Performed the 8-step Viruses/Spyware/Malware Preliminary Removal and logs are attached. Appreciate any help.
Thanks.
Malwarebytes' Anti-Malware 1.46
www.malwarebytes.org
Database version: 4386
Windows 5.1.2600 Service Pack 3
Internet Explorer 8.0.6001.18702
8/3/2010 5:44:26 PM
mbam-log-2010-08-03 (17-44-26).txt
Scan type: Quick scan
Objects scanned: 149077
Time elapsed: 15 minute(s), 33 second(s)
Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 0
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 1
Memory Processes Infected:
(No malicious items detected)
Memory Modules Infected:
(No malicious items detected)
Registry Keys Infected:
(No malicious items detected)
Registry Values Infected:
(No malicious items detected)
Registry Data Items Infected:
(No malicious items detected)
Folders Infected:
(No malicious items detected)
Files Infected:
C:\Program Files\Common\_helper.sig (Malware.Trace) -> Quarantined and deleted successfully.
GMER 1.0.15.15281 - http://www.gmer.net
Rootkit quick scan 2010-08-03 19:50:18
Windows 5.1.2600 Service Pack 3
Running: bpmniyc4.exe; Driver: C:\DOCUME~1\DEVYNM~1\LOCALS~1\Temp\fgloapod.sys
---- System - GMER 1.0.15 ----
Code mfehidk.sys (McAfee Link Driver/McAfee, Inc.) ZwCreateKey [0xF8442DB0]
Code mfehidk.sys (McAfee Link Driver/McAfee, Inc.) ZwDeleteKey [0xF8442DC4]
Code mfehidk.sys (McAfee Link Driver/McAfee, Inc.) ZwDeleteValueKey [0xF8442DF0]
Code mfehidk.sys (McAfee Link Driver/McAfee, Inc.) ZwMapViewOfSection [0xF8442E46]
Code mfehidk.sys (McAfee Link Driver/McAfee, Inc.) ZwOpenKey [0xF8442D9C]
Code mfehidk.sys (McAfee Link Driver/McAfee, Inc.) ZwOpenProcess [0xF8442D74]
Code mfehidk.sys (McAfee Link Driver/McAfee, Inc.) ZwOpenThread [0xF8442D88]
Code mfehidk.sys (McAfee Link Driver/McAfee, Inc.) ZwRenameKey [0xF8442DDA]
Code mfehidk.sys (McAfee Link Driver/McAfee, Inc.) ZwSetSecurityObject [0xF8442E1C]
Code mfehidk.sys (McAfee Link Driver/McAfee, Inc.) ZwSetValueKey [0xF8442E06]
Code mfehidk.sys (McAfee Link Driver/McAfee, Inc.) ZwTerminateProcess [0xF8442E70]
Code mfehidk.sys (McAfee Link Driver/McAfee, Inc.) ZwUnmapViewOfSection [0xF8442E5C]
Code mfehidk.sys (McAfee Link Driver/McAfee, Inc.) ZwYieldExecution [0xF8442E30]
Code mfehidk.sys (McAfee Link Driver/McAfee, Inc.) NtMapViewOfSection
Code mfehidk.sys (McAfee Link Driver/McAfee, Inc.) NtOpenProcess
Code mfehidk.sys (McAfee Link Driver/McAfee, Inc.) NtOpenThread
Code mfehidk.sys (McAfee Link Driver/McAfee, Inc.) NtSetSecurityObject
---- Devices - GMER 1.0.15 ----
AttachedDevice \FileSystem\Ntfs \Ntfs mfehidk.sys (McAfee Link Driver/McAfee, Inc.)
AttachedDevice \Driver\Tcpip \Device\Ip mfetdi2k.sys (Anti-Virus Mini-Firewall Driver/McAfee, Inc.)
AttachedDevice \Driver\Tcpip \Device\Tcp mfetdi2k.sys (Anti-Virus Mini-Firewall Driver/McAfee, Inc.)
AttachedDevice \Driver\Tcpip \Device\Udp mfetdi2k.sys (Anti-Virus Mini-Firewall Driver/McAfee, Inc.)
AttachedDevice \Driver\Tcpip \Device\RawIp mfetdi2k.sys (Anti-Virus Mini-Firewall Driver/McAfee, Inc.)
---- EOF - GMER 1.0.15 ----
DDS (Ver_10-03-17.01) - NTFSx86
Run by <user> at 20:18:28.35 on Tue 08/03/2010
Internet Explorer: 8.0.6001.18702
Microsoft Windows XP Home Edition 5.1.2600.3.1252.1.1033.18.511.224 [GMT -5:00]
AV: McAfee Anti-Virus and Anti-Spyware *On-access scanning enabled* (Updated) {84B5EE75-6421-4CDE-A33A-DD43BA9FAD83}
FW: McAfee Firewall *enabled* {94894B63-8C7F-4050-BDA4-813CA00DA3E8}
============== Running Processes ===============
C:\WINDOWS\system32\svchost -k DcomLaunch
svchost.exe
C:\Program Files\Windows Defender\MsMpEng.exe
C:\WINDOWS\System32\svchost.exe -k netsvcs
svchost.exe
svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
svchost.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\Carbonite\Carbonite Backup\carboniteservice.exe
C:\WINDOWS\system32\cisvc.exe
C:\WINDOWS\System32\CTsvcCDA.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\Program Files\Common Files\LogiShrd\LVMVFM\LVPrcSrv.exe
C:\Program Files\Common Files\Mcafee\McSvcHost\McSvHost.exe
C:\Program Files\Common Files\McAfee\SystemCore\mfevtps.exe
C:\WINDOWS\System32\nvsvc32.exe
C:\Program Files\Common Files\Intuit\QuickBooks\QBCFMonitorService.exe
C:\WINDOWS\System32\svchost.exe -k imgsvc
C:\Program Files\Viewpoint\Common\ViewpointService.exe
C:\WINDOWS\System32\MsPMSPSv.exe
C:\Program Files\Common Files\McAfee\SystemCore\mcshield.exe
C:\Program Files\Common Files\McAfee\SystemCore\mfefire.exe
C:\Program Files\Viewpoint\Viewpoint Manager\ViewMgr.exe
c:\PROGRA~1\mcafee.com\agent\mcagent.exe
C:\WINDOWS\System32\DSentry.exe
C:\Program Files\Fast Browser SearchP\FastBrowserSearchProtection.exe
C:\Program Files\Carbonite\Carbonite Backup\CarboniteUI.exe
C:\Program Files\Common Files\Java\Java Update\jusched.exe
C:\Program Files\Windows Defender\MSASCui.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Common Files\Intuit\QuickBooks\QBUpdate\qbupdate.exe
C:\WINDOWS\system32\cidaemon.exe
C:\WINDOWS\system32\cidaemon.exe
C:\Documents and Settings\<user>\Desktop\dds.scr
============== Pseudo HJT Report ===============
uStart Page = hxxp://www.rr.com/
uSearch Page = hxxp://red.clientapps.yahoo.com/customize/ycomp_wave/defaults/sp/*http://www.yahoo.com
uDefault_Page_URL = hxxp://www.dellnet.com
uWindow Title = Microsoft Internet Explorer
uSearchMigratedDefaultURL = hxxp://search.yahoo.com/search?p={searchTerms}&ei=utf-8&fr=b1ie7
uSearchURL,(Default) = hxxp://search.yahoo.com/search?fr=mcafee&p=%s
uURLSearchHooks: H - No File
uURLSearchHooks: McAfee SiteAdvisor Toolbar: {0ebbbe48-bad4-4b4c-8e5a-516abecae064} - c:\progra~1\mcafee\sitead~1\mcieplg.dll
mURLSearchHooks: H - No File
BHO: {02478D38-C3F9-4efb-9B51-7695ECA05670} - No File
BHO: AcroIEHlprObj Class: {06849e9f-c8d7-4d59-b87d-784b7d6be0b3} - c:\program files\adobe\acrobat 7.0\activex\AcroIEHelper.dll
BHO: TBSB07183 Class: {6c621f09-dff3-415a-b7d1-142678efeb34} - c:\program files\fast browser search\ie\FBStoolbar.dll
BHO: scriptproxy: {7db2d5a0-7241-4e79-b68d-6309f01c5231} - c:\program files\common files\mcafee\systemcore\ScriptSn.20100717014249.dll
BHO: McAfee SiteAdvisor BHO: {b164e929-a1b6-4a06-b104-2cd0e90a88ff} - c:\progra~1\mcafee\sitead~1\mcieplg.dll
BHO: Java(tm) Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll
BHO: JQSIEStartDetectorImpl Class: {e7e6f031-17ce-4c07-bc86-eabfe594f69c} - c:\program files\java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
TB: Fast Browser Search: {c2dca7eb-22d2-4fd2-86a9-f99fcc8122bb} - c:\program files\fast browser search\ie\FBStoolbar.dll
TB: McAfee SiteAdvisor Toolbar: {0ebbbe48-bad4-4b4c-8e5a-516abecae064} - c:\progra~1\mcafee\sitead~1\mcieplg.dll
TB: {EF99BD32-C1FB-11D2-892F-0090271D4F88} - No File
TB: {604BC32A-9680-40D1-9AC6-E06B23A1BA4C} - No File
EB: {32683183-48a0-441b-a342-7c2a440a9478} - No File
uRun: [ctfmon.exe] c:\windows\system32\ctfmon.exe
mRun: [NvCplDaemon] RUNDLL32.EXE c:\windows\system32\NvCpl.dll,NvStartup
mRun: [DVDSentry] c:\windows\system32\DSentry.exe
mRun: [FBSearch] c:\program files\fast browser searchp\FastBrowserSearchProtection.exe
mRun: [Carbonite Backup] c:\program files\carbonite\carbonite backup\CarboniteUI.exe
mRun: [mcui_exe] "c:\program files\mcafee.com\agent\mcagent.exe" /runkey
mRun: [Intuit SyncManager] c:\program files\common files\intuit\sync\IntuitSyncManager.exe startup
mRun: [SunJavaUpdateSched] "c:\program files\common files\java\java update\jusched.exe"
mRun: [Windows Defender] "c:\program files\windows defender\MSASCui.exe" -hide
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\micros~1.lnk - c:\program files\microsoft office\office10\OSA.EXE
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\quickb~1.lnk - c:\program files\common files\intuit\quickbooks\qbupdate\qbupdate.exe
mPolicies-explorer: <NO NAME> =
IE: E&xport to Microsoft Excel - c:\progra~1\micros~2\office10\EXCEL.EXE/3000
IE: {CD67F990-D8E9-11d2-98FE-00C0F0318AFE}
IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe
IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe
Trusted Zone: internet
Trusted Zone: mcafee.com
DPF: DirectAnimation Java Classes - file://c:\windows\java\classes\dajava.cab
DPF: Microsoft XML Parser for Java - file://c:\windows\java\classes\xmldso.cab
DPF: {0000000A-9980-0010-8000-00AA00389B71} - hxxp://codecs.microsoft.com/codecs/i386/wmsp9dmo.cab
DPF: {01113300-3E00-11D2-8470-0060089874ED} - hxxp://supportcenter.rr.com/sdccommon/download/tgctlcm.cab
DPF: {02BF25D5-8C17-4B23-BC80-D3488ABDDC6B} - hxxp://appldnld.apple.com.edgesuite.net/content.info.apple.com/QuickTime/qtactivex/qtplugin.cab
DPF: {0CCA191D-13A6-4E29-B746-314DEE697D83} - hxxp://upload.facebook.com/controls/2008.10.10_v5.5.8/FacebookPhotoUploader5.cab
DPF: {0E5F0222-96B9-11D3-8997-00104BD12D94} - hxxp://pcpitstop.com/pcpitstop/PCPitStop.CAB
DPF: {166B1BCA-3F9C-11CF-8075-444553540000} - hxxp://download.macromedia.com/pub/shockwave/cabs/director/sw.cab
DPF: {1E2941E3-8E63-11D4-9D5A-00902742D6E0} - hxxps://dommlp04.meadwestvaco.com/iNotes.cab
DPF: {2253F320-AB68-4A07-917D-4F12D8884A06} - hxxp://64.124.45.181/downloads/ccpm_0237.cab
DPF: {28B66320-9687-4B13-8757-36F901887AB5} - hxxp://www.seehere.com/ips-opdata/layout/fujius02/objects/canvasx.cab
DPF: {33564D57-0000-0010-8000-00AA00389B71} - hxxp://download.microsoft.com/download/F/6/E/F6E491A6-77E1-4E20-9F5F-94901338C922/wmv9VCM.CAB
DPF: {33564D57-9980-0010-8000-00AA00389B71} - hxxp://codecs.microsoft.com/codecs/i386/wmv9dmo.cab
DPF: {34DC6011-88B5-4EA9-BA7A-DC7B4F4437FE} - hxxp://www.seehere.com/ips-opdata/layout/fujius02/objects/jordan-canvasx.cab
DPF: {3BFFE033-BF43-11D5-A271-00A024A51325} - hxxps://dommlp04.meadwestvaco.com/iNotes6.cab
DPF: {406B5949-7190-4245-91A9-30A17DE16AD0} - hxxp://www1.snapfish.com/SnapfishActivia.cab
DPF: {4ED9DDF0-7479-4BBE-9335-5A1EDB1D8A21} - hxxp://bin.mcafee.com/molbin/shared/mcinsctl/en-us/4,0,0,76/mcinsctl.cab
DPF: {56336BCB-3D8A-11D6-A00B-0050DA18DE71} - hxxp://software-dl.real.com/11f9384f4199ba0c8f21/netzip/RdxIE601.cab
DPF: {62475759-9E84-458E-A1AB-5D2C442ADFDE} - hxxp://a1540.g.akamai.net/7/1540/52/20030530/qtinstall.info.apple.com/abarth/us/win/QuickTimeInstaller.exe
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_21-windows-i586.cab
DPF: {9600F64D-755F-11D4-A47F-0001023E6D5A} - hxxp://web1.shutterfly.com/downloads/Uploader.cab
DPF: {9F1C11AA-197B-4942-BA54-47A8489BB47F} - hxxp://v4.windowsupdate.microsoft.com/CAB/x86/unicode/iuctl.CAB?37856.1881481481
DPF: {A8683C98-5341-421B-B23C-8514C05354F1} - hxxp://photo.walmart.com/photo/uploads/FujifilmUploadClient.cab
DPF: {BCC0FF27-31D9-4614-A68E-C18E1ADA4389} - hxxp://bin.mcafee.com/molbin/shared/mcgdmgr/en-us/1,0,0,16/mcgdmgr.cab
DPF: {CAFEEFAC-0015-0000-0011-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.5.0/jinstall-1_5_0_11-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_21-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_21-windows-i586.cab
DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} - hxxp://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
DPF: {DE22A7AB-A739-4C58-AD52-21F9CD6306B7} - hxxp://download.microsoft.com/download/7/E/6/7E6A8567-DFE4-4624-87C3-163549BE2704/clearadj.cab
DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
Filter: text/html - {53a24151-1b31-4d00-9f41-d7dd9ca3e873} -
Handler: dssrequest - {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\progra~1\mcafee\sitead~1\McIEPlg.dll
Handler: intu-help-qb3 - {c5e479ea-0a65-4b05-8c6c-2fc8cc682eb4} - c:\program files\intuit\quickbooks 2010\HelpAsyncPluggableProtocol.dll
Handler: qbwc - {FC598A64-626C-4447-85B8-53150405FD57} - c:\windows\system32\mscoree.dll
Handler: sacore - {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\progra~1\mcafee\sitead~1\McIEPlg.dll
Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - c:\progra~1\common~1\skype\SKYPE4~1.DLL
Notify: GoToAssist - c:\program files\citrix\gotoassist\615\G2AWinLogon.dll
SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - c:\windows\system32\WPDShServiceObj.dll
SEH: Microsoft AntiMalware ShellExecuteHook: {091eb208-39dd-417d-a5dd-7e2c2d8fb9cb} - c:\progra~1\wifd1f~1\MpShHook.dll
============= SERVICES / DRIVERS ===============
R0 mfehidk;McAfee Inc. mfehidk;c:\windows\system32\drivers\mfehidk.sys [2010-5-31 385880]
R1 mfetdi2k;McAfee Inc. mfetdi2k;c:\windows\system32\drivers\mfetdi2k.sys [2010-7-17 82952]
R2 McAfee SiteAdvisor Service;McAfee SiteAdvisor Service;"c:\program files\common files\mcafee\mcsvchost\McSvHost.exe" /McCoreSvc [2010-7-17 271480]
R2 McMPFSvc;McAfee Personal Firewall Service;"c:\program files\common files\mcafee\mcsvchost\McSvHost.exe" /McCoreSvc [2010-7-17 271480]
R2 McNaiAnn;McAfee VirusScan Announcer;"c:\program files\common files\mcafee\mcsvchost\McSvHost.exe" /McCoreSvc [2010-7-17 271480]
R2 McProxy;McAfee Proxy Service;"c:\program files\common files\mcafee\mcsvchost\McSvHost.exe" /McCoreSvc [2010-7-17 271480]
R2 McShield;McShield;c:\program files\common files\mcafee\systemcore\mcshield.exe [2010-7-17 170144]
R2 mfefire;McAfee Firewall Core Service;c:\program files\common files\mcafee\systemcore\mfefire.exe [2010-7-17 188136]
R2 mfevtp;McAfee Validation Trust Protection Service;c:\program files\common files\mcafee\systemcore\mfevtps.exe [2010-7-17 141792]
R2 Viewpoint Manager Service;Viewpoint Manager Service;c:\program files\viewpoint\common\ViewpointService.exe [2007-1-10 24652]
R2 WinDefend;Windows Defender;c:\program files\windows defender\MsMpEng.exe [2006-11-3 13592]
R3 cfwids;McAfee Inc. cfwids;c:\windows\system32\drivers\cfwids.sys [2010-7-17 55456]
R3 mfeavfk;McAfee Inc. mfeavfk;c:\windows\system32\drivers\mfeavfk.sys [2010-7-17 152320]
R3 mfebopk;McAfee Inc. mfebopk;c:\windows\system32\drivers\mfebopk.sys [2010-7-17 51688]
R3 mfefirek;McAfee Inc. mfefirek;c:\windows\system32\drivers\mfefirek.sys [2010-7-17 312616]
S2 wowsystemcode;Remote TCP/IPv6;c:\windows\system32\svchost.exe -k netsvcs [2002-8-29 14336]
S3 mfendisk;McAfee Core NDIS Intermediate Filter;c:\windows\system32\drivers\mfendisk.sys [2010-7-17 88480]
S3 mferkdet;McAfee Inc. mferkdet;c:\windows\system32\drivers\mferkdet.sys [2010-7-17 83496]
=============== Created Last 30 ================
2619-07-22 21:24:55 3120 ----a-w- c:\windows\MF_C421.lfa
2619-07-22 21:24:55 3120 ----a-w- c:\windows\MF_C420.lfa
2010-08-03 22:23:29 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2010-08-03 22:23:25 20952 ----a-w- c:\windows\system32\drivers\mbam.sys
2010-08-03 02:25:21 7680 --sha-w- c:\windows\Thumbs.db
2010-08-03 01:14:55 221568 ------w- c:\windows\system32\MpSigStub.exe
2010-08-03 00:15:16 0 d-----w- c:\docume~1\devynm~1\applic~1\ElevatedDiagnostics
2010-07-26 22:26:35 0 d-----w- c:\program files\iPod
2010-07-23 02:46:14 0 d-----w- c:\docume~1\alluse~1\applic~1\Nuance
2010-07-23 00:04:18 0 d-----w- c:\windows\SxsCaPendDel
2010-07-20 00:22:17 123296 ---ha-w- c:\windows\system32\mlfcache.dat
2010-07-17 06:46:06 0 d-----w- c:\program files\SiteAdvisor
2010-07-17 06:42:46 9344 ----a-w- c:\windows\system32\drivers\mfeclnk.sys
2010-07-17 06:41:57 88480 ----a-w- c:\windows\system32\drivers\mfendisk.sys
2010-07-17 06:41:57 83496 ----a-w- c:\windows\system32\drivers\mferkdet.sys
2010-07-17 06:41:57 82952 ----a-w- c:\windows\system32\drivers\mfetdi2k.sys
2010-07-17 06:41:57 312616 ----a-w- c:\windows\system32\drivers\mfefirek.sys
2010-07-17 06:41:56 55456 ----a-w- c:\windows\system32\drivers\cfwids.sys
2010-07-17 06:41:56 51688 ----a-w- c:\windows\system32\drivers\mfebopk.sys
2010-07-17 06:41:56 152320 ----a-w- c:\windows\system32\drivers\mfeavfk.sys
2010-07-17 06:41:45 0 d-----w- c:\program files\common files\Mcafee
2010-07-17 06:41:40 0 d-----w- c:\program files\McAfee.com
2010-07-17 04:35:53 0 d-----w- c:\docume~1\alluse~1\applic~1\Citrix
2010-07-17 04:25:37 0 d-----w- c:\program files\Citrix
2010-07-17 04:06:27 103784 ----a-w- c:\documents and settings\<user>\GoToAssistDownloadHelper.exe
2010-07-14 12:44:21 4194304 ----a-w- c:\windows\system32\cdintf400.dll
2010-07-14 12:18:11 0 d-----w- c:\program files\common files\Intuit
2010-07-14 12:18:10 0 d-----w- c:\program files\Intuit
2010-07-14 12:18:10 0 d-----w- c:\docume~1\alluse~1\applic~1\Intuit
2010-07-14 12:16:34 90 ----a-w- c:\windows\QBChanUtil_Trigger.ini
2010-07-14 12:16:33 0 d-----w- c:\docume~1\alluse~1\applic~1\SQL Anywhere 11
2010-07-14 12:16:27 0 d-----w- c:\docume~1\alluse~1\applic~1\COMMON FILES
2010-07-14 12:02:14 0 d-----w- c:\program files\MSXML 4.0
2010-07-14 11:52:32 0 d-----w- c:\windows\Intuit
2010-07-14 02:30:44 744448 ------w- c:\windows\system32\dllcache\helpsvc.exe
2010-07-13 12:18:09 26600 ----a-w- c:\windows\system32\drivers\GEARAspiWDM.sys
2010-07-13 12:18:09 107368 ----a-w- c:\windows\system32\GEARAspi.dll
2010-07-13 12:12:44 0 d-----w- c:\program files\iTunes
2010-07-13 12:12:44 0 d-----w- c:\docume~1\alluse~1\applic~1\{429CAD59-35B1-4DBC-BB6D-1DB246563521}
2010-07-13 11:52:03 0 d-----w- c:\program files\Bonjour
==================== Find3M ====================
2010-08-04 01:04:21 0 ----a-w- c:\windows\system32\drivers\lvuvc.hs
2010-08-04 01:04:19 0 ----a-w- c:\windows\system32\drivers\logiflt.iad
2010-07-17 10:00:04 423656 ----a-w- c:\windows\system32\deployJava1.dll
2010-05-18 21:35:16 91424 ----a-w- c:\windows\system32\dnssd.dll
2010-05-18 21:35:16 75040 ----a-w- c:\windows\system32\jdns_sd.dll
2010-05-18 21:35:16 197920 ----a-w- c:\windows\system32\dnssdX.dll
2010-05-18 21:35:16 107808 ----a-w- c:\windows\system32\dns-sd.exe
2008-10-31 02:57:04 32768 -csha-w- c:\windows\system32\config\systemprofile\local settings\history\history.ie5\mshist012008103020081031\index.dat
============= FINISH: 20:21:31.81 ===============
(Attach.txt attached)
Thanks.
Malwarebytes' Anti-Malware 1.46
www.malwarebytes.org
Database version: 4386
Windows 5.1.2600 Service Pack 3
Internet Explorer 8.0.6001.18702
8/3/2010 5:44:26 PM
mbam-log-2010-08-03 (17-44-26).txt
Scan type: Quick scan
Objects scanned: 149077
Time elapsed: 15 minute(s), 33 second(s)
Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 0
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 1
Memory Processes Infected:
(No malicious items detected)
Memory Modules Infected:
(No malicious items detected)
Registry Keys Infected:
(No malicious items detected)
Registry Values Infected:
(No malicious items detected)
Registry Data Items Infected:
(No malicious items detected)
Folders Infected:
(No malicious items detected)
Files Infected:
C:\Program Files\Common\_helper.sig (Malware.Trace) -> Quarantined and deleted successfully.
GMER 1.0.15.15281 - http://www.gmer.net
Rootkit quick scan 2010-08-03 19:50:18
Windows 5.1.2600 Service Pack 3
Running: bpmniyc4.exe; Driver: C:\DOCUME~1\DEVYNM~1\LOCALS~1\Temp\fgloapod.sys
---- System - GMER 1.0.15 ----
Code mfehidk.sys (McAfee Link Driver/McAfee, Inc.) ZwCreateKey [0xF8442DB0]
Code mfehidk.sys (McAfee Link Driver/McAfee, Inc.) ZwDeleteKey [0xF8442DC4]
Code mfehidk.sys (McAfee Link Driver/McAfee, Inc.) ZwDeleteValueKey [0xF8442DF0]
Code mfehidk.sys (McAfee Link Driver/McAfee, Inc.) ZwMapViewOfSection [0xF8442E46]
Code mfehidk.sys (McAfee Link Driver/McAfee, Inc.) ZwOpenKey [0xF8442D9C]
Code mfehidk.sys (McAfee Link Driver/McAfee, Inc.) ZwOpenProcess [0xF8442D74]
Code mfehidk.sys (McAfee Link Driver/McAfee, Inc.) ZwOpenThread [0xF8442D88]
Code mfehidk.sys (McAfee Link Driver/McAfee, Inc.) ZwRenameKey [0xF8442DDA]
Code mfehidk.sys (McAfee Link Driver/McAfee, Inc.) ZwSetSecurityObject [0xF8442E1C]
Code mfehidk.sys (McAfee Link Driver/McAfee, Inc.) ZwSetValueKey [0xF8442E06]
Code mfehidk.sys (McAfee Link Driver/McAfee, Inc.) ZwTerminateProcess [0xF8442E70]
Code mfehidk.sys (McAfee Link Driver/McAfee, Inc.) ZwUnmapViewOfSection [0xF8442E5C]
Code mfehidk.sys (McAfee Link Driver/McAfee, Inc.) ZwYieldExecution [0xF8442E30]
Code mfehidk.sys (McAfee Link Driver/McAfee, Inc.) NtMapViewOfSection
Code mfehidk.sys (McAfee Link Driver/McAfee, Inc.) NtOpenProcess
Code mfehidk.sys (McAfee Link Driver/McAfee, Inc.) NtOpenThread
Code mfehidk.sys (McAfee Link Driver/McAfee, Inc.) NtSetSecurityObject
---- Devices - GMER 1.0.15 ----
AttachedDevice \FileSystem\Ntfs \Ntfs mfehidk.sys (McAfee Link Driver/McAfee, Inc.)
AttachedDevice \Driver\Tcpip \Device\Ip mfetdi2k.sys (Anti-Virus Mini-Firewall Driver/McAfee, Inc.)
AttachedDevice \Driver\Tcpip \Device\Tcp mfetdi2k.sys (Anti-Virus Mini-Firewall Driver/McAfee, Inc.)
AttachedDevice \Driver\Tcpip \Device\Udp mfetdi2k.sys (Anti-Virus Mini-Firewall Driver/McAfee, Inc.)
AttachedDevice \Driver\Tcpip \Device\RawIp mfetdi2k.sys (Anti-Virus Mini-Firewall Driver/McAfee, Inc.)
---- EOF - GMER 1.0.15 ----
DDS (Ver_10-03-17.01) - NTFSx86
Run by <user> at 20:18:28.35 on Tue 08/03/2010
Internet Explorer: 8.0.6001.18702
Microsoft Windows XP Home Edition 5.1.2600.3.1252.1.1033.18.511.224 [GMT -5:00]
AV: McAfee Anti-Virus and Anti-Spyware *On-access scanning enabled* (Updated) {84B5EE75-6421-4CDE-A33A-DD43BA9FAD83}
FW: McAfee Firewall *enabled* {94894B63-8C7F-4050-BDA4-813CA00DA3E8}
============== Running Processes ===============
C:\WINDOWS\system32\svchost -k DcomLaunch
svchost.exe
C:\Program Files\Windows Defender\MsMpEng.exe
C:\WINDOWS\System32\svchost.exe -k netsvcs
svchost.exe
svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
svchost.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\Carbonite\Carbonite Backup\carboniteservice.exe
C:\WINDOWS\system32\cisvc.exe
C:\WINDOWS\System32\CTsvcCDA.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\Program Files\Common Files\LogiShrd\LVMVFM\LVPrcSrv.exe
C:\Program Files\Common Files\Mcafee\McSvcHost\McSvHost.exe
C:\Program Files\Common Files\McAfee\SystemCore\mfevtps.exe
C:\WINDOWS\System32\nvsvc32.exe
C:\Program Files\Common Files\Intuit\QuickBooks\QBCFMonitorService.exe
C:\WINDOWS\System32\svchost.exe -k imgsvc
C:\Program Files\Viewpoint\Common\ViewpointService.exe
C:\WINDOWS\System32\MsPMSPSv.exe
C:\Program Files\Common Files\McAfee\SystemCore\mcshield.exe
C:\Program Files\Common Files\McAfee\SystemCore\mfefire.exe
C:\Program Files\Viewpoint\Viewpoint Manager\ViewMgr.exe
c:\PROGRA~1\mcafee.com\agent\mcagent.exe
C:\WINDOWS\System32\DSentry.exe
C:\Program Files\Fast Browser SearchP\FastBrowserSearchProtection.exe
C:\Program Files\Carbonite\Carbonite Backup\CarboniteUI.exe
C:\Program Files\Common Files\Java\Java Update\jusched.exe
C:\Program Files\Windows Defender\MSASCui.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Common Files\Intuit\QuickBooks\QBUpdate\qbupdate.exe
C:\WINDOWS\system32\cidaemon.exe
C:\WINDOWS\system32\cidaemon.exe
C:\Documents and Settings\<user>\Desktop\dds.scr
============== Pseudo HJT Report ===============
uStart Page = hxxp://www.rr.com/
uSearch Page = hxxp://red.clientapps.yahoo.com/customize/ycomp_wave/defaults/sp/*http://www.yahoo.com
uDefault_Page_URL = hxxp://www.dellnet.com
uWindow Title = Microsoft Internet Explorer
uSearchMigratedDefaultURL = hxxp://search.yahoo.com/search?p={searchTerms}&ei=utf-8&fr=b1ie7
uSearchURL,(Default) = hxxp://search.yahoo.com/search?fr=mcafee&p=%s
uURLSearchHooks: H - No File
uURLSearchHooks: McAfee SiteAdvisor Toolbar: {0ebbbe48-bad4-4b4c-8e5a-516abecae064} - c:\progra~1\mcafee\sitead~1\mcieplg.dll
mURLSearchHooks: H - No File
BHO: {02478D38-C3F9-4efb-9B51-7695ECA05670} - No File
BHO: AcroIEHlprObj Class: {06849e9f-c8d7-4d59-b87d-784b7d6be0b3} - c:\program files\adobe\acrobat 7.0\activex\AcroIEHelper.dll
BHO: TBSB07183 Class: {6c621f09-dff3-415a-b7d1-142678efeb34} - c:\program files\fast browser search\ie\FBStoolbar.dll
BHO: scriptproxy: {7db2d5a0-7241-4e79-b68d-6309f01c5231} - c:\program files\common files\mcafee\systemcore\ScriptSn.20100717014249.dll
BHO: McAfee SiteAdvisor BHO: {b164e929-a1b6-4a06-b104-2cd0e90a88ff} - c:\progra~1\mcafee\sitead~1\mcieplg.dll
BHO: Java(tm) Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll
BHO: JQSIEStartDetectorImpl Class: {e7e6f031-17ce-4c07-bc86-eabfe594f69c} - c:\program files\java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
TB: Fast Browser Search: {c2dca7eb-22d2-4fd2-86a9-f99fcc8122bb} - c:\program files\fast browser search\ie\FBStoolbar.dll
TB: McAfee SiteAdvisor Toolbar: {0ebbbe48-bad4-4b4c-8e5a-516abecae064} - c:\progra~1\mcafee\sitead~1\mcieplg.dll
TB: {EF99BD32-C1FB-11D2-892F-0090271D4F88} - No File
TB: {604BC32A-9680-40D1-9AC6-E06B23A1BA4C} - No File
EB: {32683183-48a0-441b-a342-7c2a440a9478} - No File
uRun: [ctfmon.exe] c:\windows\system32\ctfmon.exe
mRun: [NvCplDaemon] RUNDLL32.EXE c:\windows\system32\NvCpl.dll,NvStartup
mRun: [DVDSentry] c:\windows\system32\DSentry.exe
mRun: [FBSearch] c:\program files\fast browser searchp\FastBrowserSearchProtection.exe
mRun: [Carbonite Backup] c:\program files\carbonite\carbonite backup\CarboniteUI.exe
mRun: [mcui_exe] "c:\program files\mcafee.com\agent\mcagent.exe" /runkey
mRun: [Intuit SyncManager] c:\program files\common files\intuit\sync\IntuitSyncManager.exe startup
mRun: [SunJavaUpdateSched] "c:\program files\common files\java\java update\jusched.exe"
mRun: [Windows Defender] "c:\program files\windows defender\MSASCui.exe" -hide
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\micros~1.lnk - c:\program files\microsoft office\office10\OSA.EXE
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\quickb~1.lnk - c:\program files\common files\intuit\quickbooks\qbupdate\qbupdate.exe
mPolicies-explorer: <NO NAME> =
IE: E&xport to Microsoft Excel - c:\progra~1\micros~2\office10\EXCEL.EXE/3000
IE: {CD67F990-D8E9-11d2-98FE-00C0F0318AFE}
IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe
IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe
Trusted Zone: internet
Trusted Zone: mcafee.com
DPF: DirectAnimation Java Classes - file://c:\windows\java\classes\dajava.cab
DPF: Microsoft XML Parser for Java - file://c:\windows\java\classes\xmldso.cab
DPF: {0000000A-9980-0010-8000-00AA00389B71} - hxxp://codecs.microsoft.com/codecs/i386/wmsp9dmo.cab
DPF: {01113300-3E00-11D2-8470-0060089874ED} - hxxp://supportcenter.rr.com/sdccommon/download/tgctlcm.cab
DPF: {02BF25D5-8C17-4B23-BC80-D3488ABDDC6B} - hxxp://appldnld.apple.com.edgesuite.net/content.info.apple.com/QuickTime/qtactivex/qtplugin.cab
DPF: {0CCA191D-13A6-4E29-B746-314DEE697D83} - hxxp://upload.facebook.com/controls/2008.10.10_v5.5.8/FacebookPhotoUploader5.cab
DPF: {0E5F0222-96B9-11D3-8997-00104BD12D94} - hxxp://pcpitstop.com/pcpitstop/PCPitStop.CAB
DPF: {166B1BCA-3F9C-11CF-8075-444553540000} - hxxp://download.macromedia.com/pub/shockwave/cabs/director/sw.cab
DPF: {1E2941E3-8E63-11D4-9D5A-00902742D6E0} - hxxps://dommlp04.meadwestvaco.com/iNotes.cab
DPF: {2253F320-AB68-4A07-917D-4F12D8884A06} - hxxp://64.124.45.181/downloads/ccpm_0237.cab
DPF: {28B66320-9687-4B13-8757-36F901887AB5} - hxxp://www.seehere.com/ips-opdata/layout/fujius02/objects/canvasx.cab
DPF: {33564D57-0000-0010-8000-00AA00389B71} - hxxp://download.microsoft.com/download/F/6/E/F6E491A6-77E1-4E20-9F5F-94901338C922/wmv9VCM.CAB
DPF: {33564D57-9980-0010-8000-00AA00389B71} - hxxp://codecs.microsoft.com/codecs/i386/wmv9dmo.cab
DPF: {34DC6011-88B5-4EA9-BA7A-DC7B4F4437FE} - hxxp://www.seehere.com/ips-opdata/layout/fujius02/objects/jordan-canvasx.cab
DPF: {3BFFE033-BF43-11D5-A271-00A024A51325} - hxxps://dommlp04.meadwestvaco.com/iNotes6.cab
DPF: {406B5949-7190-4245-91A9-30A17DE16AD0} - hxxp://www1.snapfish.com/SnapfishActivia.cab
DPF: {4ED9DDF0-7479-4BBE-9335-5A1EDB1D8A21} - hxxp://bin.mcafee.com/molbin/shared/mcinsctl/en-us/4,0,0,76/mcinsctl.cab
DPF: {56336BCB-3D8A-11D6-A00B-0050DA18DE71} - hxxp://software-dl.real.com/11f9384f4199ba0c8f21/netzip/RdxIE601.cab
DPF: {62475759-9E84-458E-A1AB-5D2C442ADFDE} - hxxp://a1540.g.akamai.net/7/1540/52/20030530/qtinstall.info.apple.com/abarth/us/win/QuickTimeInstaller.exe
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_21-windows-i586.cab
DPF: {9600F64D-755F-11D4-A47F-0001023E6D5A} - hxxp://web1.shutterfly.com/downloads/Uploader.cab
DPF: {9F1C11AA-197B-4942-BA54-47A8489BB47F} - hxxp://v4.windowsupdate.microsoft.com/CAB/x86/unicode/iuctl.CAB?37856.1881481481
DPF: {A8683C98-5341-421B-B23C-8514C05354F1} - hxxp://photo.walmart.com/photo/uploads/FujifilmUploadClient.cab
DPF: {BCC0FF27-31D9-4614-A68E-C18E1ADA4389} - hxxp://bin.mcafee.com/molbin/shared/mcgdmgr/en-us/1,0,0,16/mcgdmgr.cab
DPF: {CAFEEFAC-0015-0000-0011-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.5.0/jinstall-1_5_0_11-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_21-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_21-windows-i586.cab
DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} - hxxp://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
DPF: {DE22A7AB-A739-4C58-AD52-21F9CD6306B7} - hxxp://download.microsoft.com/download/7/E/6/7E6A8567-DFE4-4624-87C3-163549BE2704/clearadj.cab
DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
Filter: text/html - {53a24151-1b31-4d00-9f41-d7dd9ca3e873} -
Handler: dssrequest - {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\progra~1\mcafee\sitead~1\McIEPlg.dll
Handler: intu-help-qb3 - {c5e479ea-0a65-4b05-8c6c-2fc8cc682eb4} - c:\program files\intuit\quickbooks 2010\HelpAsyncPluggableProtocol.dll
Handler: qbwc - {FC598A64-626C-4447-85B8-53150405FD57} - c:\windows\system32\mscoree.dll
Handler: sacore - {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\progra~1\mcafee\sitead~1\McIEPlg.dll
Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - c:\progra~1\common~1\skype\SKYPE4~1.DLL
Notify: GoToAssist - c:\program files\citrix\gotoassist\615\G2AWinLogon.dll
SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - c:\windows\system32\WPDShServiceObj.dll
SEH: Microsoft AntiMalware ShellExecuteHook: {091eb208-39dd-417d-a5dd-7e2c2d8fb9cb} - c:\progra~1\wifd1f~1\MpShHook.dll
============= SERVICES / DRIVERS ===============
R0 mfehidk;McAfee Inc. mfehidk;c:\windows\system32\drivers\mfehidk.sys [2010-5-31 385880]
R1 mfetdi2k;McAfee Inc. mfetdi2k;c:\windows\system32\drivers\mfetdi2k.sys [2010-7-17 82952]
R2 McAfee SiteAdvisor Service;McAfee SiteAdvisor Service;"c:\program files\common files\mcafee\mcsvchost\McSvHost.exe" /McCoreSvc [2010-7-17 271480]
R2 McMPFSvc;McAfee Personal Firewall Service;"c:\program files\common files\mcafee\mcsvchost\McSvHost.exe" /McCoreSvc [2010-7-17 271480]
R2 McNaiAnn;McAfee VirusScan Announcer;"c:\program files\common files\mcafee\mcsvchost\McSvHost.exe" /McCoreSvc [2010-7-17 271480]
R2 McProxy;McAfee Proxy Service;"c:\program files\common files\mcafee\mcsvchost\McSvHost.exe" /McCoreSvc [2010-7-17 271480]
R2 McShield;McShield;c:\program files\common files\mcafee\systemcore\mcshield.exe [2010-7-17 170144]
R2 mfefire;McAfee Firewall Core Service;c:\program files\common files\mcafee\systemcore\mfefire.exe [2010-7-17 188136]
R2 mfevtp;McAfee Validation Trust Protection Service;c:\program files\common files\mcafee\systemcore\mfevtps.exe [2010-7-17 141792]
R2 Viewpoint Manager Service;Viewpoint Manager Service;c:\program files\viewpoint\common\ViewpointService.exe [2007-1-10 24652]
R2 WinDefend;Windows Defender;c:\program files\windows defender\MsMpEng.exe [2006-11-3 13592]
R3 cfwids;McAfee Inc. cfwids;c:\windows\system32\drivers\cfwids.sys [2010-7-17 55456]
R3 mfeavfk;McAfee Inc. mfeavfk;c:\windows\system32\drivers\mfeavfk.sys [2010-7-17 152320]
R3 mfebopk;McAfee Inc. mfebopk;c:\windows\system32\drivers\mfebopk.sys [2010-7-17 51688]
R3 mfefirek;McAfee Inc. mfefirek;c:\windows\system32\drivers\mfefirek.sys [2010-7-17 312616]
S2 wowsystemcode;Remote TCP/IPv6;c:\windows\system32\svchost.exe -k netsvcs [2002-8-29 14336]
S3 mfendisk;McAfee Core NDIS Intermediate Filter;c:\windows\system32\drivers\mfendisk.sys [2010-7-17 88480]
S3 mferkdet;McAfee Inc. mferkdet;c:\windows\system32\drivers\mferkdet.sys [2010-7-17 83496]
=============== Created Last 30 ================
2619-07-22 21:24:55 3120 ----a-w- c:\windows\MF_C421.lfa
2619-07-22 21:24:55 3120 ----a-w- c:\windows\MF_C420.lfa
2010-08-03 22:23:29 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2010-08-03 22:23:25 20952 ----a-w- c:\windows\system32\drivers\mbam.sys
2010-08-03 02:25:21 7680 --sha-w- c:\windows\Thumbs.db
2010-08-03 01:14:55 221568 ------w- c:\windows\system32\MpSigStub.exe
2010-08-03 00:15:16 0 d-----w- c:\docume~1\devynm~1\applic~1\ElevatedDiagnostics
2010-07-26 22:26:35 0 d-----w- c:\program files\iPod
2010-07-23 02:46:14 0 d-----w- c:\docume~1\alluse~1\applic~1\Nuance
2010-07-23 00:04:18 0 d-----w- c:\windows\SxsCaPendDel
2010-07-20 00:22:17 123296 ---ha-w- c:\windows\system32\mlfcache.dat
2010-07-17 06:46:06 0 d-----w- c:\program files\SiteAdvisor
2010-07-17 06:42:46 9344 ----a-w- c:\windows\system32\drivers\mfeclnk.sys
2010-07-17 06:41:57 88480 ----a-w- c:\windows\system32\drivers\mfendisk.sys
2010-07-17 06:41:57 83496 ----a-w- c:\windows\system32\drivers\mferkdet.sys
2010-07-17 06:41:57 82952 ----a-w- c:\windows\system32\drivers\mfetdi2k.sys
2010-07-17 06:41:57 312616 ----a-w- c:\windows\system32\drivers\mfefirek.sys
2010-07-17 06:41:56 55456 ----a-w- c:\windows\system32\drivers\cfwids.sys
2010-07-17 06:41:56 51688 ----a-w- c:\windows\system32\drivers\mfebopk.sys
2010-07-17 06:41:56 152320 ----a-w- c:\windows\system32\drivers\mfeavfk.sys
2010-07-17 06:41:45 0 d-----w- c:\program files\common files\Mcafee
2010-07-17 06:41:40 0 d-----w- c:\program files\McAfee.com
2010-07-17 04:35:53 0 d-----w- c:\docume~1\alluse~1\applic~1\Citrix
2010-07-17 04:25:37 0 d-----w- c:\program files\Citrix
2010-07-17 04:06:27 103784 ----a-w- c:\documents and settings\<user>\GoToAssistDownloadHelper.exe
2010-07-14 12:44:21 4194304 ----a-w- c:\windows\system32\cdintf400.dll
2010-07-14 12:18:11 0 d-----w- c:\program files\common files\Intuit
2010-07-14 12:18:10 0 d-----w- c:\program files\Intuit
2010-07-14 12:18:10 0 d-----w- c:\docume~1\alluse~1\applic~1\Intuit
2010-07-14 12:16:34 90 ----a-w- c:\windows\QBChanUtil_Trigger.ini
2010-07-14 12:16:33 0 d-----w- c:\docume~1\alluse~1\applic~1\SQL Anywhere 11
2010-07-14 12:16:27 0 d-----w- c:\docume~1\alluse~1\applic~1\COMMON FILES
2010-07-14 12:02:14 0 d-----w- c:\program files\MSXML 4.0
2010-07-14 11:52:32 0 d-----w- c:\windows\Intuit
2010-07-14 02:30:44 744448 ------w- c:\windows\system32\dllcache\helpsvc.exe
2010-07-13 12:18:09 26600 ----a-w- c:\windows\system32\drivers\GEARAspiWDM.sys
2010-07-13 12:18:09 107368 ----a-w- c:\windows\system32\GEARAspi.dll
2010-07-13 12:12:44 0 d-----w- c:\program files\iTunes
2010-07-13 12:12:44 0 d-----w- c:\docume~1\alluse~1\applic~1\{429CAD59-35B1-4DBC-BB6D-1DB246563521}
2010-07-13 11:52:03 0 d-----w- c:\program files\Bonjour
==================== Find3M ====================
2010-08-04 01:04:21 0 ----a-w- c:\windows\system32\drivers\lvuvc.hs
2010-08-04 01:04:19 0 ----a-w- c:\windows\system32\drivers\logiflt.iad
2010-07-17 10:00:04 423656 ----a-w- c:\windows\system32\deployJava1.dll
2010-05-18 21:35:16 91424 ----a-w- c:\windows\system32\dnssd.dll
2010-05-18 21:35:16 75040 ----a-w- c:\windows\system32\jdns_sd.dll
2010-05-18 21:35:16 197920 ----a-w- c:\windows\system32\dnssdX.dll
2010-05-18 21:35:16 107808 ----a-w- c:\windows\system32\dns-sd.exe
2008-10-31 02:57:04 32768 -csha-w- c:\windows\system32\config\systemprofile\local settings\history\history.ie5\mshist012008103020081031\index.dat
============= FINISH: 20:21:31.81 ===============
(Attach.txt attached)