help to go detective says suspicious

mit714 · 08-28-2009, 02:40 PM

hey help to go has been saying suspicious for two months now and i didnt want to bother yall so i tried to take care of it but cant so can you please help me heres my help to go log

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 2:40:07 PM, on 8/28/2009
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\brsvc01a.exe
C:\WINDOWS\system32\brss01a.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\igfxpers.exe
C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
C:\WINDOWS\ehome\ehtray.exe
C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe
C:\Program Files\ScanSoft\PaperPort\pptd40nt.exe
C:\Program Files\Brother\ControlCenter2\brctrcen.exe
C:\Program Files\Spyware Doctor\pctsTray.exe
C:\Program Files\Maxtor\OneTouch Status\maxmenumgr.exe
C:\WINDOWS\system32\ctfmon.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\AIM6\aim6.exe
C:\Program Files\DNA\btdna.exe
C:\Program Files\Brother\Brmfcmon\BrMfcWnd.exe
C:\Documents and Settings\HP_Administrator\Application Data\Microsoft\systemkernal.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\WINDOWS\system32\Brmfrmps.exe
C:\WINDOWS\eHome\ehRecvr.exe
C:\WINDOWS\eHome\ehSched.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\Program Files\Common Files\LightScribe\LSSrvc.exe
C:\Program Files\Maxtor\Sync\SyncServices.exe
C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\Program Files\Spyware Doctor\pctsAuxs.exe
C:\Program Files\Spyware Doctor\pctsSvc.exe
C:\Program Files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe
C:\Program Files\AIM6\aolsoftware.exe
C:\WINDOWS\system32\tcpsvcs.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Webroot\WebrootSecurity\SpySweeper.exe
C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
C:\Program Files\Brother\Brmfcmon\BrMfcmon.exe
C:\WINDOWS\eHome\ehmsas.exe
C:\WINDOWS\system32\dllhost.exe
C:\WINDOWS\System32\alg.exe
C:\WINDOWS\System32\svchost.exe
C:\HP\KBD\KBD.EXE
C:\WINDOWS\SOUNDMAN.EXE
C:\WINDOWS\ALCMTR.EXE
C:\WINDOWS\ALCWZRD.EXE
c:\windows\system\hpsysdrv.exe
C:\Program Files\Java\jre1.5.0\bin\jusched.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Documents and Settings\HP_Administrator\Local Settings\Application Data\Google\Chrome\Application\chrome.exe
C:\Documents and Settings\HP_Administrator\Local Settings\Application Data\Google\Chrome\Application\chrome.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe
C:\WINDOWS\system32\wbem\wmiprvse.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = AOL.com - Welcome to AOL
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://ie.redirect.hp.com/svs/rdr?TY...rm1=seconduser
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://ie.redirect.hp.com/svs/rdr?TY...rm1=seconduser
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://ie.redirect.hp.com/svs/rdr?TY...rm1=seconduser
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = AOL.com - Welcome to AOL
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://ie.redirect.hp.com/svs/rdr?TY...rm1=seconduser
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://ie.redirect.hp.com/svs/rdr?TY...rm1=seconduser
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://ie.redirect.hp.com/svs/rdr?TY...rm1=seconduser
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
O2 - BHO: Search Helper - {6EBF7485-159F-4bff-A14F-B9E3AAC4465B} - C:\Program Files\Microsoft\Search Enhancement Pack\Search Helper\SearchHelper.dll
O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\PROGRA~1\MI1933~1\Office12\GRA8E1~1.DLL
O2 - BHO: MSN Toolbar Helper - {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - C:\Program Files\MSN\Toolbar\3.0.1125.0\msneshellx.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O3 - Toolbar: MSN Toolbar - {1E61ED7C-7CB8-49d6-B9E9-AB4C880C8414} - C:\Program Files\MSN\Toolbar\3.0.1125.0\msneshellx.dll
O4 - HKLM\..\Run: [High Definition Audio Property Page Shortcut] HDAShCut.exe
O4 - HKLM\..\Run: [Persistence] C:\WINDOWS\system32\igfxpers.exe
O4 - HKLM\..\Run: [HPBootOp] "C:\Program Files\Hewlett-Packard\HP Boot Optimizer\HPBootOp.exe" /run
O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKLM\..\Run: [ehTray] C:\WINDOWS\ehome\ehtray.exe
O4 - HKLM\..\Run: [GrooveMonitor] "C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe"
O4 - HKLM\..\Run: [LSBWatcher] c:\hp\drivers\hplsbwatcher\lsburnwatcher.exe
O4 - HKLM\..\Run: [Microsoft Default Manager] "C:\Program Files\Microsoft\Search Enhancement Pack\Default Manager\DefMgr.exe" -resume
O4 - HKLM\..\Run: [AdobeCS4ServiceManager] "C:\Program Files\Common Files\Adobe\CS4ServiceManager\CS4ServiceManager.exe" -launchedbylogin
O4 - HKLM\..\Run: [Malwarebytes' Anti-Malware] "C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe" /starttray
O4 - HKLM\..\Run: [SSBkgdUpdate] "C:\Program Files\Common Files\Scansoft Shared\SSBkgdUpdate\SSBkgdupdate.exe" -Embedding -boot
O4 - HKLM\..\Run: [PaperPort PTD] C:\Program Files\ScanSoft\PaperPort\pptd40nt.exe
O4 - HKLM\..\Run: [IndexSearch] C:\Program Files\ScanSoft\PaperPort\IndexSearch.exe
O4 - HKLM\..\Run: [SetDefPrt] C:\Program Files\Brother\Brmfl04a\BrStDvPt.exe
O4 - HKLM\..\Run: [ControlCenter2.0] C:\Program Files\Brother\ControlCenter2\brctrcen.exe /autorun
O4 - HKLM\..\Run: [ISTray] "C:\Program Files\Spyware Doctor\pctsTray.exe"
O4 - HKLM\..\Run: [mxomssmenu] "C:\Program Files\Maxtor\OneTouch Status\maxmenumgr.exe"
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [Google Update] "C:\Documents and Settings\HP_Administrator\Local Settings\Application Data\Google\Update\GoogleUpdate.exe" /c
O4 - HKCU\..\Run: [systemkernal.exe] C:\Documents and Settings\HP_Administrator\Application Data\Microsoft\systemkernal.exe
O4 - HKCU\..\Run: [Aim6] "C:\Program Files\AIM6\aim6.exe" /d locale=en-US ee://aol/imApp
O4 - HKCU\..\Run: [BitTorrent DNA] "C:\Program Files\DNA\btdna.exe"
O4 - Global Startup: Status Monitor.lnk = C:\Program Files\Brother\Brmfcmon\BrMfcWnd.exe
O8 - Extra context menu item: Add to Google Photos Screensa&ver - res://C:\WINDOWS\system32\GPhotos.scr/200
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MI1933~1\Office12\EXCEL.EXE/3000
O9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MI1933~1\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MI1933~1\Office12\ONBttnIE.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MI1933~1\Office12\REFIEBAR.DLL
O9 - Extra button: Connection Help - {E2D4D26B-0180-43a4-B05F-462D6D54C789} - C:\WINDOWS\PCHEALTH\HELPCTR\Vendors\CN=Hewlett-Packard,L=Cupertino,S=Ca,C=US\IEButton\support.htm
O9 - Extra 'Tools' menuitem: Connection Help - {E2D4D26B-0180-43a4-B05F-462D6D54C789} - C:\WINDOWS\PCHEALTH\HELPCTR\Vendors\CN=Hewlett-Packard,L=Cupertino,S=Ca,C=US\IEButton\support.htm
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
O16 - DPF: {FD0B6769-6490-4A91-AA0A-B5AE0DC75AC9} (Performance Viewer Activex Control) - https://secure.logmein.com/activex/ractrl.cab?lmi=100
O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\PROGRA~1\MI1933~1\Office12\GR99D3~1.DLL
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: Brother Popup Suspend service for Resource manager (brmfrmps) - Brother Industries, Ltd. - C:\WINDOWS\system32\Brmfrmps.exe
O23 - Service: BrSplService (Brother XP spl Service) - brother Industries Ltd - C:\WINDOWS\system32\brsvc01a.exe
O23 - Service: FLEXnet Licensing Service - Acresso Software Inc. - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Common Files\LightScribe\LSSrvc.exe
O23 - Service: Maxtor Service (Maxtor Sync Service) - Seagate Technology LLC - C:\Program Files\Maxtor\Sync\SyncServices.exe
O23 - Service: MBAMService - Malwarebytes Corporation - C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe
O23 - Service: PC Tools Auxiliary Service (sdAuxService) - PC Tools - C:\Program Files\Spyware Doctor\pctsAuxs.exe
O23 - Service: PC Tools Security Service (sdCoreService) - PC Tools - C:\Program Files\Spyware Doctor\pctsSvc.exe
O23 - Service: Webroot Spy Sweeper Engine (WebrootSpySweeperService) - Webroot Software, Inc. (Award-winning Security Software for Home and Business Computers) - C:\Program Files\Webroot\WebrootSecurity\SpySweeper.exe

--
End of file - 11462 bytes

evilfantasy · 08-28-2009, 03:31 PM

Suspicious file scan

Please go to Jotti's malware scan
(If more than one file needs scanned they must be done separately and logs posted for each one)

Copy the file path in the below Code box:

Code:

C:\Documents and Settings\HP_Administrator\Application Data\Microsoft\systemkernal.exe

At the upload site, click once inside the window next to Browse.
Press Ctrl+V on the keyboard (both at the same time) to paste the file path into the window.
Next click Submit file
- Your file will possibly be entered into a queue which normally takes less than a minute to clear.
This will perform a scan across multiple different virus scanning engines.
Important: Wait for all of the scanning engines to complete.
Once the scan is finished, Copy and then Paste the link in the address bar into your next reply.

mit714 · 08-28-2009, 03:41 PM

systemkernal.exe - Jotti's malware scan

evilfantasy · 08-28-2009, 03:47 PM

Download, update and run a-squared Free edition

At the main menu, click Scan Now, there will be 4 options, choose Deep Scan and then click Scan

* If malware is found, click the button Remove Selected Malware
* If malware is found, select all found and click Quarantine selected objects
* Click Save Report. Save the report to somewhere convenient, such as your desktop
* Add the report as an attachment in your next post.

----------

Download DDS from |HERE| or |HERE| or |HERE| and save it to your desktop.

Vista users right click on dds and select Run as administrator (you will receive a UAC prompt, please allow it)

* XP users Double click on dds to run it.
* If your antivirus or firewall try to block DDS then please allow it to run.
* When finished DDS will open two (2) logs.

1) DDS.txt
2) Attach.txt

* Save both logs to your desktop.
* Please copy and paste the entire contents of both logs in your next reply.

Note: DDS will instruct you to post the Attach.txt log as an attachment.
Please just post it as you would any other log by copy and pasting it into the reply.

mit714 · 08-28-2009, 05:20 PM

a-squared Free - Version 4.5
Last update: 8/28/2009 3:53:50 PM

Scan settings:

Scan type: Deep Scan
Objects: Memory, Traces, Cookies, C:\, D:\
Scan archives: On
Heuristics: Off
ADS Scan: On

Scan start: 8/28/2009 3:54:26 PM

[1712] C:\Documents and Settings\HP_Administrator\Application Data\Microsoft\systemkernal.exe detected: Worm.Win32.Carrier!IK
c:\program files\bittorrent detected: Trace.Directory.Bittorrent 5.0!A2
c:\documents and settings\all users\start menu\programs\bittorrent detected: Trace.Directory.Bittorrent 5.0!A2
Value: HKEY_USERS\S-1-5-21-205278981-4061998777-200502687-1008\Software\Microsoft\Windows\CurrentVersion\Explorer\MenuOrder\Start Menu2\Programs\Bittorrent --> Order detected: Trace.Registry.Bittorrent 5.0!A2
c:\program files\bittorrent\bittorrent.exe detected: Trace.File.Bittorrent 5.0!A2
c:\documents and settings\all users\start menu\programs\bittorrent\bittorrent.lnk detected: Trace.File.Bittorrent 5.0!A2
C:\Documents and Settings\HP_Administrator\Application Data\Microsoft\download.exe detected: Trojan-Dropper!IK
C:\Documents and Settings\HP_Administrator\Application Data\Microsoft\systemkernal.exe detected: Worm.Win32.Carrier!IK
C:\Documents and Settings\HP_Administrator\Desktop\Adobe Keygen.exe detected: Worm.Win32.Carrier.w!A2
C:\Documents and Settings\HP_Administrator\Desktop\MRI.EXE detected: Virus.Win32.Trojan!IK
C:\Documents and Settings\HP_Administrator\My Documents\Downloads\Avast.Pro.v4.8.1296.Incl.Keymaker-CORE\cr-ava2l.zip/keygen.exe detected: Riskware.Keygen.Avast!IK
C:\Documents and Settings\HP_Administrator\My Documents\Geek\Malware\Utilities\Atribune\rdrivrem.zip/swsc.exe detected: Backdoor.Win32.Hupigon!IK
C:\Program Files\Online Services\PeoplePC\Dll\crypto.dll detected: Trojan.Zlob!IK

Scanned

Files: 218418
Traces: 633669
Cookies: 5
Processes: 64

Found

Files: 7
Traces: 5
Cookies: 0
Processes: 1
Registry keys: 0

Scan end: 8/28/2009 5:07:57 PM
Scan time: 1:13:31

C:\Program Files\Online Services\PeoplePC\Dll\crypto.dll Quarantined Trojan.Zlob!IK
C:\Documents and Settings\HP_Administrator\My Documents\Geek\Malware\Utilities\Atribune\rdrivrem.zip/swsc.exe Quarantined Backdoor.Win32.Hupigon!IK
C:\Documents and Settings\HP_Administrator\My Documents\Downloads\Avast.Pro.v4.8.1296.Incl.Keymaker-CORE\cr-ava2l.zip/keygen.exe Quarantined Riskware.Keygen.Avast!IK
C:\Documents and Settings\HP_Administrator\Desktop\MRI.EXE Quarantined Virus.Win32.Trojan!IK
C:\Documents and Settings\HP_Administrator\Desktop\Adobe Keygen.exe Quarantined Worm.Win32.Carrier.w!A2
C:\Documents and Settings\HP_Administrator\Application Data\Microsoft\download.exe Quarantined Trojan-Dropper!IK
c:\program files\bittorrent\bittorrent.exe Quarantined Trace.File.Bittorrent 5.0!A2
c:\documents and settings\all users\start menu\programs\bittorrent\bittorrent.lnk Quarantined Trace.File.Bittorrent 5.0!A2
Value: HKEY_USERS\S-1-5-21-205278981-4061998777-200502687-1008\Software\Microsoft\Windows\CurrentVersion\Explorer\MenuOrder\Start Menu2\Programs\Bittorrent --> Order Quarantined Trace.Registry.Bittorrent 5.0!A2
c:\program files\bittorrent Quarantined Trace.Directory.Bittorrent 5.0!A2
c:\documents and settings\all users\start menu\programs\bittorrent Quarantined Trace.Directory.Bittorrent 5.0!A2
[1712] C:\Documents and Settings\HP_Administrator\Application Data\Microsoft\systemkernal.exe Quarantined Worm.Win32.Carrier!IK
C:\Documents and Settings\HP_Administrator\Application Data\Microsoft\systemkernal.exe Quarantined Worm.Win32.Carrier!IK

Quarantined

Files: 7
Traces: 5
Cookies: 0

UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.
IF REQUESTED, ZIP IT UP & ATTACH IT

DDS (Ver_09-07-30.01)

Microsoft Windows XP Professional
Boot Device: \Device\HarddiskVolume2
Install Date: 6/18/2009 11:48:17 AM
System Uptime: 8/28/2009 1:53:55 PM (4 hours ago)

Motherboard: ASUSTeK Computer INC. | | Goldfish3
Processor: Intel(R) Pentium(R) 4 CPU 3.00GHz | CPU 1 | 3000/200mhz
Processor: Intel(R) Pentium(R) 4 CPU 3.00GHz | CPU 1 | 3000/200mhz

==== Disk Partitions =========================

A: is Removable
C: is FIXED (NTFS) - 178 GiB total, 126.663 GiB free.
D: is FIXED (FAT32) - 8 GiB total, 0.899 GiB free.
E: is CDROM ()
F: is CDROM ()
G: is Removable
H: is Removable
I: is Removable
J: is Removable
K: is Removable

==== Disabled Device Manager Items =============

==== System Restore Points ===================

No restore point in system.

==== Installed Programs ======================

a-squared Free 4.5
Adobe AIR
Adobe Anchor Service CS4
Adobe Bridge CS4
Adobe CMaps CS4
Adobe Color - Photoshop Specific CS4
Adobe Color EU Extra Settings CS4
Adobe Color JA Extra Settings CS4
Adobe Color NA Recommended Settings CS4
Adobe Color Video Profiles CS CS4
Adobe CSI CS4
Adobe Default Language CS4
Adobe Device Central CS4
Adobe Drive CS4
Adobe ExtendScript Toolkit CS4
Adobe Extension Manager CS4
Adobe Flash Player 10 ActiveX
Adobe Flash Player 10 Plugin
Adobe Fonts All
Adobe Linguistics CS4
Adobe Media Player
Adobe Output Module
Adobe PDF Library Files CS4
Adobe Photoshop CS4
Adobe Photoshop CS4 Support
Adobe Reader 7.0
Adobe Search for Help
Adobe Service Manager Extension
Adobe Setup
Adobe Type Support CS4
Adobe Update Manager CS4
Adobe WinSoft Linguistics Plugin
Adobe XMP Panels CS4
AdobeColorCommonSetCMYK
AdobeColorCommonSetRGB
AIM 6
AiO_Scan
AiOSoftware
Apple Mobile Device Support
Apple Software Update
AusLogics BoostSpeed
avast! Antivirus
BitTorrent 6.0.1
Bonjour
Brother MFL-Pro Suite
CCleaner (remove only)
CloneCD
Connect
CP_Package_Variety1
CP_Package_Variety2
CP_Package_Variety3
DNA
Fax
Google Chrome
High Definition Audio Driver Package - KB888111
HijackThis 2.0.2
Hotfix for Windows XP (KB935448)
Hotfix for Windows XP (KB952287)
HP Boot Optimizer
HP DigitalMedia Archive
HP Multimedia Keyboard Software
HP PSC & OfficeJet 5.3.B
HPProductAssistant
HpSdpAppCoreApp
InstallMgr
Intel(R) Graphics Media Accelerator Driver
IntelliMover Data Transfer Demo
iTunes
J2SE Runtime Environment 5.0
Java(TM) 6 Update 14
K-Lite Codec Pack 4.7.5 (Full)
kuler
LightScribe 1.4.31.1
Malwarebytes' Anti-Malware
Maxtor Manager
Microsoft .NET Framework 1.0 Hotfix (KB930494)
Microsoft .NET Framework 1.1
Microsoft .NET Framework 1.1 Hotfix (KB928366)
Microsoft Default Manager
Microsoft Office Access MUI (English) 2007
Microsoft Office Access Setup Metadata MUI (English) 2007
Microsoft Office Enterprise 2007
Microsoft Office Excel MUI (English) 2007
Microsoft Office Groove MUI (English) 2007
Microsoft Office Groove Setup Metadata MUI (English) 2007
Microsoft Office InfoPath MUI (English) 2007
Microsoft Office OneNote MUI (English) 2007
Microsoft Office Outlook MUI (English) 2007
Microsoft Office PowerPoint MUI (English) 2007
Microsoft Office Proof (English) 2007
Microsoft Office Proof (French) 2007
Microsoft Office Proof (Spanish) 2007
Microsoft Office Proofing (English) 2007
Microsoft Office Publisher MUI (English) 2007
Microsoft Office Shared MUI (English) 2007
Microsoft Office Shared Setup Metadata MUI (English) 2007
Microsoft Office Word MUI (English) 2007
Microsoft Search Enhancement Pack
Microsoft Software Update for Web Folders (English) 12
Microsoft VC9 runtime libraries
Microsoft Works
Motorola SM56 Speakerphone Modem
MSN Toolbar
MSXML 4.0 SP2 (KB954430)
MSXML 6 Service Pack 2 (KB954459)
NewCopy
Otto
PaperPort
PDF Settings CS4
Photoshop Camera Raw
Picasa 3
PS2
Python 2.2 pywin32 extensions (build 203)
Python 2.2.3
QFolder
QuickTime
Readme
Registry Mechanic 8.0
Scan
Security Update for Step By Step Interactive Training (KB923723)
Security Update for Windows XP (KB883939)
Security Update for Windows XP (KB896358)
Security Update for Windows XP (KB896422)
Security Update for Windows XP (KB923561)
Security Update for Windows XP (KB923689)
Security Update for Windows XP (KB938464-v2)
Security Update for Windows XP (KB941569)
Security Update for Windows XP (KB946648)
Security Update for Windows XP (KB950760)
Security Update for Windows XP (KB950762)
Security Update for Windows XP (KB950974)
Security Update for Windows XP (KB951066)
Security Update for Windows XP (KB951376-v2)
Security Update for Windows XP (KB952954)
Security Update for Windows XP (KB954600)
Security Update for Windows XP (KB955069)
Security Update for Windows XP (KB956572)
Security Update for Windows XP (KB956803)
Security Update for Windows XP (KB957097)
Security Update for Windows XP (KB958644)
Security Update for Windows XP (KB958687)
Security Update for Windows XP (KB959426)
Security Update for Windows XP (KB960225)
Security Update for Windows XP (KB960803)
Security Update for Windows XP (KB961373)
Security Update for Windows XP (KB961501)
Security Update for Windows XP (KB969898)
Sonic Encoders
Spy Sweeper Core
Spyware Doctor 6.0
Suite Shared Configuration CS4
TeamViewer 4
Update for Windows XP (KB898461)
Update for Windows XP (KB955839)
Update Rollup 1 for Windows XP Media Center Edition 2005 with HDTV Support (KB873369)
Viewpoint Media Player
Vuze
Vuze Toolbar
WebFldrs XP
Windows Installer 3.1 (KB893803)
Windows Media Format Runtime
Windows Media Player 10 Hotfix [See KB889858 for more information]
Windows XP Hotfix - KB873339
Windows XP Hotfix - KB883667
Windows XP Hotfix - KB885250
Windows XP Hotfix - KB885354
Windows XP Hotfix - KB885835
Windows XP Hotfix - KB885836
Windows XP Hotfix - KB887472
Windows XP Hotfix - KB887742
Windows XP Hotfix - KB888113
Windows XP Hotfix - KB890175
Windows XP Hotfix - KB891220
Windows XP Hotfix - KB891781
Windows XP Hotfix - KB893066
Windows XP Media Center Edition 2005 KB888316
Windows XP Media Center Edition 2005 KB895678
WinRAR archiver

==== Event Viewer Messages From Past Week ========

8/28/2009 5:13:28 PM, error: Service Control Manager [7016] - The BrSplService service has reported an invalid current state 0.

==== End Of File ===========================

DDS (Ver_09-07-30.01) - NTFSx86
Run by HP_Administrator at 17:15:12.68 on Fri 08/28/2009
Internet Explorer: 6.0.2900.2180
Microsoft Windows XP Professional 5.1.2600.2.1252.1.1033.18.1015.436 [GMT -4:00]

AV: avast! antivirus 4.8.1335 [VPS 090828-0] *On-access scanning enabled* (Updated) {7591DB91-41F0-48A3-B128-1A293FD8233D}

============== Running Processes ===============

C:\WINDOWS\system32\svchost -k DcomLaunch
C:\WINDOWS\system32\svchost -k rpcss
C:\WINDOWS\System32\svchost.exe -k netsvcs
C:\WINDOWS\system32\svchost.exe -k NetworkService
C:\WINDOWS\system32\svchost.exe -k LocalService
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\brss01a.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\igfxpers.exe
C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
C:\WINDOWS\ehome\ehtray.exe
C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe
C:\Program Files\ScanSoft\PaperPort\pptd40nt.exe
C:\Program Files\Brother\ControlCenter2\brctrcen.exe
C:\Program Files\Spyware Doctor\pctsTray.exe
C:\Program Files\Maxtor\OneTouch Status\maxmenumgr.exe
C:\WINDOWS\system32\ctfmon.exe
C:\WINDOWS\system32\svchost.exe -k LocalService
C:\Program Files\AIM6\aim6.exe
C:\Program Files\DNA\btdna.exe
C:\Program Files\Brother\Brmfcmon\BrMfcWnd.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\WINDOWS\system32\Brmfrmps.exe
C:\WINDOWS\eHome\ehRecvr.exe
C:\WINDOWS\eHome\ehSched.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\Program Files\Common Files\LightScribe\LSSrvc.exe
C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\Program Files\Spyware Doctor\pctsAuxs.exe
C:\Program Files\Spyware Doctor\pctsSvc.exe
C:\Program Files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe
C:\Program Files\AIM6\aolsoftware.exe
C:\WINDOWS\system32\tcpsvcs.exe
C:\WINDOWS\system32\svchost.exe -k imgsvc
C:\Program Files\Webroot\WebrootSecurity\SpySweeper.exe
C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
C:\Program Files\Brother\Brmfcmon\BrMfcmon.exe
C:\WINDOWS\eHome\ehmsas.exe
C:\WINDOWS\system32\dllhost.exe
C:\WINDOWS\System32\alg.exe
C:\WINDOWS\System32\svchost.exe -k HTTPFilter
C:\HP\KBD\KBD.EXE
C:\WINDOWS\SOUNDMAN.EXE
C:\WINDOWS\ALCMTR.EXE
C:\WINDOWS\ALCWZRD.EXE
c:\windows\system\hpsysdrv.exe
C:\Program Files\Java\jre1.5.0\bin\jusched.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\a-squared Free\a2service.exe
C:\Documents and Settings\HP_Administrator\My Documents\Downloads\dds (1).scr
C:\WINDOWS\system32\wbem\wmiprvse.exe

============== Pseudo HJT Report ===============

uSearch Page = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iesearch&locale=EN_US&c=Q405&bd=pavilion&pf=desktop&parm1=seconduser
uSearch Bar = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iesearch&locale=EN_US&c=Q405&bd=pavilion&pf=desktop&parm1=seconduser
uDefault_Page_URL = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=EN_US&c=Q405&bd=pavilion&pf=desktop&parm1=seconduser
uDefault_Search_URL = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iesearch&locale=EN_US&c=Q405&bd=pavilion&pf=desktop&parm1=seconduser
mDefault_Page_URL = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=EN_US&c=Q405&bd=pavilion&pf=desktop&parm1=seconduser
mDefault_Search_URL = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iesearch&locale=EN_US&c=Q405&bd=pavilion&pf=desktop&parm1=seconduser
mSearch Page = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iesearch&locale=EN_US&c=Q405&bd=pavilion&pf=desktop&parm1=seconduser
mSearch Bar = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iesearch&locale=EN_US&c=Q405&bd=pavilion&pf=desktop&parm1=seconduser
uInternet Settings,ProxyOverride = *.local
uSearchURL,(Default) = hxxp://www.google.com/keyword/%s
BHO: Search Helper: {6ebf7485-159f-4bff-a14f-b9e3aac4465b} - c:\program files\microsoft\search enhancement pack\search helper\SearchHelper.dll
BHO: Groove GFS Browser Helper: {72853161-30c5-4d22-b7f9-0bbc1d38a37e} - c:\progra~1\mi1933~1\office12\GRA8E1~1.DLL
BHO: MSN Toolbar Helper: {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - c:\program files\msn\toolbar\3.0.1125.0\msneshellx.dll
BHO: JQSIEStartDetectorImpl Class: {e7e6f031-17ce-4c07-bc86-eabfe594f69c} - c:\program files\java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
TB: MSN Toolbar: {1e61ed7c-7cb8-49d6-b9e9-ab4c880c8414} - c:\program files\msn\toolbar\3.0.1125.0\msneshellx.dll
uRun: [ctfmon.exe] c:\windows\system32\ctfmon.exe
uRun: [Google Update] "c:\documents and settings\hp_administrator\local settings\application data\google\update\GoogleUpdate.exe" /c
uRun: [systemkernal.exe] c:\documents and settings\hp_administrator\application data\microsoft\systemkernal.exe
uRun: [Aim6] "c:\program files\aim6\aim6.exe" /d locale=en-US ee://aol/imApp
uRun: [BitTorrent DNA] "c:\program files\dna\btdna.exe"
mRun: [High Definition Audio Property Page Shortcut] HDAShCut.exe
mRun: [Persistence] c:\windows\system32\igfxpers.exe
mRun: [HPBootOp] "c:\program files\hewlett-packard\hp boot optimizer\HPBootOp.exe" /run
mRun: [avast!] c:\progra~1\alwils~1\avast4\ashDisp.exe
mRun: [ehTray] c:\windows\ehome\ehtray.exe
mRun: [GrooveMonitor] "c:\program files\microsoft office\office12\GrooveMonitor.exe"
mRun: [LSBWatcher] c:\hp\drivers\hplsbwatcher\lsburnwatcher.exe
mRun: [Microsoft Default Manager] "c:\program files\microsoft\search enhancement pack\default manager\DefMgr.exe" -resume
mRun: [AdobeCS4ServiceManager] "c:\program files\common files\adobe\cs4servicemanager\CS4ServiceManager.exe" -launchedbylogin
mRun: [Malwarebytes' Anti-Malware] "c:\program files\malwarebytes' anti-malware\mbamgui.exe" /starttray
mRun: [SSBkgdUpdate] "c:\program files\common files\scansoft shared\ssbkgdupdate\SSBkgdupdate.exe" -Embedding -boot
mRun: [PaperPort PTD] c:\program files\scansoft\paperport\pptd40nt.exe
mRun: [IndexSearch] c:\program files\scansoft\paperport\IndexSearch.exe
mRun: [SetDefPrt] c:\program files\brother\brmfl04a\BrStDvPt.exe
mRun: [ControlCenter2.0] c:\program files\brother\controlcenter2\brctrcen.exe /autorun
mRun: [ISTray] "c:\program files\spyware doctor\pctsTray.exe"
mRun: [mxomssmenu] "c:\program files\maxtor\onetouch status\maxmenumgr.exe"
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\status~1.lnk - c:\program files\brother\brmfcmon\BrMfcWnd.exe
IE: Add to Google Photos Screensa&ver - c:\windows\system32\GPhotos.scr/200
IE: E&xport to Microsoft Excel - c:\progra~1\mi1933~1\office12\EXCEL.EXE/3000
IE: {E2D4D26B-0180-43a4-B05F-462D6D54C789} - c:\windows\pchealth\helpctr\vendors\cn=hewlett-packard,l=cupertino,s=ca,c=us\iebutton\support.htm
IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe
IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - c:\progra~1\mi1933~1\office12\ONBttnIE.dll
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\mi1933~1\office12\REFIEBAR.DLL
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_14-windows-i586.cab
DPF: {CAFEEFAC-0015-0000-0000-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.5.0/jinstall-1_5_0-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0014-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_14-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_14-windows-i586.cab
DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
DPF: {FD0B6769-6490-4A91-AA0A-B5AE0DC75AC9} - hxxps://secure.logmein.com/activex/ractrl.cab?lmi=100
Handler: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - c:\progra~1\mi1933~1\office12\GR99D3~1.DLL
Notify: igfxcui - igfxdev.dll
SEH: Groove GFS Stub Execution Hook: {b5a7f190-dda6-4420-b3ba-52453494e6cd} - c:\progra~1\mi1933~1\office12\GRA8E1~1.DLL

============= SERVICES / DRIVERS ===============

R0 PCTCore;PCTools KDS;c:\windows\system32\drivers\PCTCore.sys [2009-6-18 130936]
R0 ssfs0bbc;ssfs0bbc;c:\windows\system32\drivers\ssfs0bbc.sys [2009-4-21 29808]
R1 aswSP;avast! Self Protection;c:\windows\system32\drivers\aswSP.sys [2009-6-18 114768]
R2 a2free;a-squared Free Service;c:\program files\a-squared free\a2service.exe [2009-8-28 980512]
R2 aswFsBlk;aswFsBlk;c:\windows\system32\drivers\aswFsBlk.sys [2009-6-18 20560]
R2 avast! Antivirus;avast! Antivirus;c:\program files\alwil software\avast4\ashServ.exe [2009-6-18 138680]
R2 Iprip;RIP Listener;c:\windows\system32\svchost.exe -k netsvcs [2004-8-10 14336]
R2 Maxtor Sync Service;Maxtor Service;c:\program files\maxtor\sync\SyncServices.exe [2008-7-21 193888]
R2 MBAMService;MBAMService;c:\program files\malwarebytes' anti-malware\mbamservice.exe [2009-6-18 232720]
R2 sdAuxService;PC Tools Auxiliary Service;c:\program files\spyware doctor\pctsAuxs.exe [2009-6-18 348752]
R2 sdCoreService;PC Tools Security Service;c:\program files\spyware doctor\pctsSvc.exe [2009-6-18 1095560]
R2 SeaPort;SeaPort;c:\program files\microsoft\search enhancement pack\seaport\SeaPort.exe [2009-1-14 226656]
R2 WebrootSpySweeperService;Webroot Spy Sweeper Engine;c:\program files\webroot\webrootsecurity\SpySweeper.exe [2009-4-21 4048240]
R3 avast! Mail Scanner;avast! Mail Scanner;c:\program files\alwil software\avast4\ashMaiSv.exe [2009-6-18 254040]
R3 avast! Web Scanner;avast! Web Scanner;c:\program files\alwil software\avast4\ashWebSv.exe [2009-6-18 352920]
R3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [2009-6-18 19096]
S4 ASKService;ASKService;c:\program files\askbardis\bar\bin\AskService.exe [2009-8-10 464264]
S4 ASKUpgrade;ASKUpgrade;c:\program files\askbardis\bar\bin\ASKUpgrade.exe [2009-8-10 234888]
S4 Viewpoint Manager Service;Viewpoint Manager Service;c:\program files\viewpoint\common\ViewpointService.exe [2009-8-24 24652]

=============== Created Last 30 ================

2009-08-28 15:52 <DIR> --d----- c:\program files\a-squared Free
2009-08-28 13:42 <DIR> --d----- c:\program files\Maxtor
2009-08-26 10:38 3,248 a------- c:\windows\system32\wbem\Outlook_01ca265acfa9d46a.mof
2009-08-24 18:29 <DIR> --d----- c:\docume~1\hp_adm~1\applic~1\BitTorrent
2009-08-24 18:28 <DIR> --d----- c:\program files\DNA
2009-08-24 18:28 <DIR> --d----- c:\docume~1\hp_adm~1\applic~1\DNA
2009-08-24 10:57 <DIR> --d----- c:\docume~1\alluse~1\applic~1\Viewpoint
2009-08-24 10:57 <DIR> --d----- c:\program files\Viewpoint
2009-08-24 10:57 <DIR> --d----- c:\docume~1\alluse~1\applic~1\acccore
2009-08-24 10:56 <DIR> --d----- c:\program files\common files\AOL
2009-08-24 10:55 <DIR> --d----- c:\program files\AIM6
2009-08-24 10:55 367 a---h--- C:\IPH.PH
2009-08-17 16:34 0 a------- c:\windows\Brownie.ini
2009-08-17 01:42 <DIR> --d----- c:\docume~1\hp_adm~1\applic~1\LimeWire
2009-08-12 19:38 51 a------- c:\windows\brmx2001.ini
2009-08-12 19:38 40 a------- c:\windows\opt_2460.ini
2009-08-11 21:10 234 a------- c:\windows\Brpfx04a.ini
2009-08-11 21:10 92 a------- c:\windows\brpcfx.ini
2009-08-11 21:10 50 a------- c:\windows\system32\BRIDF04A.dat
2009-08-11 21:10 65,536 -------- c:\windows\system32\Brmfrmps.exe
2009-08-11 21:10 51,200 -------- c:\windows\system32\brinsstr.dll
2009-08-11 21:09 176,128 -------- c:\windows\system32\Pdrvinst.dll
2009-08-11 21:09 81,920 -------- c:\windows\system32\BrWebIns.dll
2009-08-11 21:09 65,536 -------- c:\windows\system32\Brwebup.exe
2009-08-11 21:09 <DIR> --d----- C:\Brother
2009-08-11 21:09 6,224 -------- c:\windows\CVRPAGE.BMP
2009-08-11 21:09 0 a------- c:\windows\brdfxspd.dat
2009-08-11 21:09 126,976 -------- c:\windows\system32\BrfxD04a.dll
2009-08-11 21:09 147,456 a------- c:\windows\brunin03.dll
2009-08-11 21:09 <DIR> --d----- c:\program files\Brother
2009-08-11 21:08 27,019 a------- c:\windows\maxlink.ini
2009-08-11 21:08 <DIR> --d----- c:\program files\common files\ScanSoft Shared
2009-08-11 21:08 <DIR> --d----- c:\program files\ScanSoft
2009-08-11 21:07 <DIR> --d----- c:\docume~1\alluse~1\applic~1\Brother
2009-08-10 18:51 <DIR> --d----- c:\program files\Vuze
2009-08-10 18:51 <DIR> --d----- c:\program files\AskBarDis

==================== Find3M ====================

2009-08-28 15:53 2,016 a------- c:\docume~1\hp_adm~1\applic~1\wklnhst.dat
2009-08-23 23:29 34 a------- c:\documents and settings\hp_administrator\jagex_runescape_preferences.dat
2009-08-03 13:36 38,160 a------- c:\windows\system32\drivers\mbamswissarmy.sys
2009-08-03 13:36 19,096 a------- c:\windows\system32\drivers\mbam.sys
2009-07-11 14:54 410,984 a------- c:\windows\system32\deploytk.dll
2009-06-19 10:40 73,728 a------- c:\windows\ALCFDRTM.EXE
2009-06-18 21:21 164 a------- C:\install.dat
2009-06-05 11:42 2,060,288 a------- c:\windows\system32\usbaaplrc.dll

============= FINISH: 17:16:13.45 ===============

evilfantasy · 08-28-2009, 09:01 PM

Quote:

C:\Documents and Settings\HP_Administrator\Desktop\Adobe Keygen.exe

If you have any other cracked software please remove it now. I can't continue help if I find any more.

----------

Your Java is out of date.

Older versions have vulnerabilities that malicious sites can use to infect your system.

First install the new Sun Java Runtime Environment

Note: UNCHECK any pre-checked toolbar and/or software offered with the Java update. The pre-checked toolbars/software are not part of the Java update.

Be sure to close all browser windows before beginning the install.

Remove the old version(s)

Download JavaRa
* Unzip the file and open the JavaRa.exe
* Click Remove Older Versions
* JavaRa will search for and remove any outdated version of Java and remove any that are found.
* Click Additional Tasks
* Place a check next to Remove Useless JRE Files and click Go
* Exit JavaRa
* Delete the JavaRa files from the Desktop

Additional Note: The Java Quick Starter (JQS.exe) adds a service to improve the initial startup time of Java applets and applications. To disable the JQS service if you don't want to use it, go to Start > Control Panel > Java > Advanced > Miscellaneous and uncheck the box for Java Quick Starter. Click OK and restart your computer.

----------

Go to Add or Remove Programs and uninstall:

Viewpoint Media Player

----------

Download ComboFix© by sUBs from one of the below links. Be sure top save it to the Desktop.

Link #1
Link #2

**Note: It is important that it is saved directly to your Desktop

DO NOT run it yet!

Note: the below instructions were created specifically for this user. If you are not this user, DO NOT follow these directions as they could damage the workings of your system

Delete these files/folders, as follows:

1. Go to Start > Run > type Notepad.exe and click OK to open Notepad.
It must be Notepad, not Wordpad.
2. Copy the text in the below code box by highlighting all the text and pressing Ctrl+C

Code:

KillAll::

DDS::
uRun: [systemkernal.exe] c:\documents and settings\hp_administrator\application data\microsoft\systemkernal.exe

Folder::
c:\program files\AskBarDis

3. Go to the Notepad window and click Edit > Paste
4. Then click File > Save
5. Name the file CFScript.txt - Save the file to your Desktop
6. Then drag the CFScript (hold the left mouse button while dragging the file) and drop it (release the left mouse button) into ComboFix.exe as you see in the screenshot below. Important: Perform this instruction carefully!

ComboFix will begin to execute, just follow the prompts.
After reboot (in case it asks to reboot), it will produce a log for you.
Post that log (Combofix.txt) in your next reply.

Note: Do not mouseclick ComboFix's window while it is running. That may cause your system to freeze

mit714 · 08-28-2009, 11:26 PM

heres the log

ComboFix 09-08-28.01 - HP_Administrator 08/28/2009 23:17.1.2 - NTFSx86
Microsoft Windows XP Professional 5.1.2600.2.1252.1.1033.18.1015.491 [GMT -4:00]
Running from: c:\documents and settings\HP_Administrator\Desktop\ComboFix.exe
Command switches used :: c:\documents and settings\HP_Administrator\Desktop\CFScript.txt
AV: avast! antivirus 4.8.1335 [VPS 090828-0] *On-access scanning disabled* (Updated) {7591DB91-41F0-48A3-B128-1A293FD8233D}
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\documents and settings\HP_Administrator\Application Data\Microsoft\dowasfaffsfsafnload.exe
c:\documents and settings\HP_Administrator\Application Data\Microsoft\dowasfasfsafnload.exe
c:\documents and settings\HP_Administrator\Application Data\Microsoft\dowasfasfsafnload.exeWebDL
c:\program files\AskBarDis
c:\program files\AskBarDis\bar\bin\askPopStp.dll
c:\program files\AskBarDis\bar\bin\AskService.exe
c:\program files\AskBarDis\bar\bin\AskSplash.exe
c:\program files\AskBarDis\bar\bin\AskTBApp.exe
c:\program files\AskBarDis\bar\bin\ASKUpgrade.exe
c:\program files\AskBarDis\bar\bin\psvince.dll
c:\program files\AskBarDis\bar\Settings\AskLogo.ico
c:\program files\AskBarDis\bar\Settings\config.dat
c:\program files\AskBarDis\bar\Settings\config.dat.bak
c:\program files\AskBarDis\unins000.dat
c:\program files\AskBarDis\unins000.exe
c:\program files\AskSearch\bin\DefaultSearch.dll
c:\recycler\k-1-3542-4232123213-7676767-8888886
c:\windows\system32\ps2.bat

.
((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))
.

-------\Legacy_IPRIP
-------\Service_Iprip
-------\Legacy_ASKService
-------\Legacy_ASKUpgrade
-------\Service_ASKService
-------\Service_ASKUpgrade

((((((((((((((((((((((((( Files Created from 2009-07-28 to 2009-08-29 )))))))))))))))))))))))))))))))
.

2009-08-28 19:52 . 2009-08-28 21:07 -------- d-----w- c:\program files\a-squared Free
2009-08-28 17:42 . 2009-08-28 17:51 -------- d-----w- c:\program files\Maxtor
2009-08-24 22:29 . 2009-08-25 00:14 -------- d-----w- c:\documents and settings\HP_Administrator\Application Data\BitTorrent
2009-08-24 22:28 . 2009-08-24 22:28 -------- d-----w- c:\documents and settings\HP_Administrator\Local Settings\Application Data\DNA
2009-08-24 22:28 . 2009-08-29 03:22 -------- d-----w- c:\program files\DNA
2009-08-24 22:28 . 2009-08-29 03:22 -------- d-----w- c:\documents and settings\HP_Administrator\Application Data\DNA
2009-08-24 14:57 . 2009-08-24 14:57 -------- d-----w- c:\documents and settings\HP_Administrator\Application Data\acccore
2009-08-24 14:57 . 2009-08-24 14:57 -------- d-----w- c:\documents and settings\HP_Administrator\Local Settings\Application Data\AOL OCP
2009-08-24 14:57 . 2009-08-24 14:57 -------- d-----w- c:\documents and settings\HP_Administrator\Local Settings\Application Data\AOL
2009-08-24 14:57 . 2009-08-29 03:07 -------- d-----w- c:\documents and settings\All Users\Application Data\Viewpoint
2009-08-24 14:57 . 2009-08-24 14:57 -------- d-----w- c:\documents and settings\All Users\Application Data\acccore
2009-08-24 14:56 . 2009-08-24 14:58 -------- d-----w- c:\documents and settings\All Users\Application Data\AOL OCP
2009-08-24 14:56 . 2009-08-24 14:56 -------- d-----w- c:\documents and settings\All Users\Application Data\AOL
2009-08-24 14:56 . 2009-08-24 14:56 -------- d-----w- c:\program files\Common Files\AOL
2009-08-24 14:55 . 2009-08-24 14:57 -------- d-----w- c:\program files\AIM6
2009-08-12 01:10 . 2009-08-12 01:10 50 ----a-w- c:\windows\system32\BRIDF04A.dat
2009-08-12 01:10 . 2004-04-12 14:44 51200 ------w- c:\windows\system32\brinsstr.dll
2009-08-12 01:10 . 2003-05-05 23:30 65536 ------w- c:\windows\system32\Brmfrmps.exe
2009-08-12 01:09 . 2002-02-13 05:16 176128 ------w- c:\windows\system32\Pdrvinst.dll
2009-08-12 01:09 . 2002-02-05 05:08 81920 ------w- c:\windows\system32\BrWebIns.dll
2009-08-12 01:09 . 2002-02-05 05:07 65536 ------w- c:\windows\system32\Brwebup.exe
2009-08-12 01:09 . 2009-08-12 01:09 -------- d-----w- C:\Brother
2009-08-12 01:09 . 2004-04-06 05:00 126976 ------w- c:\windows\system32\BrfxD04a.dll
2009-08-12 01:09 . 2003-11-28 22:57 0 ----a-w- c:\windows\brdfxspd.dat
2009-08-12 01:09 . 2009-08-12 01:10 -------- d-----w- c:\program files\Brother
2009-08-12 01:09 . 2003-12-11 13:32 147456 ----a-w- c:\windows\brunin03.dll
2009-08-12 01:08 . 2009-08-12 01:08 -------- d-----w- c:\program files\Common Files\ScanSoft Shared
2009-08-12 01:08 . 2009-08-12 01:08 -------- d-----w- c:\documents and settings\All Users\Application Data\ScanSoft
2009-08-12 01:08 . 2009-08-12 01:08 -------- d-----w- c:\program files\ScanSoft
2009-08-12 01:07 . 2009-08-12 01:14 57 ----a-w- c:\documents and settings\All Users\Application Data\Brother\BrLog\BrCollectDir\BR_cat.bat
2009-08-12 01:07 . 2009-08-12 01:07 -------- d-----w- c:\documents and settings\All Users\Application Data\Brother
2009-08-10 22:51 . 2009-08-13 01:22 -------- d-----w- c:\program files\Vuze

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-08-29 03:06 . 2009-06-18 16:07 2016 ----a-w- c:\documents and settings\HP_Administrator\Application Data\wklnhst.dat
2009-08-29 03:05 . 2005-08-16 11:39 -------- d-----w- c:\program files\Java
2009-08-29 03:01 . 2009-07-11 18:55 411368 ----a-w- c:\windows\system32\deploytk.dll
2009-08-29 03:01 . 2009-06-18 18:21 -------- d---a-w- c:\documents and settings\All Users\Application Data\TEMP
2009-08-29 02:56 . 2005-08-16 12:20 -------- d-----w- c:\program files\Common Files\Adobe
2009-08-28 21:55 . 2009-06-18 18:26 -------- d-----w- c:\documents and settings\HP_Administrator\Application Data\Media Player Classic
2009-08-28 17:52 . 2005-08-16 12:20 -------- d--h--w- c:\program files\InstallShield Installation Information
2009-08-27 12:00 . 2009-06-18 17:25 -------- d-----w- c:\documents and settings\HP_Administrator\Application Data\Azureus
2009-08-24 03:29 . 2009-07-29 16:57 34 ----a-w- c:\documents and settings\HP_Administrator\jagex_runescape_preferences.dat
2009-08-17 15:45 . 2009-08-17 05:42 -------- d-----w- c:\documents and settings\HP_Administrator\Application Data\LimeWire
2009-08-13 14:16 . 2009-06-18 18:10 -------- d-----w- c:\documents and settings\HP_Administrator\Application Data\uTorrent
2009-08-12 01:09 . 2005-08-16 12:12 -------- d-----w- c:\program files\Common Files\InstallShield
2009-08-10 22:53 . 2009-06-18 17:43 -------- d-----w- c:\program files\iTunes
2009-08-05 01:33 . 2009-06-18 17:53 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2009-08-05 01:32 . 2009-07-14 06:38 3942048 ----a-w- c:\documents and settings\All Users\Application Data\Malwarebytes\Malwarebytes' Anti-Malware\mbam-setup.exe
2009-08-03 17:36 . 2009-06-18 17:53 38160 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2009-08-03 17:36 . 2009-06-18 17:53 19096 ----a-w- c:\windows\system32\drivers\mbam.sys
2009-07-27 15:29 . 2009-07-27 15:29 -------- d-----w- c:\documents and settings\All Users\Application Data\FLEXnet
2009-07-23 04:30 . 2009-07-23 04:30 -------- d-----w- c:\documents and settings\HP_Administrator\Application Data\AdobeUM
2009-07-14 03:40 . 2009-06-18 15:49 -------- d-----w- c:\documents and settings\HP_Administrator\Application Data\Apple Computer
2009-07-14 03:37 . 2009-06-18 17:41 -------- d-----w- c:\documents and settings\All Users\Application Data\Apple
2009-07-12 04:33 . 2009-06-18 16:07 82112 ----a-w- c:\documents and settings\HP_Administrator\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
2009-07-12 04:24 . 2009-07-12 04:24 -------- d-----w- c:\documents and settings\HP_Administrator\Application Data\com.adobe.ExMan
2009-07-12 03:57 . 2009-07-12 03:57 -------- d-----w- c:\program files\Adobe Media Player
2009-07-12 03:52 . 2009-07-12 03:52 -------- d-----w- c:\program files\Common Files\Adobe AIR
2009-07-11 19:11 . 2005-08-16 12:42 -------- d-----w- c:\program files\Google
2009-07-11 18:57 . 2009-07-11 18:57 -------- d-----w- c:\program files\Microsoft
2009-06-19 14:40 . 2009-06-19 14:40 73728 ----a-w- c:\windows\ALCFDRTM.EXE
2009-06-19 01:33 . 2009-06-19 01:33 164 ----a-w- c:\windows\install.dat
2009-06-19 01:21 . 2009-06-19 01:21 164 ----a-w- C:\install.dat
2009-06-05 15:42 . 2009-06-18 17:41 39424 ----a-w- c:\windows\system32\drivers\usbaapl.sys
2009-06-05 15:42 . 2009-06-18 17:41 2060288 ----a-w- c:\windows\system32\usbaaplrc.dll
.

------- Sigcheck -------

[-] 2005-03-14 08:17 359936 6129E70F3D2F1E60860C930EBEAF92C2 c:\windows\$hf_mig$\KB893066\SP2QFE\tcpip.sys
[7] 2004-08-10 19:00 359040 9F4B36614A0FC234525BA224957DE55C c:\windows\$NtUninstallKB893066$\tcpip.sys
[-] 2008-04-13 19:20 361344 93EA8D04EC73A85DB02EB8805988F733 c:\windows\SoftwareDistribution\Download\9866fb57abdc0ea2f5d4e132d055ba4e\tcpip.sys
[-] 2008-06-20 10:45 360320 2A5554FC5B1E04E131230E3CE035C3F9 c:\windows\SoftwareDistribution\Download\ad744bdeedce85bf37a096f34577ff3a\sp2gdr\tcpip.sys
[-] 2008-06-20 10:44 360960 744E57C99232201AE98C49168B918F48 c:\windows\SoftwareDistribution\Download\ad744bdeedce85bf37a096f34577ff3a\sp2qfe\tcpip.sys
[-] 2008-06-20 11:51 361600 9AEFA14BD6B182D61E3119FA5F436D3D c:\windows\SoftwareDistribution\Download\ad744bdeedce85bf37a096f34577ff3a\sp3gdr\tcpip.sys
[-] 2008-06-20 11:59 361600 AD978A1B783B5719720CFF204B666C8E c:\windows\SoftwareDistribution\Download\ad744bdeedce85bf37a096f34577ff3a\sp3qfe\tcpip.sys
[-] 2005-03-14 07:55 359808 0E66B538096A6529D1AC66E78EB0D5C8 c:\windows\system32\dllcache\tcpip.sys
[-] 2005-03-14 07:55 359808 0E66B538096A6529D1AC66E78EB0D5C8 c:\windows\system32\drivers\tcpip.sys
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Google Update"="c:\documents and settings\HP_Administrator\Local Settings\Application Data\Google\Update\GoogleUpdate.exe" [2009-06-18 133104]
"Aim6"="c:\program files\AIM6\aim6.exe" [2009-07-09 49968]
"BitTorrent DNA"="c:\program files\DNA\btdna.exe" [2009-08-24 318272]
"ctfmon.exe"="c:\windows\system32\ctfmon.exe" [2004-08-10 15360]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Persistence"="c:\windows\system32\igfxpers.exe" [2005-06-08 114688]
"HPBootOp"="c:\program files\Hewlett-Packard\HP Boot Optimizer\HPBootOp.exe" [2005-02-26 245760]
"avast!"="c:\progra~1\ALWILS~1\Avast4\ashDisp.exe" [2009-02-05 81000]
"ehTray"="c:\windows\ehome\ehtray.exe" [2004-08-11 59392]
"GrooveMonitor"="c:\program files\Microsoft Office\Office12\GrooveMonitor.exe" [2006-10-27 31016]
"LSBWatcher"="c:\hp\drivers\hplsbwatcher\lsburnwatcher.exe" [2005-05-11 253952]
"Microsoft Default Manager"="c:\program files\Microsoft\Search Enhancement Pack\Default Manager\DefMgr.exe" [2009-02-03 233304]
"Malwarebytes' Anti-Malware"="c:\program files\Malwarebytes' Anti-Malware\mbamgui.exe" [2009-08-03 419088]
"SSBkgdUpdate"="c:\program files\Common Files\Scansoft Shared\SSBkgdUpdate\SSBkgdupdate.exe" [2003-10-14 155648]
"PaperPort PTD"="c:\program files\ScanSoft\PaperPort\pptd40nt.exe" [2004-04-14 57393]
"IndexSearch"="c:\program files\ScanSoft\PaperPort\IndexSearch.exe" [2004-04-14 40960]
"SetDefPrt"="c:\program files\Brother\Brmfl04a\BrStDvPt.exe" [2004-05-25 49152]
"ControlCenter2.0"="c:\program files\Brother\ControlCenter2\brctrcen.exe" [2004-06-14 851968]
"mxomssmenu"="c:\program files\Maxtor\OneTouch Status\maxmenumgr.exe" [2008-07-21 169312]
"SunJavaUpdateSched"="c:\program files\Java\jre6\bin\jusched.exe" [2009-08-29 149280]
"High Definition Audio Property Page Shortcut"="HDAShCut.exe" - c:\windows\system32\HdAShCut.exe [2005-01-08 61952]

c:\documents and settings\All Users\Start Menu\Programs\Startup\
Status Monitor.lnk - c:\program files\Brother\Brmfcmon\BrMfcWnd.exe [2009-8-11 819200]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\sdauxservice]
@=""

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\sdcoreservice]
@=""

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\KasperskyAntiVirus]
"DisableMonitoring"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpofxm08.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hposfx08.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hposid01.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqscnvw.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqkygrp.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqCopy.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpzwiz01.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpoews01.exe"=
"c:\\Program Files\\Bonjour\\mDNSResponder.exe"=
"c:\\Program Files\\iTunes\\iTunes.exe"=
"c:\\Program Files\\Microsoft Office\\Office12\\OUTLOOK.EXE"=
"c:\\Program Files\\Microsoft Office\\Office12\\GROOVE.EXE"=
"c:\\Program Files\\Microsoft Office\\Office12\\ONENOTE.EXE"=
"c:\\Documents and Settings\\HP_Administrator\\temp\\TeamViewer\\Version4\\TeamViewer.exe"=
"c:\\Program Files\\TeamViewer\\Version4\\TeamViewer.exe"=
"c:\\Program Files\\Vuze\\Azureus.exe"=
"c:\\Program Files\\Common Files\\AOL\\Loader\\aolload.exe"=
"c:\\Program Files\\AIM6\\aim6.exe"=
"c:\\Program Files\\DNA\\btdna.exe"=

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\IcmpSettings]
"AllowInboundEchoRequest"= 1 (0x1)

R0 PCTCore;PCTools KDS;c:\windows\system32\drivers\PCTCore.sys [6/18/2009 2:21 PM 130936]
R0 ssfs0bbc;ssfs0bbc;c:\windows\system32\drivers\ssfs0bbc.sys [4/21/2009 6:27 PM 29808]
R1 aswSP;avast! Self Protection;c:\windows\system32\drivers\aswSP.sys [6/18/2009 2:06 PM 114768]
R2 aswFsBlk;aswFsBlk;c:\windows\system32\drivers\aswFsBlk.sys [6/18/2009 2:06 PM 20560]
R2 MBAMService;MBAMService;c:\program files\Malwarebytes' Anti-Malware\mbamservice.exe [6/18/2009 1:53 PM 232720]
R3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [6/18/2009 1:53 PM 19096]
S3 sdAuxService;PC Tools Auxiliary Service;c:\program files\Spyware Doctor\pctsAuxs.exe [6/18/2009 2:20 PM 348752]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
p2psvc REG_MULTI_SZ p2psvc p2pimsvc p2pgasvc PNRPSvc
.
Contents of the 'Scheduled Tasks' folder

2009-08-29 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-205278981-4061998777-200502687-1008Core.job
- c:\documents and settings\HP_Administrator\Local Settings\Application Data\Google\Update\GoogleUpdate.exe [2009-06-18 17:18]

2009-08-29 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-205278981-4061998777-200502687-1008UA.job
- c:\documents and settings\HP_Administrator\Local Settings\Application Data\Google\Update\GoogleUpdate.exe [2009-06-18 17:18]
.
.
------- Supplementary Scan -------
.
uDefault_Search_URL = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iesearch&locale=EN_US&c=Q405&bd=pavilion&pf=desktop&parm1=seconduser
mSearch Bar = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iesearch&locale=EN_US&c=Q405&bd=pavilion&pf=desktop&parm1=seconduser
uInternet Settings,ProxyOverride = *.local
uSearchURL,(Default) = hxxp://www.google.com/keyword/%s
IE: Add to Google Photos Screensa&ver - c:\windows\system32\GPhotos.scr/200
IE: E&xport to Microsoft Excel - c:\progra~1\MI1933~1\Office12\EXCEL.EXE/3000
DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
.

**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, GMER - Rootkit Detector and Remover
Rootkit scan 2009-08-28 23:22
Windows 5.1.2600 Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
--------------------- LOCKED REGISTRY KEYS ---------------------

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{19114156-8E9A-4D4E-9EE9-17A0E48D3BBB}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\WINDOWS\\system32\\Macromed\\Flash\\FlashUtil10c.exe,-101"

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{19114156-8E9A-4D4E-9EE9-17A0E48D3BBB}\Elevation]
"Enabled"=dword:00000001

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{19114156-8E9A-4D4E-9EE9-17A0E48D3BBB}\LocalServer32]
@="c:\\WINDOWS\\system32\\Macromed\\Flash\\FlashUtil10c.exe"

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{19114156-8E9A-4D4E-9EE9-17A0E48D3BBB}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"

[HKEY_LOCAL_MACHINE\software\Classes\Interface\{1D4C8A81-B7AC-460A-8C23-98713C41D6B3}]
@Denied: (A 2) (Everyone)
@="IFlashBroker3"

[HKEY_LOCAL_MACHINE\software\Classes\Interface\{1D4C8A81-B7AC-460A-8C23-98713C41D6B3}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"

[HKEY_LOCAL_MACHINE\software\Classes\Interface\{1D4C8A81-B7AC-460A-8C23-98713C41D6B3}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
--------------------- DLLs Loaded Under Running Processes ---------------------

- - - - - - - > 'explorer.exe'(368)
c:\windows\system32\msi.dll
c:\windows\system32\hnetcfg.dll
.
------------------------ Other Running Processes ------------------------
.
c:\program files\Alwil Software\Avast4\aswUpdSv.exe
c:\program files\Alwil Software\Avast4\ashServ.exe
c:\windows\system32\brss01a.exe
c:\program files\a-squared Free\a2service.exe
c:\program files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
c:\program files\Bonjour\mDNSResponder.exe
c:\windows\system32\Brmfrmps.exe
c:\windows\ehome\ehRecvr.exe
c:\windows\ehome\ehSched.exe
c:\program files\Java\jre6\bin\jqs.exe
c:\program files\Common Files\LightScribe\LSSrvc.exe
c:\program files\Maxtor\Sync\SyncServices.exe
c:\program files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
c:\program files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe
c:\windows\system32\tcpsvcs.exe
c:\program files\Webroot\WebrootSecurity\SpySweeper.exe
c:\program files\Alwil Software\Avast4\ashMaiSv.exe
c:\program files\Alwil Software\Avast4\ashWebSv.exe
c:\program files\AIM6\aolsoftware.exe
c:\windows\system32\dllhost.exe
c:\windows\ehome\ehmsas.exe
.
**************************************************************************
.
Completion time: 2009-08-29 23:25 - machine was rebooted
ComboFix-quarantined-files.txt 2009-08-29 03:25

Pre-Run: 138,798,006,272 bytes free
Post-Run: 138,677,383,168 bytes free

267 --- E O F --- 2009-06-18 21:12

mit714 · 08-29-2009, 09:50 AM

i just went through and deleted everythng i saw cracked thanks

evilfantasy · 08-29-2009, 12:00 PM

Is there a reason you are installing software to c:\documents and settings\HP_Administrator?

mit714 · 08-29-2009, 12:17 PM

no why where should i install it??