Tech Support Forum - View Single Post

Morty 269 · 10-07-2007, 09:41 AM

Hi, I have a virus or viruses on my PC. I really hope you can help as i have no idea what to do next if you cant....

When reading the message left by 'Kevin He' on : 10-05-2007, 03:44 AM, entitled XP Support:Virus.

I feel i have exactly the same virus, I have cut and past his note below:-
-------------------------------

"Hello.

There has been a recurring virus ever since i downloaded an "Active X" thing. I use Avira and at the beginning of my computer start, i recieve a message that there is a virus in my computer. Whether i click delete or access deny or nothing at all, here's what happens:

-Avira Popped up: Here's what it said:

A virus or unwanted program was found! What should happen with the file?

C:\Documents and Settings\"myuser"\...\tmp6.tmp
Contains detection pattern of the VBS script virus VBS/Click.A

Then it gives me options that do nothing. I always click "delete"

1. A "Windows Security Alert" Window will show up. Here's what it says:

Windows has detected an Internet attack attempt...
Somebody's trying to infect your PC with spyware or harmful viruses. Run full system scan now to protect your PC from Internet attacks, hijacking attempts and spyware! Click here to download spyware remover for total protection.

Whether you clikc the ok or the [x], it leads you to a site on IE that doesnt work:

http://privacy.securepccleaner.com/M.../574-ERROR404/

it says: 0 unable to connect to DB

2. a "spyware alert" will pop up:

Security warning!

Trojan.W32.Looksky detected on your machine. This virus is distributed via the internet through Internet and Active-X object...
Click here to delete it!
Then here it shows specs which i forget.
It does say virus danger level: 5

After that, the cycle repeats and there is a flashing x in my little quick programs thing in the lower right corner with avira icon and stuff. it flashes and says some warnings. When i click on it to remove it or whatever, no menu pops up and nothing happens. It's to the right of comodo.

Please send me help! I need to fix this.

It's hard to concentrate when it pops up every 5 seconds. Thank you!

Also: a "yourprivacyguard" thing pops up that says a bunch of stuff then says click ok to remove stuff. I never press ok because i don't know if i should.

Please advise!"

-------------------------------

The issue im having sounds Very very similar!

First of all i noticed i had what loooked like a new screen saver with

'YOUR PRIVACY IS IN DANGER' in rough white writing, and below that was
'DOWNLOAD PRICACY PROECTION SOFTWARE NOW' in red writing in a white box.

OVER A RED BACKGROUND WITH A BIG ROUNDISH SYMBOL THAT LOOKS LIKE A BIOLOGICAL WARNING BADGE.

Hopefully that sounds familiar to you.

Then i keep getting Pop up's every couple of seconds.

One from 'Spyware Alert' saying

Security warning!

Trojan.W32.Looksky detected on your machine. This virus is distributed via the internet through Internet and Active-X object...
Recommendations: Click Yes to remove it from your PC immediately
Then here it shows specs which i forget.
It does say virus danger level: 5

(So ive been clicking NO.)

Then i get ones from ultimate defender with the same warning as above.

http://www.udefender.net/freeware/4/...=&lndid=18&p=1

Then i get a white X in a red coloured circle in the toolbar box thing on the bottom right of my screen just like the other guy.

and i get the following just like the other guy:-

-----------------------------

1. A "Windows Security Alert" Window will show up. Here's what it says:

Windows has detected an Internet attack attempt...
Somebody's trying to infect your PC with spyware or harmful viruses. Run full system scan now to protect your PC from Internet attacks, hijacking attempts and spyware! Click here to download spyware remover for total protection.

------------------------

Ive done the 5 step process you recommend but wasnt able to do step 2.

I have cut and past the full screen scan below, as well as the minimised one as instructed.

Deckard's System Scanner v20070905.67
Run by Mark on 2007-10-07 15:23:52
Computer is in Normal Mode.
--------------------------------------------------------------------------------

-- System Restore --------------------------------------------------------------

Successfully created a Deckard's System Scanner Restore Point.

-- Last 5 Restore Point(s) --
18: 2007-10-07 14:23:57 UTC - RP271 - Deckard's System Scanner Restore Point
17: 2007-10-05 17:29:12 UTC - RP270 - System Checkpoint
16: 2007-10-04 14:17:15 UTC - RP269 - Installed Sony Ericsson PC Suite
15: 2007-10-02 20:19:05 UTC - RP268 - Configured Hoyle Table Games 2004
14: 2007-10-02 20:18:14 UTC - RP267 - Configured Hoyle Casino 2004

-- First Restore Point --
1: 2007-09-05 09:26:32 UTC - RP254 - Software Distribution Service 3.0

Backed up registry hives.
Performed disk cleanup.

-- HijackThis (run as Mark.exe) ------------------------------------------------

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 15:28:08, on 07/10/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16512)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Common Files\Symantec Shared\ccProxy.exe
C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe
C:\Program Files\Norton Internet Security\Norton AntiVirus\navapsvc.exe
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\Program Files\TalkTalk\bin\sprtcmd.exe
C:\Program Files\Thomson\SpeedTouch USB\Dragdiag.exe
C:\Program Files\CyberLink DVD Solution\PowerDVD\PDVDServ.exe
C:\WINDOWS\system32\RUNDLL32.EXE
C:\Program Files\QuickTime\qttask.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
C:\Program Files\Sony Ericsson\Mobile2\Application Launcher\Application Launcher.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\Program Files\Messenger\msmsgs.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
C:\Program Files\SAGEM\SAGEM F@st 800-840\dslmon.exe
C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe
C:\Program Files\Freecom Personal Media Suite\FCPMS.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\Common Files\Teleca Shared\Generic.exe
C:\Program Files\Sony Ericsson\Mobile2\Mobile Phone Monitor\epmworker.exe
C:\Program Files\HP\Digital Imaging\bin\hpqSTE08.exe
C:\Program Files\Common Files\Symantec Shared\Security Console\NSCSRVCE.EXE
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\Program Files\Internet Explorer\iexplore.exe
C:\Documents and Settings\Mark\Local Settings\Temporary Internet Files\Content.IE5\91P5QQFE\dss[1].exe
C:\PROGRA~1\TRENDM~1\HIJACK~1\Mark.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://www.talktalk.co.uk/
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: MSVPS System - {3ADCBC16-19FA-4C59-9C22-E17C71B5FD7A} - C:\WINDOWS\bndsronw.dll
O2 - BHO: Norton Internet Security 2006 - {9ECB9560-04F9-4bbc-943D-298DDF1699E1} - C:\Program Files\Common Files\Symantec Shared\AdBlocking\NISShExt.dll
O2 - BHO: NAV Helper - {A8F38D8D-E480-4D52-B7A2-731BB6995FDD} - C:\Program Files\Norton Internet Security\Norton AntiVirus\NavShExt.dll
O3 - Toolbar: Norton Internet Security 2006 - {0B53EAC3-8D69-4b9e-9B19-A37C9A5676A7} - C:\Program Files\Common Files\Symantec Shared\AdBlocking\NISShExt.dll
O3 - Toolbar: Norton AntiVirus - {C4069E3A-68F1-403E-B40E-20066696354B} - C:\Program Files\Norton Internet Security\Norton AntiVirus\NavShExt.dll
O3 - Toolbar: The netadv - {ABF529BE-6245-465A-BBD4-238C4EAB0F0A} - C:\WINDOWS\netadv.dll
O4 - HKLM\..\Run: [OemReset] %systemroot%\OPTIONS\OEMRESET.EXE /AUDIT
O4 - HKLM\..\Run: [Cmaudio] RunDll32 cmicnfg.cpl,CMICtrlWnd
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [TalkTalk] "C:\Program Files\TalkTalk\bin\sprtcmd.exe" /P TalkTalk
O4 - HKLM\..\Run: [SpeedTouch USB Diagnostics] "C:\Program Files\Thomson\SpeedTouch USB\Dragdiag.exe" /icon
O4 - HKLM\..\Run: [RemoteControl] "C:\Program Files\CyberLink DVD Solution\PowerDVD\PDVDServ.exe"
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [adiras] adiras.exe
O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
O4 - HKLM\..\Run: [Symantec PIF AlertEng] "C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe" /a /m "C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\AlertEng.dll"
O4 - HKLM\..\Run: [Sony Ericsson PC Suite] "C:\Program Files\Sony Ericsson\Mobile2\Application Launcher\Application Launcher.exe" /startoptions
O4 - HKCU\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\System32\NVMCTRAY.DLL,NvTaskbarInit
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'Default user')
O4 - Startup: Freecom Personal Media Suite.lnk = C:\Program Files\Freecom Personal Media Suite\FCPMS.exe
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: DSLMON.lnk = C:\Program Files\SAGEM\SAGEM F@st 800-840\dslmon.exe
O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office\OSA9.EXE
O9 - Extra button: Ladbrokes Poker - {C2A80015-C447-4dc4-82DD-AED83D6ED57E} - C:\Microgaming\Poker\ladbrokesMPP\MPPoker.exe
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windowsu...?1156716601717
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsof...?1156716699810
O16 - DPF: {CF40ACC5-E1BB-4AFF-AC72-04C2F616BCA7} (get_atlcom Class) - http://www.adobe.com/products/acrobat/nos/gp.cab
O16 - DPF: {D8089245-3211-40F6-819B-9E5E92CD61A2} (FlashXControl Object) - https://flashpoker.ladbrokes.com/ladbrokes/FlashAX.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{8DF91D0E-AFE5-46B6-A315-6C6875C54D48}: NameServer = 212.139.132.21 212.139.132.20
O21 - SSODL: msvb - {5F3316F8-DDD2-4B1A-BAE8-1994CD1699D0} - C:\WINDOWS\msvb.dll
O21 - SSODL: sysdx - {FEBEEB9E-B81C-4FCD-AA80-2AB281B777CE} - C:\WINDOWS\sysdx.dll
O23 - Service: Automatic LiveUpdate Scheduler - Symantec Corporation - C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
O23 - Service: Symantec Internet Security Password Validation (ccISPwdSvc) - Symantec Corporation - C:\Program Files\Norton Internet Security\ccPwdSvc.exe
O23 - Service: Symantec Network Proxy (ccProxy) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccProxy.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
O23 - Service: COM Host (comHost) - Symantec Corporation - C:\Program Files\Norton Internet Security\comHost.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1150\Intel 32\IDriverT.exe
O23 - Service: iPod Service - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: LiveUpdate - Symantec Corporation - C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE
O23 - Service: LiveUpdate Notice Service - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe
O23 - Service: Norton AntiVirus Auto-Protect Service (navapsvc) - Symantec Corporation - C:\Program Files\Norton Internet Security\Norton AntiVirus\navapsvc.exe
O23 - Service: Norton Protection Center Service (NSCService) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\Security Console\NSCSRVCE.EXE
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: Symantec AVScan (SAVScan) - Symantec Corporation - C:\Program Files\Norton Internet Security\Norton AntiVirus\SAVScan.exe

--
End of file - 9732 bytes

-- File Associations -----------------------------------------------------------

All associations okay.

-- Drivers: 0-Boot, 1-System, 2-Auto, 3-Demand, 4-Disabled ---------------------

R0 sfdrv01 (StarForce Protection Environment Driver (version 1.x)) - c:\windows\system32\drivers\sfdrv01.sys <Not Verified; Protection Technology; StarForce Protection System>
R0 sfhlp02 (StarForce Protection Helper Driver (version 2.x)) - c:\windows\system32\drivers\sfhlp02.sys <Not Verified; Protection Technology; StarForce Protection System>
R0 sfsync02 (StarForce Protection Synchronization Driver (version 2.x)) - c:\windows\system32\drivers\sfsync02.sys <Not Verified; Protection Technology; StarForce Protection System>
R0 sfsync03 (StarForce Protection Synchronization Driver (version 3.x)) - c:\windows\system32\drivers\sfsync03.sys <Not Verified; Protection Technology; StarForce Protection System>
R0 sfvfs02 (StarForce Protection VFS Driver (version 2.x)) - c:\windows\system32\drivers\sfvfs02.sys <Not Verified; Protection Technology; StarForce Protection System>
R3 Bonifay - c:\windows\system32\drivers\bonifay.sys <Not Verified; Freecom; Bonifay>
R3 pfc (Padus ASPI Shell) - c:\windows\system32\drivers\pfc.sys <Not Verified; Padus, Inc.; Padus(R) ASPI Shell>

S3 ENTECH - c:\windows\system32\drivers\entech.sys <Not Verified; EnTech Taiwan; PowerStrip>
S3 Gonzales - c:\windows\system32\drivers\gonzales.sys <Not Verified; Freecom; Gonzales>
S3 SaiMini - c:\windows\system32\drivers\saimini.sys <Not Verified; Saitek; Configuration Software>
S3 SaiNtBus - c:\windows\system32\drivers\saibus.sys <Not Verified; Saitek; Configuration Software>
S3 ss_bus (Samsung Mobile USB Device 1.0 driver (WDM)) - c:\windows\system32\drivers\ss_bus.sys <Not Verified; MCCI; Samsung Mobile USB Device 1.0>
S3 ss_mdfl (SAMSUNG Mobile USB Modem 1.0 Filter) - c:\windows\system32\drivers\ss_mdfl.sys <Not Verified; MCCI; SAMSUNG Mobile USB Modem 1.0 Filter>
S3 ss_mdm (SAMSUNG Mobile USB Modem 1.0 Drivers) - c:\windows\system32\drivers\ss_mdm.sys <Not Verified; MCCI; SAMSUNG Mobile USB Modem 1.0>
S3 wceusbsh (Windows CE USB Serial Host Driver) - c:\windows\system32\drivers\wceusbsh.sys <Not Verified; Microsoft Corporation; Windows CE USB Serial Host Driver>

-- Services: 0-Boot, 1-System, 2-Auto, 3-Demand, 4-Disabled --------------------

S3 SM_SPP-2030_FUService (SPP-2040 Status Monitor Service) - "c:\program files\samsung\samsung spp-2040 series\commonsm\ssmsrvc /service (file missing)

-- Device Manager: Disabled ----------------------------------------------------

Class GUID:
Description: PCI Input Device
Device ID: PCI\VEN_1102&DEV_7003&SUBSYS_00401102&REV_04\4&1F7DBC9F&0&61F0
Manufacturer:
Name: PCI Input Device
PNP Device ID: PCI\VEN_1102&DEV_7003&SUBSYS_00401102&REV_04\4&1F7DBC9F&0&61F0
Service:

-- Scheduled Tasks -------------------------------------------------------------

2007-10-01 22:49:10 300 --a------ C:\WINDOWS\Tasks\WebReg Deskjet F4100 series.job
2007-09-28 20:00:00 546 --a------ C:\WINDOWS\Tasks\Norton AntiVirus - Run Full System Scan - Paul.job
2007-02-19 14:57:49 284 --a------ C:\WINDOWS\Tasks\AppleSoftwareUpdate.job

-- Files created between 2007-09-07 and 2007-10-07 -----------------------------

2007-10-07 15:26:18 0 d-------- C:\Program Files\Trend Micro
2007-10-07 14:27:06 0 d-------- C:\ie-spyad_zo
2007-10-07 14:09:17 0 d-------- C:\Program Files\SpywareBlaster
2007-10-06 12:17:09 0 d-------- C:\WINDOWS\privacy_danger
2007-10-05 17:05:13 32256 --a------ C:\WINDOWS\wsremover.exe
2007-10-05 17:05:12 225280 --a------ C:\WINDOWS\sysdx.dll
2007-10-05 17:05:12 75776 --a------ C:\WINDOWS\netadv.dll <Not Verified; ; netadv Module>
2007-10-05 17:05:12 192512 --a------ C:\WINDOWS\msvb.dll <Not Verified; ; msvb>
2007-10-05 17:05:12 245760 --a------ C:\WINDOWS\bndsronw.dll <Not Verified; ; bndsronw>
2007-10-05 17:03:54 0 d-------- C:\Program Files\VideoAccessCodec
2007-10-04 15:23:43 0 d-------- C:\Documents and Settings\Mark\Application Data\Teleca
2007-10-04 15:22:55 0 d-------- C:\Documents and Settings\Mark\Application Data\Sony Ericsson
2007-10-04 15:17:56 0 d-------- C:\Documents and Settings\All Users\Application Data\Sony Ericsson
2007-10-04 15:17:29 0 d-------- C:\Program Files\Common Files\Sony Ericsson Shared
2007-10-04 15:17:22 0 d-------- C:\Program Files\Common Files\Teleca Shared
2007-10-04 15:17:21 0 d-------- C:\Program Files\Sony Ericsson
2007-10-04 15:17:21 0 d-------- C:\Documents and Settings\All Users\Application Data\Teleca
2007-10-02 18:23:32 0 d-------- C:\Documents and Settings\Mark\Application Data\Printer Info Cache
2007-10-02 18:23:30 0 d-------- C:\Documents and Settings\Mark\Application Data\Image Zone Express
2007-09-18 19:23:50 0 d-------- C:\Documents and Settings\Mark\Application Data\MSN6
2007-09-14 00:51:44 0 d-------- C:\Documents and Settings\Mark\Application Data\AdobeUM
2007-09-14 00:50:10 0 d-------- C:\Program Files\Freecom Backup Software
2007-09-14 00:01:36 73728 --a------ C:\WINDOWS\system32\Zion.dll <Not Verified; Freecom; Freecom SYNC>
2007-09-14 00:01:36 7040 --a------ C:\WINDOWS\system32\drivers\Gonzales.sys <Not Verified; Freecom; Gonzales>
2007-09-14 00:01:36 12160 --a------ C:\WINDOWS\system32\drivers\Bonifay.sys <Not Verified; Freecom; Bonifay>
2007-09-14 00:01:36 0 d-------- C:\Program Files\Freecom Personal Media Suite
2007-09-09 22:49:06 0 d-------- C:\Documents and Settings\All Users\Application Data\WEBREG
2007-09-09 22:48:38 0 d-------- C:\Documents and Settings\Mark\Application Data\HP
2007-09-09 22:44:45 0 d-------- C:\Documents and Settings\All Users\Application Data\HP
2007-09-09 22:43:58 0 d-------- C:\Documents and Settings\All Users\Application Data\HPSSUPPLY
2007-09-09 22:43:28 0 d-------- C:\Program Files\Common Files\HP
2007-09-09 22:40:46 0 d-------- C:\Documents and Settings\All Users\Application Data\Hewlett-Packard
2007-09-09 22:35:13 0 d-------- C:\Program Files\HP
2007-09-09 22:31:26 1470 -----n--- C:\WINDOWS\hpomdl12.dat
2007-09-09 22:31:26 130958 --a------ C:\WINDOWS\hpoins12.dat

-- Find3M Report ---------------------------------------------------------------

2007-10-07 15:25:51 0 d-------- C:\Program Files\Common Files\Symantec Shared
2007-10-07 12:56:21 384 --a------ C:\WINDOWS\system32\DVCStateBkp-{00000002-00000000-0000000C-00001102-00000004-20021102}.dat
2007-10-07 12:56:21 384 --a------ C:\WINDOWS\system32\DVCState-{00000002-00000000-0000000C-00001102-00000004-20021102}.dat
2007-10-06 12:22:17 0 d-------- C:\Program Files\Norton Internet Security
2007-10-04 15:17:29 0 d-------- C:\Program Files\Common Files
2007-10-03 20:19:09 0 d-------- C:\Program Files\Symantec
2007-10-03 15:46:20 0 d--h----- C:\Program Files\InstallShield Installation Information
2007-09-24 17:30:13 0 d-------- C:\Documents and Settings\Mark\Application Data\Microgaming
2007-09-05 10:08:16 0 d-------- C:\Documents and Settings\Mark\Application Data\Adobe

-- Registry Dump ---------------------------------------------------------------

*Note* empty entries & legit default entries are not shown

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{3ADCBC16-19FA-4C59-9C22-E17C71B5FD7A}]
05/10/2007 16:35 245760 --a------ C:\WINDOWS\bndsronw.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"OemReset"="C:\WINDOWS\OPTIONS\OEMRESET.exe" []
"Cmaudio"="cmicnfg.cpl" [24/02/2003 14:50 C:\WINDOWS\CMICNFG.CPL]
"NvCplDaemon"="C:\WINDOWS\system32\NvCpl.dll" [22/10/2006 13:22]
"nwiz"="nwiz.exe" [22/10/2006 13:22 C:\WINDOWS\system32\nwiz.exe]
"ccApp"="C:\Program Files\Common Files\Symantec Shared\ccApp.exe" [22/01/2007 23:19]
"TalkTalk"="C:\Program Files\TalkTalk\bin\sprtcmd.exe" [16/08/2005 00:12]
"SpeedTouch USB Diagnostics"="C:\Program Files\Thomson\SpeedTouch USB\Dragdiag.exe" [26/01/2004 12:38]
"RemoteControl"="C:\Program Files\CyberLink DVD Solution\PowerDVD\PDVDServ.exe" [28/06/2004 22:29]
"NvMediaCenter"="C:\WINDOWS\system32\NvMcTray.dll" [22/10/2006 13:22]
"QuickTime Task"="C:\Program Files\QuickTime\qttask.exe" [25/10/2006 19:58]
"iTunesHelper"="C:\Program Files\iTunes\iTunesHelper.exe" [30/10/2006 10:36]
"adiras"="adiras.exe" []
"HP Software Update"="C:\Program Files\HP\HP Software Update\HPWuSchd2.exe" [10/12/2006 21:52]
"Symantec PIF AlertEng"="C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe" [12/03/2007 18:30]
"Sony Ericsson PC Suite"="C:\Program Files\Sony Ericsson\Mobile2\Application Launcher\Application Launcher.exe" [26/01/2007 13:36]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"NvMediaCenter"="C:\WINDOWS\System32\NVMCTRAY.DLL,NvTaskbarInit" []
"MSMSGS"="C:\Program Files\Messenger\msmsgs.exe" [13/10/2004 17:24]
"ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [04/08/2004 08:56]

C:\Documents and Settings\Mark\Start Menu\Programs\Startup\
Freecom Personal Media Suite.lnk - C:\Program Files\Freecom Personal Media Suite\FCPMS.exe [14/09/2007 00:01:36]

C:\Documents and Settings\All Users\Start Menu\Programs\Startup\
Adobe Reader Speed Launch.lnk - C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe [23/09/2005 23:05:26]
DSLMON.lnk - C:\Program Files\SAGEM\SAGEM F@st 800-840\dslmon.exe [28/04/2007 19:08:37]
HP Digital Imaging Monitor.lnk - C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe [02/01/2007 21:40:10]
Microsoft Office.lnk - C:\Program Files\Microsoft Office\Office\OSA9.EXE [17/02/1999 13:05:56]

[HKEY_CURRENT_USER\software\microsoft\internet explorer\desktop\components\1]
Source= file:///C:\WINDOWS\privacy_danger\index.htm
FriendlyName= Privacy Protection

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad]
"msvb"= {5F3316F8-DDD2-4B1A-BAE8-1994CD1699D0} - C:\WINDOWS\msvb.dll [05/10/2007 16:35 192512]
"sysdx"= {FEBEEB9E-B81C-4FCD-AA80-2AB281B777CE} - C:\WINDOWS\sysdx.dll [05/10/2007 16:35 225280]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\vds]
@="Service"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\{533C5B84-EC70-11D2-9505-00C04F79DEAF}]
@="Volume shadow copy"

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
HPZ12 Pml Driver HPZ12 Net Driver HPZ12
hpdevmgmt hpqcxs08 hpqddsvc

*Newly Created Service* - COMHOST

-- End of Deckard's System Scanner: finished at 2007-10-07 15:30:49 ------------

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

Deckard's System Scanner v20070905.67
Extra logfile - please post this as an attachment with your post.
--------------------------------------------------------------------------------

-- System Information ----------------------------------------------------------

Microsoft Windows XP Home Edition (build 2600) SP 2.0
Architecture: X86; Language: English

CPU 0: Intel(R) Pentium(R) 4 CPU 3.06GHz
CPU 1: Intel(R) Pentium(R) 4 CPU 3.06GHz
Percentage of Memory in Use: 46%
Physical Memory (total/avail): 1279.48 MiB / 682.64 MiB
Pagefile Memory (total/avail): 2669.09 MiB / 2195.36 MiB
Virtual Memory (total/avail): 2047.88 MiB / 1948.64 MiB

A: is Removable (No Media)
C: is Fixed (NTFS) - 148.93 GiB total, 136.54 GiB free.
D: is CDROM (No Media)
E: is CDROM (No Media)

\\.\PHYSICALDRIVE0 - WDC WD1600BB-22DAA0 - 149.05 GiB - 1 partition
\PARTITION0 (bootable) - Installable File System - 148.93 GiB - C:

-- Security Center -------------------------------------------------------------

AUOptions is scheduled to auto-install.
Windows Internal Firewall is disabled.

FW: Norton Internet Worm Protection v2006 (Symantec) Disabled
FW: Norton Internet Security 2006 v2006 (Symantec Corporation)
AV: Norton Internet Security 2006 v2006 (Symantec Corporation)

[HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"="%windir%\\system32\\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"%windir%\\Network Diagnostic\\xpnetdiag.exe"="%windir%\\Network Diagnostic\\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"
"C:\\Program Files\\MSN Messenger\\msnmsgr.exe"="C:\\Program Files\\MSN Messenger\\msnmsgr.exe:*:Enabled:Windows Live Messenger 8.1"
"C:\\Program Files\\MSN Messenger\\livecall.exe"="C:\\Program Files\\MSN Messenger\\livecall.exe:*:Enabled:Windows Live Messenger 8.1 (Phone)"

PLEASE HELP!!!!!!

10-07-2007, 09:41 AM	#1 (permalink)
Morty 269 Registered User Join Date: Oct 2007 Posts: 10 OS: XP	XP Support: Virus [Moved from Windows] Hi, I have a virus or viruses on my PC. I really hope you can help as i have no idea what to do next if you cant.... When reading the message left by 'Kevin He' on : 10-05-2007, 03:44 AM, entitled XP Support:Virus. I feel i have exactly the same virus, I have cut and past his note below:- ------------------------------- "Hello. There has been a recurring virus ever since i downloaded an "Active X" thing. I use Avira and at the beginning of my computer start, i recieve a message that there is a virus in my computer. Whether i click delete or access deny or nothing at all, here's what happens: -Avira Popped up: Here's what it said: A virus or unwanted program was found! What should happen with the file? C:\Documents and Settings\"myuser"\...\tmp6.tmp Contains detection pattern of the VBS script virus VBS/Click.A Then it gives me options that do nothing. I always click "delete" 1. A "Windows Security Alert" Window will show up. Here's what it says: Windows has detected an Internet attack attempt... Somebody's trying to infect your PC with spyware or harmful viruses. Run full system scan now to protect your PC from Internet attacks, hijacking attempts and spyware! Click here to download spyware remover for total protection. Whether you clikc the ok or the [x], it leads you to a site on IE that doesnt work: http://privacy.securepccleaner.com/M.../574-ERROR404/ it says: 0 unable to connect to DB 2. a "spyware alert" will pop up: Security warning! Trojan.W32.Looksky detected on your machine. This virus is distributed via the internet through Internet and Active-X object... Click here to delete it! Then here it shows specs which i forget. It does say virus danger level: 5 After that, the cycle repeats and there is a flashing x in my little quick programs thing in the lower right corner with avira icon and stuff. it flashes and says some warnings. When i click on it to remove it or whatever, no menu pops up and nothing happens. It's to the right of comodo. Please send me help! I need to fix this. It's hard to concentrate when it pops up every 5 seconds. Thank you! Also: a "yourprivacyguard" thing pops up that says a bunch of stuff then says click ok to remove stuff. I never press ok because i don't know if i should. Please advise!" ------------------------------- The issue im having sounds Very very similar! First of all i noticed i had what loooked like a new screen saver with 'YOUR PRIVACY IS IN DANGER' in rough white writing, and below that was 'DOWNLOAD PRICACY PROECTION SOFTWARE NOW' in red writing in a white box. OVER A RED BACKGROUND WITH A BIG ROUNDISH SYMBOL THAT LOOKS LIKE A BIOLOGICAL WARNING BADGE. Hopefully that sounds familiar to you. Then i keep getting Pop up's every couple of seconds. One from 'Spyware Alert' saying Security warning! Trojan.W32.Looksky detected on your machine. This virus is distributed via the internet through Internet and Active-X object... Recommendations: Click Yes to remove it from your PC immediately Then here it shows specs which i forget. It does say virus danger level: 5 (So ive been clicking NO.) Then i get ones from ultimate defender with the same warning as above. http://www.udefender.net/freeware/4/...=&lndid=18&p=1 Then i get a white X in a red coloured circle in the toolbar box thing on the bottom right of my screen just like the other guy. and i get the following just like the other guy:- ----------------------------- 1. A "Windows Security Alert" Window will show up. Here's what it says: Windows has detected an Internet attack attempt... Somebody's trying to infect your PC with spyware or harmful viruses. Run full system scan now to protect your PC from Internet attacks, hijacking attempts and spyware! Click here to download spyware remover for total protection. ------------------------ Ive done the 5 step process you recommend but wasnt able to do step 2. I have cut and past the full screen scan below, as well as the minimised one as instructed. Deckard's System Scanner v20070905.67 Run by Mark on 2007-10-07 15:23:52 Computer is in Normal Mode. -------------------------------------------------------------------------------- -- System Restore -------------------------------------------------------------- Successfully created a Deckard's System Scanner Restore Point. -- Last 5 Restore Point(s) -- 18: 2007-10-07 14:23:57 UTC - RP271 - Deckard's System Scanner Restore Point 17: 2007-10-05 17:29:12 UTC - RP270 - System Checkpoint 16: 2007-10-04 14:17:15 UTC - RP269 - Installed Sony Ericsson PC Suite 15: 2007-10-02 20:19:05 UTC - RP268 - Configured Hoyle Table Games 2004 14: 2007-10-02 20:18:14 UTC - RP267 - Configured Hoyle Casino 2004 -- First Restore Point -- 1: 2007-09-05 09:26:32 UTC - RP254 - Software Distribution Service 3.0 Backed up registry hives. Performed disk cleanup. -- HijackThis (run as Mark.exe) ------------------------------------------------ Logfile of Trend Micro HijackThis v2.0.2 Scan saved at 15:28:08, on 07/10/2007 Platform: Windows XP SP2 (WinNT 5.01.2600) MSIE: Internet Explorer v7.00 (7.00.6000.16512) Boot mode: Normal Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\system32\spoolsv.exe C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe C:\WINDOWS\Explorer.EXE C:\Program Files\Common Files\Symantec Shared\ccProxy.exe C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe C:\WINDOWS\system32\svchost.exe C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe C:\Program Files\Norton Internet Security\Norton AntiVirus\navapsvc.exe C:\Program Files\Common Files\Symantec Shared\ccApp.exe C:\Program Files\TalkTalk\bin\sprtcmd.exe C:\Program Files\Thomson\SpeedTouch USB\Dragdiag.exe C:\Program Files\CyberLink DVD Solution\PowerDVD\PDVDServ.exe C:\WINDOWS\system32\RUNDLL32.EXE C:\Program Files\QuickTime\qttask.exe C:\Program Files\iTunes\iTunesHelper.exe C:\WINDOWS\System32\svchost.exe C:\Program Files\HP\HP Software Update\HPWuSchd2.exe C:\Program Files\Sony Ericsson\Mobile2\Application Launcher\Application Launcher.exe C:\WINDOWS\system32\nvsvc32.exe C:\Program Files\Messenger\msmsgs.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\system32\ctfmon.exe C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe C:\Program Files\SAGEM\SAGEM F@st 800-840\dslmon.exe C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe C:\Program Files\Freecom Personal Media Suite\FCPMS.exe C:\WINDOWS\System32\svchost.exe C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe C:\Program Files\iPod\bin\iPodService.exe C:\Program Files\Common Files\Teleca Shared\Generic.exe C:\Program Files\Sony Ericsson\Mobile2\Mobile Phone Monitor\epmworker.exe C:\Program Files\HP\Digital Imaging\bin\hpqSTE08.exe C:\Program Files\Common Files\Symantec Shared\Security Console\NSCSRVCE.EXE C:\Program Files\Internet Explorer\IEXPLORE.EXE C:\Program Files\Internet Explorer\iexplore.exe C:\Documents and Settings\Mark\Local Settings\Temporary Internet Files\Content.IE5\91P5QQFE\dss[1].exe C:\PROGRA~1\TRENDM~1\HIJACK~1\Mark.exe R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896 R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://www.talktalk.co.uk/ O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll O2 - BHO: MSVPS System - {3ADCBC16-19FA-4C59-9C22-E17C71B5FD7A} - C:\WINDOWS\bndsronw.dll O2 - BHO: Norton Internet Security 2006 - {9ECB9560-04F9-4bbc-943D-298DDF1699E1} - C:\Program Files\Common Files\Symantec Shared\AdBlocking\NISShExt.dll O2 - BHO: NAV Helper - {A8F38D8D-E480-4D52-B7A2-731BB6995FDD} - C:\Program Files\Norton Internet Security\Norton AntiVirus\NavShExt.dll O3 - Toolbar: Norton Internet Security 2006 - {0B53EAC3-8D69-4b9e-9B19-A37C9A5676A7} - C:\Program Files\Common Files\Symantec Shared\AdBlocking\NISShExt.dll O3 - Toolbar: Norton AntiVirus - {C4069E3A-68F1-403E-B40E-20066696354B} - C:\Program Files\Norton Internet Security\Norton AntiVirus\NavShExt.dll O3 - Toolbar: The netadv - {ABF529BE-6245-465A-BBD4-238C4EAB0F0A} - C:\WINDOWS\netadv.dll O4 - HKLM\..\Run: [OemReset] %systemroot%\OPTIONS\OEMRESET.EXE /AUDIT O4 - HKLM\..\Run: [Cmaudio] RunDll32 cmicnfg.cpl,CMICtrlWnd O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup O4 - HKLM\..\Run: [nwiz] nwiz.exe /install O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe" O4 - HKLM\..\Run: [TalkTalk] "C:\Program Files\TalkTalk\bin\sprtcmd.exe" /P TalkTalk O4 - HKLM\..\Run: [SpeedTouch USB Diagnostics] "C:\Program Files\Thomson\SpeedTouch USB\Dragdiag.exe" /icon O4 - HKLM\..\Run: [RemoteControl] "C:\Program Files\CyberLink DVD Solution\PowerDVD\PDVDServ.exe" O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe" O4 - HKLM\..\Run: [adiras] adiras.exe O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\HP\HP Software Update\HPWuSchd2.exe O4 - HKLM\..\Run: [Symantec PIF AlertEng] "C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe" /a /m "C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\AlertEng.dll" O4 - HKLM\..\Run: [Sony Ericsson PC Suite] "C:\Program Files\Sony Ericsson\Mobile2\Application Launcher\Application Launcher.exe" /startoptions O4 - HKCU\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\System32\NVMCTRAY.DLL,NvTaskbarInit O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SYSTEM') O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'Default user') O4 - Startup: Freecom Personal Media Suite.lnk = C:\Program Files\Freecom Personal Media Suite\FCPMS.exe O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe O4 - Global Startup: DSLMON.lnk = C:\Program Files\SAGEM\SAGEM F@st 800-840\dslmon.exe O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office\OSA9.EXE O9 - Extra button: Ladbrokes Poker - {C2A80015-C447-4dc4-82DD-AED83D6ED57E} - C:\Microgaming\Poker\ladbrokesMPP\MPPoker.exe O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windowsu...?1156716601717 O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsof...?1156716699810 O16 - DPF: {CF40ACC5-E1BB-4AFF-AC72-04C2F616BCA7} (get_atlcom Class) - http://www.adobe.com/products/acrobat/nos/gp.cab O16 - DPF: {D8089245-3211-40F6-819B-9E5E92CD61A2} (FlashXControl Object) - https://flashpoker.ladbrokes.com/ladbrokes/FlashAX.cab O17 - HKLM\System\CCS\Services\Tcpip\..\{8DF91D0E-AFE5-46B6-A315-6C6875C54D48}: NameServer = 212.139.132.21 212.139.132.20 O21 - SSODL: msvb - {5F3316F8-DDD2-4B1A-BAE8-1994CD1699D0} - C:\WINDOWS\msvb.dll O21 - SSODL: sysdx - {FEBEEB9E-B81C-4FCD-AA80-2AB281B777CE} - C:\WINDOWS\sysdx.dll O23 - Service: Automatic LiveUpdate Scheduler - Symantec Corporation - C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe O23 - Service: Symantec Internet Security Password Validation (ccISPwdSvc) - Symantec Corporation - C:\Program Files\Norton Internet Security\ccPwdSvc.exe O23 - Service: Symantec Network Proxy (ccProxy) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccProxy.exe O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe O23 - Service: COM Host (comHost) - Symantec Corporation - C:\Program Files\Norton Internet Security\comHost.exe O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1150\Intel 32\IDriverT.exe O23 - Service: iPod Service - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe O23 - Service: LiveUpdate - Symantec Corporation - C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE O23 - Service: LiveUpdate Notice Service - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe O23 - Service: Norton AntiVirus Auto-Protect Service (navapsvc) - Symantec Corporation - C:\Program Files\Norton Internet Security\Norton AntiVirus\navapsvc.exe O23 - Service: Norton Protection Center Service (NSCService) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\Security Console\NSCSRVCE.EXE O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe O23 - Service: Symantec AVScan (SAVScan) - Symantec Corporation - C:\Program Files\Norton Internet Security\Norton AntiVirus\SAVScan.exe -- End of file - 9732 bytes -- File Associations ----------------------------------------------------------- All associations okay. -- Drivers: 0-Boot, 1-System, 2-Auto, 3-Demand, 4-Disabled --------------------- R0 sfdrv01 (StarForce Protection Environment Driver (version 1.x)) - c:\windows\system32\drivers\sfdrv01.sys <Not Verified; Protection Technology; StarForce Protection System> R0 sfhlp02 (StarForce Protection Helper Driver (version 2.x)) - c:\windows\system32\drivers\sfhlp02.sys <Not Verified; Protection Technology; StarForce Protection System> R0 sfsync02 (StarForce Protection Synchronization Driver (version 2.x)) - c:\windows\system32\drivers\sfsync02.sys <Not Verified; Protection Technology; StarForce Protection System> R0 sfsync03 (StarForce Protection Synchronization Driver (version 3.x)) - c:\windows\system32\drivers\sfsync03.sys <Not Verified; Protection Technology; StarForce Protection System> R0 sfvfs02 (StarForce Protection VFS Driver (version 2.x)) - c:\windows\system32\drivers\sfvfs02.sys <Not Verified; Protection Technology; StarForce Protection System> R3 Bonifay - c:\windows\system32\drivers\bonifay.sys <Not Verified; Freecom; Bonifay> R3 pfc (Padus ASPI Shell) - c:\windows\system32\drivers\pfc.sys <Not Verified; Padus, Inc.; Padus(R) ASPI Shell> S3 ENTECH - c:\windows\system32\drivers\entech.sys <Not Verified; EnTech Taiwan; PowerStrip> S3 Gonzales - c:\windows\system32\drivers\gonzales.sys <Not Verified; Freecom; Gonzales> S3 SaiMini - c:\windows\system32\drivers\saimini.sys <Not Verified; Saitek; Configuration Software> S3 SaiNtBus - c:\windows\system32\drivers\saibus.sys <Not Verified; Saitek; Configuration Software> S3 ss_bus (Samsung Mobile USB Device 1.0 driver (WDM)) - c:\windows\system32\drivers\ss_bus.sys <Not Verified; MCCI; Samsung Mobile USB Device 1.0> S3 ss_mdfl (SAMSUNG Mobile USB Modem 1.0 Filter) - c:\windows\system32\drivers\ss_mdfl.sys <Not Verified; MCCI; SAMSUNG Mobile USB Modem 1.0 Filter> S3 ss_mdm (SAMSUNG Mobile USB Modem 1.0 Drivers) - c:\windows\system32\drivers\ss_mdm.sys <Not Verified; MCCI; SAMSUNG Mobile USB Modem 1.0> S3 wceusbsh (Windows CE USB Serial Host Driver) - c:\windows\system32\drivers\wceusbsh.sys <Not Verified; Microsoft Corporation; Windows CE USB Serial Host Driver> -- Services: 0-Boot, 1-System, 2-Auto, 3-Demand, 4-Disabled -------------------- S3 SM_SPP-2030_FUService (SPP-2040 Status Monitor Service) - "c:\program files\samsung\samsung spp-2040 series\commonsm\ssmsrvc /service (file missing) -- Device Manager: Disabled ---------------------------------------------------- Class GUID: Description: PCI Input Device Device ID: PCI\VEN_1102&DEV_7003&SUBSYS_00401102&REV_04\4&1F7DBC9F&0&61F0 Manufacturer: Name: PCI Input Device PNP Device ID: PCI\VEN_1102&DEV_7003&SUBSYS_00401102&REV_04\4&1F7DBC9F&0&61F0 Service: -- Scheduled Tasks ------------------------------------------------------------- 2007-10-01 22:49:10 300 --a------ C:\WINDOWS\Tasks\WebReg Deskjet F4100 series.job 2007-09-28 20:00:00 546 --a------ C:\WINDOWS\Tasks\Norton AntiVirus - Run Full System Scan - Paul.job 2007-02-19 14:57:49 284 --a------ C:\WINDOWS\Tasks\AppleSoftwareUpdate.job -- Files created between 2007-09-07 and 2007-10-07 ----------------------------- 2007-10-07 15:26:18 0 d-------- C:\Program Files\Trend Micro 2007-10-07 14:27:06 0 d-------- C:\ie-spyad_zo 2007-10-07 14:09:17 0 d-------- C:\Program Files\SpywareBlaster 2007-10-06 12:17:09 0 d-------- C:\WINDOWS\privacy_danger 2007-10-05 17:05:13 32256 --a------ C:\WINDOWS\wsremover.exe 2007-10-05 17:05:12 225280 --a------ C:\WINDOWS\sysdx.dll 2007-10-05 17:05:12 75776 --a------ C:\WINDOWS\netadv.dll <Not Verified; ; netadv Module> 2007-10-05 17:05:12 192512 --a------ C:\WINDOWS\msvb.dll <Not Verified; ; msvb> 2007-10-05 17:05:12 245760 --a------ C:\WINDOWS\bndsronw.dll <Not Verified; ; bndsronw> 2007-10-05 17:03:54 0 d-------- C:\Program Files\VideoAccessCodec 2007-10-04 15:23:43 0 d-------- C:\Documents and Settings\Mark\Application Data\Teleca 2007-10-04 15:22:55 0 d-------- C:\Documents and Settings\Mark\Application Data\Sony Ericsson 2007-10-04 15:17:56 0 d-------- C:\Documents and Settings\All Users\Application Data\Sony Ericsson 2007-10-04 15:17:29 0 d-------- C:\Program Files\Common Files\Sony Ericsson Shared 2007-10-04 15:17:22 0 d-------- C:\Program Files\Common Files\Teleca Shared 2007-10-04 15:17:21 0 d-------- C:\Program Files\Sony Ericsson 2007-10-04 15:17:21 0 d-------- C:\Documents and Settings\All Users\Application Data\Teleca 2007-10-02 18:23:32 0 d-------- C:\Documents and Settings\Mark\Application Data\Printer Info Cache 2007-10-02 18:23:30 0 d-------- C:\Documents and Settings\Mark\Application Data\Image Zone Express 2007-09-18 19:23:50 0 d-------- C:\Documents and Settings\Mark\Application Data\MSN6 2007-09-14 00:51:44 0 d-------- C:\Documents and Settings\Mark\Application Data\AdobeUM 2007-09-14 00:50:10 0 d-------- C:\Program Files\Freecom Backup Software 2007-09-14 00:01:36 73728 --a------ C:\WINDOWS\system32\Zion.dll <Not Verified; Freecom; Freecom SYNC> 2007-09-14 00:01:36 7040 --a------ C:\WINDOWS\system32\drivers\Gonzales.sys <Not Verified; Freecom; Gonzales> 2007-09-14 00:01:36 12160 --a------ C:\WINDOWS\system32\drivers\Bonifay.sys <Not Verified; Freecom; Bonifay> 2007-09-14 00:01:36 0 d-------- C:\Program Files\Freecom Personal Media Suite 2007-09-09 22:49:06 0 d-------- C:\Documents and Settings\All Users\Application Data\WEBREG 2007-09-09 22:48:38 0 d-------- C:\Documents and Settings\Mark\Application Data\HP 2007-09-09 22:44:45 0 d-------- C:\Documents and Settings\All Users\Application Data\HP 2007-09-09 22:43:58 0 d-------- C:\Documents and Settings\All Users\Application Data\HPSSUPPLY 2007-09-09 22:43:28 0 d-------- C:\Program Files\Common Files\HP 2007-09-09 22:40:46 0 d-------- C:\Documents and Settings\All Users\Application Data\Hewlett-Packard 2007-09-09 22:35:13 0 d-------- C:\Program Files\HP 2007-09-09 22:31:26 1470 -----n--- C:\WINDOWS\hpomdl12.dat 2007-09-09 22:31:26 130958 --a------ C:\WINDOWS\hpoins12.dat -- Find3M Report --------------------------------------------------------------- 2007-10-07 15:25:51 0 d-------- C:\Program Files\Common Files\Symantec Shared 2007-10-07 12:56:21 384 --a------ C:\WINDOWS\system32\DVCStateBkp-{00000002-00000000-0000000C-00001102-00000004-20021102}.dat 2007-10-07 12:56:21 384 --a------ C:\WINDOWS\system32\DVCState-{00000002-00000000-0000000C-00001102-00000004-20021102}.dat 2007-10-06 12:22:17 0 d-------- C:\Program Files\Norton Internet Security 2007-10-04 15:17:29 0 d-------- C:\Program Files\Common Files 2007-10-03 20:19:09 0 d-------- C:\Program Files\Symantec 2007-10-03 15:46:20 0 d--h----- C:\Program Files\InstallShield Installation Information 2007-09-24 17:30:13 0 d-------- C:\Documents and Settings\Mark\Application Data\Microgaming 2007-09-05 10:08:16 0 d-------- C:\Documents and Settings\Mark\Application Data\Adobe -- Registry Dump --------------------------------------------------------------- Note empty entries & legit default entries are not shown [HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{3ADCBC16-19FA-4C59-9C22-E17C71B5FD7A}] 05/10/2007 16:35 245760 --a------ C:\WINDOWS\bndsronw.dll [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "OemReset"="C:\WINDOWS\OPTIONS\OEMRESET.exe" [] "Cmaudio"="cmicnfg.cpl" [24/02/2003 14:50 C:\WINDOWS\CMICNFG.CPL] "NvCplDaemon"="C:\WINDOWS\system32\NvCpl.dll" [22/10/2006 13:22] "nwiz"="nwiz.exe" [22/10/2006 13:22 C:\WINDOWS\system32\nwiz.exe] "ccApp"="C:\Program Files\Common Files\Symantec Shared\ccApp.exe" [22/01/2007 23:19] "TalkTalk"="C:\Program Files\TalkTalk\bin\sprtcmd.exe" [16/08/2005 00:12] "SpeedTouch USB Diagnostics"="C:\Program Files\Thomson\SpeedTouch USB\Dragdiag.exe" [26/01/2004 12:38] "RemoteControl"="C:\Program Files\CyberLink DVD Solution\PowerDVD\PDVDServ.exe" [28/06/2004 22:29] "NvMediaCenter"="C:\WINDOWS\system32\NvMcTray.dll" [22/10/2006 13:22] "QuickTime Task"="C:\Program Files\QuickTime\qttask.exe" [25/10/2006 19:58] "iTunesHelper"="C:\Program Files\iTunes\iTunesHelper.exe" [30/10/2006 10:36] "adiras"="adiras.exe" [] "HP Software Update"="C:\Program Files\HP\HP Software Update\HPWuSchd2.exe" [10/12/2006 21:52] "Symantec PIF AlertEng"="C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe" [12/03/2007 18:30] "Sony Ericsson PC Suite"="C:\Program Files\Sony Ericsson\Mobile2\Application Launcher\Application Launcher.exe" [26/01/2007 13:36] [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "NvMediaCenter"="C:\WINDOWS\System32\NVMCTRAY.DLL,NvTaskbarInit" [] "MSMSGS"="C:\Program Files\Messenger\msmsgs.exe" [13/10/2004 17:24] "ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [04/08/2004 08:56] C:\Documents and Settings\Mark\Start Menu\Programs\Startup\ Freecom Personal Media Suite.lnk - C:\Program Files\Freecom Personal Media Suite\FCPMS.exe [14/09/2007 00:01:36] C:\Documents and Settings\All Users\Start Menu\Programs\Startup\ Adobe Reader Speed Launch.lnk - C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe [23/09/2005 23:05:26] DSLMON.lnk - C:\Program Files\SAGEM\SAGEM F@st 800-840\dslmon.exe [28/04/2007 19:08:37] HP Digital Imaging Monitor.lnk - C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe [02/01/2007 21:40:10] Microsoft Office.lnk - C:\Program Files\Microsoft Office\Office\OSA9.EXE [17/02/1999 13:05:56] [HKEY_CURRENT_USER\software\microsoft\internet explorer\desktop\components\1] Source= file:///C:\WINDOWS\privacy_danger\index.htm FriendlyName= Privacy Protection [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad] "msvb"= {5F3316F8-DDD2-4B1A-BAE8-1994CD1699D0} - C:\WINDOWS\msvb.dll [05/10/2007 16:35 192512] "sysdx"= {FEBEEB9E-B81C-4FCD-AA80-2AB281B777CE} - C:\WINDOWS\sysdx.dll [05/10/2007 16:35 225280] [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\vds] @="Service" [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\{533C5B84-EC70-11D2-9505-00C04F79DEAF}] @="Volume shadow copy" [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost] HPZ12 Pml Driver HPZ12 Net Driver HPZ12 hpdevmgmt hpqcxs08 hpqddsvc Newly Created Service - COMHOST -- End of Deckard's System Scanner: finished at 2007-10-07 15:30:49 ------------ ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ Deckard's System Scanner v20070905.67 Extra logfile - please post this as an attachment with your post. -------------------------------------------------------------------------------- -- System Information ---------------------------------------------------------- Microsoft Windows XP Home Edition (build 2600) SP 2.0 Architecture: X86; Language: English CPU 0: Intel(R) Pentium(R) 4 CPU 3.06GHz CPU 1: Intel(R) Pentium(R) 4 CPU 3.06GHz Percentage of Memory in Use: 46% Physical Memory (total/avail): 1279.48 MiB / 682.64 MiB Pagefile Memory (total/avail): 2669.09 MiB / 2195.36 MiB Virtual Memory (total/avail): 2047.88 MiB / 1948.64 MiB A: is Removable (No Media) C: is Fixed (NTFS) - 148.93 GiB total, 136.54 GiB free. D: is CDROM (No Media) E: is CDROM (No Media) \\.\PHYSICALDRIVE0 - WDC WD1600BB-22DAA0 - 149.05 GiB - 1 partition \PARTITION0 (bootable) - Installable File System - 148.93 GiB - C: -- Security Center ------------------------------------------------------------- AUOptions is scheduled to auto-install. Windows Internal Firewall is disabled. FW: Norton Internet Worm Protection v2006 (Symantec) Disabled FW: Norton Internet Security 2006 v2006 (Symantec Corporation) AV: Norton Internet Security 2006 v2006 (Symantec Corporation) [HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List] "%windir%\\system32\\sessmgr.exe"="%windir%\\system32\\sessmgr.exe::enabled:@xpsp2res.dll,-22019" "%windir%\\Network Diagnostic\\xpnetdiag.exe"="%windir%\\Network Diagnostic\\xpnetdiag.exe::Enabled:@xpsp3res.dll,-20000" "C:\\Program Files\\MSN Messenger\\msnmsgr.exe"="C:\\Program Files\\MSN Messenger\\msnmsgr.exe::Enabled:Windows Live Messenger 8.1" "C:\\Program Files\\MSN Messenger\\livecall.exe"="C:\\Program Files\\MSN Messenger\\livecall.exe::Enabled:Windows Live Messenger 8.1 (Phone)" PLEASE HELP!!!!!!