A320

Members
  • Content count

    4
  • Joined

  • Last visited

About A320

  • Rank
    New Member

Contact Methods

  • ICQ
    0
  1. Good Morning Mieke I believe it may have been this website. We purchased a ticket via the website. It was around this time that the trouble began. www.apieceofnz.co.nz/terms-and-conditions/ Take a look and let me know if you think this may have been the site! Regards Philip
  2. Hi there Mieke All done, and so far, no more popups. So good news. I'm pleased that you can add this virus to your base software, as it is a real headache. A quick question, do you have any idea how this virus found its way aboard the laptop. My kids are certainly all over it (this is a family laptop), and I'd love to be able to suggest to the family how we could stop this happening. I guess there is just so much of this stuff around, its inevitable that all the virus protection in the world will occasionally not stop this occurring. Thanks goodness for companies and people like you! I'm about to commission two new laptops here at home, so will ensure your software is aboard ASAP. How long before your next update occurs? Thanks once again for your assistance Mieke! Regards Philip
  3. Hi there I have carried out the instructions you have passed. Thanks so much for following this one through. Regards Philip
  4. Hi there Malware experts! In the last week, my laptop has been plagued with a Malware virus. The symptoms are continual opening of browser (IE) pages advertising all sorts of rubbish. I have downloaded your excellent product and have run a full scan twice. The first time the software showed a number (5) of infections that were cleaned. Unfortunately the problem continues. I have today run another full scan, with a clean result. Again, the popups continue. I have run the latest anti virus programme (CA), and also adaware and spybot, all to no avail. I'm now pleading for some assistance, so have run the software you request, and attached it for review. I would be extremely pleased to be rid of this virus. Thanks for taking a look. DDS (Ver_09-12-01.01) - NTFSx86 Run by Philip and Jacqui at 16:29:53.56 on Mon 25/01/2010 Internet Explorer: 8.0.6001.18702 Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.1022.293 [GMT 13:00] AV: CA Anti-Virus *On-access scanning enabled* (Updated) {17CFD1EA-56CF-40B5-A06B-BD3A27397C93} ============== Running Processes =============== C:\WINDOWS\system32\Ati2evxx.exe C:\WINDOWS\system32\svchost -k DcomLaunch svchost.exe C:\WINDOWS\System32\svchost.exe -k netsvcs C:\Program Files\Intel\Wireless\Bin\EvtEng.exe C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe svchost.exe svchost.exe C:\Program Files\Lavasoft\Ad-Aware\AAWService.exe C:\WINDOWS\system32\spoolsv.exe C:\Program Files\CA\SharedComponents\HIPSEngine\UmxCfg.exe C:\Program Files\CA\SharedComponents\HIPSEngine\UmxPol.exe C:\Program Files\CA\SharedComponents\HIPSEngine\UmxAgent.exe svchost.exe C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe C:\Program Files\CA\CA Internet Security Suite\CA Anti-Virus\ISafe.exe C:\Program Files\CA\CA Internet Security Suite\ccschedulersvc.exe C:\Program Files\Java\jre6\bin\jqs.exe C:\Program Files\Intel\Wireless\Bin\ZcfgSvc.exe C:\Program Files\Intel\Wireless\Bin\OProtSvc.exe C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe C:\WINDOWS\system32\slserv.exe C:\Program Files\CA\CA Internet Security Suite\CA Anti-Virus\VetMsg.exe C:\PROGRA~1\Intel\Wireless\Bin\1XConfig.exe C:\WINDOWS\system32\Ati2evxx.exe C:\WINDOWS\Explorer.EXE C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe C:\WINDOWS\mHotkey.exe C:\Program Files\Elantech\Ktp.exe C:\Program Files\Intel\Wireless\Bin\ifrmewrk.exe C:\Program Files\Intel\Wireless\Bin\EOUWiz.exe C:\Program Files\CA\CA Internet Security Suite\casc.exe C:\Program Files\CA\CA Internet Security Suite\CA Anti-Virus\CAVRID.exe C:\WINDOWS\RTHDCPL.EXE C:\Program Files\Lavasoft\Ad-Aware\AAWTray.exe C:\Program Files\HP\HP Software Update\HPWuSchd2.exe C:\Program Files\HP\hpcoretech\hpcmpmgr.exe C:\Program Files\QuickTime\QTTask.exe C:\Program Files\iTunes\iTunesHelper.exe C:\Program Files\Java\jre6\bin\jusched.exe C:\Documents and Settings\Philip and Jacqui\Application Data\Microsoft\Update.exe C:\Program Files\Windows Live\Messenger\msnmsgr.exe C:\WINDOWS\system32\ctfmon.exe C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe C:\Program Files\InterVideo\Common\Bin\WinCinemaMgr.exe C:\Program Files\Sony Corporation\Picture Package\Picture Package Menu\SonyTray.exe C:\Program Files\CA\CA Internet Security Suite\ccprovsp.exe C:\Program Files\iPod\bin\iPodService.exe C:\Program Files\HP\Digital Imaging\bin\hpqgalry.exe C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe C:\WINDOWS\system32\HPZipm12.exe C:\Documents and Settings\Philip and Jacqui\Desktop\Defogger.exe C:\Documents and Settings\Philip and Jacqui\Local Settings\Application Data\Google\Chrome\Application\chrome.exe C:\Documents and Settings\Philip and Jacqui\Local Settings\Application Data\Google\Chrome\Application\chrome.exe C:\Documents and Settings\Philip and Jacqui\Local Settings\Application Data\Google\Chrome\Application\chrome.exe C:\Malwarebytes' Anti-Malware\mbam.exe C:\Program Files\Internet Explorer\iexplore.exe C:\Program Files\Internet Explorer\iexplore.exe C:\Documents and Settings\Philip and Jacqui\Local Settings\Application Data\Google\Chrome\Application\chrome.exe C:\Program Files\Internet Explorer\iexplore.exe C:\Documents and Settings\Philip and Jacqui\Local Settings\Application Data\Google\Chrome\Application\chrome.exe C:\Documents and Settings\Philip and Jacqui\My Documents\Downloads\dds.scr C:\Program Files\Adobe\Reader 8.0\Reader\AcroRd32Info.exe C:\WINDOWS\system32\svchost.exe -k imgsvc ============== Pseudo HJT Report =============== uSearchMigratedDefaultURL = hxxp://www.google.com/search?q={searchTerms}&sourceid=ie7&rls=com.microsoft:en-US&ie=utf8&oe=utf8 uStart Page = hxxp://nz.yahoo.com/ uInternet Connection Wizard,ShellNext = iexplore BHO: Adobe PDF Reader Link Helper: {06849e9f-c8d7-4d59-b87d-784b7d6be0b3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelper.dll BHO: Spybot-S&D IE Protection: {53707962-6f74-2d53-2644-206d7942484f} - c:\program files\spybot - search & destroy\SDHelper.dll BHO: {5C255C8A-E604-49b4-9D64-90988571CECB} - No File BHO: Windows Live Sign-in Helper: {9030d464-4c02-4abf-8ecc-5164760863c6} - c:\program files\common files\microsoft shared\windows live\WindowsLiveLogin.dll BHO: Google Toolbar Helper: {aa58ed58-01dd-4d91-8333-cf10577473f7} - c:\program files\google\google toolbar\GoogleToolbar.dll BHO: Google Toolbar Notifier BHO: {af69de43-7d58-4638-b6fa-ce66b5ad205d} - c:\program files\google\googletoolbarnotifier\5.3.4501.1418\swg.dll BHO: Google Dictionary Compression sdch: {c84d72fe-e17d-4195-bb24-76c02e2e7c4e} - c:\program files\google\google toolbar\component\fastsearch_A8904FB862BD9564.dll BHO: Java Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll BHO: JQSIEStartDetectorImpl Class: {e7e6f031-17ce-4c07-bc86-eabfe594f69c} - c:\program files\java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll TB: Google Toolbar: {2318c2b1-4965-11d4-9b18-009027a5cd4f} - c:\program files\google\google toolbar\GoogleToolbar.dll TB: &Yahoo! Toolbar: {ef99bd32-c1fb-11d2-892f-0090271d4f88} - TB: {C11483F7-D7D8-4804-98D8-6055470BB989} - No File uRun: [MsnMsgr] "c:\program files\windows live\messenger\msnmsgr.exe" /background uRun: [swg] c:\program files\google\googletoolbarnotifier\GoogleToolbarNotifier.exe uRun: [OM2_Monitor] "c:\program files\olympus\olympus master 2\MMonitor.exe" -NoStart uRun: [ctfmon.exe] c:\windows\system32\ctfmon.exe uRun: [spybotSD TeaTimer] c:\program files\spybot - search & destroy\TeaTimer.exe uRun: [Google Update] "c:\documents and settings\philip and jacqui\local settings\application data\google\update\GoogleUpdate.exe" /c mRun: [ATIPTA] c:\program files\ati technologies\ati control panel\atiptaxx.exe mRun: [High Definition Audio Property Page Shortcut] HDAShCut.exe mRun: [CHotkey] mHotkey.exe mRun: [KTPWare] c:\program files\elantech\Ktp.exe mRun: [NeroFilterCheck] c:\windows\system32\NeroCheck.exe mRun: [intelZeroConfig] c:\program files\intel\wireless\bin\ZCfgSvc.exe mRun: [intelWireless] c:\program files\intel\wireless\bin\ifrmewrk.exe /tf Intel PROSet/Wireless mRun: [EOUApp] c:\program files\intel\wireless\bin\EOUWiz.exe mRun: [cctray] c:\program files\ca\ca internet security suite\casc.exe mRun: [CAVRID] "c:\program files\ca\ca internet security suite\ca anti-virus\CAVRID.exe" mRun: [RTHDCPL] RTHDCPL.EXE mRun: [starUpdater] mRun: [Ad-Watch] c:\program files\lavasoft\ad-aware\AAWTray.exe mRun: [HP Software Update] "c:\program files\hp\hp software update\HPWuSchd2.exe" mRun: [HP Component Manager] "c:\program files\hp\hpcoretech\hpcmpmgr.exe" mRun: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k mRun: [QuickTime Task] "c:\program files\quicktime\QTTask.exe" -atboottime mRun: [iTunesHelper] "c:\program files\itunes\iTunesHelper.exe" mRun: [sunJavaUpdateSched] "c:\program files\java\jre6\bin\jusched.exe" mRun: [update] c:\documents and settings\philip and jacqui\application data\microsoft\Update.exe dRun: [CTFMON.EXE] c:\windows\system32\CTFMON.EXE StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\hpdigi~1.lnk - c:\program files\hp\digital imaging\bin\hpqtra08.exe StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\hpimag~1.lnk - c:\program files\hp\digital imaging\bin\hpqthb08.exe StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\interv~1.lnk - c:\program files\intervideo\common\bin\WinCinemaMgr.exe StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\pictur~1.lnk - c:\program files\sony corporation\picture package\picture package menu\SonyTray.exe IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe IE: {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - {5F7B1267-94A9-47F5-98DB-E99415F33AEC} - c:\program files\windows live\writer\WriterBrowserExtension.dll IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\micros~2\office11\REFIEBAR.DLL IE: {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - {53707962-6F74-2D53-2644-206D7942484F} - c:\program files\spybot - search & destroy\SDHelper.dll LSP: c:\windows\system32\VetRedir.dll DPF: RaptisoftGameLoader - hxxp://www.miniclip.com/hamsterball/raptisoftgameloader.cab DPF: {00B71CFB-6864-4346-A978-C0A14556272C} - hxxp://messenger.zone.msn.com/binary/msgrchkr.cab31267.cab DPF: {05CA9FB0-3E3E-4B36-BF41-0E3A5CAA8CD8} - hxxp://download.microsoft.com/download/e/4/9/e494c802-dd90-4c6b-a074-469358f075a6/OGAControl.cab DPF: {15B782AF-55D8-11D1-B477-006097098764} - hxxp://fpdownload.macromedia.com/get/shockwave/cabs/authorware/awswaxd.cab DPF: {166B1BCA-3F9C-11CF-8075-444553540000} - hxxp://download.macromedia.com/pub/shockwave/cabs/director/sw.cab DPF: {17492023-C23A-453E-A040-C7C580BBF700} - hxxp://go.microsoft.com/fwlink/?linkid=39204 DPF: {20A60F0D-9AFA-4515-A0FD-83BD84642501} - hxxp://messenger.zone.msn.com/binary/msgrchkr.cab56986.cab DPF: {233C1507-6A77-46A4-9443-F871F945D258} - hxxp://download.macromedia.com/pub/shockwave/cabs/director/sw.cab DPF: {3E68E405-C6DE-49FF-83AE-41EE9F4C36CE} - hxxp://office.microsoft.com/officeupdate/content/opuc3.cab DPF: {5D6F45B3-9043-443D-A792-115447494D24} - hxxp://messenger.zone.msn.com/EN-NZ/a-UNO1/GAME_UNO1.cab DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} - hxxp://update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1128378621561 DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} - hxxp://update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1140649777734 DPF: {7B297BFD-85E4-4092-B2AF-16A91B2EA103} - hxxp://www3.ca.com/securityadvisor/virusinfo/webscan.cab DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_17-windows-i586.cab DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} - hxxp://messenger.zone.msn.com/binary/MessengerStatsClient.cab31267.cab DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} - hxxp://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab56907.cab DPF: {C7DB51B4-BCF7-4923-8874-7F1A0DC92277} - hxxp://office.microsoft.com/officeupdate/content/opuc4.cab DPF: {CAFEEFAC-0015-0000-0006-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.5.0/jinstall-1_5_0_06-windows-i586.cab DPF: {CAFEEFAC-0015-0000-0009-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.5.0/jinstall-1_5_0_09-windows-i586.cab DPF: {CAFEEFAC-0015-0000-0011-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.5.0/jinstall-1_5_0_11-windows-i586.cab DPF: {CAFEEFAC-0016-0000-0001-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_01-windows-i586.cab DPF: {CAFEEFAC-0016-0000-0002-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_02-windows-i586.cab DPF: {CAFEEFAC-0016-0000-0003-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_03-windows-i586.cab DPF: {CAFEEFAC-0016-0000-0006-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_06-windows-i586.cab DPF: {CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_07-windows-i586.cab DPF: {CAFEEFAC-0016-0000-0017-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_17-windows-i586.cab DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_17-windows-i586.cab DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} - hxxp://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab DPF: {E6BB2089-163F-466B-812A-748096614DFD} - hxxp://cainternetsecurity.net/scanner/cascanner.cab Filter: x-sdch - {B1759355-3EEC-4C1E-B0F1-B719FE26E377} - c:\program files\google\google toolbar\component\fastsearch_A8904FB862BD9564.dll Handler: cetihpz - {CF184AD3-CDCB-4168-A3F7-8E447D129300} - c:\program files\hp\hpcoretech\comp\hpuiprot.dll Notify: AtiExtEvent - Ati2evxx.dll Notify: IntelWireless - c:\program files\intel\wireless\bin\LgNotify.dll Notify: PFW - UmxWnp.Dll Hosts: 127.0.0.1 www.spywareinfo.com Hosts: 10.1.1.3 HP000D9D041787 ============= SERVICES / DRIVERS =============== R0 KmxStart;KmxStart;c:\windows\system32\drivers\KmxStart.sys [2009-1-5 107512] R0 Lbd;Lbd;c:\windows\system32\drivers\Lbd.sys [2009-2-16 64160] R1 KmxAgent;KmxAgent;c:\windows\system32\drivers\KmxAgent.sys [2008-11-18 72696] R1 VET-FILT;VET File System Filter;c:\windows\system32\drivers\vet-filt.sys [2009-4-23 26352] R1 VET-REC;VET File System Recognizer;c:\windows\system32\drivers\vet-rec.sys [2009-4-23 21104] R1 VETEFILE;VET File Scan Engine;c:\windows\system32\drivers\vetefile.sys [2009-4-23 739696] R1 VETFDDNT;VET Floppy Boot Sector Monitor;c:\windows\system32\drivers\vetfddnt.sys [2009-4-23 21488] R1 VETMONNT;VET File Monitor;c:\windows\system32\drivers\vetmonnt.sys [2009-4-23 161008] R2 CAISafe;CAISafe;c:\program files\ca\ca internet security suite\ca anti-virus\isafe.exe [2007-5-11 144696] R2 ccSchedulerSVC;CA Common Scheduler Service;c:\program files\ca\ca internet security suite\ccschedulersvc.exe [2009-4-23 128240] R3 KmxCfg;KmxCfg;c:\windows\system32\drivers\KmxCfg.sys [2008-12-12 205304] R3 VETEBOOT;VET Boot Scan Engine;c:\windows\system32\drivers\veteboot.sys [2009-4-23 133520] S3 Slazldrv;SmartLink AMR_PCI Driver;c:\windows\system32\drivers\sldrv\slazldrv.sys [2005-8-16 230448] =============== Created Last 30 ================ 2010-01-25 03:12:28 0 ----a-w- c:\documents and settings\philip and jacqui\defogger_reenable 2010-01-24 08:00:59 0 d-----w- c:\docume~1\philip~1\applic~1\Malwarebytes 2010-01-24 08:00:50 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys 2010-01-24 08:00:48 0 d-----w- c:\docume~1\alluse~1\applic~1\Malwarebytes 2010-01-24 08:00:42 19160 ----a-w- c:\windows\system32\drivers\mbam.sys 2010-01-24 08:00:41 0 d-----w- C:\Malwarebytes' Anti-Malware 2010-01-24 04:24:39 471552 -c----w- c:\windows\system32\dllcache\aclayers.dll 2010-01-10 07:25:25 0 dc-h--w- c:\windows\ie8 2010-01-09 21:45:51 0 dc-h--w- c:\docume~1\alluse~1\applic~1\{BC9FCCF7-E686-494B-8C9B-55C9A39A7CA9} ==================== Find3M ==================== 2009-12-28 02:27:01 39 ----a-w- c:\documents and settings\philip and jacqui\jagex_runescape_preferences.dat 2009-12-28 02:15:53 69 ----a-w- c:\documents and settings\philip and jacqui\jagex_runescape_preferences2.dat 2009-12-21 19:14:05 916480 ----a-w- c:\windows\system32\wininet.dll 2009-12-08 21:26:54 98304 ----a-w- c:\windows\system32\CmdLineExt.dll 2009-11-26 19:41:17 111856 ----a-w- c:\windows\system32\isafprod.dll 2009-11-04 07:10:55 36824 ---ha-w- c:\windows\system32\mlfcache.dat 2008-05-27 21:36:50 87400 ----a-w- c:\program files\UnHyCam2.exe 2008-05-27 21:36:48 882000 ----a-w- c:\program files\HyCam2.exe 2008-05-22 23:08:30 3271 ----a-w- c:\program files\agreement.txt 2007-12-19 01:46:57 114549 ----a-w- c:\program files\HyCam2.chm 2007-10-22 03:09:39 106496 ----a-w- c:\program files\CamRes2.dll 2007-09-27 02:31:44 5272 ----a-w- c:\program files\HyCam2.tlb 2007-08-11 06:15:12 57344 ----a-w- c:\program files\MClick2.dll 2004-05-05 00:57:28 2018 ----a-w- c:\program files\readme.txt 2004-04-16 02:07:26 675 ----a-w- c:\program files\HyCam2.cnt 1999-06-23 23:49:50 421 ----a-w- c:\program files\8-44100u.wav 1999-06-23 23:49:16 587 ----a-w- c:\program files\8-44100d.wav 1999-06-23 23:47:52 225 ----a-w- c:\program files\8-22050u.wav 1999-06-23 23:47:28 317 ----a-w- c:\program files\8-22050d.wav 1999-06-23 23:46:30 135 ----a-w- c:\program files\8-11025u.wav 1999-06-23 23:46:04 183 ----a-w- c:\program files\8-11025d.wav 1999-06-23 23:44:02 127 ----a-w- c:\program files\8-8000u.wav 1999-06-23 23:43:36 151 ----a-w- c:\program files\8-8000d.wav 1999-06-23 23:41:20 220 ----a-w- c:\program files\16-8000u.wav 1999-06-23 23:40:52 260 ----a-w- c:\program files\16-8000d.wav 1999-06-23 23:38:30 956 ----a-w- c:\program files\16-44100u.wav 1999-06-23 23:37:56 1186 ----a-w- c:\program files\16-44100d.wav 1999-06-23 23:34:48 442 ----a-w- c:\program files\16-22050u.wav 1999-06-23 23:34:12 652 ----a-w- c:\program files\16-22050d.wav 1999-06-23 22:54:34 340 ----a-w- c:\program files\16-11025d.wav 1999-06-23 22:50:14 326 ----a-w- c:\program files\16-11025u.wav 2008-10-29 19:35:30 32768 --sha-w- c:\windows\system32\config\systemprofile\local settings\history\history.ie5\mshist012008103020081031\index.dat ============= FINISH: 16:33:50.67 =============== Attach.zip