Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Being redirected and jumped


  • This topic is locked This topic is locked
2 replies to this topic

#1 Lance63

Lance63

  • Members
  • 2 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Langley BC
  • Local time:06:49 PM

Posted 24 February 2009 - 08:39 PM

:thumbup2: So I have read the above and am trying to run dds on my frickin puter......

Am constantly being redirected, now have run PrevxCSI 3.0 and it tells me I have 4 infections on my computer.
Unfortunately I don't know if this is a reputable program so am hesitant to buy till I hear otherwise. I can't read the full infection names based on their windows set-up but I have what I think says 3 High Risk Cloaked Malware (I will write as much of their names as is visible) and Infected entry

ROOTKIT c:\windows\system32\drivers\gaopdxyejsiaom.sys High Risk Cloaked Mal....
THREAT \REGISTRY\Machine\system\ControlSet001\Services\goapd.... Infected Entry:[image....
THREAT c:\recyclers\s-7-2-38-100004191-100000578-100004679-57.. High Risk Cloaked Mal...
THREAT c:\program files\mozilla firefox\components\iamfamous.dll High Risk Cloaked Mal...

I am sending this from my iMac - my other puter is

OS Name Microsoft Windows XP Home Edition
Version 5.1.2600 Service Pack 3 Build 2600
OS Manufacturer Microsoft Corporation
System Name
System Manufacturer To Be Filled By O.E.M.
System Model To Be Filled By O.E.M.
System Type X86-based PC
Processor x86 Family 15 Model 31 Stepping 0 AuthenticAMD ~2002 Mhz
BIOS Version/Date American Megatrends Inc. 1009.007, 22/12/2004
SMBIOS Version 2.3
Windows Directory C:\WINDOWS
System Directory C:\WINDOWS\system32
Boot Device \Device\HarddiskVolume1
Locale United States
Hardware Abstraction Layer Version = "5.1.2600.5512 (xpsp.080413-2111)"
User Name
Time Zone Pacific Standard Time
Total Physical Memory 1,024.00 MB
Available Physical Memory 1.14 GB
Total Virtual Memory 2.00 GB
Available Virtual Memory 1.96 GB
Page File Space 3.85 GB
Page File C:\pagefile.sys

My internet providers Anti-Virus keeps quarantining the following virus too..has quarantined about 5 times now....

C:\WINDOWS\SYSTEM32\GOAPDXLLVBAWKR.DLL


So thats it so far will get dds report up asap!

Well here is dds -


DDS (Ver_09-02-01.01) - NTFSx86
Run by Lance Bethell at 17:50:33.29 on 24/02/2009
Internet Explorer: 7.0.5730.13 BrowserJavaVersion: 1.6.0_07
Microsoft Windows XP Home Edition 5.1.2600.3.1252.1.1033.18.2047.1152 [GMT -8:00]

AV: TELUS eProtect Anti-Virus *On-access scanning enabled* (Updated)
FW: TELUS eProtect Firewall *enabled*

============== Running Processes ===============

C:\WINDOWS\system32\svchost -k DcomLaunch
svchost.exe
C:\WINDOWS\System32\svchost.exe -k netsvcs
C:\Program Files\TELUS\TELUS eProtect\Fws.exe
svchost.exe
svchost.exe
C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
C:\Program Files\Common Files\Symantec Shared\AppCore\AppSvc32.exe
C:\Program Files\Lavasoft\Ad-Aware\AAWService.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\WINDOWS\system32\cisvc.exe
C:\Program Files\Common Files\Authentium\AntiVirus\dvpapi.exe
C:\Program Files\CA\PPRT\bin\ITMRTSVC.exe
C:\PROGRA~1\NORTON~1\NORTON~1\NPROTECT.EXE
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\system32\PnkBstrA.exe
C:\Program Files\CyberLink\Shared files\RichVideo.exe
C:\PROGRA~1\NORTON~1\NORTON~1\SPEEDD~1\NOPDB.EXE
C:\Program Files\Spyware Terminator\sp_rsser.exe
C:\WINDOWS\system32\svchost.exe -k imgsvc
C:\WINDOWS\system32\Tablet.exe
C:\Program Files\Lavasoft\Ad-Aware\AAWTray.exe
C:\WINDOWS\system32\cidaemon.exe
C:\PROGRA~1\COMMON~1\Stardock\SDMCP.exe
C:\PROGRA~1\TELUSE~1\SMARTB~1\MotiveSB.exe
C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb09.exe
C:\Program Files\HP\hpcoretech\hpcmpmgr.exe
C:\Program Files\Hewlett-Packard\HP Software Update\HPWuSchd2.exe
C:\WINDOWS\system32\hphmon05.exe
C:\Program Files\Microsoft Hardware\Keyboard\type32.exe
C:\Program Files\Microsoft Hardware\Mouse\point32.exe
C:\Program Files\TELUS\eProtect Advisor\TEPA.exe
C:\Program Files\TELUS\TELUS eProtect\Rps.exe
C:\Program Files\Logitech\Gaming Software\LWEMon.exe
C:\WINDOWS\system32\dla\tfswctrl.exe
C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe
C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe
C:\WINDOWS\system32\HPZipm12.exe
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\Program Files\TELUS\eProtect Advisor\TEPAComHandler.exe
C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe
C:\Program Files\Cyberlink\Shared Files\brs.exe
C:\WINDOWS\system32\CTHELPER.EXE
C:\WINDOWS\system32\RUNDLL32.EXE
C:\Program Files\TELUS\TELUS eProtect\rpsupdaterR.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Spyware Terminator\SpywareTerminatorShield.exe
C:\Program Files\Uniblue\PowerSuite\PowerSuite.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\DNA\btdna.exe
C:\Documents and Settings\Lance Bethell\Local Settings\Application Data\Google\Update\GoogleUpdate.exe
C:\Program Files\Stardock\Object Desktop\IconX\IconX.exe
C:\Program Files\Stardock\CursorFX\CursorFX.exe
C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
C:\Program Files\Common Files\Nikon\Monitor\NkMonitor.exe
C:\WINDOWS\system32\WTablet\TabUserW.exe
C:\Program Files\MagicDisc\MagicDisc.exe
C:\Program Files\TELUS eCare\bin\mpbtn.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\Uniblue\SpyEraser\SpyEraser.exe
C:\WINDOWS\explorer.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
C:\Program Files\Prevx\prevx.exe
C:\Program Files\Prevx\prevx.exe
C:\Program Files\Microsoft Office\Office\WINWORD.EXE
C:\WINDOWS\msagent\AgentSvr.exe
C:\WINDOWS\pchealth\helpctr\binaries\helpctr.exe
C:\WINDOWS\PCHealth\HelpCtr\Binaries\HelpSvc.exe
C:\WINDOWS\system32\wuauclt.exe
F:\FireFox_Downloads\dds.scr

============== Pseudo HJT Report ===============

uStart Page = hxxp://www.google.com/
uSearch Page = hxxp://www.google.com
uSearch Bar = hxxp://www.google.com/ie
uDefault_Search_URL = hxxp://www.google.com/ie
uWindow Title = Microsoft Internet Explorer
mStart Page =
uInternet Settings,ProxyOverride = 127.0.0.1;*.local
uSearchAssistant = hxxp://www.google.com/ie
uSearchURL,(Default) = hxxp://www.google.com/search/?q=%s
mSearchAssistant = hxxp://www.google.com/ie
mWinlogon: UIHost=c:\windows\system32\logonuiX.exe
BHO: Adobe PDF Reader Link Helper: {06849e9f-c8d7-4d59-b87d-784b7d6be0b3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelper.dll
BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelperShim.dll
BHO: : {1cb20bf0-bbae-40a7-93f4-6435ff3d0411} - c:\progra~1\crawler\toolbar\ctbr.dll
BHO: RealPlayer Download and Record Plugin for Internet Explorer: {3049c3e9-b461-4bc5-8870-4c09146192ca} - c:\program files\real\realplayer\rpbrowserrecordplugin.dll
BHO: PopKill Class: {3c060ea2-e6a9-4e49-a530-d4657b8c449a} - c:\program files\telus\telus eprotect\pkR.dll
BHO: Spybot-S&D IE Protection: {53707962-6f74-2d53-2644-206d7942484f} - c:\program files\spybot - search & destroy\SDHelper.dll
BHO: DriveLetterAccess: {5ca3d70e-1895-11cf-8e15-001234567890} - c:\windows\system32\dla\tfswshx.dll
BHO: SSVHelper Class: {761497bb-d6f0-462c-b6eb-d4daf1d92d43} - c:\program files\java\jre1.6.0_07\bin\ssv.dll
TB: &Crawler Toolbar: {4b3803ea-5230-4dc3-a7fc-33638f3d3542} - c:\progra~1\crawler\toolbar\ctbr.dll
uRun: [Uniblue PowerSuite] c:\program files\uniblue\powersuite\PowerSuite.exe
uRun: [ctfmon.exe] c:\windows\system32\ctfmon.exe
uRun: [BitTorrent DNA] "c:\program files\dna\btdna.exe"
uRun: [AdobeUpdater] c:\program files\common files\adobe\updater5\AdobeUpdater.exe
uRun: [Google Update] "c:\documents and settings\lance bethell\local settings\application data\google\update\GoogleUpdate.exe" /c
uRun: [EA Core] "c:\program files\electronic arts\eadm\Core.exe" -silent
uRun: [DesktopX] "c:\program files\stardock\object desktop\iconx\IconX.exe"
uRun: [CursorFX] "c:\program files\stardock\cursorfx\CursorFX.exe"
uRun: [SpybotSD TeaTimer] c:\program files\spybot - search & destroy\TeaTimer.exe
mRun: [Motive SmartBridge] c:\progra~1\teluse~1\smartb~1\MotiveSB.exe
mRun: [NvCplDaemon] RUNDLL32.EXE c:\windows\system32\NvCpl.dll,NvStartup
mRun: [nwiz] nwiz.exe /install
mRun: [HPDJ Taskbar Utility] c:\windows\system32\spool\drivers\w32x86\3\hpztsb09.exe
mRun: [HPHUPD05] c:\program files\hewlett-packard\{d946675d-1d6c-4dc8-9e0d-b4b8eaa30eaa}\hphupd05.exe
mRun: [HP Component Manager] "c:\program files\hp\hpcoretech\hpcmpmgr.exe"
mRun: [HP Software Update] "c:\program files\hewlett-packard\hp software update\HPWuSchd2.exe"
mRun: [HPHmon05] c:\windows\system32\hphmon05.exe
mRun: [IntelliType] "c:\program files\microsoft hardware\keyboard\type32.exe"
mRun: [POINTER] c:\program files\microsoft hardware\mouse\point32.exe
mRun: [NeroFilterCheck] c:\windows\system32\NeroCheck.exe
mRun: [TEPA.exe] "c:\program files\telus\eprotect advisor\TEPA.exe" /AUTORUN
mRun: [TELUS eProtect] "c:\program files\telus\telus eprotect\Rps.exe"
mRun: [-FreedomNeedsReboot] "c:\program files\telus\telus eprotect\ZkRunOnceR.exe"
mRun: [Start WingMan Profiler] c:\program files\logitech\gaming software\LWEMon.exe /noui
mRun: [StorageGuard] "c:\program files\veritas software\update manager\sgtray.exe" /r
mRun: [dla] c:\windows\system32\dla\tfswctrl.exe
mRun: [SunJavaUpdateSched] "c:\program files\java\jre1.6.0_07\bin\jusched.exe"
mRun: [LogonStudio] "c:\program files\wincustomize\logonstudio\logonstudio.exe" /RANDOM
mRun: [Adobe Reader Speed Launcher] "c:\program files\adobe\reader 9.0\reader\Reader_sl.exe"
mRun: [ISUSScheduler] "c:\program files\common files\installshield\updateservice\issch.exe" -start
mRun: [ccApp] "c:\program files\common files\symantec shared\ccApp.exe"
mRun: [Symantec PIF AlertEng] "c:\program files\common files\symantec shared\pif\{b8e1dd85-8582-4c61-b58f-2f227fca9a08}\pifsvc.exe" /a /m "c:\program files\common files\symantec shared\pif\{b8e1dd85-8582-4c61-b58f-2f227fca9a08}\AlertEng.dll"
mRun: [NSWosCheck] c:\program files\norton systemworks premier\osCheck.exe
mRun: [RemoteControl] "c:\program files\cyberlink\powerdvd\PDVDServ.exe"
mRun: [LanguageShortcut] "c:\program files\cyberlink\powerdvd\language\Language.exe"
mRun: [BDRegion] c:\program files\cyberlink\shared files\brs.exe
mRun: [Ptipbmf] rundll32.exe ptipbmf.dll,SetWriteCacheMode
mRun: [CTHelper] CTHELPER.EXE
mRun: [NvMediaCenter] RUNDLL32.EXE c:\windows\system32\NvMcTray.dll,NvTaskbarInit
mRun: [ISUSPM Startup] "c:\program files\common files\installshield\updateservice\isuspm.exe" -startup
mRun: [QuickTime Task] "c:\program files\quicktime\QTTask.exe" -atboottime
mRun: [iTunesHelper] "c:\program files\itunes\iTunesHelper.exe"
mRun: [Ad-Watch] c:\program files\lavasoft\ad-aware\AAWTray.exe
mRun: [SpywareTerminator] "c:\program files\spyware terminator\SpywareTerminatorShield.exe"
mRunOnce: [IndexCleaner] "c:\program files\telus\telus eprotect\IdxClnR.exe"
dRun: [CTFMON.EXE] c:\windows\system32\CTFMON.EXE
StartupFolder: c:\docume~1\lanceb~1\startm~1\programs\startup\magicd~1.lnk - c:\program files\magicdisc\MagicDisc.exe
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\micros~1.lnk - c:\program files\microsoft office\office\OSA9.EXE
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\nikonm~1.lnk - c:\program files\common files\nikon\monitor\NkMonitor.exe
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\tabuse~1.lnk - c:\windows\system32\wtablet\TabUserW.exe
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\teluse~1.lnk - c:\program files\telus ecare\bin\matcli.exe
uPolicies-explorer: NoViewOnDrive = 0 (0x0)
IE: Add to Google Photos Screensa&ver - c:\windows\system32\GPhotos.scr/200
IE: Crawler Search - tbr:iemenu
IE: {5E638779-1818-4754-A595-EF1C63B87A56} - c:\program files\norton systemworks premier\norton cleanup\WCQuick.lnk
IE: {CD67F990-D8E9-11d2-98FE-00C0F0318AFE}
IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe
IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe
IE: {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - {CAFEEFAC-0016-0000-0007-ABCDEFFEDCBC} - c:\program files\java\jre1.6.0_07\bin\ssv.dll
IE: {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - {53707962-6F74-2D53-2644-206D7942484F} - c:\program files\spybot - search & destroy\SDHelper.dll
DPF: Microsoft XML Parser for Java
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_07-windows-i586.cab
DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} - hxxp://fpdownload.macromedia.com/get/flashplayer/current/polarbear/ultrashim.cab
DPF: {CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_07-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_07-windows-i586.cab
TCP: NameServer = 85.255.112.39,85.255.112.40
TCP: {B0A2DAAA-E038-4793-846E-58B6A204D1B2} = 85.255.112.39,85.255.112.40
Handler: cetihpz - {CF184AD3-CDCB-4168-A3F7-8E447D129300} - c:\program files\hp\hpcoretech\comp\hpuiprot.dll
Handler: tbr - {4D25FB7A-8902-4291-960E-9ADA051CFBBF} - c:\progra~1\crawler\toolbar\ctbr.dll
Notify: MCPClient - c:\progra~1\common~1\stardock\mcpstub.dll
Notify: WBSrv - c:\progra~1\stardock\object~1\window~1\wbsrv.dll
AppInit_DLLs: wbsys.dll
SSODL: 0aMCPClient - {F5DF91F9-15E9-416B-A7C3-7519B11ECBFC} - c:\progra~1\common~1\stardock\MCPCore.dll
SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - c:\windows\system32\WPDShServiceObj.dll
SSODL: IconPackager Repair - {1799460C-0BC8-4865-B9DF-4A36CD703FF0} - c:\program files\stardock\object desktop\iconpackager\iprepair.dll
STS: Deskscapes Class: {ec654325-1273-c2a9-2b7c-45d29bce68fb} - c:\program files\stardock\object desktop\deskscapes\deskscapes.dll
STS: Stardock Vista ControlPanel Extension: {ec654325-1273-c2a9-2b7c-45d29bce68fd} - c:\program files\stardock\object desktop\deskscapes\DesktopControlPanel.dll
STS: StardockDreamController: {ec654325-1273-c2a9-2b7c-45d29bce68ff} - c:\program files\stardock\object desktop\deskscapes\DreamControl.dll

================= FIREFOX ===================

FF - ProfilePath - c:\docume~1\lanceb~1\applic~1\mozilla\firefox\profiles\j68cwmw2.default\
FF - prefs.js: browser.startup.homepage - hxxp://www.google.com/ig
FF - prefs.js: keyword.URL - hxxp://search.alot.com/web?pr=auto&src_id=11126&client_id=bed8c434d2b8f688c8237e48&camp_id=-1&install_time=2008-09-04T20:04:37Z&tb_version=1.2.4&q=
FF - component: c:\documents and settings\lance bethell\application data\mozilla\firefox\profiles\j68cwmw2.default\extensions\piclens@cooliris.com\components\coolirisstub.dll
FF - component: c:\program files\mozilla firefox\components\iamfamous.dll
FF - component: c:\program files\real\realplayer\browserrecord\components\nprpbrowserrecordplugin.dll
FF - plugin: c:\documents and settings\lance bethell\local settings\application data\google\update\1.2.141.5\npGoogleOneClick7.dll
FF - plugin: c:\program files\google\picasa3\npPicasa3.dll

============= SERVICES / DRIVERS ===============

R0 Lbd;Lbd;c:\windows\system32\drivers\Lbd.sys [2009-2-17 64160]
R0 pxscan;pxscan;c:\windows\system32\drivers\pxscan.sys [2009-2-24 22536]
R0 viasraid;viasraid;c:\windows\system32\drivers\viasraid.sys [2003-12-12 77312]
R1 sp_rsdrv2;Spyware Terminator Driver 2;c:\windows\system32\drivers\sp_rsdrv2.sys [2009-2-24 142592]
R2 {95808DC4-FA4A-4C74-92FE-5B863F82066B};{95808DC4-FA4A-4C74-92FE-5B863F82066B};c:\program files\cyberlink\powerdvd\000.fcl [2008-1-30 41456]
R2 ccEvtMgr;Symantec Event Manager;c:\program files\common files\symantec shared\ccSvcHst.exe [2006-10-27 107624]
R2 ccSetMgr;Symantec Settings Manager;c:\program files\common files\symantec shared\ccSvcHst.exe [2006-10-27 107624]
R2 CSIScanner;CSIScanner;c:\program files\prevx\prevx.exe [2009-2-24 4150840]
R2 Lavasoft Ad-Aware Service;Lavasoft Ad-Aware Service;c:\program files\lavasoft\ad-aware\AAWService.exe [2009-1-18 921936]
R2 NProtectService;Norton UnErase Protection;c:\progra~1\norton~1\norton~1\NPROTECT.EXE [2005-11-3 95832]
R3 COMMONFX.SYS;COMMONFX.SYS;c:\windows\system32\drivers\COMMONFX.sys [2008-6-27 99352]
R3 CTAUDFX.SYS;CTAUDFX.SYS;c:\windows\system32\drivers\CTAUDFX.sys [2008-6-27 555032]
R3 CTSBLFX.SYS;CTSBLFX.SYS;c:\windows\system32\drivers\CTSBLFX.sys [2008-6-27 566296]
R3 Symantec Core LC;Symantec Core LC;c:\program files\common files\symantec shared\ccpd-lc\symlcsvc.exe [2008-9-25 1251720]
S3 COMMONFX;COMMONFX;c:\windows\system32\drivers\COMMONFX.sys [2008-6-27 99352]
S3 CTAUDFX;CTAUDFX;c:\windows\system32\drivers\CTAUDFX.sys [2008-6-27 555032]
S3 CTERFXFX.SYS;CTERFXFX.SYS;c:\windows\system32\drivers\CTERFXFX.sys [2008-6-27 100888]
S3 CTERFXFX;CTERFXFX;c:\windows\system32\drivers\CTERFXFX.sys [2008-6-27 100888]
S3 CTL511Plus;Video Blaster WebCam 3/WebCam Plus (WDM);c:\windows\system32\drivers\webc3vid.sys [2008-12-3 166504]
S3 CTSBLFX;CTSBLFX;c:\windows\system32\drivers\CTSBLFX.sys [2008-6-27 566296]
S3 PciCon;PciCon;\??\e:\pcicon.sys --> e:\PciCon.sys [?]
S3 Radialpoint Security Services;TELUS eProtect;c:\windows\system32\dllhost.exe [2004-8-4 5120]

============== File Associations ===============

regfile="regedit.exe" "%1"

=============== Created Last 30 ================

2009-02-24 17:01 22,536 a------- c:\windows\system32\drivers\pxscan.sys
2009-02-24 17:01 <DIR> --d----- c:\program files\Prevx
2009-02-24 17:01 <DIR> --d----- c:\docume~1\alluse~1\applic~1\PrevxCSI
2009-02-24 14:37 <DIR> -cd-h--- c:\docume~1\alluse~1\applic~1\{2840BBCB-9BEC-47F6-BA0F-10D3C34BF151}
2009-02-24 09:45 <DIR> --d----- c:\program files\Sony
2009-02-24 09:01 <DIR> --d----- c:\program files\AV Music Morpher Gold
2009-02-24 08:59 <DIR> --d----- c:\docume~1\lanceb~1\applic~1\GetRightToGo
2009-02-24 06:21 <DIR> --d----- c:\program files\Crawler
2009-02-24 06:21 142,592 a------- c:\windows\system32\drivers\sp_rsdrv2.sys
2009-02-24 06:20 <DIR> --d----- c:\docume~1\lanceb~1\applic~1\Spyware Terminator
2009-02-24 06:20 <DIR> --d----- c:\docume~1\alluse~1\applic~1\Spyware Terminator
2009-02-24 06:20 <DIR> --d----- c:\program files\Spyware Terminator
2009-02-22 21:56 <DIR> --d----- c:\program files\MixVibesHOME7DEMO
2009-02-22 16:15 27,136 a------- c:\windows\system32\drivers\nchssvad.sys
2009-02-22 14:05 0 a---h--- c:\windows\SwSys2.bmp
2009-02-22 14:05 0 a---h--- c:\windows\SwSys1.bmp
2009-02-22 13:34 389,120 a------- c:\windows\system32\actskn43.ocx
2009-02-22 13:34 166,600 a------- c:\windows\system32\MSMASK32.OCX
2009-02-22 13:09 <DIR> --d----- c:\program files\SpacialAudio
2009-02-22 13:09 <DIR> --d----- c:\program files\Firebird
2009-02-20 15:22 <DIR> --d----- c:\documents and settings\lance bethell\WhiteCap
2009-02-20 15:14 <DIR> --d----- c:\documents and settings\lance bethell\G-Force
2009-02-20 12:54 <DIR> --d----- c:\docume~1\lanceb~1\applic~1\JAM Software
2009-02-20 12:54 <DIR> --d----- c:\program files\JAM Software
2009-02-18 13:30 15,688 a------- c:\windows\system32\lsdelete.exe
2009-02-17 16:04 <DIR> --d----- C:\Outlook on the Desktop
2009-02-17 15:26 <DIR> --d----- c:\docume~1\lanceb~1\applic~1\Real Desktop
2009-02-17 15:26 <DIR> --d----- c:\program files\Real Desktop
2009-02-17 14:36 <DIR> --d----- c:\program files\Spybot - Search & Destroy
2009-02-17 14:36 <DIR> --d----- c:\docume~1\alluse~1\applic~1\Spybot - Search & Destroy
2009-02-17 14:14 64,160 a------- c:\windows\system32\drivers\Lbd.sys
2009-02-17 14:14 <DIR> -cd-h--- c:\docume~1\alluse~1\applic~1\{83C91755-2546-441D-AC40-9A6B4B860800}
2009-02-17 14:14 <DIR> --d----- c:\program files\Lavasoft
2009-02-17 13:22 <DIR> --d----- c:\program files\Matrix_ks
2009-02-17 13:22 1,917,952 a------- c:\windows\MATRIX_KS.SCR
2009-02-16 17:12 <DIR> --d----- c:\program files\C3Basic
2009-02-16 16:33 729,088 a------- c:\windows\iun6002.exe
2009-02-16 15:53 7,680 a------- c:\windows\system32\ff_vfw.dll
2009-02-16 15:53 547 a------- c:\windows\system32\ff_vfw.dll.manifest
2009-02-16 15:53 60,273 a------- c:\windows\system32\pthreadGC2.dll
2009-02-16 15:53 <DIR> --d----- c:\program files\ffdshow
2009-02-16 14:58 <DIR> --d----- C:\SoftJock
2009-02-16 12:46 57,344 a------- c:\windows\system32\Wnaspint.dll
2009-02-16 12:46 <DIR> --d----- c:\program files\Acoustica Shared Effects
2009-02-16 12:46 <DIR> --d----- c:\program files\Acoustica Mixcraft
2009-02-16 08:55 <DIR> --d----- c:\program files\ASIO4ALL v2
2009-02-16 08:51 225,280 a------- c:\windows\system32\rewire.dll
2009-02-16 08:51 1,294,336 a------- c:\windows\system32\vorbis.acm
2009-02-16 08:51 <DIR> --d----- c:\program files\Outsim
2009-02-16 08:50 <DIR> --d----- c:\program files\Image-Line
2009-02-16 07:57 1,080 a------- c:\windows\system32\settingsbkup.sfm
2009-02-16 07:57 1,080 a------- c:\windows\system32\settings.sfm
2009-02-15 23:25 <DIR> --d----- c:\docume~1\lanceb~1\applic~1\NetMedia Providers
2009-02-15 23:21 <DIR> --d----- c:\program files\Vstplugins
2009-02-15 23:20 <DIR> --d----- c:\program files\Sony Setup
2009-02-15 10:25 <DIR> --d----- c:\windows\system32\ipp20
2009-02-15 10:19 <DIR> --d----- c:\docume~1\lanceb~1\applic~1\DiscoSW
2009-02-14 00:01 <DIR> --d----- c:\program files\SysMetrix
2009-02-13 09:41 <DIR> --d----- c:\program files\ThreatFire
2009-02-13 08:40 <DIR> --d----- c:\program files\Trend Micro
2009-02-11 13:31 <DIR> --d----- c:\program files\Bowflex i-Trainer
2009-02-11 10:10 <DIR> --d----- c:\docume~1\lanceb~1\applic~1\Imagomat
2009-02-10 16:13 1,869 a------- c:\windows\system32\Microsoft.VC80.CRT.manifest
2009-02-10 16:00 445 ---shr-- C:\autorun.inf
2009-02-10 15:54 <DIR> --d----- c:\documents and settings\lance bethell\FutureDecks Data
2009-02-10 15:54 655,872 a------- c:\windows\system32\msvcr90.dll
2009-02-10 15:54 568,832 a------- c:\windows\system32\msvcp90.dll
2009-02-10 15:54 224,768 a------- c:\windows\system32\msvcm90.dll
2009-02-10 15:54 524 a------- c:\windows\system32\Microsoft.VC90.CRT.manifest
2009-02-10 15:54 118,784 a------- c:\windows\system32\HDJAPI.dll
2009-02-10 15:54 86,016 a------- c:\windows\system32\HRFDongle.dll
2009-02-10 15:54 <DIR> --d----- c:\program files\XYLIO
2009-02-10 07:17 <DIR> --d----- c:\program files\iPod
2009-02-10 07:17 <DIR> --d----- c:\docume~1\alluse~1\applic~1\{3276BE95_AF08_429F_A64F_CA64CB79BCF6}
2009-02-10 06:08 <DIR> --d----- c:\docume~1\lanceb~1\applic~1\MixMeister Technology
2009-02-10 06:07 <DIR> --d----- c:\program files\MixMeister Express 6 Demo
2009-02-08 11:56 <DIR> --d----- c:\docume~1\lanceb~1\applic~1\OpenOffice.org
2009-02-08 11:53 <DIR> --d----- c:\program files\JRE
2009-02-08 11:52 <DIR> --d----- c:\program files\OpenOffice.org 3
2009-02-08 11:12 <DIR> --d----- c:\docume~1\lanceb~1\applic~1\Music Editor Free
2009-02-08 11:11 113,486 a------- c:\windows\system32\NCTWMAProfiles.prx
2009-02-08 11:11 417,792 a------- c:\windows\system32\NCTTextToAudio2.dll
2009-02-08 11:11 348,160 a------- c:\windows\system32\NCTWMAFile2.dll
2009-02-08 11:11 602,112 a------- c:\windows\system32\NCTAudioTransform2.dll
2009-02-08 11:11 479,232 a------- c:\windows\system32\NCTAudioVisualization2.dll
2009-02-08 11:11 458,752 a------- c:\windows\system32\NCTAudioRecord2.dll
2009-02-08 11:11 1,212,416 a------- c:\windows\system32\NCTAudioInformation2.dll
2009-02-08 11:11 458,752 a------- c:\windows\system32\NCTAudioPlayer2.dll
2009-02-08 11:11 1,986,560 a------- c:\windows\system32\NCTAudioFile2.dll
2009-02-08 11:11 880,640 a------- c:\windows\system32\NCTAudioEditor2.dll
2009-02-08 11:11 835,584 a------- c:\windows\system32\NCTAudioCDGrabber2.dll
2009-02-06 16:17 <DIR> --d----- c:\windows\pss
2009-02-02 12:41 3,932,214 a------- c:\windows\tronnix-wall.bmp
2009-02-02 12:37 2,359,350 a------- c:\windows\longhorn_bliss.bmp
2009-02-02 12:34 3,932,214 a------- c:\windows\Deva.bmp
2009-02-02 09:45 3,932,214 a------- c:\windows\CyberSkin.bmp
2009-02-02 09:41 3,932,214 a------- c:\windows\ZippoWallpaper.bmp
2009-02-02 01:05 12,263 a------- c:\windows\WBlangorig.ini
2009-02-02 00:15 <DIR> --d----- c:\docume~1\lanceb~1\applic~1\Stardock
2009-02-02 00:15 <DIR> -cd-h--- c:\docume~1\alluse~1\applic~1\{CC8D4389-E989-40EE-AF09-2330B1EE8BF7}
2009-02-01 23:38 6,912,054 a------- c:\windows\Diamond_1920.bmp
2009-02-01 23:35 6,912,054 a------- c:\windows\Think Green 1920x1200.bmp
2009-01-30 16:57 <DIR> --d----- c:\docume~1\alluse~1\applic~1\Stardock
2009-01-30 16:47 5,760,054 a------- c:\windows\Azar1600.bmp
2009-01-27 16:50 1,440,054 a------- c:\windows\flywall_800.bmp
2009-01-27 16:50 <DIR> --d----- c:\windows\Flywall
2009-01-27 16:41 3,932,214 a------- c:\windows\Way Out.bmp
2009-01-27 16:31 3,936,054 a------- c:\windows\Attack.bmp
2009-01-27 16:03 <DIR> --d----- c:\docume~1\alluse~1\applic~1\PC Drivers HeadQuarters
2009-01-26 16:10 815,104 a------- c:\windows\system32\xvidcore.dll
2009-01-26 16:10 77,824 a------- c:\windows\system32\xvid.ax
2009-01-26 16:10 180,224 a------- c:\windows\system32\xvidvfw.dll
2009-01-26 16:10 <DIR> --d----- c:\program files\Xvid

==================== Find3M ====================

2009-02-24 16:46 4,913,664 a------- c:\windows\system32\logonuiX.exe
2009-02-24 15:07 17,266 a------- c:\windows\system32\tablet.dat
2009-02-19 11:11 142,724 a------- c:\windows\pchealth\helpctr\config\cache\Personal_32_1033.dat
2009-02-18 23:36 138,184 a------- c:\windows\system32\drivers\PnkBstrK.sys
2009-02-18 23:36 183,112 a------- c:\windows\system32\PnkBstrB.exe
2009-02-17 13:01 2,516 a--sh--- c:\windows\system32\KGyGaAvL.sys
2009-02-11 15:09 20 ----h--- c:\docume~1\alluse~1\applic~1\PKP_DLdu.DAT
2009-01-19 21:55 80,288 a---h--- c:\windows\system32\mlfcache.dat
2009-01-09 16:27 444,952 a------- c:\windows\system32\wrap_oal.dll
2009-01-09 16:27 109,080 a------- c:\windows\system32\OpenAL32.dll
2009-01-06 13:18 124,464 a------- c:\windows\system32\drivers\SYMEVENT.SYS
2009-01-06 13:18 60,808 a------- c:\windows\system32\S32EVNT1.DLL
2009-01-06 13:18 10,635 a------- c:\windows\system32\drivers\SYMEVENT.CAT
2009-01-06 13:18 806 a------- c:\windows\system32\drivers\SYMEVENT.INF
2009-01-05 14:33 3,751,995 a------- c:\windows\system32\GPhotos.scr
2009-01-04 00:36 66,872 a------- c:\windows\system32\PnkBstrA.exe
2009-01-02 20:17 2,154 a------- c:\windows\system32\ealregsnapshot1.reg
2008-12-23 21:58 453,152 a------- c:\windows\system32\NVUNINST.EXE
2008-12-12 11:18 87,336 a------- c:\windows\system32\dns-sd.exe
2008-12-12 11:11 61,440 a------- c:\windows\system32\dnssd.dll
2001-03-28 11:02 122,880 a------- c:\windows\inf\agfa\message.exe
2008-09-04 09:42 56 ---shr-- c:\windows\system32\A139B3ED89.sys

============= FINISH: 17:51:14.48 ===============


Thanx
Lance

Attached Files


Edited by Lance63, 24 February 2009 - 09:18 PM.


BC AdBot (Login to Remove)

 


#2 Lance63

Lance63
  • Topic Starter

  • Members
  • 2 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Langley BC
  • Local time:06:49 PM

Posted 25 February 2009 - 10:06 AM

:thumbup2: Well looks like through perseverance I fixed it.

Used spybot S&D with no change, used Ad-aware no change, used Spyware Terminator with no change. So started reading other forums here.

I think (sorry forgot to go back and find the thread to mark it) it was in BleepingComputer.com > Security > AntiVirus, Firewall and Privacy Products and Protection Methods that I read in one thread about Malwarebytes' Anti-Malware and my system is now clean. That program rocked for me. Now I am not a total techy so if you are having probs post a thread and maybe ask about the software...... LOL I was just too impatient to wait for help. But from what I see on this site, I will definitely be back if there is a future prob I can't fix..... glad I found this place.

Oh and just a question.. was this thread posted correctly? As I saw other threads being addressed almost right away? Just curious, probably luck of the draw :)

Cheers
Lance

Edited by Lance63, 25 February 2009 - 10:11 AM.


#3 KoanYorel

KoanYorel

    Bleepin' Conundrum


  • Staff Emeritus
  • 19,461 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:65 miles due East of the &quot;Logic Free Zone&quot;, in Md, USA
  • Local time:07:49 PM

Posted 25 February 2009 - 10:49 AM

Thanks for telling us what you have done.

Yes you did post properly...

HJT Techs have different skill levels and some work specific OS or specific problems.
While we try to adhere to the first come/first served method, circumstances like the above do affect such.
Here at Bleeping Computer we get overwhelmed at times, and we are trying our best to keep up.

This Topic is closed.

Should you need it reopened, please contact a Forum Moderator. Include the address of this thread in your request.

If you have a new issue, please start a New Topic.

This applies only to the original poster. Everyone else please begin a New Topic.

R,
K
The only easy day was yesterday.

...some do, some don't; some will, some won't (WR)




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users