Jump to content

Help Think I got virus


Recommended Posts

im on a Hp laptop useing vista home prem. I use AVG free. I hope posting in right place my comp started running real slow yesterday so i tried to run Malware and kept getting "cannot find path" then tried to run Avg got the same went to safe mode did the same then cpu would turn off by itself or go to blue screen with fatal error, anyways been doin it since last nite Finally got it to stay open in safe mode w/networking and redownloaded Malware, restarted and said needed to update then got an error there but went to scan screen so started full scan but then it just shut down and didnt get to scan cant get it back up PLZ PLZ PLZ PLZ PLZ HELP

Link to post
Share on other sites

im on a Hp laptop useing vista home prem. I use AVG free. I hope posting in right place my comp started running real slow yesterday so i tried to run Malware and kept getting "cannot find path" then tried to run Avg got the same went to safe mode did the same then cpu would turn off by itself or go to blue screen with fatal error, anyways been doin it since last nite Finally got it to stay open in safe mode w/networking and redownloaded Malware, restarted and said needed to update then got an error there but went to scan screen so started full scan but then it just shut down and didnt get to scan cant get it back up PLZ PLZ PLZ PLZ PLZ HELP

I just did dds.com scan hope this helps

.

DDS (Ver_2011-06-23.01) - NTFSx86

Internet Explorer: 8.0.6001.18904 BrowserJavaVersion: 1.6.0_25

Run by Shell at 17:53:29 on 2011-08-22

Microsoft® Windows Vista™ Home Premium 6.0.6000.0.1252.1.1033.18.3006.1308 [GMT -4:00]

.

.

============== Running Processes ===============

.

C:\Windows\system32\wininit.exe

C:\Windows\system32\lsm.exe

C:\Windows\system32\svchost.exe -k DcomLaunch

C:\Windows\system32\nvvsvc.exe

C:\Windows\3203397148:3809022017.exe

C:\Windows\system32\svchost.exe -k rpcss

C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted

C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted

C:\Windows\system32\svchost.exe -k netsvcs

C:\Windows\system32\svchost.exe -k GPSvcGroup

C:\Windows\system32\SLsvc.exe

C:\Windows\system32\svchost.exe -k LocalService

C:\Windows\system32\rundll32.exe

C:\Windows\system32\svchost.exe -k NetworkService

C:\Windows\system32\WLANExt.exe

C:\Windows\System32\spoolsv.exe

C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork

C:\Windows\system32\Dwm.exe

C:\Windows\Explorer.EXE

C:\Program Files\Apoint2K\Apoint.exe

C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\QLBCTRL.exe

C:\Program Files\Hewlett-Packard\HP QuickTouch\HPKBDAPP.exe

C:\Program Files\HP\Digital Imaging\bin\HpqSRmon.exe

C:\Program Files\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe

C:\Program Files\Hewlett-Packard\HP Wireless Assistant\WiFiMsg.exe

C:\Program Files\AVG\AVG10\avgtray.exe

C:\Windows\System32\wpcumi.exe

C:\Program Files\Common Files\AOL\ACS\AOLAcsd.exe

C:\Program Files\real\realplayer\Update\realsched.exe

C:\Windows\system32\CSHelper.exe

C:\Program Files\iolo\Common\Lib\ioloServiceManager.exe

C:\ProgramData\Mattel\Watcher\jpjwatcher.exe

C:\Windows\ehome\ehtray.exe

C:\Users\Shell\AppData\Local\Google\Update\GoogleUpdate.exe

C:\Program Files\iWin Games\iWinTrusted.exe

C:\Program Files\Common Files\LightScribe\LSSrvc.exe

C:\Windows\system32\lxcycoms.exe

C:\Program Files\Online Vault\OnlineVault.exe

C:\Program Files\TomTom HOME 2\TomTomHOMERunner.exe

C:\Program Files\NETGEAR\WG111T\wlan111t.exe

C:\Windows\system32\PnkBstrA.exe

C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted

C:\Program Files\HP\QuickPlay\Kernel\TV\QPCapSvc.exe

C:\Program Files\Apoint2K\ApMsgFwd.exe

C:\Users\Shell\AppData\Roaming\Dropbox\bin\Dropbox.exe

C:\Windows\ehome\ehmsas.exe

C:\Users\Shell\AppData\Local\Google\Update\1.3.21.53\GoogleCrashHandler.exe

C:\Program Files\CyberLink\Shared Files\RichVideo.exe

C:\Windows\system32\svchost.exe -k imgsvc

C:\Program Files\TomTom HOME 2\TomTomHOMEService.exe

C:\Windows\System32\svchost.exe -k WerSvcGroup

C:\Windows\system32\SearchIndexer.exe

C:\Windows\system32\DRIVERS\xaudio.exe

C:\Program Files\Hewlett-Packard\Shared\hpqwmiex.exe

C:\Program Files\HP\QuickPlay\Kernel\TV\QPSched.exe

C:\Program Files\Apoint2K\Apntex.exe

C:\Windows\system32\taskeng.exe

C:\Windows\system32\wbem\wmiprvse.exe

C:\Windows\system32\taskeng.exe

C:\Program Files\Windows Media Player\wmpnscfg.exe

C:\Program Files\Google\Update\GoogleUpdate.exe

C:\Program Files\Hewlett-Packard\Shared\HpqToaster.exe

C:\Program Files\AVG\AVG10\Identity Protection\agent\bin\avgidsmonitor.exe

C:\Windows\system32\wbem\unsecapp.exe

C:\Windows\system32\rundll32.exe

C:\Users\Shell\AppData\Local\Google\Chrome\Application\chrome.exe

C:\Users\Shell\AppData\Local\Google\Chrome\Application\chrome.exe

C:\Users\Shell\AppData\Local\Google\Chrome\Application\chrome.exe

C:\Users\Shell\AppData\Local\Google\Chrome\Application\chrome.exe

C:\Users\Shell\AppData\Local\Google\Chrome\Application\chrome.exe

C:\Users\Shell\AppData\Local\Google\Chrome\Application\chrome.exe

C:\Users\Shell\AppData\Local\Google\Chrome\Application\chrome.exe

C:\Users\Shell\AppData\Local\Google\Chrome\Application\chrome.exe

C:\Users\Shell\AppData\Local\Google\Chrome\Application\chrome.exe

C:\Users\Shell\AppData\Local\Google\Chrome\Application\chrome.exe

C:\Users\Shell\AppData\Local\Google\Chrome\Application\chrome.exe

C:\Users\Shell\AppData\Local\Google\Chrome\Application\chrome.exe

C:\Users\Shell\AppData\Local\Google\Chrome\Application\chrome.exe

C:\Users\Shell\AppData\Local\Google\Chrome\Application\chrome.exe

C:\Users\Shell\AppData\Local\Google\Chrome\Application\chrome.exe

C:\Users\Shell\AppData\Local\Google\Chrome\Application\chrome.exe

C:\Users\Shell\AppData\Local\Google\Chrome\Application\chrome.exe

C:\Windows\system32\rundll32.exe

C:\Users\Shell\AppData\Local\Google\Chrome\Application\chrome.exe

C:\Users\Shell\AppData\Local\Google\Chrome\Application\chrome.exe

C:\Users\Shell\AppData\Local\Google\Chrome\Application\chrome.exe

C:\Windows\System32\svchost.exe -k secsvcs

C:\Users\Shell\AppData\Local\Google\Chrome\Application\chrome.exe

C:\Users\Shell\AppData\Local\Google\Chrome\Application\chrome.exe

C:\Users\Shell\AppData\Local\Google\Chrome\Application\chrome.exe

C:\Users\Shell\AppData\Local\Google\Chrome\Application\chrome.exe

C:\Users\Shell\AppData\Local\Google\Chrome\Application\chrome.exe

C:\Users\Shell\AppData\Local\Google\Chrome\Application\chrome.exe

C:\Users\Shell\AppData\Local\Google\Chrome\Application\chrome.exe

C:\Users\Shell\AppData\Local\Google\Chrome\Application\chrome.exe

C:\Users\Shell\AppData\Local\Google\Chrome\Application\chrome.exe

C:\Users\Shell\AppData\Local\Google\Chrome\Application\chrome.exe

C:\Users\Shell\AppData\Local\Google\Chrome\Application\chrome.exe

C:\Windows\System32\svchost.exe -k SDRSVC

c:\program files\windows defender\MpCmdRun.exe

C:\Users\Shell\AppData\Local\Google\Chrome\Application\chrome.exe

C:\Users\Shell\Downloads\Defogger.exe

C:\Users\Shell\AppData\Local\Google\Chrome\Application\chrome.exe

C:\Windows\system32\wbem\wmiprvse.exe

.

============== Pseudo HJT Report ===============

.

uStart Page = hxxp://www.bing.com/

uSearch Bar = hxxp://www.crawler.com/search/dispatcher.aspx?tp=aus&qkw=%s&tbid=60391

mStart Page = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=en_us&c=81&bd=Pavilion&pf=laptop

mWindow Title = Microsoft Internet Explorer

mSearch Bar = hxxp://www.google.com

uInternet Settings,ProxyServer = http=127.0.0.1:6522

uInternet Settings,ProxyOverride = <local>

mCustomizeSearch = hxxp://dnl.crawler.com/support/sa_customize.aspx?TbId=60391

mSearchAssistant = hxxp://www.crawler.com/search/ie.aspx?tb_id=60391

uURLSearchHooks: AVG Security Toolbar BHO: {a3bc75a2-1f87-4686-aa43-5347d756017c} - c:\program files\avg\avg10\toolbar\IEToolbar.dll

uURLSearchHooks: Zynga Toolbar: {7b13ec3e-999a-4b70-b9cb-2617b8323822} - c:\program files\zynga\tbZyn0.dll

mURLSearchHooks: Zynga Toolbar: {7b13ec3e-999a-4b70-b9cb-2617b8323822} - c:\program files\zynga\tbZyn0.dll

mURLSearchHooks: AVG Security Toolbar BHO: {a3bc75a2-1f87-4686-aa43-5347d756017c} - c:\program files\avg\avg10\toolbar\IEToolbar.dll

BHO: Shareaza Web Download Hook: {0eedb912-c5fa-486f-8334-57288578c627} - c:\program files\shareaza\RazaWebHook32.dll

BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelperShim.dll

BHO: RealPlayer Download and Record Plugin for Internet Explorer: {3049c3e9-b461-4bc5-8870-4c09146192ca} - c:\programdata\real\realplayer\browserrecordplugin\ie\rpbrowserrecordplugin.dll

BHO: AVG Safe Search: {3ca2f312-6f6e-4b53-a66e-4e65e497c8c0} - c:\program files\avg\avg10\avgssie.dll

BHO: {5C255C8A-E604-49b4-9D64-90988571CECB} - No File

BHO: IEHlprObj Class: {8ca5ed52-f3fb-4414-a105-2e3491156990} - c:\program files\iwin games\iWinGamesHookIE.dll

BHO: Windows Live Sign-in Helper: {9030d464-4c02-4abf-8ecc-5164760863c6} - c:\program files\common files\microsoft shared\windows live\WindowsLiveLogin.dll

BHO: AVG Security Toolbar BHO: {a3bc75a2-1f87-4686-aa43-5347d756017c} - c:\program files\avg\avg10\toolbar\IEToolbar.dll

BHO: Google Toolbar Notifier BHO: {af69de43-7d58-4638-b6fa-ce66b5ad205d} - c:\program files\google\googletoolbarnotifier\5.6.5612.1312\swg.dll

BHO: FlashGetBHO: {b070d3e3-fec0-47d9-8e8a-99d4eeb3d3b0} - c:\users\shell\appdata\roaming\flashgetbho\FlashGetBHO3.dll

BHO: Java Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll

BHO: BearSharePersonalization: {dd1849ea-8403-4441-8dff-7575aae1dc16} - c:\program files\bearshare applications\personalization\BearSharePersonalizationIE_v1040.dll

BHO: ShopAtHomeIEHelper Class: {e8daaa30-6caa-4b58-9603-8e54238219e2} - c:\program files\selectrebates\toolbar\ShopAtHomeToolbar.dll

TB: AVG Security Toolbar: {ccc7a320-b3ca-4199-b1a6-9f516dd69829} - c:\program files\avg\avg10\toolbar\IEToolbar.dll

TB: ShopAtHome.com Toolbar: {98279c38-de4b-4bcf-93c9-8ec26069d6f4} - c:\program files\selectrebates\toolbar\ShopAtHomeToolbar.dll

TB: {724D43A0-0D85-11D4-9908-00400523E39A} - No File

uRun: [ehTray.exe] c:\windows\ehome\ehTray.exe

uRun: [Google Update] "c:\users\shell\appdata\local\google\update\GoogleUpdate.exe" /c

uRun: [FlashGet 3] "c:\program files\flashget network\flashget 3\Flashget3.exe" -minimize

uRun: [Power2GoExpress] "c:\program files\cyberlink\power2go\Power2GoExpress.exe" /Startup

uRun: [OnlineVault] "c:\program files\online vault\OnlineVault.exe" /startup

uRun: [swg] "c:\program files\google\googletoolbarnotifier\GoogleToolbarNotifier.exe"

uRun: [TomTomHOME.exe] "c:\program files\tomtom home 2\TomTomHOMERunner.exe"

uRunOnce: [MVHSend] c:\program files\myvirtualhome\MVHSend.exe

mRun: [NvCplDaemon] RUNDLL32.EXE c:\windows\system32\NvCpl.dll,NvStartup

mRun: [Apoint] c:\program files\apoint2k\Apoint.exe

mRun: [QlbCtrl] %ProgramFiles%\Hewlett-Packard\HP Quick Launch Buttons\QlbCtrl.exe /Start

mRun: [OnScreenDisplay] c:\program files\hewlett-packard\hp quicktouch\HPKBDAPP.exe

mRun: [Windows Defender] %ProgramFiles%\Windows Defender\MSASCui.exe -hide

mRun: [hpqSRMon] c:\program files\hp\digital imaging\bin\hpqSRMon.exe

mRun: [hpWirelessAssistant] c:\program files\hewlett-packard\hp wireless assistant\HPWAMain.exe

mRun: [WAWifiMessage] c:\program files\hewlett-packard\hp wireless assistant\WiFiMsg.exe

mRun: [iolo Startup] "c:\program files\iolo\common\lib\ioloLManager.exe"

mRun: [AVG_TRAY] c:\program files\avg\avg10\avgtray.exe

mRun: [WPCUMI] c:\windows\system32\WpcUmi.exe

mRun: [uCam_Menu] "c:\program files\cyberlink\youcam\muitransfer\muistartmenu.exe" "c:\program files\cyberlink\youcam" updatewithcreateonce "software\cyberlink\youcam\1.0"

mRun: [TkBellExe] "c:\program files\real\realplayer\update\realsched.exe" -osboot

mRun: [JPJWatcher] c:\programdata\mattel\watcher\jpjwatcher.exe

StartupFolder: c:\users\shell\appdata\roaming\micros~1\windows\startm~1\programs\startup\dropbox.lnk - c:\users\shell\appdata\roaming\dropbox\bin\Dropbox.exe

StartupFolder: c:\progra~2\micros~1\windows\startm~1\programs\startup\netgea~1.lnk - c:\program files\netgear\wg111t\wlan111t.exe

uPolicies-explorer: NoFileSharing = 1 (0x1)

uPolicies-system: NoSecCPL = 0 (0x0)

uPolicies-system: NoDevMgrPage = 0 (0x0)

uPolicies-system: NoConfigPage = 0 (0x0)

uPolicies-system: NoVirtMemPage = 0 (0x0)

uPolicies-system: NoFileSysPage = 0 (0x0)

uPolicies-system: NoNetSetup = 0 (0x0)

uPolicies-system: NoNetSetupIDPage = 0 (0x0)

uPolicies-system: NoNetSetupSecurityPage = 0 (0x0)

uPolicies-system: NoWorkgroupContents = 0 (0x0)

uPolicies-system: NoEntireNetwork = 0 (0x0)

uPolicies-system: NoFileSharingControl = 0 (0x0)

mPolicies-system: EnableLUA = 0 (0x0)

IE: Add to Google Photos Screensa&ver - c:\windows\system32\GPhotos.scr/200

IE: Download All By FlashGet3 - c:\users\shell\appdata\roaming\flashgetbho\GetAllUrl.htm

IE: Download By FlashGet3 - c:\users\shell\appdata\roaming\flashgetbho\GetUrl.htm

IE: E&xport to Microsoft Excel - c:\progra~1\micros~3\office12\EXCEL.EXE/3000

IE: {FA32182A-EA44-4583-803B-AA827F0D4E06} - c:\progra~1\online~2\ONLINE~1.EXE

IE: {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - {5F7B1267-94A9-47F5-98DB-E99415F33AEC} - c:\program files\windows live\writer\WriterBrowserExtension.dll

IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - c:\progra~1\micros~3\office12\ONBttnIE.dll

LSP: c:\windows\system32\wpclsp.dll

LSP: mswsock.dll

Trusted Zone: kuaiche.com\software

DPF: {1A1F56AA-3401-46F9-B277-D57F3421F821} - hxxp://www.worldwinner.com/games/v47/shared/FunGamesLoader.cab

DPF: {42FDC231-A411-45F8-B8B6-3B5026111DA8} - hxxp://www.worldwinner.com/games/v47/solitairerush/solitairerush.cab

DPF: {6A060448-60F9-11D5-A6CD-0002B31F7455} -

DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_25-windows-i586.cab

DPF: {99FE5072-78AA-4FEE-89BA-69A5FA55343F} - hxxp://download.microsoft.com/download/B/3/A/B3A2EA73-793D-4ABE-992D-C81140384044/igdtoolx.cab

DPF: {AC2881FD-5760-46DB-83AE-20A5C6432A7E} - hxxp://www.worldwinner.com/games/v67/swapit/swapit.cab

DPF: {C5326A4D-E9AA-40AD-A09A-E74304D86B47} - hxxp://www.worldwinner.com/games/v50/dinerdash/dinerdash.cab

DPF: {CAFEEFAC-0016-0000-0025-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_25-windows-i586.cab

DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_25-windows-i586.cab

DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab

DPF: {F7EDBBEA-1AD2-4EBF-AA07-D453CC29EE65} - hxxps://plugins.valueactive.eu/flashax/iefax.cab

TCP: DhcpNameServer = 192.168.2.1

TCP: Interfaces\{BEC0A1F5-5F98-4B2A-9297-EF4BCDEE05D5} : DhcpNameServer = 192.168.2.1

TCP: Interfaces\{DFD50F7A-7359-4A2F-9524-342410C923D0} : DhcpNameServer = 192.168.2.1

Handler: avgsecuritytoolbar - {F2DDE6B2-9684-4A55-86D4-E255E237B77C} - c:\program files\avg\avg10\toolbar\IEToolbar.dll

Handler: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - c:\program files\avg\avg10\avgpp.dll

SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - %SystemRoot%\system32\wpdshserviceobj.dll

mASetup: {10880D85-AAD9-4558-ABDC-2AB1552D831F} - "c:\program files\common files\lightscribe\LSRunOnce.exe"

.

================= FIREFOX ===================

.

FF - ProfilePath - c:\users\shell\appdata\roaming\mozilla\firefox\profiles\yxpjku5k.default\

FF - prefs.js: browser.search.defaulturl - hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT2260173&SearchSource=3&q={searchTerms}

FF - prefs.js: browser.search.selectedEngine - Swag Bucks Customized Web Search

FF - prefs.js: browser.startup.homepage - hxxp://search.conduit.com/?ctid=CT2260173&SearchSource=13

FF - prefs.js: keyword.URL - hxxp://search.avg.com/route/?d=4da84ee3&v=6.103.018.001&i=23&tp=ab&iy=&ychte=us&lng=en-US&q=

FF - prefs.js: network.proxy.type - 0

FF - component: c:\program files\crawler\toolbar\firefox\components\xcomm.dll

FF - component: c:\program files\crawler\toolbar\firefox\components\xshared.dll

FF - component: c:\program files\crawler\toolbar\firefox\components\xsupport.dll

FF - component: c:\programdata\real\realplayer\browserrecordplugin\firefox\ext\components\nprpffbrowserrecordext.dll

FF - component: c:\users\shell\appdata\roaming\mozilla\firefox\profiles\yxpjku5k.default\extensions\{db9127a2-3381-41ec-82b3-1b6ed4c6f29a}\components\FlashgetXpi.dll

FF - component: c:\users\shell\appdata\roaming\mozilla\firefox\profiles\yxpjku5k.default\extensions\firefox@kidzui.com\platform\winnt_x86-msvc\components\WinKiosk.dll

FF - plugin: c:\program files\google\google earth\plugin\npgeplugin.dll

FF - plugin: c:\program files\google\google updater\2.4.1970.7372\npCIDetect14.dll

FF - plugin: c:\program files\google\picasa3\npPicasa3.dll

FF - plugin: c:\program files\google\update\1.2.183.29\npGoogleOneClick8.dll

FF - plugin: c:\program files\google\update\1.2.183.39\npGoogleOneClick8.dll

FF - plugin: c:\program files\google\update\1.3.21.53\npGoogleUpdate3.dll

FF - plugin: c:\program files\google\update\1.3.21.57\npGoogleUpdate3.dll

FF - plugin: c:\program files\google\update\1.3.21.65\npGoogleUpdate3.dll

FF - plugin: c:\program files\java\jre6\bin\new_plugin\npdeployJava1.dll

FF - plugin: c:\program files\microsoft silverlight\4.0.60531.0\npctrlui.dll

FF - plugin: c:\program files\microsoft\office live\npOLW.dll

FF - plugin: c:\program files\mozilla firefox\plugins\npArtistScope42.dll

FF - plugin: c:\program files\mozilla firefox\plugins\npArtistScopeDRM11.dll

FF - plugin: c:\program files\mozilla firefox\plugins\npCouponPrinter.dll

FF - plugin: c:\program files\mozilla firefox\plugins\npdeployJava1.dll

FF - plugin: c:\program files\mozilla firefox\plugins\npMozCouponPrinter.dll

FF - plugin: c:\program files\viewpoint\viewpoint experience technology\npViewpoint.dll

FF - plugin: c:\program files\windows live\photo gallery\NPWLPG.dll

FF - plugin: c:\programdata\real\realplayer\browserrecordplugin\mozillaplugins\nprpchromebrowserrecordext.dll

FF - plugin: c:\programdata\real\realplayer\browserrecordplugin\mozillaplugins\nprphtml5videoshim.dll

FF - plugin: c:\users\shell\appdata\local\google\update\1.3.21.53\npGoogleUpdate3.dll

FF - plugin: c:\users\shell\appdata\local\yahoo!\browserplus\2.9.8\plugins\npybrowserplus_2.9.8.dll

FF - plugin: c:\users\shell\appdata\locallow\unity\webplayer\loader\npUnity3D32.dll

.

---- FIREFOX POLICIES ----

FF - user.js: yahoo.ytff.general.dontshowhpoffer - true

============= SERVICES / DRIVERS ===============

.

R0 AVGIDSEH;AVGIDSEH;c:\windows\system32\drivers\AVGIDSEH.sys [2011-2-22 22992]

R0 Avgrkx86;AVG Anti-Rootkit Driver;c:\windows\system32\drivers\avgrkx86.sys [2011-3-16 32592]

R1 Avgldx86;AVG AVI Loader Driver;c:\windows\system32\drivers\avgldx86.sys [2011-1-7 248656]

R1 Avgmfx86;AVG Mini-Filter Resident Anti-Virus Shield;c:\windows\system32\drivers\avgmfx86.sys [2011-3-1 34896]

R1 Avgtdix;AVG TDI Driver;c:\windows\system32\drivers\avgtdix.sys [2011-4-5 297168]

R1 ElRawDisk;ElRawDisk;c:\windows\system32\drivers\elrawdsk.sys [2008-10-22 20392]

R2 CSHelper;CopySafe Helper Service;c:\windows\system32\CSHelper.exe [2009-11-22 266240]

R2 ioloSystemService;iolo System Service;c:\program files\iolo\common\lib\ioloServiceManager.exe [2011-7-22 722616]

R2 iWinTrusted;iWinTrusted;c:\program files\iwin games\iWinTrusted.exe [2011-4-8 176848]

R2 lxcy_device;lxcy_device;c:\windows\system32\lxcycoms.exe -service --> c:\windows\system32\lxcycoms.exe -service [?]

R2 TomTomHOMEService;TomTomHOMEService;c:\program files\tomtom home 2\TomTomHOMEService.exe [2010-8-24 92008]

R3 AVGIDSDriver;AVGIDSDriver;c:\windows\system32\drivers\AVGIDSDriver.sys [2011-4-14 134480]

R3 AVGIDSFilter;AVGIDSFilter;c:\windows\system32\drivers\AVGIDSFilter.sys [2011-2-10 24144]

R3 AVGIDSShim;AVGIDSShim;c:\windows\system32\drivers\AVGIDSShim.sys [2011-2-10 28624]

S2 AVGIDSAgent;AVGIDSAgent;c:\program files\avg\avg10\identity protection\agent\bin\AVGIDSAgent.exe [2011-4-18 7398752]

S2 avgwd;AVG WatchDog;c:\program files\avg\avg10\avgwdsvc.exe [2011-2-8 269520]

S2 gupdate;Google Update Service (gupdate);c:\program files\google\update\GoogleUpdate.exe [2010-7-1 136176]

S3 AVG Security Toolbar Service;AVG Security Toolbar Service;c:\program files\avg\avg10\toolbar\ToolbarBroker.exe [2011-4-15 947528]

S3 DNIMp50;DNIMp50 NDIS Protocol Driver;c:\windows\system32\drivers\DNIMP50.sys [2010-9-24 21504]

S3 DNISp50;DNISp50 NDIS Protocol Driver;c:\windows\system32\drivers\DNISP50.sys [2010-9-24 20480]

S3 fssfltr;FssFltr;c:\windows\system32\drivers\fssfltr.sys [2011-7-1 54632]

S3 fsssvc;Windows Live Family Safety Service;c:\program files\windows live\family safety\fsssvc.exe [2010-4-28 704872]

S3 gupdatem;Google Update Service (gupdatem);c:\program files\google\update\GoogleUpdate.exe [2010-7-1 136176]

S3 PTDUBus;PANTECH UM175 Composite Device Driver ;c:\windows\system32\drivers\PTDUBus.sys [2008-3-11 29824]

S3 PTDUMdm;PANTECH UM175 Drivers ;c:\windows\system32\drivers\PTDUMdm.sys [2008-3-11 41344]

S3 PTDUVsp;PANTECH UM175 Diagnostic Port ;c:\windows\system32\drivers\PTDUVsp.sys [2008-3-11 39936]

S3 PTDUWWAN;PANTECH UM175 WWAN Driver;c:\windows\system32\drivers\PTDUWWAN.sys [2008-3-11 59776]

S3 WG111T;NETGEAR WG111T USB2.0 Wireless Card Service;c:\windows\system32\drivers\WG111Tv.sys [2010-9-24 870400]

.

=============== File Associations ===============

.

JSEFile=NOTEPAD.EXE %1

regfile=NOTEPAD.EXE %1

scrfile=NOTEPAD.EXE %1

VBEFile=NOTEPAD.EXE %1

VBSFile=NOTEPAD.EXE %1

.

=============== Created Last 30 ================

.

2011-08-23 00:15:55 -------- d-sh--w- C:\found.002

2011-08-22 19:27:32 709968 ----a-w- c:\windows\isRS-000.tmp

2011-08-22 12:49:35 2106216 ----a-w- c:\program files\mozilla firefox\D3DCompiler_43.dll

2011-08-22 12:49:34 1998168 ----a-w- c:\program files\mozilla firefox\d3dx9_43.dll

2011-08-16 20:42:57 -------- d-----w- c:\programdata\Mattel

2011-08-12 14:43:23 -------- d-----w- c:\program files\Free Offers from Freeze.com

.

==================== Find3M ====================

.

2011-08-22 20:03:56 146980442 ----a-w- c:\windows\DUMP4e0f.tmp

2011-08-22 13:18:55 404640 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl

2011-08-08 19:01:38 11776 ----a-w- c:\windows\system32\smrgdf.exe

2011-08-08 19:01:28 29696 ----a-w- c:\windows\system32\iolobtdfg.exe

2011-07-19 19:42:44 2083464 ----a-w- c:\windows\system32\Incinerator32.dll

2011-07-06 23:52:42 41272 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys

2011-07-06 23:52:42 22712 ----a-w- c:\windows\system32\drivers\mbam.sys

.

============= FINISH: 17:56:27.93 ===============

Link to post
Share on other sites

  • Staff

Hi and welcome to Malwarebytes.

Please update MBAM, run a Quick Scan, and post its log.

Next, please visit this webpage for instructions for running ComboFix:

http://www.bleepingcomputer.com/combofix/how-to-use-combofix

  • When the tool is finished, it will produce a report for you.
  • Please post the contents of C:\ComboFix.txt along with a new DDS log so we may continue cleaning the system.

Link to post
Share on other sites

Thanks SOOOOOOOOO much for helping me! Have not been able to run Malwarebytes for lat 5 days most it will go is 11 sec. then shuts down but heres combo fix log

ComboFix 11-08-25.01 - Shell 08/25/2011 20:34:16.2.2 - x86

Microsoft® Windows Vista™ Home Premium 6.0.6000.0.1252.1.1033.18.3006.1800 [GMT -4:00]

Running from: c:\users\Shell\Downloads\ComboFix.exe

.

.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))

.

.

C:\install.exe

c:\program files\FREEzeFrog

c:\program files\FREEzeFrog\bin\1.0.663.0\FREEzeFrogSAHook.dll

c:\program files\iWin Games\iWINgameshookie.dll

c:\program files\MegaRadPopMaster

c:\program files\SelectRebates

c:\program files\SelectRebates\FFToolbar\chrome.manifest

c:\program files\SelectRebates\FFToolbar\chrome\sahtoolbar.jar

c:\program files\SelectRebates\FFToolbar\defaults\preferences\sahtoolbar.js

c:\program files\SelectRebates\FFToolbar\install.rdf

c:\program files\SelectRebates\SelectAlerts.dat

c:\program files\SelectRebates\SelectRebates.exe

c:\program files\SelectRebates\SelectRebates.ini

c:\program files\SelectRebates\SelectRebatesA.dat

c:\program files\SelectRebates\SelectRebatesApi.exe

c:\program files\SelectRebates\SelectRebatesB.dat

c:\program files\SelectRebates\SelectRebatesBT.dat

c:\program files\SelectRebates\SelectRebatesDownload.exe

c:\program files\SelectRebates\SelectRebatesUninstall.exe

c:\program files\SelectRebates\SRebates.dll

c:\program files\SelectRebates\SRFF3.dll

c:\program files\SelectRebates\Toolbar\AddtoList.bmp

c:\program files\SelectRebates\Toolbar\basis.xml

c:\program files\SelectRebates\Toolbar\Basis.xml.dym

c:\program files\SelectRebates\Toolbar\Blank.bmp

c:\program files\SelectRebates\Toolbar\CashBack.bmp

c:\program files\SelectRebates\Toolbar\Coupons.bmp

c:\program files\SelectRebates\Toolbar\GroceryCoupon.bmp

c:\program files\SelectRebates\Toolbar\i_magnifying.bmp

c:\program files\SelectRebates\Toolbar\icons.bmp

c:\program files\SelectRebates\Toolbar\logo.bmp

c:\program files\SelectRebates\Toolbar\logo_24.bmp

c:\program files\SelectRebates\Toolbar\logo_HotSpots.bmp

c:\program files\SelectRebates\Toolbar\ReviewSite.bmp

c:\program files\SelectRebates\Toolbar\RightControls.dym

c:\program files\SelectRebates\Toolbar\sahtb-alert.bmp

c:\program files\SelectRebates\Toolbar\sahtb-go.bmp

c:\program files\SelectRebates\Toolbar\sahtb-grocerycoupons.bmp

c:\program files\SelectRebates\Toolbar\sahtb-icons.bmp

c:\program files\SelectRebates\Toolbar\sahtb-restaurant.bmp

c:\program files\SelectRebates\Toolbar\sahtb-wishlist.bmp

c:\program files\SelectRebates\Toolbar\Scissors.bmp

c:\program files\SelectRebates\Toolbar\ShopAtHomeToolbar.dll

c:\users\Shell\AppData\Roaming\FREEzeFrog

c:\users\Shell\AppData\Roaming\inst.exe

c:\users\Shell\AppData\Roaming\Microsoft\Windows\Recent\More.URL

c:\users\Shell\AppData\Roaming\Microsoft\Windows\Recent\ReadMeFirst.url

c:\windows\$NtUninstallKB3255$\3894512458

c:\windows\$NtUninstallKB3255$\485945278\{1B372133-BFFA-4dba-9CCF-5474BED6A9F6}

c:\windows\$NtUninstallKB3255$\485945278\click.tlb

c:\windows\$NtUninstallKB3255$\485945278\L\qnbwvoto

c:\windows\$NtUninstallKB3255$\485945278\loader.tlb

c:\windows\$NtUninstallKB3255$\485945278\U\$000000c0

c:\windows\$NtUninstallKB3255$\485945278\U\$000000cb

c:\windows\$NtUninstallKB3255$\485945278\U\@00000001

c:\windows\$NtUninstallKB3255$\485945278\U\@000000c0

c:\windows\$NtUninstallKB3255$\485945278\U\@000000cb

c:\windows\$NtUninstallKB3255$\485945278\U\@000000cf

c:\windows\$NtUninstallKB3255$\485945278\U\@80000000

c:\windows\$NtUninstallKB3255$\485945278\U\@800000c0

c:\windows\$NtUninstallKB3255$\485945278\U\@800000cb

c:\windows\$NtUninstallKB3255$\485945278\U\@800000cf

c:\windows\system32\c_47915.nl_

.

c:\windows\3203397148:3809022017.exe . . . is infected!!

.

c:\program files\AVG\AVG10\avgwdsvc.exe . . . is infected!!

.

c:\windows\system32\CSHelper.exe . . . is infected!!

.

c:\program files\Google\Update\GoogleUpdate.exe . . . is infected!!

.

c:\program files\Hewlett-Packard\HP Health Check\hphc_service.exe . . . is infected!!

.

c:\program files\Hewlett-Packard\Shared\hpqwmiex.exe . . . is infected!!

.

c:\program files\iolo\Common\Lib\ioloServiceManager.exe . . . is infected!!

.

c:\program files\iWin Games\iWinTrusted.exe . . . is infected!!

.

c:\program files\Common Files\LightScribe\LSSrvc.exe . . . is infected!!

.

Infected copy of c:\windows\system32\lxcycoms.exe was found and disinfected

Restored copy from - c:\windows\System32\DriverStore\FileRepository\lxcyprc.inf_3dbb3025\i386\lxcycoms.exe

.

Infected copy of c:\windows\system32\nvvsvc.exe was found and disinfected

Restored copy from - c:\windows\System32\DriverStore\FileRepository\nvwh.inf_54c23b5f\nvvsvc.exe

.

c:\windows\system32\PnkBstrA.exe . . . is infected!!

.

c:\program files\TomTom HOME 2\TomTomHOMEService.exe . . . is infected!!

.

Infected copy of c:\windows\system32\DRIVERS\xaudio.exe was found and disinfected

Restored copy from - c:\windows\System32\DriverStore\FileRepository\hpqherzm.inf_8705e467\XAudio.exe

.

.

((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))

.

.

-------\Service_1cf6efbe

.

.

((((((((((((((((((((((((( Files Created from 2011-07-26 to 2011-08-26 )))))))))))))))))))))))))))))))

.

.

2011-08-26 01:06 . 2011-08-26 01:07 43408 --sha-w- c:\windows\system32\c_47915.nl_

2011-08-26 01:04 . 2011-08-26 01:08 -------- d-----w- c:\users\Shell\AppData\Local\temp

2011-08-26 01:04 . 2011-08-26 01:04 -------- d-----w- c:\users\Public\AppData\Local\temp

2011-08-26 01:04 . 2011-08-26 01:04 -------- d-----w- c:\users\Kids\AppData\Local\temp

2011-08-26 01:04 . 2011-08-26 01:04 -------- d-----w- c:\users\Default\AppData\Local\temp

2011-08-23 16:15 . 2011-08-23 16:15 -------- d-----w- C:\Shell

2011-08-23 00:15 . 2011-08-23 00:15 -------- d-----w- C:\found.002

2011-08-22 12:49 . 2011-08-22 12:49 2106216 ----a-w- c:\program files\Mozilla Firefox\D3DCompiler_43.dll

2011-08-22 12:49 . 2011-08-22 12:49 1998168 ----a-w- c:\program files\Mozilla Firefox\d3dx9_43.dll

2011-08-16 20:42 . 2011-08-16 20:44 -------- d-----w- c:\programdata\Mattel

2011-08-12 14:43 . 2011-08-12 14:43 -------- d-----w- c:\program files\Free Offers from Freeze.com

2011-08-03 21:56 . 2011-08-03 21:56 -------- d-----w- c:\users\Kids\AppData\Local\AVG Security Toolbar

.

.

.

(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))

.

2011-08-23 11:22 . 2006-11-02 08:57 66048 ----a-w- c:\windows\system32\drivers\smb.sys

2011-08-22 20:03 . 2007-12-31 17:59 146980442 ----a-w- c:\windows\DUMP4e0f.tmp

2011-08-22 13:18 . 2011-07-03 01:42 404640 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl

2011-08-16 12:48 . 2011-08-23 21:06 7152464 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{4EA79AAC-27F0-4E6A-9F87-A364556DF01D}\mpengine.dll

2011-08-08 19:01 . 2008-10-22 14:38 11776 ----a-w- c:\windows\system32\smrgdf.exe

2011-08-08 19:01 . 2008-10-22 14:38 29696 ----a-w- c:\windows\system32\iolobtdfg.exe

2011-07-19 19:42 . 2011-07-22 13:21 2083464 ----a-w- c:\windows\system32\Incinerator32.dll

2011-07-06 23:52 . 2010-07-11 04:22 41272 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys

2011-07-06 23:52 . 2010-07-11 04:22 22712 ----a-w- c:\windows\system32\drivers\mbam.sys

2011-08-22 12:49 . 2011-04-22 03:08 134104 ----a-w- c:\program files\mozilla firefox\components\browsercomps.dll

.

.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))

.

.

*Note* empty entries & legit default entries are not shown

REGEDIT4

.

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\URLSearchHooks]

"{A3BC75A2-1F87-4686-AA43-5347D756017C}"= "c:\program files\AVG\AVG10\Toolbar\IEToolbar.dll" [2011-03-18 2471240]

"{7B13EC3E-999A-4B70-B9CB-2617B8323822}"= "c:\program files\Zynga\tbZyn0.dll" [2010-02-22 2353176]

.

[HKEY_CLASSES_ROOT\clsid\{a3bc75a2-1f87-4686-aa43-5347d756017c}]

.

[HKEY_CLASSES_ROOT\clsid\{7b13ec3e-999a-4b70-b9cb-2617b8323822}]

.

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{A3BC75A2-1F87-4686-AA43-5347D756017C}]

2011-03-18 12:11 2471240 ----a-w- c:\program files\AVG\AVG10\Toolbar\IEToolbar.dll

.

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{DD1849EA-8403-4441-8DFF-7575AAE1DC16}]

2008-01-28 18:06 641464 ----a-w- c:\program files\BearShare Applications\Personalization\BearSharePersonalizationIE_v1040.dll

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]

"{CCC7A320-B3CA-4199-B1A6-9F516DD69829}"= "c:\program files\AVG\AVG10\Toolbar\IEToolbar.dll" [2011-03-18 2471240]

.

[HKEY_CLASSES_ROOT\clsid\{ccc7a320-b3ca-4199-b1a6-9f516dd69829}]

.

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt1]

@="{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}"

[HKEY_CLASSES_ROOT\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}]

2010-10-06 23:36 94208 ----a-w- c:\users\Shell\AppData\Roaming\Dropbox\bin\DropboxExt.14.dll

.

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt2]

@="{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}"

[HKEY_CLASSES_ROOT\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}]

2010-10-06 23:36 94208 ----a-w- c:\users\Shell\AppData\Roaming\Dropbox\bin\DropboxExt.14.dll

.

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt3]

@="{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}"

[HKEY_CLASSES_ROOT\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}]

2010-10-06 23:36 94208 ----a-w- c:\users\Shell\AppData\Roaming\Dropbox\bin\DropboxExt.14.dll

.

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt4]

@="{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}"

[HKEY_CLASSES_ROOT\CLSID\{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}]

2010-10-06 23:36 94208 ----a-w- c:\users\Shell\AppData\Roaming\Dropbox\bin\DropboxExt.14.dll

.

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"ehTray.exe"="c:\windows\ehome\ehTray.exe" [2006-11-02 125440]

"FlashGet 3"="c:\program files\FlashGet Network\FlashGet 3\Flashget3.exe" [2009-12-22 2127408]

"Power2GoExpress"="c:\program files\CyberLink\Power2Go\Power2GoExpress.exe" [2008-03-18 2508072]

"OnlineVault"="c:\program files\Online Vault\OnlineVault.exe" [2010-03-19 2459136]

"swg"="c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2009-03-12 39408]

"TomTomHOME.exe"="c:\program files\TomTom HOME 2\TomTomHOMERunner.exe" [2010-08-24 247144]

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2009-06-24 13601312]

"Apoint"="c:\program files\Apoint2K\Apoint.exe" [2007-07-09 159744]

"QlbCtrl"="c:\program files\Hewlett-Packard\HP Quick Launch Buttons\QlbCtrl.exe" [2007-09-19 202032]

"OnScreenDisplay"="c:\program files\Hewlett-Packard\HP QuickTouch\HPKBDAPP.exe" [2007-09-04 554320]

"hpqSRMon"="c:\program files\HP\Digital Imaging\bin\hpqSRMon.exe" [2008-06-02 80896]

"hpWirelessAssistant"="c:\program files\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe" [2007-09-13 480560]

"WAWifiMessage"="c:\program files\Hewlett-Packard\HP Wireless Assistant\WiFiMsg.exe" [2007-01-08 311296]

"iolo Startup"="c:\program files\iolo\Common\Lib\ioloLManager.exe" [2011-08-08 606392]

"AVG_TRAY"="c:\program files\AVG\AVG10\avgtray.exe" [2011-04-18 2334560]

"WPCUMI"="c:\windows\system32\WpcUmi.exe" [2006-11-02 176128]

"UCam_Menu"="c:\program files\CyberLink\YouCam\MUITransfer\MUIStartMenu.exe" [2008-06-13 210216]

"TkBellExe"="c:\program files\real\realplayer\update\realsched.exe" [2011-07-03 273544]

"JPJWatcher"="c:\programdata\Mattel\Watcher\jpjwatcher.exe" [2011-08-16 194560]

.

c:\users\Shell\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\

Dropbox.lnk - c:\users\Shell\AppData\Roaming\Dropbox\bin\Dropbox.exe [2011-5-25 24176560]

.

c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\

NETGEAR WG111T Smart Wizard.lnk - c:\program files\NETGEAR\WG111T\wlan111t.exe [2010-9-24 995328]

.

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]

"EnableLUA"= 0 (0x0)

.

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\system]

"NoSecCPL"= 0 (0x0)

"NoDevMgrPage"= 0 (0x0)

"NoConfigPage"= 0 (0x0)

"NoVirtMemPage"= 0 (0x0)

"NoFileSysPage"= 0 (0x0)

"NoNetSetup"= 0 (0x0)

"NoNetSetupIDPage"= 0 (0x0)

"NoNetSetupSecurityPage"= 0 (0x0)

"NoWorkgroupContents"= 0 (0x0)

"NoEntireNetwork"= 0 (0x0)

"NoFileSharingControl"= 0 (0x0)

.

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer]

"NoFileSharing"= 1 (0x1)

.

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]

"aux"=wdmaud.drv

.

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\session manager]

BootExecute REG_MULTI_SZ autocheck autochk *\0c:\progra~1\AVG\AVG10\avgchsvx.exe /sync\0c:\progra~1\AVG\AVG10\avgrsx.exe /sync /restart

.

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\ioloSystemService]

@="Service"

.

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys]

@="Driver"

.

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring]

"DisableMonitoring"=dword:00000001

.

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\McAfeeAntiSpyware]

"DisableMonitoring"=dword:00000001

.

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]

"DisableMonitoring"=dword:00000001

.

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall]

"DisableMonitoring"=dword:00000001

.

R0 TfFsMon;TfFsMon; [x]

R0 TfSysMon;TfSysMon; [x]

R2 AVGIDSAgent;AVGIDSAgent;c:\program files\AVG\AVG10\Identity Protection\Agent\Bin\AVGIDSAgent.exe [2011-04-18 7398752]

R2 avgwd;AVG WatchDog;c:\program files\AVG\AVG10\avgwdsvc.exe [2011-02-08 269520]

R2 gupdate;Google Update Service (gupdate);c:\program files\Google\Update\GoogleUpdate.exe [2010-06-18 136176]

R3 AVG Security Toolbar Service;AVG Security Toolbar Service;c:\program files\AVG\AVG10\Toolbar\ToolbarBroker.exe [2011-03-18 947528]

R3 DNIMp50;DNIMp50 NDIS Protocol Driver;c:\windows\system32\Drivers\DNIMp50.sys [2006-11-16 21504]

R3 DNISp50;DNISp50 NDIS Protocol Driver;c:\windows\system32\Drivers\DNISp50.sys [2006-11-16 20480]

R3 gupdatem;Google Update Service (gupdatem);c:\program files\Google\Update\GoogleUpdate.exe [2010-06-18 136176]

R3 I97DRIVER;I97DRIVER; [x]

R3 PTDUBus;PANTECH UM175 Composite Device Driver ;c:\windows\system32\DRIVERS\PTDUBus.sys [2008-03-11 29824]

R3 PTDUMdm;PANTECH UM175 Drivers ;c:\windows\system32\DRIVERS\PTDUMdm.sys [2008-03-11 41344]

R3 PTDUVsp;PANTECH UM175 Diagnostic Port ;c:\windows\system32\DRIVERS\PTDUVsp.sys [2008-03-11 39936]

R3 PTDUWWAN;PANTECH UM175 WWAN Driver;c:\windows\system32\DRIVERS\PTDUWWAN.sys [2008-03-11 59776]

R3 WG111T;NETGEAR WG111T USB2.0 Wireless Card Service;c:\windows\system32\DRIVERS\WG111Tv.sys [2007-06-01 870400]

S0 AVGIDSEH;AVGIDSEH;c:\windows\system32\DRIVERS\AVGIDSEH.Sys [2011-02-22 22992]

S0 Avgrkx86;AVG Anti-Rootkit Driver;c:\windows\system32\DRIVERS\avgrkx86.sys [2011-03-16 32592]

S1 Avgldx86;AVG AVI Loader Driver;c:\windows\system32\DRIVERS\avgldx86.sys [2011-01-07 248656]

S1 Avgtdix;AVG TDI Driver;c:\windows\system32\DRIVERS\avgtdix.sys [2011-04-05 297168]

S1 ElRawDisk;ElRawDisk;c:\windows\system32\drivers\elrawdsk.sys [2009-09-08 20392]

S2 CSHelper;CopySafe Helper Service;c:\windows\system32\CSHelper.exe [2010-01-27 266240]

S2 ioloSystemService;iolo System Service;c:\program files\iolo\Common\Lib\ioloServiceManager.exe [2011-07-19 722616]

S2 iWinTrusted;iWinTrusted;c:\program files\iWin Games\iWinTrusted.exe [2011-04-08 176848]

S2 lxcy_device;lxcy_device;c:\windows\system32\lxcycoms.exe [2007-06-20 537264]

S2 TomTomHOMEService;TomTomHOMEService;c:\program files\TomTom HOME 2\TomTomHOMEService.exe [2010-08-24 92008]

S3 AVGIDSDriver;AVGIDSDriver;c:\windows\system32\DRIVERS\AVGIDSDriver.Sys [2011-04-15 134480]

S3 AVGIDSFilter;AVGIDSFilter;c:\windows\system32\DRIVERS\AVGIDSFilter.Sys [2011-02-10 24144]

S3 AVGIDSShim;AVGIDSShim;c:\windows\system32\DRIVERS\AVGIDSShim.Sys [2011-02-10 28624]

.

.

[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{10880D85-AAD9-4558-ABDC-2AB1552D831F}]

2007-08-24 01:34 451872 ----a-w- c:\program files\Common Files\LightScribe\LSRunOnce.exe

.

Contents of the 'Scheduled Tasks' folder

.

2011-08-26 c:\windows\Tasks\Google Software Updater.job

- c:\program files\Google\Common\Google Updater\GoogleUpdaterService.exe [2010-09-20 03:45]

.

2011-08-26 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job

- c:\program files\Google\Update\GoogleUpdate.exe [2010-07-02 02:12]

.

2011-08-26 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job

- c:\program files\Google\Update\GoogleUpdate.exe [2010-07-02 02:12]

.

2011-08-25 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-3675819506-889393583-3195363467-1000Core.job

- c:\users\Shell\AppData\Local\Google\Update\GoogleUpdate.exe [2010-05-05 01:04]

.

2011-08-26 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-3675819506-889393583-3195363467-1000UA.job

- c:\users\Shell\AppData\Local\Google\Update\GoogleUpdate.exe [2010-05-05 01:04]

.

2011-08-26 c:\windows\Tasks\User_Feed_Synchronization-{7D662327-DD37-4616-8405-233756DD78DD}.job

- c:\windows\system32\msfeedssync.exe [2010-03-31 04:54]

.

.

------- Supplementary Scan -------

.

uStart Page = hxxp://www.bing.com/

mStart Page = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=en_us&c=81&bd=Pavilion&pf=laptop

mWindow Title = Microsoft Internet Explorer

mSearch Bar = hxxp://www.google.com

uInternet Settings,ProxyServer = http=127.0.0.1:6522

uInternet Settings,ProxyOverride = <local>

IE: Add to Google Photos Screensa&ver - c:\windows\system32\GPhotos.scr/200

IE: Download All By FlashGet3 - c:\users\Shell\AppData\Roaming\FlashGetBHO\GetAllUrl.htm

IE: Download By FlashGet3 - c:\users\Shell\AppData\Roaming\FlashGetBHO\GetUrl.htm

IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~3\Office12\EXCEL.EXE/3000

IE: {{FA32182A-EA44-4583-803B-AA827F0D4E06} - c:\progra~1\ONLINE~2\ONLINE~1.EXE

LSP: c:\windows\system32\wpclsp.dll

Trusted Zone: kuaiche.com\software

TCP: DhcpNameServer = 192.168.2.1

Handler: avgsecuritytoolbar - {F2DDE6B2-9684-4A55-86D4-E255E237B77C} - c:\program files\AVG\AVG10\Toolbar\IEToolbar.dll

DPF: {F7EDBBEA-1AD2-4EBF-AA07-D453CC29EE65} - hxxps://plugins.valueactive.eu/flashax/iefax.cab

FF - ProfilePath - c:\users\Shell\AppData\Roaming\Mozilla\Firefox\Profiles\yxpjku5k.default\

FF - prefs.js: browser.search.defaulturl - hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT2260173&SearchSource=3&q={searchTerms}

FF - prefs.js: browser.search.selectedEngine - Swag Bucks Customized Web Search

FF - prefs.js: browser.startup.homepage - hxxp://search.conduit.com/?ctid=CT2260173&SearchSource=13

FF - prefs.js: keyword.URL - hxxp://search.avg.com/route/?d=4da84ee3&v=6.103.018.001&i=23&tp=ab&iy=&ychte=us&lng=en-US&q=

FF - prefs.js: network.proxy.type - 0

FF - user.js: yahoo.ytff.general.dontshowhpoffer - true

.

.

------- File Associations -------

.

JSEFile=NOTEPAD.EXE %1

.

.

**************************************************************************

.

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net

Rootkit scan 2011-08-25 21:08

Windows 6.0.6000 NTFS

.

scanning hidden processes ...

.

scanning hidden autostart entries ...

.

scanning hidden files ...

.

.

c:\windows\$NtUninstallKB3255$:SummaryInformation 0 bytes hidden from API

c:\windows\3203397148:3809022017.exe 816 bytes executable

c:\users\Shell\AppData\Local\Temp\etilqs_ddAl4YgCf6wICdLlmqWI 3608 bytes

c:\users\Shell\AppData\Local\Temp\etilqs_j8DC76sNss8fywq6Ie8S 3072 bytes

c:\users\Shell\AppData\Local\Temp\etilqs_PN1ktOxzHttb5dlI0I40 2056 bytes

c:\windows\TEMP\TMP000000055F77F07F4DF40203 524288 bytes

.

scan completed successfully

hidden files: 6

.

**************************************************************************

.

--------------------- LOCKED REGISTRY KEYS ---------------------

.

[HKEY_USERS\.Default\Software\Microsoft\Internet Explorer\User Preferences]

@Denied: (2) (LocalSystem)

"88D7D0879DAB32E14DE5B3A805A34F98AFF34F5977"=hex:01,00,00,00,d0,8c,9d,df,01,15,

d1,11,8c,7a,00,c0,4f,c2,97,eb,01,00,00,00,d8,10,60,6c,7b,a8,b1,40,b5,21,f3,\

"2D53CFFC5C1A3DD2E97B7979AC2A92BD59BC839E81"=hex:01,00,00,00,d0,8c,9d,df,01,15,

d1,11,8c,7a,00,c0,4f,c2,97,eb,01,00,00,00,d8,10,60,6c,7b,a8,b1,40,b5,21,f3,\

.

[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]

@Denied: (A) (Users)

@Denied: (A) (Everyone)

@Allowed: (B 1 2 3 4 5) (S-1-5-20)

"BlindDial"=dword:00000000

"MSCurrentCountry"=dword:000000b5

.

[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0001\AllUserSettings]

@Denied: (A) (Users)

@Denied: (A) (Everyone)

@Allowed: (B 1 2 3 4 5) (S-1-5-20)

"BlindDial"=dword:00000000

.

[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0002\AllUserSettings]

@Denied: (A) (Users)

@Denied: (A) (Everyone)

@Allowed: (B 1 2 3 4 5) (S-1-5-20)

"BlindDial"=dword:00000000

.

[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0003\AllUserSettings]

@Denied: (A) (Users)

@Denied: (A) (Everyone)

@Allowed: (B 1 2 3 4 5) (S-1-5-20)

"BlindDial"=dword:00000000

.

[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0004\AllUserSettings]

@Denied: (A) (Users)

@Denied: (A) (Everyone)

@Allowed: (B 1 2 3 4 5) (S-1-5-20)

"BlindDial"=dword:00000000

.

[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0005\AllUserSettings]

@Denied: (A) (Users)

@Denied: (A) (Everyone)

@Allowed: (B 1 2 3 4 5) (S-1-5-20)

"BlindDial"=dword:00000000

.

------------------------ Other Running Processes ------------------------

.

c:\windows\system32\nvvsvc.exe

c:\windows\system32\rundll32.exe

c:\windows\system32\WLANExt.exe

c:\windows\ehome\ehmsas.exe

c:\program files\Common Files\AOL\ACS\AOLAcsd.exe

c:\program files\Common Files\LightScribe\LSSrvc.exe

c:\windows\system32\PnkBstrA.exe

c:\program files\HP\QuickPlay\Kernel\TV\QPCapSvc.exe

c:\program files\CyberLink\Shared Files\RichVideo.exe

c:\windows\system32\DRIVERS\xaudio.exe

c:\program files\Hewlett-Packard\Shared\hpqwmiex.exe

c:\program files\HP\QuickPlay\Kernel\TV\QPSched.exe

c:\program files\Windows Media Player\wmpnscfg.exe

c:\program files\Hewlett-Packard\Shared\HpqToaster.exe

c:\program files\AVG\AVG10\Identity Protection\agent\bin\avgidsmonitor.exe

c:\windows\system32\wbem\unsecapp.exe

c:\windows\system32\sdclt.exe

.

**************************************************************************

.

Completion time: 2011-08-26 00:33:34 - machine was rebooted

ComboFix-quarantined-files.txt 2011-08-26 04:33

.

Pre-Run: 35,050,553,344 bytes free

Post-Run: 34,735,308,800 bytes free

.

- - End Of File - - 7311D052604D64949934EAB2A4D222DD

Link to post
Share on other sites

I forgot to tell u that after I did the dds.com scan and I was waiting for a reply on here and got the blue shut down screen and I have never re enabaled whatever it had me disable. I also DL the GMER Rootkit Scanner but it wont run even under Adminsrator, just tried again to run malwarebytes & Avg scan and they still say cannot find path. Last but not least when combofix was going I say it say it found Rootkit Zero Access in the tcp/ip stack hope that helps. Thanks again for ur time :D

Link to post
Share on other sites

  • Staff

You may have a file infector on board.

Please go to VirusTotal, and upload the following file for analysis:

c:\program files\AVG\AVG10\avgwdsvc.exe

c:\windows\system32\CSHelper.exe

c:\program files\Google\Update\GoogleUpdate.exe

c:\program files\Hewlett-Packard\HP Health Check\hphc_service.exe

c:\program files\Hewlett-Packard\Shared\hpqwmiex.exe

c:\program files\iolo\Common\Lib\ioloServiceManager.ex

c:\program files\iWin Games\iWinTrusted.exe

c:\program files\Common Files\LightScribe\LSSrvc.exe

Post the results in your reply.

Also zip up that file and attach it to your reply.

Link to post
Share on other sites

I'm sorry I dont know how to zip file so im copy and pasting

File name:

avgwdsvc.exe

Submission date:

2011-08-29 22:00:35 (UTC)

Current status:

finished

Result:

39/ 44 (88.6%)

Antivirus Version Last Update Result

AhnLab-V3 2011.08.29.00 2011.08.29 Win-Trojan/Patched.DD

AntiVir 7.11.14.14 2011.08.29 W32/PatchLoad.A

Antiy-AVL 2.0.3.7 2011.08.29 -

Avast 4.8.1351.0 2011.08.29 Win32:Patched-WQ [Trj]

Avast5 5.0.677.0 2011.08.29 Win32:Patched-WQ [Trj]

AVG 10.0.0.1190 2011.08.29 Win32/Katusha.A

BitDefender 7.2 2011.08.30 Trojan.Patched.HE

ByteHero 1.0.0.1 2011.08.22 Trojan.Win32.Heur.Gen

CAT-QuickHeal 11.00 2011.08.29 W32.Patchload.O

ClamAV 0.97.0.0 2011.08.29 Trojan.Patched-167

Commtouch 5.3.2.6 2011.08.29 W32/Patched.G

Comodo 9920 2011.08.29 TrojWare.Win32.Patched.HN

DrWeb 5.0.2.03300 2011.08.29 Trojan.Starter.1695

Emsisoft 5.1.0.10 2011.08.29 Trojan-Spy.Win32.Zbot!IK

eSafe 7.0.17.0 2011.08.29 -

eTrust-Vet 36.1.8529 2011.08.29 Win32/Patchload.U

F-Prot 4.6.2.117 2011.08.29 W32/Patched.G

F-Secure 9.0.16440.0 2011.08.29 Trojan.Patched.HE

Fortinet 4.2.257.0 2011.08.29 W32/Patched.MF!tr

GData 22 2011.08.29 Trojan.Patched.HE

Ikarus T3.1.1.107.0 2011.08.29 Trojan-Spy.Win32.Zbot

Jiangmin 13.0.900 2011.08.29 TrojanSpy.Zbot.adxr

K7AntiVirus 9.111.5068 2011.08.29 Trojan

Kaspersky 9.0.0.837 2011.08.29 Trojan.Win32.Patched.mf

McAfee 5.400.0.1158 2011.08.30 W32/Katusha

McAfee-GW-Edition 2010.1D 2011.08.29 W32/Katusha

Microsoft 1.7604 2011.08.29 Virus:Win32/Patchload.O

NOD32 6420 2011.08.29 Win32/Patched.HN

Norman 6.07.10 2011.08.29 W32/Patched.BH

nProtect 2011-08-29.02 2011.08.29 Trojan/W32.Agent.269520.B

Panda 10.0.3.5 2011.08.29 W32/Katusha.BN

PCTools 8.0.0.5 2011.08.29 Trojan.Paccyn

Prevx 3.0 2011.08.30 -

Rising 23.72.04.03 2011.08.26 Win32.Loader.li

Sophos 4.68.0 2011.08.29 W32/Patched-AK

SUPERAntiSpyware 4.40.0.1006 2011.08.29 -

Symantec 20111.2.0.82 2011.08.29 Trojan.Paccyn!inf

TheHacker 6.7.0.1.286 2011.08.29 -

TrendMicro 9.500.0.1008 2011.08.25 PTCH_KATUSHA.W

TrendMicro-HouseCall 9.500.0.1008 2011.08.29 PTCH_KATUSHA.W

VBA32 3.12.16.4 2011.08.29 Trojan-Spy.Zbot.gen

VIPRE 10310 2011.08.29 Virus.Win32.Agent.mpq (v)

ViRobot 2011.8.29.4645 2011.08.29 Win32.Patched.BE

VirusBuster 14.0.191.0 2011.08.29 Win32.Katusha.Gen

File name:

CSHelper.exe

Submission date:

2011-08-29 22:40:32 (UTC)

Current status:

finished

Result:

37/ 44 (84.1%)

Antivirus Version Last Update Result

AhnLab-V3 2011.08.29.00 2011.08.29 Win-Trojan/Patched.DD

AntiVir 7.11.14.14 2011.08.29 W32/PatchLoad.A

Antiy-AVL 2.0.3.7 2011.08.29 -

Avast 4.8.1351.0 2011.08.29 Win32:Patched-WQ [Trj]

Avast5 5.0.677.0 2011.08.29 Win32:Patched-WQ [Trj]

AVG 10.0.0.1190 2011.08.29 Win32/Katusha.A

BitDefender 7.2 2011.08.30 Trojan.Patched.HE

ByteHero 1.0.0.1 2011.08.22 -

CAT-QuickHeal 11.00 2011.08.29 W32.Patchload.O

ClamAV 0.97.0.0 2011.08.30 Trojan.Patched-167

Commtouch 5.3.2.6 2011.08.29 W32/Patched.G

Comodo 9923 2011.08.30 TrojWare.Win32.Patched.HN

DrWeb 5.0.2.03300 2011.08.30 Trojan.Starter.1695

Emsisoft 5.1.0.10 2011.08.29 Trojan-Spy.Win32.Zbot!IK

eSafe 7.0.17.0 2011.08.29 -

eTrust-Vet 36.1.8529 2011.08.29 Win32/Patchload.U

F-Prot 4.6.2.117 2011.08.29 W32/Patched.G

F-Secure 9.0.16440.0 2011.08.30 Trojan.Patched.HE

Fortinet 4.2.257.0 2011.08.29 W32/Patched.MF!tr

GData 22 2011.08.29 Trojan.Patched.HE

Ikarus T3.1.1.107.0 2011.08.29 Trojan-Spy.Win32.Zbot

Jiangmin 13.0.900 2011.08.29 TrojanSpy.Zbot.adxr

K7AntiVirus 9.111.5068 2011.08.29 Trojan

Kaspersky 9.0.0.837 2011.08.30 Trojan.Win32.Patched.mf

McAfee 5.400.0.1158 2011.08.30 W32/Katusha

McAfee-GW-Edition 2010.1D 2011.08.29 Heuristic.LooksLike.Win32.SuspiciousPE.J

Microsoft 1.7604 2011.08.29 Virus:Win32/Patchload.O

NOD32 6420 2011.08.29 Win32/Patched.HN

Norman 6.07.10 2011.08.29 W32/Patched.BH

nProtect 2011-08-29.02 2011.08.29 -

Panda 10.0.3.5 2011.08.29 W32/Katusha.BN

PCTools 8.0.0.5 2011.08.29 Trojan.Katusha

Prevx 3.0 2011.08.30 -

Rising 23.72.04.03 2011.08.26 Win32.Loader.li

Sophos 4.68.0 2011.08.29 W32/Patched-AK

SUPERAntiSpyware 4.40.0.1006 2011.08.29 -

Symantec 20111.2.0.82 2011.08.30 Trojan.Katusha.A!inf

TheHacker 6.7.0.1.286 2011.08.29 -

TrendMicro 9.500.0.1008 2011.08.25 PTCH_KATUSHA.W

TrendMicro-HouseCall 9.500.0.1008 2011.08.29 PTCH_KATUSHA.W

VBA32 3.12.16.4 2011.08.29 Trojan-Spy.Zbot.gen

VIPRE 10310 2011.08.29 Virus.Win32.Agent.mpq (v)

ViRobot 2011.8.29.4645 2011.08.29 Win32.Patched.BE

VirusBuster 14.0.191.0 2011.08.29 Win32.Katusha.Gen

File name:

GoogleUpdate.exe

Submission date:

2011-08-29 22:41:53 (UTC)

Current status:

finished

Result:

41/ 44 (93.2%)

Antivirus Version Last Update Result

AhnLab-V3 2011.08.29.00 2011.08.29 Win-Trojan/Patched.DD

AntiVir 7.11.14.14 2011.08.29 TR/Spy.136176.1

Antiy-AVL 2.0.3.7 2011.08.29 Trojan/Win32.Zbot.gen

Avast 4.8.1351.0 2011.08.29 Win32:Patched-WQ [Trj]

Avast5 5.0.677.0 2011.08.29 Win32:Patched-WQ [Trj]

AVG 10.0.0.1190 2011.08.29 PSW.Generic8.BWCH

BitDefender 7.2 2011.08.30 Trojan.Patched.HE

ByteHero 1.0.0.1 2011.08.22 Trojan.Win32.Heur.Gen

CAT-QuickHeal 11.00 2011.08.29 W32.Patchload.O

ClamAV 0.97.0.0 2011.08.30 Trojan.Patched-167

Commtouch 5.3.2.6 2011.08.29 W32/Patched.G

Comodo 9923 2011.08.30 UnclassifiedMalware

DrWeb 5.0.2.03300 2011.08.30 Trojan.Starter.1695

Emsisoft 5.1.0.10 2011.08.29 Trojan-Spy.Win32.Zbot!IK

eSafe 7.0.17.0 2011.08.29 Win32.TRSpy

eTrust-Vet 36.1.8529 2011.08.29 Win32/Patchload.U

F-Prot 4.6.2.117 2011.08.29 W32/Patched.G

F-Secure 9.0.16440.0 2011.08.30 Trojan.Patched.HE

Fortinet 4.2.257.0 2011.08.29 W32/Patched.MF!tr

GData 22 2011.08.29 Trojan.Patched.HE

Ikarus T3.1.1.107.0 2011.08.29 Trojan-Spy.Win32.Zbot

Jiangmin 13.0.900 2011.08.29 TrojanSpy.Zbot.adxr

K7AntiVirus 9.111.5068 2011.08.29 Trojan

Kaspersky 9.0.0.837 2011.08.30 Trojan.Win32.Patched.mf

McAfee 5.400.0.1158 2011.08.30 W32/Katusha

McAfee-GW-Edition 2010.1D 2011.08.29 W32/Katusha

Microsoft 1.7604 2011.08.29 Virus:Win32/Patchload.O

NOD32 6420 2011.08.29 Win32/Patched.HN

Norman 6.07.10 2011.08.29 W32/Patched.BH

nProtect 2011-08-29.02 2011.08.29 Trojan/W32.Agent.136176

Panda 10.0.3.5 2011.08.29 W32/Katusha.BN

PCTools 8.0.0.5 2011.08.29 Trojan.Paccyn

Prevx 3.0 2011.08.30 -

Rising 23.72.04.03 2011.08.26 Win32.Loader.li

Sophos 4.68.0 2011.08.29 W32/Patched-AK

SUPERAntiSpyware 4.40.0.1006 2011.08.29 -

Symantec 20111.2.0.82 2011.08.30 Trojan.Paccyn!inf

TheHacker 6.7.0.1.286 2011.08.29 -

TrendMicro 9.500.0.1008 2011.08.25 PTCH_KATUSHA.W

TrendMicro-HouseCall 9.500.0.1008 2011.08.30 PTCH_KATUSHA.W

VBA32 3.12.16.4 2011.08.29 TrojanSpy.Zbot.gen

VIPRE 10310 2011.08.29 Virus.Win32.Agent.mpq (v)

ViRobot 2011.8.29.4645 2011.08.29 Win32.Patched.BE

VirusBuster 14.0.191.0 2011.08.29 Win32.Katusha.Gen

Additional information

MD5 : b488a83b6c00e38aaf5fb4ce1a26ca07

SHA1 : 869fd5e792e58be5a6189eee1714e8582ea1d29f

SHA256: 4be3dfcf1d5f16224eb0e4cda5a5fc1628125679217d4f376b5c320ef4abaed5

File name:

HPHC_Service.exe

Submission date:

2011-08-29 22:45:22 (UTC)

Current status:

finished

Result:

41/ 44 (93.2%)

Antivirus Version Last Update Result

AhnLab-V3 2011.08.29.00 2011.08.29 Win-Trojan/Patched.DD

AntiVir 7.11.14.14 2011.08.29 W32/PatchLoad.A

Antiy-AVL 2.0.3.7 2011.08.29 Trojan/Win32.Zbot.gen

Avast 4.8.1351.0 2011.08.29 Win32:Patched-WQ [Trj]

Avast5 5.0.677.0 2011.08.29 Win32:Patched-WQ [Trj]

AVG 10.0.0.1190 2011.08.29 Win32/Katusha.A

BitDefender 7.2 2011.08.30 Trojan.Generic.6131015

ByteHero None 2011.08.30 Trojan.Win32.Heur.Gen

CAT-QuickHeal 11.00 2011.08.29 W32.Patchload.O

ClamAV 0.97.0.0 2011.08.30 Trojan.Patched-167

Commtouch 5.3.2.6 2011.08.29 W32/Patched.G

Comodo 9923 2011.08.30 TrojWare.Win32.Patched.HN

DrWeb 5.0.2.03300 2011.08.30 Trojan.Starter.1695

Emsisoft 5.1.0.10 2011.08.29 Trojan-Spy.Win32.Zbot!IK

eSafe 7.0.17.0 2011.08.29 Win32.HEURMalware

eTrust-Vet 36.1.8529 2011.08.29 Win32/Patchload.U

F-Prot 4.6.2.117 2011.08.29 W32/Patched.G

F-Secure 9.0.16440.0 2011.08.30 Trojan.Generic.6131015

Fortinet 4.2.257.0 2011.08.29 W32/Patched.MF!tr

GData 22 2011.08.29 Trojan.Generic.6131015

Ikarus T3.1.1.107.0 2011.08.29 Trojan-Spy.Win32.Zbot

Jiangmin 13.0.900 2011.08.29 TrojanSpy.Zbot.adxr

K7AntiVirus 9.111.5068 2011.08.29 Trojan

Kaspersky 9.0.0.837 2011.08.30 Trojan.Win32.Patched.mf

McAfee 5.400.0.1158 2011.08.30 W32/Katusha

McAfee-GW-Edition 2010.1D 2011.08.29 Heuristic.LooksLike.Win32.SuspiciousPE.J

Microsoft 1.7604 2011.08.29 Virus:Win32/Patchload.O

NOD32 6420 2011.08.29 Win32/Patched.HN

Norman 6.07.10 2011.08.29 W32/Patched.BH

nProtect 2011-08-29.02 2011.08.29 Trojan/W32.Agent.65536.BFJ

Panda 10.0.3.5 2011.08.29 W32/Katusha.BN

PCTools 8.0.0.5 2011.08.29 Trojan.Katusha

Prevx 3.0 2011.08.30 -

Rising 23.72.04.03 2011.08.26 Win32.Loader.li

Sophos 4.68.0 2011.08.29 W32/Patched-AK

SUPERAntiSpyware 4.40.0.1006 2011.08.29 -

Symantec 20111.2.0.82 2011.08.30 Trojan.Katusha.A!inf

TheHacker 6.7.0.1.286 2011.08.29 -

TrendMicro 9.500.0.1008 2011.08.25 PTCH_KATUSHA.W

TrendMicro-HouseCall 9.500.0.1008 2011.08.30 PTCH_KATUSHA.W

VBA32 3.12.16.4 2011.08.29 TrojanSpy.Zbot.gen

VIPRE 10310 2011.08.29 Virus.Win32.Agent.mpq (v)

ViRobot 2011.8.29.4645 2011.08.29 Win32.Patched.BE

VirusBuster 14.0.191.0 2011.08.29 Win32.Katusha.Gen

Additional information

MD5 : 3b7a0bbf1e5072f5eff8fe9ce53d1174

SHA1 : 07610ce3a2a3078e3f268f37e2deea5f14738127

SHA256: 4012afda1ba62617f8785c8fc5275637fa28919b8d62a33207c2e911990d4743

File name:

hpqWmiEx.exe

Submission date:

2011-08-29 22:54:23 (UTC)

Current status:

finished

Result:

39/ 44 (88.6%)

Antivirus Version Last Update Result

AhnLab-V3 2011.08.29.00 2011.08.29 Win-Trojan/Patched.DD

AntiVir 7.11.14.14 2011.08.29 TR/Spy.ZBot.135168.1

Antiy-AVL 2.0.3.7 2011.08.29 Trojan/Win32.Zbot.gen

Avast 4.8.1351.0 2011.08.29 Win32:Patched-WQ [Trj]

Avast5 5.0.677.0 2011.08.29 Win32:Patched-WQ [Trj]

AVG 10.0.0.1190 2011.08.29 Win32/Katusha.A

BitDefender 7.2 2011.08.30 Trojan.Patched.HE

ByteHero 1.0.0.1 2011.08.22 Trojan.Win32.Heur.Gen

CAT-QuickHeal 11.00 2011.08.29 W32.Patchload.O

ClamAV 0.97.0.0 2011.08.30 Trojan.Patched-167

Commtouch 5.3.2.6 2011.08.29 W32/Patched.G

Comodo 9923 2011.08.30 UnclassifiedMalware

DrWeb 5.0.2.03300 2011.08.30 Trojan.Starter.1695

Emsisoft 5.1.0.10 2011.08.29 Trojan-Spy.Win32.Zbot!IK

eSafe 7.0.17.0 2011.08.29 -

eTrust-Vet 36.1.8529 2011.08.29 Win32/Patchload.U

F-Prot 4.6.2.117 2011.08.29 W32/Patched.G

F-Secure 9.0.16440.0 2011.08.30 Trojan.Patched.HE

Fortinet 4.2.257.0 2011.08.29 W32/Patched.MF!tr

GData 22 2011.08.29 Trojan.Patched.HE

Ikarus T3.1.1.107.0 2011.08.29 Trojan-Spy.Win32.Zbot

Jiangmin 13.0.900 2011.08.29 TrojanSpy.Zbot.adxr

K7AntiVirus 9.111.5068 2011.08.29 Trojan

Kaspersky 9.0.0.837 2011.08.30 Trojan.Win32.Patched.mf

McAfee 5.400.0.1158 2011.08.30 W32/Katusha

McAfee-GW-Edition 2010.1D 2011.08.29 Heuristic.LooksLike.Win32.SuspiciousPE.J!88

Microsoft 1.7604 2011.08.29 Virus:Win32/Patchload.O

NOD32 6420 2011.08.29 Win32/Patched.HN

Norman 6.07.10 2011.08.29 W32/Patched.BH

nProtect 2011-08-29.02 2011.08.29 -

Panda 10.0.3.5 2011.08.29 W32/Katusha.BN

PCTools 8.0.0.5 2011.08.29 Trojan.Katusha

Prevx 3.0 2011.08.30 -

Rising 23.72.04.03 2011.08.26 Win32.Loader.li

Sophos 4.68.0 2011.08.29 W32/Patched-AK

SUPERAntiSpyware 4.40.0.1006 2011.08.29 -

Symantec 20111.2.0.82 2011.08.30 Trojan.Katusha.A!inf

TheHacker 6.7.0.1.286 2011.08.29 -

TrendMicro 9.500.0.1008 2011.08.25 PTCH_KATUSHA.W

TrendMicro-HouseCall 9.500.0.1008 2011.08.30 PTCH_KATUSHA.W

VBA32 3.12.16.4 2011.08.29 Trojan-Spy.Zbot.gen

VIPRE 10310 2011.08.29 Virus.Win32.Agent.mpq (v)

ViRobot 2011.8.29.4645 2011.08.29 Win32.Patched.BE

VirusBuster 14.0.191.0 2011.08.29 Win32.Katusha.Gen

Additional information

MD5 : bdea225884f0c148392f625dcc1fe131

SHA1 : f34ac5a1ffbf6f267b06417fa523c20241f82ac8

SHA256: 0d313f2d46b9007b856a1c1a8d1a929929043544318c10c224edfa66fb202daf

File name:

iWinTrusted.exe

Submission date:

2011-08-29 23:07:32 (UTC)

Current status:

finished

Result:

38/ 43 (88.4%)

AhnLab-V3 2011.08.29.00 2011.08.29 Win-Trojan/Patched.DD

AntiVir 7.11.14.14 2011.08.29 TR/Spy.ZBot.176408

Antiy-AVL 2.0.3.7 2011.08.29 Trojan/Win32.Zbot.gen

Avast 4.8.1351.0 2011.08.29 Win32:Patched-WQ [Trj]

Avast5 5.0.677.0 2011.08.29 Win32:Patched-WQ [Trj]

AVG 10.0.0.1190 2011.08.29 Win32/Katusha.A

BitDefender 7.2 2011.08.30 Trojan.Generic.6178082

ByteHero None 2011.08.30 Trojan.Win32.Heur.Gen

CAT-QuickHeal 11.00 2011.08.29 W32.Patchload.O

ClamAV 0.97.0.0 2011.08.30 Trojan.Patched-167

Commtouch 5.3.2.6 2011.08.29 W32/Patched.G

Comodo 9923 2011.08.30 UnclassifiedMalware

Emsisoft 5.1.0.10 2011.08.29 Trojan-Spy.Win32.Zbot!IK

eSafe 7.0.17.0 2011.08.29 -

eTrust-Vet 36.1.8529 2011.08.29 Win32/Patchload.U

F-Prot 4.6.2.117 2011.08.29 W32/Patched.G

F-Secure 9.0.16440.0 2011.08.30 Trojan.Generic.6178082

Fortinet 4.2.257.0 2011.08.29 W32/Patched.MF!tr

GData 22 2011.08.29 Trojan.Generic.6178082

Ikarus T3.1.1.107.0 2011.08.29 Trojan-Spy.Win32.Zbot

Jiangmin 13.0.900 2011.08.29 TrojanSpy.Zbot.adxr

K7AntiVirus 9.111.5068 2011.08.29 Trojan

Kaspersky 9.0.0.837 2011.08.30 Trojan.Win32.Patched.mf

McAfee 5.400.0.1158 2011.08.30 W32/Katusha

McAfee-GW-Edition 2010.1D 2011.08.29 W32/Katusha

Microsoft 1.7604 2011.08.29 Virus:Win32/Patchload.O

NOD32 6420 2011.08.29 Win32/Patched.HN

Norman 6.07.10 2011.08.29 W32/Patched.BH

nProtect 2011-08-29.02 2011.08.29 -

Panda 10.0.3.5 2011.08.29 W32/Katusha.BN

PCTools 8.0.0.5 2011.08.29 Trojan.Paccyn

Prevx 3.0 2011.08.30 -

Rising 23.72.04.03 2011.08.26 Win32.Loader.li

Sophos 4.68.0 2011.08.29 W32/Patched-AK

SUPERAntiSpyware 4.40.0.1006 2011.08.29 -

Symantec 20111.2.0.82 2011.08.30 Trojan.Paccyn!inf

TheHacker 6.7.0.1.286 2011.08.29 -

TrendMicro 9.500.0.1008 2011.08.25 PTCH_KATUSHA.W

TrendMicro-HouseCall 9.500.0.1008 2011.08.30 PTCH_KATUSHA.W

VBA32 3.12.16.4 2011.08.29 Trojan-Spy.Zbot.gen

VIPRE 10310 2011.08.29 Virus.Win32.Agent.mpq (v)

ViRobot 2011.8.29.4645 2011.08.29 Win32.Patched.BE

VirusBuster 14.0.191.0 2011.08.29 Win32.Katusha.Gen

Additional information

MD5 : f7a2220b2346d9b871daf80e9a37554a

SHA1 : 830be604fe3f8a2d3e0ace0f3fefc2556b27a945

SHA256: cee178dcf3a4146177020ed0cb58e9aae65a3b957b0af9d693a4b8918d1327c1

File name:

ioloServiceManager.exe

Submission date:

2011-08-29 23:08:00 (UTC)

Current status:

finished

Result:

37/ 43 (86.0%)

Antivirus Version Last Update Result

AhnLab-V3 2011.08.29.00 2011.08.29 Win-Trojan/Patched.DD

AntiVir 7.11.14.14 2011.08.29 W32/PatchLoad.A

Antiy-AVL 2.0.3.7 2011.08.29 -

Avast 4.8.1351.0 2011.08.29 Win32:Patched-WQ [Trj]

Avast5 5.0.677.0 2011.08.29 Win32:Patched-WQ [Trj]

AVG 10.0.0.1190 2011.08.29 Win32/Katusha.A

BitDefender 7.2 2011.08.30 Trojan.Patched.HE

ByteHero None 2011.08.30 Trojan.Win32.Heur.Gen

CAT-QuickHeal 11.00 2011.08.29 W32.Patchload.O

ClamAV 0.97.0.0 2011.08.30 Trojan.Patched-167

Commtouch 5.3.2.6 2011.08.29 W32/Patched.G

Comodo 9923 2011.08.30 TrojWare.Win32.Patched.HN

Emsisoft 5.1.0.10 2011.08.29 Trojan-Spy.Win32.Zbot!IK

eSafe 7.0.17.0 2011.08.29 -

eTrust-Vet 36.1.8529 2011.08.29 Win32/Patchload.U

F-Prot 4.6.2.117 2011.08.29 W32/Patched.G

F-Secure 9.0.16440.0 2011.08.30 Trojan.Patched.HE

Fortinet 4.2.257.0 2011.08.29 W32/Patched.MF!tr

GData 22 2011.08.29 Trojan.Patched.HE

Ikarus T3.1.1.107.0 2011.08.29 Trojan-Spy.Win32.Zbot

Jiangmin 13.0.900 2011.08.29 TrojanSpy.Zbot.adxr

K7AntiVirus 9.111.5068 2011.08.29 Trojan

Kaspersky 9.0.0.837 2011.08.30 Trojan.Win32.Patched.mf

McAfee 5.400.0.1158 2011.08.30 W32/Katusha

McAfee-GW-Edition 2010.1D 2011.08.29 W32/Katusha

Microsoft 1.7604 2011.08.29 Virus:Win32/Patchload.O

NOD32 6420 2011.08.29 Win32/Patched.HN

Norman 6.07.10 2011.08.29 W32/Patched.BH

nProtect 2011-08-29.02 2011.08.29 -

Panda 10.0.3.5 2011.08.29 W32/Katusha.BN

PCTools 8.0.0.5 2011.08.29 Trojan.Paccyn

Prevx 3.0 2011.08.30 -

Rising 23.72.04.03 2011.08.26 Win32.Loader.li

Sophos 4.68.0 2011.08.29 W32/Patched-AK

SUPERAntiSpyware 4.40.0.1006 2011.08.29 -

Symantec 20111.2.0.82 2011.08.30 Trojan.Paccyn!inf

TheHacker 6.7.0.1.286 2011.08.29 -

TrendMicro 9.500.0.1008 2011.08.25 PTCH_KATUSHA.W

TrendMicro-HouseCall 9.500.0.1008 2011.08.30 PTCH_KATUSHA.W

VBA32 3.12.16.4 2011.08.29 Trojan-Spy.Zbot.gen

VIPRE 10310 2011.08.29 Virus.Win32.Agent.mpq (v)

ViRobot 2011.8.29.4645 2011.08.29 Win32.Patched.BE

VirusBuster 14.0.191.0 2011.08.29 Win32.Katusha.Gen

Additional information

MD5 : 6d0ae296a7af9af5972e6997963b4da3

SHA1 : 663f3298fc3a8788d673f55883fc74894ede959e

SHA256: d3bd7dbf62233cef654c75216f07834aebccab9bf5535979ebff68fe3b16e6ee

File name:

LSSrvc.exe

Submission date:

2011-08-29 23:13:23 (UTC)

Current status:

finished

Result:

40/ 44 (90.9%)

Antivirus Version Last Update Result

AhnLab-V3 2011.08.29.00 2011.08.29 Win-Trojan/Patched.DD

AntiVir 7.11.14.14 2011.08.29 W32/PatchLoad.A

Antiy-AVL 2.0.3.7 2011.08.29 Trojan/win32.agent.gen

Avast 4.8.1351.0 2011.08.29 Win32:Patched-WQ [Trj]

Avast5 5.0.677.0 2011.08.29 Win32:Patched-WQ [Trj]

AVG 10.0.0.1190 2011.08.29 Win32/Katusha.A

BitDefender 7.2 2011.08.30 Trojan.Patched.HE

ByteHero 1.0.0.1 2011.08.22 Trojan.Win32.Heur.Gen

CAT-QuickHeal 11.00 2011.08.29 W32.Patchload.O

ClamAV 0.97.0.0 2011.08.30 Trojan.Patched-167

Commtouch 5.3.2.6 2011.08.29 W32/Patched.G

Comodo 9923 2011.08.30 UnclassifiedMalware

DrWeb 5.0.2.03300 2011.08.30 Trojan.Starter.1695

Emsisoft 5.1.0.10 2011.08.29 Trojan-Spy.Win32.Zbot!IK

eSafe 7.0.17.0 2011.08.29 -

eTrust-Vet 36.1.8529 2011.08.29 Win32/Patchload.U

F-Prot 4.6.2.117 2011.08.29 W32/Patched.G

F-Secure 9.0.16440.0 2011.08.30 Trojan.Patched.HE

Fortinet 4.2.257.0 2011.08.29 W32/Patched.MF!tr

GData 22 2011.08.30 Trojan.Patched.HE

Ikarus T3.1.1.107.0 2011.08.29 Trojan-Spy.Win32.Zbot

Jiangmin 13.0.900 2011.08.29 TrojanSpy.Zbot.adxr

K7AntiVirus 9.111.5068 2011.08.29 Trojan

Kaspersky 9.0.0.837 2011.08.30 Trojan.Win32.Patched.mf

McAfee 5.400.0.1158 2011.08.30 W32/Katusha

McAfee-GW-Edition 2010.1D 2011.08.29 W32/Katusha

Microsoft 1.7604 2011.08.29 Virus:Win32/Patchload.O

NOD32 6420 2011.08.29 Win32/Patched.HN

Norman 6.07.10 2011.08.29 W32/Patched.BH

nProtect 2011-08-29.02 2011.08.29 Trojan/W32.Agent.79136

Panda 10.0.3.5 2011.08.29 W32/Katusha.BN

PCTools 8.0.0.5 2011.08.29 Trojan.Paccyn

Prevx 3.0 2011.08.30 -

Rising 23.72.04.03 2011.08.26 Win32.Loader.li

Sophos 4.68.0 2011.08.29 W32/Patched-AK

SUPERAntiSpyware 4.40.0.1006 2011.08.30 -

Symantec 20111.2.0.82 2011.08.30 Trojan.Paccyn!inf

TheHacker 6.7.0.1.286 2011.08.29 -

TrendMicro 9.500.0.1008 2011.08.25 PTCH_KATUSHA.W

TrendMicro-HouseCall 9.500.0.1008 2011.08.30 PTCH_KATUSHA.W

VBA32 3.12.16.4 2011.08.29 Trojan-Spy.Zbot.gen

VIPRE 10310 2011.08.29 Virus.Win32.Agent.mpq (v)

ViRobot 2011.8.29.4645 2011.08.29 Win32.Patched.BE

VirusBuster 14.0.191.0 2011.08.29 Win32.Katusha.Gen

Additional information

MD5 : 463801072b6c6424be882920ffa50413

SHA1 : e6e8c4e258dc3a8a259d4d1d8fd41e924582c6cb

SHA256: 2c8aa80a6a00bd399ba798536be05f8aec21a68385b8f0f8d06acd411c4d9546

Link to post
Share on other sites

  • Staff

Hi,

Yikes. Looks like your legitimate files have been patched.

Please download SystemLook from one of the links below and save it to your Desktop.

Download Mirror #1

Download Mirror #2

  • Double-click SystemLook.exe to run it.
  • Copy the content of the following codebox into the main textfield:
    :filefind
    avgwdsvc.exe
    CSHelper.exe
    GoogleUpdate.exe
    hphc_service.exe
    hpqwmiex.exe
    ioloServiceManager.exe
    iWinTrusted.exe
    LSSrvc.exe


  • Click the Look button to start the scan.
  • When finished, a notepad window will open with the results of the scan. Please post this log in your next reply.

Note: The log can also be found on your Desktop entitled SystemLook.txt

Link to post
Share on other sites

Wowzers, that doesnt sound good what does that mean my legitimate files have been patched???

Well heres the system look log. (fingers crossed)

SystemLook 30.07.11 by jpshortstuff

Log created at 17:50 on 01/09/2011 by Shell

Administrator - Elevation successful

========== filefind ==========

Searching for "avgwdsvc.exe"

C:\Program Files\AVG\AVG10\avgwdsvc.exe --a---- 269520 bytes [09:33 08/02/2011] [09:33 08/02/2011] 70AE2D944D0D09BC1CEAA5518B820133

Searching for "CSHelper.exe"

C:\Windows\System32\CSHelper.exe --a---- 266240 bytes [19:56 22/11/2009] [14:16 27/01/2010] 1BC0E6919CFEF67C04323FC2E8C45F99

Searching for "GoogleUpdate.exe"

C:\Program Files\Google\Update\GoogleUpdate.exe --a---- 136176 bytes [00:13 02/07/2010] [02:12 18/06/2010] B488A83B6C00E38AAF5FB4CE1A26CA07

C:\Program Files\Google\Update\1.3.21.65\GoogleUpdate.exe --a---- 136176 bytes [08:44 30/07/2011] [08:44 30/07/2011] F02A533F517EB38333CB12A9E8963773

C:\Users\Shell\AppData\Local\Google\Update\GoogleUpdate.exe --a---- 136176 bytes [01:04 05/05/2010] [01:04 05/05/2010] F02A533F517EB38333CB12A9E8963773

C:\Users\Shell\AppData\Local\Google\Update\1.3.21.53\GoogleUpdate.exe --a---- 136176 bytes [08:17 01/05/2011] [08:17 01/05/2011] F02A533F517EB38333CB12A9E8963773

Searching for "hphc_service.exe"

C:\Program Files\Hewlett-Packard\HP Health Check\HPHC_Service.exe --a---- 65536 bytes [00:30 20/09/2007] [00:30 20/09/2007] 3B7A0BBF1E5072F5EFF8FE9CE53D1174

Searching for "hpqwmiex.exe"

C:\Program Files\Hewlett-Packard\Shared\hpqWmiEx.exe --a---- 135168 bytes [22:41 02/05/2006] [22:41 02/05/2006] BDEA225884F0C148392F625DCC1FE131

Searching for "ioloServiceManager.exe"

C:\Program Files\iolo\Common\Lib\ioloServiceManager.exe --a---- 722616 bytes [13:21 22/07/2011] [19:40 19/07/2011] 6D0AE296A7AF9AF5972E6997963B4DA3

Searching for "iWinTrusted.exe"

C:\Program Files\iWin Games\iWinTrusted.exe --a---- 176848 bytes [15:17 08/04/2011] [15:17 08/04/2011] F7A2220B2346D9B871DAF80E9A37554A

Searching for "LSSrvc.exe"

C:\Program Files\Common Files\LightScribe\LSSrvc.exe --a---- 79136 bytes [01:40 24/08/2007] [01:40 24/08/2007] 463801072B6C6424BE882920FFA50413

-= EOF =-

Link to post
Share on other sites

  • 3 weeks later...
  • 2 weeks later...
  • Root Admin

Due to the lack of feedback this topic is closed to prevent others from posting here. If you need this topic reopened, please send a Private Message to any one of the moderating team members. Please include a link to this thread with your request. This applies only to the originator of this thread.

Other members who need assistance please start your own topic in a new thread. Thanks!

Link to post
Share on other sites

Guest
This topic is now closed to further replies.
  • Recently Browsing   0 members

    • No registered users viewing this page.
Back to top
×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.