w c:\program files\Auslogics
2009-04-28 18:47 . 2009-04-28 18:47 -------- d-----w c:\program files\Better File Rename
2009-04-28 18:25 . 2009-04-28 18:25 -------- d-----w c:\windows\Sun
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-05-28 05:26 . 2009-04-25 00:22 92927 ----a-w c:\programdata\nvModes.dat
2009-05-28 05:26 . 2009-04-25 00:53 -------- d-----w c:\users\Quinn\AppData\Roaming\DNA
2009-05-28 05:26 . 2009-04-25 00:53 -------- d-----w c:\program files\DNA
2009-05-27 08:37 . 2009-04-25 00:54 -------- d-----w c:\users\Quinn\AppData\Roaming\BitTorrent
2009-05-25 17:05 . 2009-04-24 01:39 -------- d-----w c:\program files\Yahoo!
2009-05-18 21:13 . 2009-04-24 00:42 -------- d--h--w c:\program files\InstallShield Installation Information
2009-05-18 21:12 . 2009-04-24 00:38 -------- d-----w c:\program files\Hewlett-Packard
2009-05-18 21:09 . 2009-04-24 13:27 -------- d-----w c:\users\Quinn\AppData\Roaming\Hewlett-Packard
2009-05-18 21:08 . 2009-04-24 01:25 -------- d-----w c:\program files\HP
2009-05-18 21:04 . 2009-04-25 00:22 -------- d-----w c:\programdata\NVIDIA
2009-05-14 23:28 . 2009-04-24 01:26 -------- d-----w c:\programdata\CyberLink
2009-05-13 08:10 . 2009-04-24 01:35 -------- d-----w c:\programdata\HP
2009-05-02 23:54 . 2009-04-25 00:48 11952 ----a-w c:\windows\system32\avgrsstx.dll
2009-05-02 23:54 . 2009-04-25 00:48 325896 ----a-w c:\windows\system32\drivers\avgldx86.sys
2009-05-02 23:54 . 2009-04-25 00:48 27784 ----a-w c:\windows\system32\drivers\avgmfx86.sys
2009-05-02 23:54 . 2009-04-27 00:17 2051864 ----a-w c:\programdata\avg8\update\backup\avgcorex.dll
2009-05-02 23:54 . 2009-04-25 00:48 108552 ----a-w c:\windows\system32\drivers\avgtdix.sys
2009-04-30 00:24 . 2009-04-24 01:39 -------- d-----w c:\programdata\WildTangent
2009-04-29 20:49 . 2009-04-24 13:36 109096 ----a-w c:\users\Quinn\AppData\Local\GDIPFONTCACHEV1.DAT
2009-04-29 17:49 . 2009-04-24 01:36 -------- d-----w c:\program files\Common Files\Adobe
2009-04-29 15:44 . 2009-04-24 01:21 -------- d-----w c:\programdata\Microsoft Help
2009-04-29 15:42 . 2009-04-24 01:20 -------- d-----w c:\program files\Microsoft Works
2009-04-28 03:18 . 2009-04-28 03:18 -------- d-----w c:\programdata\FLEXnet
2009-04-28 02:53 . 2009-04-28 02:53 -------- d-----w c:\program files\Adobe Media Player
2009-04-28 02:48 . 2009-04-28 02:48 -------- d-----w c:\program files\Common Files\Adobe AIR
2009-04-28 02:46 . 2009-04-28 02:46 -------- d-----w c:\program files\Common Files\Macrovision Shared
2009-04-26 02:56 . 2009-04-26 02:56 0 ---ha-w c:\windows\system32\drivers\Msft_User_WpdFs_01_00_00.Wdf
2009-04-26 02:19 . 2009-04-26 02:13 -------- d-----w c:\users\Quinn\AppData\Roaming\TrueCrypt
2009-04-26 02:12 . 2009-04-26 02:12 215872 ----a-w c:\windows\system32\drivers\truecrypt.sys
2009-04-26 02:12 . 2009-04-26 02:12 -------- d-----w c:\program files\TrueCrypt
2009-04-26 01:59 . 2006-11-02 12:37 -------- d-----w c:\program files\Windows Calendar
2009-04-26 01:58 . 2006-11-02 12:37 -------- d-----w c:\program files\Windows Sidebar
2009-04-26 01:58 . 2006-11-02 11:18 -------- d-----w c:\program files\Windows Mail
2009-04-26 01:58 . 2006-11-02 12:37 -------- d-----w c:\program files\Windows Collaboration
2009-04-26 01:58 . 2006-11-02 12:37 -------- d-----w c:\program files\Windows Journal
2009-04-26 01:58 . 2006-11-02 12:37 -------- d-----w c:\program files\Windows Photo Gallery
2009-04-26 01:58 . 2006-11-02 12:37 -------- d-----w c:\program files\Windows Defender
2009-04-26 01:50 . 2006-11-02 10:25 665600 ----a-w c:\windows\inf\drvindex.dat
2009-04-26 01:34 . 2006-11-02 10:32 101888 ----a-w c:\windows\system32\ifxcardm.dll
2009-04-26 01:34 . 2006-11-02 10:32 82432 ----a-w c:\windows\system32\axaltocm.dll
2009-04-26 00:10 . 2009-04-26 00:10 -------- d-----w c:\users\Quinn\AppData\Roaming\IObit
2009-04-25 12:45 . 2009-04-25 12:45 -------- d-----w c:\users\Quinn\AppData\Roaming\Apple Computer
2009-04-25 12:45 . 2009-04-25 12:44 -------- d-----w c:\programdata\{8CD7F5AF-ECFA-4793-BF40-D8F42DBFF906}
2009-04-25 12:45 . 2009-04-25 12:44 -------- d-----w c:\program files\iTunes
2009-04-25 12:45 . 2009-04-25 12:45 -------- d-----w c:\program files\iPod
2009-04-25 12:45 . 2009-04-25 02:39 -------- d-----w c:\program files\Common Files\Apple
2009-04-25 12:44 . 2009-04-25 12:40 -------- d-----w c:\programdata\Apple Computer
2009-04-25 12:41 . 2009-04-25 12:41 -------- d-----w c:\program files\Bonjour
2009-04-25 12:41 . 2009-04-25 12:40 -------- d-----w c:\program files\QuickTime
2009-04-25 12:39 . 2009-04-25 12:39 -------- d-----w c:\program files\Apple Software Update
2009-04-25 12:31 . 2009-04-25 02:16 -------- d-----w c:\program files\McAfee
2009-04-25 03:49 . 2009-04-25 03:49 296960 ----a-w c:\windows\system32\gdi32.dll
2009-04-25 03:49 . 2009-04-25 03:49 269312 ----a-w c:\windows\system32\es.dll
2009-04-25 03:48 . 2009-04-25 03:48 2048 ----a-w c:\windows\system32\tzres.dll
2009-04-25 03:33 . 2009-04-25 03:33 1793536 ----a-w c:\windows\system32\NlsLexicons0045.dll
2009-04-25 03:33 . 2009-04-25 03:33 1808896 ----a-w c:\windows\system32\NlsLexicons0046.dll
2009-04-25 03:33 . 2009-04-25 03:33 1411072 ----a-w c:\windows\system32\NlsLexicons0047.dll
2009-04-25 03:31 . 2009-04-25 03:31 11722752 ----a-w c:\windows\system32\NlsLexicons0001.dll
2009-04-25 03:31 . 2009-04-25 03:31 4164096 ----a-w c:\windows\system32\NlsLexicons0002.dll
2009-04-25 03:31 . 2009-04-25 03:31 1452544 ----a-w c:\windows\system32\NlsLexicons0003.dll
2009-04-25 03:31 . 2009-04-25 03:31 12240896 ----a-w c:\windows\system32\NlsLexicons0007.dll
2009-04-25 03:31 . 2009-04-25 03:31 2644480 ----a-w c:\windows\system32\NlsLexicons0009.dll
2009-04-25 03:31 . 2009-04-25 03:31 3419136 ----a-w c:\windows\system32\NlsLexicons004a.dll
2009-04-25 03:31 . 2009-04-25 03:31 1702912 ----a-w c:\windows\system32\NlsLexicons004b.dll
2009-04-25 03:31 . 2009-04-25 03:31 4093440 ----a-w c:\windows\system32\NlsLexicons004c.dll
2009-04-25 03:31 . 2009-04-25 03:31 1972736 ----a-w c:\windows\system32\NlsLexicons004e.dll
2009-04-25 03:31 . 2009-04-25 03:31 4045824 ----a-w c:\windows\system32\NlsLexicons003e.dll
2009-04-25 03:31 . 2009-04-25 03:31 4096 ----a-w c:\windows\system32\NlsLexicons002a.dll
2009-04-25 03:30 . 2009-04-25 03:30 6014976 ----a-w c:\windows\system32\NlsLexicons001a.dll
2009-04-25 03:30 . 2009-04-25 03:30 6585856 ----a-w c:\windows\system32\NlsLexicons001b.dll
2009-04-25 03:30 . 2009-04-25 03:30 6346240 ----a-w c:\windows\system32\NlsLexicons001d.dll
2009-04-25 03:30 . 2009-04-25 03:30 9892864 ----a-w c:\windows\system32\NlsLexicons000a.dll
2009-04-25 03:30 . 2009-04-25 03:30 6237696 ----a-w c:\windows\system32\NlsLexicons000c.dll
2009-04-25 03:30 . 2009-04-25 03:30 1722368 ----a-w c:\windows\system32\NlsLexicons000d.dll
2009-04-25 03:30 . 2009-04-25 03:30 5654528 ----a-w c:\windows\system32\NlsLexicons000f.dll
2009-04-25 03:30 . 2009-04-25 03:30 4616192 ----a-w c:\windows\system32\NlsLexicons0414.dll
2009-04-25 03:30 . 2009-04-25 03:30 5090816 ----a-w c:\windows\system32\NlsLexicons0416.dll
2009-04-25 03:30 . 2009-04-25 03:30 5031936 ----a-w c:\windows\system32\NlsLexicons0816.dll
2009-04-25 03:23 . 2009-04-25 03:23 6656 ----a-w c:\windows\system32\kbd106n.dll
2009-04-25 03:23 . 2009-04-25 03:23 988216 ----a-w c:\windows\system32\winload.exe
2009-04-25 03:23 . 2009-04-25 03:23 927288 ----a-w c:\windows\system32\winresume.exe
2009-04-25 03:23 . 2009-04-25 03:23 40960 ----a-w c:\windows\system32\srclient.dll
2009-04-25 03:23 . 2009-04-25 03:23 378368 ----a-w c:\windows\system32\srcore.dll
2009-04-25 03:23 . 2009-04-25 03:23 318464 ----a-w c:\windows\system32\rstrui.exe
2009-04-25 03:23 . 2009-04-25 03:23 19000 ----a-w c:\windows\system32\kd1394.dll
2009-04-25 03:23 . 2009-04-25 03:23 14848 ----a-w c:\windows\system32\srdelayed.exe
2009-04-25 03:23 . 2009-04-25 03:23 46592 ----a-w c:\windows\system32\setbcdlocale.dll
2009-04-25 03:23 . 2009-04-25 03:23 615992 ----a-w c:\windows\system32\ci.dll
2009-04-25 02:54 . 2009-04-24 01:04 -------- d-----w c:\programdata\Roxio
2009-04-25 02:54 . 2009-04-24 01:01 -------- d-----w c:\program files\Common Files\Roxio Shared
2009-04-25 02:53 . 2009-04-24 01:01 -------- d-----w c:\program files\Common Files\Sonic Shared
2009-04-25 02:39 . 2009-04-25 02:39 -------- d-----w c:\programdata\Apple
2009-04-25 02:36 . 2009-04-25 02:36 -------- d-----w c:\users\Quinn\AppData\Roaming\vlc
2009-04-25 02:35 . 2009-04-25 02:35 -------- d-----w c:\program files\VideoLAN
2009-04-25 02:29 . 2009-04-25 02:29 -------- d-----w c:\program files\GraphingCalcEmu
2009-04-25 02:28 . 2006-11-02 12:37 -------- d-----w c:\program files\MSBuild
2009-04-25 02:17 . 2009-04-25 02:17 -------- d-----w c:\program files\Microsoft Visual Studio 8
2009-04-25 02:17 . 2009-04-25 02:17 -------- d-----w c:\programdata\SiteAdvisor
2009-04-25 02:16 . 2009-04-25 02:16 -------- d-----w c:\programdata\McAfee
2009-04-25 02:16 . 2009-04-25 02:16 -------- d-----w c:\program files\Common Files\McAfee
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"DesktopIconToy"="c:\program files\Desktop Icon Toy\DesktopIconToy.exe" [2008-10-12 450560]
"BitTorrent DNA"="c:\program files\DNA\btdna.exe" [2009-04-25 321344]
"Meebo Notifier"="c:\users\Quinn\AppData\Local\Meebo\Meebo Notifier\MeeboNotifier.exe" [2009-05-21 790528]
"Auslogics BoostSpeed 4"="c:\program files\Auslogics\AusLogics BoostSpeed\boostspeed.exe" [2008-04-08 255088]
"SpybotSD TeaTimer"="c:\program files\Spybot - Search & Destroy\TeaTimer.exe" [2009-03-05 2260480]
"WMPNSCFG"="c:\program files\Windows Media Player\WMPNSCFG.exe" [2008-01-19 202240]
"Sidebar"="c:\program files\Windows Sidebar\sidebar.exe" [2008-01-19 1233920]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SynTPEnh"="c:\program files\Synaptics\SynTP\SynTPEnh.exe" [2008-03-28 1045800]
"QPService"="c:\program files\HP\QuickPlay\QPService.exe" [2007-04-24 176128]
"hpWirelessAssistant"="c:\program files\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe" [2007-03-01 472776]
"WAWifiMessage"="c:\program files\Hewlett-Packard\HP Wireless Assistant\WiFiMsg.exe" [2007-01-10 317128]
"CognizanceTS"="c:\progra~1\BIOSCR~1\VeriSoft\Bin\ASTSVCC.dll" [2003-12-22 17920]
"QuickTime Task"="c:\program files\QuickTime\QTTask.exe" [2009-01-05 413696]
"AdobeCS4ServiceManager"="c:\program files\Common Files\Adobe\CS4ServiceManager\CS4ServiceManager.exe" [2008-08-14 611712]
"LogMeIn GUI"="c:\program files\LogMeIn\x86\LogMeInSystray.exe" [2008-07-25 63048]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2008-12-04 13556256]
"NvMediaCenter"="c:\windows\system32\NvMcTray.dll" [2008-12-04 92704]
"HP Software Update"="c:\program files\Hp\HP Software Update\HPWuSchd2.exe" [2007-05-08 54840]
"QlbCtrl.exe"="c:\program files\Hewlett-Packard\HP Quick Launch Buttons\QlbCtrl.exe" [2008-08-01 202032]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce]
"Launcher"="c:\windows\SMINST\launcher.exe" [2006-11-08 44128]
c:\users\Quinn\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
SpeedFan.lnk - c:\program files\SpeedFan\speedfan.exe [2009-4-22 3921528]
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"EnableLUA"= 0 (0x0)
"EnableUIADesktopToggle"= 0 (0x0)
"DisableStartupSound"= 1 (0x1)
"DisableStatusMessages"= 1 (0x1)
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]
"AppInit_DLLs"=c:\windows\System32\APSHook.dll c:\windows\System32\avgrsstx.dll
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\session manager]
BootExecute REG_MULTI_SZ PDBoot.exe\0autocheck autochk *
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
Notification Packages REG_MULTI_SZ scecli ASWLNPkg
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys]
@="Driver"
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WinDefend]
@="Service"
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring]
"DisableMonitoring"=dword:00000001
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]
"DisableMonitoring"=dword:00000001
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall]
"DisableMonitoring"=dword:00000001
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\FirewallRules]
"EarthLink2"= TCP:Profile=Private|Profile=Public|c:\program files\earthlink totalaccess\taskpanl.exe:taskpanl
"EarthLink1"= UDP:Profile=Private|Profile=Public|c:\program files\earthlink totalaccess\taskpanl.exe:taskpanl
"{7AB50765-3E73-46AF-91C5-F3730C670F1C}"= UDP:c:\program files\DNA\btdna.exe:DNA (TCP-In)
"{2BD35767-2339-4C50-9574-0CB30B705EE5}"= TCP:c:\program files\DNA\btdna.exe:DNA (UDP-In)
"TCP Query User{834C755F-BA19-4BA0-8D6F-6D8AF895384A}c:\\program files\\dna\\btdna.exe"= UDP:c:\program files\dna\btdna.exe:DNA
"UDP Query User{859CDE24-3028-4C22-9720-8B77A054FB2B}c:\\program files\\dna\\btdna.exe"= TCP:c:\program files\dna\btdna.exe:DNA
"{8A8EB4F5-220B-483C-8F78-4291AC662178}"= UDP:c:\program files\BitTorrent\bittorrent.exe:BitTorrent (TCP-In)
"{F9C5F40E-F3C4-449E-BF9C-E98FA1BD82CE}"= TCP:c:\program files\BitTorrent\bittorrent.exe:BitTorrent (UDP-In)
"TCP Query User{48F3B17F-00D6-4379-9248-6034339D8D8E}c:\\program files\\internet explorer\\iexplore.exe"= UDP:c:\program files\internet explorer\iexplore.exe:Internet Explorer
"UDP Query User{B447A8E0-CF39-4DCC-9DBA-A985CA9BA5A8}c:\\program files\\internet explorer\\iexplore.exe"= TCP:c:\program files\internet explorer\iexplore.exe:Internet Explorer
"{1F0233B6-73C8-4366-8937-7C7D35788EAA}"= UDP:c:\program files\AtomPark\Atomic Mail Sender\AtomicMailSender.exe:Atomic Mail Sender
"{8862EDE1-C0E7-4E27-977D-CBF716896E84}"= TCP:c:\program files\AtomPark\Atomic Mail Sender\AtomicMailSender.exe:Atomic Mail Sender
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\StandardProfile\AuthorizedApplications\List]
"c:\\Program Files\\EarthLink TotalAccess\\TaskPanl.exe"= c:\program files\EarthLink TotalAccess\TaskPanl.exe:*:Enabled:Earthlink
"c:\\Program Files\\BitTorrent\\bittorrent.exe"= c:\program files\BitTorrent\bittorrent.exe:*:Enabled:BitTorrent
R1 AvgLdx86;AVG Free AVI Loader Driver x86;c:\windows\System32\drivers\avgldx86.sys [4/24/2009 5:48 PM 325896]
R1 AvgTdiX;AVG Free8 Network Redirector;c:\windows\System32\drivers\avgtdix.sys [4/24/2009 5:48 PM 108552]
R2 ASBroker;Logon Session Broker;c:\windows\System32\svchost.exe -k Cognizance [4/25/2009 8:19 AM 21504]
R2 ASChannel;Local Communication Channel;c:\windows\System32\svchost.exe -k Cognizance [4/25/2009 8:19 AM 21504]
R2 LMIInfo;LogMeIn Kernel Information Provider;c:\program files\LogMeIn\x86\rainfo.sys [7/24/2008 6:46 PM 12856]
R2 LMIRfsDriver;LogMeIn Remote File System Driver;c:\windows\System32\drivers\LMIRfsDriver.sys [5/15/2009 7:17 PM 47640]
R2 McAfee SiteAdvisor Service;McAfee SiteAdvisor Service;c:\program files\McAfee\SiteAdvisor\McSACore.exe [4/24/2009 7:16 PM 210216]
R2 SBSDWSCService;SBSD Security Center Service;c:\program files\Spybot - Search & Destroy\SDWinSec.exe [5/4/2009 12:35 PM 1153368]
R3 Com4QLBEx;Com4QLBEx;c:\program files\Hewlett-Packard\HP Quick Launch Buttons\Com4QLBEx.exe [5/19/2009 5:46 PM 193840]
S2 gupdate1c9ccf9b8d054a5;Google Update Service (gupdate1c9ccf9b8d054a5);c:\program files\Google\Update\GoogleUpdate.exe [5/4/2009 1:48 PM 133104]
S4 avg8emc;AVG Free8 E-mail Scanner;c:\progra~1\AVG\AVG8\avgemc.exe [4/24/2009 5:48 PM 908568]
S4 avg8wd;AVG Free8 WatchDog;c:\progra~1\AVG\AVG8\avgwdsvc.exe [4/24/2009 5:48 PM 298776]
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
Cognizance REG_MULTI_SZ ASBroker ASChannel
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{10880D85-AAD9-4558-ABDC-2AB1552D831F}]
"c:\program files\Common Files\LightScribe\LSRunOnce.exe"
.
Contents of the 'Scheduled Tasks' folder
2009-05-28 c:\windows\Tasks\GoogleUpdateTaskMachine.job
- c:\program files\Google\Update\GoogleUpdate.exe [2009-05-04 20:48]
.
- - - - ORPHANS REMOVED - - - -
SafeBoot-procexp90.Sys
.
------- Supplementary Scan -------
.
uStart Page = https://secure.logmein.com/home.asp?lang=en
mStart Page = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=EN_US&c=73&bd=Pavilion&pf=laptop
uInternet Settings,ProxyOverride = *.local
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~3\Office12\EXCEL.EXE/3000
FF - ProfilePath - c:\users\Quinn\AppData\Roaming\Mozilla\Firefox\Profiles\c4ho3rfm.default\
FF - prefs.js: browser.search.selectedEngine - The Pirate Bay
FF - prefs.js: browser.startup.homepage - hxxp://www.facebook.com/home.php?
FF - prefs.js: keyword.URL - hxxp://www.google.com/search?&q=
FF - component: c:\program files\AVG\AVG8\Firefox\components\avgssff.dll
FF - component: c:\program files\Google\Google Gears\Firefox\components\gears.dll
FF - component: c:\program files\McAfee\SiteAdvisor\components\McFFPlg.dll
FF - component: c:\users\Quinn\AppData\Roaming\Mozilla\Firefox\Profiles\c4ho3rfm.default\extensions\{a7c6cf7f-112c-4500-a7ea-39801a327e5f}\platform\WINNT_x86-msvc\components\ipc.dll
FF - component: c:\users\Quinn\AppData\Roaming\Mozilla\Firefox\Profiles\c4ho3rfm.default\extensions\piclens@cooliris.com\components\coolirisstub.dll
FF - plugin: c:\program files\Google\Update\1.2.145.5\npGoogleOneClick8.dll
FF - plugin: c:\program files\Java\jre1.6.0\bin\npjava11.dll
FF - plugin: c:\program files\Java\jre1.6.0\bin\npjava12.dll
FF - plugin: c:\program files\Java\jre1.6.0\bin\npjava13.dll
FF - plugin: c:\program files\Java\jre1.6.0\bin\npjava14.dll
FF - plugin: c:\program files\Java\jre1.6.0\bin\npjava32.dll
FF - plugin: c:\program files\Java\jre1.6.0\bin\npjpi160.dll
FF - plugin: c:\program files\Java\jre1.6.0\bin\npoji610.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\npbittorrent.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\npyaxmpb.dll
FF - plugin: c:\users\Quinn\AppData\Roaming\Mozilla\Firefox\Profiles\c4ho3rfm.default\extensions\iaplayer@instantaction.com\plugins\npiaplayer.dll
.
**************************************************************************
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2009-05-27 22:27
Windows 6.0.6001 Service Pack 1 NTFS
scanning hidden processes ...
scanning hidden autostart entries ...
scanning hidden files ...
scan completed successfully
hidden files: 0
**************************************************************************
.
--------------------- LOCKED REGISTRY KEYS ---------------------
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
--------------------- DLLs Loaded Under Running Processes ---------------------
- - - - - - - > 'lsass.exe'(788)
c:\program files\Bioscrypt\VeriSoft\bin\ASWLNPkg.dll
c:\program files\Bioscrypt\VeriSoft\bin\ItMsg.dll
- - - - - - - > 'Explorer.exe'(4068)
c:\windows\system32\APSHook.dll
c:\program files\McAfee\SiteAdvisor\saHook.dll
c:\program files\Desktop Icon Toy\HookManager.dll
c:\windows\System32\SyncCenter.dll
c:\program files\Common Files\Adobe\Adobe Drive CS4\AdobeDriveCS4_NP.dll
.
------------------------ Other Running Processes ------------------------
.
c:\windows\System32\nvvsvc.exe
c:\windows\System32\audiodg.exe
c:\windows\System32\rundll32.exe
c:\windows\System32\wlanext.exe
c:\program files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
c:\program files\Bonjour\mDNSResponder.exe
c:\program files\HP\QuickPlay\Kernel\TV\CLCapSvc.exe
c:\program files\Common Files\LightScribe\LSSrvc.exe
c:\program files\LogMeIn\x86\ramaint.exe
c:\program files\LogMeIn\x86\LogMeIn.exe
c:\program files\LogMeIn\x86\LMIGuardian.exe
c:\program files\Raxco\PerfectDisk10\PDAgent.exe
c:\windows\System32\rundll32.exe
c:\windows\System32\drivers\XAudio.exe
c:\program files\Hewlett-Packard\Shared\hpqwmiex.exe
c:\program files\Bioscrypt\VeriSoft\Bin\asghost.exe
c:\program files\LogMeIn\x86\LMIGuardian.exe
c:\windows\System32\rundll32.exe
c:\program files\Hewlett-Packard\Shared\HpqToaster.exe
c:\program files\Synaptics\SynTP\SynTPHelper.exe
c:\program files\Windows Media Player\wmpnetwk.exe
c:\program files\Raxco\PerfectDisk10\PDAgentS1.exe
c:\program files\Hewlett-Packard\HP Health Check\HPHC_Service.exe
c:\windows\servicing\TrustedInstaller.exe
.
**************************************************************************
.
Completion time: 2009-05-28 22:31 - machine was rebooted
ComboFix-quarantined-files.txt 2009-05-28 05:31
Pre-Run: 68,444,155,904 bytes free
Post-Run: 68,349,755,392 bytes free
399 --- E O F --- 2009-05-26 00:50
Back to top
