Jump to content

colin0100

Honorary Members
 View Profile  See their activity

  • Posts

    56

  • Joined

  • Last visited

 Content Type 

Everything posted by colin0100

  1. colin0100
    download ok, :t runs, but no resulys 0100 hrs here , must sleep log id creseated.It's200 hrs here..musy go dleep..thnskj
  2. colin0100
    Thanks: I disables the ASK toolbar. I have left Avirs on: Security essentials will not turn on: Error 0x800705b4 time out. Malwarebytes will not update: Program Error updating (5,0,MBAMF FileIO:write file. Downloaded aswWBR Version 0.9.9.1665 but it will not run. Tries to get it going with 'run as' and unchecked that 'security' button: still will not run. Task bar doesn't show any activity under the 'applications' tab. Here are the logs: . DDS (Ver_2011-08-26.01) - NTFSx86 Internet Explorer: 6.0.2900.2180 Run by COLIN at 9:50:22 on 2012-07-01 Microsoft Windows XP Home Edition 5.1.2600.2.1252.1.1033.18.2046.1311 [GMT 10:00] . AV: Avira Desktop *Enabled/Updated* {AD166499-45F9-482A-A743-FDD3350758C7} AV: Microsoft Security Essentials *Disabled/Updated* {EDB4FA23-53B8-4AFA-8C5D-99752CCA7095} . ============== Running Processes =============== . C:\WINDOWS\system32\Ati2evxx.exe C:\WINDOWS\system32\svchost -k DcomLaunch svchost.exe C:\Program Files\Microsoft Security Client\MsMpEng.exe C:\WINDOWS\System32\svchost.exe -k netsvcs svchost.exe svchost.exe C:\WINDOWS\system32\spoolsv.exe C:\Program Files\Avira\AntiVir Desktop\sched.exe C:\Program Files\Avira\AntiVir Desktop\avguard.exe C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe C:\WINDOWS\System32\GEARSec.exe C:\WINDOWS\System32\svchost.exe -k HTTPFilter C:\WINDOWS\system32\drivers\KodakCCS.exe C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe C:\Program Files\PCPitstop\PCPitstopScheduleService.exe C:\WINDOWS\system32\svchost.exe -k imgsvc C:\Program Files\Avira\AntiVir Desktop\avshadow.exe C:\WINDOWS\system32\Ati2evxx.exe C:\WINDOWS\system32\Ati2evxx.exe C:\WINDOWS\system32\WgaTray.exe C:\Program Files\ATI Technologies\ATI.ACE\cli.exe C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATIAIP.EXE C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe C:\Program Files\Avira\AntiVir Desktop\avgnt.exe C:\Program Files\Microsoft Security Client\msseces.exe C:\WINDOWS\system32\ctfmon.exe C:\Program Files\Windows Live\Messenger\msnmsgr.exe C:\Program Files\Orbitdownloader\orbitdm.exe C:\Program Files\Orbitdownloader\orbitnet.exe C:\Program Files\ATI Technologies\ATI.ACE\cli.exe C:\Program Files\ATI Technologies\ATI.ACE\cli.exe C:\Program Files\Windows Live\Contacts\wlcomm.exe C:\Program Files\Internet Explorer\iexplore.exe C:\WINDOWS\system32\taskmgr.exe C:\WINDOWS\explorer.exe . ============== Pseudo HJT Report =============== . uStart Page = hxxp://www.google.com.au/ uSearch Page = hxxp://www.google.com uSearch Bar = hxxp://www.google.com/ie uSearchMigratedDefaultURL = hxxp://www.google.com/search?q={searchTerms}&sourceid=ie7&rls=com.microsoft:en-US&ie=utf8&oe=utf 8 uDefault_Search_URL = hxxp://www.google.com/ie mDefault_Search_URL = hxxp://www.google.com/ie uSearchAssistant = hxxp://www.google.com/ie uSearchURL,(Default) = hxxp://www.google.com/search?q=%s mSearchAssistant = hxxp://www.google.com/ie BHO: Octh Class: {000123b4-9b42-4900-b3f7-f4b073efc214} - c:\program files\orbitdownloader\orbitcth.dll BHO: Windows Live Sign-in Helper: {9030d464-4c02-4abf-8ecc-5164760863c6} - c:\program files\common files\microsoft shared\windows live\WindowsLiveLogin.dll BHO: Google Toolbar Helper: {aa58ed58-01dd-4d91-8333-cf10577473f7} - c:\program files\google\google toolbar\GoogleToolbar_32.dll BHO: Google Toolbar Notifier BHO: {af69de43-7d58-4638-b6fa-ce66b5ad205d} - c:\program files\google\googletoolbarnotifier\5.7.7227.1100\swg.dll BHO: Avira SearchFree Toolbar plus Web Protection: {d4027c7f-154a-4066-a1ad-4243d8127440} - c:\program files\ask.com\GenericAskToolbar.dll BHO: EpsonToolBandKicker Class: {e99421fb-68dd-40f0-b4ac-b7027cae2f1a} - c:\program files\epson\epson web-to-page\EPSON Web-To-Page.dll TB: EPSON Web-To-Page: {ee5d279f-081b-4404-994d-c6b60aaeba6d} - c:\program files\epson\epson web-to-page\EPSON Web-To-Page.dll TB: Grab Pro: {c55bbcd6-41ad-48ad-9953-3609c48eacc7} - c:\program files\orbitdownloader\GrabPro.dll TB: Avira SearchFree Toolbar plus Web Protection: {d4027c7f-154a-4066-a1ad-4243d8127440} - c:\program files\ask.com\GenericAskToolbar.dll TB: Google Toolbar: {2318c2b1-4965-11d4-9b18-009027a5cd4f} - c:\program files\google\google toolbar\GoogleToolbar_32.dll uRun: [ctfmon.exe] c:\windows\system32\ctfmon.exe uRun: [msnmsgr] "c:\program files\windows live\messenger\msnmsgr.exe" /background uRun: [WMPNSCFG] c:\program files\windows media player\WMPNSCFG.exe mRun: [ATICCC] "c:\program files\ati technologies\ati.ace\cli.exe" runtime -Delay mRun: [EPSON Stylus Photo R230 Series] c:\windows\system32\spool\drivers\w32x86\3\E_FATIAIP.EXE /P30 "EPSON Stylus Photo R230 Series" /O6 "USB002" /M "Stylus Photo R230" mRun: [NWEReboot] mRun: [NeroFilterCheck] c:\windows\system32\NeroCheck.exe mRun: [Malwarebytes' Anti-Malware] "c:\program files\malwarebytes' anti-malware\mbamgui.exe" /starttray mRun: [<NO NAME>] mRun: [avgnt] "c:\program files\avira\antivir desktop\avgnt.exe" /min mRun: [Windows Defender] "c:\program files\windows defender\MSASCui.exe" -hide mRun: [QuickTime Task] "c:\program files\quicktime\qttask.exe" -atboottime mRun: [MSC] "c:\program files\microsoft security client\msseces.exe" -hide -runkey dRun: [DWQueuedReporting] "c:\progra~1\common~1\micros~1\dw\dwtrig20.exe" -t StartupFolder: c:\docume~1\colin\startm~1\programs\startup\adobeg~1.lnk - c:\program files\common files\adobe\calibration\Adobe Gamma Loader.exe StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\orbit.lnk - c:\program files\orbitdownloader\orbitdm.exe mPolicies-system: EnableLUA = 0 (0x0) IE: &Download by Orbit - c:\program files\orbitdownloader\orbitmxt.dll/201 IE: &eBay Search - c:\program files\ebay\ebay toolbar2\eBayTb.dll/RCSearch.html IE: &Grab video by Orbit - c:\program files\orbitdownloader\orbitmxt.dll/204 IE: Do&wnload selected by Orbit - c:\program files\orbitdownloader\orbitmxt.dll/203 IE: Down&load all by Orbit - c:\program files\orbitdownloader\orbitmxt.dll/202 IE: E&xport to Microsoft Excel - c:\progra~1\micros~2\office11\EXCEL.EXE/3000 IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\micros~2\office11\REFIEBAR.DLL DPF: {0E5F0222-96B9-11D3-8997-00104BD12D94} - hxxp://www.pcpitstop.com/betapit/PCPitStop.CAB DPF: {17492023-C23A-453E-A040-C7C580BBF700} - hxxp://download.microsoft.com/download/F/D/9/FD9E437D-5BC8-4264-A093-DFA2C39D197E/LegitCheckCont rol.cab DPF: {31435657-9980-0010-8000-00AA00389B71} - hxxp://download.microsoft.com/download/e/2/f/e2fcec4b-6c8b-48b7-adab-ab9c403a978f/wvc1dmo.cab DPF: {3E68E405-C6DE-49FF-83AE-41EE9F4C36CE} - hxxp://office.microsoft.com/officeupdate/content/opuc3.cab DPF: {5ED80217-570B-4DA9-BF44-BE107C0EC166} - hxxps://scan.safety.live.com/resource/download/scanner/en-us/wlscbase3401.cab DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} - hxxp://windowsupdate.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1340 975846937 DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} - hxxp://update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?114013943 6593 DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} - hxxp://download.macromedia.com/pub/shockwave/cabs/flash/swflash.cab DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab DPF: {FFB3A759-98B1-446F-BDA9-909C6EB18CC7} - hxxp://utilities.pcpitstop.com/Optimize3/pcpitstop2.dll TCP: DhcpNameServer = 192.168.1.1 TCP: Interfaces\{67C731C6-C643-46BD-8865-2DA9C21374CD} : DhcpNameServer = 192.168.1.1 TCP: Interfaces\{8FAD4249-41A8-413E-8C32-51D6B0666FB6} : NameServer = 61.8.0.113,210.23.129.34 Handler: bwfile-8876480 - {9462A756-7B47-47BC-8C80-C34B9B80B32B} - c:\program files\logitech\desktop messenger\8876480\program\GAPlugProtocol-8876480.dll Notify: AtiExtEvent - Ati2evxx.dll SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - c:\windows\system32\WPDShServiceObj.dll SEH: Microsoft AntiMalware ShellExecuteHook: {091eb208-39dd-417d-a5dd-7e2c2d8fb9cb} - c:\progra~1\wifd1f~1\MpShHook.dll . ============= SERVICES / DRIVERS =============== . R0 PQV2i;PQV2i;c:\windows\system32\drivers\PQV2i.sys [2003-6-4 123957] R1 avkmgr;avkmgr;c:\windows\system32\drivers\avkmgr.sys [2011-10-19 36000] R1 PQIMount;PQIMount;c:\windows\system32\drivers\PQIMount.sys [2003-6-4 46900] R2 AntiVirSchedulerService;Avira Scheduler;c:\program files\avira\antivir desktop\sched.exe [2011-10-19 86224] R2 AntiVirService;Avira Realtime Protection;c:\program files\avira\antivir desktop\avguard.exe [2011-10-19 110032] R2 avgntflt;avgntflt;c:\windows\system32\drivers\avgntflt.sys [2011-10-19 83392] R2 MBAMService;MBAMService;c:\program files\malwarebytes' anti-malware\mbamservice.exe [2010-12-1 654408] R2 PCPitstop Scheduling;PCPitstop Scheduling;c:\program files\pcpitstop\PCPitstopScheduleService.exe [2011-11-26 86016] R3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [2010-11-29 22344] S0 MpFilter;Microsoft Malware Protection Driver;c:\windows\system32\drivers\MpFilter.sys [2012-3-20 171064] S2 AntiVirWebService;Avira Web Protection;c:\program files\avira\antivir desktop\avwebgrd.exe [2011-10-19 465360] S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\microsoft.net\framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384] S2 gupdate;Google Update Service (gupdate);c:\program files\google\update\GoogleUpdate.exe [2009-7-23 133104] S2 SZASSIST;SecretZone Assist Service;"c:\program files\clarus\samsung secretzone\szassistsvc.exe" --> c:\program files\clarus\samsung secretzone\SZAssistSVC.exe [?] S2 WinDefend;Windows Defender;c:\program files\windows defender\MsMpEng.exe [2006-11-3 13592] S3 glauiad;D-Link DSL-302G Modem;c:\windows\system32\drivers\glauiad.sys [2006-1-13 29603] S3 gupdatem;Google Update Service (gupdatem);c:\program files\google\update\GoogleUpdate.exe [2009-7-23 133104] S3 MatSvc;Microsoft Automated Troubleshooting Service;c:\program files\microsoft fix it center\Matsvc.exe [2011-6-13 267568] S3 mdf16;mdf16;\??\c:\program files\clarus\samsung secretzone\mdf16.sys --> c:\program files\clarus\samsung secretzone\mdf16.sys [?] S3 mvd22;mvd22;\??\c:\program files\clarus\samsung secretzone\mvd22.sys --> c:\program files\clarus\samsung secretzone\mvd22.sys [?] S3 WPFFontCache_v0400;Windows Presentation Foundation Font Cache 4.0.0.0;c:\windows\microsoft.net\framework\v4.0.30319\wpf\WPFFontCache_v0400.exe [2010-3-18 753504] . =============== File Associations =============== . regfile=regedit.exe "%1" %* scrfile="%1" %* . =============== Created Last 30 ================ . 2012-06-29 12:16:59 18944 -c--a-w- c:\windows\system32\dllcache\simptcp.dll 2012-06-29 12:15:58 65536 -c--a-w- c:\windows\system32\dllcache\EXCH_mailmsg.dll 2012-06-29 12:14:59 57856 -c--a-w- c:\windows\system32\dllcache\esuimgd.dll 2012-06-29 12:13:55 5632 -c--a-w- c:\windows\system32\dllcache\EXCH_adsiisex.dll 2012-06-29 12:09:47 -------- d-s---w- c:\windows\Downloaded Program Files 2012-06-29 12:09:14 16384 -c--a-w- c:\windows\system32\dllcache\isignup.exe 2012-06-29 12:09:14 16384 ----a-w- c:\program files\internet explorer\connection wizard\isignup.exe 2012-06-29 11:48:43 608594 ----a-w- c:\windows\system32\PerfStringBackup.TMP 2012-06-29 11:48:25 13312 -c--a-w- c:\windows\system32\dllcache\irclass.dll 2012-06-29 11:48:25 13312 ----a-w- c:\windows\system32\irclass.dll 2012-06-29 11:48:24 24661 -c--a-w- c:\windows\system32\dllcache\spxcoins.dll 2012-06-29 11:48:24 24661 ----a-w- c:\windows\system32\spxcoins.dll 2012-06-29 11:48:09 13753 ----a-r- c:\windows\SET13F.tmp 2012-06-29 11:48:07 1086058 ----a-r- c:\windows\SET133.tmp 2012-06-29 11:48:05 1042903 ----a-r- c:\windows\SET130.tmp 2012-06-29 09:56:37 -------- d-----w- c:\program files\common files\SpeedMaxPc 2012-06-29 09:56:33 -------- d-----w- c:\program files\SpeedMaxPc 2012-06-29 09:56:33 -------- d-----w- c:\documents and settings\all users\application data\SpeedMaxPc 2012-06-29 03:06:32 -------- d-----w- c:\windows\system32\MpEngineStore 2012-06-28 12:39:28 6762896 ---h--w- c:\documents and settings\all users\application data\microsoft\microsoft antimalware\definition updates\{bf6011fe-02f8-49f5-bc2f-4de76ad67413}\mpengine.dll 2012-06-28 12:35:38 -------- d--h--w- c:\program files\Microsoft Security Client 2012-06-28 12:28:10 -------- d--h--w- c:\documents and settings\colin\local settings\application data\FixItCenter 2012-06-26 16:21:10 56200 ---ha-w- c:\documents and settings\all users\application data\microsoft\windows defender\definition updates\{ddd32bdf-4f2b-428a-8a02-5ade919ac233}\offreg.dll 2012-06-26 16:17:46 6762896 ---h--w- c:\documents and settings\all users\application data\microsoft\windows defender\definition updates\{ddd32bdf-4f2b-428a-8a02-5ade919ac233}\mpengine.dll 2012-06-26 03:59:00 -------- d--h--w- c:\documents and settings\colin\application data\HandBrake 2012-06-19 09:15:30 17396768 ---ha-w- c:\program files\mpas-fe.exe . ==================== Find3M ==================== . 2012-06-02 05:19:44 22040 ---ha-w- c:\windows\system32\wucltui.dll.mui 2012-06-02 05:19:38 15384 ---ha-w- c:\windows\system32\wuaucpl.cpl.mui 2012-06-02 05:19:34 15384 ---ha-w- c:\windows\system32\wuapi.dll.mui 2012-06-02 05:19:30 17944 ---ha-w- c:\windows\system32\wuaueng.dll.mui 2012-05-26 06:57:52 73 ---ha-w- c:\windows\system32\ssprs.dll 2012-05-09 03:47:56 83392 ---ha-w- c:\windows\system32\drivers\avgntflt.sys 2012-04-26 07:05:03 87608 ---ha-w- c:\documents and settings\colin\application data\inst.exe 2012-04-26 07:05:03 47360 ---ha-w- c:\documents and settings\colin\application data\pcouffin.sys 2012-04-04 05:56:40 22344 ---ha-w- c:\windows\system32\drivers\mbam.sys 2008-12-12 16:07:02 7930904 ---ha-w- c:\program files\dap9.exe 2008-12-09 01:28:00 2167968 ---ha-w- c:\program files\OrbitDownloaderSetup.exe 2008-07-10 09:55:36 383755 ---ha-w- c:\program files\download-VobSub_2.23.exe 2008-06-23 23:31:04 5992404 ---ha-w- c:\program files\Portable GetRight 6.3e.exe 2007-12-05 07:43:01 9347192 ---ha-w- c:\program files\agentenu420-1118.exe 2006-02-27 08:15:14 217329 ---ha-w- c:\program files\gspot221.exe 2006-01-17 06:15:01 20921040 ---ha-w- c:\program files\AdbeRdr705_enu_full.exe 2006-01-17 05:55:18 11477288 ---ha-w- c:\program files\DivXPlay.exe 2005-12-06 02:00:46 74448 ---ha-w- c:\program files\DSETUP.dll 2005-12-06 02:00:46 484560 ---ha-w- c:\program files\DXSETUP.exe 2005-12-06 02:00:46 2247888 ---ha-w- c:\program files\dsetup32.dll . ============= FINISH: 9:57:35.78 =============== . DDS (Ver_2011-08-26.01) - NTFSx86 Internet Explorer: 6.0.2900.2180 Run by COLIN at 9:50:22 on 2012-07-01 Microsoft Windows XP Home Edition 5.1.2600.2.1252.1.1033.18.2046.1311 [GMT 10:00] . AV: Avira Desktop *Enabled/Updated* {AD166499-45F9-482A-A743-FDD3350758C7} AV: Microsoft Security Essentials *Disabled/Updated* {EDB4FA23-53B8-4AFA-8C5D-99752CCA7095} . ============== Running Processes =============== . C:\WINDOWS\system32\Ati2evxx.exe C:\WINDOWS\system32\svchost -k DcomLaunch svchost.exe C:\Program Files\Microsoft Security Client\MsMpEng.exe C:\WINDOWS\System32\svchost.exe -k netsvcs svchost.exe svchost.exe C:\WINDOWS\system32\spoolsv.exe C:\Program Files\Avira\AntiVir Desktop\sched.exe C:\Program Files\Avira\AntiVir Desktop\avguard.exe C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe C:\WINDOWS\System32\GEARSec.exe C:\WINDOWS\System32\svchost.exe -k HTTPFilter C:\WINDOWS\system32\drivers\KodakCCS.exe C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe C:\Program Files\PCPitstop\PCPitstopScheduleService.exe C:\WINDOWS\system32\svchost.exe -k imgsvc C:\Program Files\Avira\AntiVir Desktop\avshadow.exe C:\WINDOWS\system32\Ati2evxx.exe C:\WINDOWS\system32\Ati2evxx.exe C:\WINDOWS\system32\WgaTray.exe C:\Program Files\ATI Technologies\ATI.ACE\cli.exe C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATIAIP.EXE C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe C:\Program Files\Avira\AntiVir Desktop\avgnt.exe C:\Program Files\Microsoft Security Client\msseces.exe C:\WINDOWS\system32\ctfmon.exe C:\Program Files\Windows Live\Messenger\msnmsgr.exe C:\Program Files\Orbitdownloader\orbitdm.exe C:\Program Files\Orbitdownloader\orbitnet.exe C:\Program Files\ATI Technologies\ATI.ACE\cli.exe C:\Program Files\ATI Technologies\ATI.ACE\cli.exe C:\Program Files\Windows Live\Contacts\wlcomm.exe C:\Program Files\Internet Explorer\iexplore.exe C:\WINDOWS\system32\taskmgr.exe C:\WINDOWS\explorer.exe . ============== Pseudo HJT Report =============== . uStart Page = hxxp://www.google.com.au/ uSearch Page = hxxp://www.google.com uSearch Bar = hxxp://www.google.com/ie uSearchMigratedDefaultURL = hxxp://www.google.com/search?q={searchTerms}&sourceid=ie7&rls=com.microsoft:en-US&ie=utf8&oe=utf8 uDefault_Search_URL = hxxp://www.google.com/ie mDefault_Search_URL = hxxp://www.google.com/ie uSearchAssistant = hxxp://www.google.com/ie uSearchURL,(Default) = hxxp://www.google.com/search?q=%s mSearchAssistant = hxxp://www.google.com/ie BHO: Octh Class: {000123b4-9b42-4900-b3f7-f4b073efc214} - c:\program files\orbitdownloader\orbitcth.dll BHO: Windows Live Sign-in Helper: {9030d464-4c02-4abf-8ecc-5164760863c6} - c:\program files\common files\microsoft shared\windows live\WindowsLiveLogin.dll BHO: Google Toolbar Helper: {aa58ed58-01dd-4d91-8333-cf10577473f7} - c:\program files\google\google toolbar\GoogleToolbar_32.dll BHO: Google Toolbar Notifier BHO: {af69de43-7d58-4638-b6fa-ce66b5ad205d} - c:\program files\google\googletoolbarnotifier\5.7.7227.1100\swg.dll BHO: Avira SearchFree Toolbar plus Web Protection: {d4027c7f-154a-4066-a1ad-4243d8127440} - c:\program files\ask.com\GenericAskToolbar.dll BHO: EpsonToolBandKicker Class: {e99421fb-68dd-40f0-b4ac-b7027cae2f1a} - c:\program files\epson\epson web-to-page\EPSON Web-To-Page.dll TB: EPSON Web-To-Page: {ee5d279f-081b-4404-994d-c6b60aaeba6d} - c:\program files\epson\epson web-to-page\EPSON Web-To-Page.dll TB: Grab Pro: {c55bbcd6-41ad-48ad-9953-3609c48eacc7} - c:\program files\orbitdownloader\GrabPro.dll TB: Avira SearchFree Toolbar plus Web Protection: {d4027c7f-154a-4066-a1ad-4243d8127440} - c:\program files\ask.com\GenericAskToolbar.dll TB: Google Toolbar: {2318c2b1-4965-11d4-9b18-009027a5cd4f} - c:\program files\google\google toolbar\GoogleToolbar_32.dll uRun: [ctfmon.exe] c:\windows\system32\ctfmon.exe uRun: [msnmsgr] "c:\program files\windows live\messenger\msnmsgr.exe" /background uRun: [WMPNSCFG] c:\program files\windows media player\WMPNSCFG.exe mRun: [ATICCC] "c:\program files\ati technologies\ati.ace\cli.exe" runtime -Delay mRun: [EPSON Stylus Photo R230 Series] c:\windows\system32\spool\drivers\w32x86\3\E_FATIAIP.EXE /P30 "EPSON Stylus Photo R230 Series" /O6 "USB002" /M "Stylus Photo R230" mRun: [NWEReboot] mRun: [NeroFilterCheck] c:\windows\system32\NeroCheck.exe mRun: [Malwarebytes' Anti-Malware] "c:\program files\malwarebytes' anti-malware\mbamgui.exe" /starttray mRun: [<NO NAME>] mRun: [avgnt] "c:\program files\avira\antivir desktop\avgnt.exe" /min mRun: [Windows Defender] "c:\program files\windows defender\MSASCui.exe" -hide mRun: [QuickTime Task] "c:\program files\quicktime\qttask.exe" -atboottime mRun: [MSC] "c:\program files\microsoft security client\msseces.exe" -hide -runkey dRun: [DWQueuedReporting] "c:\progra~1\common~1\micros~1\dw\dwtrig20.exe" -t StartupFolder: c:\docume~1\colin\startm~1\programs\startup\adobeg~1.lnk - c:\program files\common files\adobe\calibration\Adobe Gamma Loader.exe StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\orbit.lnk - c:\program files\orbitdownloader\orbitdm.exe mPolicies-system: EnableLUA = 0 (0x0) IE: &Download by Orbit - c:\program files\orbitdownloader\orbitmxt.dll/201 IE: &eBay Search - c:\program files\ebay\ebay toolbar2\eBayTb.dll/RCSearch.html IE: &Grab video by Orbit - c:\program files\orbitdownloader\orbitmxt.dll/204 IE: Do&wnload selected by Orbit - c:\program files\orbitdownloader\orbitmxt.dll/203 IE: Down&load all by Orbit - c:\program files\orbitdownloader\orbitmxt.dll/202 IE: E&xport to Microsoft Excel - c:\progra~1\micros~2\office11\EXCEL.EXE/3000 IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\micros~2\office11\REFIEBAR.DLL DPF: {0E5F0222-96B9-11D3-8997-00104BD12D94} - hxxp://www.pcpitstop.com/betapit/PCPitStop.CAB DPF: {17492023-C23A-453E-A040-C7C580BBF700} - hxxp://download.microsoft.com/download/F/D/9/FD9E437D-5BC8-4264-A093-DFA2C39D197E/LegitCheckControl.cab DPF: {31435657-9980-0010-8000-00AA00389B71} - hxxp://download.microsoft.com/download/e/2/f/e2fcec4b-6c8b-48b7-adab-ab9c403a978f/wvc1dmo.cab DPF: {3E68E405-C6DE-49FF-83AE-41EE9F4C36CE} - hxxp://office.microsoft.com/officeupdate/content/opuc3.cab DPF: {5ED80217-570B-4DA9-BF44-BE107C0EC166} - hxxps://scan.safety.live.com/resource/download/scanner/en-us/wlscbase3401.cab DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} - hxxp://windowsupdate.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1340975846937 DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} - hxxp://update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1140139436593 DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} - hxxp://download.macromedia.com/pub/shockwave/cabs/flash/swflash.cab DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab DPF: {FFB3A759-98B1-446F-BDA9-909C6EB18CC7} - hxxp://utilities.pcpitstop.com/Optimize3/pcpitstop2.dll TCP: DhcpNameServer = 192.168.1.1 TCP: Interfaces\{67C731C6-C643-46BD-8865-2DA9C21374CD} : DhcpNameServer = 192.168.1.1 TCP: Interfaces\{8FAD4249-41A8-413E-8C32-51D6B0666FB6} : NameServer = 61.8.0.113,210.23.129.34 Handler: bwfile-8876480 - {9462A756-7B47-47BC-8C80-C34B9B80B32B} - c:\program files\logitech\desktop messenger\8876480\program\GAPlugProtocol-8876480.dll Notify: AtiExtEvent - Ati2evxx.dll SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - c:\windows\system32\WPDShServiceObj.dll SEH: Microsoft AntiMalware ShellExecuteHook: {091eb208-39dd-417d-a5dd-7e2c2d8fb9cb} - c:\progra~1\wifd1f~1\MpShHook.dll . ============= SERVICES / DRIVERS =============== . R0 PQV2i;PQV2i;c:\windows\system32\drivers\PQV2i.sys [2003-6-4 123957] R1 avkmgr;avkmgr;c:\windows\system32\drivers\avkmgr.sys [2011-10-19 36000] R1 PQIMount;PQIMount;c:\windows\system32\drivers\PQIMount.sys [2003-6-4 46900] R2 AntiVirSchedulerService;Avira Scheduler;c:\program files\avira\antivir desktop\sched.exe [2011-10-19 86224] R2 AntiVirService;Avira Realtime Protection;c:\program files\avira\antivir desktop\avguard.exe [2011-10-19 110032] R2 avgntflt;avgntflt;c:\windows\system32\drivers\avgntflt.sys [2011-10-19 83392] R2 MBAMService;MBAMService;c:\program files\malwarebytes' anti-malware\mbamservice.exe [2010-12-1 654408] R2 PCPitstop Scheduling;PCPitstop Scheduling;c:\program files\pcpitstop\PCPitstopScheduleService.exe [2011-11-26 86016] R3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [2010-11-29 22344] S0 MpFilter;Microsoft Malware Protection Driver;c:\windows\system32\drivers\MpFilter.sys [2012-3-20 171064] S2 AntiVirWebService;Avira Web Protection;c:\program files\avira\antivir desktop\avwebgrd.exe [2011-10-19 465360] S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\microsoft.net\framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384] S2 gupdate;Google Update Service (gupdate);c:\program files\google\update\GoogleUpdate.exe [2009-7-23 133104] S2 SZASSIST;SecretZone Assist Service;"c:\program files\clarus\samsung secretzone\szassistsvc.exe" --> c:\program files\clarus\samsung secretzone\SZAssistSVC.exe [?] S2 WinDefend;Windows Defender;c:\program files\windows defender\MsMpEng.exe [2006-11-3 13592] S3 glauiad;D-Link DSL-302G Modem;c:\windows\system32\drivers\glauiad.sys [2006-1-13 29603] S3 gupdatem;Google Update Service (gupdatem);c:\program files\google\update\GoogleUpdate.exe [2009-7-23 133104] S3 MatSvc;Microsoft Automated Troubleshooting Service;c:\program files\microsoft fix it center\Matsvc.exe [2011-6-13 267568] S3 mdf16;mdf16;\??\c:\program files\clarus\samsung secretzone\mdf16.sys --> c:\program files\clarus\samsung secretzone\mdf16.sys [?] S3 mvd22;mvd22;\??\c:\program files\clarus\samsung secretzone\mvd22.sys --> c:\program files\clarus\samsung secretzone\mvd22.sys [?] S3 WPFFontCache_v0400;Windows Presentation Foundation Font Cache 4.0.0.0;c:\windows\microsoft.net\framework\v4.0.30319\wpf\WPFFontCache_v0400.exe [2010-3-18 753504] . =============== File Associations =============== . regfile=regedit.exe "%1" %* scrfile="%1" %* . =============== Created Last 30 ================ . 2012-06-29 12:16:59 18944 -c--a-w- c:\windows\system32\dllcache\simptcp.dll 2012-06-29 12:15:58 65536 -c--a-w- c:\windows\system32\dllcache\EXCH_mailmsg.dll 2012-06-29 12:14:59 57856 -c--a-w- c:\windows\system32\dllcache\esuimgd.dll 2012-06-29 12:13:55 5632 -c--a-w- c:\windows\system32\dllcache\EXCH_adsiisex.dll 2012-06-29 12:09:47 -------- d-s---w- c:\windows\Downloaded Program Files 2012-06-29 12:09:14 16384 -c--a-w- c:\windows\system32\dllcache\isignup.exe 2012-06-29 12:09:14 16384 ----a-w- c:\program files\internet explorer\connection wizard\isignup.exe 2012-06-29 11:48:43 608594 ----a-w- c:\windows\system32\PerfStringBackup.TMP 2012-06-29 11:48:25 13312 -c--a-w- c:\windows\system32\dllcache\irclass.dll 2012-06-29 11:48:25 13312 ----a-w- c:\windows\system32\irclass.dll 2012-06-29 11:48:24 24661 -c--a-w- c:\windows\system32\dllcache\spxcoins.dll 2012-06-29 11:48:24 24661 ----a-w- c:\windows\system32\spxcoins.dll 2012-06-29 11:48:09 13753 ----a-r- c:\windows\SET13F.tmp 2012-06-29 11:48:07 1086058 ----a-r- c:\windows\SET133.tmp 2012-06-29 11:48:05 1042903 ----a-r- c:\windows\SET130.tmp 2012-06-29 09:56:37 -------- d-----w- c:\program files\common files\SpeedMaxPc 2012-06-29 09:56:33 -------- d-----w- c:\program files\SpeedMaxPc 2012-06-29 09:56:33 -------- d-----w- c:\documents and settings\all users\application data\SpeedMaxPc 2012-06-29 03:06:32 -------- d-----w- c:\windows\system32\MpEngineStore 2012-06-28 12:39:28 6762896 ---h--w- c:\documents and settings\all users\application data\microsoft\microsoft antimalware\definition updates\{bf6011fe-02f8-49f5-bc2f-4de76ad67413}\mpengine.dll 2012-06-28 12:35:38 -------- d--h--w- c:\program files\Microsoft Security Client 2012-06-28 12:28:10 -------- d--h--w- c:\documents and settings\colin\local settings\application data\FixItCenter 2012-06-26 16:21:10 56200 ---ha-w- c:\documents and settings\all users\application data\microsoft\windows defender\definition updates\{ddd32bdf-4f2b-428a-8a02-5ade919ac233}\offreg.dll 2012-06-26 16:17:46 6762896 ---h--w- c:\documents and settings\all users\application data\microsoft\windows defender\definition updates\{ddd32bdf-4f2b-428a-8a02-5ade919ac233}\mpengine.dll 2012-06-26 03:59:00 -------- d--h--w- c:\documents and settings\colin\application data\HandBrake 2012-06-19 09:15:30 17396768 ---ha-w- c:\program files\mpas-fe.exe . ==================== Find3M ==================== . 2012-06-02 05:19:44 22040 ---ha-w- c:\windows\system32\wucltui.dll.mui 2012-06-02 05:19:38 15384 ---ha-w- c:\windows\system32\wuaucpl.cpl.mui 2012-06-02 05:19:34 15384 ---ha-w- c:\windows\system32\wuapi.dll.mui 2012-06-02 05:19:30 17944 ---ha-w- c:\windows\system32\wuaueng.dll.mui 2012-05-26 06:57:52 73 ---ha-w- c:\windows\system32\ssprs.dll 2012-05-09 03:47:56 83392 ---ha-w- c:\windows\system32\drivers\avgntflt.sys 2012-04-26 07:05:03 87608 ---ha-w- c:\documents and settings\colin\application data\inst.exe 2012-04-26 07:05:03 47360 ---ha-w- c:\documents and settings\colin\application data\pcouffin.sys 2012-04-04 05:56:40 22344 ---ha-w- c:\windows\system32\drivers\mbam.sys 2008-12-12 16:07:02 7930904 ---ha-w- c:\program files\dap9.exe 2008-12-09 01:28:00 2167968 ---ha-w- c:\program files\OrbitDownloaderSetup.exe 2008-07-10 09:55:36 383755 ---ha-w- c:\program files\download-VobSub_2.23.exe 2008-06-23 23:31:04 5992404 ---ha-w- c:\program files\Portable GetRight 6.3e.exe 2007-12-05 07:43:01 9347192 ---ha-w- c:\program files\agentenu420-1118.exe 2006-02-27 08:15:14 217329 ---ha-w- c:\program files\gspot221.exe 2006-01-17 06:15:01 20921040 ---ha-w- c:\program files\AdbeRdr705_enu_full.exe 2006-01-17 05:55:18 11477288 ---ha-w- c:\program files\DivXPlay.exe 2005-12-06 02:00:46 74448 ---ha-w- c:\program files\DSETUP.dll 2005-12-06 02:00:46 484560 ---ha-w- c:\program files\DXSETUP.exe 2005-12-06 02:00:46 2247888 ---ha-w- c:\program files\dsetup32.dll . ============= FINISH: 9:57:35.78 ===============
  3. colin0100
    Greetings, and I have great confidence. You people are amazing, just reading through the forums. Anyway, earlier today I ran the two progs and collected the two files....then somehow mucked up the post. I think I am now clear. Here goes: 28 June. Avira picked up and quaranted 2 things: EXP/PIDIEF.AIK.1 EXP/JS.PDFKA.KKK Damage: I can not see any files created prior to the attack. Files created after the attack and saved to my thumb drive are OK. Getting Malwarebytes blocking outgoing traffic to bad site.. 206.(wasn't fast enough to get the full URL ) To get into the internet I use the link in the malwarebytes s/w to the Malwarebytes site and move around from there. I can get the task bar to display. PC is not stable, and I need to reboot sometimes when it freezes. Malwarebytes does not update successfully. Files are those downloaded before the attack: 28 June. Computer is getting progressivly worse I THINK ....anyway, I am! :-( Action to date: Malwarebytes full scan Ran June 2012 of MRT.exe CHKDSK repair MS Defender caught 2 : TR/spy.Zbot.76.13 and 76.14 (persitent: just now caught by Avira and removed 30 June 1130pm) Ran Dell extended H/w test on main drive LOaded the original Windows disc in Repair mode (gave me XP sp2) Looking forward to working with you all Thanks Colin dds.txt attach.txt
  4. colin0100
    Thanks a lot, that worked....
  5. colin0100
    My settings are nothing like shown in your guide. I have only 'general settings' like timezone, age, gender. How do I get to that page?
  6. colin0100
    Hello from Sydney. Avira has quaranteed the following two nasties: exp/pidief.aik.1 exp/js.pdfka.kkk. I had malwarebytes running, Avira and MS malicious software tool Here is what I have done so far. full scan with malwarebytes ran a full scan with MS MRT.EXE CHKDSK repair Avira full scan Ran Dell extended software test Tries to restore to a prior restore point (unsuccessful) Loaded my original Windows (XP) in Repair mode (gave me SP2) I am sending this on another PC as mine is almost inoperable now. Still getting attempts to infect, finding trojans, MB blocking attempts to connect to naughty sites Any hope for me, or do I have to reinstall Windows. Help please. Colin
Back to top
×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.