MyTechSupport.ca :: Your Computer Technical Resource Headquarters! MyTechSupport.ca :: Your Computer Technical Resource Headquarters!
HOME FORUMS RESOURCES & TOOLS ARTICLES ONLINE STORE ABOUT US
Computer Support Forums arrow Internet & Network Support arrow Security & Viruses arrow Topic: HJT Log Help
October 15, 2019, 11:48:49 AM
 

Home Forum Rules Help Search Mobile Version Login Register

Welcome, Guest. Please login or register.
Did you miss your activation email?
October 15, 2019, 11:48:49 AM

Login with username, password and session length
 
News
Welcome to MyTechSupport.ca! - Registration is FREE, so why not join our friendly community today?
  0 Members and 1 Guest are viewing this topic.
Pages: [1] Go Down Print
Author Topic: HJT Log Help  (Read 4566 times)
Team48Lowes
Sr. Member
****

Karma: +0/-0
Offline Offline

Gender: Male
Posts: 170


Bookmark and Share

View Profile
« on: November 19, 2009, 05:46:18 PM »

Here ya go, please help!

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 11:45:59 AM, on 11/19/2009
Platform: Windows Vista SP2 (WinNT 6.00.1906)
MSIE: Internet Explorer v8.00 (8.00.6001.18828)
Boot mode: Normal

Running processes:
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Windows\system32\taskeng.exe
C:\Windows\System32\mobsync.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Program Files\TOSHIBA\TOSHIBA Applet\THotkey.exe
C:\Program Files\Synaptics\SynTP\SynTPStart.exe
C:\Windows\System32\igfxtray.exe
C:\Windows\System32\hkcmd.exe
C:\Windows\System32\igfxpers.exe
C:\Program Files\Itiva\Itiva Media Accelerator\ItivaMediaAccelerator.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\Realtek\Audio\HDA\RtHDVCpl.exe
C:\Windows\System32\ctfmon.exe
C:\Windows\ehome\ehtray.exe
C:\Program Files\RocketDock\RocketDock.exe
C:\Windows\System32\rundll32.exe
C:\Windows\system32\igfxsrvc.exe
C:\Windows\ehome\ehmsas.exe
C:\Users\T-Dawg\AppData\Local\Google\Update\1.2.183.13\GoogleCrashHandler.exe
C:\Windows\system32\wbem\unsecapp.exe
C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
C:\Program Files\Windows Media Player\wmpnscfg.exe
C:\Program Files\PCLinq2 High-Speed USB Bridge Cable\pclinq2a.exe
C:\Users\T-Dawg\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\T-Dawg\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\T-Dawg\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\T-Dawg\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\T-Dawg\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\T-Dawg\AppData\Local\Google\Chrome\Application\chrome.exe
C:\users\t-dawg\desktop\programs\hjt\HijackThis.exe
C:\Users\T-Dawg\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Windows\system32\SearchFilterHost.exe
C:\Users\T-Dawg\AppData\Local\Google\Chrome\Application\chrome.exe
C:\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.facebook.com/
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
O2 - BHO: IE7Pro - {00011268-E188-40DF-A514-835FCD78B1BF} - C:\Program Files\IEPro\iepro.dll
O2 - BHO: (no name) - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - (no file)
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: RealPlayer Download and Record Plugin for Internet Explorer - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\Program Files\Real\RealPlayer\rpbrowserrecordplugin.dll
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre6\bin\ssv.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: Google Gears Helper - {E0FEFE40-FBF9-42AE-BA58-794CA7E3FB53} - C:\Program Files\Google\Google Gears\Internet Explorer\0.5.33.0\gears.dll
O3 - Toolbar: &Save Flash - {4064EA35-578D-4073-A834-C96D82CBCF40} - C:\Program Files\Save Flash\SaveFlash.dll
O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [SynTPLpr] C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
O4 - HKLM\..\Run: [THotkey] C:\Program Files\Toshiba\Toshiba Applet\thotkey.exe
O4 - HKLM\..\Run: [SynTPStart] C:\Program Files\Synaptics\SynTP\SynTPStart.exe
O4 - HKLM\..\Run: [IgfxTray] C:\Windows\system32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\Windows\system32\hkcmd.exe
O4 - HKLM\..\Run: [Persistence] C:\Windows\system32\igfxpers.exe
O4 - HKLM\..\Run: [Itiva Media Accelerator] C:\Program Files\Itiva\Itiva Media Accelerator\ItivaMediaAccelerator.exe
O4 - HKLM\..\Run: [Rmusesabe] rundll32.exe "C:\Users\T-Dawg\AppData\Local\lgdadr.dll",e
O4 - HKLM\..\Run: [Wrosuli] rundll32.exe "C:\Users\T-Dawg\AppData\Local\etaqatuzaruqe.dll",e
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe"  -osboot
O4 - HKLM\..\Run: [RtHDVCpl] C:\Program Files\Realtek\Audio\HDA\RtHDVCpl.exe -s
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [ehTray.exe] C:\Windows\ehome\ehTray.exe
O4 - HKCU\..\Run: [RocketDock] "C:\Program Files\RocketDock\RocketDock.exe"
O4 - HKCU\..\Run: [Rmusesabe] rundll32.exe "C:\Users\T-Dawg\AppData\Local\lgdadr.dll",e
O4 - HKCU\..\Run: [Wrosuli] rundll32.exe "C:\Users\T-Dawg\AppData\Local\etaqatuzaruqe.dll",e
O4 - HKCU\..\Run: [Google Update] "C:\Users\T-Dawg\AppData\Local\Google\Update\GoogleUpdate.exe" /c
O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-19\..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-18\..\Run: [MySpaceIM] C:\Program Files\MySpace\IM\MySpaceIM.exe (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [MySpaceIM] C:\Program Files\MySpace\IM\MySpaceIM.exe (User 'Default user')
O4 - Startup: LimeWire On Startup.lnk = C:\Program Files\LimeWire\LimeWire.exe
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000
O8 - Extra context menu item: Save Flash - res://C:\Program Files\UnH Solutions\Flash Saving Plugin\FlashSButton.dll/210
O8 - Extra context menu item: Send image to &Bluetooth Device... - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm
O8 - Extra context menu item: Send page to &Bluetooth Device... - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
O8 - Extra context menu item: Sothink SWF Catcher - C:\Program Files\Common Files\SourceTec\SWF Catcher\InternetExplorer.htm
O9 - Extra button: IE7Pro Grab and Drag - {000002a3-84fe-43f1-b958-f2c3ca804f1a} - C:\Program Files\IEPro\iepro.dll
O9 - Extra 'Tools' menuitem: IE7Pro Grab and Drag - {000002a3-84fe-43f1-b958-f2c3ca804f1a} - C:\Program Files\IEPro\iepro.dll
O9 - Extra button: IE7Pro Preferences - {0026439F-A980-4f18-8C95-4F1CBBF9C1D8} - C:\Program Files\IEPro\iepro.dll
O9 - Extra 'Tools' menuitem: IE7Pro Preferences - {0026439F-A980-4f18-8C95-4F1CBBF9C1D8} - C:\Program Files\IEPro\iepro.dll
O9 - Extra button: (no name) - {09C04DA7-5B76-4EBC-BBEE-B25EAC5965F5} - C:\Program Files\Google\Google Gears\Internet Explorer\0.5.33.0\gears.dll
O9 - Extra 'Tools' menuitem: &Gears Settings - {09C04DA7-5B76-4EBC-BBEE-B25EAC5965F5} - C:\Program Files\Google\Google Gears\Internet Explorer\0.5.33.0\gears.dll
O9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~4\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~4\Office12\ONBttnIE.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~4\Office12\REFIEBAR.DLL
O9 - Extra button: @btrez.dll,-4015 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
O9 - Extra 'Tools' menuitem: @btrez.dll,-12650 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search && Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
O9 - Extra button: Sothink SWF Catcher - {E19ADC6E-3909-43E4-9A89-B7B676377EE3} - C:\Program Files\Common Files\SourceTec\SWF Catcher\InternetExplorer.htm
O9 - Extra 'Tools' menuitem: Sothink SWF Catcher - {E19ADC6E-3909-43E4-9A89-B7B676377EE3} - C:\Program Files\Common Files\SourceTec\SWF Catcher\InternetExplorer.htm
O9 - Extra button: Flash - {43CF38F3-5AEC-45a3-AD31-04EB06E9C6CA} - C:\Program Files\UnH Solutions\Flash Saving Plugin\FlashSButton.dll (HKCU)
O13 - Gopher Prefix:
O15 - Trusted Zone: *.antimalwareguard.com
O15 - Trusted Zone: *.gomyhit.com
O15 - Trusted Zone: http://*.youtube.com
O20 - AppInit_DLLs: goweha.dll
O23 - Service: Ad-Aware 2007 Service (aawservice) - Lavasoft AB - C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: FLEXnet Licensing Service - Acresso Software Inc. - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
O23 - Service: Goweh Service (GowehSrv) - Unknown owner - C:\Windows\system32\goweh.exe
O23 - Service: Google Update Service (gupdate1c933be2a53af20) (gupdate1c933be2a53af20) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe
O23 - Service: iolo DMV Service (ioloDMV) - Unknown owner - C:\Program Files\iolo\Common\Lib\ioloDMVSvc.exe (file missing)
O23 - Service: PingTaisWz - Unknown owner - C:\TOSHIBAVISTACOMP\PingTaisWizard.exe
O23 - Service: PLFlash DeviceIoControl Service - Prolific Technology Inc. - C:\Windows\system32\IoctlSvc.exe
O23 - Service: ProtexisLicensing - Unknown owner - C:\WINDOWS\system32\PSIService.exe
O23 - Service: Roxio UPnP Renderer 11 - Unknown owner - C:\Program Files\Roxio Creator 2009 Ultimate\Digital Home 11\RoxioUPnPRenderer11.exe (file missing)
O23 - Service: LiveShare P2P Server 9 (RoxLiveShare9) - Unknown owner - C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxLiveShare9.exe (file missing)
O23 - Service: Remote Packet Capture Protocol v.0 (experimental) (rpcapd) - CACE Technologies - C:\Program Files\WinPcap\rpcapd.exe
O23 - Service: SBSD Security Center Service (SBSDWSCService) - Safer Networking Ltd. - C:\Program Files\Spybot - Search & Destroy\SDWinSec.exe
O23 - Service: TOSHIBA Application Service (TAPPSRV) - TOSHIBA Corp. - C:\Program Files\TOSHIBA\TOSHIBA Applet\TAPPSRV.exe

--
End of file - 10396 bytes
Logged

 
Pancake
Global Moderator
Hero Member
*****

Karma: +78/-0
Offline Offline

Gender: Male
Posts: 3915


Bookmark and Share

View Profile
« Reply #1 on: November 19, 2009, 09:34:24 PM »

Hi.Welcome to the forum


Run both these programs.


Please download Malwarebytes' Anti-Malware from one of these places:

 http://www.majorgeeks.com/Malwarebytes_Anti-Malware_d5756.html

 http://www.besttechie.net/tools/mbam-setup.exe




Double Click mbam-setup.exe to install the application.
If it will not run make a copy of the MBAM.exe and rename MBAM.exe to xxx.exe and run that.Keep the genuine MBAM.exe as we may need to run that later as is.
* Make sure a checkmark is placed next to Update Malwarebytes' Anti-Malware and Launch Malwarebytes' Anti-Malware, then click Finish.
* If an update is found, it will download and install the latest version.

* Once the program has loaded, select "Perform Quick Scan", then click Scan.
* The scan may take some time to finish,so please be patient.
* When the scan is complete, click OK, then Show Results to view the results.
* Make sure that everything is checked, and click Remove Selected.
* When disinfection is completed, a log will open in Notepad and you may be prompted to Restart.(See Extra Note)
* The log is automatically saved by MBAM and can be viewed by clicking the Logs tab in MBAM.
* Copy&Paste the entire report in your next reply.

PLEASE NOTE:
 If MBAM encounters a file that is difficult to remove, you may be asked to reboot your computer so it can proceed with the disinfection process. Regardless if prompted to restart the computer or not, please do so immediately. Failure to reboot normally (not into safe mode) will prevent MBAM from removing all the malware. MBAM may "make changes to your registry" as part of its disinfection routine. If using other security programs that detect registry changes (ie Spybot's Teatimer), they may interfere or alert you after scanning with MBAM. Please temporarily disable such programs or permit them to allow the changes.


Once that Malwarebytes' Anti-Malware is done removing the malware and you have rebooted the computer, browse around and see if you are still having that problem.


=====================================================================================




You will need to download ComboFix.exe. Download Combofix from any of the links below. You must rename it before saving it. Name it ComFx, and Save it to your desktop.



http://download.bleepingcomputer.com/sUBs/ComboFix.exe
http://www.forospyware.com/sUBs/ComboFix.exe


* IMPORTANT !!! Save ComboFix.exe to your Desktop
 It is important that it is saved and renamed following this process directly to your desktop**




Disable your AntiVirus and AntiSpyware applications, usually via a right-click on the System Tray icon. They may otherwise interfere with our tools. More help on your specific AV here: http://www.bleepingcomputer.com/forums/topic114351.html


Double click on ComFx.exe & follow the prompts.

As part of it's process, ComboFix will check to see if the Microsoft Windows Recovery Console is installed.


Follow the prompts to allow ComboFix to download and install the Microsoft Windows Recovery Console, and when prompted, agree to the End-User License Agreement to install the Microsoft Windows Recovery Console.

**Please note: If the Microsoft Windows Recovery Console is already installed, ComboFix will continue it's malware removal procedures.






Once the Microsoft Windows Recovery Console is installed using ComboFix, you should see the following message:



Click on Yes to continue scanning for malware.

When finished, it shall produce a log for you. Please include the ComboFix.txt in your reply.


Caution.....
Never use this program to remove files.Only use it with  help from an experienced user.Wrongful use can damage your computer.

Logged

An Australian Member of

EDDY
Team48Lowes
Sr. Member
****

Karma: +0/-0
Offline Offline

Gender: Male
Posts: 170


Bookmark and Share

View Profile
« Reply #2 on: November 20, 2009, 06:14:24 AM »

Here is the MBAM log.
Malwarebytes' Anti-Malware 1.41
Database version: 3201
Windows 6.0.6002 Service Pack 2

11/19/2009 9:04:12 PM
mbam-log-2009-11-19 (21-04-12).txt

Scan type: Quick Scan
Objects scanned: 115163
Time elapsed: 10 minute(s), 8 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 1
Registry Keys Infected: 11
Registry Values Infected: 4
Registry Data Items Infected: 2
Folders Infected: 3
Files Infected: 5

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
C:\Users\T-Dawg\AppData\Local\lgdadr.dll (Trojan.Downloader) -> Delete on reboot.

Registry Keys Infected:
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{00a6faf1-072e-44cf-8957-5838f569a31d} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{07b18eab-a523-4961-b6bb-170de4475cca} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{59c7fc09-1c83-4648-b3e6-003d2bbc7481} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{68af847f-6e91-45dd-9b68-d6a12c30e5d7} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{9170b96c-28d4-4626-8358-27e6caeef907} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{d1a71fa0-ff48-48dd-9b6d-7a13a3e42127} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{ddb1968e-ead6-40fd-8dae-ff14757f60c7} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{f138d901-86f0-4383-99b6-9cdd406036da} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\WakeNet (Trojan.Agent) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Low Rights\RunDll32Policy\f3ScrCtr.dll (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Multimedia\WMPlayer\Schemes\f3pss (Adware.MyWebSearch) -> Quarantined and deleted successfully.

Registry Values Infected:
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\rmusesabe (Trojan.Downloader) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\rmusesabe (Trojan.Downloader) -> Delete on reboot.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\wrosuli (Trojan.Agent) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\wrosuli (Trojan.Agent) -> Delete on reboot.

Registry Data Items Infected:
HKEY_CLASSES_ROOT\scrfile\shell\open\command\(default) (Broken.OpenCommand) -> Bad: (NOTEPAD.EXE %1) Good: ("%1" /S) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\regfile\shell\open\command\(default) (Broken.OpenCommand) -> Bad: (NOTEPAD.EXE %1) Good: (regedit.exe "%1") -> Quarantined and deleted successfully.

Folders Infected:
C:\Program Files\GalaPlayer (Trojan.Swizzor) -> Quarantined and deleted successfully.
C:\Program Files\Torrent101 (Trojan.Swizzor) -> Quarantined and deleted successfully.
C:\Program Files\Torrent101\ZM (Trojan.Swizzor) -> Quarantined and deleted successfully.

Files Infected:
C:\Users\T-Dawg\AppData\Local\lgdadr.dll (Trojan.Downloader) -> Delete on reboot.
C:\Program Files\Torrent101\Torrent101.TRC (Trojan.Swizzor) -> Quarantined and deleted successfully.
C:\Program Files\Torrent101\Torrent101_1.TRC (Trojan.Swizzor) -> Quarantined and deleted successfully.
C:\Users\T-Dawg\AppData\Roaming\wiaserva.log (Malware.Trace) -> Quarantined and deleted successfully.
C:\Users\T-Dawg\AppData\Local\etaqatuzaruqe.dll (Trojan.Agent) -> Delete on reboot.

++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
Also, it would not let me run Combo Fix. I can't figure out how to run it on Vista.
Logged

 
Pancake
Global Moderator
Hero Member
*****

Karma: +78/-0
Offline Offline

Gender: Male
Posts: 3915


Bookmark and Share

View Profile
« Reply #3 on: November 20, 2009, 06:35:04 AM »

Sorry forgot you had Vista.It wont run on it...

This will show me more of your files.Please download DDS and save it to your desktop from here:
http://download.bleepingcomputer.com/sUBs/dds.scr
or here:
http://www.forospyware.com/sUBs/dds

Disable any script blocker, and then double click dds.scr to run the tool.
When done, DDS will open two (2) logs
DDS.txt
Attach.txt
Save both reports to your desktop.

Copy/Paste the contents of 'DDS.txt' in your next reply.
These other two logs ...
* attach.txt
* ark.txt
... should be zipped/archived before attaching to the reply as well
Logged

An Australian Member of

EDDY
Team48Lowes
Sr. Member
****

Karma: +0/-0
Offline Offline

Gender: Male
Posts: 170


Bookmark and Share

View Profile
« Reply #4 on: November 20, 2009, 03:54:21 PM »


DDS (Ver_09-10-26.01) - NTFSx86 
Run by T-Dawg at  9:45:11.68 on Fri 11/20/2009
Internet Explorer: 8.0.6001.18828 BrowserJavaVersion: 1.6.0_10

============== Running Processes ===============

C:\Windows\system32\wininit.exe
C:\Windows\system32\lsm.exe
C:\Windows\system32\SLsvc.exe
C:\Windows\System32\spoolsv.exe
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Windows\system32\taskeng.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Program Files\TOSHIBA\TOSHIBA Applet\THotkey.exe
C:\Program Files\Synaptics\SynTP\SynTPStart.exe
C:\Windows\System32\igfxtray.exe
C:\Windows\System32\hkcmd.exe
C:\Windows\System32\igfxpers.exe
C:\Program Files\Itiva\Itiva Media Accelerator\ItivaMediaAccelerator.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\Realtek\Audio\HDA\RtHDVCpl.exe
C:\Program Files\Winamp\winampa.exe
C:\Windows\System32\ctfmon.exe
C:\Windows\ehome\ehtray.exe
C:\Program Files\RocketDock\RocketDock.exe
C:\Windows\system32\taskeng.exe
C:\Windows\system32\igfxsrvc.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Windows\ehome\ehRecvr.exe
C:\Windows\ehome\ehsched.exe
C:\TOSHIBAVISTACOMP\PingTaisWizard.exe
C:\Program Files\Google\Update\1.2.183.13\GoogleCrashHandler.exe
C:\Windows\system32\IoctlSvc.exe
C:\Windows\System32\mobsync.exe
C:\WINDOWS\system32\PSIService.exe
C:\Program Files\TOSHIBA\TOSHIBA Applet\TAPPSRV.exe
C:\Windows\system32\SearchIndexer.exe
C:\Program Files\Spybot - Search & Destroy\SDWinSec.exe
C:\Users\T-Dawg\AppData\Local\Google\Update\1.2.183.13\GoogleCrashHandler.exe
C:\Program Files\Windows Media Player\wmpnetwk.exe
C:\Windows\ehome\ehmsas.exe
C:\Windows\system32\wbem\unsecapp.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
C:\Program Files\Windows Media Player\wmpnscfg.exe
C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe
C:\Users\T-Dawg\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\T-Dawg\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\T-Dawg\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\T-Dawg\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Windows\system32\SearchProtocolHost.exe
C:\Users\T-Dawg\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\T-Dawg\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\T-Dawg\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Windows\system32\SearchFilterHost.exe
C:\Users\T-Dawg\Desktop\dds.scr
C:\Users\T-Dawg\Desktop\cmd.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\svchost.exe -k rpcss
C:\Windows\System32\svchost.exe -k secsvcs
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\svchost.exe -k GPSvcGroup
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\svchost.exe -k NetworkService
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Windows\system32\svchost.exe -k bthsvcs
C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
C:\Windows\system32\svchost.exe -k imgsvc
C:\Windows\System32\svchost.exe -k WerSvcGroup

============== Pseudo HJT Report ===============

uSearchMigratedDefaultURL = hxxp://www.google.com/search?q={searchTerms}&sourceid=ie7&rls=com.microsoft:en-US&ie=utf8&oe=utf8
uStart Page = hxxp://www.facebook.com/
uInternet Settings,ProxyOverride = *.local
BHO: IE7Pro BHO: {00011268-e188-40df-a514-835fcd78b1bf} - c:\program files\iepro\iepro.dll
BHO: {02478D38-C3F9-4EFB-9B51-7695ECA05670} - No File
BHO: Adobe PDF Reader Link Helper: {06849e9f-c8d7-4d59-b87d-784b7d6be0b3} - c:\program files\adobe\acrobat 7.0\activex\AcroIEHelper.dll
BHO: RealPlayer Download and Record Plugin for Internet Explorer: {3049c3e9-b461-4bc5-8870-4c09146192ca} - c:\program files\real\realplayer\rpbrowserrecordplugin.dll
BHO: Spybot-S&D IE Protection: {53707962-6f74-2d53-2644-206d7942484f} - c:\program files\spybot - search & destroy\SDHelper.dll
BHO: SSVHelper Class: {761497bb-d6f0-462c-b6eb-d4daf1d92d43} - c:\program files\java\jre6\bin\ssv.dll
BHO: Java(tm) Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll
BHO: Google Gears Helper: {e0fefe40-fbf9-42ae-ba58-794ca7e3fb53} - c:\program files\google\google gears\internet explorer\0.5.33.0\gears.dll
TB: &Save Flash: {4064ea35-578d-4073-a834-c96d82cbcf40} - c:\program files\save flash\SaveFlash.dll
uRun: [ctfmon.exe] c:\windows\system32\ctfmon.exe
uRun: [ehTray.exe] c:\windows\ehome\ehTray.exe
uRun: [RocketDock] "c:\program files\rocketdock\RocketDock.exe"
uRun: [Google Update] "c:\users\t-dawg\appdata\local\google\update\GoogleUpdate.exe" /c
mRun: [SynTPEnh] c:\program files\synaptics\syntp\SynTPEnh.exe
mRun: [SynTPLpr] c:\program files\synaptics\syntp\SynTPLpr.exe
mRun: [THotkey] c:\program files\toshiba\toshiba applet\thotkey.exe
mRun: [SynTPStart] c:\program files\synaptics\syntp\SynTPStart.exe
mRun: [IgfxTray] c:\windows\system32\igfxtray.exe
mRun: [HotKeysCmds] c:\windows\system32\hkcmd.exe
mRun: [Persistence] c:\windows\system32\igfxpers.exe
mRun: [Itiva Media Accelerator] c:\program files\itiva\itiva media accelerator\ItivaMediaAccelerator.exe
mRun: [TkBellExe] "c:\program files\common files\real\update_ob\realsched.exe"  -osboot
mRun: [RtHDVCpl] c:\program files\realtek\audio\hda\RtHDVCpl.exe -s
mRun: [WinampAgent] "c:\program files\winamp\winampa.exe"
mRun: [Malwarebytes Anti-Malware (reboot)] "c:\program files\malwarebytes' anti-malware\mbam.exe" /runcleanupscript
dRun: [MySpaceIM] c:\program files\myspace\im\MySpaceIM.exe
uPolicies-explorer: ForceActiveDesktopOn = 0 (0x0)
uPolicies-explorer: NoThemesTab = 0 (0x0)
uPolicies-system: NoColorChoice = 0 (0x0)
uPolicies-system: NoDispAppearancePage = 0 (0x0)
uPolicies-system: NoDispSettingsPage = 0 (0x0)
uPolicies-system: NoSizeChoice = 0 (0x0)
uPolicies-system: NoVisualStyleChoice = 0 (0x0)
mPolicies-explorer: BindDirectlyToPropertySetStorage = 0 (0x0)
mPolicies-system: EnableLUA = 0 (0x0)
mPolicies-system: EnableUIADesktopToggle = 0 (0x0)
IE: E&xport to Microsoft Excel - c:\progra~1\micros~2\office12\EXCEL.EXE/3000
IE: Save Flash - c:\program files\unh solutions\flash saving plugin\FlashSButton.dll/210
IE: Send image to &Bluetooth Device... - c:\program files\widcomm\bluetooth software\btsendto_ie_ctx.htm
IE: Send page to &Bluetooth Device... - c:\program files\widcomm\bluetooth software\btsendto_ie.htm
IE: Sothink SWF Catcher - c:\program files\common files\sourcetec\swf catcher\InternetExplorer.htm
IE: {CCA281CA-C863-46ef-9331-5C8D4460577F} - c:\program files\widcomm\bluetooth software\btsendto_ie.htm
IE: {E19ADC6E-3909-43E4-9A89-B7B676377EE3} - c:\program files\common files\sourcetec\swf catcher\InternetExplorer.htm
IE: {000002a3-84fe-43f1-b958-f2c3ca804f1a} - {CD275D4E-791A-4993-9D4D-6A071EDD2709} - c:\program files\iepro\iepro.dll
IE: {0026439F-A980-4f18-8C95-4F1CBBF9C1D8} - {B119EB0C-C021-46CF-85B0-34A760E0D5FE} - c:\program files\iepro\iepro.dll
IE: {09C04DA7-5B76-4EBC-BBEE-B25EAC5965F5} - {0B4350D1-055F-47A3-B112-5F2F2B0D6F08} - c:\program files\google\google gears\internet explorer\0.5.33.0\gears.dll
IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - c:\progra~1\micros~4\office12\ONBttnIE.dll
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\micros~4\office12\REFIEBAR.DLL
IE: {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - {53707962-6F74-2D53-2644-206D7942484F} - c:\program files\spybot - search & destroy\SDHelper.dll
Trusted Zone: antimalwareguard.com
Trusted Zone: gomyhit.com
Trusted Zone: youtube.com
DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} - hxxp://fpdownload.macromedia.com/get/flashplayer/current/polarbear/ultrashim.cab
Notify: igfxcui - igfxdev.dll
SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - %SystemRoot%\system32\wpdshserviceobj.dll

================= FIREFOX ===================

FF - ProfilePath - c:\users\t-dawg\appdata\roaming\mozilla\firefox\profiles\c9srt4h1.default\
FF - prefs.js: browser.startup.homepage - www.facebook.com | hxxp://home.myspace.com/index.cfm?fuseaction=user&MyToken=a142758c-0e9e-454c-9c40-e7701c132661
FF - component: c:\program files\google\google gears\firefox\lib\ff35\gears.dll
FF - plugin: c:\program files\google\update\1.2.183.13\npGoogleOneClick8.dll
FF - plugin: c:\program files\google\update\1.2.183.7\npGoogleOneClick8.dll
FF - plugin: c:\program files\itiva\itiva media accelerator\npima.dll
FF - plugin: c:\program files\mozilla firefox 3.1 beta 3\plugins\npdivx32.dll
FF - plugin: c:\program files\mozilla firefox 3.1 beta 3\plugins\npDivxPlayerPlugin.dll
FF - plugin: c:\program files\mozilla firefox 3.1 beta 3\plugins\npLegitCheckPlugin.dll
FF - plugin: c:\program files\mozilla firefox 3.1 beta 3\plugins\npnul32.dll
FF - plugin: c:\program files\unity\webplayer\loader\npUnity3D32.dll
FF - plugin: c:\program files\viewpoint\viewpoint experience technology\npViewpoint.dll
FF - plugin: c:\users\t-dawg\appdata\local\google\update\1.2.183.13\npGoogleOneClick8.dll
FF - plugin: c:\users\t-dawg\appdata\roaming\move networks\plugins\npqmp071701000002.dll
FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\microsoft.net\framework\v3.5\windows presentation foundation\dotnetassistantextension\
FF - HiddenExtension: XUL Cache: {7B41BB31-CD85-4597-A7F9-6EC570ABCD03} - c:\users\t-dawg\appdata\local\{7B41BB31-CD85-4597-A7F9-6EC570ABCD03}

---- FIREFOX POLICIES ----
c:\program files\namoroka 3.6 alpha 1\greprefs\all.js - pref("ui.use_native_colors", true);
c:\program files\namoroka 3.6 alpha 1\greprefs\all.js - pref("ui.use_native_popup_windows", false);
c:\program files\namoroka 3.6 alpha 1\greprefs\all.js - pref("browser.enable_click_image_resizing", true);
c:\program files\namoroka 3.6 alpha 1\greprefs\all.js - pref("accessibility.browsewithcaret_shortcut.enabled", true);
c:\program files\namoroka 3.6 alpha 1\greprefs\all.js - pref("javascript.options.mem.high_water_mark", 32);
c:\program files\namoroka 3.6 alpha 1\greprefs\all.js - pref("javascript.options.mem.gc_frequency",   1600);
c:\program files\namoroka 3.6 alpha 1\greprefs\all.js - pref("svg.smil.enabled", false);
c:\program files\namoroka 3.6 alpha 1\greprefs\all.js - pref("browser.formfill.debug",            false);
c:\program files\namoroka 3.6 alpha 1\greprefs\all.js - pref("browser.formfill.agedWeight",       2);
c:\program files\namoroka 3.6 alpha 1\greprefs\all.js - pref("browser.formfill.bucketSize",       1);
c:\program files\namoroka 3.6 alpha 1\greprefs\all.js - pref("browser.formfill.maxTimeGroupings", 25);
c:\program files\namoroka 3.6 alpha 1\greprefs\all.js - pref("browser.formfill.timeGroupingSize", 604800);
c:\program files\namoroka 3.6 alpha 1\greprefs\all.js - pref("browser.formfill.boundaryWeight",   25);
c:\program files\namoroka 3.6 alpha 1\greprefs\all.js - pref("browser.formfill.prefixWeight",     5);
c:\program files\namoroka 3.6 alpha 1\greprefs\all.js - pref("html5.enable", false);
c:\program files\namoroka 3.6 alpha 1\defaults\pref\firefox-branding.js - pref("app.update.download.backgroundInterval", 60);
c:\program files\namoroka 3.6 alpha 1\defaults\pref\firefox-branding.js - pref("browser.search.param.yahoo-fr", "");
c:\program files\namoroka 3.6 alpha 1\defaults\pref\firefox-branding.js - pref("browser.search.param.yahoo-fr-cjkt", "");
c:\program files\namoroka 3.6 alpha 1\defaults\pref\firefox-branding.js - pref("browser.search.param.yahoo-f-CN", "");
c:\program files\namoroka 3.6 alpha 1\defaults\pref\firefox.js - pref("browser.allTabs.previews", false);
c:\program files\namoroka 3.6 alpha 1\defaults\pref\firefox.js - pref("toolbar.customization.usesheet", false);

============= SERVICES / DRIVERS ===============

R? ASPI;Advanced SCSI Programming Interface Driver
R? FontCache;Windows Font Cache Service
R? gupdate1c933be2a53af20;Google Update Service (gupdate1c933be2a53af20)
R? MAC607;MAC607 Filter
R? NETGEAR_WG511_SERVICE;NETGEAR WG511T Wireless Adapter Service
R? NPF;NetGroup Packet Filter Driver
R? PLUsbbc2;High-Speed USB Bridge Cable Driver
R? Roxio UPnP Renderer 11;Roxio UPnP Renderer 11
R? s125bus;Sony Ericsson Device 125 driver (WDM)
R? s125mdfl;Sony Ericsson Device 125 USB WMC Modem Filter
R? s125mdm;Sony Ericsson Device 125 USB WMC Modem Driver
R? s125mgmt;Sony Ericsson Device 125 USB WMC Device Management Drivers (WDM)
R? s125obex;Sony Ericsson Device 125 USB WMC OBEX Interface
R? WnsDrvr;WnsDrvr
R? XPAD910;XPADFilter Service 910
S? GowehDriver;Goweh Driver
S? GowehSrv;Goweh Service
S? MBAMSwissArmy;MBAMSwissArmy
S? PingTaisWz;PingTaisWz
S? SBSDWSCService;SBSD Security Center Service

============== File Associations ===============

VBEFile=NOTEPAD.EXE %1
VBSFile=NOTEPAD.EXE %1

=============== Created Last 30 ================

2009-11-20 06:10:14   0   dcs---w-   C:\ComFx
2009-11-20 03:12:42   98816   ----a-w-   c:\windows\sed.exe
2009-11-20 03:12:42   77312   ----a-w-   c:\windows\MBR.exe
2009-11-20 03:12:42   260608   ----a-w-   c:\windows\PEV.exe
2009-11-20 03:12:42   161792   ----a-w-   c:\windows\SWREG.exe
2009-11-20 02:50:54   0   d-----w-   c:\program files\Malwarebytes' Anti-Malware
2009-11-19 17:45:40   396288   -c--a-w-   C:\HijackThis.exe
2009-11-19 17:33:00   0   d-----w-   c:\program files\Samsung
2009-11-18 02:11:37   0   d-----w-   c:\program files\MagicISO
2009-11-17 23:04:39   0   d-----w-   c:\programdata\Apple
2009-11-17 09:22:12   0   d-----w-   c:\program files\Windows Portable Devices
2009-11-17 09:21:03   0   ---ha-w-   c:\windows\system32\drivers\Msft_User_WpdMtpDr_01_07_00.Wdf
2009-11-17 09:20:10   0   ---ha-w-   c:\windows\system32\drivers\Msft_User_WpdFs_01_07_00.Wdf
2009-11-17 09:04:15   92672   ----a-w-   c:\windows\system32\UIAnimation.dll
2009-11-17 09:04:14   3023360   ----a-w-   c:\windows\system32\UIRibbon.dll
2009-11-17 09:04:14   1164800   ----a-w-   c:\windows\system32\UIRibbonRes.dll
2009-11-17 09:02:45   81920   ----a-w-   c:\windows\system32\wpdbusenum.dll
2009-11-17 09:00:28   555520   ----a-w-   c:\windows\system32\UIAutomationCore.dll
2009-11-17 09:00:28   4096   ----a-w-   c:\windows\system32\oleaccrc.dll
2009-11-17 09:00:28   234496   ----a-w-   c:\windows\system32\oleacc.dll
2009-11-14 09:55:47   0   d-----w-   c:\programdata\NCH Swift Sound
2009-11-14 09:55:25   0   d-----w-   c:\program files\NCH Swift Sound
2009-11-14 09:51:46   44544   ----a-w-   c:\windows\system32\GIF89.DLL
2009-11-14 09:51:46   200704   ----a-w-   c:\windows\system32\vbalExpBar6.ocx
2009-11-14 09:51:44   348160   ----a-w-   c:\windows\system32\WMAFile.dll
2009-11-14 09:51:44   1212416   ----a-w-   c:\windows\system32\AudioInfos.dll
2009-11-14 09:51:44   116296   ----a-w-   c:\windows\system32\NCTWMAProfiles.prx
2009-11-14 09:51:43   40960   ----a-w-   c:\windows\system32\SSubTmr6.dll
2009-11-14 09:51:43   1986560   ----a-w-   c:\windows\system32\AudFile.dll
2009-11-14 09:51:41   0   d-----w-   c:\program files\Free Easy Burner
2009-11-13 16:22:48   2036736   ----a-w-   c:\windows\system32\win32k.sys
2009-11-13 16:19:18   355328   ----a-w-   c:\windows\system32\WSDApi.dll
2009-11-06 07:24:34   24213   ----a-w-   c:\users\t-dawg\Modern Warfare 2 Trailer.mp3.aup
2009-11-06 07:24:34   22995   ----a-w-   c:\users\t-dawg\Modern Warfare 2 Trailer.mp3.aup.bak
2009-11-06 07:24:34   0   d-----w-   c:\users\t-dawg\Modern Warfare 2 Trailer.mp3_data
2009-11-04 18:57:19   1638912   ----a-w-   c:\windows\system32\mshtml.tlb
2009-11-02 23:38:31   54156   ---ha-w-   c:\windows\QTFont.qfn
2009-11-02 23:38:31   1409   ----a-w-   c:\windows\QTFont.for
2009-11-01 20:27:09   0   d--h--w-   c:\program files\Temp
2009-10-30 22:55:23   194   ----a-w-   c:\windows\system32\temp_0000_50218.aok
2009-10-30 22:52:29   0   d-----w-   c:\program files\Ultra MP4 Video Converter
2009-10-28 23:00:13   2421760   ----a-w-   c:\windows\system32\wucltux.dll
2009-10-28 22:59:34   87552   ----a-w-   c:\windows\system32\wudriver.dll
2009-10-28 22:59:23   33792   ----a-w-   c:\windows\system32\wuapp.exe
2009-10-28 22:59:23   171608   ----a-w-   c:\windows\system32\wuwebv.dll
2009-10-28 01:02:07   310784   ----a-w-   c:\windows\system32\unregmp2.exe
2009-10-28 01:02:06   8147456   ----a-w-   c:\windows\system32\wmploc.DLL
2009-10-27 08:21:00   0   ----a-w-   c:\windows\system32\msxver64.sqr
2009-10-27 04:30:41   0   d-----w-   c:\program files\Sync Manager Demo
2009-10-27 04:27:26   0   d-----w-   c:\program files\Remote Keylogger Viewer
2009-10-22 17:48:55   0   dc----w-   C:\LGVX11000

==================== Find3M  ====================

2009-11-19 17:33:27   51200   ----a-w-   c:\windows\inf\infpub.dat
2009-11-19 17:33:27   143360   ----a-w-   c:\windows\inf\infstrng.dat
2009-11-19 17:33:18   143360   ----a-w-   c:\windows\inf\infstor.dat
2009-11-17 09:22:07   665600   ----a-w-   c:\windows\inf\drvindex.dat
2009-11-03 02:42:06   195456   ------w-   c:\windows\system32\MpSigStub.exe
2009-11-01 20:27:18   319456   ----a-w-   c:\windows\DIFxAPI.dll
2009-10-09 19:45:28   3140   ----a-w-   c:\windows\system32\KGyGaAvL.sys
2009-10-08 03:06:31   81984   ----a-w-   c:\windows\system32\bdod.bin
2009-10-07 01:30:16   37665   ----a-w-   c:\windows\fonts\GlobalUserInterface.CompositeFont
2009-10-01 01:02:17   2537472   ----a-w-   c:\windows\system32\wpdshext.dll
2009-10-01 01:02:05   30208   ----a-w-   c:\windows\system32\WPDShextAutoplay.exe
2009-10-01 01:02:04   334848   ----a-w-   c:\windows\system32\PortableDeviceApi.dll
2009-10-01 01:02:02   87552   ----a-w-   c:\windows\system32\WPDShServiceObj.dll
2009-10-01 01:02:00   31232   ----a-w-   c:\windows\system32\BthMtpContextHandler.dll
2009-10-01 01:01:59   546816   ----a-w-   c:\windows\system32\wpd_ci.dll
2009-10-01 01:01:59   160256   ----a-w-   c:\windows\system32\PortableDeviceTypes.dll
2009-10-01 01:01:56   60928   ----a-w-   c:\windows\system32\PortableDeviceConnectApi.dll
2009-10-01 01:01:56   350208   ----a-w-   c:\windows\system32\WPDSp.dll
2009-10-01 01:01:56   196608   ----a-w-   c:\windows\system32\PortableDeviceWMDRM.dll
2009-10-01 01:01:56   100864   ----a-w-   c:\windows\system32\PortableDeviceClass*xtension.dll
2009-10-01 01:01:54   40448   ----a-w-   c:\windows\system32\drivers\WpdUsb.sys
2009-10-01 01:01:50   226816   ----a-w-   c:\windows\system32\WpdMtp.dll
2009-10-01 01:01:49   61952   ----a-w-   c:\windows\system32\WpdMtpUS.dll
2009-10-01 01:01:49   33280   ----a-w-   c:\windows\system32\WpdConns.dll
2009-09-30 00:29:49   181488   ----a-w-   c:\windows\fonts\XXII Ultimate-Black-Metal.ttf
2009-09-25 02:10:10   974848   ----a-w-   c:\windows\system32\WindowsCodecs.dll
2009-09-25 02:07:08   189440   ----a-w-   c:\windows\system32\WindowsCodecs*xt.dll
2009-09-25 02:04:32   321024   ----a-w-   c:\windows\system32\PhotoMetadataHandler.dll
2009-09-25 01:49:22   1554432   ----a-w-   c:\windows\system32\xpsservices.dll
2009-09-25 01:48:08   351232   ----a-w-   c:\windows\system32\XpsPrint.dll
2009-09-25 01:38:29   847360   ----a-w-   c:\windows\system32\OpcServices.dll
2009-09-25 01:36:13   280064   ----a-w-   c:\windows\system32\XpsGdiConverter.dll
2009-09-25 01:35:31   135680   ----a-w-   c:\windows\system32\XpsRasterService.dll
2009-09-25 01:33:25   195584   ----a-w-   c:\windows\system32\dxdiagn.dll
2009-09-25 01:33:15   829440   ----a-w-   c:\windows\system32\d3d10warp.dll
2009-09-25 01:33:01   369664   ----a-w-   c:\windows\system32\WMPhoto.dll
2009-09-25 01:32:59   252928   ----a-w-   c:\windows\system32\dxdiag.exe
2009-09-25 01:31:53   519680   ----a-w-   c:\windows\system32\d3d11.dll
2009-09-25 01:31:26   486912   ----a-w-   c:\windows\system32\d3d10level9.dll
2009-09-25 01:31:21   161280   ----a-w-   c:\windows\system32\d3d10_1.dll
2009-09-25 01:31:19   218112   ----a-w-   c:\windows\system32\d3d10_1core.dll
2009-09-25 01:31:16   1030144   ----a-w-   c:\windows\system32\d3d10.dll
2009-09-25 01:31:15   828928   ----a-w-   c:\windows\system32\d2d1.dll
2009-09-25 01:30:23   481792   ----a-w-   c:\windows\system32\dxgi.dll
2009-09-25 01:30:23   190464   ----a-w-   c:\windows\system32\d3d10core.dll
2009-09-25 01:27:25   634880   ----a-w-   c:\windows\system32\drivers\dxgkrnl.sys
2009-09-25 01:27:04   793088   ----a-w-   c:\windows\system32\FntCache.dll
2009-09-25 01:27:04   37888   ----a-w-   c:\windows\system32\cdd.dll
2009-09-25 01:27:04   1064448   ----a-w-   c:\windows\system32\DWrite.dll
2009-09-24 22:54:55   258048   ----a-w-   c:\windows\system32\winspool.drv
2009-09-24 22:54:53   667648   ----a-w-   c:\windows\system32\printfilterpipelinesvc.exe
2009-09-24 22:54:52   26112   ----a-w-   c:\windows\system32\printfilterpipelineprxy.dll
2009-09-10 16:48:01   218624   ----a-w-   c:\windows\system32\msv1_0.dll
2009-09-04 11:41:59   60928   ----a-w-   c:\windows\system32\msasn1.dll
2009-09-01 02:14:54   50176   ----a-w-   c:\users\t-dawg\appdata\roaming\84372872az.exe
2009-08-29 01:42:52   2065696   ----a-w-   c:\windows\system32\usbaaplrc.dll
2009-08-29 00:27:49   4240384   ----a-w-   c:\windows\system32\GameUXLegacyGDFs.dll
2009-08-29 00:14:38   28672   ----a-w-   c:\windows\system32\Apphlpdm.dll
2009-08-27 05:22:28   916480   ----a-w-   c:\windows\system32\wininet.dll
2009-08-27 05:17:43   71680   ----a-w-   c:\windows\system32\iesetup.dll
2009-08-27 05:17:43   109056   ----a-w-   c:\windows\system32\iesysprep.dll
2009-08-27 03:42:29   133632   ----a-w-   c:\windows\system32\ieUnatt.exe
2008-05-01 17:14:08   174   --sha-w-   c:\program files\desktop.ini
2006-12-25 19:48:07   251   ----a-w-   c:\program files\wt3d.ini
2006-11-02 12:42:02   30674   ----a-w-   c:\windows\inf\perflib\0409\perfd.dat
2006-11-02 12:42:02   30674   ----a-w-   c:\windows\inf\perflib\0409\perfc.dat
2006-11-02 12:42:02   287440   ----a-w-   c:\windows\inf\perflib\0409\perfi.dat
2006-11-02 12:42:02   287440   ----a-w-   c:\windows\inf\perflib\0409\perfh.dat
2006-11-02 09:20:21   287440   ----a-w-   c:\windows\inf\perflib\0000\perfi.dat
2006-11-02 09:20:21   287440   ----a-w-   c:\windows\inf\perflib\0000\perfh.dat
2006-11-02 09:20:19   30674   ----a-w-   c:\windows\inf\perflib\0000\perfd.dat
2006-11-02 09:20:19   30674   ----a-w-   c:\windows\inf\perflib\0000\perfc.dat
2009-07-24 14:46:22   16384   --sha-w-   c:\windows\serviceprofiles\localservice\appdata\local\microsoft\windows\history\history.ie5\index.dat
2009-07-24 14:46:22   32768   --sha-w-   c:\windows\serviceprofiles\localservice\appdata\local\microsoft\windows\temporary internet files\content.ie5\index.dat
2009-07-24 14:46:22   16384   --sha-w-   c:\windows\serviceprofiles\localservice\appdata\roaming\microsoft\windows\cookies\index.dat
2009-06-14 20:45:19   245760   --sha-w-   c:\windows\serviceprofiles\localservice\appdata\roaming\microsoft\windows\ietldcache\index.dat

============= FINISH:  9:49:02.30 ===============


I got an error, and no Ark.txt log, and assume they are connected.. Here ya go..
Logged

 
Pancake
Global Moderator
Hero Member
*****

Karma: +78/-0
Offline Offline

Gender: Male
Posts: 3915


Bookmark and Share

View Profile
« Reply #5 on: November 20, 2009, 10:01:39 PM »

Look for and delete this file.. goweha.dll

To help clean out Trusted Zones,download and run  DELDOMAINS then double click to open the DelDomains.inf .To execute the file: right-click and Select 'Install' from the Menu.
Logged

An Australian Member of

EDDY
Team48Lowes
Sr. Member
****

Karma: +0/-0
Offline Offline

Gender: Male
Posts: 170


Bookmark and Share

View Profile
« Reply #6 on: November 21, 2009, 04:01:29 PM »

Alright, did that. Here's the latest log..

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 10:00:47 AM, on 11/21/2009
Platform: Windows Vista SP2 (WinNT 6.00.1906)
MSIE: Internet Explorer v8.00 (8.00.6001.18828)
Boot mode: Normal

Running processes:
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Windows\system32\taskeng.exe
C:\Program Files\TOSHIBA\TOSHIBA Applet\THotkey.exe
C:\Program Files\Synaptics\SynTP\SynTPStart.exe
C:\Windows\System32\igfxtray.exe
C:\Windows\System32\hkcmd.exe
C:\Windows\System32\igfxpers.exe
C:\Program Files\Itiva\Itiva Media Accelerator\ItivaMediaAccelerator.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\Realtek\Audio\HDA\RtHDVCpl.exe
C:\Program Files\Winamp\winampa.exe
C:\Windows\ehome\ehtray.exe
C:\Program Files\RocketDock\RocketDock.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Windows\ehome\ehmsas.exe
C:\Windows\System32\mobsync.exe
C:\Windows\system32\igfxsrvc.exe
C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
C:\Users\T-Dawg\AppData\Local\Google\Update\1.2.183.13\GoogleCrashHandler.exe
C:\Users\T-Dawg\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\T-Dawg\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\T-Dawg\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Windows\system32\msfeedssync.exe
C:\Users\T-Dawg\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Windows\system32\wbem\unsecapp.exe
C:\Users\T-Dawg\AppData\Local\Google\Chrome\Application\chrome.exe
C:\HijackThis.exe
C:\Program Files\Windows Media Player\wmpnscfg.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.facebook.com/
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
O2 - BHO: IE7Pro - {00011268-E188-40DF-A514-835FCD78B1BF} - C:\Program Files\IEPro\iepro.dll
O2 - BHO: (no name) - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - (no file)
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: RealPlayer Download and Record Plugin for Internet Explorer - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\Program Files\Real\RealPlayer\rpbrowserrecordplugin.dll
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre6\bin\ssv.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: Google Gears Helper - {E0FEFE40-FBF9-42AE-BA58-794CA7E3FB53} - C:\Program Files\Google\Google Gears\Internet Explorer\0.5.33.0\gears.dll
O3 - Toolbar: &Save Flash - {4064EA35-578D-4073-A834-C96D82CBCF40} - C:\Program Files\Save Flash\SaveFlash.dll
O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [SynTPLpr] C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
O4 - HKLM\..\Run: [THotkey] C:\Program Files\Toshiba\Toshiba Applet\thotkey.exe
O4 - HKLM\..\Run: [SynTPStart] C:\Program Files\Synaptics\SynTP\SynTPStart.exe
O4 - HKLM\..\Run: [IgfxTray] C:\Windows\system32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\Windows\system32\hkcmd.exe
O4 - HKLM\..\Run: [Persistence] C:\Windows\system32\igfxpers.exe
O4 - HKLM\..\Run: [Itiva Media Accelerator] C:\Program Files\Itiva\Itiva Media Accelerator\ItivaMediaAccelerator.exe
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe"  -osboot
O4 - HKLM\..\Run: [RtHDVCpl] C:\Program Files\Realtek\Audio\HDA\RtHDVCpl.exe -s
O4 - HKLM\..\Run: [WinampAgent] "C:\Program Files\Winamp\winampa.exe"
O4 - HKLM\..\Run: [Malwarebytes Anti-Malware (reboot)] "C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe" /runcleanupscript
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [ehTray.exe] C:\Windows\ehome\ehTray.exe
O4 - HKCU\..\Run: [RocketDock] "C:\Program Files\RocketDock\RocketDock.exe"
O4 - HKCU\..\Run: [Google Update] "C:\Users\T-Dawg\AppData\Local\Google\Update\GoogleUpdate.exe" /c
O4 - HKUS\S-1-5-18\..\Run: [MySpaceIM] C:\Program Files\MySpace\IM\MySpaceIM.exe (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [MySpaceIM] C:\Program Files\MySpace\IM\MySpaceIM.exe (User 'Default user')
O4 - Startup: LimeWire On Startup.lnk = C:\Program Files\LimeWire\LimeWire.exe
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000
O8 - Extra context menu item: Save Flash - res://C:\Program Files\UnH Solutions\Flash Saving Plugin\FlashSButton.dll/210
O8 - Extra context menu item: Send image to &Bluetooth Device... - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm
O8 - Extra context menu item: Send page to &Bluetooth Device... - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
O8 - Extra context menu item: Sothink SWF Catcher - C:\Program Files\Common Files\SourceTec\SWF Catcher\InternetExplorer.htm
O9 - Extra button: IE7Pro Grab and Drag - {000002a3-84fe-43f1-b958-f2c3ca804f1a} - C:\Program Files\IEPro\iepro.dll
O9 - Extra 'Tools' menuitem: IE7Pro Grab and Drag - {000002a3-84fe-43f1-b958-f2c3ca804f1a} - C:\Program Files\IEPro\iepro.dll
O9 - Extra button: IE7Pro Preferences - {0026439F-A980-4f18-8C95-4F1CBBF9C1D8} - C:\Program Files\IEPro\iepro.dll
O9 - Extra 'Tools' menuitem: IE7Pro Preferences - {0026439F-A980-4f18-8C95-4F1CBBF9C1D8} - C:\Program Files\IEPro\iepro.dll
O9 - Extra button: (no name) - {09C04DA7-5B76-4EBC-BBEE-B25EAC5965F5} - C:\Program Files\Google\Google Gears\Internet Explorer\0.5.33.0\gears.dll
O9 - Extra 'Tools' menuitem: &Gears Settings - {09C04DA7-5B76-4EBC-BBEE-B25EAC5965F5} - C:\Program Files\Google\Google Gears\Internet Explorer\0.5.33.0\gears.dll
O9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~4\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~4\Office12\ONBttnIE.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~4\Office12\REFIEBAR.DLL
O9 - Extra button: @btrez.dll,-4015 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
O9 - Extra 'Tools' menuitem: @btrez.dll,-12650 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search && Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
O9 - Extra button: Sothink SWF Catcher - {E19ADC6E-3909-43E4-9A89-B7B676377EE3} - C:\Program Files\Common Files\SourceTec\SWF Catcher\InternetExplorer.htm
O9 - Extra 'Tools' menuitem: Sothink SWF Catcher - {E19ADC6E-3909-43E4-9A89-B7B676377EE3} - C:\Program Files\Common Files\SourceTec\SWF Catcher\InternetExplorer.htm
O9 - Extra button: Flash - {43CF38F3-5AEC-45a3-AD31-04EB06E9C6CA} - C:\Program Files\UnH Solutions\Flash Saving Plugin\FlashSButton.dll (HKCU)
O13 - Gopher Prefix:
O20 - AppInit_DLLs: goweha.dll
O23 - Service: Ad-Aware 2007 Service (aawservice) - Lavasoft AB - C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: FLEXnet Licensing Service - Acresso Software Inc. - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
O23 - Service: Goweh Service (GowehSrv) - Unknown owner - C:\Windows\system32\goweh.exe
O23 - Service: Google Update Service (gupdate1c933be2a53af20) (gupdate1c933be2a53af20) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe
O23 - Service: iolo DMV Service (ioloDMV) - Unknown owner - C:\Program Files\iolo\Common\Lib\ioloDMVSvc.exe (file missing)
O23 - Service: PingTaisWz - Unknown owner - C:\TOSHIBAVISTACOMP\PingTaisWizard.exe
O23 - Service: PLFlash DeviceIoControl Service - Prolific Technology Inc. - C:\Windows\system32\IoctlSvc.exe
O23 - Service: ProtexisLicensing - Unknown owner - C:\WINDOWS\system32\PSIService.exe
O23 - Service: Roxio UPnP Renderer 11 - Unknown owner - C:\Program Files\Roxio Creator 2009 Ultimate\Digital Home 11\RoxioUPnPRenderer11.exe (file missing)
O23 - Service: LiveShare P2P Server 9 (RoxLiveShare9) - Unknown owner - C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxLiveShare9.exe (file missing)
O23 - Service: Remote Packet Capture Protocol v.0 (experimental) (rpcapd) - CACE Technologies - C:\Program Files\WinPcap\rpcapd.exe
O23 - Service: SBSD Security Center Service (SBSDWSCService) - Safer Networking Ltd. - C:\Program Files\Spybot - Search & Destroy\SDWinSec.exe
O23 - Service: TOSHIBA Application Service (TAPPSRV) - TOSHIBA Corp. - C:\Program Files\TOSHIBA\TOSHIBA Applet\TAPPSRV.exe

--
End of file - 9401 bytes
Logged

 
Pancake
Global Moderator
Hero Member
*****

Karma: +78/-0
Offline Offline

Gender: Male
Posts: 3915


Bookmark and Share

View Profile
« Reply #7 on: November 21, 2009, 09:00:13 PM »

Have "HijackThis" fix  the following item/s in the list below by placing a check in the appropriate boxes.Confirm that you have only the listed ones checked, then press <Fix checked> and close"HijackThis".Please close any open programs before doing this fix.


O20 - AppInit_DLLs: goweha.dll
O23 - Service: Goweh Service (GowehSrv) - Unknown owner - C:\Windows\system32\goweh.exe
O23 - Service: iolo DMV Service (ioloDMV) - Unknown owner - C:\Program Files\iolo\Common\Lib\ioloDMVSvc.exe (file missing)
O23 - Service: Roxio UPnP Renderer 11 - Unknown owner - C:\Program Files\Roxio Creator 2009 Ultimate\Digital Home 11\RoxioUPnPRenderer11.exe (file missing)
O23 - Service: LiveShare P2P Server 9 (RoxLiveShare9) - Unknown owner - C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxLiveShare9.exe (file missing)









« Last Edit: November 21, 2009, 09:37:02 PM by Pancake » Logged

An Australian Member of

EDDY
Team48Lowes
Sr. Member
****

Karma: +0/-0
Offline Offline

Gender: Male
Posts: 170


Bookmark and Share

View Profile
« Reply #8 on: November 22, 2009, 07:22:17 PM »

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 1:20:06 PM, on 11/22/2009
Platform: Windows Vista SP2 (WinNT 6.00.1906)
MSIE: Internet Explorer v8.00 (8.00.6001.18828)
Boot mode: Normal

Running processes:
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Windows\system32\taskeng.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
C:\Program Files\TOSHIBA\TOSHIBA Applet\THotkey.exe
C:\Program Files\Synaptics\SynTP\SynTPStart.exe
C:\Windows\System32\igfxtray.exe
C:\Windows\System32\hkcmd.exe
C:\Windows\System32\igfxpers.exe
C:\Program Files\Itiva\Itiva Media Accelerator\ItivaMediaAccelerator.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\Realtek\Audio\HDA\RtHDVCpl.exe
C:\Program Files\Winamp\winampa.exe
C:\Windows\ehome\ehtray.exe
C:\Program Files\RocketDock\RocketDock.exe
C:\Windows\system32\igfxsrvc.exe
C:\Windows\System32\mobsync.exe
C:\Windows\ehome\ehmsas.exe
C:\Users\T-Dawg\AppData\Local\Google\Update\1.2.183.13\GoogleCrashHandler.exe
C:\Users\T-Dawg\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Windows\system32\wbem\unsecapp.exe
C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
C:\Users\T-Dawg\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\T-Dawg\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\T-Dawg\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Windows\system32\SearchFilterHost.exe
C:\Users\T-Dawg\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\T-Dawg\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Program Files\Windows Media Player\wmpnscfg.exe
C:\Users\T-Dawg\AppData\Local\Google\Chrome\Application\chrome.exe
C:\HijackThis.exe
C:\Windows\System32\mspaint.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.facebook.com/
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
O2 - BHO: (no name) - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - (no file)
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: RealPlayer Download and Record Plugin for Internet Explorer - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\Program Files\Real\RealPlayer\rpbrowserrecordplugin.dll
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre6\bin\ssv.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: Google Gears Helper - {E0FEFE40-FBF9-42AE-BA58-794CA7E3FB53} - C:\Program Files\Google\Google Gears\Internet Explorer\0.5.33.0\gears.dll
O3 - Toolbar: &Save Flash - {4064EA35-578D-4073-A834-C96D82CBCF40} - C:\Program Files\Save Flash\SaveFlash.dll
O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [SynTPLpr] C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
O4 - HKLM\..\Run: [THotkey] C:\Program Files\Toshiba\Toshiba Applet\thotkey.exe
O4 - HKLM\..\Run: [SynTPStart] C:\Program Files\Synaptics\SynTP\SynTPStart.exe
O4 - HKLM\..\Run: [IgfxTray] C:\Windows\system32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\Windows\system32\hkcmd.exe
O4 - HKLM\..\Run: [Persistence] C:\Windows\system32\igfxpers.exe
O4 - HKLM\..\Run: [Itiva Media Accelerator] C:\Program Files\Itiva\Itiva Media Accelerator\ItivaMediaAccelerator.exe
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe"  -osboot
O4 - HKLM\..\Run: [RtHDVCpl] C:\Program Files\Realtek\Audio\HDA\RtHDVCpl.exe -s
O4 - HKLM\..\Run: [WinampAgent] "C:\Program Files\Winamp\winampa.exe"
O4 - HKLM\..\Run: [Malwarebytes Anti-Malware (reboot)] "C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe" /runcleanupscript
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [ehTray.exe] C:\Windows\ehome\ehTray.exe
O4 - HKCU\..\Run: [RocketDock] "C:\Program Files\RocketDock\RocketDock.exe"
O4 - HKCU\..\Run: [Google Update] "C:\Users\T-Dawg\AppData\Local\Google\Update\GoogleUpdate.exe" /c
O4 - HKUS\S-1-5-18\..\Run: [MySpaceIM] C:\Program Files\MySpace\IM\MySpaceIM.exe (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [MySpaceIM] C:\Program Files\MySpace\IM\MySpaceIM.exe (User 'Default user')
O4 - Startup: LimeWire On Startup.lnk = C:\Program Files\LimeWire\LimeWire.exe
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000
O8 - Extra context menu item: Save Flash - res://C:\Program Files\UnH Solutions\Flash Saving Plugin\FlashSButton.dll/210
O8 - Extra context menu item: Send image to &Bluetooth Device... - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm
O8 - Extra context menu item: Send page to &Bluetooth Device... - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
O8 - Extra context menu item: Sothink SWF Catcher - C:\Program Files\Common Files\SourceTec\SWF Catcher\InternetExplorer.htm
O9 - Extra button: (no name) - {09C04DA7-5B76-4EBC-BBEE-B25EAC5965F5} - C:\Program Files\Google\Google Gears\Internet Explorer\0.5.33.0\gears.dll
O9 - Extra 'Tools' menuitem: &Gears Settings - {09C04DA7-5B76-4EBC-BBEE-B25EAC5965F5} - C:\Program Files\Google\Google Gears\Internet Explorer\0.5.33.0\gears.dll
O9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~4\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~4\Office12\ONBttnIE.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~4\Office12\REFIEBAR.DLL
O9 - Extra button: @btrez.dll,-4015 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
O9 - Extra 'Tools' menuitem: @btrez.dll,-12650 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search && Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
O9 - Extra button: Sothink SWF Catcher - {E19ADC6E-3909-43E4-9A89-B7B676377EE3} - C:\Program Files\Common Files\SourceTec\SWF Catcher\InternetExplorer.htm
O9 - Extra 'Tools' menuitem: Sothink SWF Catcher - {E19ADC6E-3909-43E4-9A89-B7B676377EE3} - C:\Program Files\Common Files\SourceTec\SWF Catcher\InternetExplorer.htm
O9 - Extra button: Flash - {43CF38F3-5AEC-45a3-AD31-04EB06E9C6CA} - C:\Program Files\UnH Solutions\Flash Saving Plugin\FlashSButton.dll (HKCU)
O13 - Gopher Prefix:
O20 - AppInit_DLLs: goweha.dll
O23 - Service: Ad-Aware 2007 Service (aawservice) - Lavasoft AB - C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: FLEXnet Licensing Service - Acresso Software Inc. - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
O23 - Service: Goweh Service (GowehSrv) - Unknown owner - C:\Windows\system32\goweh.exe
O23 - Service: Google Update Service (gupdate1c933be2a53af20) (gupdate1c933be2a53af20) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe
O23 - Service: iolo DMV Service (ioloDMV) - Unknown owner - C:\Program Files\iolo\Common\Lib\ioloDMVSvc.exe (file missing)
O23 - Service: PingTaisWz - Unknown owner - C:\TOSHIBAVISTACOMP\PingTaisWizard.exe
O23 - Service: PLFlash DeviceIoControl Service - Prolific Technology Inc. - C:\Windows\system32\IoctlSvc.exe
O23 - Service: ProtexisLicensing - Unknown owner - C:\WINDOWS\system32\PSIService.exe
O23 - Service: LiveShare P2P Server 9 (RoxLiveShare9) - Unknown owner - C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxLiveShare9.exe (file missing)
O23 - Service: Remote Packet Capture Protocol v.0 (experimental) (rpcapd) - CACE Technologies - C:\Program Files\WinPcap\rpcapd.exe
O23 - Service: SBSD Security Center Service (SBSDWSCService) - Safer Networking Ltd. - C:\Program Files\Spybot - Search & Destroy\SDWinSec.exe
O23 - Service: TOSHIBA Application Service (TAPPSRV) - TOSHIBA Corp. - C:\Program Files\TOSHIBA\TOSHIBA Applet\TAPPSRV.exe

--
End of file - 8886 bytes


It would not delete this one, even in safe mode..
O23 - Service: Goweh Service (GowehSrv) - Unknown owner - C:\Windows\system32\goweh.exe

Also, what about these files and folders?
Logged

 
Pancake
Global Moderator
Hero Member
*****

Karma: +78/-0
Offline Offline

Gender: Male
Posts: 3915


Bookmark and Share

View Profile
« Reply #9 on: November 22, 2009, 09:26:32 PM »

Ok.Its not a problem if they stay there.They are only a dead reference.
Logged

An Australian Member of

EDDY
Team48Lowes
Sr. Member
****

Karma: +0/-0
Offline Offline

Gender: Male
Posts: 170


Bookmark and Share

View Profile
« Reply #10 on: November 23, 2009, 01:37:21 AM »

Ok, so everything is good?

Also, I don't kno if this is the correct place, but I'm having problems with Windows Media Player. It won't start. And anything associated with WMP won't work. Reregistering the jscript.dll and vbscript.dll creates this error. Please help or direct me to help.
Logged

 
Pancake
Global Moderator
Hero Member
*****

Karma: +78/-0
Offline Offline

Gender: Male
Posts: 3915


Bookmark and Share

View Profile
« Reply #11 on: November 23, 2009, 02:04:09 AM »

There are not to many that are active  to help you here so I would direct you to log in here to the Hardware Forum and they will help.

http://www.pchelpforum.com/forum.php
Logged

An Australian Member of

EDDY
Team48Lowes
Sr. Member
****

Karma: +0/-0
Offline Offline

Gender: Male
Posts: 170


Bookmark and Share

View Profile
« Reply #12 on: November 23, 2009, 06:39:24 AM »

Much appreciation for your help.
Logged

 
Pancake
Global Moderator
Hero Member
*****

Karma: +78/-0
Offline Offline

Gender: Male
Posts: 3915


Bookmark and Share

View Profile
« Reply #13 on: November 23, 2009, 09:15:28 AM »

Your welcome.
Logged

An Australian Member of

EDDY
Pages: [1] Go Up Print 
 
Jump to:  

Powered by MySQL Powered by PHP

Powered by SMF 1.1.21 | SMF © 2015, Simple Machines

Valid XHTML 1.0! Valid CSS!

Disclaimer
This site is NOT responsible for any damage that the information on this site may cause to your system. Everything you try, whether inspired by the response given from this site or not, is entirely at your own risk. All product names and company names used herein are for identification purpose only and may be trademarks or registered trademarks of their respective owners. We are in no way affiliated or representing any of the companies on this site unless specified.
Back to Top
Stop Spam Harvesters, Join Project Honey Pot Fight Back Against Spammers! Get Firefox! Get Thunderbird! View Sylvain Amyots profile on LinkedIn
Back to Top
Google visited last this page April 30, 2018, 07:48:04 AM