BleepingComputer.com: Issues Remain After Contracting Antimal Doctor

Jump to content

Forum Guidelines

Posted Image Read the following topic before creating a new topic in this forum. It contains instructions on the what we would like you to post, which will enable us to help you more quickly.

Preparation Guide For Use Before Using Malware Removal Tools and Requesting Help


Posted Image Unfortunately, with the amount of logs we receive per day, the average response time is 5 days. I want to assure you, though, that your topic will be looked at and responded to. So please be patient.


Posted Image DO NOT RUN ComboFix unless requested to.


Posted Image Only members of the Malware Response Team or Moderators are allowed to help people with logs. Anyone else should refrain from posting to another user's log.


Posted Image When posting a log please put the type of infection you have in the topic title. IE: Winfixer, Virtumonde, WinTools, WebSearch, Home Search Assistant, etc.


Posted Image Do not bump your topic. We try to resolve logs on a first come/first served basis. By bumping your log you will be pushed back in line due to the new date of your bump.
  • 2 Pages +
  • 1
  • 2
  • You cannot start a new topic
  • This topic is locked

Issues Remain After Contracting Antimal Doctor Need advice after trying basic removal techniques...

#16 User is offline   dominicrouse 

  • Member
  • PipPip
  • Find Topics
  • Group: Members
  • Posts: 16
  • Joined: 13-April 11

Posted 10 May 2011 - 06:36 PM

Ok, new DDS after running PSI. I've also attached the PSI log.

My mouse pointer is still acting strange. On right-click it takes about 5 seconds to react. When scrolling down the right-click menu (like to go to Cut/Copy/Properties etc.) it always gets stuck on "Send To" for 2-3 seconds. This has never happened before and is obviously irritating.

Dom

Attached File  Attach.txt (17.46K)
Number of downloads: 2
Attached File  psilog.txt (5.13K)
Number of downloads: 1


*************************************************************
*************************************************************
*************************************************************


.
DDS (Ver_11-03-05.01) - NTFSx86
Run by Dominic at 19:26:48.10 on Tue 10/05/2011
Internet Explorer: 8.0.6001.18702 BrowserJavaVersion: 1.6.0_25
Microsoft Windows XP Home Edition 5.1.2600.3.1252.1.1033.18.1015.582 [GMT -4:00]
.
AV: Ad-Aware Total Security *Disabled/Updated* {71310606-6F3B-49F2-9A81-8315AA75FBB3}
FW: Ad-Aware Personal Firewall *Enabled*
.
============== Running Processes ===============
.
C:\WINDOWS\system32\svchost.exe -k DcomLaunch
svchost.exe
C:\Program Files\Common Files\G Data\GDScan\GDScan.exe
C:\Program Files\Lavasoft\Ad-Aware Total Security\AVK\AVKWCtl.exe
C:\WINDOWS\System32\svchost.exe -k netsvcs
svchost.exe
svchost.exe
C:\WINDOWS\system32\spoolsv.exe
svchost.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Common Files\G Data\AVKProxy\AVKProxy.exe
C:\Program Files\Lavasoft\Ad-Aware Total Security\AVK\AVKService.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe
C:\Program Files\Nero\Update\NASvc.exe
C:\Program Files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe
C:\Program Files\Secunia\PSI\PSIA.exe
C:\WINDOWS\system32\svchost.exe -k imgsvc
C:\Program Files\WIDCOMM\Bluetooth Software\bin\btwdins.exe
C:\Program Files\Lavasoft\Ad-Aware Total Security\Firewall\GDFwSvc.exe
C:\Program Files\EeePC\ACPI\AsAcpiSvr.exe
C:\Program Files\EeePC\ACPI\AsEPCMon.exe
C:\Program Files\EeePC\ACPI\AsTray.exe
C:\WINDOWS\system32\igfxtray.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Program Files\Synaptics\SynTP\SynAsusAcpi.exe
C:\WINDOWS\AsScrPro.exe
C:\WINDOWS\RTHDCPL.EXE
C:\Program Files\Common Files\Java\Java Update\jusched.exe
C:\WINDOWS\system32\igfxsrvc.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\ASUS\EeePC\Super Hybrid Engine\SuperHybridEngine.exe
C:\WINDOWS\system32\igfxext.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\Lavasoft\Ad-Aware Total Security\Firewall\GDFirewallTray.exe
C:\Program Files\Secunia\PSI\sua.exe
C:\Program Files\NOS\bin\getPlusPlus_Adobe.exe
C:\WINDOWS\System32\svchost.exe -k nosGetPlusHelper
C:\Documents and Settings\Dominic\Desktop\dds.scr
.
============== Pseudo HJT Report ===============
.
uStart Page = hxxp://www.google.ca/
uInternet Settings,ProxyOverride = *.local
BHO: Ad-Aware WebFilter: {0124123d-61b4-456f-af86-78c53a0790c5} - c:\program files\lavasoft\ad-aware total security\webfilter\AvkWebIE.dll
BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelperShim.dll
BHO: Java™ Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll
BHO: JQSIEStartDetectorImpl Class: {e7e6f031-17ce-4c07-bc86-eabfe594f69c} - c:\program files\java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
BHO: QuickNet BHO: {ea5ca8b6-9b9c-4994-a7a1-947b6c631be7} - c:\program files\regtweaker\key.dll
TB: Ad-Aware WebFilter: {0124123d-61b4-456f-af86-78c53a0790c5} - c:\program files\lavasoft\ad-aware total security\webfilter\AvkWebIE.dll
TB: &Windows Live Toolbar: {21fa44ef-376d-4d53-9b0f-8a89d3229068} -
uRun: [ctfmon.exe] c:\windows\system32\ctfmon.exe
uRun: [Google Update] "c:\documents and settings\dominic\local settings\application data\google\update\GoogleUpdate.exe" /c
mRun: [AsusACPIServer] c:\program files\eeepc\acpi\AsAcpiSvr.exe
mRun: [AsusEPCMonitor] c:\program files\eeepc\acpi\AsEPCMon.exe
mRun: [AsusTray] c:\program files\eeepc\acpi\AsTray.exe
mRun: [IgfxTray] c:\windows\system32\igfxtray.exe
mRun: [HotKeysCmds] c:\windows\system32\hkcmd.exe
mRun: [Persistence] c:\windows\system32\igfxpers.exe
mRun: [SynTPEnh] c:\program files\synaptics\syntp\SynTPEnh.exe
mRun: [SynAsusAcpi] c:\program files\synaptics\syntp\SynAsusAcpi.exe
mRun: [ASUS Screen Saver Protector] c:\windows\AsScrPro.exe
mRun: [RTHDCPL] RTHDCPL.EXE
mRun: [QuickTime Task] "c:\program files\quicktime\qttask.exe" -atboottime
mRun: [SunJavaUpdateSched] "c:\program files\common files\java\java update\jusched.exe"
mRun: [Adobe Reader Speed Launcher] "c:\program files\adobe\reader 10.0\reader\Reader_sl.exe"
mRun: [Adobe ARM] "c:\program files\common files\adobe\arm\1.0\AdobeARM.exe"
mRun: [iTunesHelper] "c:\program files\itunes\iTunesHelper.exe"
mRunOnce: [Uninstall Adobe Download Manager] "c:\program files\nos\bin\getPlusUninst_Adobe.exe" /Get1noarp
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\superh~1.lnk - c:\program files\asus\eeepc\super hybrid engine\SuperHybridEngine.exe
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\secuni~1.lnk - c:\program files\secunia\psi\psi_tray.exe
IE: E&xport to Microsoft Excel - c:\progra~1\micros~4\office12\EXCEL.EXE/3000
IE: Send to &Bluetooth Device... - c:\program files\widcomm\bluetooth software\btsendto_ie_ctx.htm
IE: Send To Bluetooth - c:\program files\widcomm\bluetooth software\btsendto_ie.htm
IE: {CCA281CA-C863-46ef-9331-5C8D4460577F} - c:\program files\widcomm\bluetooth software\btsendto_ie.htm
IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\micros~4\office12\REFIEBAR.DLL
DPF: {7530BFB8-7293-4D34-9923-61A11451AFC5} - hxxp://download.eset.com/special/eos-beta/OnlineScanner.cab
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_25-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0025-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_25-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_25-windows-i586.cab
DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
Handler: intu-tt2010 - {97A0575E-2309-4e75-8509-B1F9390C4DE7} - c:\program files\turbotax 2010\ic2010pp.dll
Notify: igfxcui - igfxdev.dll
Notify: LBTWlgn - c:\program files\common files\logishrd\bluetooth\LBTWlgn.dll
SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - c:\windows\system32\WPDShServiceObj.dll
.
================= FIREFOX ===================
.
FF - ProfilePath - c:\docume~1\dominic\applic~1\mozilla\firefox\profiles\xqcl2m4i.default\
FF - prefs.js: browser.startup.homepage - hxxp://www.google.ca/
FF - prefs.js: keyword.URL - hxxp://www.google.com/search?ie=UTF-8&oe=UTF-8&sourceid=navclient&gfns=1&q=
FF - component: c:\documents and settings\dominic\application data\mozilla\firefox\profiles\xqcl2m4i.default\extensions\{1105fc58-3295-4308-bace-00e344be1cc7}\components\RadioWMPCoreGecko19.dll
FF - component: c:\documents and settings\dominic\application data\mozilla\firefox\profiles\xqcl2m4i.default\extensions\{3112ca9c-de6d-4884-a869-9855de68056c}\components\frozen.dll
FF - component: c:\documents and settings\dominic\application data\mozilla\firefox\profiles\xqcl2m4i.default\extensions\{3112ca9c-de6d-4884-a869-9855de68056c}\components\googletoolbar-ff3.dll
FF - component: c:\documents and settings\dominic\application data\mozilla\firefox\profiles\xqcl2m4i.default\extensions\engine@conduit.com\components\RadioWMPCoreGecko19.dll
FF - component: c:\program files\mozilla firefox\extensions\{9aa46f4f-4dc7-4c06-97af-5035170633fe}\components\AvkWebFilterFF.dll
FF - plugin: c:\documents and settings\dominic\application data\mozilla\firefox\profiles\xqcl2m4i.default\extensions\firefox@tvunetworks.com\plugins\npTVUAx.dll
FF - plugin: c:\documents and settings\dominic\application data\mozilla\plugins\npgoogletalk.dll
FF - plugin: c:\documents and settings\dominic\application data\mozilla\plugins\npgtpo3dautoplugin.dll
FF - plugin: c:\documents and settings\dominic\local settings\application data\google\update\1.3.21.53\npGoogleUpdate3.dll
FF - plugin: c:\program files\google\google earth\plugin\npgeplugin.dll
FF - plugin: c:\program files\google\update\1.3.21.53\npGoogleUpdate3.dll
FF - plugin: c:\program files\java\jre6\bin\new_plugin\npdeployJava1.dll
FF - plugin: c:\program files\windows live\photo gallery\NPWLPG.dll
FF - plugin: c:\windows\system32\tvuax\npTVUAx.dll
FF - Ext: Default: {972ce4c6-7e08-4474-a285-3208198ce6fd} - c:\program files\mozilla firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
FF - Ext: Java Console: {CAFEEFAC-0016-0000-0017-ABCDEFFEDCBA} - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0017-ABCDEFFEDCBA}
FF - Ext: Java Console: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA} - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}
FF - Ext: Ad-Aware WebFilter: {9AA46F4F-4DC7-4c06-97AF-5035170633FE} - c:\program files\mozilla firefox\extensions\{9AA46F4F-4DC7-4c06-97AF-5035170633FE}
FF - Ext: Java Console: {CAFEEFAC-0016-0000-0025-ABCDEFFEDCBA} - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0025-ABCDEFFEDCBA}
FF - Ext: Xmarks: foxmarks@kei.com - %profile%\extensions\foxmarks@kei.com
FF - Ext: Google Toolbar for Firefox: {3112ca9c-de6d-4884-a869-9855de68056c} - %profile%\extensions\{3112ca9c-de6d-4884-a869-9855de68056c}
FF - Ext: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - %profile%\extensions\{20a82645-c095-46ed-80e3-08825760534b}
FF - Ext: YouTube mp3: info@youtube-mp3.org - %profile%\extensions\info@youtube-mp3.org
FF - Ext: Gmail Notifier: {44d0a1b4-9c90-4f86-ac92-8680b5d6549e} - %profile%\extensions\{44d0a1b4-9c90-4f86-ac92-8680b5d6549e}
FF - Ext: Zoom toolbar: {FBFB7597-9E32-46b4-A500-8B6B0412777F} - %profile%\extensions\{FBFB7597-9E32-46b4-A500-8B6B0412777F}
FF - Ext: PageZoom Buttons: 54c7d9671b9eccd9e5686a73df34ab60@button.codefisher.org - %profile%\extensions\54c7d9671b9eccd9e5686a73df34ab60@button.codefisher.org
FF - Ext: TVU Web Player: firefox@tvunetworks.com - %profile%\extensions\firefox@tvunetworks.com
FF - Ext: Conduit Engine : engine@conduit.com - %profile%\extensions\engine@conduit.com
FF - Ext: ALMANSOORI WIRELINE SERVICES Community Toolbar: {1105fc58-3295-4308-bace-00e344be1cc7} - %profile%\extensions\{1105fc58-3295-4308-bace-00e344be1cc7}
FF - Ext: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\microsoft.net\framework\v3.5\windows presentation foundation\DotNetAssistantExtension
FF - Ext: Java Quick Starter: jqs@sun.com - c:\program files\java\jre6\lib\deploy\jqs\ff
.
============= SERVICES / DRIVERS ===============
.
R0 GDBehave;GDBehave;c:\windows\system32\drivers\GDBehave.sys [2011-4-11 33480]
R0 GDNdisIc;GDNdisIc;c:\windows\system32\drivers\GDNdisIc.sys [2011-4-11 29640]
R1 AsUpIO;AsUpIO;c:\windows\system32\drivers\AsUpIO.sys [2010-6-23 11448]
R1 GDMnIcpt;GDMnIcpt;c:\windows\system32\drivers\MiniIcpt.sys [2011-4-11 62024]
R1 GRD;G Data Rootkit Detector Driver;c:\windows\system32\drivers\GRD.sys [2011-4-11 68976]
R1 HookCentre;HookCentre;c:\windows\system32\drivers\HookCentre.sys [2011-4-11 38600]
R2 AVKProxy;Ad-Aware Total Security Proxy;c:\program files\common files\g data\avkproxy\AVKProxy.exe [2010-6-29 1081384]
R2 AVKService;Ad-Aware Scheduler;c:\program files\lavasoft\ad-aware total security\avk\AVKService.exe [2010-6-29 412944]
R2 AVKWCtl;Ad-Aware Filesystem Monitor;c:\program files\lavasoft\ad-aware total security\avk\AVKWCtl.exe [2010-6-23 1635672]
R2 fssfltr;FssFltr;c:\windows\system32\drivers\fssfltr_tdi.sys [2009-6-23 55152]
R2 GDTdiInterceptor;GDTdiInterceptor;c:\windows\system32\drivers\GDTdiIcpt.sys [2011-4-11 51400]
R2 LBeepKE;LBeepKE;c:\windows\system32\drivers\LBeepKE.sys [2010-9-22 10384]
R2 MBAMService;MBAMService;c:\program files\malwarebytes' anti-malware\mbamservice.exe [2011-4-4 363344]
R2 NAUpdate;@c:\program files\nero\update\nasvc.exe,-200;c:\program files\nero\update\NASvc.exe [2010-5-4 503080]
R2 Secunia PSI Agent;Secunia PSI Agent;c:\program files\secunia\psi\psia.exe [2011-4-19 993848]
R2 Secunia Update Agent;Secunia Update Agent;c:\program files\secunia\psi\sua.exe [2011-4-19 399416]
R3 GDFwSvc;Ad-Aware Personal Firewall;c:\program files\lavasoft\ad-aware total security\firewall\GDFwSvc.exe [2010-6-15 1834432]
R3 GDScan;Ad-Aware Scanner;c:\program files\common files\g data\gdscan\GDScan.exe [2010-6-29 624064]
R3 L1c;NDIS Miniport Driver for Atheros AR8131/AR8132 PCI-E Ethernet Controller;c:\windows\system32\drivers\l1c51x86.sys [2009-6-1 38912]
R3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [2011-4-4 20952]
R3 nosGetPlusHelper;getPlus® Helper 3004;c:\windows\system32\svchost.exe -k nosGetPlusHelper [2009-5-20 14336]
R3 PSI;PSI;c:\windows\system32\drivers\psi_mf.sys [2010-9-1 15544]
S2 gupdate;Google Update Service (gupdate);c:\program files\google\update\GoogleUpdate.exe [2010-4-30 136176]
S2 HidCom;USB-HID -> COM Driver Service;c:\windows\system32\drivers\HidCom.sys [2005-11-9 21016]
S3 Ambfilt;Ambfilt;c:\windows\system32\drivers\Ambfilt.sys [2009-6-22 1684736]
S3 fsssvc;Windows Live Family Safety;c:\program files\windows live\family safety\fsssvc.exe [2009-2-6 533360]
S3 GDBackupSvc;Ad-Aware Backup Service;c:\program files\lavasoft\ad-aware total security\avkbackup\AVKBackupService.exe [2010-6-29 911976]
S3 GDTunerSvc;Ad-Aware Tuner Service;c:\program files\lavasoft\ad-aware total security\avktuner\AVKTunerService.exe [2010-6-29 1234896]
S3 GoogleDesktopManager-051210-111108;Google Desktop Manager 5.9.1005.12335;c:\program files\google\google desktop search\GoogleDesktop.exe [2011-2-9 30192]
S3 gupdatem;Google Update Service (gupdatem);c:\program files\google\update\GoogleUpdate.exe [2010-4-30 136176]
S3 Netaapl;Apple Mobile Device Ethernet Service;c:\windows\system32\drivers\netaapl.sys [2009-10-31 18432]
S3 uvclf;uvclf;c:\windows\system32\drivers\uvclf.sys [2009-6-1 39040]
S3 WDC_SAM;WD SCSI Pass Thru driver;c:\windows\system32\drivers\wdcsam.sys --> c:\windows\system32\drivers\wdcsam.sys [?]
.
=============== Created Last 30 ================
.
2011-05-10 23:24:31 29544 ----a-w- c:\program files\mozilla firefox\plugins\np_gp.dll
2011-05-10 22:09:37 -------- d-----w- c:\program files\iPod
2011-05-10 22:09:31 -------- d-----w- c:\program files\iTunes
2011-05-10 22:01:51 -------- d-----w- c:\program files\Bonjour
2011-05-07 18:30:59 -------- d-----w- c:\docume~1\dominic\locals~1\applic~1\Secunia PSI
2011-05-07 18:30:44 -------- d-----w- c:\program files\Secunia
2011-05-07 17:41:17 -------- dc-h--w- c:\windows\ie8
2011-05-07 17:32:08 743424 -c----w- c:\windows\system32\dllcache\iedvtool.dll
2011-05-02 22:34:50 -------- d-----w- c:\program files\ESET
2011-05-02 22:27:21 73728 ----a-w- c:\windows\system32\javacpl.cpl
2011-04-27 01:24:09 -------- d-sha-r- C:\cmdcons
2011-04-13 17:17:28 -------- d-----w- c:\docume~1\dominic\applic~1\Intuit Canada
2011-04-13 17:17:08 -------- d-----w- c:\program files\common files\Intuit
2011-04-13 17:17:01 -------- d-----w- c:\program files\TurboTax 2010
2011-04-13 17:16:47 -------- d-----w- c:\docume~1\alluse~1\applic~1\Intuit Canada
2011-04-13 13:52:48 -------- d-----w- c:\docume~1\dominic\locals~1\applic~1\G DATA
2011-04-12 03:36:51 68976 ----a-w- c:\windows\system32\drivers\GRD.sys
2011-04-12 02:26:51 15880 ----a-w- c:\windows\system32\lsdelete.exe
2011-04-12 02:26:41 137288 ----a-w- c:\program files\mozilla firefox\extensions\{9aa46f4f-4dc7-4c06-97af-5035170633fe}\components\AvkWebFilterFF.dll
2011-04-12 02:26:19 51400 ----a-w- c:\windows\system32\drivers\GDTdiIcpt.sys
2011-04-12 02:26:19 29640 ----a-w- c:\windows\system32\drivers\GDNdisIc.sys
2011-04-12 02:26:14 62024 ----a-w- c:\windows\system32\drivers\MiniIcpt.sys
2011-04-12 02:26:14 38600 ----a-w- c:\windows\system32\drivers\HookCentre.sys
2011-04-12 02:26:14 33480 ----a-w- c:\windows\system32\drivers\GDBehave.sys
2011-04-12 02:24:50 -------- d-----w- c:\program files\Lavasoft
2011-04-12 02:24:50 -------- d-----w- c:\program files\common files\G Data
2011-04-12 02:24:50 -------- d-----w- c:\docume~1\alluse~1\applic~1\G DATA
2011-04-11 20:14:41 -------- d--h--w- c:\windows\PIF
.
==================== Find3M ====================
.
2011-05-02 22:26:58 472808 ----a-w- c:\windows\system32\deployJava1.dll
2011-04-06 20:20:16 91424 ----a-w- c:\windows\system32\dnssd.dll
2011-04-06 20:20:16 197920 ----a-w- c:\windows\system32\dnssdX.dll
2011-04-06 20:20:16 107808 ----a-w- c:\windows\system32\dns-sd.exe
2011-03-07 05:33:50 692736 ----a-w- c:\windows\system32\inetcomm.dll
2011-03-04 06:37:06 420864 ----a-w- c:\windows\system32\vbscript.dll
2011-03-03 13:21:11 1857920 ----a-w- c:\windows\system32\win32k.sys
2011-02-22 23:06:29 916480 ----a-w- c:\windows\system32\wininet.dll
2011-02-22 23:06:29 43520 ------w- c:\windows\system32\licmgr10.dll
2011-02-22 23:06:29 1469440 ------w- c:\windows\system32\inetcpl.cpl
2011-02-22 11:41:59 385024 ------w- c:\windows\system32\html.iec
2011-02-17 12:32:12 5120 ----a-w- c:\windows\system32\xpsp4res.dll
2011-02-15 12:56:39 290432 ----a-w- c:\windows\system32\atmfd.dll
2010-04-25 08:06:43 249856 ----a-w- c:\program files\SOUNDPAD.EXE
.
============= FINISH: 19:28:12.51 ===============

#17 User is offline   Blade81 

  • Bleepin' Rocker
  • PipPipPipPipPipPip
  • Find Topics
  • Group: Malware Response Team
  • Posts: 6,364
  • Joined: 16-October 06
  • Gender:Male
  • Location:Finland

Posted 10 May 2011 - 11:56 PM

Hi,

PSI log doesn't contain info about system up-to-date level. Were you able to fix its findings (if any found)?


Have you defragged hard drive lately? For defragging I'd use 3rd party solution. Good commercial ones are PerfectDisk and Diskeeper. Of free options I recommend MyDefrag.
Microsoft MVP Consumer Security 2008 2009 2010 2011
ASAP & UNITE member since 2006
Posted Image Posted Image

Provided malware removal related instructions are meant to be used in the correspondent user's case only. If you have similar symptoms create own topic instead of following instructions given to some other, please.

#18 User is offline   dominicrouse 

  • Member
  • PipPip
  • Find Topics
  • Group: Members
  • Posts: 16
  • Joined: 13-April 11

Posted 11 May 2011 - 05:02 PM

See attached screenshot of PSI results. The only one I can't seem to get fixed is PowerPoint 2007. I've done Windows Updates and still PSI says it's insecure...

Attached File  Secunia PSI.jpg (157.93K)
Number of downloads: 1

Also, how do I uninstall PSI safely?

#19 User is offline   Blade81 

  • Bleepin' Rocker
  • PipPipPipPipPipPip
  • Find Topics
  • Group: Malware Response Team
  • Posts: 6,364
  • Joined: 16-October 06
  • Gender:Male
  • Location:Finland

Posted 11 May 2011 - 11:55 PM

Hi,

Press '+' in front of that Outlook entry to see more details of it.

It's recommended you leave PSI installed to help keeping system secure (it will notify if vulnerable program is detected).
Microsoft MVP Consumer Security 2008 2009 2010 2011
ASAP & UNITE member since 2006
Posted Image Posted Image

Provided malware removal related instructions are meant to be used in the correspondent user's case only. If you have similar symptoms create own topic instead of following instructions given to some other, please.

#20 User is offline   dominicrouse 

  • Member
  • PipPip
  • Find Topics
  • Group: Members
  • Posts: 16
  • Joined: 13-April 11

Posted 12 May 2011 - 02:25 PM

I already have purchased Ad-Aware Total Security and have virus monitor, web protection, phishing & firewall activated. I'm wondering if PSI running as well will slow my system down? Is PSI redundant if Ad-Aware is running?

#21 User is offline   Blade81 

  • Bleepin' Rocker
  • PipPipPipPipPipPip
  • Find Topics
  • Group: Malware Response Team
  • Posts: 6,364
  • Joined: 16-October 06
  • Gender:Male
  • Location:Finland

Posted 12 May 2011 - 11:31 PM

Hi,

PSI isn't antivirus/-spyware program. It won't be redundant. If you think you can keep up with all programs on your system without PSI then you may uninstall it. However, remember that it may not need more than one vulnerable program and a visit to a booby trapped website and system gets infected again.
Microsoft MVP Consumer Security 2008 2009 2010 2011
ASAP & UNITE member since 2006
Posted Image Posted Image

Provided malware removal related instructions are meant to be used in the correspondent user's case only. If you have similar symptoms create own topic instead of following instructions given to some other, please.

#22 User is offline   dominicrouse 

  • Member
  • PipPip
  • Find Topics
  • Group: Members
  • Posts: 16
  • Joined: 13-April 11

Posted 16 May 2011 - 06:31 PM

Did a total MyDefrag. System is really slow. Checked processes and spiking over 120Mb of RAM is GDScan.exe and now I'm using Google Chrome and I see it has 4 or 5 image name line items totalling over 250Mb. Nothing else even comes close to these 2. I has to turn off Phishing in Ad-Aware Total Security as basic webpages took forever to load. I mean, a Google search result page taking +10 seconds?!? Right-click sticking on Send To arrow still happeneing. Right-click menu now takes 3 or 4 hourglass spins to appear. Really, really tired of all this...

#23 User is offline   Blade81 

  • Bleepin' Rocker
  • PipPipPipPipPipPip
  • Find Topics
  • Group: Malware Response Team
  • Posts: 6,364
  • Joined: 16-October 06
  • Gender:Male
  • Location:Finland

Posted 17 May 2011 - 12:02 AM

Hi,

Could you post fresh dds logs, please?
Microsoft MVP Consumer Security 2008 2009 2010 2011
ASAP & UNITE member since 2006
Posted Image Posted Image

Provided malware removal related instructions are meant to be used in the correspondent user's case only. If you have similar symptoms create own topic instead of following instructions given to some other, please.

#24 User is offline   dominicrouse 

  • Member
  • PipPip
  • Find Topics
  • Group: Members
  • Posts: 16
  • Joined: 13-April 11

Posted 20 May 2011 - 06:37 PM

.
DDS (Ver_11-03-05.01) - NTFSx86
Run by Dominic at 19:36:19.84 on Fri 20/05/2011
Internet Explorer: 8.0.6001.18702 BrowserJavaVersion: 1.6.0_25
Microsoft Windows XP Home Edition 5.1.2600.3.1252.1.1033.18.1015.403 [GMT -4:00]
.
AV: Ad-Aware Total Security *Disabled/Updated* {71310606-6F3B-49F2-9A81-8315AA75FBB3}
FW: Ad-Aware Personal Firewall *Disabled*
.
============== Running Processes ===============
.
C:\WINDOWS\system32\svchost.exe -k DcomLaunch
svchost.exe
C:\Program Files\Common Files\G Data\GDScan\GDScan.exe
C:\Program Files\Lavasoft\Ad-Aware Total Security\AVK\AVKWCtl.exe
C:\WINDOWS\System32\svchost.exe -k netsvcs
svchost.exe
svchost.exe
C:\WINDOWS\system32\spoolsv.exe
svchost.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Common Files\G Data\AVKProxy\AVKProxy.exe
C:\Program Files\Lavasoft\Ad-Aware Total Security\AVK\AVKService.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe
C:\Program Files\Nero\Update\NASvc.exe
C:\Program Files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe
C:\Program Files\Secunia\PSI\PSIA.exe
C:\WINDOWS\system32\svchost.exe -k imgsvc
C:\Program Files\WIDCOMM\Bluetooth Software\bin\btwdins.exe
C:\Program Files\Lavasoft\Ad-Aware Total Security\Firewall\GDFwSvc.exe
C:\Program Files\EeePC\ACPI\AsAcpiSvr.exe
C:\Program Files\EeePC\ACPI\AsEPCMon.exe
C:\Program Files\EeePC\ACPI\AsTray.exe
C:\WINDOWS\system32\igfxtray.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Program Files\Synaptics\SynTP\SynAsusAcpi.exe
C:\WINDOWS\AsScrPro.exe
C:\WINDOWS\RTHDCPL.EXE
C:\Program Files\Common Files\Java\Java Update\jusched.exe
C:\WINDOWS\system32\igfxsrvc.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\ASUS\EeePC\Super Hybrid Engine\SuperHybridEngine.exe
C:\WINDOWS\system32\igfxext.exe
C:\Program Files\Secunia\PSI\sua.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\WINDOWS\system32\taskmgr.exe
C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Mozilla Firefox\plugin-container.exe
C:\WINDOWS\system32\wscntfy.exe
C:\Documents and Settings\Dominic\My Documents\Misc\Netbook\Antimal Repair\dds.scr
.
============== Pseudo HJT Report ===============
.
uStart Page = hxxp://www.google.ca/
uInternet Settings,ProxyOverride = *.local
BHO: Ad-Aware WebFilter: {0124123d-61b4-456f-af86-78c53a0790c5} - c:\program files\lavasoft\ad-aware total security\webfilter\AvkWebIE.dll
BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelperShim.dll
BHO: Java™ Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll
BHO: JQSIEStartDetectorImpl Class: {e7e6f031-17ce-4c07-bc86-eabfe594f69c} - c:\program files\java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
BHO: QuickNet BHO: {ea5ca8b6-9b9c-4994-a7a1-947b6c631be7} - c:\program files\regtweaker\key.dll
TB: Ad-Aware WebFilter: {0124123d-61b4-456f-af86-78c53a0790c5} - c:\program files\lavasoft\ad-aware total security\webfilter\AvkWebIE.dll
TB: &Windows Live Toolbar: {21fa44ef-376d-4d53-9b0f-8a89d3229068} -
uRun: [ctfmon.exe] c:\windows\system32\ctfmon.exe
mRun: [AsusACPIServer] c:\program files\eeepc\acpi\AsAcpiSvr.exe
mRun: [AsusEPCMonitor] c:\program files\eeepc\acpi\AsEPCMon.exe
mRun: [AsusTray] c:\program files\eeepc\acpi\AsTray.exe
mRun: [IgfxTray] c:\windows\system32\igfxtray.exe
mRun: [HotKeysCmds] c:\windows\system32\hkcmd.exe
mRun: [Persistence] c:\windows\system32\igfxpers.exe
mRun: [SynTPEnh] c:\program files\synaptics\syntp\SynTPEnh.exe
mRun: [SynAsusAcpi] c:\program files\synaptics\syntp\SynAsusAcpi.exe
mRun: [ASUS Screen Saver Protector] c:\windows\AsScrPro.exe
mRun: [RTHDCPL] RTHDCPL.EXE
mRun: [QuickTime Task] "c:\program files\quicktime\qttask.exe" -atboottime
mRun: [SunJavaUpdateSched] "c:\program files\common files\java\java update\jusched.exe"
mRun: [Adobe Reader Speed Launcher] "c:\program files\adobe\reader 10.0\reader\Reader_sl.exe"
mRun: [Adobe ARM] "c:\program files\common files\adobe\arm\1.0\AdobeARM.exe"
mRun: [iTunesHelper] "c:\program files\itunes\iTunesHelper.exe"
mRun: [Kernel and Hardware Abstraction Layer] KHALMNPR.EXE
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\superh~1.lnk - c:\program files\asus\eeepc\super hybrid engine\SuperHybridEngine.exe
IE: E&xport to Microsoft Excel - c:\progra~1\micros~4\office12\EXCEL.EXE/3000
IE: Send to &Bluetooth Device... - c:\program files\widcomm\bluetooth software\btsendto_ie_ctx.htm
IE: Send To Bluetooth - c:\program files\widcomm\bluetooth software\btsendto_ie.htm
IE: {CCA281CA-C863-46ef-9331-5C8D4460577F} - c:\program files\widcomm\bluetooth software\btsendto_ie.htm
IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\micros~4\office12\REFIEBAR.DLL
DPF: {7530BFB8-7293-4D34-9923-61A11451AFC5} - hxxp://download.eset.com/special/eos-beta/OnlineScanner.cab
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_25-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0025-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_25-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_25-windows-i586.cab
DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
Handler: intu-qt2008 - {05E53CE9-66C8-4a9e-A99F-FDB7A8E7B596} - c:\program files\quicktax 2008\ic2008pp.dll
Handler: intu-qt2009 - {03947252-2355-4e9b-B446-8CCC75C43370} - c:\program files\quicktax 2009\ic2009pp.dll
Handler: intu-tt2010 - {97A0575E-2309-4e75-8509-B1F9390C4DE7} - c:\program files\turbotax 2010\ic2010pp.dll
Notify: igfxcui - igfxdev.dll
Notify: LBTWlgn - c:\program files\common files\logishrd\bluetooth\LBTWlgn.dll
SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - c:\windows\system32\WPDShServiceObj.dll
.
================= FIREFOX ===================
.
FF - ProfilePath - c:\docume~1\dominic\applic~1\mozilla\firefox\profiles\xqcl2m4i.default\
FF - prefs.js: browser.startup.homepage - hxxp://www.google.ca/
FF - prefs.js: keyword.URL - hxxp://www.google.com/search?ie=UTF-8&oe=UTF-8&sourceid=navclient&gfns=1&q=
FF - component: c:\documents and settings\dominic\application data\mozilla\firefox\profiles\xqcl2m4i.default\extensions\{1105fc58-3295-4308-bace-00e344be1cc7}\components\RadioWMPCoreGecko19.dll
FF - component: c:\documents and settings\dominic\application data\mozilla\firefox\profiles\xqcl2m4i.default\extensions\{3112ca9c-de6d-4884-a869-9855de68056c}\components\frozen.dll
FF - component: c:\documents and settings\dominic\application data\mozilla\firefox\profiles\xqcl2m4i.default\extensions\{3112ca9c-de6d-4884-a869-9855de68056c}\components\googletoolbar-ff3.dll
FF - component: c:\documents and settings\dominic\application data\mozilla\firefox\profiles\xqcl2m4i.default\extensions\engine@conduit.com\components\RadioWMPCoreGecko19.dll
FF - component: c:\program files\mozilla firefox\extensions\{9aa46f4f-4dc7-4c06-97af-5035170633fe}\components\AvkWebFilterFF.dll
FF - plugin: c:\documents and settings\dominic\application data\mozilla\firefox\profiles\xqcl2m4i.default\extensions\firefox@tvunetworks.com\plugins\npTVUAx.dll
FF - plugin: c:\documents and settings\dominic\application data\mozilla\plugins\npgoogletalk.dll
FF - plugin: c:\documents and settings\dominic\application data\mozilla\plugins\npgtpo3dautoplugin.dll
FF - plugin: c:\documents and settings\dominic\local settings\application data\google\update\1.3.21.53\npGoogleUpdate3.dll
FF - plugin: c:\program files\google\google earth\plugin\npgeplugin.dll
FF - plugin: c:\program files\google\update\1.3.21.53\npGoogleUpdate3.dll
FF - plugin: c:\program files\java\jre6\bin\new_plugin\npdeployJava1.dll
FF - plugin: c:\program files\windows live\photo gallery\NPWLPG.dll
FF - plugin: c:\windows\system32\tvuax\npTVUAx.dll
FF - Ext: Default: {972ce4c6-7e08-4474-a285-3208198ce6fd} - c:\program files\mozilla firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
FF - Ext: Java Console: {CAFEEFAC-0016-0000-0017-ABCDEFFEDCBA} - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0017-ABCDEFFEDCBA}
FF - Ext: Java Console: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA} - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}
FF - Ext: Ad-Aware WebFilter: {9AA46F4F-4DC7-4c06-97AF-5035170633FE} - c:\program files\mozilla firefox\extensions\{9AA46F4F-4DC7-4c06-97AF-5035170633FE}
FF - Ext: Java Console: {CAFEEFAC-0016-0000-0025-ABCDEFFEDCBA} - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0025-ABCDEFFEDCBA}
FF - Ext: Xmarks: foxmarks@kei.com - %profile%\extensions\foxmarks@kei.com
FF - Ext: Google Toolbar for Firefox: {3112ca9c-de6d-4884-a869-9855de68056c} - %profile%\extensions\{3112ca9c-de6d-4884-a869-9855de68056c}
FF - Ext: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - %profile%\extensions\{20a82645-c095-46ed-80e3-08825760534b}
FF - Ext: YouTube mp3: info@youtube-mp3.org - %profile%\extensions\info@youtube-mp3.org
FF - Ext: Gmail Notifier: {44d0a1b4-9c90-4f86-ac92-8680b5d6549e} - %profile%\extensions\{44d0a1b4-9c90-4f86-ac92-8680b5d6549e}
FF - Ext: Zoom toolbar: {FBFB7597-9E32-46b4-A500-8B6B0412777F} - %profile%\extensions\{FBFB7597-9E32-46b4-A500-8B6B0412777F}
FF - Ext: PageZoom Buttons: 54c7d9671b9eccd9e5686a73df34ab60@button.codefisher.org - %profile%\extensions\54c7d9671b9eccd9e5686a73df34ab60@button.codefisher.org
FF - Ext: TVU Web Player: firefox@tvunetworks.com - %profile%\extensions\firefox@tvunetworks.com
FF - Ext: Conduit Engine : engine@conduit.com - %profile%\extensions\engine@conduit.com
FF - Ext: ALMANSOORI WIRELINE SERVICES Community Toolbar: {1105fc58-3295-4308-bace-00e344be1cc7} - %profile%\extensions\{1105fc58-3295-4308-bace-00e344be1cc7}
FF - Ext: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\microsoft.net\framework\v3.5\windows presentation foundation\DotNetAssistantExtension
FF - Ext: Java Quick Starter: jqs@sun.com - c:\program files\java\jre6\lib\deploy\jqs\ff
.
============= SERVICES / DRIVERS ===============
.
R0 GDBehave;GDBehave;c:\windows\system32\drivers\GDBehave.sys [2011-4-11 33480]
R0 GDNdisIc;GDNdisIc;c:\windows\system32\drivers\GDNdisIc.sys [2011-4-11 29640]
R1 AsUpIO;AsUpIO;c:\windows\system32\drivers\AsUpIO.sys [2010-6-23 11448]
R1 GDMnIcpt;GDMnIcpt;c:\windows\system32\drivers\MiniIcpt.sys [2011-4-11 62024]
R1 GRD;G Data Rootkit Detector Driver;c:\windows\system32\drivers\GRD.sys [2011-4-11 68976]
R1 HookCentre;HookCentre;c:\windows\system32\drivers\HookCentre.sys [2011-4-11 38600]
R2 AVKProxy;Ad-Aware Total Security Proxy;c:\program files\common files\g data\avkproxy\AVKProxy.exe [2010-6-29 1081384]
R2 AVKService;Ad-Aware Scheduler;c:\program files\lavasoft\ad-aware total security\avk\AVKService.exe [2010-6-29 412944]
R2 AVKWCtl;Ad-Aware Filesystem Monitor;c:\program files\lavasoft\ad-aware total security\avk\AVKWCtl.exe [2010-6-23 1635672]
R2 fssfltr;FssFltr;c:\windows\system32\drivers\fssfltr_tdi.sys [2009-6-23 55152]
R2 GDTdiInterceptor;GDTdiInterceptor;c:\windows\system32\drivers\GDTdiIcpt.sys [2011-4-11 51400]
R2 LBeepKE;LBeepKE;c:\windows\system32\drivers\LBeepKE.sys [2010-9-22 10384]
R2 MBAMService;MBAMService;c:\program files\malwarebytes' anti-malware\mbamservice.exe [2011-4-4 363344]
R2 NAUpdate;@c:\program files\nero\update\nasvc.exe,-200;c:\program files\nero\update\NASvc.exe [2010-5-4 503080]
R2 Secunia PSI Agent;Secunia PSI Agent;c:\program files\secunia\psi\psia.exe [2011-4-19 993848]
R2 Secunia Update Agent;Secunia Update Agent;c:\program files\secunia\psi\sua.exe [2011-4-19 399416]
R3 GDFwSvc;Ad-Aware Personal Firewall;c:\program files\lavasoft\ad-aware total security\firewall\GDFwSvc.exe [2010-6-15 1834432]
R3 GDScan;Ad-Aware Scanner;c:\program files\common files\g data\gdscan\GDScan.exe [2010-6-29 624064]
R3 L1c;NDIS Miniport Driver for Atheros AR8131/AR8132 PCI-E Ethernet Controller;c:\windows\system32\drivers\l1c51x86.sys [2009-6-1 38912]
R3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [2011-4-4 20952]
R3 PSI;PSI;c:\windows\system32\drivers\psi_mf.sys [2010-9-1 15544]
S2 gupdate;Google Update Service (gupdate);c:\program files\google\update\GoogleUpdate.exe [2010-4-30 136176]
S2 HidCom;USB-HID -> COM Driver Service;c:\windows\system32\drivers\HidCom.sys [2005-11-9 21016]
S3 Ambfilt;Ambfilt;c:\windows\system32\drivers\Ambfilt.sys [2009-6-22 1684736]
S3 fsssvc;Windows Live Family Safety;c:\program files\windows live\family safety\fsssvc.exe [2009-2-6 533360]
S3 GDBackupSvc;Ad-Aware Backup Service;c:\program files\lavasoft\ad-aware total security\avkbackup\AVKBackupService.exe [2010-6-29 911976]
S3 GDTunerSvc;Ad-Aware Tuner Service;c:\program files\lavasoft\ad-aware total security\avktuner\AVKTunerService.exe [2010-6-29 1234896]
S3 GoogleDesktopManager-051210-111108;Google Desktop Manager 5.9.1005.12335;c:\program files\google\google desktop search\GoogleDesktop.exe [2011-2-9 30192]
S3 gupdatem;Google Update Service (gupdatem);c:\program files\google\update\GoogleUpdate.exe [2010-4-30 136176]
S3 Netaapl;Apple Mobile Device Ethernet Service;c:\windows\system32\drivers\netaapl.sys [2009-10-31 18432]
S3 uvclf;uvclf;c:\windows\system32\drivers\uvclf.sys [2009-6-1 39040]
S3 WDC_SAM;WD SCSI Pass Thru driver;c:\windows\system32\drivers\wdcsam.sys --> c:\windows\system32\drivers\wdcsam.sys [?]
.
=============== Created Last 30 ================
.
2011-05-17 00:14:49 404640 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2011-05-14 20:18:06 -------- d-----w- c:\program files\QuickTax 2008
2011-05-14 19:19:28 -------- d-----w- c:\program files\common files\AnswerWorks 4.0
2011-05-14 19:19:19 -------- d-----w- c:\program files\QuickTax 2009
2011-05-11 22:44:17 475648 ----a-w- c:\windows\system32\MyDefragScreenSaver_v4.3.1.scr
2011-05-11 22:44:17 1061888 ----a-w- c:\windows\system32\MyDefragScreenSaver_v4.3.1.exe
2011-05-11 22:44:16 -------- d-----w- c:\program files\MyDefrag v4.3.1
2011-05-10 22:09:37 -------- d-----w- c:\program files\iPod
2011-05-10 22:09:31 -------- d-----w- c:\program files\iTunes
2011-05-10 22:01:51 -------- d-----w- c:\program files\Bonjour
2011-05-07 18:30:59 -------- d-----w- c:\docume~1\dominic\locals~1\applic~1\Secunia PSI
2011-05-07 18:30:44 -------- d-----w- c:\program files\Secunia
2011-05-07 17:41:17 -------- dc-h--w- c:\windows\ie8
2011-05-07 17:32:08 743424 -c----w- c:\windows\system32\dllcache\iedvtool.dll
2011-05-02 22:34:50 -------- d-----w- c:\program files\ESET
2011-05-02 22:27:21 73728 ----a-w- c:\windows\system32\javacpl.cpl
2011-04-27 01:24:09 -------- d-sha-r- C:\cmdcons
.
==================== Find3M ====================
.
2011-05-02 22:26:58 472808 ----a-w- c:\windows\system32\deployJava1.dll
2011-04-12 02:21:49 15880 ----a-w- c:\windows\system32\lsdelete.exe
2011-04-06 20:20:16 91424 ----a-w- c:\windows\system32\dnssd.dll
2011-04-06 20:20:16 197920 ----a-w- c:\windows\system32\dnssdX.dll
2011-04-06 20:20:16 107808 ----a-w- c:\windows\system32\dns-sd.exe
2011-03-07 05:33:50 692736 ----a-w- c:\windows\system32\inetcomm.dll
2011-03-04 06:37:06 420864 ----a-w- c:\windows\system32\vbscript.dll
2011-03-03 13:21:11 1857920 ----a-w- c:\windows\system32\win32k.sys
2011-02-22 23:06:29 916480 ----a-w- c:\windows\system32\wininet.dll
2011-02-22 23:06:29 43520 ------w- c:\windows\system32\licmgr10.dll
2011-02-22 23:06:29 1469440 ------w- c:\windows\system32\inetcpl.cpl
2011-02-22 11:41:59 385024 ------w- c:\windows\system32\html.iec
2010-04-25 08:06:43 249856 ----a-w- c:\program files\SOUNDPAD.EXE
.
============= FINISH: 19:37:24.50 ===============

Attached File  Attach.txt (17.82K)
Number of downloads: 1

#25 User is offline   Blade81 

  • Bleepin' Rocker
  • PipPipPipPipPipPip
  • Find Topics
  • Group: Malware Response Team
  • Posts: 6,364
  • Joined: 16-October 06
  • Gender:Male
  • Location:Finland

Posted 21 May 2011 - 04:25 AM

Hi,

Would you mind trying some other protection solution? Actually I'm not quite sure what protection you have installed there. Some signs say Ad-Aware Total Security and some signs GData. Could you describe this situation a bit, please? Also, did the slowdown issue appear only after PSI installation?
Microsoft MVP Consumer Security 2008 2009 2010 2011
ASAP & UNITE member since 2006
Posted Image Posted Image

Provided malware removal related instructions are meant to be used in the correspondent user's case only. If you have similar symptoms create own topic instead of following instructions given to some other, please.

#26 User is offline   dominicrouse 

  • Member
  • PipPip
  • Find Topics
  • Group: Members
  • Posts: 16
  • Joined: 13-April 11

Posted 24 May 2011 - 09:07 PM

I have Ad-Aware running Virus Monitor and Firewall. I purchased this program license after researching virus/malware protection suites/scanners. GData seems to be a bundled part of Ad-Aware:

http://systemexplorer.net/filereviews.php?fid=217735

I've had to turn off Ad-Aware Website and Phishing Protection as the surfing experience was impossibly slow with these monitors checking every last bit of code.

#27 User is offline   Blade81 

  • Bleepin' Rocker
  • PipPipPipPipPipPip
  • Find Topics
  • Group: Malware Response Team
  • Posts: 6,364
  • Joined: 16-October 06
  • Gender:Male
  • Location:Finland

Posted 25 May 2011 - 07:58 AM

Hi,

If you don't mind trying some other antivirus solution I've included some free ones below (in that case, Ad-Aware should be uninstalled first). I wonder if that helped with the "sendto" issue too. For netbooks it's recommended to use lighter antivirus solution due to their lower performance compared to laptop and desktop systems with more power.

Good free antivirus programs are:
Antivir and
Avast!


Software firewall is not necessary if your internet connection is behind a router that has NAT enabled. For software firewall (if needed) I recommend either Online Armor Free or Comodo Firewall Pro (If you choose Comodo: Uncheck during installation Install Comodo SafeSurf.., Make Comodo my default search provider and Make Comodo Search my homepage and install firewall ONLY!).
Microsoft MVP Consumer Security 2008 2009 2010 2011
ASAP & UNITE member since 2006
Posted Image Posted Image

Provided malware removal related instructions are meant to be used in the correspondent user's case only. If you have similar symptoms create own topic instead of following instructions given to some other, please.

#28 User is offline   dominicrouse 

  • Member
  • PipPip
  • Find Topics
  • Group: Members
  • Posts: 16
  • Joined: 13-April 11

Posted 30 May 2011 - 07:35 PM

Dude! Removed Ad-Aware and everything is lightning fast again. Even the "stuck on right-click Send To" issue is doneski. I will install Avast and see how that goes.

Thank you soooo much for your patience and professionalism. Let me know if there is a place to donate or similar.

#29 User is offline   Blade81 

  • Bleepin' Rocker
  • PipPipPipPipPipPip
  • Find Topics
  • Group: Malware Response Team
  • Posts: 6,364
  • Joined: 16-October 06
  • Gender:Male
  • Location:Finland

Posted 30 May 2011 - 11:46 PM

You're welcome :)

Quote

Let me know if there is a place to donate or similar.
You may donate to a charity of your choice if you wish :)
Microsoft MVP Consumer Security 2008 2009 2010 2011
ASAP & UNITE member since 2006
Posted Image Posted Image

Provided malware removal related instructions are meant to be used in the correspondent user's case only. If you have similar symptoms create own topic instead of following instructions given to some other, please.

#30 User is offline   Blade81 

  • Bleepin' Rocker
  • PipPipPipPipPipPip
  • Find Topics
  • Group: Malware Response Team
  • Posts: 6,364
  • Joined: 16-October 06
  • Gender:Male
  • Location:Finland

Posted 07 June 2011 - 02:42 AM

It appears that this issue is resolved, therefore I am closing the topic. If that is not the case and you need or wish to continue with this topic, please send me or any Moderator a Personal Message (PM) that you would like this topic re-opened.
Microsoft MVP Consumer Security 2008 2009 2010 2011
ASAP & UNITE member since 2006
Posted Image Posted Image

Provided malware removal related instructions are meant to be used in the correspondent user's case only. If you have similar symptoms create own topic instead of following instructions given to some other, please.

Share this topic:


  • 2 Pages +
  • 1
  • 2
  • You cannot start a new topic
  • This topic is locked

1 User(s) are reading this topic
0 members, 1 guests, 0 anonymous users