Trojan.fakeAlert

2 posters

GeekPolice :: GeekPolice tech support archive :: Technical Support

Trojan.fakeAlert1st December 2010, 12:07 am

I have been using Malwarebytes to fix issues however this Trojan.fakeAlert keeps coming back after using Mozilla Firefox for facebook over and over again. I don't use internet explorer much but noticed when clicking on a link it directs me to other sites. This does not happen when I use aol software to get online. It would be great to know why this keeps poping up. Thanks for your time!

OTL logfile created on: 11/30/2010 6:12:53 PM - Run 1
OTL by OldTimer - Version 3.2.17.3 Folder = C:\Documents and Settings\HP_Administrator\Desktop
Windows XP Media Center Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

446.00 Mb Total Physical Memory | 133.00 Mb Available Physical Memory | 30.00% Memory free
1.00 Gb Paging File | 0.00 Gb Available in Paging File | 37.00% Paging File free
Paging file location(s): C:\pagefile.sys 672 1344 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 177.45 Gb Total Space | 122.66 Gb Free Space | 69.12% Space Free | Partition Type: NTFS
Drive D: | 8.84 Gb Total Space | 0.60 Gb Free Space | 6.76% Space Free | Partition Type: FAT32

Computer Name: MARQUISS | User Name: HP_Administrator | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2010/11/30 18:11:36 | 000,575,488 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\HP_Administrator\Desktop\OTL.com
PRC - [2010/11/29 17:42:14 | 000,963,976 | ---- | M] (Malwarebytes Corporation) -- C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe
PRC - [2010/08/13 11:58:56 | 000,144,672 | ---- | M] (Apple Inc.) -- C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
PRC - [2009/11/23 14:40:44 | 000,046,080 | ---- | M] (Drive Headquarter) -- C:\Program Files\DriveHQ\DriveHQ FileManager\DHQFMSvc.exe
PRC - [2008/11/06 06:42:59 | 000,054,568 | ---- | M] (AOL, LLC.) -- C:\Program Files\AOL 9.1\shellmon.exe
PRC - [2008/11/06 06:42:59 | 000,039,208 | ---- | M] (AOL, LLC.) -- C:\Program Files\AOL 9.1\waol.exe
PRC - [2008/04/13 19:12:19 | 001,033,728 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\explorer.exe
PRC - [2006/10/23 07:50:35 | 000,046,640 | R--- | M] (AOL LLC) -- C:\Program Files\Common Files\AOL\ACS\AOLacsd.exe
PRC - [2006/04/07 03:51:18 | 001,073,152 | ---- | M] (Digital Interactive Systems Corporation) -- C:\Program Files\DISC\DISCover.exe
PRC - [2006/04/07 03:50:22 | 000,065,536 | ---- | M] (Digital Interactive Systems Corporation, Inc.) -- C:\Program Files\DISC\DISCUpdMgr.exe
PRC - [2006/04/07 03:50:22 | 000,057,344 | ---- | M] (Digital Interactive Systems Corporation, Inc.) -- C:\Program Files\DISC\DiscStreamHub.exe
PRC - [2005/12/31 00:42:18 | 000,133,792 | ---- | M] (Symantec Corporation) -- c:\Program Files\Norton Internet Security\Norton AntiVirus\navapsvc.exe
PRC - [2005/11/22 20:58:48 | 000,069,632 | ---- | M] (HP) -- C:\WINDOWS\system32\HPZipm12.exe
PRC - [2005/09/19 13:24:20 | 000,214,672 | ---- | M] (Symantec Corporation) -- c:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
PRC - [2005/09/17 02:27:12 | 000,169,584 | ---- | M] (Symantec Corporation) -- c:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
PRC - [2005/09/17 02:27:10 | 000,202,352 | ---- | M] (Symantec Corporation) -- c:\Program Files\Common Files\Symantec Shared\ccProxy.exe
PRC - [2005/09/17 02:27:06 | 000,192,112 | ---- | M] (Symantec Corporation) -- c:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
PRC - [2005/09/17 02:27:02 | 000,052,848 | ---- | M] (Symantec Corporation) -- C:\Program Files\Common Files\Symantec Shared\ccApp.exe
PRC - [2005/08/03 02:19:16 | 000,077,312 | ---- | M] (Microsoft) -- C:\WINDOWS\arpwrmsg.exe
PRC - [2005/08/03 02:19:16 | 000,058,880 | ---- | M] (Microsoft) -- C:\WINDOWS\arservice.exe

========== Modules (SafeList) ==========

MOD - [2010/11/30 18:11:36 | 000,575,488 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\HP_Administrator\Desktop\OTL.com
MOD - [2010/08/23 11:12:02 | 001,054,208 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\WinSxS\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.2600.6028_x-ww_61e65202\comctl32.dll
MOD - [2008/11/06 06:42:56 | 000,006,144 | ---- | M] (AOL, LLC.) -- C:\Program Files\AOL 9.1\idleproc.dll
MOD - [2005/09/23 20:38:24 | 000,123,488 | ---- | M] (Symantec Corporation) -- C:\Program Files\Common Files\Symantec Shared\AntiSpam\asOEHook.dll
MOD - [2005/09/17 02:33:36 | 000,377,968 | ---- | M] (Symantec Corporation) -- c:\Program Files\Common Files\Symantec Shared\ccL40.dll

========== Win32 Services (SafeList) ==========

SRV - [2010/08/13 11:58:56 | 000,144,672 | ---- | M] (Apple Inc.) [Auto | Running] -- C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe -- (Apple Mobile Device)
SRV - [2009/11/23 14:40:44 | 000,046,080 | ---- | M] (Drive Headquarter) [Auto | Running] -- C:\Program Files\DriveHQ\DriveHQ FileManager\DHQFMSvc.exe -- (DriveHQ FileManagerFun)
SRV - [2007/01/11 17:45:16 | 001,119,888 | ---- | M] (Symantec Corporation) [On_Demand | Stopped] -- C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe -- (Symantec Core LC)
SRV - [2006/01/02 15:18:24 | 000,045,744 | ---- | M] (Symantec Corporation) [On_Demand | Stopped] -- c:\Program Files\Norton Internet Security\comHost.exe -- (comHost)
SRV - [2005/12/31 00:42:18 | 000,133,792 | ---- | M] (Symantec Corporation) [Auto | Running] -- c:\Program Files\Norton Internet Security\Norton AntiVirus\navapsvc.exe -- (navapsvc)
SRV - [2005/11/22 20:58:48 | 000,069,632 | ---- | M] (HP) [Auto | Running] -- C:\WINDOWS\system32\HPZipm12.exe -- (Pml Driver HPZ12)
SRV - [2005/10/13 10:48:40 | 000,072,280 | ---- | M] (Symantec Corporation) [On_Demand | Stopped] -- c:\Program Files\Norton Internet Security\ccPwdSvc.exe -- (ccISPwdSvc)
SRV - [2005/09/24 17:10:56 | 000,749,696 | ---- | M] (Symantec Corporation) [On_Demand | Stopped] -- c:\Program Files\Common Files\Symantec Shared\Security Console\NSCSRVCE.EXE -- (NSCService)
SRV - [2005/09/19 13:24:20 | 000,214,672 | ---- | M] (Symantec Corporation) [On_Demand | Running] -- c:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe -- (SNDSrvc)
SRV - [2005/09/17 02:27:12 | 000,169,584 | ---- | M] (Symantec Corporation) [Auto | Running] -- c:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe -- (ccSetMgr)
SRV - [2005/09/17 02:27:10 | 000,202,352 | ---- | M] (Symantec Corporation) [Auto | Running] -- c:\Program Files\Common Files\Symantec Shared\ccProxy.exe -- (ccProxy)
SRV - [2005/09/17 02:27:06 | 000,192,112 | ---- | M] (Symantec Corporation) [Auto | Running] -- c:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe -- (ccEvtMgr)
SRV - [2005/09/15 17:21:14 | 001,160,800 | ---- | M] (Symantec Corporation) [On_Demand | Stopped] -- c:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe -- (SPBBCSvc)
SRV - [2005/08/26 16:22:48 | 000,198,368 | ---- | M] (Symantec Corporation) [On_Demand | Stopped] -- c:\Program Files\Norton Internet Security\Norton AntiVirus\SAVScan.exe -- (SAVScan)
SRV - [2005/08/03 02:19:16 | 000,058,880 | ---- | M] (Microsoft) [Auto | Running] -- C:\WINDOWS\arservice.exe -- (ARSVC)

========== Driver Services (SafeList) ==========

DRV - [2008/04/13 11:36:05 | 000,144,384 | ---- | M] (Windows (R) Server 2003 DDK provider) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\hdaudbus.sys -- (HDAudBus)
DRV - [2007/01/11 17:45:16 | 000,010,344 | ---- | M] (Symantec Corporation) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\symlcbrd.sys -- (symlcbrd)
DRV - [2006/06/14 13:04:12 | 004,299,264 | ---- | M] (Realtek Semiconductor Corp.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\RtkHDAud.sys -- (IntcAzAudAddService) Service for Realtek HD Audio (WDM)
DRV - [2006/05/09 17:50:00 | 003,535,680 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\nv4_mini.sys -- (nv)
DRV - [2006/04/25 11:00:00 | 000,799,208 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\Program Files\Common Files\Symantec Shared\VirusDefs\20060425.007\NAVEX15.SYS -- (NAVEX15)
DRV - [2006/04/25 11:00:00 | 000,077,864 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\Program Files\Common Files\Symantec Shared\VirusDefs\20060425.007\NAVENG.SYS -- (NAVENG)
DRV - [2006/03/03 17:31:04 | 000,013,056 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\nvnetbus.sys -- (nvnetbus)
DRV - [2006/03/03 17:31:02 | 000,034,176 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\NVENETFD.sys -- (NVENETFD)
DRV - [2006/01/12 21:46:28 | 000,252,928 | ---- | M] (Ralink Technology, Corp.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\rt73.sys -- (RT73)
DRV - [2005/12/12 19:27:00 | 000,019,072 | ---- | M] (Hewlett-Packard Company) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\PS2.sys -- (Ps2)
DRV - [2005/12/06 13:20:50 | 000,241,664 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\HSXHWBS2.sys -- (HSXHWBS2)
DRV - [2005/12/06 13:20:42 | 000,670,208 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\HSX_CNXT.sys -- (winachsx)
DRV - [2005/12/06 13:20:40 | 000,936,448 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\HSX_DP.sys -- (HSX_DP)
DRV - [2005/09/17 02:20:06 | 000,108,168 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\Program Files\Symantec\SYMEVENT.SYS -- (SymEvent)
DRV - [2005/09/15 17:21:14 | 000,389,728 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Stopped] -- C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCDrv.sys -- (SPBBCDrv)
DRV - [2005/09/01 21:07:36 | 000,199,408 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Stopped] -- C:\Program Files\Common Files\Symantec Shared\SymcData\idsdefs\20050901.036\SymIDSCo.sys -- (SYMIDSCO)
DRV - [2005/08/26 16:22:50 | 000,053,896 | ---- | M] (Symantec Corporation) [Kernel | Auto | Running] -- c:\Program Files\Norton Internet Security\Norton AntiVirus\Savrtpel.sys -- (SAVRTPEL)
DRV - [2005/08/26 16:22:48 | 000,334,984 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- c:\Program Files\Norton Internet Security\Norton AntiVirus\savrt.sys -- (SAVRT)
DRV - [2005/06/29 19:03:18 | 000,175,104 | ---- | M] (Promise Technology, Inc.) [Kernel | Boot | Running] -- C:\WINDOWS\system32\DRIVERS\ftsata2.sys -- (ftsata2)
DRV - [2005/03/09 16:53:00 | 000,036,352 | ---- | M] (Advanced Micro Devices) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\AmdK8.sys -- (AmdK8)
DRV - [2004/08/03 16:31:34 | 000,020,992 | ---- | M] (Realtek Semiconductor Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\RTL8139.sys -- (rtl8139) Realtek RTL8139(A/B/C)
DRV - [2003/11/05 09:45:12 | 000,017,408 | ---- | M] (Promise Technology, Inc.) [Kernel | Boot | Running] -- C:\WINDOWS\system32\DRIVERS\bb-run.sys -- (bb-run)
DRV - [2003/01/10 15:13:04 | 000,033,588 | R--- | M] (America Online, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\wanatw4.sys -- (wanatw) WAN Miniport (ATW)

========== Standard Registry (SafeList) ==========

========== Internet Explorer ==========

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = about:blank
IE - HKCU\..\URLSearchHook: {EF99BD32-C1FB-11D2-892F-0090271D4F88} - Reg Error: Key error. File not found
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local

========== FireFox ==========

FF - prefs.js..browser.search.defaultenginename: "AddThis"
FF - prefs.js..browser.search.defaultthis.engineName: "Ronald Marquiss Composer Customized Web Search"
FF - prefs.js..browser.search.defaulturl: "http://search.conduit.com/ResultsExt.aspx?ctid=CT2729511&SearchSource=3&q={searchTerms}"
FF - prefs.js..browser.search.selectedEngine: "Ronald Marquiss Composer Customized Web Search"
FF - prefs.js..browser.search.useDBForOrder: true
FF - prefs.js..browser.startup.homepage: "http://www.aol.com"
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA}:6.0.21
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}:6.0.22
FF - prefs.js..extensions.enabledItems: jqs@sun.com:1.0
FF - prefs.js..keyword.URL: "http://search.addthis.com/search?pco=fxe-3.0.0&locale=en-US&q="
FF - prefs.js..network.proxy.no_proxies_on: "*.local"

FF - HKLM\software\mozilla\Mozilla Firefox 3.5.15\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2010/10/28 06:28:24 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.5.15\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2010/10/28 06:28:24 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Netscape Browser 8.0.4.0\Extensions\\Components: C:\Program Files\Netscape\Netscape Browser\Components [2010/09/20 17:03:19 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Netscape Browser 8.0.4.0\Extensions\\Plugins: C:\Program Files\Netscape\Netscape Browser\Plugins [2010/09/20 17:03:18 | 000,000,000 | ---D | M]

[2008/08/22 22:22:49 | 000,000,000 | ---D | M] -- C:\Documents and Settings\HP_Administrator\Application Data\Mozilla\Extensions
[2010/11/30 16:58:31 | 000,000,000 | ---D | M] -- C:\Documents and Settings\HP_Administrator\Application Data\Mozilla\Firefox\Profiles\dg0hpq2p.default\extensions
[2010/09/09 13:30:58 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\HP_Administrator\Application Data\Mozilla\Firefox\Profiles\dg0hpq2p.default\extensions\{7affbfae-c4e2-4915-8c0f-00fa3ec610a1}
[2010/08/02 17:26:31 | 000,000,000 | ---D | M] (Ronald Marquiss Composer Toolbar) -- C:\Documents and Settings\HP_Administrator\Application Data\Mozilla\Firefox\Profiles\dg0hpq2p.default\extensions\{93f67f57-d137-420f-b034-9d6cc731a44a}
[2009/09/04 05:44:58 | 000,001,742 | ---- | M] () -- C:\Documents and Settings\HP_Administrator\Application Data\Mozilla\Firefox\Profiles\dg0hpq2p.default\searchplugins\aol-search.xml
[2010/08/02 23:37:46 | 000,000,951 | ---- | M] () -- C:\Documents and Settings\HP_Administrator\Application Data\Mozilla\Firefox\Profiles\dg0hpq2p.default\searchplugins\conduit.xml
[2010/11/30 16:58:31 | 000,000,000 | ---D | M] -- C:\Program Files\Mozilla Firefox\extensions
[2010/09/16 21:53:44 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA}
[2010/11/30 11:54:04 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}
[2010/09/15 04:50:38 | 000,472,808 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\Mozilla Firefox\plugins\npdeployJava1.dll

O1 HOSTS File: ([2004/08/10 06:00:00 | 000,000,734 | ---- | M]) - C:\WINDOWS\system32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O2 - BHO: (AcroIEHlprObj Class) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll (Adobe Systems Incorporated)
O2 - BHO: (CNavExtBho Class) - {A8F38D8D-E480-4D52-B7A2-731BB6995FDD} - c:\Program Files\Norton Internet Security\Norton AntiVirus\NavShExt.dll (Symantec Corporation)
O2 - BHO: (hpWebHelper Class) - {AAAE832A-5FFF-4661-9C8F-369692D1DCB9} - C:\WINDOWS\pchealth\helpctr\Vendors\CN=Hewlett-Packard,L=Cupertino,S=Ca,C=US\plugin\WebHelper.dll (Hewlett-Packard)
O3 - HKLM\..\Toolbar: (Norton AntiVirus) - {C4069E3A-68F1-403E-B40E-20066696354B} - c:\Program Files\Norton Internet Security\Norton AntiVirus\NavShExt.dll (Symantec Corporation)
O3 - HKCU\..\Toolbar\ShellBrowser: (Norton AntiVirus) - {C4069E3A-68F1-403E-B40E-20066696354B} - c:\Program Files\Norton Internet Security\Norton AntiVirus\NavShExt.dll (Symantec Corporation)
O4 - HKLM..\Run: [Alcmtr] C:\WINDOWS\ALCMTR.EXE (Realtek Semiconductor Corp.)
O4 - HKLM..\Run: [AlwaysReady Power Message APP] C:\WINDOWS\arpwrmsg.exe (Microsoft)
O4 - HKLM..\Run: [ccApp] c:\Program Files\Common Files\Symantec Shared\ccApp.exe (Symantec Corporation)
O4 - HKLM..\Run: [DISCover] C:\Program Files\DISC\DISCover.exe (Digital Interactive Systems Corporation)
O4 - HKLM..\Run: [DiscUpdateManager] C:\Program Files\DISC\DISCUpdMgr.exe (Digital Interactive Systems Corporation, Inc.)
O4 - HKLM..\Run: [ftutil2] C:\WINDOWS\System32\ftutil2.dll (Promise Technology, Inc.)
O4 - HKLM..\Run: [HPBootOp] C:\Program Files\Hewlett-Packard\HP Boot Optimizer\HPBootOp.exe (Hewlett-Packard Company)
O4 - HKLM..\Run: [NvCplDaemon] C:\WINDOWS\System32\NvCpl.DLL (NVIDIA Corporation)
O4 - HKLM..\Run: [nwiz] C:\WINDOWS\System32\nwiz.exe ()
O4 - HKLM..\Run: [PCDrProfiler] C:\Program Files\PC-Doctor 5 for Windows\RunProfiler.exe ()
O4 - HKLM..\Run: [Recguard] C:\WINDOWS\SMINST\Recguard.exe ()
O4 - HKLM..\Run: [SetDefaultPrinter] c:\hp\bin\cloaker.exe (Hewlett-Packard Co.)
O4 - HKLM..\Run: [SSC_UserPrompt] c:\Program Files\Common Files\Symantec Shared\Security Center\UsrPrmpt.exe (Symantec Corporation)
O4 - HKCU..\Run: [AOL Fast Start] C:\Program Files\AOL 9.1\AOL.EXE (AOL, LLC.)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: InstallVisualStyle = C:\WINDOWS\Resources\Themes\Royale\Royale.msstyles (Microsoft)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: InstallTheme = C:\WINDOWS\Resources\Themes\Royale.theme ()
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O9 - Extra Button: Internet Connection Help - {E2D4D26B-0180-43a4-B05F-462D6D54C789} - C:\WINDOWS\pchealth\helpctr\Vendors\CN=Hewlett-Packard,L=Cupertino,S=Ca,C=US\IEButton\support.htm ()
O9 - Extra 'Tools' menuitem : Internet Connection Help - {E2D4D26B-0180-43a4-B05F-462D6D54C789} - C:\WINDOWS\pchealth\helpctr\Vendors\CN=Hewlett-Packard,L=Cupertino,S=Ca,C=US\IEButton\support.htm ()
O10 - NameSpace_Catalog5\Catalog_Entries\000000000004 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O15 - HKLM\..Trusted Domains: trymedia.com ([]http in Trusted sites)
O15 - HKLM\..Trusted Domains: trymedia.com ([]https in Trusted sites)
O15 - HKCU\..Trusted Domains: aol.com ([objects] * is out of zone range - 5)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cab (Java Plug-in 1.6.0_22)
O16 - DPF: {A9F8D9EC-3D0A-4A60-BD82-FBD64BAD370D} http://h20264.www2.hp.com/ediags/dd/install/HPDriverDiagnosticsxp2k.cab (DDRevision Class)
O16 - DPF: {CAFEEFAC-0015-0000-0006-ABCDEFFEDCBA} http://java.sun.com/update/1.5.0/jinstall-1_5_0_06-windows-i586.cab (Reg Error: Key error.)
O16 - DPF: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cab (Java Plug-in 1.6.0_22)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cab (Java Plug-in 1.6.0_22)
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab (Shockwave Flash Object)
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)
O24 - Desktop WallPaper: C:\Documents and Settings\HP_Administrator\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
O24 - Desktop BackupWallPaper: C:\Documents and Settings\HP_Administrator\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2007/01/11 17:24:47 | 000,000,100 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
O32 - AutoRun File - [2001/07/27 08:07:38 | 000,000,000 | -HS- | M] () - D:\AUTOEXEC.BAT -- [ FAT32 ]
O32 - AutoRun File - [2004/04/30 00:01:14 | 000,000,053 | -HS- | M] () - D:\Autorun.inf -- [ FAT32 ]
O34 - HKLM BootExecute: (autocheck autochk *) - File not found
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*

NetSvcs: 6to4 - File not found
NetSvcs: Ias - File not found
NetSvcs: Iprip - File not found
NetSvcs: Irmon - File not found
NetSvcs: NWCWorkstation - File not found
NetSvcs: Nwsapagent - File not found
NetSvcs: WmdmPmSp - File not found

MsConfig - Services: "navapsvc"
MsConfig - StartUpFolder: C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Adobe Reader Speed Launch.lnk - C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe - (Adobe Systems Incorporated)
MsConfig - StartUpFolder: C:^Documents and Settings^All Users^Start Menu^Programs^Startup^HP Digital Imaging Monitor.lnk - C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe - (Hewlett-Packard Development Company, L.P.)
MsConfig - StartUpFolder: C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Logitech SetPoint.lnk - C:\Program Files\Logitech\SetPoint\SetPoint.exe - (Logitech, Inc.)
MsConfig - StartUpFolder: C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Microsoft Office.lnk - C:\Program Files\Microsoft Office\Office10\OSA.EXE - (Microsoft Corporation)
MsConfig - StartUpFolder: C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Updates From HP.lnk - C:\Program Files\Updates from HP\9972322\Program\Updates from HP.exe - (Hewlett-Packard)
MsConfig - StartUpReg: IS CfgWiz - hkey= - key= - c:\Program Files\Norton Internet Security\cfgwiz.exe (Symantec Corporation)
MsConfig - StartUpReg: iTunesHelper - hkey= - key= - C:\Program Files\iTunes\iTunesHelper.exe (Apple Inc.)
MsConfig - StartUpReg: MSMSGS - hkey= - key= - C:\Program Files\Messenger\msmsgs.exe (Microsoft Corporation)
MsConfig - State: "system.ini" - 0
MsConfig - State: "win.ini" - 0
MsConfig - State: "bootini" - 0
MsConfig - State: "services" - 2
MsConfig - State: "startup" - 2

SafeBootMin: Base - Driver Group
SafeBootMin: Boot Bus Extender - Driver Group
SafeBootMin: Boot file system - Driver Group
SafeBootMin: File system - Driver Group
SafeBootMin: Filter - Driver Group
SafeBootMin: PCI Configuration - Driver Group
SafeBootMin: PNP Filter - Driver Group
SafeBootMin: Primary disk - Driver Group
SafeBootMin: SCSI Class - Driver Group
SafeBootMin: sermouse.sys - Driver
SafeBootMin: System Bus Extender - Driver Group
SafeBootMin: vds - Service
SafeBootMin: vga.sys - Driver
SafeBootMin: {36FC9E60-C465-11CF-8056-444553540000} - Universal Serial Bus controllers
SafeBootMin: {4D36E965-E325-11CE-BFC1-08002BE10318} - CD-ROM Drive
SafeBootMin: {4D36E967-E325-11CE-BFC1-08002BE10318} - DiskDrive
SafeBootMin: {4D36E969-E325-11CE-BFC1-08002BE10318} - Standard floppy disk controller
SafeBootMin: {4D36E96A-E325-11CE-BFC1-08002BE10318} - Hdc
SafeBootMin: {4D36E96B-E325-11CE-BFC1-08002BE10318} - Keyboard
SafeBootMin: {4D36E96F-E325-11CE-BFC1-08002BE10318} - Mouse
SafeBootMin: {4D36E977-E325-11CE-BFC1-08002BE10318} - PCMCIA Adapters
SafeBootMin: {4D36E97B-E325-11CE-BFC1-08002BE10318} - SCSIAdapter
SafeBootMin: {4D36E97D-E325-11CE-BFC1-08002BE10318} - System
SafeBootMin: {4D36E980-E325-11CE-BFC1-08002BE10318} - Floppy disk drive
SafeBootMin: {533C5B84-EC70-11D2-9505-00C04F79DEAF} - Volume shadow copy
SafeBootMin: {71A27CDD-812A-11D0-BEC7-08002BE2092F} - Volume
SafeBootMin: {745A17A0-74D3-11D0-B6FE-00A0C90F57DA} - Human Interface Devices

SafeBootNet: Base - Driver Group
SafeBootNet: Boot Bus Extender - Driver Group
SafeBootNet: Boot file system - Driver Group
SafeBootNet: File system - Driver Group
SafeBootNet: Filter - Driver Group
SafeBootNet: NDIS Wrapper - Driver Group
SafeBootNet: NetBIOSGroup - Driver Group
SafeBootNet: NetDDEGroup - Driver Group
SafeBootNet: Network - Driver Group
SafeBootNet: NetworkProvider - Driver Group
SafeBootNet: PCI Configuration - Driver Group
SafeBootNet: PNP Filter - Driver Group
SafeBootNet: PNP_TDI - Driver Group
SafeBootNet: Primary disk - Driver Group
SafeBootNet: SCSI Class - Driver Group
SafeBootNet: sermouse.sys - Driver
SafeBootNet: Streams Drivers - Driver Group
SafeBootNet: System Bus Extender - Driver Group
SafeBootNet: TDI - Driver Group
SafeBootNet: vga.sys - Driver
SafeBootNet: {1a3e09be-1e45-494b-9174-d7385b45bbf5} - Reg Error: Value error.
SafeBootNet: {36FC9E60-C465-11CF-8056-444553540000} - Universal Serial Bus controllers
SafeBootNet: {4D36E965-E325-11CE-BFC1-08002BE10318} - CD-ROM Drive
SafeBootNet: {4D36E967-E325-11CE-BFC1-08002BE10318} - DiskDrive
SafeBootNet: {4D36E969-E325-11CE-BFC1-08002BE10318} - Standard floppy disk controller
SafeBootNet: {4D36E96A-E325-11CE-BFC1-08002BE10318} - Hdc
SafeBootNet: {4D36E96B-E325-11CE-BFC1-08002BE10318} - Keyboard
SafeBootNet: {4D36E96F-E325-11CE-BFC1-08002BE10318} - Mouse
SafeBootNet: {4D36E972-E325-11CE-BFC1-08002BE10318} - Net
SafeBootNet: {4D36E973-E325-11CE-BFC1-08002BE10318} - NetClient
SafeBootNet: {4D36E974-E325-11CE-BFC1-08002BE10318} - NetService
SafeBootNet: {4D36E975-E325-11CE-BFC1-08002BE10318} - NetTrans
SafeBootNet: {4D36E977-E325-11CE-BFC1-08002BE10318} - PCMCIA Adapters
SafeBootNet: {4D36E97B-E325-11CE-BFC1-08002BE10318} - SCSIAdapter
SafeBootNet: {4D36E97D-E325-11CE-BFC1-08002BE10318} - System
SafeBootNet: {4D36E980-E325-11CE-BFC1-08002BE10318} - Floppy disk drive
SafeBootNet: {71A27CDD-812A-11D0-BEC7-08002BE2092F} - Volume
SafeBootNet: {745A17A0-74D3-11D0-B6FE-00A0C90F57DA} - Human Interface Devices

ActiveX: {08B0E5C0-4FCB-11CF-AAA5-00401C608500} - Java (Sun)
ActiveX: {10072CEC-8CC1-11D1-986E-00A0C955B42F} - Vector Graphics Rendering (VML)
ActiveX: {2179C5D3-EBFF-11CF-B6FD-00AA00B4E220} - NetShow
ActiveX: {22d6f312-b0f6-11d0-94ab-0080c74c7e95} - Microsoft Windows Media Player 6.4
ActiveX: {283807B5-2C60-11D0-A31D-00AA00B92C03} - DirectAnimation
ActiveX: {29E7D24F-BF30-45E7-8A40-AD27AFD8F5C6} - Microsoft .NET Framework 1.0 Hotfix (KB979904)
ActiveX: {2A3320D6-C805-4280-B423-B665BDE33D8F} - Microsoft .NET Framework 1.1 Security Update (KB979906)
ActiveX: {2C7339CF-2B09-4501-B3F3-F3508C9228ED} - %SystemRoot%\system32\regsvr32.exe /s /n /i:/UserInstall %SystemRoot%\system32\themeui.dll
ActiveX: {2F6EFCE6-10DF-49F9-9E64-9AE3775B2588} - Microsoft .NET Framework 1.1 Security Update (KB2416447)
ActiveX: {36f8ec70-c29a-11d1-b5c7-0000f8051515} - Dynamic HTML Data Binding for Java
ActiveX: {3af36230-a269-11d1-b5bf-0000f8051515} - Offline Browsing Pack
ActiveX: {3bf42070-b3b1-11d1-b5c5-0000f8051515} - Uniscribe
ActiveX: {407408d4-94ed-4d86-ab69-a7f649d112ee} - %SystemRoot%\System32\rundll32.exe setupapi,InstallHinfSection QuickLaunchShortcut 640 %systemroot%\inf\mcdftreg.inf
ActiveX: {411EDCF7-755D-414E-A74B-3DCD6583F589} - Microsoft .NET Framework 1.1 Service Pack 1 (KB867460)
ActiveX: {4278c270-a269-11d1-b5bf-0000f8051515} - Advanced Authoring
ActiveX: {44BBA840-CC51-11CF-AAFA-00AA00B6015C} - "%ProgramFiles%\Outlook Express\setup50.exe" /APP:OE /CALLER:WINNT /user /install
ActiveX: {44BBA842-CC51-11CF-AAFA-00AA00B6015B} - rundll32.exe advpack.dll,LaunchINFSection C:\WINDOWS\INF\msnetmtg.inf,NetMtg.Install.PerUser.NT
ActiveX: {44BBA848-CC51-11CF-AAFA-00AA00B6015C} - DirectShow
ActiveX: {44BBA855-CC51-11CF-AAFA-00AA00B6015F} - DirectDrawEx
ActiveX: {45ea75a0-a269-11d1-b5bf-0000f8051515} - Internet Explorer Help
ActiveX: {4f216970-c90c-11d1-b5c7-0000f8051515} - DirectAnimation Java Classes
ActiveX: {4f645220-306d-11d2-995d-00c04f98bbc9} - Microsoft Windows Script 5.6
ActiveX: {5945c046-1e7d-11d1-bc44-00c04fd912be} - rundll32.exe advpack.dll,LaunchINFSection C:\WINDOWS\INF\msmsgs.inf,BLC.QuietInstall.PerUser
ActiveX: {5A8D6EE0-3E18-11D0-821E-444553540000} - ICW
ActiveX: {5fd399c0-a70a-11d1-9948-00c04f98bbc9} - Internet Explorer Setup Tools
ActiveX: {630b1da0-b465-11d1-9948-00c04f98bbc9} - Browsing Enhancements
ActiveX: {6BF52A52-394A-11d3-B153-00C04F79FAA6} - Microsoft Windows Media Player
ActiveX: {6fab99d0-bab8-11d1-994a-00c04f98bbc9} - MSN Site Access
ActiveX: {73FA19D0-2D75-11D2-995D-00C04F98BBC9} - Web Folders
ActiveX: {7790769C-0471-11d2-AF11-00C04FA35D02} - "%ProgramFiles%\Outlook Express\setup50.exe" /APP:WAB /CALLER:WINNT /user /install
ActiveX: {89820200-ECBD-11cf-8B85-00AA005B4340} - regsvr32.exe /s /n /i:U shell32.dll
ActiveX: {89820200-ECBD-11cf-8B85-00AA005B4383} - C:\WINDOWS\system32\ie4uinit.exe -BaseSettings
ActiveX: {89B4C1CD-B018-4511-B0A1-5476DBF70820} - C:\WINDOWS\system32\Rundll32.exe C:\WINDOWS\system32\mscories.dll,Install
ActiveX: {8b15971b-5355-4c82-8c07-7e181ea07608} - rundll32.exe advpack.dll,LaunchINFSection C:\WINDOWS\INF\fxsocm.inf,Fax.Install.PerUser
ActiveX: {9381D8F2-0288-11D0-9501-00AA00B911A5} - Dynamic HTML Data Binding
ActiveX: {94de52c8-2d59-4f1b-883e-79663d2d9a8c} - Fax Provider
ActiveX: {C9E9A340-D1F1-11D0-821E-444553540600} - Internet Explorer Core Fonts
ActiveX: {CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1} - .NET Framework
ActiveX: {CC2A9BA0-3BDD-11D0-821E-444553540000} - Task Scheduler
ActiveX: {CDD7975E-60F8-41d5-8149-19E51D6F71D0} - Windows Movie Maker v2.1
ActiveX: {D27CDB6E-AE6D-11cf-96B8-444553540000} - Macromedia Shockwave Flash
ActiveX: {de5aed00-a4bf-11d1-9948-00c04f98bbc9} - HTML Help
ActiveX: {E8EA5BD6-D931-4001-ABF6-81BAA500360A} - Microsoft .NET Framework 1.0 Hotfix (KB953295)
ActiveX: {E92B03AB-B707-11d2-9CBD-0000F87A369E} - Active Directory Service Interface
ActiveX: {EA29D410-CE41-4953-A862-2DE706A1DAD7} - Microsoft .NET Framework 1.0 Service Pack 3
ActiveX: {FDC11A6F-17D1-48f9-9EA3-9051954BAA24} - .NET Framework
ActiveX: <{12d0ed0d-0ee0-4f90-8827-78cefb8f4988} - C:\WINDOWS\system32\ieudinit.exe
ActiveX: >{22d6f312-b0f6-11d0-94ab-0080c74c7e95} - C:\WINDOWS\inf\unregmp2.exe /ShowWMP
ActiveX: >{26923b43-4d38-484f-9b9e-de460746276c} - C:\WINDOWS\system32\ie4uinit.exe -UserIconConfig
ActiveX: >{60B49E34-C7CC-11D0-8953-00A0C90347FF} - "C:\WINDOWS\system32\rundll32.exe" "C:\WINDOWS\system32\iedkcs32.dll",BrandIEActiveSetup SIGNUP
ActiveX: >{881dd1c5-3dcf-431b-b061-f3f88e8be88a} - %systemroot%\system32\shmgrate.exe OCInstallUserConfigOE
ActiveX: KB910393 - rundll32.exe advpack.dll,LaunchINFSection C:\WINDOWS\INF\EasyCDBlock.inf,PerUserInstall

Drivers32: msacm.iac2 - C:\WINDOWS\system32\iac25_32.ax (Intel Corporation)
Drivers32: msacm.l3acm - C:\WINDOWS\system32\l3codeca.acm (Fraunhofer Institut Integrierte Schaltungen IIS)
Drivers32: msacm.sl_anet - C:\WINDOWS\System32\sl_anet.acm (Sipro Lab Telecom Inc.)
Drivers32: msacm.trspch - C:\WINDOWS\System32\tssoft32.acm (DSP GROUP, INC.)
Drivers32: vidc.cvid - C:\WINDOWS\System32\iccvid.dll (Radius Inc.)
Drivers32: vidc.DIVX - C:\WINDOWS\System32\DivX.dll (DivXNetworks, Inc.)
Drivers32: vidc.iv31 - C:\WINDOWS\System32\ir32_32.dll ()
Drivers32: vidc.iv32 - C:\WINDOWS\System32\ir32_32.dll ()
Drivers32: vidc.iv41 - C:\WINDOWS\System32\ir41_32.ax (Intel Corporation)
Drivers32: vidc.iv50 - C:\WINDOWS\System32\ir50_32.dll (Intel Corporation)

CREATERESTOREPOINT
Restore point Set: OTL Restore Point (69537929998893056)

========== Files/Folders - Created Within 30 Days ==========

[2010/11/30 18:11:36 | 000,575,488 | ---- | C] (OldTimer Tools) -- C:\Documents and Settings\HP_Administrator\Desktop\OTL.com
[2010/11/30 18:01:55 | 000,000,000 | ---D | C] -- C:\Documents and Settings\HP_Administrator\My Documents\JavaRa
[2010/11/30 11:54:00 | 000,153,376 | ---- | C] (Sun Microsystems, Inc.) -- C:\WINDOWS\System32\javaws.exe
[2010/11/30 11:53:59 | 000,145,184 | ---- | C] (Sun Microsystems, Inc.) -- C:\WINDOWS\System32\javaw.exe
[2010/11/30 11:53:59 | 000,145,184 | ---- | C] (Sun Microsystems, Inc.) -- C:\WINDOWS\System32\java.exe
[2010/11/29 23:32:16 | 000,000,000 | ---D | C] -- C:\Documents and Settings\LocalService\Application Data\Macromedia
[2010/11/28 09:07:21 | 000,000,000 | ---D | C] -- C:\Documents and Settings\HP_Administrator\Application Data\Malwarebytes
[2010/11/28 09:06:59 | 000,038,224 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbamswissarmy.sys
[2010/11/28 09:06:58 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Malwarebytes
[2010/11/28 09:06:57 | 000,020,952 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbam.sys
[2010/11/28 09:06:57 | 000,000,000 | ---D | C] -- C:\Program Files\Malwarebytes' Anti-Malware
[2010/11/28 09:02:44 | 006,153,352 | ---- | C] (Malwarebytes Corporation ) -- C:\Documents and Settings\HP_Administrator\Desktop\mbam-setup-1.46.exe
[2010/11/28 09:02:11 | 006,153,352 | ---- | C] (Malwarebytes Corporation ) -- C:\Documents and Settings\HP_Administrator\My Documents\mbam-setup-1.46.exe
[2010/11/28 07:39:44 | 000,000,000 | ---D | C] -- C:\Documents and Settings\HP_Administrator\Local Settings\Application Data\{3FB8B262-BE53-4D41-9DA1-61635A6DB841}
[2010/11/18 19:17:07 | 000,000,000 | ---D | C] -- C:\Documents and Settings\HP_Administrator\Desktop\SAnta
[2010/11/07 09:36:31 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\DriveHQ
[2009/04/13 12:43:32 | 000,053,248 | ---- | C] ( ) -- C:\WINDOWS\csnpstd3.dll
[2 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]
[11 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]
[1 C:\*.tmp files -> C:\*.tmp -> ]

========== Files - Modified Within 30 Days ==========

[2010/11/30 18:12:06 | 000,008,141 | ---- | M] () -- C:\WINDOWS\System32\5123.js
[2010/11/30 18:12:06 | 000,000,420 | ---- | M] () -- C:\WINDOWS\tasks\At23.job
[2010/11/30 18:11:36 | 000,575,488 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\HP_Administrator\Desktop\OTL.com
[2010/11/30 18:01:04 | 000,205,540 | ---- | M] () -- C:\Documents and Settings\HP_Administrator\My Documents\JavaRa.zip
[2010/11/30 17:54:54 | 000,000,664 | ---- | M] () -- C:\WINDOWS\System32\d3d9caps.dat
[2010/11/30 17:28:00 | 000,000,886 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineUA.job
[2010/11/30 17:17:33 | 000,043,531 | ---- | M] () -- C:\WINDOWS\System32\nvapps.xml
[2010/11/30 17:17:25 | 000,000,246 | ---- | M] () -- C:\WINDOWS\System\hpsysdrv.dat
[2010/11/30 17:17:02 | 000,000,882 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineCore.job
[2010/11/30 17:16:51 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2010/11/30 17:16:48 | 468,242,432 | -HS- | M] () -- C:\hiberfil.sys
[2010/11/30 16:13:06 | 000,000,420 | ---- | M] () -- C:\WINDOWS\tasks\At16.job
[2010/11/30 14:30:11 | 000,000,420 | ---- | M] () -- C:\WINDOWS\tasks\At13.job
[2010/11/30 12:12:18 | 000,000,420 | ---- | M] () -- C:\WINDOWS\tasks\At15.job
[2010/11/30 11:12:07 | 000,000,420 | ---- | M] () -- C:\WINDOWS\tasks\At5.job
[2010/11/30 10:12:10 | 000,000,420 | ---- | M] () -- C:\WINDOWS\tasks\At14.job
[2010/11/30 09:23:39 | 000,002,483 | ---- | M] () -- C:\Documents and Settings\HP_Administrator\Desktop\Microsoft Word.lnk
[2010/11/30 08:54:35 | 000,023,552 | ---- | M] () -- C:\Documents and Settings\HP_Administrator\My Documents\Gross continued errors observed.doc
[2010/11/30 03:12:05 | 000,000,420 | ---- | M] () -- C:\WINDOWS\tasks\At1.job
[2010/11/29 23:15:27 | 000,000,420 | ---- | M] () -- C:\WINDOWS\tasks\At9.job
[2010/11/29 23:15:27 | 000,000,420 | ---- | M] () -- C:\WINDOWS\tasks\At8.job
[2010/11/29 23:15:27 | 000,000,420 | ---- | M] () -- C:\WINDOWS\tasks\At4.job
[2010/11/29 23:15:27 | 000,000,420 | ---- | M] () -- C:\WINDOWS\tasks\At3.job
[2010/11/29 23:15:27 | 000,000,420 | ---- | M] () -- C:\WINDOWS\tasks\At21.job
[2010/11/29 23:15:27 | 000,000,420 | ---- | M] () -- C:\WINDOWS\tasks\At18.job
[2010/11/29 23:15:27 | 000,000,420 | ---- | M] () -- C:\WINDOWS\tasks\At12.job
[2010/11/29 23:15:27 | 000,000,420 | ---- | M] () -- C:\WINDOWS\tasks\At11.job
[2010/11/29 23:15:27 | 000,000,420 | ---- | M] () -- C:\WINDOWS\tasks\At10.job
[2010/11/29 22:12:18 | 000,000,420 | ---- | M] () -- C:\WINDOWS\tasks\At24.job
[2010/11/29 21:12:03 | 000,000,420 | ---- | M] () -- C:\WINDOWS\tasks\At17.job
[2010/11/29 17:42:18 | 000,038,224 | ---- | M] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbamswissarmy.sys
[2010/11/29 17:42:06 | 000,020,952 | ---- | M] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbam.sys
[2010/11/28 09:48:35 | 000,000,420 | ---- | M] () -- C:\WINDOWS\tasks\At7.job
[2010/11/28 09:48:35 | 000,000,420 | ---- | M] () -- C:\WINDOWS\tasks\At20.job
[2010/11/28 09:07:02 | 000,000,707 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Malwarebytes' Anti-Malware.lnk
[2010/11/28 09:02:11 | 006,153,352 | ---- | M] (Malwarebytes Corporation ) -- C:\Documents and Settings\HP_Administrator\My Documents\mbam-setup-1.46.exe
[2010/11/28 09:02:11 | 006,153,352 | ---- | M] (Malwarebytes Corporation ) -- C:\Documents and Settings\HP_Administrator\Desktop\mbam-setup-1.46.exe
[2010/11/28 08:19:18 | 000,001,489 | ---- | M] () -- C:\Documents and Settings\HP_Administrator\Application Data\Microsoft\Internet Explorer\Quick Launch\Media Center.lnk
[2010/11/28 07:54:32 | 000,001,158 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
[2010/11/28 07:42:25 | 000,000,010 | ---- | M] () -- C:\Documents and Settings\HP_Administrator\Application Data\install
[2010/11/28 07:39:46 | 000,000,000 | ---- | M] () -- C:\WINDOWS\Kzodoquq.bin
[2010/11/28 07:39:45 | 000,000,120 | ---- | M] () -- C:\WINDOWS\Ssiladajakucuraq.dat
[2010/11/28 07:38:08 | 000,000,420 | ---- | M] () -- C:\WINDOWS\tasks\At6.job
[2010/11/28 07:38:08 | 000,000,420 | ---- | M] () -- C:\WINDOWS\tasks\At22.job
[2010/11/28 07:38:08 | 000,000,420 | ---- | M] () -- C:\WINDOWS\tasks\At2.job
[2010/11/28 07:38:08 | 000,000,420 | ---- | M] () -- C:\WINDOWS\tasks\At19.job
[2010/11/27 22:41:45 | 000,022,016 | ---- | M] () -- C:\Documents and Settings\HP_Administrator\My Documents\Brief out line of story.doc
[2010/11/27 18:27:43 | 000,065,285 | ---- | M] () -- C:\Documents and Settings\HP_Administrator\My Documents\1127001646.jpg
[2010/11/25 02:42:56 | 000,001,469 | ---- | M] () -- C:\Documents and Settings\HP_Administrator\My Documents\fax_cover_sheet.html
[2010/11/22 14:36:05 | 000,000,284 | ---- | M] () -- C:\WINDOWS\tasks\AppleSoftwareUpdate.job
[2010/11/21 09:33:49 | 000,004,952 | ---- | M] () -- C:\Documents and Settings\HP_Administrator\.recently-used.xbel
[2010/11/18 19:17:28 | 000,002,137 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\iTunes.lnk
[2010/11/18 19:16:27 | 000,019,968 | ---- | M] () -- C:\Documents and Settings\HP_Administrator\My Documents\The Dark Spot on Santa.doc
[2010/11/15 10:27:51 | 004,351,391 | ---- | M] () -- C:\Documents and Settings\HP_Administrator\My Documents\Wake_up_and_meet_the_Puppy!.wmv
[2010/11/13 15:50:05 | 000,002,481 | ---- | M] () -- C:\Documents and Settings\HP_Administrator\Desktop\Microsoft Excel.lnk
[2010/11/13 09:53:31 | 000,020,992 | ---- | M] () -- C:\Documents and Settings\HP_Administrator\My Documents\A lot of it has to do with whether you.doc
[2010/11/12 14:18:21 | 000,005,870 | ---- | M] () -- C:\Documents and Settings\HP_Administrator\My Documents\EmployeeSignature.htm
[2010/11/11 18:43:26 | 000,026,112 | ---- | M] () -- C:\Documents and Settings\HP_Administrator\My Documents\I don.doc
[2010/11/11 09:18:21 | 000,020,992 | ---- | M] () -- C:\Documents and Settings\HP_Administrator\My Documents\You are fooling your selves if you think icomps is anything other then icomps.doc
[2010/11/10 16:48:26 | 000,034,816 | ---- | M] () -- C:\Documents and Settings\HP_Administrator\My Documents\Ronald Marquiss resume.doc
[2010/11/10 07:35:23 | 000,382,022 | ---- | M] () -- C:\WINDOWS\System32\perfh009.dat
[2010/11/10 07:35:23 | 000,053,640 | ---- | M] () -- C:\WINDOWS\System32\perfc009.dat
[2010/11/05 14:23:53 | 006,679,656 | ---- | M] () -- C:\Documents and Settings\HP_Administrator\My Documents\02 Track 02.mp3
[2010/11/04 09:29:33 | 000,178,081 | ---- | M] () -- C:\Documents and Settings\HP_Administrator\My Documents\Appl.Form.pdf
[2 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]
[11 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]
[1 C:\*.tmp files -> C:\*.tmp -> ]

========== Files Created - No Company Name ==========

[2010/11/30 18:00:57 | 000,205,540 | ---- | C] () -- C:\Documents and Settings\HP_Administrator\My Documents\JavaRa.zip
[2010/11/29 21:12:02 | 000,008,141 | ---- | C] () -- C:\WINDOWS\System32\5123.js
[2010/11/28 09:07:02 | 000,000,707 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Malwarebytes' Anti-Malware.lnk
[2010/11/28 07:42:25 | 000,000,010 | ---- | C] () -- C:\Documents and Settings\HP_Administrator\Application Data\install
[2010/11/28 07:39:46 | 000,000,000 | ---- | C] () -- C:\WINDOWS\Kzodoquq.bin
[2010/11/28 07:39:45 | 000,000,120 | ---- | C] () -- C:\WINDOWS\Ssiladajakucuraq.dat
[2010/11/28 07:38:08 | 000,000,420 | ---- | C] () -- C:\WINDOWS\tasks\At24.job
[2010/11/28 07:38:08 | 000,000,420 | ---- | C] () -- C:\WINDOWS\tasks\At23.job
[2010/11/28 07:38:08 | 000,000,420 | ---- | C] () -- C:\WINDOWS\tasks\At22.job
[2010/11/28 07:38:08 | 000,000,420 | ---- | C] () -- C:\WINDOWS\tasks\At21.job
[2010/11/28 07:38:07 | 000,000,420 | ---- | C] () -- C:\WINDOWS\tasks\At9.job
[2010/11/28 07:38:07 | 000,000,420 | ---- | C] () -- C:\WINDOWS\tasks\At8.job
[2010/11/28 07:38:07 | 000,000,420 | ---- | C] () -- C:\WINDOWS\tasks\At7.job
[2010/11/28 07:38:07 | 000,000,420 | ---- | C] () -- C:\WINDOWS\tasks\At6.job
[2010/11/28 07:38:07 | 000,000,420 | ---- | C] () -- C:\WINDOWS\tasks\At5.job
[2010/11/28 07:38:07 | 000,000,420 | ---- | C] () -- C:\WINDOWS\tasks\At20.job
[2010/11/28 07:38:07 | 000,000,420 | ---- | C] () -- C:\WINDOWS\tasks\At19.job
[2010/11/28 07:38:07 | 000,000,420 | ---- | C] () -- C:\WINDOWS\tasks\At18.job
[2010/11/28 07:38:07 | 000,000,420 | ---- | C] () -- C:\WINDOWS\tasks\At17.job
[2010/11/28 07:38:07 | 000,000,420 | ---- | C] () -- C:\WINDOWS\tasks\At16.job
[2010/11/28 07:38:07 | 000,000,420 | ---- | C] () -- C:\WINDOWS\tasks\At15.job
[2010/11/28 07:38:07 | 000,000,420 | ---- | C] () -- C:\WINDOWS\tasks\At14.job
[2010/11/28 07:38:07 | 000,000,420 | ---- | C] () -- C:\WINDOWS\tasks\At13.job
[2010/11/28 07:38:07 | 000,000,420 | ---- | C] () -- C:\WINDOWS\tasks\At12.job
[2010/11/28 07:38:07 | 000,000,420 | ---- | C] () -- C:\WINDOWS\tasks\At11.job
[2010/11/28 07:38:07 | 000,000,420 | ---- | C] () -- C:\WINDOWS\tasks\At10.job
[2010/11/28 07:38:06 | 000,000,420 | ---- | C] () -- C:\WINDOWS\tasks\At4.job
[2010/11/28 07:38:06 | 000,000,420 | ---- | C] () -- C:\WINDOWS\tasks\At3.job
[2010/11/28 07:38:06 | 000,000,420 | ---- | C] () -- C:\WINDOWS\tasks\At2.job
[2010/11/28 07:38:03 | 000,000,420 | ---- | C] () -- C:\WINDOWS\tasks\At1.job
[2010/11/27 21:11:25 | 000,022,016 | ---- | C] () -- C:\Documents and Settings\HP_Administrator\My Documents\Brief out line of story.doc
[2010/11/27 18:27:43 | 000,065,285 | ---- | C] () -- C:\Documents and Settings\HP_Administrator\My Documents\1127001646.jpg
[2010/11/25 02:42:55 | 000,001,469 | ---- | C] () -- C:\Documents and Settings\HP_Administrator\My Documents\fax_cover_sheet.html
[2010/11/21 09:33:49 | 000,004,952 | ---- | C] () -- C:\Documents and Settings\HP_Administrator\.recently-used.xbel
[2010/11/18 19:16:26 | 000,019,968 | ---- | C] () -- C:\Documents and Settings\HP_Administrator\My Documents\The Dark Spot on Santa.doc
[2010/11/15 10:27:13 | 004,351,391 | ---- | C] () -- C:\Documents and Settings\HP_Administrator\My Documents\Wake_up_and_meet_the_Puppy!.wmv
[2010/11/13 09:53:30 | 000,020,992 | ---- | C] () -- C:\Documents and Settings\HP_Administrator\My Documents\A lot of it has to do with whether you.doc
[2010/11/12 11:34:29 | 000,005,870 | ---- | C] () -- C:\Documents and Settings\HP_Administrator\My Documents\EmployeeSignature.htm
[2010/11/11 18:43:25 | 000,026,112 | ---- | C] () -- C:\Documents and Settings\HP_Administrator\My Documents\I don.doc
[2010/11/11 09:05:03 | 000,020,992 | ---- | C] () -- C:\Documents and Settings\HP_Administrator\My Documents\You are fooling your selves if you think icomps is anything other then icomps.doc
[2010/11/05 14:44:37 | 006,679,656 | ---- | C] () -- C:\Documents and Settings\HP_Administrator\My Documents\02 Track 02.mp3
[2010/11/04 09:29:31 | 000,178,081 | ---- | C] () -- C:\Documents and Settings\HP_Administrator\My Documents\Appl.Form.pdf
[2010/07/06 23:47:17 | 000,000,139 | ---- | C] () -- C:\Documents and Settings\HP_Administrator\Local Settings\Application Data\fusioncache.dat
[2009/07/08 15:29:01 | 000,000,113 | ---- | C] () -- C:\WINDOWS\NetChess.INI
[2009/06/14 22:33:35 | 000,000,201 | ---- | C] () -- C:\Documents and Settings\HP_Administrator\Application Data\G-Force Prefs (WindowsMediaPlayer).txt
[2009/04/13 12:43:37 | 000,015,498 | ---- | C] () -- C:\WINDOWS\snpstd3.ini
[2009/01/31 21:47:02 | 000,000,004 | ---- | C] () -- C:\WINDOWS\msoffice.ini
[2008/01/09 08:19:31 | 000,000,221 | ---- | C] () -- C:\WINDOWS\NCLogConfig.ini
[2007/05/11 19:49:46 | 000,000,376 | ---- | C] () -- C:\WINDOWS\ODBC.INI
[2007/05/07 20:34:11 | 000,015,360 | ---- | C] () -- C:\Documents and Settings\HP_Administrator\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2007/05/07 19:37:39 | 000,000,170 | ---- | C] () -- C:\Documents and Settings\HP_Administrator\Application Data\wklnhst.dat
[2007/05/07 19:10:26 | 000,007,587 | ---- | C] () -- C:\WINDOWS\hpdj5100.ini
[2007/05/07 19:09:57 | 000,000,478 | ---- | C] () -- C:\WINDOWS\hpbvspst.ini
[2007/01/11 17:57:37 | 000,000,061 | ---- | C] () -- C:\WINDOWS\smscfg.ini
[2007/01/11 17:34:27 | 000,028,848 | ---- | C] () -- C:\WINDOWS\System32\drivers\USBkey.sys
[2007/01/11 17:29:00 | 000,014,316 | ---- | C] () -- C:\WINDOWS\System32\CHODDI.SYS
[2007/01/11 17:28:54 | 000,045,056 | ---- | C] () -- C:\WINDOWS\System32\hpreg.dll
[2007/01/11 17:25:05 | 000,000,174 | ---- | C] () -- C:\WINDOWS\QUICKEN.INI
[2007/01/11 17:11:26 | 000,000,157 | ---- | C] () -- C:\WINDOWS\WININIT.INI
[2007/01/11 17:10:46 | 000,000,698 | ---- | C] () -- C:\WINDOWS\NSSetDefaultBrowser.ini
[2007/01/11 17:05:02 | 000,008,763 | ---- | C] () -- C:\Documents and Settings\All Users\Application Data\hpzinstall.log

Re: Trojan.fakeAlert1st December 2010, 12:08 am

[2007/01/11 17:03:55 | 000,001,793 | ---- | C] () -- C:\WINDOWS\System32\fxsperf.ini
[2007/01/11 16:59:44 | 001,662,976 | ---- | C] () -- C:\WINDOWS\System32\nvwdmcpl.dll
[2007/01/11 16:59:44 | 001,466,368 | ---- | C] () -- C:\WINDOWS\System32\nview.dll
[2007/01/11 16:59:44 | 001,019,904 | ---- | C] () -- C:\WINDOWS\System32\nvwimg.dll
[2007/01/11 16:59:44 | 000,573,440 | ---- | C] () -- C:\WINDOWS\System32\nvhwvid.dll
[2007/01/11 16:59:44 | 000,466,944 | ---- | C] () -- C:\WINDOWS\System32\nvshell.dll
[2007/01/11 16:59:44 | 000,286,720 | ---- | C] () -- C:\WINDOWS\System32\nvnt4cpl.dll
[2007/01/11 16:59:44 | 000,106,496 | ---- | C] () -- C:\WINDOWS\System32\nvapi.dll
[2007/01/11 16:58:08 | 000,000,791 | ---- | C] () -- C:\WINDOWS\orun32.ini
[2007/01/11 16:35:21 | 000,323,584 | ---- | C] () -- C:\WINDOWS\System32\pythoncom22.dll
[2007/01/11 16:35:21 | 000,094,208 | ---- | C] () -- C:\WINDOWS\System32\pywintypes22.dll
[2007/01/11 16:34:59 | 000,016,896 | ---- | C] () -- C:\WINDOWS\System32\bcbmm.dll
[2006/06/16 13:58:18 | 000,000,000 | ---- | C] () -- C:\WINDOWS\System32\px.ini
[2006/01/04 03:12:04 | 000,077,824 | ---- | C] () -- C:\WINDOWS\System32\HPZIDS01.dll
[2005/08/30 23:01:42 | 000,004,161 | ---- | C] () -- C:\WINDOWS\ODBCINST.INI
[2005/08/06 00:01:54 | 000,235,008 | ---- | C] () -- C:\WINDOWS\System32\psisdecd.dll
[2005/08/03 02:19:16 | 000,050,176 | ---- | C] () -- C:\WINDOWS\armcex.dll
[2004/09/16 22:24:26 | 003,375,104 | ---- | C] () -- C:\WINDOWS\System32\qt-mt331.dll
[2004/07/26 09:51:38 | 000,000,310 | ---- | C] () -- C:\WINDOWS\System32\oeminfo.ini
[2001/07/07 02:00:00 | 000,003,399 | ---- | C] () -- C:\WINDOWS\System32\hptcpmon.ini

========== Custom Scans ==========

< %systemroot%\Fonts\*.com >
[2006/04/18 14:39:28 | 000,026,040 | ---- | M] () -- C:\WINDOWS\Fonts\GlobalMonospace.CompositeFont
[2006/06/29 13:53:56 | 000,026,489 | ---- | M] () -- C:\WINDOWS\Fonts\GlobalSansSerif.CompositeFont
[2006/04/18 14:39:28 | 000,029,779 | ---- | M] () -- C:\WINDOWS\Fonts\GlobalSerif.CompositeFont
[2006/06/29 13:58:52 | 000,030,808 | ---- | M] () -- C:\WINDOWS\Fonts\GlobalUserInterface.CompositeFont

< %systemroot%\Fonts\*.dll >

< %systemroot%\Fonts\*.ini >
[2005/08/30 23:01:20 | 000,000,067 | -HS- | M] () -- C:\WINDOWS\Fonts\desktop.ini

< %systemroot%\Fonts\*.ini2 >

< %systemroot%\Fonts\*.exe >

< %systemroot%\system32\spool\prtprocs\w32x86\*.* >
[2006/02/09 14:43:24 | 000,074,240 | ---- | M] (Hewlett-Packard Corporation) -- C:\WINDOWS\system32\spool\prtprocs\w32x86\hpzpp054.dll

< %systemroot%\REPAIR\*.bak1 >

< %systemroot%\REPAIR\*.ini >

< %systemroot%\system32\*.jpg >

< %systemroot%\*.jpg >

< %systemroot%\*.png >

< %systemroot%\*.scr >

< %systemroot%\*._sy >

< %APPDATA%\Adobe\Update\*.* >

< %ALLUSERSPROFILE%\Favorites\*.* >

< %APPDATA%\Microsoft\*.* >
[2008/11/21 18:03:34 | 000,001,666 | -H-- | M] () -- C:\Documents and Settings\HP_Administrator\Application Data\Microsoft\LastFlashConfig.WFC

< %PROGRAMFILES%\*.* >

< %APPDATA%\Update\*.* >

< %PROGRAMFILES%\bak. /s >

< %systemroot%\system32\bak. /s >

< %ALLUSERSPROFILE%\Start Menu\*.lnk /x >
[2010/07/10 17:12:13 | 000,000,272 | -HS- | M] () -- C:\Documents and Settings\All Users\Start Menu\desktop.ini

< %systemroot%\system32\config\systemprofile\*.dat /x >

< %systemroot%\*.config >

< %systemroot%\system32\*.db >

< %APPDATA%\Microsoft\Internet Explorer\Quick Launch\*.lnk /x >
[2007/05/07 19:05:23 | 000,000,170 | -HS- | M] () -- C:\Documents and Settings\HP_Administrator\Application Data\Microsoft\Internet Explorer\Quick Launch\desktop.ini
[2005/08/30 16:06:40 | 000,000,079 | ---- | M] () -- C:\Documents and Settings\HP_Administrator\Application Data\Microsoft\Internet Explorer\Quick Launch\Show Desktop.scf

< %USERPROFILE%\Desktop\*.exe >
[2010/11/28 09:02:11 | 006,153,352 | ---- | M] (Malwarebytes Corporation ) -- C:\Documents and Settings\HP_Administrator\Desktop\mbam-setup-1.46.exe

< %PROGRAMFILES%\Common Files\*.* >

< %systemroot%\*.src >
[2004/02/27 15:36:18 | 000,013,023 | ---- | M] () -- C:\WINDOWS\snpstd3.src
[2 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]

< %systemroot%\install\*.* >

< %systemroot%\system32\DLL\*.* >

< %systemroot%\system32\HelpFiles\*.* >

< %systemroot%\system32\rundll\*.* >

< %systemroot%\winn32\*.* >

< %systemroot%\Java\*.* >

< %systemroot%\system32\test\*.* >

< %systemroot%\system32\Rundll32\*.* >

< %systemroot%\AppPatch\Custom\*.* >

< %APPDATA%\Roaming\Microsoft\Windows\Recent\*.lnk /x >

< %PROGRAMFILES%\PC-Doctor\Downloads\*.* >

< %PROGRAMFILES%\Internet Explorer\*.tmp >

< %PROGRAMFILES%\Internet Explorer\*.dat >

< %USERPROFILE%\My Documents\*.exe >
[2010/07/29 08:23:05 | 002,350,264 | ---- | M] () -- C:\Documents and Settings\HP_Administrator\My Documents\HPSDU.exe
[2010/11/28 09:02:11 | 006,153,352 | ---- | M] (Malwarebytes Corporation ) -- C:\Documents and Settings\HP_Administrator\My Documents\mbam-setup-1.46.exe
[2009/08/10 20:18:47 | 003,540,296 | ---- | M] (D16 Group Audio Software ) -- C:\Documents and Settings\HP_Administrator\My Documents\Toraverb-demo-1.0.1.exe
[2007/10/27 22:28:28 | 000,206,584 | ---- | M] (Check Point Software Technologies LTD) -- C:\Documents and Settings\HP_Administrator\My Documents\zaavSetup_en.exe
[2007/10/27 22:29:59 | 000,210,416 | ---- | M] (Check Point Software Technologies LTD) -- C:\Documents and Settings\HP_Administrator\My Documents\zaSetup_en.exe

< %USERPROFILE%\*.exe >

< %systemroot%\ADDINS\*.* >
[2004/08/09 23:00:00 | 000,000,791 | ---- | M] () -- C:\WINDOWS\addins\fxsext.ecf

< %systemroot%\assembly\*.bak2 >

< %systemroot%\Config\*.* >

< %systemroot%\REPAIR\*.bak2 >

< %systemroot%\SECURITY\Database\*.sdb /x >

< %systemroot%\SYSTEM\*.bak2 >

< %systemroot%\Web\*.bak2 >

< %systemroot%\Driver Cache\*.* >

< %PROGRAMFILES%\Mozilla Firefox\*.exe >
[2010/10/28 06:28:15 | 000,122,328 | ---- | M] (Mozilla Foundation) -- C:\Program Files\Mozilla Firefox\crashreporter.exe
[2010/10/28 06:28:16 | 000,910,296 | ---- | M] (Mozilla Corporation) -- C:\Program Files\Mozilla Firefox\firefox.exe
[2010/10/28 06:28:21 | 000,246,744 | ---- | M] (Mozilla Foundation) -- C:\Program Files\Mozilla Firefox\updater.exe

< %ProgramFiles%\Microsoft Common\*.* >

< %ProgramFiles%\TinyProxy. >

< %USERPROFILE%\Favorites\*.url /x >
[2007/05/07 19:03:52 | 000,000,122 | -HS- | M] () -- C:\Documents and Settings\HP_Administrator\Favorites\Desktop.ini
[2007/01/11 10:37:12 | 000,001,914 | ---- | M] () -- C:\Documents and Settings\HP_Administrator\Favorites\eBay.lnk
[2010/02/15 11:48:47 | 000,001,288 | ---- | M] () -- C:\Documents and Settings\HP_Administrator\Favorites\Microsoft bCentral.lnk

< %systemroot%\system32\*.bk >

< %systemroot%\*.te >

< %systemroot%\system32\system32\*.* >

< %ALLUSERSPROFILE%\*.dat /x >

< %systemroot%\*. /mp /s >

< %systemroot%\system32\*.dll /lockedfiles >
[2009/03/08 03:31:44 | 000,348,160 | ---- | M] (Microsoft Corporation) Unable to obtain MD5 -- C:\WINDOWS\system32\dxtmsft.dll
[2009/03/08 03:31:38 | 000,216,064 | ---- | M] (Microsoft Corporation) Unable to obtain MD5 -- C:\WINDOWS\system32\dxtrans.dll
[2010/09/10 00:58:05 | 000,184,320 | ---- | M] (Microsoft Corporation) Unable to obtain MD5 -- C:\WINDOWS\system32\iepeers.dll
[11 C:\WINDOWS\system32\*.tmp files -> C:\WINDOWS\system32\*.tmp -> ]

< %systemroot%\system32\*.exe /lockedfiles >
[11 C:\WINDOWS\system32\*.tmp files -> C:\WINDOWS\system32\*.tmp -> ]

< %systemroot%\Tasks\*.job /lockedfiles >

< %systemroot%\system32\drivers\*.sys /lockedfiles >

< %systemroot%\System32\config\*.sav >
[2005/08/30 15:51:10 | 000,094,208 | ---- | M] () -- C:\WINDOWS\system32\config\default.sav
[2005/08/30 15:51:10 | 000,659,456 | ---- | M] () -- C:\WINDOWS\system32\config\software.sav
[2005/08/30 15:51:10 | 000,888,832 | ---- | M] () -- C:\WINDOWS\system32\config\system.sav

< %systemroot%\system32\*.sys >
[2004/08/09 23:00:00 | 000,009,029 | ---- | M] () -- C:\WINDOWS\system32\ansi.sys
[2007/01/11 17:29:00 | 000,014,316 | ---- | M] () -- C:\WINDOWS\system32\CHODDI.SYS
[2004/08/09 23:00:00 | 000,027,097 | ---- | M] () -- C:\WINDOWS\system32\country.sys
[2004/08/09 23:00:00 | 000,004,768 | ---- | M] () -- C:\WINDOWS\system32\himem.sys
[2004/08/09 23:00:00 | 000,042,809 | ---- | M] () -- C:\WINDOWS\system32\key01.sys
[2004/08/09 23:00:00 | 000,042,537 | ---- | M] () -- C:\WINDOWS\system32\keyboard.sys
[2004/08/09 23:00:00 | 000,027,866 | ---- | M] () -- C:\WINDOWS\system32\ntdos.sys
[2004/08/09 23:00:00 | 000,029,146 | ---- | M] () -- C:\WINDOWS\system32\ntdos404.sys
[2004/08/09 23:00:00 | 000,029,370 | ---- | M] () -- C:\WINDOWS\system32\ntdos411.sys
[2004/08/09 23:00:00 | 000,029,274 | ---- | M] () -- C:\WINDOWS\system32\ntdos412.sys
[2004/08/09 23:00:00 | 000,029,146 | ---- | M] () -- C:\WINDOWS\system32\ntdos804.sys
[2004/08/09 23:00:00 | 000,033,840 | ---- | M] () -- C:\WINDOWS\system32\ntio.sys
[2004/08/09 23:00:00 | 000,034,560 | ---- | M] () -- C:\WINDOWS\system32\ntio404.sys
[2004/08/09 23:00:00 | 000,035,648 | ---- | M] () -- C:\WINDOWS\system32\ntio411.sys
[2004/08/09 23:00:00 | 000,035,424 | ---- | M] () -- C:\WINDOWS\system32\ntio412.sys
[2004/08/09 23:00:00 | 000,034,560 | ---- | M] () -- C:\WINDOWS\system32\ntio804.sys
[2008/04/13 13:44:59 | 000,017,664 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\watchdog.sys
[2010/08/31 08:42:52 | 001,852,800 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\win32k.sys
[11 C:\WINDOWS\system32\*.tmp files -> C:\WINDOWS\system32\*.tmp -> ]

< %systemroot%\system32\drivers\*.dll >
[2008/04/13 19:11:48 | 000,004,255 | ---- | M] (Intel(R) Corporation) -- C:\WINDOWS\system32\drivers\adv01nt5.dll
[2008/04/13 19:11:48 | 000,003,967 | ---- | M] (Intel(R) Corporation) -- C:\WINDOWS\system32\drivers\adv02nt5.dll
[2008/04/13 19:11:48 | 000,003,615 | ---- | M] (Intel(R) Corporation) -- C:\WINDOWS\system32\drivers\adv05nt5.dll
[2008/04/13 19:11:48 | 000,003,647 | ---- | M] (Intel(R) Corporation) -- C:\WINDOWS\system32\drivers\adv07nt5.dll
[2008/04/13 19:11:48 | 000,003,135 | ---- | M] (Intel(R) Corporation) -- C:\WINDOWS\system32\drivers\adv08nt5.dll
[2008/04/13 19:11:48 | 000,003,711 | ---- | M] (Intel(R) Corporation) -- C:\WINDOWS\system32\drivers\adv09nt5.dll
[2008/04/13 19:11:48 | 000,003,775 | ---- | M] (Intel(R) Corporation) -- C:\WINDOWS\system32\drivers\adv11nt5.dll
[2008/04/13 19:11:50 | 000,021,183 | ---- | M] (Intel(R) Corporation) -- C:\WINDOWS\system32\drivers\atv01nt5.dll
[2008/04/13 19:11:50 | 000,011,359 | ---- | M] (Intel(R) Corporation) -- C:\WINDOWS\system32\drivers\atv02nt5.dll
[2008/04/13 19:11:50 | 000,025,471 | ---- | M] (Intel(R) Corporation) -- C:\WINDOWS\system32\drivers\atv04nt5.dll
[2008/04/13 19:11:50 | 000,014,143 | ---- | M] (Intel(R) Corporation) -- C:\WINDOWS\system32\drivers\atv06nt5.dll
[2008/04/13 19:11:50 | 000,017,279 | ---- | M] (Intel(R) Corporation) -- C:\WINDOWS\system32\drivers\atv10nt5.dll
[2008/04/13 19:11:50 | 000,015,423 | ---- | M] (Intel(R) Corporation) -- C:\WINDOWS\system32\drivers\ch7xxnt5.dll
[2008/04/13 19:12:05 | 000,003,901 | ---- | M] (Intel(R) Corporation) -- C:\WINDOWS\system32\drivers\siint5.dll
[2008/04/13 19:12:08 | 000,011,325 | ---- | M] (Intel(R) Corporation) -- C:\WINDOWS\system32\drivers\vchnt5.dll

< %systemroot%\system32\drivers\*.ini >

< %systemroot%\system32\drivers\*.exe >

< %systemroot%\system32\Spool\prtprocs\w32x86\*.dll >
[2006/02/09 14:43:24 | 000,074,240 | ---- | M] (Hewlett-Packard Corporation) -- C:\WINDOWS\system32\spool\prtprocs\w32x86\hpzpp054.dll

< %SYSTEMDRIVE%\*.* >
[2007/06/07 06:47:17 | 000,010,920 | ---- | M] () -- C:\aolconnfix.exe
[2007/06/07 06:47:17 | 000,001,039 | ---- | M] () -- C:\aolconnfix.txt
[2007/01/11 17:24:47 | 000,000,100 | ---- | M] () -- C:\AUTOEXEC.BAT
[2010/07/11 09:08:54 | 607,208,448 | ---- | M] () -- C:\Backup.bkf
[2010/05/06 15:38:06 | 000,000,211 | RHS- | M] () -- C:\BOOT.BAK
[2010/07/10 21:26:49 | 000,000,209 | RHS- | M] () -- C:\boot.ini
[2004/08/09 16:00:00 | 000,260,272 | RHS- | M] () -- C:\cmldr
[2005/08/30 23:02:02 | 000,000,000 | ---- | M] () -- C:\CONFIG.SYS
[2007/10/20 07:49:46 | 000,000,056 | ---- | M] () -- C:\EmergencyErrorLog.20071020.txt
[2010/11/30 17:16:48 | 468,242,432 | -HS- | M] () -- C:\hiberfil.sys
[2007/05/07 19:47:55 | 000,000,291 | ---- | M] () -- C:\hpfr5100.log
[2007/01/11 17:33:18 | 000,000,051 | ---- | M] () -- C:\hpWebHelper.log
[2005/08/30 23:02:02 | 000,000,000 | RHS- | M] () -- C:\IO.SYS
[2005/08/30 23:02:02 | 000,000,000 | RHS- | M] () -- C:\MSDOS.SYS
[2004/08/10 06:00:00 | 000,047,564 | RHS- | M] () -- C:\NTDETECT.COM
[2010/07/10 17:02:02 | 000,250,048 | RHS- | M] () -- C:\ntldr
[2010/11/30 17:16:47 | 704,643,072 | -HS- | M] () -- C:\pagefile.sys
[2009/11/02 12:00:00 | 000,003,590 | ---- | M] () -- C:\playground.log
[2010/05/08 03:20:09 | 000,000,062 | -H-- | M] () -- C:\T4Metrics.log
[2009/08/18 23:27:35 | 000,000,825 | ---- | M] () -- C:\updatedatfix.log
[2010/02/10 02:29:54 | 000,055,384 | ---- | M] () -- C:\VETlog.dmp
[2010/02/10 02:29:54 | 026,729,832 | ---- | M] () -- C:\VETlog.txt
[1 C:\*.tmp files -> C:\*.tmp -> ]

< %PROGRAMFILES%\*. >
[2007/01/11 17:25:42 | 000,000,000 | ---D | M] -- C:\Program Files\Adobe
[2009/07/02 15:23:13 | 000,000,000 | ---D | M] -- C:\Program Files\AOL
[2009/03/21 21:03:35 | 000,000,000 | ---D | M] -- C:\Program Files\AOL 9.1
[2009/01/31 22:07:38 | 000,000,000 | ---D | M] -- C:\Program Files\AOL Toolbar
[2010/07/10 19:25:29 | 000,000,000 | ---D | M] -- C:\Program Files\Apple Software Update
[2010/01/08 11:27:45 | 000,000,000 | ---D | M] -- C:\Program Files\Avery Dennison
[2010/01/28 23:43:26 | 000,000,000 | ---D | M] -- C:\Program Files\AVS4YOU
[2010/05/06 18:33:38 | 000,000,000 | ---D | M] -- C:\Program Files\BabasChess
[2010/07/10 19:24:17 | 000,000,000 | ---D | M] -- C:\Program Files\Bonjour
[2010/08/23 17:30:30 | 000,000,000 | ---D | M] -- C:\Program Files\ChessDiagrams14
[2009/07/08 15:27:33 | 000,000,000 | ---D | M] -- C:\Program Files\Chessmaster Challenge
[2010/11/28 09:44:16 | 000,000,000 | ---D | M] -- C:\Program Files\Common
[2007/01/11 17:44:20 | 000,000,000 | ---D | M] -- C:\Program Files\Common Files
[2005/11/11 17:56:40 | 000,000,000 | ---D | M] -- C:\Program Files\ComPlus Applications
[2009/07/08 15:32:10 | 000,000,000 | ---D | M] -- C:\Program Files\Conduit
[2007/01/11 17:01:08 | 000,000,000 | ---D | M] -- C:\Program Files\CONEXANT
[2007/01/11 17:17:08 | 000,000,000 | ---D | M] -- C:\Program Files\DISC
[2007/01/11 17:24:44 | 000,000,000 | ---D | M] -- C:\Program Files\DivX
[2010/09/03 07:05:01 | 000,000,000 | ---D | M] -- C:\Program Files\DriveHQ
[2007/01/11 16:38:26 | 000,000,000 | ---D | M] -- C:\Program Files\EnglishOtto
[2009/07/10 21:24:34 | 000,000,000 | ---D | M] -- C:\Program Files\Full Tilt Poker
[2009/05/03 21:08:38 | 000,000,000 | ---D | M] -- C:\Program Files\Full Tilt Poker.Net
[2007/01/11 16:38:28 | 000,000,000 | ---D | M] -- C:\Program Files\GemMaster
[2009/05/04 07:20:36 | 000,000,000 | ---D | M] -- C:\Program Files\GIMP-2.0
[2010/04/24 17:22:12 | 000,000,000 | ---D | M] -- C:\Program Files\Google
[2007/01/11 17:53:00 | 000,000,000 | ---D | M] -- C:\Program Files\Hewlett-Packard
[2010/05/07 15:22:48 | 000,000,000 | ---D | M] -- C:\Program Files\HP
[2010/07/29 08:40:36 | 000,000,000 | ---D | M] -- C:\Program Files\HP DigitalMedia Archive
[2007/01/11 17:16:37 | 000,000,000 | ---D | M] -- C:\Program Files\HP Games
[2008/03/25 13:27:34 | 000,000,000 | ---D | M] -- C:\Program Files\HP Wireless 4 Button Laser Mouse
[2010/07/11 07:47:02 | 000,000,000 | ---D | M] -- C:\Program Files\HPQ
[2010/06/25 08:26:36 | 000,000,000 | ---D | M] -- C:\Program Files\iLike
[2010/09/03 07:04:59 | 000,000,000 | -H-D | M] -- C:\Program Files\InstallShield Installation Information
[2010/11/30 06:25:56 | 000,000,000 | ---D | M] -- C:\Program Files\Internet Explorer
[2010/09/20 16:55:10 | 000,000,000 | ---D | M] -- C:\Program Files\iPod
[2010/09/20 16:55:43 | 000,000,000 | ---D | M] -- C:\Program Files\iTunes
[2010/11/30 11:53:26 | 000,000,000 | ---D | M] -- C:\Program Files\Java
[2009/09/06 18:24:05 | 000,000,000 | ---D | M] -- C:\Program Files\Last.fm
[2010/01/30 10:43:52 | 000,000,000 | ---D | M] -- C:\Program Files\LightScribe Diagnostic Utility
[2010/01/30 10:56:38 | 000,000,000 | ---D | M] -- C:\Program Files\LightScribe Template Labeler
[2008/06/02 07:15:32 | 000,000,000 | ---D | M] -- C:\Program Files\LimeWire
[2009/09/03 19:05:50 | 000,000,000 | ---D | M] -- C:\Program Files\Logitech
[2010/11/30 12:07:45 | 000,000,000 | ---D | M] -- C:\Program Files\Malwarebytes' Anti-Malware
[2007/10/11 19:39:02 | 000,000,000 | ---D | M] -- C:\Program Files\Memorex exPressit Label Design Studio
[2010/07/10 17:20:50 | 000,000,000 | ---D | M] -- C:\Program Files\Messenger
[2010/02/02 20:25:59 | 000,000,000 | ---D | M] -- C:\Program Files\Microsoft
[2007/05/11 19:48:49 | 000,000,000 | ---D | M] -- C:\Program Files\Microsoft ActiveSync
[2010/02/27 08:42:56 | 000,000,000 | ---D | M] -- C:\Program Files\Microsoft CAPICOM 2.1.0.2
[2005/11/14 20:06:48 | 000,000,000 | ---D | M] -- C:\Program Files\microsoft frontpage
[2007/01/11 17:20:39 | 000,000,000 | ---D | M] -- C:\Program Files\Microsoft Money 2006
[2007/01/11 17:22:02 | 000,000,000 | ---D | M] -- C:\Program Files\Microsoft Office
[2007/11/06 20:56:04 | 000,000,000 | ---D | M] -- C:\Program Files\Microsoft Visual Studio
[2007/01/11 17:22:06 | 000,000,000 | ---D | M] -- C:\Program Files\Microsoft Works
[2010/08/13 05:13:06 | 000,000,000 | ---D | M] -- C:\Program Files\Movie Maker
[2010/11/30 16:48:06 | 000,000,000 | ---D | M] -- C:\Program Files\Mozilla Firefox
[2009/08/22 02:06:34 | 000,000,000 | ---D | M] -- C:\Program Files\MSBuild
[2005/11/14 20:07:00 | 000,000,000 | ---D | M] -- C:\Program Files\MSN
[2007/01/11 17:20:47 | 000,000,000 | ---D | M] -- C:\Program Files\MSN Encarta Standard
[2005/11/14 20:07:16 | 000,000,000 | ---D | M] -- C:\Program Files\MSN Gaming Zone
[2010/02/02 20:25:56 | 000,000,000 | ---D | M] -- C:\Program Files\MSN Toolbar
[2010/02/02 20:26:15 | 000,000,000 | ---D | M] -- C:\Program Files\MSN Toolbar Installer
[2007/05/08 05:54:21 | 000,000,000 | ---D | M] -- C:\Program Files\MSXML 4.0
[2009/08/22 02:01:32 | 000,000,000 | ---D | M] -- C:\Program Files\MSXML 6.0
[2007/01/11 17:10:22 | 000,000,000 | ---D | M] -- C:\Program Files\music_now
[2007/01/11 17:24:25 | 000,000,000 | ---D | M] -- C:\Program Files\muvee Technologies
[2009/11/03 06:40:35 | 000,000,000 | ---D | M] -- C:\Program Files\MyPlayCity
[2009/07/08 15:31:47 | 000,000,000 | ---D | M] -- C:\Program Files\MyPlayCity.com
[2009/07/08 15:28:25 | 000,000,000 | ---D | M] -- C:\Program Files\NetChess
[2010/07/10 17:08:11 | 000,000,000 | ---D | M] -- C:\Program Files\NetMeeting
[2007/01/11 17:10:35 | 000,000,000 | ---D | M] -- C:\Program Files\Netscape
[2007/01/11 17:47:09 | 000,000,000 | ---D | M] -- C:\Program Files\Norton Internet Security
[2008/12/17 18:03:44 | 000,000,000 | ---D | M] -- C:\Program Files\Norton PC Checkup
[2008/05/30 23:09:22 | 000,000,000 | ---D | M] -- C:\Program Files\Oberon Media
[2007/01/11 17:38:52 | 000,000,000 | ---D | M] -- C:\Program Files\Online Services
[2010/07/10 17:37:28 | 000,000,000 | ---D | M] -- C:\Program Files\Outlook Express
[2009/04/13 13:43:20 | 000,000,000 | ---D | M] -- C:\Program Files\PC Drivers HeadQuarters
[2007/01/11 17:34:28 | 000,000,000 | ---D | M] -- C:\Program Files\PC-Doctor 5 for Windows
[2007/01/11 17:34:30 | 000,000,000 | ---D | M] -- C:\Program Files\PC-Doctor for DOS
[2009/01/28 21:52:22 | 000,000,000 | ---D | M] -- C:\Program Files\PokerStars
[2007/05/20 06:04:33 | 000,000,000 | ---D | M] -- C:\Program Files\Programmers Notepad
[2007/01/11 17:25:26 | 000,000,000 | ---D | M] -- C:\Program Files\Quicken
[2010/09/20 17:02:58 | 000,000,000 | ---D | M] -- C:\Program Files\QuickTime
[2007/01/11 17:10:02 | 000,000,000 | ---D | M] -- C:\Program Files\Real
[2009/08/22 02:06:26 | 000,000,000 | ---D | M] -- C:\Program Files\Reference Assemblies
[2008/09/26 16:31:41 | 000,000,000 | ---D | M] -- C:\Program Files\RegCure
[2010/07/10 11:54:39 | 000,000,000 | ---D | M] -- C:\Program Files\RegSERVO
[2007/01/11 17:11:14 | 000,000,000 | ---D | M] -- C:\Program Files\Rhapsody
[2010/01/09 09:46:14 | 000,000,000 | ---D | M] -- C:\Program Files\Safari
[2010/11/28 09:44:16 | 000,000,000 | ---D | M] -- C:\Program Files\Shared
[2010/04/24 17:20:36 | 000,000,000 | R--D | M] -- C:\Program Files\Skype
[2010/01/28 22:38:19 | 000,000,000 | ---D | M] -- C:\Program Files\Sonalksis
[2007/01/11 17:17:44 | 000,000,000 | ---D | M] -- C:\Program Files\Sonic
[2010/08/28 19:12:41 | 000,000,000 | ---D | M] -- C:\Program Files\Sony
[2010/08/28 19:10:37 | 000,000,000 | ---D | M] -- C:\Program Files\Sony Setup
[2009/06/19 17:48:32 | 000,000,000 | ---D | M] -- C:\Program Files\SoundSpectrum
[2008/10/03 19:49:50 | 000,000,000 | ---D | M] -- C:\Program Files\Sun
[2007/01/11 17:46:18 | 000,000,000 | ---D | M] -- C:\Program Files\Symantec
[2005/11/11 17:56:28 | 000,000,000 | -H-D | M] -- C:\Program Files\Uninstall Information
[2007/01/11 17:29:44 | 000,000,000 | ---D | M] -- C:\Program Files\Updates from HP
[2010/01/13 12:23:20 | 000,000,000 | ---D | M] -- C:\Program Files\Verizon
[2007/05/07 19:31:04 | 000,000,000 | ---D | M] -- C:\Program Files\Viewpoint
[2007/01/11 17:13:14 | 000,000,000 | ---D | M] -- C:\Program Files\WildTangent
[2010/07/07 20:32:47 | 000,000,000 | ---D | M] -- C:\Program Files\Windows Media Connect 2
[2010/09/24 07:43:29 | 000,000,000 | ---D | M] -- C:\Program Files\Windows Media Player
[2010/07/10 17:08:02 | 000,000,000 | ---D | M] -- C:\Program Files\Windows NT
[2005/11/14 20:08:32 | 000,000,000 | ---D | M] -- C:\Program Files\Windows Plus
[2005/11/11 17:56:16 | 000,000,000 | -H-D | M] -- C:\Program Files\WindowsUpdate
[2005/11/14 20:08:44 | 000,000,000 | ---D | M] -- C:\Program Files\xerox
[2010/07/29 08:38:58 | 000,000,000 | ---D | M] -- C:\Program Files\Yahoo!
[2007/10/27 22:36:15 | 000,000,000 | ---D | M] -- C:\Program Files\Zone Labs

< %appdata%\*.* >
[2005/08/30 08:52:20 | 000,000,062 | -HS- | M] () -- C:\Documents and Settings\HP_Administrator\Application Data\desktop.ini
[2009/06/19 17:48:01 | 000,000,201 | ---- | M] () -- C:\Documents and Settings\HP_Administrator\Application Data\G-Force Prefs (WindowsMediaPlayer).txt
[2010/07/26 18:18:50 | 000,155,120 | ---- | M] () -- C:\Documents and Settings\HP_Administrator\Application Data\GDIPFONTCACHEV1.DAT
[2010/11/28 07:42:25 | 000,000,010 | ---- | M] () -- C:\Documents and Settings\HP_Administrator\Application Data\install
[2009/08/13 22:04:20 | 000,000,170 | ---- | M] () -- C:\Documents and Settings\HP_Administrator\Application Data\wklnhst.dat

< MD5 for: AGP440.SYS >
[2010/02/27 07:34:38 | 023,852,652 | ---- | M] () .cab file -- C:\WINDOWS\$NtServicePackUninstall$\sp3.cab:AGP440.sys
[2004/08/10 06:00:00 | 016,971,599 | ---- | M] () .cab file -- C:\WINDOWS\Driver Cache\i386\sp2.cab:AGP440.sys
[2010/07/10 16:49:01 | 023,852,652 | ---- | M] () .cab file -- C:\WINDOWS\Driver Cache\i386\sp3.cab:AGP440.sys
[2004/08/09 23:00:00 | 016,971,599 | ---- | M] () .cab file -- C:\WINDOWS\I386\sp2.cab:AGP440.sys
[2010/07/10 16:49:01 | 023,852,652 | ---- | M] () .cab file -- C:\WINDOWS\ServicePackFiles\i386\sp3.cab:AGP440.sys
[2010/07/10 16:49:01 | 023,852,652 | ---- | M] () .cab file -- C:\WINDOWS\SoftwareDistribution\Download\9866fb57abdc0ea2f5d4e132d055ba4e\sp3.cab:AGP440.sys
[2008/04/13 13:36:38 | 000,042,368 | ---- | M] (Microsoft Corporation) MD5=08FD04AA961BDC77FB983F328334E3D7 -- C:\WINDOWS\ServicePackFiles\i386\agp440.sys
[2008/04/13 13:36:38 | 000,042,368 | ---- | M] (Microsoft Corporation) MD5=08FD04AA961BDC77FB983F328334E3D7 -- C:\WINDOWS\SoftwareDistribution\Download\9866fb57abdc0ea2f5d4e132d055ba4e\agp440.sys
[2008/04/13 13:36:38 | 000,042,368 | ---- | M] (Microsoft Corporation) MD5=08FD04AA961BDC77FB983F328334E3D7 -- C:\WINDOWS\SoftwareDistribution\Download\dd9ab5193501484cf5e6884fa1d22f9e\agp440.sys
[2008/04/13 13:36:38 | 000,042,368 | ---- | M] (Microsoft Corporation) MD5=08FD04AA961BDC77FB983F328334E3D7 -- C:\WINDOWS\system32\drivers\agp440.sys

< MD5 for: ATAPI.SYS >
[2010/02/27 07:34:38 | 023,852,652 | ---- | M] () .cab file -- C:\WINDOWS\$NtServicePackUninstall$\sp3.cab:atapi.sys
[2004/08/10 06:00:00 | 016,971,599 | ---- | M] () .cab file -- C:\WINDOWS\Driver Cache\i386\sp2.cab:atapi.sys
[2010/07/10 16:49:01 | 023,852,652 | ---- | M] () .cab file -- C:\WINDOWS\Driver Cache\i386\sp3.cab:atapi.sys
[2004/08/09 23:00:00 | 016,971,599 | ---- | M] () .cab file -- C:\WINDOWS\I386\sp2.cab:atapi.sys
[2010/07/10 16:49:01 | 023,852,652 | ---- | M] () .cab file -- C:\WINDOWS\ServicePackFiles\i386\sp3.cab:atapi.sys
[2010/07/10 16:49:01 | 023,852,652 | ---- | M] () .cab file -- C:\WINDOWS\SoftwareDistribution\Download\9866fb57abdc0ea2f5d4e132d055ba4e\sp3.cab:atapi.sys
[2008/04/13 13:40:30 | 000,096,512 | ---- | M] (Microsoft Corporation) MD5=9F3A2F5AA6875C72BF062C712CFA2674 -- C:\WINDOWS\ServicePackFiles\i386\atapi.sys
[2008/04/13 13:40:30 | 000,096,512 | ---- | M] (Microsoft Corporation) MD5=9F3A2F5AA6875C72BF062C712CFA2674 -- C:\WINDOWS\SoftwareDistribution\Download\9866fb57abdc0ea2f5d4e132d055ba4e\atapi.sys
[2008/04/13 13:40:30 | 000,096,512 | ---- | M] (Microsoft Corporation) MD5=9F3A2F5AA6875C72BF062C712CFA2674 -- C:\WINDOWS\SoftwareDistribution\Download\dd9ab5193501484cf5e6884fa1d22f9e\atapi.sys
[2008/04/13 13:40:30 | 000,096,512 | ---- | M] (Microsoft Corporation) MD5=9F3A2F5AA6875C72BF062C712CFA2674 -- C:\WINDOWS\system32\drivers\atapi.sys
[2004/08/04 08:59:44 | 000,095,360 | ---- | M] (Microsoft Corporation) MD5=CDFE4411A69C224BD1D11B2DA92DAC51 -- C:\WINDOWS\$NtServicePackUninstall$\atapi.sys

< MD5 for: DISK.SYS >
[2010/02/27 07:34:38 | 023,852,652 | ---- | M] () .cab file -- C:\WINDOWS\$NtServicePackUninstall$\sp3.cab:disk.sys
[2004/08/10 06:00:00 | 016,971,599 | ---- | M] () .cab file -- C:\WINDOWS\Driver Cache\i386\sp2.cab:disk.sys
[2010/07/10 16:49:01 | 023,852,652 | ---- | M] () .cab file -- C:\WINDOWS\Driver Cache\i386\sp3.cab:disk.sys
[2004/08/09 23:00:00 | 016,971,599 | ---- | M] () .cab file -- C:\WINDOWS\I386\sp2.cab:disk.sys
[2010/07/10 16:49:01 | 023,852,652 | ---- | M] () .cab file -- C:\WINDOWS\ServicePackFiles\i386\sp3.cab:disk.sys
[2010/07/10 16:49:01 | 023,852,652 | ---- | M] () .cab file -- C:\WINDOWS\SoftwareDistribution\Download\9866fb57abdc0ea2f5d4e132d055ba4e\sp3.cab:disk.sys
[2004/08/09 23:00:00 | 000,036,352 | ---- | M] (Microsoft Corporation) MD5=00CA44E4534865F8A3B64F7C0984BFF0 -- C:\WINDOWS\$NtServicePackUninstall$\disk.sys
[2008/04/13 13:40:47 | 000,036,352 | ---- | M] (Microsoft Corporation) MD5=044452051F3E02E7963599FC8F4F3E25 -- C:\WINDOWS\ServicePackFiles\i386\disk.sys
[2008/04/13 13:40:47 | 000,036,352 | ---- | M] (Microsoft Corporation) MD5=044452051F3E02E7963599FC8F4F3E25 -- C:\WINDOWS\SoftwareDistribution\Download\9866fb57abdc0ea2f5d4e132d055ba4e\disk.sys
[2008/04/13 13:40:47 | 000,036,352 | ---- | M] (Microsoft Corporation) MD5=044452051F3E02E7963599FC8F4F3E25 -- C:\WINDOWS\SoftwareDistribution\Download\dd9ab5193501484cf5e6884fa1d22f9e\disk.sys
[2008/04/13 13:40:47 | 000,036,352 | ---- | M] (Microsoft Corporation) MD5=044452051F3E02E7963599FC8F4F3E25 -- C:\WINDOWS\system32\drivers\disk.sys

< MD5 for: EVENTLOG.DLL >
[2008/04/13 19:11:53 | 000,056,320 | ---- | M] (Microsoft Corporation) MD5=6D4FEB43EE538FC5428CC7F0565AA656 -- C:\WINDOWS\ServicePackFiles\i386\eventlog.dll
[2008/04/13 19:11:53 | 000,056,320 | ---- | M] (Microsoft Corporation) MD5=6D4FEB43EE538FC5428CC7F0565AA656 -- C:\WINDOWS\SoftwareDistribution\Download\9866fb57abdc0ea2f5d4e132d055ba4e\eventlog.dll
[2008/04/13 19:11:53 | 000,056,320 | ---- | M] (Microsoft Corporation) MD5=6D4FEB43EE538FC5428CC7F0565AA656 -- C:\WINDOWS\SoftwareDistribution\Download\dd9ab5193501484cf5e6884fa1d22f9e\eventlog.dll
[2008/04/13 19:11:53 | 000,056,320 | ---- | M] (Microsoft Corporation) MD5=6D4FEB43EE538FC5428CC7F0565AA656 -- C:\WINDOWS\system32\eventlog.dll
[2004/08/09 23:00:00 | 000,055,808 | ---- | M] (Microsoft Corporation) MD5=82B24CB70E5944E6E34662205A2A5B78 -- C:\WINDOWS\$NtServicePackUninstall$\eventlog.dll

< MD5 for: IASTOR.SYS >
[2005/06/17 08:33:40 | 000,872,064 | ---- | M] (Intel Corporation) MD5=9A65E42664D1534B68512CAAD0EFE963 -- C:\hp\drivers\Intel_5_1_0_1022_PV\iastor.sys

< MD5 for: NETLOGON.DLL >
[2008/04/13 19:12:01 | 000,407,040 | ---- | M] (Microsoft Corporation) MD5=1B7F071C51B77C272875C3A23E1E4550 -- C:\WINDOWS\ServicePackFiles\i386\netlogon.dll
[2008/04/13 19:12:01 | 000,407,040 | ---- | M] (Microsoft Corporation) MD5=1B7F071C51B77C272875C3A23E1E4550 -- C:\WINDOWS\SoftwareDistribution\Download\9866fb57abdc0ea2f5d4e132d055ba4e\netlogon.dll
[2008/04/13 19:12:01 | 000,407,040 | ---- | M] (Microsoft Corporation) MD5=1B7F071C51B77C272875C3A23E1E4550 -- C:\WINDOWS\SoftwareDistribution\Download\dd9ab5193501484cf5e6884fa1d22f9e\netlogon.dll
[2008/04/13 19:12:01 | 000,407,040 | ---- | M] (Microsoft Corporation) MD5=1B7F071C51B77C272875C3A23E1E4550 -- C:\WINDOWS\system32\netlogon.dll
[2009/02/06 13:46:09 | 000,408,064 | ---- | M] (Microsoft Corporation) MD5=6C476D33D82F1054849790181E8F7772 -- C:\WINDOWS\$hf_mig$\KB968389\SP2QFE\netlogon.dll
[2009/02/06 13:46:09 | 000,408,064 | ---- | M] (Microsoft Corporation) MD5=6C476D33D82F1054849790181E8F7772 -- C:\WINDOWS\$hf_mig$\KB975467\SP2QFE\netlogon.dll
[2004/08/09 23:00:00 | 000,407,040 | ---- | M] (Microsoft Corporation) MD5=96353FCECBA774BB8DA74A1C6507015A -- C:\WINDOWS\$NtServicePackUninstall$\netlogon.dll

< MD5 for: SCECLI.DLL >
[2004/08/09 23:00:00 | 000,180,224 | ---- | M] (Microsoft Corporation) MD5=0F78E27F563F2AAF74B91A49E2ABF19A -- C:\WINDOWS\$NtServicePackUninstall$\scecli.dll
[2008/04/13 19:12:05 | 000,181,248 | ---- | M] (Microsoft Corporation) MD5=A86BB5E61BF3E39B62AB4C7E7085A084 -- C:\WINDOWS\ServicePackFiles\i386\scecli.dll
[2008/04/13 19:12:05 | 000,181,248 | ---- | M] (Microsoft Corporation) MD5=A86BB5E61BF3E39B62AB4C7E7085A084 -- C:\WINDOWS\SoftwareDistribution\Download\9866fb57abdc0ea2f5d4e132d055ba4e\scecli.dll
[2008/04/13 19:12:05 | 000,181,248 | ---- | M] (Microsoft Corporation) MD5=A86BB5E61BF3E39B62AB4C7E7085A084 -- C:\WINDOWS\SoftwareDistribution\Download\dd9ab5193501484cf5e6884fa1d22f9e\scecli.dll
[2008/04/13 19:12:05 | 000,181,248 | ---- | M] (Microsoft Corporation) MD5=A86BB5E61BF3E39B62AB4C7E7085A084 -- C:\WINDOWS\system32\scecli.dll

< MD5 for: USBSTOR.SYS >
[2010/02/27 07:34:38 | 023,852,652 | ---- | M] () .cab file -- C:\WINDOWS\$NtServicePackUninstall$\sp3.cab:usbstor.sys
[2004/08/10 06:00:00 | 016,971,599 | ---- | M] () .cab file -- C:\WINDOWS\Driver Cache\i386\sp2.cab:usbstor.sys
[2010/07/10 16:49:01 | 023,852,652 | ---- | M] () .cab file -- C:\WINDOWS\Driver Cache\i386\sp3.cab:usbstor.sys
[2004/08/09 23:00:00 | 016,971,599 | ---- | M] () .cab file -- C:\WINDOWS\I386\sp2.cab:usbstor.sys
[2010/07/10 16:49:01 | 023,852,652 | ---- | M] () .cab file -- C:\WINDOWS\ServicePackFiles\i386\sp3.cab:usbstor.sys
[2010/07/10 16:49:01 | 023,852,652 | ---- | M] () .cab file -- C:\WINDOWS\SoftwareDistribution\Download\9866fb57abdc0ea2f5d4e132d055ba4e\sp3.cab:usbstor.sys
[2004/08/09 23:00:00 | 000,026,496 | ---- | M] (Microsoft Corporation) MD5=6CD7B22193718F1D17A47A1CD6D37E75 -- C:\WINDOWS\$NtServicePackUninstall$\usbstor.sys
[2008/04/13 13:45:38 | 000,026,368 | ---- | M] (Microsoft Corporation) MD5=A32426D9B14A089EAA1D922E0C5801A9 -- C:\WINDOWS\ServicePackFiles\i386\usbstor.sys
[2008/04/13 13:45:38 | 000,026,368 | ---- | M] (Microsoft Corporation) MD5=A32426D9B14A089EAA1D922E0C5801A9 -- C:\WINDOWS\SoftwareDistribution\Download\9866fb57abdc0ea2f5d4e132d055ba4e\usbstor.sys
[2008/04/13 13:45:38 | 000,026,368 | ---- | M] (Microsoft Corporation) MD5=A32426D9B14A089EAA1D922E0C5801A9 -- C:\WINDOWS\SoftwareDistribution\Download\dd9ab5193501484cf5e6884fa1d22f9e\usbstor.sys
[2008/04/13 13:45:38 | 000,026,368 | ---- | M] (Microsoft Corporation) MD5=A32426D9B14A089EAA1D922E0C5801A9 -- C:\WINDOWS\system32\drivers\usbstor.sys

< HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WindowsUpdate\Auto Update\Results\Install|LastSuccessTime / >
Invalid Switch:

========== Alternate Data Streams ==========

@Alternate Data Stream - 173 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:A73EAFFB
@Alternate Data Stream - 125 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:C5E118DF
@Alternate Data Stream - 120 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:93E9C78D
@Alternate Data Stream - 115 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:D158BAF9

< End of report >

Re: Trojan.fakeAlert2nd December 2010, 12:45 am

Please download and run this tool.

Download Malwarebytes' Anti-Malware from Here

Double Click mbam-setup.exe to install the application.

Make sure a checkmark is placed next to Update Malwarebytes' Anti-Malware and Launch Malwarebytes' Anti-Malware, then click Finish.
If an update is found, it will download and install the latest version.
Once the program has loaded, select "Perform Quick Scan", then click Scan.
The scan may take some time to finish,so please be patient.
When the scan is complete, click OK, then Show Results to view the results.
Make sure that everything is checked, and click Remove Selected.
When disinfection is completed, a log will open in Notepad and you may be prompted to Restart. (See Note)
The log is automatically saved by MBAM and can be viewed by clicking the Logs tab in MBAM.

Note:
If MBAM encounters a file that is difficult to remove, you will be presented with 1 of 2 prompts.
Click OK to either and let MBAM proceed with the disinfection process.
If asked to restart the computer, please do so immediately.

Post the contents of the MBAM Log.

Re: Trojan.fakeAlert2nd December 2010, 4:50 pm

Malwarebytes' Anti-Malware 1.50
www.malwarebytes.org

Database version: 5233

Windows 5.1.2600 Service Pack 3
Internet Explorer 8.0.6001.18702

12/2/2010 11:40:12 AM
mbam-log-2010-12-02 (11-40-12).txt

Scan type: Quick scan
Objects scanned: 210044
Time elapsed: 40 minute(s), 56 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 0
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 23
Files Infected: 15

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
(No malicious items detected)

Registry Values Infected:
(No malicious items detected)

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
c:\documents and settings\hp_administrator\application data\registrysmart (Rogue.RegistrySmart) -> Quarantined and deleted successfully.
c:\documents and settings\hp_administrator\application data\registrysmart\Log (Rogue.RegistrySmart) -> Quarantined and deleted successfully.
c:\documents and settings\hp_administrator\application data\registrysmart\registry backups (Rogue.RegistrySmart) -> Quarantined and deleted successfully.
c:\documents and settings\hp_administrator\application data\RegSweep (Rogue.RegSweep) -> Quarantined and deleted successfully.
c:\documents and settings\hp_administrator\application data\RegSweep\Log (Rogue.RegSweep) -> Quarantined and deleted successfully.
c:\documents and settings\hp_administrator\application data\spywarebot (Rogue.SpywareBot) -> Quarantined and deleted successfully.
c:\documents and settings\hp_administrator\application data\spywarebot\Log (Rogue.SpywareBot) -> Quarantined and deleted successfully.
c:\documents and settings\hp_administrator\application data\spywarebot\quarantine (Rogue.SpywareBot) -> Quarantined and deleted successfully.
c:\documents and settings\hp_administrator\application data\spywarebot\registry backups (Rogue.SpywareBot) -> Quarantined and deleted successfully.
c:\documents and settings\hp_administrator\application data\spywarebot\Settings (Rogue.SpywareBot) -> Quarantined and deleted successfully.
c:\program files\registrysmart (Rogue.RegistrySmart) -> Quarantined and deleted successfully.
c:\program files\registrysmart\microsoft.vc80.crt (Rogue.RegistrySmart) -> Quarantined and deleted successfully.
c:\program files\registrysmart\microsoft.vc80.mfc (Rogue.RegistrySmart) -> Quarantined and deleted successfully.
c:\program files\RegSweep (Rogue.RegSweep) -> Quarantined and deleted successfully.
c:\program files\RegSweep\microsoft.vc80.crt (Rogue.RegSweep) -> Quarantined and deleted successfully.
c:\program files\RegSweep\microsoft.vc80.mfc (Rogue.RegSweep) -> Quarantined and deleted successfully.
c:\program files\spywarebot (Rogue.SpywareBot) -> Quarantined and deleted successfully.
c:\program files\spywarebot\databases (Rogue.SpywareBot) -> Quarantined and deleted successfully.
c:\program files\spywarebot\filterdrv (Rogue.SpywareBot) -> Quarantined and deleted successfully.
c:\program files\spywarebot\Log (Rogue.SpywareBot) -> Quarantined and deleted successfully.
c:\program files\spywarebot\microsoft.vc80.atl (Rogue.SpywareBot) -> Quarantined and deleted successfully.
c:\program files\spywarebot\microsoft.vc80.crt (Rogue.SpywareBot) -> Quarantined and deleted successfully.
c:\documents and settings\all users\start menu\Programs\spywarebot (Rogue.SpywareBot) -> Quarantined and deleted successfully.

Files Infected:
c:\program files\Common\_helper.dll (Adware.DeepDive) -> Quarantined and deleted successfully.
c:\program files\Common\helper.dll (Trojan.BHO) -> Quarantined and deleted successfully.
c:\program files\Shared\lib.dll (Adware.Deepdive) -> Quarantined and deleted successfully.
c:\RECYCLER\adapt_installer.exe (Trojan.Agent) -> Quarantined and deleted successfully.
c:\documents and settings\hp_administrator\application data\registrysmart\registry backups\2007-08-14_20-05-05.reg (Rogue.RegistrySmart) -> Quarantined and deleted successfully.
c:\documents and settings\hp_administrator\application data\spywarebot\databasenew.ref (Rogue.SpywareBot) -> Quarantined and deleted successfully.
c:\program files\spywarebot\databases\spy.ref (Rogue.SpywareBot) -> Quarantined and deleted successfully.
c:\program files\spywarebot\filterdrv\antispyfilter.amd64.sys (Rogue.SpywareBot) -> Quarantined and deleted successfully.
c:\program files\spywarebot\filterdrv\antispyfilter.cat (Rogue.SpywareBot) -> Quarantined and deleted successfully.
c:\program files\spywarebot\filterdrv\antispyfilter.inf (Rogue.SpywareBot) -> Quarantined and deleted successfully.
c:\program files\spywarebot\filterdrv\antispyfilter.x86.sys (Rogue.SpywareBot) -> Quarantined and deleted successfully.
c:\program files\spywarebot\microsoft.vc80.atl\atl80.dll (Rogue.SpywareBot) -> Quarantined and deleted successfully.
c:\program files\spywarebot\microsoft.vc80.atl\microsoft.vc80.atl.manifest (Rogue.SpywareBot) -> Quarantined and deleted successfully.
c:\documents and settings\all users\start menu\Programs\spywarebot\spywarebot on the web.lnk (Rogue.SpywareBot) -> Quarantined and deleted successfully.
c:\documents and settings\all users\start menu\Programs\spywarebot\spywarebot.lnk (Rogue.SpywareBot) -> Quarantined and deleted successfully.

Re: Trojan.fakeAlert3rd December 2010, 12:44 am

Hello.

Download combofix from here
Link 1
Link 2

1. If you are using Firefox, make sure that your download settings are as follows:

* Tools->Options->Main tab
* Set to "Always ask me where to Save the files".

2. During the download, rename Combofix to Combo-Fix as follows:

3. It is important you rename Combofix during the download, but not after.
4. Please do not rename Combofix to other names, but only to the one indicated.
5. Close any open browsers.
6. Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.
We need to disable your local AV (Anti-virus) before running Combofix.
See HERE for how to disable your AV.
Double click on ComboFix.exe.
Follow the prompts. NOTE:
ComboFix will check to see if the Microsoft Windows Recovery Console is installed.
***It's strongly recommended to have the Recovery Console installed before doing any malware removal.***

**Please note: If the Microsoft Windows Recovery Console is already installed, ComboFix will automatically proceed with its scan.
The Recovery Console provides a recovery/repair mode should a problem occur during a Combofix run.
Allow ComboFix to download the Recovery Console.
Accept the End-User License Agreement.
The Recovery Console will be installed.
You will then get this next prompt that asks if you want to continue the malware scan, select yes
Allow combofix to run
Post C:\combofix.txt back here.

Note:
Do not mouseclick combofix's window whilst it's running. That may cause it to stall.

Re: Trojan.fakeAlert3rd December 2010, 1:39 pm

I have a problem with Norton Internet security 2006. I uninstalled the program days ago yet combo fix states it's on. I did a search to see if it is on my computer somewhere but the search tuned negative that the program is not there. Yet I checked the security center in my control panel and it also states it's on under virus protection and I am unable to turn it off. Should I proceed anyway?

Re: Trojan.fakeAlert3rd December 2010, 3:21 pm

ComboFix 10-12-02.05 - HP_Administrator 12/03/2010 9:12.1.2 - x86
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.446.210 [GMT -5:00]
Running from: c:\documents and settings\HP_Administrator\My Documents\Combo-Fix.exe
AV: Norton Internet Security 2006 *On-access scanning enabled* (Updated) {E10A9785-9598-4754-B552-92431C1C35F8}
FW: Norton Internet Security 2006 *enabled* {7C21A4C9-F61F-4AC4-B722-A6E19C16F220}
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\documents and settings\HP_Administrator\Application Data\install
c:\documents and settings\HP_Administrator\Local Settings\Application Data\{3FB8B262-BE53-4D41-9DA1-61635A6DB841}
c:\documents and settings\HP_Administrator\Local Settings\Application Data\{3FB8B262-BE53-4D41-9DA1-61635A6DB841}\chrome\content\_cfg.js
c:\documents and settings\HP_Administrator\Local Settings\Application Data\{3FB8B262-BE53-4D41-9DA1-61635A6DB841}\chrome\content\overlay.xul
c:\documents and settings\HP_Administrator\Local Settings\Application Data\{3FB8B262-BE53-4D41-9DA1-61635A6DB841}\install.rdf
c:\documents and settings\HP_Administrator\Local Settings\Temporary Internet Files\AXEL.DAV
c:\program files\Common
c:\program files\Shared
c:\windows\Downloaded Program Files\popcaploader.dll
c:\windows\Downloaded Program Files\popcaploader.inf
c:\windows\system32\ReadMe.txt
D:\Autorun.inf

.
\\.\PhysicalDrive0 - Bootkit TDL4 was found and disinfected
.
((((((((((((((((((((((((( Files Created from 2010-11-03 to 2010-12-03 )))))))))))))))))))))))))))))))
.

2010-12-02 15:32 . 2010-11-29 22:42 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2010-12-02 15:32 . 2010-11-29 22:42 20952 ----a-w- c:\windows\system32\drivers\mbam.sys
2010-12-02 15:05 . 2010-12-02 15:05 -------- d-----w- C:\temp
2010-12-02 07:57 . 2010-12-02 07:57 73728 ----a-w- c:\windows\system32\javacpl.cpl
2010-12-02 05:54 . 2010-12-02 05:54 -------- d-----w- c:\documents and settings\NetworkService\Application Data\AdobeUM
2010-12-02 05:53 . 2010-12-02 05:54 -------- d-----w- c:\documents and settings\NetworkService\Local Settings\Application Data\Adobe
2010-12-02 05:04 . 2010-12-02 05:04 -------- d-----w- C:\38fbabe0765f145336
2010-12-02 05:03 . 2010-12-02 05:04 -------- d-----w- C:\a72ea9fd87be0e5ae0fd6e59940d26d1
2010-12-02 04:56 . 2010-12-02 04:56 -------- d-----w- c:\windows\system32\wbem\Repository
2010-12-02 04:10 . 2010-12-02 04:53 -------- d-----w- C:\aa8e29a257d71255e74fdb
2010-12-02 04:10 . 2010-12-02 04:53 -------- d-----w- C:\b130a73f5e38cc967cad
2010-11-30 02:22 . 2010-11-30 02:22 -------- d-sh--w- c:\documents and settings\NetworkService\IETldCache
2010-11-28 14:07 . 2010-11-28 14:07 -------- d-----w- c:\documents and settings\HP_Administrator\Application Data\Malwarebytes
2010-11-28 14:06 . 2010-11-28 14:06 -------- d-----w- c:\documents and settings\All Users\Application Data\Malwarebytes
2010-11-28 14:06 . 2010-12-02 15:32 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2010-11-28 12:39 . 2010-11-28 12:39 0 ----a-w- c:\windows\Kzodoquq.bin
2010-11-07 14:36 . 2010-11-10 14:37 -------- d-----w- c:\documents and settings\All Users\Application Data\DriveHQ

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2010-12-02 07:57 . 2010-07-07 11:29 472808 ----a-w- c:\windows\system32\deployJava1.dll
2010-09-18 16:23 . 2004-08-10 04:00 974848 ------w- c:\windows\system32\mfc42u.dll
2010-09-18 06:53 . 2004-08-10 04:00 974848 ----a-w- c:\windows\system32\mfc42.dll
2010-09-18 06:53 . 2004-08-10 04:00 954368 ------w- c:\windows\system32\mfc40.dll
2010-09-18 06:53 . 2004-08-10 04:00 953856 ------w- c:\windows\system32\mfc40u.dll
2010-09-10 05:58 . 2004-08-10 04:00 916480 ----a-w- c:\windows\system32\wininet.dll
2010-09-10 05:58 . 2004-08-10 04:00 43520 ----a-w- c:\windows\system32\licmgr10.dll
2010-09-10 05:58 . 2004-08-10 04:00 1469440 ------w- c:\windows\system32\inetcpl.cpl
2010-09-08 15:17 . 2010-09-08 15:17 94208 ----a-w- c:\windows\system32\QuickTimeVR.qtx
2010-09-08 15:17 . 2010-09-08 15:17 69632 ----a-w- c:\windows\system32\QuickTime.qts
.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"AOL Fast Start"="c:\program files\AOL 9.1\AOL.EXE" [2008-11-06 50472]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ehTray"="c:\windows\ehome\ehtray.exe" [2005-09-30 67584]
"ftutil2"="ftutil2.dll" [2004-06-07 106496]
"hpsysdrv"="c:\windows\system\hpsysdrv.exe" [1998-05-07 52736]
"RTHDCPL"="RTHDCPL.EXE" [2006-06-14 16239616]
"AlwaysReady Power Message APP"="ARPWRMSG.EXE" [2005-08-03 77312]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2006-05-09 7311360]
"nwiz"="nwiz.exe" [2006-05-09 1519616]
"DISCover"="c:\program files\DISC\DISCover.exe" [2006-04-07 1073152]
"DiscUpdateManager"="c:\program files\DISC\DiscUpdMgr.exe" [2006-04-07 65536]
"Recguard"="c:\windows\SMINST\RECGUARD.EXE" [2005-07-23 237568]
"KBD"="c:\hp\KBD\KBD.EXE" [2005-02-02 61440]
"SetDefaultPrinter"="c:\hp\bin\cloaker.exe" [1999-11-07 27136]
"HPBootOp"="c:\program files\Hewlett-Packard\HP Boot Optimizer\HPBootOp.exe" [2006-02-16 249856]
"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2010-05-14 248552]
"QuickTime Task"="c:\program files\QuickTime\qttask.exe" [2010-09-08 421888]

c:\documents and settings\Default User\Start Menu\Programs\Startup\
Pin.lnk - c:\hp\bin\CLOAKER.EXE [2007-1-11 27136]
PinMcLnk.lnk - c:\hp\bin\cloaker.exe [2007-1-11 27136]

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Adobe Reader Speed Launch.lnk]
path=c:\documents and settings\All Users\Start Menu\Programs\Startup\Adobe Reader Speed Launch.lnk
backup=c:\windows\pss\Adobe Reader Speed Launch.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^HP Digital Imaging Monitor.lnk]
backup=c:\windows\pss\HP Digital Imaging Monitor.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Microsoft Office.lnk]
path=c:\documents and settings\All Users\Start Menu\Programs\Startup\Microsoft Office.lnk
backup=c:\windows\pss\Microsoft Office.lnkCommon Startup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\iTunesHelper]
2010-09-01 12:32 421160 ----a-w- c:\program files\iTunes\iTunesHelper.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MSMSGS]
2008-04-14 00:12 1695232 ----a-w- c:\program files\Messenger\msmsgs.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PCDrProfiler]
2006-04-07 01:17 53248 ----a-w- c:\program files\PC-Doctor 5 for Windows\RunProfiler.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
2010-09-08 15:17 421888 ----a-w- c:\program files\QuickTime\QTTask.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\services]
"navapsvc"=2 (0x2)

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]
"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall]
"DisableMonitoring"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"DisableNotifications"= 1 (0x1)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\DISC\\DISCover.exe"=
"c:\\Program Files\\DISC\\DiscStreamHub.exe"=
"c:\\Program Files\\DISC\\myFTP.exe"=
"c:\\Program Files\\Updates from HP\\9972322\\Program\\Updates from HP.exe"=
"c:\\Program Files\\Rhapsody\\rhapsody.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Program Files\\Bonjour\\mDNSResponder.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqtra08.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqste08.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpofxm08.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hposfx08.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hposid01.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqscnvw.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqkygrp.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqCopy.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpfccopy.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpzwiz01.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\Unload\\HpqPhUnl.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\Unload\\HpqDIA.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpoews01.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqnrs08.exe"=
"c:\\Program Files\\iTunes\\iTunes.exe"=

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"1563:UDP"= 1563:UDP:Windows Media Format SDK (firefox.exe)
"1562:UDP"= 1562:UDP:Windows Media Format SDK (firefox.exe)

R2 DriveHQ FileManagerFun;DriveHQ FileManagerFun;c:\program files\DriveHQ\DriveHQ FileManager\DHQFMSvc.exe [9/3/2010 7:05 AM 46080]
.
.
------- Supplementary Scan -------
.
uStart Page = about:blank
uInternet Connection Wizard,ShellNext = "c:\program files\Outlook Express\msimn.exe" //mailurl:mailto:tom@axisofmusic.com
uInternet Settings,ProxyOverride = *.local
Trusted Zone: trymedia.com
.
- - - - ORPHANS REMOVED - - - -

MSConfigStartUp-IS CfgWiz - c:\program files\Norton Internet Security\cfgwiz.exe

**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2010-12-03 09:42
Windows 5.1.2600 Service Pack 3 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
--------------------- LOCKED REGISTRY KEYS ---------------------

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\WINDOWS\\system32\\Macromed\\Flash\\FlashUtil10l_ActiveX.exe,-101"

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\Elevation]
"Enabled"=dword:00000001

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\LocalServer32]
@="c:\\WINDOWS\\system32\\Macromed\\Flash\\FlashUtil10l_ActiveX.exe"

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"

[HKEY_LOCAL_MACHINE\software\Classes\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}]
@Denied: (A 2) (Everyone)
@="IFlashBroker4"

[HKEY_LOCAL_MACHINE\software\Classes\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"

[HKEY_LOCAL_MACHINE\software\Classes\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
Completion time: 2010-12-03 09:51:51
ComboFix-quarantined-files.txt 2010-12-03 14:51

Pre-Run: 129,959,727,104 bytes free
Post-Run: 136,282,263,552 bytes free

WindowsXP-KB310994-SP2-Pro-BootDisk-ENU.exe
[boot loader]
timeout=2
default=multi(0)disk(0)rdisk(0)partition(1)\WINDOWS
[operating systems]
c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons
UnsupportedDebug="do not select this" /debug
multi(0)disk(0)rdisk(0)partition(1)\WINDOWS="Windows XP Media Center Edition" /noexecute=optin /fastdetect

- - End Of File - - F478D98B415F8CFCFC292ECF1C0DDD10

Re: Trojan.fakeAlert3rd December 2010, 9:48 pm

Hello.

Close any open browsers.
Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.
Open notepad and copy/paste the text in the quotebox below into it:
Code:
File:: c:\windows\Kzodoquq.bin DDS:: uStart Page = about:blank Trusted Zone: trymedia.com
Save this as CFScript.txt, in the same location as ComboFix.exe
Referring to the picture above, drag CFScript into ComboFix.exe
When finished, it shall produce a log for you at C:\ComboFix.txt
Please post the contents of the log in your next reply.

Re: Trojan.fakeAlert3rd December 2010, 11:19 pm

ComboFix 10-12-03.01 - HP_Administrator 12/03/2010 17:46:48.2.2 - x86
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.446.198 [GMT -5:00]
Running from: c:\documents and settings\HP_Administrator\My Documents\Combo-Fix.exe
Command switches used :: c:\documents and settings\HP_Administrator\My Documents\CFScript.txt
AV: Norton Internet Security 2006 *On-access scanning enabled* (Updated) {E10A9785-9598-4754-B552-92431C1C35F8}
FW: Norton Internet Security 2006 *enabled* {7C21A4C9-F61F-4AC4-B722-A6E19C16F220}

FILE ::
"c:\windows\Kzodoquq.bin"
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\windows\Kzodoquq.bin

.
((((((((((((((((((((((((( Files Created from 2010-11-03 to 2010-12-03 )))))))))))))))))))))))))))))))
.

2010-12-03 22:03 . 2010-12-03 22:03 -------- d-----w- C:\0f723b764bc2059de36582ac287edee6
2010-12-03 22:03 . 2010-12-03 22:21 -------- d-----w- C:\817a0f2e5a774048a1cb
2010-12-03 21:17 . 2009-08-07 00:23 274288 ----a-w- c:\windows\system32\mucltui.dll
2010-12-02 15:32 . 2010-11-29 22:42 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2010-12-02 15:32 . 2010-11-29 22:42 20952 ----a-w- c:\windows\system32\drivers\mbam.sys
2010-12-02 15:05 . 2010-12-02 15:05 -------- d-----w- C:\temp
2010-12-02 07:57 . 2010-12-02 07:57 73728 ----a-w- c:\windows\system32\javacpl.cpl
2010-12-02 05:54 . 2010-12-02 05:54 -------- d-----w- c:\documents and settings\NetworkService\Application Data\AdobeUM
2010-12-02 05:53 . 2010-12-02 05:54 -------- d-----w- c:\documents and settings\NetworkService\Local Settings\Application Data\Adobe
2010-12-02 05:04 . 2010-12-02 05:04 -------- d-----w- C:\38fbabe0765f145336
2010-12-02 05:03 . 2010-12-02 05:04 -------- d-----w- C:\a72ea9fd87be0e5ae0fd6e59940d26d1
2010-12-02 04:56 . 2010-12-02 04:56 -------- d-----w- c:\windows\system32\wbem\Repository
2010-12-02 04:10 . 2010-12-02 04:53 -------- d-----w- C:\aa8e29a257d71255e74fdb
2010-12-02 04:10 . 2010-12-02 04:53 -------- d-----w- C:\b130a73f5e38cc967cad
2010-11-30 02:22 . 2010-11-30 02:22 -------- d-sh--w- c:\documents and settings\NetworkService\IETldCache
2010-11-28 14:07 . 2010-11-28 14:07 -------- d-----w- c:\documents and settings\HP_Administrator\Application Data\Malwarebytes
2010-11-28 14:06 . 2010-11-28 14:06 -------- d-----w- c:\documents and settings\All Users\Application Data\Malwarebytes
2010-11-28 14:06 . 2010-12-02 15:32 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2010-11-07 14:36 . 2010-11-10 14:37 -------- d-----w- c:\documents and settings\All Users\Application Data\DriveHQ

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2010-12-02 07:57 . 2010-07-07 11:29 472808 ----a-w- c:\windows\system32\deployJava1.dll
2010-09-18 16:23 . 2004-08-10 04:00 974848 ------w- c:\windows\system32\mfc42u.dll
2010-09-18 06:53 . 2004-08-10 04:00 974848 ----a-w- c:\windows\system32\mfc42.dll
2010-09-18 06:53 . 2004-08-10 04:00 954368 ------w- c:\windows\system32\mfc40.dll
2010-09-18 06:53 . 2004-08-10 04:00 953856 ------w- c:\windows\system32\mfc40u.dll
2010-09-10 05:58 . 2004-08-10 04:00 916480 ----a-w- c:\windows\system32\wininet.dll
2010-09-10 05:58 . 2004-08-10 04:00 43520 ----a-w- c:\windows\system32\licmgr10.dll
2010-09-10 05:58 . 2004-08-10 04:00 1469440 ------w- c:\windows\system32\inetcpl.cpl
2010-09-08 15:17 . 2010-09-08 15:17 94208 ----a-w- c:\windows\system32\QuickTimeVR.qtx
2010-09-08 15:17 . 2010-09-08 15:17 69632 ----a-w- c:\windows\system32\QuickTime.qts
.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"AOL Fast Start"="c:\program files\AOL 9.1\AOL.EXE" [2008-11-06 50472]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ehTray"="c:\windows\ehome\ehtray.exe" [2005-09-30 67584]
"ftutil2"="ftutil2.dll" [2004-06-07 106496]
"hpsysdrv"="c:\windows\system\hpsysdrv.exe" [1998-05-07 52736]
"RTHDCPL"="RTHDCPL.EXE" [2006-06-14 16239616]
"AlwaysReady Power Message APP"="ARPWRMSG.EXE" [2005-08-03 77312]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2006-05-09 7311360]
"nwiz"="nwiz.exe" [2006-05-09 1519616]
"DISCover"="c:\program files\DISC\DISCover.exe" [2006-04-07 1073152]
"DiscUpdateManager"="c:\program files\DISC\DiscUpdMgr.exe" [2006-04-07 65536]
"Recguard"="c:\windows\SMINST\RECGUARD.EXE" [2005-07-23 237568]
"KBD"="c:\hp\KBD\KBD.EXE" [2005-02-02 61440]
"SetDefaultPrinter"="c:\hp\bin\cloaker.exe" [1999-11-07 27136]
"HPBootOp"="c:\program files\Hewlett-Packard\HP Boot Optimizer\HPBootOp.exe" [2006-02-16 249856]
"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2010-05-14 248552]
"QuickTime Task"="c:\program files\QuickTime\qttask.exe" [2010-09-08 421888]

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Adobe Reader Speed Launch.lnk]
path=c:\documents and settings\All Users\Start Menu\Programs\Startup\Adobe Reader Speed Launch.lnk
backup=c:\windows\pss\Adobe Reader Speed Launch.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^HP Digital Imaging Monitor.lnk]
backup=c:\windows\pss\HP Digital Imaging Monitor.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Microsoft Office.lnk]
path=c:\documents and settings\All Users\Start Menu\Programs\Startup\Microsoft Office.lnk
backup=c:\windows\pss\Microsoft Office.lnkCommon Startup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\iTunesHelper]
2010-09-01 12:32 421160 ----a-w- c:\program files\iTunes\iTunesHelper.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MSMSGS]
2008-04-14 00:12 1695232 ----a-w- c:\program files\Messenger\msmsgs.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PCDrProfiler]
2006-04-07 01:17 53248 ----a-w- c:\program files\PC-Doctor 5 for Windows\RunProfiler.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
2010-09-08 15:17 421888 ----a-w- c:\program files\QuickTime\QTTask.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\services]
"navapsvc"=2 (0x2)

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]
"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall]
"DisableMonitoring"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"DisableNotifications"= 1 (0x1)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\DISC\\DISCover.exe"=
"c:\\Program Files\\DISC\\DiscStreamHub.exe"=
"c:\\Program Files\\DISC\\myFTP.exe"=
"c:\\Program Files\\Updates from HP\\9972322\\Program\\Updates from HP.exe"=
"c:\\Program Files\\Rhapsody\\rhapsody.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Program Files\\Bonjour\\mDNSResponder.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqtra08.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqste08.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpofxm08.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hposfx08.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hposid01.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqscnvw.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqkygrp.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqCopy.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpfccopy.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpzwiz01.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\Unload\\HpqPhUnl.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\Unload\\HpqDIA.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpoews01.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqnrs08.exe"=
"c:\\Program Files\\iTunes\\iTunes.exe"=

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"1563:UDP"= 1563:UDP:Windows Media Format SDK (firefox.exe)
"1562:UDP"= 1562:UDP:Windows Media Format SDK (firefox.exe)

R2 DriveHQ FileManagerFun;DriveHQ FileManagerFun;c:\program files\DriveHQ\DriveHQ FileManager\DHQFMSvc.exe [9/3/2010 7:05 AM 46080]

--- Other Services/Drivers In Memory ---

*NewlyCreated* - ATWPKT2
*Deregistered* - ATWPKT2
.
.
------- Supplementary Scan -------
.
uInternet Connection Wizard,ShellNext = "c:\program files\Outlook Express\msimn.exe" //mailurl:mailto:tom@axisofmusic.com
uInternet Settings,ProxyOverride = *.local
.

**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2010-12-03 18:03
Windows 5.1.2600 Service Pack 3 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
--------------------- LOCKED REGISTRY KEYS ---------------------

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\WINDOWS\\system32\\Macromed\\Flash\\FlashUtil10l_ActiveX.exe,-101"

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\Elevation]
"Enabled"=dword:00000001

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\LocalServer32]
@="c:\\WINDOWS\\system32\\Macromed\\Flash\\FlashUtil10l_ActiveX.exe"

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"

[HKEY_LOCAL_MACHINE\software\Classes\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}]
@Denied: (A 2) (Everyone)
@="IFlashBroker4"

[HKEY_LOCAL_MACHINE\software\Classes\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"

[HKEY_LOCAL_MACHINE\software\Classes\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
Completion time: 2010-12-03 18:11:00
ComboFix-quarantined-files.txt 2010-12-03 23:10
ComboFix2.txt 2010-12-03 14:51

Pre-Run: 135,881,244,672 bytes free
Post-Run: 135,871,967,232 bytes free

- - End Of File - - 6A7FC0D0D1CBA4B960DF134CA3036F86

Re: Trojan.fakeAlert3rd December 2010, 11:36 pm

Hello.

Click Start > Run and copy/paste the following bolded text into the Run box and click OK:

ComboFix /uninstall

This will also reset your restore points.

Run ESET Online Scan
Please do an online scan with ESET Online Scanner. Please use Internet Explorer as it uses ActiveX.

Check (tick) this box: YES, I accept the Terms of Use.
Click on the Start button next to it.
When prompted to run ActiveX. click Yes.
You will be asked to install an ActiveX. Click Install.
Once installed, the scanner will be initialized.
After the scanner is initialized, click Start.
Check (tick) Remove found threats box.
Check (tick) Scan unwanted applications.
Click on Scan.
It will start scanning. Please be patient.
Once the scan is done, the log will be saved here: C:\Program Files\esetonlinescanner\log.txt.

Re: Trojan.fakeAlert4th December 2010, 10:04 pm

ESETSmartInstaller@High as CAB hook log:
OnlineScanner.ocx - registred OK
esets_scanner_update returned -1 esets_gle=53251
# version=7
# iexplore.exe=8.00.6001.18702 (longhorn_ie8_rtm(wmbla).090308-0339)
# OnlineScanner.ocx=1.0.0.6211
# api_version=3.0.2
# EOSSerial=b053da1c5f34d84ead073fe260c9bb33
# end=finished
# remove_checked=true
# archives_checked=false
# unwanted_checked=true
# unsafe_checked=false
# antistealth_checked=true
# utc_time=2010-12-04 03:20:40
# local_time=2010-12-04 10:20:40 (-0500, Eastern Standard Time)
# country="United States"
# lang=1033
# osver=5.1.2600 NT Service Pack 3
# compatibility_mode=8192 67108863 100 0 0 0 0 0
# compatibility_mode=9217 16777214 0 70 97004628 102272915 0 0
# scanned=202336
# found=0
# cleaned=0
# scan_time=7087

Re: Trojan.fakeAlert5th December 2010, 11:08 pm

Hello.

Please download the current version of HijackThis from HERE

Double click and run the installer.
It will install to C:\Program Files\Trend Micro\HijackThis\hijackthis.exe
After installing, you should get the user agreement, press accept and Hijack This will run.
When Hijack This opens, click "Open the Misc Tools section"
Then select "Open Uninstall Manager"
Click on "Save List..." (generates uninstall_list.txt)
Click Save, copy and paste the results in your next post.

Re: Trojan.fakeAlert6th December 2010, 12:42 pm

ACID Xpress 7.0
Adobe Flash Player 10 ActiveX
Adobe Flash Player 10 Plugin
Adobe Reader 7.0.5
Apple Application Support
Apple Mobile Device Support
Apple Software Update
Bonjour
Customer Experience Enhancement
Data Fax SoftModem with SmartCP
DISCover
DivX
DriveHQ FileManager 4.5
Easy Internet Sign-up
Enhanced Multimedia Keyboard Solution
ESET Online Scanner v3
GemMaster Mystic
High Definition Audio Driver Package - KB888111
HiJackThis
Hotfix for Windows Media Format 11 SDK (KB929399)
Hotfix for Windows Media Player 10 (KB910393)
Hotfix for Windows Media Player 11 (KB939683)
Hotfix for Windows XP (KB2158563)
Hotfix for Windows XP (KB952287)
Hotfix for Windows XP (KB981793)
HP Boot Optimizer
HP Driver Diagnostics
HP DVD Play 2.1
HP Imaging Device Functions 7.0
HP Photosmart and Deskjet 7.0.A
HP Photosmart Essential
HP Solution Center 7.0
HP Web Helper
iTunes
Java(TM) 6 Update 22
Malwarebytes' Anti-Malware
Microsoft .NET Framework 1.1
Microsoft .NET Framework 1.1
Microsoft .NET Framework 1.1 Security Update (KB2416447)
Microsoft .NET Framework 1.1 Security Update (KB979906)
Microsoft .NET Framework 2.0
Microsoft Compression Client Pack 1.0 for Windows XP
Microsoft Money 2006
Microsoft Office Standard Edition 2003 60 days trial
Microsoft Office XP Small Business
Microsoft User-Mode Driver Framework Feature Pack 1.0
Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
Microsoft Visual C++ 2005 Redistributable
Microsoft Works
Mozilla Firefox (3.5.15)
MSXML 4.0 SP2 (KB954430)
MSXML 4.0 SP2 (KB973688)
muvee autoProducer 5.0
muvee autoProducer unPlugged 2.0
My HP Games
Netscape Browser (remove only)
NVIDIA Drivers
OCR Software by I.R.I.S 7.0
Otto
PC-Doctor 5 for Windows
Preclick PhotoBack Plug-in
Python 2.2 pywin32 extensions (build 203)
Python 2.2.3
Quicken 2006
QuickTime
RealPlayer
Realtek High Definition Audio Driver
RegSERVO
Remove WeatherBug Installer
Rhapsody
Security Update for CAPICOM (KB931906)
Security Update for CAPICOM (KB931906)
Security Update for Step By Step Interactive Training (KB923723)
Security Update for Windows Internet Explorer 8 (KB2183461)
Security Update for Windows Internet Explorer 8 (KB2360131)
Security Update for Windows Internet Explorer 8 (KB971961)
Security Update for Windows Internet Explorer 8 (KB981332)
Security Update for Windows Internet Explorer 8 (KB982381)
Security Update for Windows Media Player (KB2378111)
Security Update for Windows Media Player (KB952069)
Security Update for Windows Media Player (KB954155)
Security Update for Windows Media Player (KB973540)
Security Update for Windows Media Player (KB973540)
Security Update for Windows Media Player (KB975558)
Security Update for Windows Media Player (KB978695)
Security Update for Windows Media Player 10 (KB911565)
Security Update for Windows Media Player 11 (KB954154)
Security Update for Windows XP (KB2079403)
Security Update for Windows XP (KB2115168)
Security Update for Windows XP (KB2121546)
Security Update for Windows XP (KB2160329)
Security Update for Windows XP (KB2229593)
Security Update for Windows XP (KB2259922)
Security Update for Windows XP (KB2279986)
Security Update for Windows XP (KB2286198)
Security Update for Windows XP (KB2296011)
Security Update for Windows XP (KB2347290)
Security Update for Windows XP (KB2360937)
Security Update for Windows XP (KB2387149)
Security Update for Windows XP (KB923561)
Security Update for Windows XP (KB941569)
Security Update for Windows XP (KB946648)
Security Update for Windows XP (KB950760)
Security Update for Windows XP (KB950762)
Security Update for Windows XP (KB950974)
Security Update for Windows XP (KB951376-v2)
Security Update for Windows XP (KB951748)
Security Update for Windows XP (KB952004)
Security Update for Windows XP (KB952954)
Security Update for Windows XP (KB955069)
Security Update for Windows XP (KB956572)
Security Update for Windows XP (KB956744)
Security Update for Windows XP (KB956802)
Security Update for Windows XP (KB956803)
Security Update for Windows XP (KB958644)
Security Update for Windows XP (KB958869)
Security Update for Windows XP (KB959426)
Security Update for Windows XP (KB960225)
Security Update for Windows XP (KB960803)
Security Update for Windows XP (KB960859)
Security Update for Windows XP (KB961501)
Security Update for Windows XP (KB969059)
Security Update for Windows XP (KB970238)
Security Update for Windows XP (KB970430)
Security Update for Windows XP (KB971468)
Security Update for Windows XP (KB971657)
Security Update for Windows XP (KB972270)
Security Update for Windows XP (KB973507)
Security Update for Windows XP (KB974112)
Security Update for Windows XP (KB974318)
Security Update for Windows XP (KB974392)
Security Update for Windows XP (KB974571)
Security Update for Windows XP (KB975025)
Security Update for Windows XP (KB975467)
Security Update for Windows XP (KB975560)
Security Update for Windows XP (KB975562)
Security Update for Windows XP (KB975713)
Security Update for Windows XP (KB977816)
Security Update for Windows XP (KB977914)
Security Update for Windows XP (KB978037)
Security Update for Windows XP (KB978338)
Security Update for Windows XP (KB978542)
Security Update for Windows XP (KB978601)
Security Update for Windows XP (KB978706)
Security Update for Windows XP (KB979309)
Security Update for Windows XP (KB979482)
Security Update for Windows XP (KB979559)
Security Update for Windows XP (KB979683)
Security Update for Windows XP (KB979687)
Security Update for Windows XP (KB980195)
Security Update for Windows XP (KB980218)
Security Update for Windows XP (KB980232)
Security Update for Windows XP (KB980436)
Security Update for Windows XP (KB981322)
Security Update for Windows XP (KB981852)
Security Update for Windows XP (KB981957)
Security Update for Windows XP (KB981997)
Security Update for Windows XP (KB982132)
Security Update for Windows XP (KB982214)
Security Update for Windows XP (KB982665)
Security Update for Windows XP (KB982802)
Sonic Express Labeler
Sonic MyDVD Plus
Sonic RecordNow Audio
Sonic RecordNow Copy
Sonic RecordNow Data
Sonic Update Manager
Update for Windows Internet Explorer 8 (KB976662)
Update for Windows Internet Explorer 8 (KB982632)
Update for Windows Media Player 10 (KB913800)
Update for Windows XP (KB2141007)
Update for Windows XP (KB2345886)
Update for Windows XP (KB951978)
Update for Windows XP (KB953356)
Update for Windows XP (KB955759)
Update for Windows XP (KB967715)
Update for Windows XP (KB968389)
Update for Windows XP (KB971737)
Update for Windows XP (KB973687)
Update for Windows XP (KB973815)
Updates from HP (remove only)
WildTangent Web Driver
Windows Media Format 11 runtime
Windows Media Format 11 runtime
Windows Media Player 11
Windows Media Player 11
Windows XP Media Center Edition 2005 KB908246
Windows XP Media Center Edition 2005 KB925766
Windows XP Media Center Edition 2005 KB973768
Windows XP Service Pack 3

Re: Trojan.fakeAlert6th December 2010, 8:54 pm

Hello.

Go to Start > Control Panel > Add/Remove Programs and remove the following programs.

Then download and install Adobe Reader 9.4

How is the machine running now?

Re: Trojan.fakeAlert6th December 2010, 9:44 pm

I want to thank you very much. The bad problems are gone. I wish I could give a donation but I am not working right now. As soon as I have one I am sure you will get something. I will recommend this site as much as possible. Again thanks for all the help you have done.

Trojan.fakeAlert

descriptionTrojan.fakeAlert1st December 2010, 12:07 am

descriptionRe: Trojan.fakeAlert1st December 2010, 12:08 am

descriptionRe: Trojan.fakeAlert2nd December 2010, 12:45 am

descriptionRe: Trojan.fakeAlert2nd December 2010, 4:50 pm

descriptionRe: Trojan.fakeAlert3rd December 2010, 12:44 am

descriptionRe: Trojan.fakeAlert3rd December 2010, 1:39 pm

descriptionRe: Trojan.fakeAlert3rd December 2010, 3:21 pm

descriptionRe: Trojan.fakeAlert3rd December 2010, 9:48 pm

descriptionRe: Trojan.fakeAlert3rd December 2010, 11:19 pm

descriptionRe: Trojan.fakeAlert3rd December 2010, 11:36 pm

descriptionRe: Trojan.fakeAlert4th December 2010, 10:04 pm

descriptionRe: Trojan.fakeAlert5th December 2010, 11:08 pm

descriptionRe: Trojan.fakeAlert6th December 2010, 12:42 pm

descriptionRe: Trojan.fakeAlert6th December 2010, 8:54 pm

descriptionRe: Trojan.fakeAlert6th December 2010, 9:44 pm

descriptionRe: Trojan.fakeAlert