Strange warning windows started today and I decided to run McAfee Security Center as provided by Comcast. Vundo trojan was identified and I followed McAfee Community guidance in running procexp.exe to disable some processes. I was unable to locate rundll32.exe and the resultant scan was VERY SLOW. It cleared some issues and my desktop is back but with some interesting shortcuts for error cleaning and privacy protection. I also cannot access the Restore function to disable it as directed.

I have rebooted several times after running McAfee and all the while killing popups for:
Windows Securuty Alert
System Alert (in the tooltray)
Spyware Alert Worm
Browser launch

I have followed the self help for Vundo removal but I cannot find the specific lines noted and therefore I did not download and run the Vundo Removal Tool. I am continually battling popups even now.

I am running Windows XP SP2 with most currect updates.

Your guidance would be appreciated.

Logfile of HijackThis v1.99.1
Scan saved at 5:01:08 PM, on 4/20/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16640)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Common Files\Maxtor\Schedule2\schedul2.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\WINDOWS\system32\GEARSEC.EXE
C:\Program Files\Intel\Intel Matrix Storage Manager\iaantmon.exe
C:\Program Files\Common Files\LightScribe\LSSrvc.exe
C:\Program Files\McAfee\MBK\MBackMonitor.exe
C:\Program Files\Common Files\McAfee\HackerWatch\HWAPI.exe
C:\PROGRA~1\McAfee\MSC\mcmscsvc.exe
c:\program files\common files\mcafee\mna\mcnasvc.exe
C:\PROGRA~1\McAfee\VIRUSS~1\mcods.exe
C:\PROGRA~1\McAfee\MSC\mcpromgr.exe
c:\PROGRA~1\COMMON~1\mcafee\mcproxy\mcproxy.exe
c:\PROGRA~1\COMMON~1\mcafee\redirsvc\redirsvc.exe
C:\PROGRA~1\McAfee\VIRUSS~1\mcshield.exe
C:\PROGRA~1\McAfee\VIRUSS~1\mcsysmon.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\Program Files\McAfee\MPF\MPFSrv.exe
C:\PROGRA~1\McAfee\MPS\mps.exe
c:\Program Files\Microsoft LifeCam\MSCamS32.exe
C:\Program Files\Nero\Nero8\Nero BackItUp\NBService.exe
C:\Program Files\Nikon\Wireless Camera Setup Utility\NkPtpEnum.exe
C:\WINDOWS\system32\IoctlSvc.exe
C:\WINDOWS\system32\HPZipm12.exe
C:\PROGRA~1\RETROS~1\RETROS~1.0\retrorun.exe
C:\Program Files\Spyware Doctor\pctsAuxs.exe
C:\Program Files\Spyware Doctor\pctsSvc.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\McAfee\MPS\mpsevh.exe
C:\WINDOWS\Explorer.EXE
c:\PROGRA~1\mcafee.com\agent\mcagent.exe
C:\WINDOWS\stsystra.exe
C:\Program Files\McAfee\MBK\McAfeeDataBackup.exe
C:\PROGRA~1\RETROS~1\RETROS~1.0\RetroExpress.exe
C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe
C:\WINDOWS\vVX6000.exe
C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
C:\Program Files\HP\hpcoretech\hpcmpmgr.exe
C:\Program Files\Spyware Doctor\pctsTray.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\DNA\btdna.exe
C:\Program Files\Common Files\Nikon\Monitor\NkMonitor.exe
C:\WINDOWS\System32\alg.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\WINDOWS\system32\msiexec.exe
C:\Program Files\Hijackthis\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.comcast.net/
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://softwarereferral.com/jump.php?wmid=...6Ojg5&lid=2
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.comcast.net/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Search,Default_Page_URL = www.google.com/ig/dell?hl=en&client=dell-usuk&channel=us
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Microsoft Internet Explorer provided by Comcast High-Speed Internet
O3 - Toolbar: Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Adobe\Acrobat 6.0\Acrobat\AcroIEFavClient.dll
O3 - Toolbar: (no name) - {0BF43445-2F28-4351-9252-17FE6E806AA0} - (no file)
O3 - Toolbar: dpevflbg - {60174039-2A3E-490F-B5CA-3CFBB6703F35} - C:\WINDOWS\dpevflbg.dll
O4 - HKLM\..\Run: [SigmatelSysTrayApp] stsystra.exe
O4 - HKLM\..\Run: [WD Button Manager] WDBtnMgr.exe
O4 - HKLM\..\Run: [MBkLogOnHook] C:\Program Files\McAfee\MBK\LogOnHook.exe
O4 - HKLM\..\Run: [McAfee Backup] C:\Program Files\McAfee\MBK\McAfeeDataBackup.exe
O4 - HKLM\..\Run: [RetroExpress] C:\PROGRA~1\RETROS~1\RETROS~1.0\RetroExpress.exe /h
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe"
O4 - HKLM\..\Run: [LifeCam] "c:\Program Files\Microsoft LifeCam\LifeExp.exe"
O4 - HKLM\..\Run: [VX6000] C:\WINDOWS\vVX6000.exe
O4 - HKLM\..\Run: [HP Software Update] "c:\Program Files\HP\HP Software Update\HPWuSchd2.exe"
O4 - HKLM\..\Run: [HP Component Manager] "C:\Program Files\HP\hpcoretech\hpcmpmgr.exe"
O4 - HKLM\..\Run: [NBKeyScan] "C:\Program Files\Nero\Nero8\Nero BackItUp\NBKeyScan.exe"
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [ISTray] "C:\Program Files\Spyware Doctor\pctsTray.exe"
O4 - HKLM\..\Run: [NeroFilterCheck] C:\Program Files\Common Files\Nero\Lib\NeroCheck.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Program Files\Common Files\Nero\Lib\NMBgMonitor.exe"
O4 - HKCU\..\Run: [BitTorrent DNA] "C:\Program Files\DNA\btdna.exe"
O4 - Startup: Nikon Monitor.lnk = ?
O4 - Global Startup: Adobe Gamma Loader.lnk = ?
O4 - Global Startup: Adobe Reader Synchronizer.lnk = C:\Program Files\Adobe\Reader 8.0\Reader\AdobeCollabSync.exe
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~4\OFFICE11\EXCEL.EXE/3000
O8 - Extra context menu item: MasterCook: Select Image - C:\Program Files\MasterCook 9\Web\MCIEContext.hta
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~4\OFFICE11\REFIEBAR.DLL
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\system32\Shdocvw.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra button: MasterCook Web Import Bar - {E6EF5071-7647-4E85-9785-87B6CF5CB561} - C:\WINDOWS\system32\shdocvw.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O11 - Options group: [INTERNATIONAL] International*
O16 - DPF: {6B75345B-AA36-438A-BBE6-4078B4C6984D} (HpProductDetection Class) - http://h20270.www2.hp.com/ediags/gmn2/inst...ctDetection.cab
O16 - DPF: {7FE26BE2-B923-4B41-9834-E84DA1CC1F96} (Maid Control) - http://vsp.closetmaid.com/vsp/cmaidctl_vsp..._downloader.cab
O16 - DPF: {A90A5822-F108-45AD-8482-9BC8B12DD539} (Crucial cpcScan) - http://www.crucial.com/controls/cpcScanner.cab
O16 - DPF: {C4925E65-7A1E-11D2-8BB4-00A0C9CC72C3} (Virtools WebPlayer Class) -
O16 - DPF: {DBA230D1-8467-4e69-987E-5FAE815A3B45} -
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O21 - SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll
O21 - SSODL: vadokmxt - {AA2D1444-4DEC-4A05-9683-FA91BBB109A0} - C:\WINDOWS\vadokmxt.dll
O21 - SSODL: wdpoefan - {96019699-EE6F-422D-8F34-B340069F44DB} - C:\WINDOWS\wdpoefan.dll
O23 - Service: Acronis Scheduler2 Service (AcrSch2Svc) - Acronis - C:\Program Files\Common Files\Maxtor\Schedule2\schedul2.exe
O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
O23 - Service: DSBrokerService - Unknown owner - C:\Program Files\DellSupport\brkrsvc.exe
O23 - Service: McAfee E-mail Proxy (Emproxy) - McAfee, Inc. - C:\PROGRA~1\COMMON~1\McAfee\EmProxy\emproxy.exe
O23 - Service: GEARSecurity - GEAR Software - C:\WINDOWS\system32\GEARSEC.EXE
O23 - Service: Intel® Matrix Storage Event Monitor (IAANTMon) - Intel Corporation - C:\Program Files\Intel\Intel Matrix Storage Manager\iaantmon.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Common Files\LightScribe\LSSrvc.exe
O23 - Service: MBackMonitor - McAfee - C:\Program Files\McAfee\MBK\MBackMonitor.exe
O23 - Service: McAfee HackerWatch Service - McAfee, Inc. - C:\Program Files\Common Files\McAfee\HackerWatch\HWAPI.exe
O23 - Service: McAfee Update Manager (mcmispupdmgr) - McAfee, Inc. - C:\PROGRA~1\McAfee\MSC\mcupdmgr.exe
O23 - Service: McAfee Services (mcmscsvc) - McAfee, Inc. - C:\PROGRA~1\McAfee\MSC\mcmscsvc.exe
O23 - Service: McAfee Network Agent (McNASvc) - McAfee, Inc. - c:\program files\common files\mcafee\mna\mcnasvc.exe
O23 - Service: McAfee Scanner (McODS) - McAfee, Inc. - C:\PROGRA~1\McAfee\VIRUSS~1\mcods.exe
O23 - Service: McAfee Protection Manager (mcpromgr) - McAfee, Inc. - C:\PROGRA~1\McAfee\MSC\mcpromgr.exe
O23 - Service: McAfee Proxy Service (McProxy) - McAfee, Inc. - c:\PROGRA~1\COMMON~1\mcafee\mcproxy\mcproxy.exe
O23 - Service: McAfee Redirector Service (McRedirector) - McAfee, Inc. - c:\PROGRA~1\COMMON~1\mcafee\redirsvc\redirsvc.exe
O23 - Service: McAfee Real-time Scanner (McShield) - McAfee, Inc. - C:\PROGRA~1\McAfee\VIRUSS~1\mcshield.exe
O23 - Service: McAfee SystemGuards (McSysmon) - McAfee, Inc. - C:\PROGRA~1\McAfee\VIRUSS~1\mcsysmon.exe
O23 - Service: McAfee Personal Firewall Service (MpfService) - McAfee, Inc. - C:\Program Files\McAfee\MPF\MPFSrv.exe
O23 - Service: McAfee Privacy Service (MPS9) - McAfee, Inc. - C:\PROGRA~1\McAfee\MPS\mps.exe
O23 - Service: NBService - Nero AG - C:\Program Files\Nero\Nero 7\Nero BackItUp\NBService.exe
O23 - Service: Nero BackItUp Scheduler 3 - Nero AG - C:\Program Files\Nero\Nero8\Nero BackItUp\NBService.exe
O23 - Service: Intel NCS NetService (NetSvc) - Intel® Corporation - C:\Program Files\Intel\PROSetWired\NCS\Sync\NetSvc.exe
O23 - Service: NkPtpEnumP2 - Unknown owner - C:\Program Files\Nikon\Wireless Camera Setup Utility\NkPtpEnum.exe" -a -d="C:\Program Files\Nikon\Wireless Camera Setup Utility\NkPtpip.dll (file missing)
O23 - Service: NMIndexingService - Nero AG - C:\Program Files\Common Files\Nero\Lib\NMIndexingService.exe
O23 - Service: PLFlash DeviceIoControl Service - Prolific Technology Inc. - C:\WINDOWS\system32\IoctlSvc.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe
O23 - Service: Retrospect Express HD Helper (RetroExp Helper) - EMC Corporation - C:\PROGRA~1\RETROS~1\RETROS~1.0\rthlpsvc.exe
O23 - Service: Retrospect Express HD Launcher (RetroExpLauncher) - EMC Corporation - C:\PROGRA~1\RETROS~1\RETROS~1.0\retrorun.exe
O23 - Service: PC Tools Auxiliary Service (sdAuxService) - PC Tools - C:\Program Files\Spyware Doctor\pctsAuxs.exe
O23 - Service: PC Tools Security Service (sdCoreService) - PC Tools - C:\Program Files\Spyware Doctor\pctsSvc.exe

Hello ToMiBo and welcome to the What the Tech Forums

My name is Trevuren and I will be helping you with your problem.


A. First we must disable some of your security programs so that they do not interfere with the running of our tools:

MCAFEE ANTIVIRUS
Please navigate to the system tray on the bottom right hand corner and look for a sign.

• right-click it -> chose "Exit."
• a popup will warn that protection will now be disabled. Click on "Yes" to disable the Antivirus guard.

You succesfully disabled the McAfee Guard.


SPYWARE DOCTOR

• Click the Spyware Doctor icon in the System Tray.
• Click Settings.
• Click Startup Settings under Pick a Category.
• Uncheck "Run at Windows startup".
• Click Apply and Exit Spyware Doctor.
• From within Spyware Doctor, click the "OnGuard" button on the left side.
• Uncheck "Activate OnGuard".
• (When we are done, you can reenable Spyware Doctor)

B. Please download ComboFix by sUBs from HERE or HERE directly to your Desktop.

Note: If you already have ComboFix on your machine, please DELETE it from your desktop before downloading the newest version.

Go to -> Run -> copy/paste the following single line command in the runbox & click OK

"%userprofile%\desktop\combofix.exe" /killall

• DO NOT USE your computer for any other purpose while ComboFix is running.
• ComboFix may restart your computer, this is normal.
• When finished, it will produce a log, ComboFix.txt.
• Please post ComboFix.txt in your next reply along with a new HijackThis log.

Notes:

1.Do not mouse-click Combofix's window while it is running. That may cause it to stall.
2. ComboFix may reset a number of Internet Explorer's settings, including making I-E the default browser.
3. Combofix prevents autorun of ALL CD, floppy and USB devices to assist with malware removal & increase security. If this is an issue or makes it difficult for you -- please tell your helper.
4. CF disconnects your machine from the internet. The connection is automatically restored before CF completes its run. If CF runs into difficulty and terminates prematurely, the connection can be manually restored by restarting your machine.

Trevuren,

Thank you very much for your assistance!

I had some difficulty disabling McAfee as there was no right-click option for exit or disable; I had to manually shut down each feature.

I ran the tool per your instructions so I sat back and watched it work. Very nice!


Here's the result:

ComboFix 08-04-20.2 - A Bovis 2008-04-20 22:29:02.1 - NTFSx86
Microsoft Windows XP Home Edition 5.1.2600.2.1252.1.1033.18.3246 [GMT -5:00]
Running from: C:\Documents and Settings\A Bovis\Desktop\ComboFix.exe
Command switches used :: killall

WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !!
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

C:\WINDOWS\Downloaded Program Files\setup.inf
C:\WINDOWS\system32\DcedcMoq.ini
C:\WINDOWS\system32\DcedcMoq.ini2
C:\WINDOWS\system32\qoMcdecD.dll

.
((((((((((((((((((((((((( Files Created from 2008-03-21 to 2008-04-21 )))))))))))))))))))))))))))))))
.

2008-04-20 22:04 . 2008-04-20 22:04 <DIR> d-------- C:\VundoFix Backups
2008-04-20 21:55 . 2008-04-20 21:55 <DIR> d-------- C:\Program Files\Common Files\Wise Installation Wizard
2008-04-20 19:06 . 2008-04-20 19:06 <DIR> d-------- C:\WINDOWS\system32\Kaspersky Lab
2008-04-20 19:06 . 2008-04-20 19:06 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Kaspersky Lab
2008-04-20 11:08 . 2008-04-20 11:08 <DIR> d-------- C:\Documents and Settings\A Bovis\Application Data\TmpRecentIcons
2008-04-20 10:25 . 2008-04-20 10:25 <DIR> d-------- C:\Documents and Settings\LocalService\Application Data\McAfee
2008-04-20 09:39 . 2008-04-20 09:39 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\srerqjyh
2008-04-20 09:39 . 2008-04-20 04:52 258,048 --a------ C:\WINDOWS\qnmargololr.dll
2008-04-20 09:39 . 2008-04-20 04:52 225,280 --a------ C:\WINDOWS\wdpoefan.dll
2008-04-20 09:39 . 2008-04-20 04:52 196,608 --a------ C:\WINDOWS\vadokmxt.dll
2008-04-20 09:39 . 2008-04-20 04:52 155,648 --a------ C:\WINDOWS\dpevflbg.dll
2008-04-20 09:39 . 2008-04-20 04:52 94,208 --a------ C:\WINDOWS\olgdqarf.exe
2008-04-20 09:39 . 2008-04-20 04:52 81,920 --a------ C:\WINDOWS\wxvgsdbq.exe
2008-04-20 08:54 . 2008-04-20 08:55 <DIR> d-------- C:\Temp\Garmin Unlock Utility
2008-04-19 19:30 . 2008-04-02 10:59 <DIR> d-------- C:\Temp\GarmKeyGen_v1.1
2008-04-19 18:42 . 2008-04-19 18:43 <DIR> d-------- C:\Program Files\MagicISO
2008-04-18 19:38 . 2008-04-18 19:38 <DIR> d-------- C:\Program Files\DNA
2008-04-18 19:38 . 2008-04-20 22:30 <DIR> d-------- C:\Documents and Settings\A Bovis\Application Data\DNA
2008-04-16 21:30 . 2008-04-16 21:30 23,392 --a------ C:\WINDOWS\system32\nscompat.tlb
2008-04-16 21:30 . 2008-04-16 21:30 16,832 --a------ C:\WINDOWS\system32\amcompat.tlb
2008-04-16 21:25 . 2008-04-16 21:25 0 --a------ C:\Documents and Settings\A Bovis\regsrv32
2008-04-15 17:54 . 2008-04-15 17:54 <DIR> d-------- C:\Program Files\iPod
2008-04-15 17:54 . 2008-04-20 21:47 54,156 --ah----- C:\WINDOWS\QTFont.qfn
2008-04-15 17:54 . 2008-04-15 17:54 1,409 --a------ C:\WINDOWS\QTFont.for
2008-04-05 13:26 . 2008-04-05 13:26 8 --a------ C:\Documents and Settings\A Bovis\Application Data\usb.dat.bin
2008-04-05 13:15 . 2008-04-05 13:15 8 --a------ C:\Documents and Settings\A Bovis\Application Data\usb.dat
2008-04-05 13:00 . 2008-04-05 13:00 <DIR> d-------- C:\Documents and Settings\A Bovis\Application Data\CoSoSys
2008-04-04 16:09 . 2008-04-04 16:09 0 --a------ C:\LOG2C0.tmp
2008-03-28 23:37 . 2008-03-28 23:37 90,112 --a------ C:\WINDOWS\system32\QuickTimeVR.qtx
2008-03-28 23:37 . 2008-03-28 23:37 57,344 --a------ C:\WINDOWS\system32\QuickTime.qts

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-04-21 03:20 --------- d---a-w C:\Documents and Settings\All Users\Application Data\TEMP
2008-04-21 02:56 --------- d-----w C:\Program Files\Lavasoft
2008-04-21 02:47 --------- d-----w C:\Documents and Settings\All Users\Application Data\RetroExp
2008-04-21 00:48 --------- d-----w C:\Program Files\Real US Flag
2008-04-20 23:22 --------- d-----w C:\Program Files\Microsoft Silverlight
2008-04-20 15:16 --------- d-----w C:\Documents and Settings\A Bovis\Application Data\BitTorrent
2008-04-20 15:07 --------- d-----w C:\Program Files\DYMO Label
2008-04-19 15:39 --------- d-----w C:\Documents and Settings\A Bovis\Application Data\U3
2008-04-19 00:38 --------- d-----w C:\Program Files\BitTorrent
2008-04-18 14:18 --------- d-----w C:\Program Files\Spyware Doctor
2008-04-17 02:43 --------- d-----w C:\Program Files\Windows Media Connect 2
2008-04-15 22:55 --------- d-----w C:\Program Files\Apple Software Update
2008-04-15 22:54 --------- d-----w C:\Program Files\iTunes
2008-04-15 22:53 --------- d-----w C:\Program Files\QuickTime
2008-04-13 15:37 --------- d-----w C:\Documents and Settings\A Bovis\Application Data\Smart Panel
2008-04-01 21:42 --------- d-----w C:\Program Files\McAfee
2008-03-28 22:59 --------- d-----w C:\Program Files\Broderbund
2008-03-28 16:31 --------- d-----w C:\Documents and Settings\A Bovis\Application Data\Intuit
2008-03-15 14:13 --------- d-----w C:\Program Files\NeroInstall.bak
2008-03-15 14:11 --------- d-----w C:\Program Files\Common Files\Nero
2008-03-09 20:40 --------- d-----w C:\Program Files\ABBYY FineReader 5.0 Sprint
2008-03-09 13:26 --------- d-----w C:\Program Files\Java
2008-03-08 19:31 --------- d-----w C:\Program Files\Auslogics
2008-03-08 19:31 --------- d-----w C:\Documents and Settings\A Bovis\Application Data\Auslogics
2008-03-08 17:10 --------- d-----w C:\Program Files\Google
2008-03-08 17:00 --------- d-----w C:\Documents and Settings\A Bovis\Application Data\PC Tools
2008-03-02 20:58 --------- d-----w C:\Documents and Settings\A Bovis\Application Data\GARMIN
2008-03-02 20:57 --------- d-----w C:\Program Files\Garmin GPS Plugin
2008-02-28 22:38 972,072 ----a-w C:\WINDOWS\UNNeroMediaHome.exe
2008-02-27 22:59 37,027 ----a-w C:\WINDOWS\atmoUn.exe
2008-02-27 22:59 --------- d-----w C:\Program Files\Viewpoint
2008-02-27 22:59 --------- d-----w C:\Documents and Settings\A Bovis\Application Data\AdobeUM
2008-02-26 21:14 972,072 ----a-w C:\WINDOWS\UNRecode.exe
2008-02-21 23:10 --------- d-----w C:\Documents and Settings\A Bovis\Application Data\Nero
2008-01-02 02:06 20 ---h--w C:\Documents and Settings\All Users\Application Data\PKP_DLdu.DAT
2007-08-30 04:03 20 ---h--w C:\Documents and Settings\All Users\Application Data\PKP_DLec.DAT
2007-08-30 04:03 20 ---h--w C:\Documents and Settings\All Users\Application Data\PKP_DLds.DAT
2006-08-20 04:37 774,144 ----a-w C:\Program Files\RngInterstitial.dll
2006-08-26 19:15 88 --sh--r C:\WINDOWS\system32\B9B1C02025.sys
2006-08-26 19:15 3,350 --sha-w C:\WINDOWS\system32\KGyGaAvL.sys
.

((((((((((((((((((((((((((((((((((((((((((((( AWF ))))))))))))))))))))))))))))))))))))))))))))))))))))))))))
.
----a-w 40,048 2006-10-23 06:48:20 C:\Program Files\Adobe\Reader 8.0\Reader\bak\Reader_sl.exe
----a-w 39,792 2008-01-12 04:16:38 C:\Program Files\Adobe\Reader 8.0\Reader\reader_sl.exe

----a-w 344,064 2006-02-10 02:05:00 C:\Program Files\ATI Technologies\ATI Control Panel\bak\ATIPTAXX.EXE

----a-w 81,920 2005-06-10 15:44:02 C:\Program Files\Common Files\InstallShield\UpdateService\bak\issch.exe

----a-w 249,856 2005-06-10 15:44:02 C:\Program Files\Common Files\InstallShield\UpdateService\bak\isuspm.exe

----a-w 149,024 2007-06-14 22:43:40 C:\Program Files\Common Files\Maxtor\Schedule2\bak\schedhlp.exe

----a-w 198,704 2007-06-14 06:02:12 C:\Program Files\Dell Support Center\bin\bak\sprtcmd.exe

----a-w 460,784 2007-03-15 16:09:36 C:\Program Files\DellSupport\bak\DSAgnt.exe

----a-w 913,408 2004-10-13 23:24:40 C:\Program Files\DigitalPersona\Bin\bak\DPAgnt.exe

----a-w 139,264 2005-06-17 12:56:14 C:\Program Files\Intel\Intel Matrix Storage Manager\bak\iaanotif.exe

----a-w 267,064 2007-09-14 15:00:06 C:\Program Files\iTunes\bak\iTunesHelper.exe
----a-w 267,048 2008-03-30 15:36:40 C:\Program Files\iTunes\iTunesHelper.exe

----a-w 132,496 2007-07-12 09:00:36 C:\Program Files\Java\jre1.6.0_02\bin\bak\jusched.exe

----a-w 20,480 2007-01-08 16:22:46 C:\Program Files\McAfee\MBK\bak\LogOnHook.exe
----a-w 20,480 2007-01-08 16:22:46 C:\Program Files\McAfee\MBK\LogonHook.exe

----a-w 4,838,952 2007-01-16 18:59:50 C:\Program Files\McAfee\MBK\bak\McAfeeDataBackup.exe
----a-w 4,838,952 2007-01-16 18:59:50 C:\Program Files\McAfee\MBK\McAfeeDataBackup.exe

----a-w 1,121,792 2005-08-12 21:16:44 C:\Program Files\McAfee\SpamKiller\bak\MSKDetct.exe

----a-w 277,296 2006-10-13 22:01:18 C:\Program Files\Microsoft LifeCam\bak\LifeExp.exe
----a-w 279,912 2007-05-17 20:45:32 C:\Program Files\Microsoft LifeCam\LifeExp.exe

----a-w 312,848 2007-04-27 18:16:08 C:\Program Files\Nero\PhotoShow 5\data\Xtras\bak\mssysmgr.exe

----a-w 286,720 2007-06-29 11:24:52 C:\Program Files\QuickTime\bak\QTTask.exe
----a-w 413,696 2008-03-29 04:37:20 C:\Program Files\QuickTime\QTTask.exe

----a-w 9,371,648 2006-09-11 22:32:42 C:\Program Files\Retrospect\Retrospect Express HD 2.0\bak\RetroExpress.exe
----a-w 9,371,648 2006-09-11 22:32:42 C:\Program Files\Retrospect\Retrospect Express HD 2.0\RetroExpress.exe

----a-w 245,760 2006-01-07 01:56:38 C:\Program Files\Road Runner\Road Runner PhotoShow 4\data\Xtras\bak\mssysmgr.exe

----a-w 994,096 2006-10-13 22:04:18 C:\WINDOWS\bak\vVX6000.exe
----a-w 996,712 2007-04-10 20:46:44 C:\WINDOWS\vVX6000.exe

----a-w 15,360 2004-08-04 10:00:00 C:\WINDOWS\system32\bak\ctfmon.exe
----a-w 15,360 2004-08-04 10:00:00 C:\WINDOWS\system32\ctfmon.exe

.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{4020100D-29D7-4392-AFD5-5AD713FF4B88}]
C:\WINDOWS\system32\jkkIAPIY.dll

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{FFFDFF87-2CFE-40D6-9480-33E97FEC4362}]
2008-04-20 04:52 258048 --a------ C:\WINDOWS\qnmargololr.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
"{60174039-2A3E-490F-B5CA-3CFBB6703F35}"= "C:\WINDOWS\dpevflbg.dll" [2008-04-20 04:52 155648]

[HKEY_CLASSES_ROOT\clsid\{60174039-2a3e-490f-b5ca-3cfbb6703f35}]
[HKEY_CLASSES_ROOT\dpevflbg.1]
[HKEY_CLASSES_ROOT\TypeLib\{C26775D8-84F1-4439-9EB7-96A673007EE7}]
[HKEY_CLASSES_ROOT\dpevflbg]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-04 05:00 15360]
"BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}"="C:\Program Files\Common Files\Nero\Lib\NMBgMonitor.exe" [2008-02-28 17:07 132392]
"BitTorrent DNA"="C:\Program Files\DNA\btdna.exe" [2008-04-18 19:38 288576]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SigmatelSysTrayApp"="stsystra.exe" [2005-03-22 23:20 339968 C:\WINDOWS\stsystra.exe]
"WD Button Manager"="WDBtnMgr.exe" [2008-02-03 16:38 16064 C:\WINDOWS\system32\WDBtnMgr.exe]
"MBkLogOnHook"="C:\Program Files\McAfee\MBK\LogOnHook.exe" [2007-01-08 11:22 20480]
"McAfee Backup"="C:\Program Files\McAfee\MBK\McAfeeDataBackup.exe" [2007-01-16 13:59 4838952]
"RetroExpress"="C:\PROGRA~1\RETROS~1\RETROS~1.0\RetroExpress.exe" [2006-09-11 17:32 9371648]
"SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe" [2008-02-22 04:25 144784]
"LifeCam"="c:\Program Files\Microsoft LifeCam\LifeExp.exe" [2007-05-17 15:45 279912]
"VX6000"="C:\WINDOWS\vVX6000.exe" [2007-04-10 15:46 996712]
"HP Software Update"="c:\Program Files\HP\HP Software Update\HPWuSchd2.exe" [2004-02-12 14:38 49152]
"HP Component Manager"="C:\Program Files\HP\hpcoretech\hpcmpmgr.exe" [2004-05-12 16:18 241664]
"NBKeyScan"="C:\Program Files\Nero\Nero8\Nero BackItUp\NBKeyScan.exe" [2008-02-18 16:29 2221352]
"Adobe Reader Speed Launcher"="C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2008-01-11 23:16 39792]
"NeroFilterCheck"="C:\Program Files\Common Files\Nero\Lib\NeroCheck.exe" [2008-02-28 09:59 570664]
"QuickTime Task"="C:\Program Files\QuickTime\QTTask.exe" [2008-03-28 23:37 413696]
"iTunesHelper"="C:\Program Files\iTunes\iTunesHelper.exe" [2008-03-30 10:36 267048]

C:\Documents and Settings\A Bovis\Start Menu\Programs\Startup\
Nikon Monitor.lnk - C:\Program Files\Common Files\Nikon\Monitor\NkMonitor.exe [2007-05-15 19:13:10 479232]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\explorer\run]
"Zq7l1f64P7"= C:\Documents and Settings\All Users\Application Data\srerqjyh\mrkjwfij.exe

[hkey_local_machine\software\microsoft\windows\currentversion\explorer\shellexecutehooks]
"{4020100D-29D7-4392-AFD5-5AD713FF4B88}"= C:\WINDOWS\system32\jkkIAPIY.dll [ ]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad]
"vadokmxt"= {AA2D1444-4DEC-4A05-9683-FA91BBB109A0} - C:\WINDOWS\vadokmxt.dll [2008-04-20 04:52 196608]
"wdpoefan"= {96019699-EE6F-422D-8F34-B340069F44DB} - C:\WINDOWS\wdpoefan.dll [2008-04-20 04:52 225280]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\DPWLN ]
C:\WINDOWS\system32\DPWLEvHd.dll 2006-10-09 17:27 99856 C:\WINDOWS\system32\DPWLEvHd.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\jkkIAPIY]
jkkIAPIY.dll

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\McAfeeAntiVirus]
"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\McAfeeFirewall]
"DisableMonitoring"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"C:\\Program Files\\Messenger\\msmsgs.exe"=
"C:\\Program Files\\Common Files\\Ahead\\Nero Web\\SetupX.exe"=
"C:\\Program Files\\Microsoft LifeCam\\LifeExp.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"C:\\Program Files\\BitTorrent\\bittorrent.exe"=
"C:\\Program Files\\Common Files\\McAfee\\MNA\\McNASvc.exe"=
"C:\\Program Files\\Microsoft LifeCam\\LifeCam.exe"=
"C:\\Program Files\\Retrospect\\Retrospect Express HD 2.0\\Retrospect.exe"=
"C:\\Program Files\\Retrospect\\Retrospect Express HD 2.0\\retrorun.exe"=
"C:\\Program Files\\Skype\\Phone\\Skype.exe"=
"C:\\Program Files\\iTunes\\iTunes.exe"=
"C:\\Program Files\\DNA\\btdna.exe"=

R2 MSCamSvc;MSCamSvc;"c:\Program Files\Microsoft LifeCam\MSCamS32.exe" [2007-05-17 15:45]
R2 NkPtpEnumP2;NkPtpEnumP2;"C:\Program Files\Nikon\Wireless Camera Setup Utility\NkPtpEnum.exe" -a -d="C:\Program Files\Nikon\Wireless Camera Setup Utility\NkPtpip.dll" []
R3 SndTDriverV32;SndTDriverV32;C:\WINDOWS\system32\drivers\SndTDriverV32.sys [2007-07-19 14:56]
R3 VBus;Virtual Bus;C:\WINDOWS\system32\DRIVERS\NkVBus.sys [2005-06-17 12:11]
R3 VX6000;Microsoft LifeCam VX-6000;C:\WINDOWS\system32\DRIVERS\VX6000Xp.sys [2007-04-10 15:46]
S2 HidCom;USB-HID -> COM Driver Service;C:\WINDOWS\system32\DRIVERS\HidCom.sys [2004-08-10 04:47]
S3 ggflt;SEMC USB Flash Driver Filter;C:\WINDOWS\system32\DRIVERS\ggflt.sys [2007-11-26 18:33]
S3 UsbdpFP;Fingerprint Reader Class Driver;C:\WINDOWS\system32\DRIVERS\UsbdpFP.sys [2006-09-16 18:23]

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\L]
\Shell\AutoRun\command - L:\LaunchU3.exe -a

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{ebf16656-4841-11dc-b880-00137223fd3b}]
\Shell\AutoRun\command - M:\LaunchU3.exe -a


[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{10880D85-AAD9-4558-ABDC-2AB1552D831F}]
"C:\Program Files\Common Files\LightScribe\LSRunOnce.exe"
.
Contents of the 'Scheduled Tasks' folder
"2008-04-15 22:48:43 C:\WINDOWS\Tasks\AppleSoftwareUpdate.job"
- C:\Program Files\Apple Software Update\SoftwareUpdate.exe
"2007-08-24 21:54:07 C:\WINDOWS\Tasks\McDefragTask.job"
- c:\program files\mcafee\mqc\QcConsol.exe'
"2007-08-24 21:54:07 C:\WINDOWS\Tasks\McQcTask.job"
- c:\program files\mcafee\mqc\QcConsol.exe
"2007-11-10 23:09:52 C:\WINDOWS\Tasks\Microsoft_Hardware_Launch_LifeExp_exe.job"
- C:\Program Files\Microsoft LifeCam\LifeExp.exe
"2008-03-05 21:34:46 C:\WINDOWS\Tasks\Microsoft_Hardware_Launch_vVX6000_exe.job"
- C:\WINDOWS\vVX6000.exe
.
**************************************************************************

catchme 0.3.1353 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-04-20 22:32:22
Windows 5.1.2600 Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
------------------------ Other Running Processes ------------------------
.
C:\WINDOWS\system32\ati2evxx.exe
C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
C:\Program Files\Common Files\Maxtor\Schedule2\schedul2.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\WINDOWS\system32\GEARSEC.EXE
C:\Program Files\Intel\Intel Matrix Storage Manager\IAANTMon.exe
C:\Program Files\Common Files\LightScribe\LSSrvc.exe
C:\Program Files\McAfee\MBK\MBackMonitor.exe
C:\Program Files\Common Files\McAfee\HackerWatch\HWAPI.exe
C:\PROGRA~1\McAfee\MSC\mcmscsvc.exe
C:\Program Files\Common Files\McAfee\MNA\McNASvc.exe
C:\PROGRA~1\McAfee\VIRUSS~1\mcods.exe
C:\PROGRA~1\McAfee\MSC\mcpromgr.exe
C:\PROGRA~1\COMMON~1\McAfee\McProxy\McProxy.exe
C:\PROGRA~1\COMMON~1\McAfee\RedirSvc\RedirSvc.exe
C:\PROGRA~1\McAfee\VIRUSS~1\Mcshield.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\Program Files\McAfee\MPF\MpfSrv.exe
C:\PROGRA~1\McAfee\MPS\mps.exe
C:\Program Files\Nero\Nero8\Nero BackItUp\NBService.exe
C:\Program Files\Nikon\Wireless Camera Setup Utility\NkPtpEnum.exe
C:\WINDOWS\system32\IoctlSvc.exe
C:\WINDOWS\system32\HPZipm12.exe
C:\Program Files\McAfee\MPS\mpsevh.exe
C:\PROGRA~1\RETROS~1\RETROS~1.0\retrorun.exe
C:\PROGRA~1\McAfee.com\Agent\mcagent.exe
C:\WINDOWS\system32\wscntfy.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\PROGRA~1\RETROS~1\RETROS~1.0\Retrospect.exe
C:\Program Files\McAfee\MSC\mcuimgr.exe
.
**************************************************************************
.
Completion time: 2008-04-20 22:35:34 - machine was rebooted
ComboFix-quarantined-files.txt 2008-04-21 03:35:30

Pre-Run: 421,886,619,648 bytes free
Post-Run: 421,964,185,600 bytes free

267 --- E O F --- 2008-04-17 04:36:44


The Hijack This file:

Logfile of HijackThis v1.99.1
Scan saved at 10:36:43 PM, on 4/20/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16640)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Common Files\Maxtor\Schedule2\schedul2.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\WINDOWS\system32\GEARSEC.EXE
C:\Program Files\Intel\Intel Matrix Storage Manager\iaantmon.exe
C:\Program Files\Common Files\LightScribe\LSSrvc.exe
C:\Program Files\McAfee\MBK\MBackMonitor.exe
C:\Program Files\Common Files\McAfee\HackerWatch\HWAPI.exe
C:\PROGRA~1\McAfee\MSC\mcmscsvc.exe
c:\program files\common files\mcafee\mna\mcnasvc.exe
C:\PROGRA~1\McAfee\VIRUSS~1\mcods.exe
C:\PROGRA~1\McAfee\MSC\mcpromgr.exe
c:\PROGRA~1\COMMON~1\mcafee\mcproxy\mcproxy.exe
c:\PROGRA~1\COMMON~1\mcafee\redirsvc\redirsvc.exe
C:\PROGRA~1\McAfee\VIRUSS~1\mcshield.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\Program Files\McAfee\MPF\MPFSrv.exe
C:\PROGRA~1\McAfee\MPS\mps.exe
c:\Program Files\Microsoft LifeCam\MSCamS32.exe
C:\Program Files\Nero\Nero8\Nero BackItUp\NBService.exe
C:\Program Files\Nikon\Wireless Camera Setup Utility\NkPtpEnum.exe
C:\WINDOWS\system32\IoctlSvc.exe
C:\WINDOWS\system32\HPZipm12.exe
C:\Program Files\McAfee\MPS\mpsevh.exe
C:\PROGRA~1\RETROS~1\RETROS~1.0\retrorun.exe
c:\PROGRA~1\mcafee.com\agent\mcagent.exe
C:\WINDOWS\system32\svchost.exe
C:\Documents and Settings\All Users\Application Data\srerqjyh\mrkjwfij.exe
C:\WINDOWS\stsystra.exe
C:\Program Files\McAfee\MBK\McAfeeDataBackup.exe
C:\PROGRA~1\RETROS~1\RETROS~1.0\RetroExpress.exe
C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe
C:\WINDOWS\vVX6000.exe
C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
C:\Program Files\HP\hpcoretech\hpcmpmgr.exe
C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\DNA\btdna.exe
C:\WINDOWS\system32\wscntfy.exe
C:\Program Files\Common Files\Nikon\Monitor\NkMonitor.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\PROGRA~1\RETROS~1\RETROS~1.0\retrospect.exe
C:\WINDOWS\system32\wuauclt.exe
c:\program files\mcafee\msc\mcuimgr.exe
C:\WINDOWS\explorer.exe
C:\Program Files\Hijackthis\HijackThis.exe

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Search,Default_Page_URL = www.google.com/ig/dell?hl=en&client=dell-usuk&channel=us
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {4020100D-29D7-4392-AFD5-5AD713FF4B88} - C:\WINDOWS\system32\jkkIAPIY.dll (file missing)
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O2 - BHO: scriptproxy - {7DB2D5A0-7241-4E79-B68D-6309F01C5231} - c:\PROGRA~1\mcafee\VIRUSS~1\scriptcl.dll
O2 - BHO: AcroIEToolbarHelper Class - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Program Files\Adobe\Acrobat 6.0\Acrobat\AcroIEFavClient.dll
O2 - BHO: Browser Address Error Redirector - {CA6319C0-31B7-401E-A518-A07C3DB8F777} - C:\Program Files\BAE\BAE.dll
O2 - BHO: DVA Storm - {FFFDFF87-2CFE-40D6-9480-33E97FEC4362} - C:\WINDOWS\qnmargololr.dll
O3 - Toolbar: Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Adobe\Acrobat 6.0\Acrobat\AcroIEFavClient.dll
O3 - Toolbar: (no name) - {0BF43445-2F28-4351-9252-17FE6E806AA0} - (no file)
O3 - Toolbar: dpevflbg - {60174039-2A3E-490F-B5CA-3CFBB6703F35} - C:\WINDOWS\dpevflbg.dll
O4 - HKLM\..\Run: [SigmatelSysTrayApp] stsystra.exe
O4 - HKLM\..\Run: [WD Button Manager] WDBtnMgr.exe
O4 - HKLM\..\Run: [MBkLogOnHook] C:\Program Files\McAfee\MBK\LogOnHook.exe
O4 - HKLM\..\Run: [McAfee Backup] C:\Program Files\McAfee\MBK\McAfeeDataBackup.exe
O4 - HKLM\..\Run: [RetroExpress] C:\PROGRA~1\RETROS~1\RETROS~1.0\RetroExpress.exe /h
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe"
O4 - HKLM\..\Run: [LifeCam] "c:\Program Files\Microsoft LifeCam\LifeExp.exe"
O4 - HKLM\..\Run: [VX6000] C:\WINDOWS\vVX6000.exe
O4 - HKLM\..\Run: [HP Software Update] "c:\Program Files\HP\HP Software Update\HPWuSchd2.exe"
O4 - HKLM\..\Run: [HP Component Manager] "C:\Program Files\HP\hpcoretech\hpcmpmgr.exe"
O4 - HKLM\..\Run: [NBKeyScan] "C:\Program Files\Nero\Nero8\Nero BackItUp\NBKeyScan.exe"
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [NeroFilterCheck] C:\Program Files\Common Files\Nero\Lib\NeroCheck.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Program Files\Common Files\Nero\Lib\NMBgMonitor.exe"
O4 - HKCU\..\Run: [BitTorrent DNA] "C:\Program Files\DNA\btdna.exe"
O4 - Startup: Nikon Monitor.lnk = ?
O4 - Global Startup: Adobe Gamma Loader.lnk = ?
O4 - Global Startup: Adobe Reader Synchronizer.lnk = C:\Program Files\Adobe\Reader 8.0\Reader\AdobeCollabSync.exe
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~4\OFFICE11\EXCEL.EXE/3000
O8 - Extra context menu item: MasterCook: Select Image - C:\Program Files\MasterCook 9\Web\MCIEContext.hta
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~4\OFFICE11\REFIEBAR.DLL
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\system32\Shdocvw.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra button: MasterCook Web Import Bar - {E6EF5071-7647-4E85-9785-87B6CF5CB561} - C:\WINDOWS\system32\shdocvw.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O11 - Options group: [INTERNATIONAL] International*
O16 - DPF: {0EB0E74A-2A76-4AB3-A7FB-9BD8C29F7F75} (CKAVWebScan Object) - http://www.kaspersky.com/kos/eng/partner/u...can_unicode.cab
O16 - DPF: {6B75345B-AA36-438A-BBE6-4078B4C6984D} (HpProductDetection Class) - http://h20270.www2.hp.com/ediags/gmn2/inst...ctDetection.cab
O16 - DPF: {7FE26BE2-B923-4B41-9834-E84DA1CC1F96} (Maid Control) - http://vsp.closetmaid.com/vsp/cmaidctl_vsp..._downloader.cab
O16 - DPF: {A90A5822-F108-45AD-8482-9BC8B12DD539} (Crucial cpcScan) - http://www.crucial.com/controls/cpcScanner.cab
O16 - DPF: {C4925E65-7A1E-11D2-8BB4-00A0C9CC72C3} (Virtools WebPlayer Class) -
O16 - DPF: {DBA230D1-8467-4e69-987E-5FAE815A3B45} -
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O20 - Winlogon Notify: DPWLN - C:\WINDOWS\system32\DPWLEvHd.dll
O20 - Winlogon Notify: jkkIAPIY - jkkIAPIY.dll (file missing)
O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll
O21 - SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll
O21 - SSODL: vadokmxt - {AA2D1444-4DEC-4A05-9683-FA91BBB109A0} - C:\WINDOWS\vadokmxt.dll
O21 - SSODL: wdpoefan - {96019699-EE6F-422D-8F34-B340069F44DB} - C:\WINDOWS\wdpoefan.dll
O23 - Service: Ad-Aware 2007 Service (aawservice) - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
O23 - Service: Acronis Scheduler2 Service (AcrSch2Svc) - Acronis - C:\Program Files\Common Files\Maxtor\Schedule2\schedul2.exe
O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
O23 - Service: DSBrokerService - Unknown owner - C:\Program Files\DellSupport\brkrsvc.exe
O23 - Service: McAfee E-mail Proxy (Emproxy) - McAfee, Inc. - C:\PROGRA~1\COMMON~1\McAfee\EmProxy\emproxy.exe
O23 - Service: GEARSecurity - GEAR Software - C:\WINDOWS\system32\GEARSEC.EXE
O23 - Service: Intel® Matrix Storage Event Monitor (IAANTMon) - Intel Corporation - C:\Program Files\Intel\Intel Matrix Storage Manager\iaantmon.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Common Files\LightScribe\LSSrvc.exe
O23 - Service: MBackMonitor - McAfee - C:\Program Files\McAfee\MBK\MBackMonitor.exe
O23 - Service: McAfee HackerWatch Service - McAfee, Inc. - C:\Program Files\Common Files\McAfee\HackerWatch\HWAPI.exe
O23 - Service: McAfee Update Manager (mcmispupdmgr) - McAfee, Inc. - C:\PROGRA~1\McAfee\MSC\mcupdmgr.exe
O23 - Service: McAfee Services (mcmscsvc) - McAfee, Inc. - C:\PROGRA~1\McAfee\MSC\mcmscsvc.exe
O23 - Service: McAfee Network Agent (McNASvc) - McAfee, Inc. - c:\program files\common files\mcafee\mna\mcnasvc.exe
O23 - Service: McAfee Scanner (McODS) - McAfee, Inc. - C:\PROGRA~1\McAfee\VIRUSS~1\mcods.exe
O23 - Service: McAfee Protection Manager (mcpromgr) - McAfee, Inc. - C:\PROGRA~1\McAfee\MSC\mcpromgr.exe
O23 - Service: McAfee Proxy Service (McProxy) - McAfee, Inc. - c:\PROGRA~1\COMMON~1\mcafee\mcproxy\mcproxy.exe
O23 - Service: McAfee Redirector Service (McRedirector) - McAfee, Inc. - c:\PROGRA~1\COMMON~1\mcafee\redirsvc\redirsvc.exe
O23 - Service: McAfee Real-time Scanner (McShield) - McAfee, Inc. - C:\PROGRA~1\McAfee\VIRUSS~1\mcshield.exe
O23 - Service: McAfee SystemGuards (McSysmon) - McAfee, Inc. - C:\PROGRA~1\McAfee\VIRUSS~1\mcsysmon.exe
O23 - Service: McAfee Personal Firewall Service (MpfService) - McAfee, Inc. - C:\Program Files\McAfee\MPF\MPFSrv.exe
O23 - Service: McAfee Privacy Service (MPS9) - McAfee, Inc. - C:\PROGRA~1\McAfee\MPS\mps.exe
O23 - Service: NBService - Nero AG - C:\Program Files\Nero\Nero 7\Nero BackItUp\NBService.exe
O23 - Service: Nero BackItUp Scheduler 3 - Nero AG - C:\Program Files\Nero\Nero8\Nero BackItUp\NBService.exe
O23 - Service: Intel NCS NetService (NetSvc) - Intel® Corporation - C:\Program Files\Intel\PROSetWired\NCS\Sync\NetSvc.exe
O23 - Service: NkPtpEnumP2 - Unknown owner - C:\Program Files\Nikon\Wireless Camera Setup Utility\NkPtpEnum.exe" -a -d="C:\Program Files\Nikon\Wireless Camera Setup Utility\NkPtpip.dll (file missing)
O23 - Service: NMIndexingService - Nero AG - C:\Program Files\Common Files\Nero\Lib\NMIndexingService.exe
O23 - Service: PLFlash DeviceIoControl Service - Prolific Technology Inc. - C:\WINDOWS\system32\IoctlSvc.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe
O23 - Service: Retrospect Express HD Helper (RetroExp Helper) - EMC Corporation - C:\PROGRA~1\RETROS~1\RETROS~1.0\rthlpsvc.exe
O23 - Service: Retrospect Express HD Launcher (RetroExpLauncher) - EMC Corporation - C:\PROGRA~1\RETROS~1\RETROS~1.0\retrorun.exe
O23 - Service: PC Tools Auxiliary Service (sdAuxService) - PC Tools - C:\Program Files\Spyware Doctor\pctsAuxs.exe
O23 - Service: PC Tools Security Service (sdCoreService) - PC Tools - C:\Program Files\Spyware Doctor\pctsSvc.exe

It appears as if your system is/was infected with a Vundo trojan File infector. This infection renames executable files that run at startup and replaces them with infected copies. It also appears that your software has healed many of the malicious entries. Be advised that there is a possibility that you may have to reinstall certain programs where a legitimate replacement file can not be found.


A. First please ensure that those security programs are again disabled.


B. 1. Please open Notepad

• Click Start , then Run
• Type notepad .exe in the Run Box.

2. Now copy/paste the entire content of the codebox below into the Notepad window:


Note: the above code was created specifically for this user. If you are not this user, do NOT follow these directions as they could damage the workings of your system.

3. Save the above as CFScript.txt

4. Now drag the CFScript.txt into ComboFix.exe as depicted in the animation below. This will start ComboFix again. Do not use your computer for any other purpose while ComboFix is running.

5. All your monitoring programs (Antivirus/Antispyware, Guards and Shields) will be stopped.



Note:
Do not mouse-click combofix's window while it is running. That may cause it to stall.

6. ComboFix will automatically REBOOT your machine when the KillAll:: switch is used..

7. Post the following logs/Reports:

• ComboFix.txt
• Fresh HijackThis log run after all the other tools have performed their cleanup.

CF disconnects your machine from the internet. The connection is automatically restored before CF completes its run. If CF runs into difficulty and terminates prematurely, the connection can be manually restored by restarting your machine.


C. Immediately run the following after ComboFix has finished its tasks.

Using Internet Explorer, please do a Kaspersky Online Scan

Answer Yes, when prompted to install an ActiveX component.

• The program will then begin downloading the latest definition files.
• Once the files have been downloaded click on NEXT
• Locate the Scan Settings button & configure as follows:
  • Scan using the following Anti-Virus database:
    
    • Extended
  • Scan Options:
    • Scan Archives
    • Scan Mail Bases
• Click OK & have it scan My Computer
• Once the scan is complete, it will provide a report if your system is infected. It does not provide an option to clean/disinfect. We only require a report from it.
  
  
  
  
• Click the Save as Text button to save the file to your desktop and post it in your next reply

* Turn off the real time scanner of any existing antivirus program while performing the online scan

Trevuren,

Thank you again for your attention to my ongoing quest for peace!

This morning from a cold boot, the PC looked like it was going to start just fine but then I noticed three shortcuts on my desktop that were removed at some point yesterday. One the system finished the boot, the wall paper turned white and was replaced with a red screen warning of virus, worms, etc. I moved the mouse around and found that it was a window of sorts and at the upper left corner I was able to close this with the X thus reducing the amount of popups while running your instructions.

I was a little unsure about the posting order of the TXT files so they are listed in order of my action; ComboFix, Kaspersky and finally HijackThis.

ComboFix 08-04-20.2 - A Bovis 2008-04-21 6:53:18.2 - NTFSx86
Microsoft Windows XP Home Edition 5.1.2600.2.1252.1.1033.18.3431 [GMT -5:00]
Running from: C:\Documents and Settings\A Bovis\Desktop\ComboFix.exe
Command switches used :: C:\Documents and Settings\A Bovis\Desktop\CFScript.txt

WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !!

FILE ::
C:\WINDOWS\dpevflbg.dll
C:\WINDOWS\olgdqarf.exe
C:\WINDOWS\qnmargololr.dll
C:\WINDOWS\vadokmxt.dll
C:\WINDOWS\wdpoefan.dll
C:\WINDOWS\wxvgsdbq.exe
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

C:\Documents and Settings\A Bovis\Desktop\Error Cleaner.url
C:\Documents and Settings\A Bovis\Desktop\Privacy Protector.url
C:\Documents and Settings\A Bovis\Desktop\Spyware&Malware Protection.url
C:\Documents and Settings\A Bovis\Favorites\Error Cleaner.url
C:\Documents and Settings\A Bovis\Favorites\Privacy Protector.url
C:\Documents and Settings\A Bovis\Favorites\Spyware&Malware Protection.url
C:\Documents and Settings\All Users\Application Data\srerqjyh
C:\Documents and Settings\All Users\Application Data\srerqjyh\mrkjwfij.exe
C:\Program Files\Adobe\Reader 8.0\Reader\bak
C:\Program Files\Adobe\Reader 8.0\Reader\bak\Reader_sl.exe
C:\Program Files\ATI Technologies\ATI Control Panel\bak
C:\Program Files\ATI Technologies\ATI Control Panel\bak\ATIPTAXX.EXE
C:\Program Files\Common Files\InstallShield\UpdateService\bak
C:\Program Files\Common Files\InstallShield\UpdateService\bak\issch.exe
C:\Program Files\Common Files\InstallShield\UpdateService\bak\isuspm.exe
C:\Program Files\Common Files\Maxtor\Schedule2\bak
C:\Program Files\Common Files\Maxtor\Schedule2\bak\schedhlp.exe
C:\Program Files\Dell Support Center\bin\bak
C:\Program Files\Dell Support Center\bin\bak\sprtcmd.exe
C:\Program Files\DellSupport\bak
C:\Program Files\DellSupport\bak\DSAgnt.exe
C:\Program Files\DigitalPersona\Bin\bak
C:\Program Files\DigitalPersona\Bin\bak\DPAgnt.exe
C:\Program Files\Intel\Intel Matrix Storage Manager\bak
C:\Program Files\Intel\Intel Matrix Storage Manager\bak\iaanotif.exe
C:\Program Files\iTunes\bak
C:\Program Files\iTunes\bak\iTunesHelper.exe
C:\Program Files\Java\jre1.6.0_02\bin\bak
C:\Program Files\Java\jre1.6.0_02\bin\bak\jusched.exe
C:\Program Files\McAfee\MBK\bak
C:\Program Files\McAfee\MBK\bak\LogOnHook.exe
C:\Program Files\McAfee\MBK\bak\McAfeeDataBackup.exe
C:\Program Files\McAfee\SpamKiller\bak
C:\Program Files\McAfee\SpamKiller\bak\MSKDetct.exe
C:\Program Files\Microsoft LifeCam\bak
C:\Program Files\Microsoft LifeCam\bak\LifeExp.exe
C:\Program Files\Nero\PhotoShow 5\data\Xtras\bak
C:\Program Files\Nero\PhotoShow 5\data\Xtras\bak\mssysmgr.exe
C:\Program Files\Retrospect\Retrospect Express HD 2.0\bak
C:\Program Files\Retrospect\Retrospect Express HD 2.0\bak\RetroExpress.exe
C:\Program Files\Road Runner\Road Runner PhotoShow 4\data\Xtras\bak
C:\Program Files\Road Runner\Road Runner PhotoShow 4\data\Xtras\bak\mssysmgr.exe
C:\Temp\Garmin Unlock Utility
C:\Temp\Garmin Unlock Utility\01 - Find the Map_Product ID\01 - Easy Way - Using MapSetToolKit to find out your Map ID.txt
C:\Temp\Garmin Unlock Utility\01 - Find the Map_Product ID\02 - Might Work - Listing of MAP IDs.txt
C:\Temp\Garmin Unlock Utility\01 - Find the Map_Product ID\03 - Hard Way - Get Garmin Product ID.pdf
C:\Temp\Garmin Unlock Utility\01 - Find the Map_Product ID\04 - MapSetToolKit.exe
C:\Temp\Garmin Unlock Utility\02 - Garmin Keygen v1.2\Documentation\Get Garmin Product ID.pdf
C:\Temp\Garmin Unlock Utility\02 - Garmin Keygen v1.2\Documentation\How To.pdf
C:\Temp\Garmin Unlock Utility\02 - Garmin Keygen v1.2\Documentation\How To.txt
C:\Temp\Garmin Unlock Utility\02 - Garmin Keygen v1.2\Documentation\MAP IDs.txt
C:\Temp\Garmin Unlock Utility\02 - Garmin Keygen v1.2\Keygen v1.2.exe
C:\Temp\Garmin Unlock Utility\02 - Garmin Keygen v1.3\Documentation\Original Readme.txt
C:\Temp\Garmin Unlock Utility\02 - Garmin Keygen v1.3\Keygen v1.3.exe
C:\Temp\Garmin Unlock Utility\03 - IMEI Converter v1.0 - Only needed for Cellphones\IMEI converter.exe
C:\Temp\Garmin Unlock Utility\04 - Garmin License Key Parser v1.7.1 - Verifys License Keys Created\GarminKey_Parser.exe
C:\Temp\Garmin Unlock Utility\04 - Garmin License Key Parser v1.7.1 - Verifys License Keys Created\Readme.txt
C:\Temp\Garmin Unlock Utility\Instructions.txt
C:\Temp\Garmin Unlock Utility\Original Downloads\Garmin KeyGen v1.2.rar
C:\Temp\Garmin Unlock Utility\Original Downloads\GarminKeygen_v1.3+ IMEI Converter v1.0.rar
C:\Temp\GarmKeyGen_v1.1
C:\Temp\GarmKeyGen_v1.1\GarmKeyGen.exe
C:\Temp\GarmKeyGen_v1.1\garmunlockcode.exe
C:\Temp\GarmKeyGen_v1.1\install_readme.txt
C:\Temp\GarmKeyGen_v1.1\lastword.txt
C:\Temp\GarmKeyGen_v1.1\Mapsource_trick\Garmin Mapsource Bluechart Pacific v6_deletekey.vbs
C:\Temp\GarmKeyGen_v1.1\Mapsource_trick\Garmin Mapsource Bluechart Pacific v6_writekey.vbs
C:\Temp\GarmKeyGen_v1.1\Mapsource_trick\readme.txt
C:\Temp\GarmKeyGen_v1.1\unlockcode.txt
C:\Temp\GarmKeyGen_v1.1\vcredist\VCREDI~3.EXE
C:\WINDOWS\bak
C:\WINDOWS\bak\vVX6000.exe
C:\WINDOWS\dpevflbg.dll
C:\WINDOWS\olgdqarf.exe
C:\WINDOWS\privacy_danger
C:\WINDOWS\privacy_danger\images\capt.gif
C:\WINDOWS\privacy_danger\images\danger.jpg
C:\WINDOWS\privacy_danger\images\down.gif
C:\WINDOWS\privacy_danger\images\spacer.gif
C:\WINDOWS\privacy_danger\index.htm
C:\WINDOWS\qnmargololr.dll
C:\WINDOWS\system32\bak
C:\WINDOWS\system32\bak\ctfmon.exe
C:\WINDOWS\vadokmxt.dll
C:\WINDOWS\wdpoefan.dll
C:\WINDOWS\wxvgsdbq.exe

.
((((((((((((((((((((((((( Files Created from 2008-03-21 to 2008-04-21 )))))))))))))))))))))))))))))))
.

2008-04-20 22:04 . 2008-04-20 22:04 <DIR> d-------- C:\VundoFix Backups
2008-04-20 21:55 . 2008-04-20 21:55 <DIR> d-------- C:\Program Files\Common Files\Wise Installation Wizard
2008-04-20 19:06 . 2008-04-20 19:06 <DIR> d-------- C:\WINDOWS\system32\Kaspersky Lab
2008-04-20 19:06 . 2008-04-20 19:06 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Kaspersky Lab
2008-04-20 11:08 . 2008-04-20 11:08 <DIR> d-------- C:\Documents and Settings\A Bovis\Application Data\TmpRecentIcons
2008-04-20 10:25 . 2008-04-20 10:25 <DIR> d-------- C:\Documents and Settings\LocalService\Application Data\McAfee
2008-04-19 18:42 . 2008-04-19 18:43 <DIR> d-------- C:\Program Files\MagicISO
2008-04-18 19:38 . 2008-04-18 19:38 <DIR> d-------- C:\Program Files\DNA
2008-04-18 19:38 . 2008-04-21 06:20 <DIR> d-------- C:\Documents and Settings\A Bovis\Application Data\DNA
2008-04-16 21:30 . 2008-04-16 21:30 23,392 --a------ C:\WINDOWS\system32\nscompat.tlb
2008-04-16 21:30 . 2008-04-16 21:30 16,832 --a------ C:\WINDOWS\system32\amcompat.tlb
2008-04-16 21:25 . 2008-04-16 21:25 0 --a------ C:\Documents and Settings\A Bovis\regsrv32
2008-04-15 17:54 . 2008-04-15 17:54 <DIR> d-------- C:\Program Files\iPod
2008-04-15 17:54 . 2008-04-21 06:46 54,156 --ah----- C:\WINDOWS\QTFont.qfn
2008-04-15 17:54 . 2008-04-15 17:54 1,409 --a------ C:\WINDOWS\QTFont.for
2008-04-05 13:26 . 2008-04-05 13:26 8 --a------ C:\Documents and Settings\A Bovis\Application Data\usb.dat.bin
2008-04-05 13:15 . 2008-04-05 13:15 8 --a------ C:\Documents and Settings\A Bovis\Application Data\usb.dat
2008-04-05 13:00 . 2008-04-05 13:00 <DIR> d-------- C:\Documents and Settings\A Bovis\Application Data\CoSoSys
2008-04-04 16:09 . 2008-04-04 16:09 0 --a------ C:\LOG2C0.tmp
2008-03-28 23:37 . 2008-03-28 23:37 90,112 --a------ C:\WINDOWS\system32\QuickTimeVR.qtx
2008-03-28 23:37 . 2008-03-28 23:37 57,344 --a------ C:\WINDOWS\system32\QuickTime.qts

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-04-21 11:53 --------