Solved ebay login asking for credit card info

phototec · 2010/02/21

[Resolved] ebay login asking for credit card info

When I try to login to ebay, I'm asked fro credit card info, ebay says I have a virus on my computer? How do I get rid of it?

Thanks

phototec · 2010/02/21

Wildfire, sorry, I don't mean to take short cuts, this is new to me, I read before posting, however I'm not use to this type of forum, I will do my best to comply.

Here are my DDS files:

DDS (Ver_09-12-01.01) - NTFSx86
Run by Jon at 15:04:44.51 on Sun 02/21/2010
Internet Explorer: 8.0.6001.18702
Microsoft Windows XP Home Edition 5.1.2600.3.1252.1.1033.18.3061.1951 [GMT -6:00]

============== Running Processes ===============

C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost -k DcomLaunch
svchost.exe
C:\WINDOWS\System32\svchost.exe -k netsvcs
C:\WINDOWS\system32\Ati2evxx.exe
svchost.exe
svchost.exe
C:\WINDOWS\system32\LEXBCES.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\LEXPPS.EXE
svchost.exe
C:\Program Files\Common Files\EPSON\EBAPI\eEBSVC.exe
C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ACService.exe
C:\Program Files\Common Files\Seagate\Schedule2\schedul2.exe
C:\WINDOWS\SYSTEM32\astsrv.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\Common Files\Intuit\Update Service\IntuitUpdateService.exe
C:\Program Files\Norton Internet Security\Norton Internet Security\Engine\16.8.0.41\ccSvcHst.exe
C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxWatch9.exe
C:\Program Files\Dell Support Center\bin\sprtsvc.exe
C:\WINDOWS\system32\svchost.exe -k imgsvc
C:\Program Files\Western Digital\WD Drive Manager\WDBtnMgrSvc.exe
C:\Program Files\Norton Internet Security\Norton Internet Security\Engine\16.8.0.41\ccSvcHst.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Dell\Dell Webcam Manager\DellWMgr.exe
C:\WINDOWS\RTHDCPL.EXE
C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ACDaemon.exe
C:\Program Files\Western Digital\WD Drive Manager\WDBtnMgrUI.exe
C:\Program Files\Ask & Record Toolbar\FLVSrvc.exe
C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_S5I0M2.EXE
C:\Program Files\CyberLink\PowerDVD DX\PDVDDXSrv.exe
C:\Program Files\Messenger\msmsgs.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATIBOA.EXE
C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Documents and Settings\Jon\Desktop\dds.scr

============== Pseudo HJT Report ===============

uStart Page = hxxp://www.google.com
uSearch Page = hxxp://www.google.com
uDefault_Page_URL = www.google.com/ig/dell?hl=en&client=dell-usuk-rel&channel=us&ibd=0071218
uSearch Bar = hxxp://www.google.com/ie
mDefault_Search_URL = hxxp://www.google.com/ie
mSearch Page = hxxp://www.google.com
mStart Page = hxxp://www.google.com
uInternet Connection Wizard,ShellNext = hxxp://www.google.com/ig/dell?hl=en&client=dell-usuk-rel&channel=us&ibd=0071218
uInternet Settings,ProxyServer = http=127.0.0.1:5555
uInternet Settings,ProxyOverride = <local>
mSearchAssistant = hxxp://www.google.com
uURLSearchHooks: Yahoo! Toolbar: {ef99bd32-c1fb-11d2-892f-0090271d4f88} - c:\program files\yahoo!\companion\installs\cpn\yt.dll
BHO: SnagIt Toolbar Loader: {00c6482d-c502-44c8-8409-fce54ad9c208} - c:\program files\techsmith\snagit 9\SnagitBHO.dll
BHO: Symantec NCO BHO: {602adb0e-4aff-4217-8aa1-95dac4dfa408} - c:\program files\norton internet security\norton internet security\engine\16.8.0.41\coIEPlg.dll
BHO: Symantec Intrusion Prevention: {6d53ec84-6aae-4787-aeee-f4628f01010c} - c:\program files\norton internet security\norton internet security\engine\16.8.0.41\IPSBHO.DLL
BHO: Google Toolbar Helper: {aa58ed58-01dd-4d91-8333-cf10577473f7} - c:\program files\google\google toolbar\GoogleToolbar_32.dll
BHO: Google Toolbar Notifier BHO: {af69de43-7d58-4638-b6fa-ce66b5ad205d} - c:\program files\google\googletoolbarnotifier\5.5.4723.1820\swg.dll
BHO: Ask && Record Toolbar: {d4027c7f-154a-4066-a1ad-4243d8127440} - c:\program files\ask.com\GenericAskToolbar.dll
TB: Adobe PDF: {47833539-d0c5-4125-9fa8-0819e2eaac93} - c:\program files\adobe\acrobat 8.0\acrobat\AcroIEFavClient.dll
TB: Yahoo! Toolbar: {ef99bd32-c1fb-11d2-892f-0090271d4f88} - c:\program files\yahoo!\companion\installs\cpn\yt.dll
TB: Ask && Record Toolbar: {d4027c7f-154a-4066-a1ad-4243d8127440} - c:\program files\ask.com\GenericAskToolbar.dll
TB: Snagit: {8ff5e183-abde-46eb-b09e-d2aab95cabe3} - c:\program files\techsmith\snagit 9\SnagitIEAddin.dll
TB: Norton Toolbar: {7febefe3-6b19-4349-98d2-ffb09d4b49ca} - c:\program files\norton internet security\norton internet security\engine\16.8.0.41\coIEPlg.dll
TB: Google Toolbar: {2318c2b1-4965-11d4-9b18-009027a5cd4f} - c:\program files\google\google toolbar\GoogleToolbar_32.dll
TB: {8FF5E180-ABDE-46EB-B09E-D2AAB95CABE3} - No File
EB: Adobe PDF: {182ec0be-5110-49c8-a062-beb1d02a220b} - c:\program files\adobe\acrobat 8.0\acrobat\AcroIEFavClient.dll
EB: Real.com: {fe54fa40-d68c-11d2-98fa-00c0f0318afe} - c:\windows\system32\Shdocvw.dll
uRun: [MSMSGS] "c:\program files\messenger\msmsgs.exe" /background
uRun: [ctfmon.exe] c:\windows\system32\ctfmon.exe
uRun: [swg] "c:\program files\google\googletoolbarnotifier\GoogleToolbarNotifier.exe "
uRun: [EPSON Stylus Photo R380 Series] c:\windows\system32\spool\drivers\w32x86\3\e_fatiboa.exe /fu "c:\docume~1\jon\locals~1\temp\E_S2B.tmp" /EF "HKCU "
uRun: [LDM] c:\program files\logitech\desktop messenger\8876480\program\LogitechDesktopMessenger.exe
mRun: [IgfxTray] c:\windows\system32\igfxtray.exe
mRun: [HotKeysCmds] c:\windows\system32\hkcmd.exe
mRun: [Persistence] c:\windows\system32\igfxpers.exe
mRun: [DELL Webcam Manager] "c:\program files\dell\dell webcam manager\DellWMgr.exe" /s
mRun: [RTHDCPL] RTHDCPL.EXE
mRun: [Alcmtr] ALCMTR.EXE
mRun: [ArcSoft Connection Service] c:\program files\common files\arcsoft\connection service\bin\ACDaemon.exe
mRun: [WD Drive Manager] c:\program files\western digital\wd drive manager\WDBtnMgrUI.exe
mRun: [dellsupportcenter] "c:\program files\dell support center\bin\sprtcmd.exe" /P dellsupportcenter
mRun: [QuickTime Task] "c:\program files\quicktime\qttask.exe" -atboottime
mRun: [Ask and Record FLV Service] "c:\program files\ask & record toolbar\FLVSrvc.exe" /run
mRun: [EPSON Stylus Pro 4800] c:\windows\system32\spool\drivers\w32x86\3\E_S5I0M2.EXE /P21 "EPSON Stylus Pro 4800" /O6 "USB004" /M "Stylus Pro 4800 "
mRun: [dscactivate] "c:\program files\dell support center\gs_agent\custom\dsca.exe "
mRun: [PDVDDXSrv] "c:\program files\cyberlink\powerdvd dx\PDVDDXSrv.exe "
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\logite~1.lnk - c:\program files\logitech\desktop messenger\8876480\program\LDMConf.exe
IE: Append to existing PDF - c:\program files\adobe\acrobat 8.0\acrobat\AcroIEFavClient.dll/AcroIEAppend.html
IE: Bayside Sniper - Add Auction Item - c:\documents and settings\jon\application data\baysidesniperii\BaysideSniperIE.dll/IE/201
IE: Bayside Sniper - Item Feedback Analyzer - c:\documents and settings\jon\application data\baysidesniperii\BaysideSniperIE.dll/IE/202
IE: Convert link target to Adobe PDF - c:\program files\adobe\acrobat 8.0\acrobat\AcroIEFavClient.dll/AcroIECapture.html
IE: Convert link target to existing PDF - c:\program files\adobe\acrobat 8.0\acrobat\AcroIEFavClient.dll/AcroIEAppend.html
IE: Convert selected links to Adobe PDF - c:\program files\adobe\acrobat 8.0\acrobat\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
IE: Convert selected links to existing PDF - c:\program files\adobe\acrobat 8.0\acrobat\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
IE: Convert selection to Adobe PDF - c:\program files\adobe\acrobat 8.0\acrobat\AcroIEFavClient.dll/AcroIECapture.html
IE: Convert selection to existing PDF - c:\program files\adobe\acrobat 8.0\acrobat\AcroIEFavClient.dll/AcroIEAppend.html
IE: Convert to Adobe PDF - c:\program files\adobe\acrobat 8.0\acrobat\AcroIEFavClient.dll/AcroIECapture.html
IE: E&xport to Microsoft Excel - c:\progra~1\mi1933~1\office12\EXCEL.EXE/3000
IE: Google Sidewiki... - c:\program files\google\google toolbar\component\GoogleToolbarDynamic_mui_en_96D6FF0C6D236BF8.dll/cmsidewiki.html
IE: {C8644EC1-E8D3-4691-B778-6458E3701177} - res://c:\documents and settings\jon\application data\baysidesniperii\BaysideSniperIE.dll/IE/201
IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe
IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe
IE: {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - {CAFEEFAC-0015-0000-0006-ABCDEFFEDCBC} - c:\program files\java\jre1.5.0_06\bin\ssv.dll
IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - c:\progra~1\mi1933~1\office12\ONBttnIE.dll
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\mi1933~1\office12\REFIEBAR.DLL
IE: {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - {FE54FA40-D68C-11d2-98FA-00C0F0318AFE} - c:\windows\system32\Shdocvw.dll
DPF: {01A88BB1-1174-41EC-ACCB-963509EAE56B} - hxxp://support.dell.com/systemprofiler/SysPro.CAB
DPF: {6A344D34-5231-452A-8A57-D064AC9B7862} - hxxps://webdl.symantec.com/activex/symdlmgr.cab
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.5.0/jinstall-1_5_0_06-windows-i586.cab
DPF: {CAFEEFAC-0015-0000-0006-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.5.0/jinstall-1_5_0_06-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.5.0/jinstall-1_5_0_06-windows-i586.cab
Handler: bwfile-8876480 - {9462A756-7B47-47BC-8C80-C34B9B80B32B} - c:\program files\logitech\desktop messenger\8876480\program\GAPlugProtocol-8876480.dll
Handler: symres - {AA1061FE-6C41-421f-9344-69640C9732AB} - c:\program files\norton internet security\norton internet security\engine\16.8.0.41\CoIEPlg.dll
Notify: AtiExtEvent - Ati2evxx.dll
Notify: GoToAssist - c:\program files\citrix\gotoassist\480\G2AWinLogon.dll
Notify: igfxcui - igfxdev.dll
SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - c:\windows\system32\WPDShServiceObj.dll
LSA: Authentication Packages = msv1_0 relog_ap

============= SERVICES / DRIVERS ===============

R0 SymEFA;Symantec Extended File Attributes;c:\windows\system32\drivers\nis\1008000.029\SymEFA.sys [2010-2-2 310320]
R1 BHDrvx86;Symantec Heuristics Driver;c:\windows\system32\drivers\nis\1008000.029\BHDrvx86.sys [2010-2-2 259632]
R1 ccHP;Symantec Hash Provider;c:\windows\system32\drivers\nis\1008000.029\cchpx86.sys [2010-2-2 482432]
R1 IDSxpx86;IDSxpx86;c:\documents and settings\all users\application data\norton\{0c55c096-0f1d-4f28-aaa2-85ef591126e7}\norton\definitions\ipsdefs\20100218.001\IDSXpx86.sys [2010-2-19 329592]
R2 KodakDigitalDisplayService;KodakDigitalDisplayService;c:\program files\kodak\digital display\orbkodaklauncher\DllStartupService.exe [2008-8-14 98304]
R2 Norton Internet Security;Norton Internet Security;c:\program files\norton internet security\norton internet security\engine\16.8.0.41\ccSvcHst.exe [2010-2-2 117640]
R2 WDBtnMgrSvc.exe;WD Drive Manager Service;c:\program files\western digital\wd drive manager\WDBtnMgrSvc.exe [2008-6-12 102400]
R3 EraserUtilRebootDrv;EraserUtilRebootDrv;c:\program files\common files\symantec shared\eengine\EraserUtilRebootDrv.sys [2009-9-22 102448]
R3 NAVENG;NAVENG;c:\documents and settings\all users\application data\norton\{0c55c096-0f1d-4f28-aaa2-85ef591126e7}\norton\definitions\virusdefs\20100221.004\NAVENG.SYS [2010-2-21 84912]
R3 NAVEX15;NAVEX15;c:\documents and settings\all users\application data\norton\{0c55c096-0f1d-4f28-aaa2-85ef591126e7}\norton\definitions\virusdefs\20100221.004\NAVEX15.SYS [2010-2-21 1324720]
R3 RLDesignVirtualAudioCableWdm;Live! Cam Virtual;c:\windows\system32\drivers\livecamv.sys [2007-12-17 31616]
S2 gupdate1c9ed2d43e74af4;Google Update Service (gupdate1c9ed2d43e74af4);c:\program files\google\update\GoogleUpdate.exe [2009-6-14 133104]
S3 WDC_SAM;WD SCSI Pass Thru driver;c:\windows\system32\drivers\wdcsam.sys [2008-12-27 11520]

=============== Created Last 30 ================

2010-02-21 20:27:04 0 d-----w- c:\program files\Trend Micro
2010-01-27 07:32:24 286720 ----a-w- c:\windows\iun507.exe
2010-01-27 07:32:01 0 d-----w- c:\program files\RescuePRO

==================== Find3M ====================

2010-01-07 22:07:14 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2010-01-07 22:07:04 19160 ----a-w- c:\windows\system32\drivers\mbam.sys
2009-12-31 16:50:03 353792 ----a-w- c:\windows\system32\drivers\srv.sys
2009-12-31 16:50:03 353792 ------w- c:\windows\system32\dllcache\srv.sys
2009-12-21 13:19:18 173056 ------w- c:\windows\system32\dllcache\ie4uinit.exe
2009-12-16 18:43:27 343040 ----a-w- c:\windows\system32\mspaint.exe
2009-12-16 18:43:27 343040 ------w- c:\windows\system32\dllcache\mspaint.exe
2009-12-14 07:08:23 33280 ----a-w- c:\windows\system32\csrsrv.dll
2009-12-14 07:08:23 33280 ------w- c:\windows\system32\dllcache\csrsrv.dll
2009-12-08 19:27:51 2189184 ------w- c:\windows\system32\dllcache\ntoskrnl.exe
2009-12-08 19:26:15 2145280 ----a-w- c:\windows\system32\ntoskrnl.exe
2009-12-08 19:26:15 2145280 ------w- c:\windows\system32\dllcache\ntkrnlmp.exe
2009-12-08 18:43:51 2023936 ----a-w- c:\windows\system32\ntkrnlpa.exe
2009-12-08 18:43:51 2023936 ------w- c:\windows\system32\dllcache\ntkrpamp.exe
2009-12-08 18:43:50 2066048 ------w- c:\windows\system32\dllcache\ntkrnlpa.exe
2009-12-08 09:23:28 474112 ------w- c:\windows\system32\dllcache\shlwapi.dll
2009-12-04 18:22:22 455424 ------w- c:\windows\system32\dllcache\mrxsmb.sys
2009-12-04 07:10:29 878 ----a-w- c:\docume~1\jon\applic~1\wklnhst.dat
2009-11-27 17:11:44 17920 ----a-w- c:\windows\system32\msyuv.dll
2009-11-27 17:11:44 17920 ------w- c:\windows\system32\dllcache\msyuv.dll
2009-11-27 17:11:44 1291776 ----a-w- c:\windows\system32\quartz.dll
2009-11-27 17:11:44 1291776 ------w- c:\windows\system32\dllcache\quartz.dll
2009-11-27 16:07:35 8704 ----a-w- c:\windows\system32\tsbyuv.dll
2009-11-27 16:07:35 8704 ------w- c:\windows\system32\dllcache\tsbyuv.dll
2009-11-27 16:07:35 28672 ----a-w- c:\windows\system32\msvidc32.dll
2009-11-27 16:07:35 28672 ------w- c:\windows\system32\dllcache\msvidc32.dll
2009-11-27 16:07:34 84992 ----a-w- c:\windows\system32\avifil32.dll
2009-11-27 16:07:34 84992 ------w- c:\windows\system32\dllcache\avifil32.dll
2009-11-27 16:07:34 48128 ----a-w- c:\windows\system32\iyuv_32.dll
2009-11-27 16:07:34 48128 ------w- c:\windows\system32\dllcache\iyuv_32.dll
2009-11-27 16:07:34 11264 ----a-w- c:\windows\system32\msrle32.dll
2009-11-27 16:07:34 11264 ------w- c:\windows\system32\dllcache\msrle32.dll
2007-12-18 02:59:58 76 --sh--r- c:\windows\CT4CET.bin
2008-09-06 08:07:03 32768 --sha-w- c:\windows\system32\config\systemprofile\local settings\history\history.ie5\mshist012008090620080907\index.dat

============= FINISH: 15:05:21.45 ===============

phototec · 2010/02/21

Here is the other file:

UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.
IF REQUESTED, ZIP IT UP & ATTACH IT

DDS (Ver_09-12-01.01)

Microsoft Windows XP Home Edition
Boot Device: \Device\HarddiskVolume2
Install Date: 1/23/2008 2:52:38 PM
System Uptime: 2/21/2010 1:49:33 PM (2 hours ago)

Motherboard: Dell Inc. | | 0RY007
Processor: Intel(R) Core(TM)2 Duo CPU E6550 @ 2.33GHz | Socket 775 | 2327/333mhz

==== Disk Partitions =========================

C: is FIXED (NTFS) - 230 GiB total, 185.021 GiB free.
D: is CDROM ()
E: is FIXED (NTFS) - 699 GiB total, 317.028 GiB free.
F: is Removable
G: is Removable
H: is Removable
I: is Removable
L: is Removable

==== Disabled Device Manager Items =============

Class GUID: {4D36E968-E325-11CE-BFC1-08002BE10318}
Description: Intel(R) G33/G31 Express Chipset Family
Device ID: PCI\VEN_8086&DEV_29C2&SUBSYS_020D1028&REV_02\3&2411E6FE&0&10
Manufacturer: Intel Corporation
Name: Intel(R) G33/G31 Express Chipset Family
PNP Device ID: PCI\VEN_8086&DEV_29C2&SUBSYS_020D1028&REV_02\3&2411E6FE&0&10
Service: ialm

==== System Restore Points ===================

RP104: 11/23/2009 2:25:16 PM - System Checkpoint
RP105: 11/24/2009 7:20:06 PM - System Checkpoint
RP106: 11/25/2009 9:25:56 AM - Software Distribution Service 3.0
RP107: 11/26/2009 9:35:37 AM - System Checkpoint
RP108: 11/28/2009 8:20:42 AM - System Checkpoint
RP109: 11/30/2009 9:20:45 AM - System Checkpoint
RP110: 12/1/2009 1:36:56 AM - Software Distribution Service 3.0
RP111: 12/2/2009 10:27:59 AM - System Checkpoint
RP112: 12/6/2009 3:05:58 PM - System Checkpoint
RP113: 12/7/2009 8:29:04 PM - System Checkpoint
RP114: 12/8/2009 8:34:22 PM - System Checkpoint
RP115: 12/9/2009 12:51:44 AM - Software Distribution Service 3.0
RP116: 12/10/2009 9:29:03 AM - System Checkpoint
RP117: 12/12/2009 11:51:36 AM - System Checkpoint
RP118: 12/13/2009 2:17:34 PM - System Checkpoint
RP119: 12/14/2009 10:18:49 PM - System Checkpoint
RP120: 12/15/2009 10:49:37 PM - System Checkpoint
RP121: 12/16/2009 11:07:32 PM - System Checkpoint
RP122: 12/17/2009 11:12:37 PM - System Checkpoint
RP123: 12/19/2009 11:44:46 AM - System Checkpoint
RP124: 12/20/2009 3:40:42 PM - System Checkpoint
RP125: 12/21/2009 9:03:14 PM - System Checkpoint
RP126: 12/22/2009 11:05:37 PM - System Checkpoint
RP127: 12/23/2009 11:20:42 PM - System Checkpoint
RP128: 12/26/2009 8:51:48 PM - System Checkpoint
RP129: 12/27/2009 9:03:41 PM - System Checkpoint
RP130: 12/28/2009 9:19:03 PM - System Checkpoint
RP131: 12/29/2009 10:13:26 PM - System Checkpoint
RP132: 12/30/2009 5:48:16 PM - Installed Adobe Photoshop Lightroom 3 Beta.
RP133: 12/31/2009 5:48:49 PM - System Checkpoint
RP134: 1/1/2010 6:10:17 PM - System Checkpoint
RP135: 1/2/2010 6:15:03 PM - System Checkpoint
RP136: 1/3/2010 7:09:17 PM - System Checkpoint
RP137: 1/4/2010 7:31:59 PM - System Checkpoint
RP138: 1/5/2010 7:36:05 PM - System Checkpoint
RP139: 1/6/2010 7:47:18 PM - System Checkpoint
RP140: 1/7/2010 8:35:29 PM - System Checkpoint
RP141: 1/8/2010 8:58:05 PM - System Checkpoint
RP142: 1/9/2010 9:27:08 PM - System Checkpoint
RP143: 1/11/2010 2:17:12 PM - System Checkpoint
RP144: 1/12/2010 9:32:01 PM - System Checkpoint
RP145: 1/13/2010 2:57:05 AM - Software Distribution Service 3.0
RP146: 1/14/2010 9:48:40 AM - System Checkpoint
RP147: 1/15/2010 10:48:18 AM - System Checkpoint
RP148: 1/17/2010 6:18:42 PM - System Checkpoint
RP149: 1/18/2010 11:22:58 PM - System Checkpoint
RP150: 1/20/2010 12:02:41 AM - System Checkpoint
RP151: 1/20/2010 1:58:03 AM - Software Distribution Service 3.0
RP152: 1/21/2010 11:05:58 PM - System Checkpoint
RP153: 1/22/2010 1:29:05 AM - Software Distribution Service 3.0
RP154: 1/23/2010 11:25:32 AM - System Checkpoint
RP155: 1/24/2010 2:44:31 PM - System Checkpoint
RP156: 1/25/2010 8:31:15 PM - System Checkpoint
RP157: 1/26/2010 8:33:59 PM - System Checkpoint
RP158: 1/27/2010 10:07:23 PM - System Checkpoint
RP159: 1/28/2010 10:36:18 PM - System Checkpoint
RP160: 1/30/2010 1:55:20 PM - System Checkpoint
RP161: 1/31/2010 1:59:24 PM - System Checkpoint
RP162: 2/1/2010 8:09:40 PM - System Checkpoint
RP163: 2/2/2010 8:27:45 PM - System Checkpoint
RP164: 2/3/2010 11:08:14 PM - System Checkpoint
RP165: 2/4/2010 11:18:01 PM - System Checkpoint
RP166: 2/5/2010 11:52:35 PM - System Checkpoint
RP167: 2/7/2010 12:12:49 PM - System Checkpoint
RP168: 2/8/2010 9:40:12 PM - System Checkpoint
RP169: 2/9/2010 10:15:25 PM - System Checkpoint
RP170: 2/10/2010 9:44:46 AM - Software Distribution Service 3.0
RP171: 2/11/2010 10:26:39 PM - System Checkpoint
RP172: 2/13/2010 1:39:49 AM - System Checkpoint
RP173: 2/14/2010 1:45:21 AM - System Checkpoint
RP174: 2/15/2010 10:36:02 AM - System Checkpoint
RP175: 2/16/2010 10:03:19 PM - System Checkpoint
RP176: 2/17/2010 10:08:32 PM - System Checkpoint
RP177: 2/18/2010 10:30:36 PM - System Checkpoint
RP178: 2/20/2010 11:18:53 AM - System Checkpoint
RP179: 2/21/2010 1:40:11 PM - System Checkpoint

==== Installed Programs ======================

µTorrent
Add or Remove Adobe Creative Suite 3 Design Premium
Adobe Acrobat 8 Professional
Adobe Acrobat 8.1.2 Professional
Adobe Acrobat 8.1.2 Security Update 1 (KB403742)
Adobe Acrobat and Reader 8.1.2 Security Update 1 (KB403742)
Adobe Anchor Service CS3
Adobe Asset Services CS3
Adobe Bridge CS3
Adobe Bridge Start Meeting
Adobe BridgeTalk Plugin CS3
Adobe Camera Raw 4.0
Adobe CMaps
Adobe Color - Photoshop Specific
Adobe Color Common Settings
Adobe Color EU Extra Settings
Adobe Color JA Extra Settings
Adobe Color NA Recommended Settings
Adobe Creative Suite 3 Design Premium
Adobe Default Language CS3
Adobe Device Central CS3
Adobe Dreamweaver CS3
Adobe ExtendScript Toolkit 2
Adobe Extension Manager CS3
Adobe Flash CS3
Adobe Flash Player 10 ActiveX
Adobe Flash Player 9 Plugin
Adobe Flash Video Encoder
Adobe Fonts All
Adobe Help Viewer CS3
Adobe Illustrator CS3
Adobe InDesign CS3
Adobe InDesign CS3 Icon Handler
Adobe Linguistics CS3
Adobe MotionPicture Color Files
Adobe PDF Library Files
Adobe Photoshop CS3
Adobe Photoshop Lightroom 3 Beta
Adobe Reader 8.1.2
Adobe Reader 8.1.2 Security Update 1 (KB403742)
Adobe Setup
Adobe SING CS3
Adobe Stock Photos CS3
Adobe Type Support
Adobe Update Manager CS3
Adobe Version Cue CS3 Client
Adobe Version Cue CS3 Server {ko_KR}
Adobe WAS CS3
Adobe WinSoft Linguistics Plugin
Adobe XMP Panels CS3
Advanced Audio FX Engine
Advanced Video FX Engine
AHV content for Acrobat and Flash
AnswerWorks 5.0 English Runtime
AOLIcon
Apple Software Update
ArcSoft Print Creations
ArcSoft Print Creations - Album Page
ArcSoft Print Creations - Funhouse
ArcSoft Print Creations - Greeting Card
ArcSoft Print Creations - Photo Book
ArcSoft Print Creations - Photo Calendar
ArcSoft Print Creations - Scrapbook
ArcSoft Print Creations - Slimline Card
Ask & Record Toolbar 4.01
Ask Toolbar
ATI Display Driver
Bayside Sniper II 3.15
Brother P-touch Address Book 1.0
Brother P-touch Editor 4.2
Brother P-touch Software
Brother QL-Series User's Guide
Browser Address Error Redirector
CCScore
Color Efex Pro 3.0 Complete
Color Matching System
ColorBurst Epson SP4800
Conexant D850 56K V.9x DFVc Modem
Coupon Printer for Windows
Critical Update for Windows Media Player 11 (KB959772)
Cutting Master 2 1.60
Dell AIO Printer A920
Dell DataSafe Online
Dell Driver Reset Tool
Dell Support Center (Support Software)
Dell System Restore
Dell Webcam Center
Dell Webcam Manager
Digital Line Detect
Documentation & Support Launcher
DVD Shrink 3.2
DVDFab (Platinum/Gold/HD Decrypter) (Option: Mobile) 5.2.5.0
DVDFab 6.2.2.0 Beta (7/1/2010)
DVDFab HD Decrypter 4.1.2.0
Dynamic-Photo HDR 4.5
EarthLink Setup Files
EPSON LFP Remote Panel
EPSON Print CD
EPSON Printer Software
EPSON SPR4800 Reference Guide
EpsonNet WinAssist V4
ESSBrwr
ESSCDBK
ESScore
ESSgui
ESSini
ESSPCD
ESSTOOLS
essvatgt
Free RAR Extract Frog 1.00
Free&Easy Font Viewer 2.0
Games, Music, & Photos Launcher
Genuine Fractals 5.0
Google Chrome
Google Desktop
Google Earth
Google Toolbar for Internet Explorer
Google Update Helper
Google Updater
GoToAssist 8.0.0.480
High Definition Audio Driver Package - KB835221
HijackThis 2.0.2
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB953595)
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB958484)
Hotfix for Windows Internet Explorer 7 (KB947864)
Hotfix for Windows Media Format 11 SDK (KB929399)
Hotfix for Windows Media Player 11 (KB939683)
Hotfix for Windows XP (KB932716-v2)
Hotfix for Windows XP (KB945060-v3)
Hotfix for Windows XP (KB952287)
Hotfix for Windows XP (KB954550-v5)
Hotfix for Windows XP (KB961118)
Hotfix for Windows XP (KB970653-v3)
Hotfix for Windows XP (KB976098-v2)
ICC Color Profiles
Intel(R) Graphics Media Accelerator Driver
Intel(R) PRO Network Connections Drivers
J2SE Runtime Environment 5.0 Update 6
Juicer 3.55a
KEDDS
kgcbaby
kgchday
kgchlwn
kgcinvt
kgckids
kgcmove
kgcvday
KODAK DCS Photo Desk
Kodak EasyShare software
Learn2 Player (Uninstall Only)
Live! Cam Avatar Creator
Live! Cam Avatar v1.0
Logitech Desktop Messenger
Logitech Harmony Remote Software 7
Malwarebytes' Anti-Malware
Microsoft .NET Framework 1.1
Microsoft .NET Framework 1.1 Security Update (KB953297)
Microsoft .NET Framework 2.0 Service Pack 2
Microsoft .NET Framework 3.0 Service Pack 2
Microsoft .NET Framework 3.5 SP1
Microsoft Compression Client Pack 1.0 for Windows XP
Microsoft Internationalized Domain Names Mitigation APIs
Microsoft National Language Support Downlevel APIs
Microsoft Office 2007 Service Pack 2 (SP2)
Microsoft Office Excel MUI (English) 2007
Microsoft Office Home and Student 2007
Microsoft Office OneNote MUI (English) 2007
Microsoft Office PowerPoint MUI (English) 2007
Microsoft Office Proof (English) 2007
Microsoft Office Proof (French) 2007
Microsoft Office Proof (Spanish) 2007
Microsoft Office Proofing (English) 2007
Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
Microsoft Office Shared MUI (English) 2007
Microsoft Office Shared Setup Metadata MUI (English) 2007
Microsoft Office Word MUI (English) 2007
Microsoft Plus! Digital Media Edition Installer
Microsoft Plus! Photo Story 2 LE
Microsoft Silverlight
Microsoft Software Update for Web Folders (English) 12
Microsoft User-Mode Driver Framework Feature Pack 1.0
Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
Microsoft Visual C++ 2005 Redistributable
Microsoft Works
Modem Diagnostic Tool
MSXML 4.0 SP2 (KB936181)
MSXML 4.0 SP2 (KB954430)
MSXML 4.0 SP2 (KB973688)
MSXML 6.0 Parser (KB933579)
netbrdg
NetWaiting
NetZeroInstallers
Norton Internet Security
OfotoXMI
PDF Settings
Photomatix Pro version 3.2.6
Plug-in Suite 4
PowerDVD
QuickTime
RealPlayer Basic
Realtek High Definition Audio Driver
Remote Control USB Driver
RescuePRO 3.3
Roxio Creator Audio
Roxio Creator BDAV Plugin
Roxio Creator Copy
Roxio Creator Data
Roxio Creator DE
Roxio Creator Tools
Roxio Drag-to-Disc
Roxio Express Labeler
Roxio MyDVD DE
Roxio Update Manager
ScanWizard Pro
Seagate*DiscWizard
SearchAssist
Security Update for 2007 Microsoft Office System (KB969559)
Security Update for 2007 Microsoft Office System (KB973704)
Security Update for Microsoft Office Excel 2007 (KB973593)
Security Update for Microsoft Office PowerPoint 2007 (KB957789)
Security Update for Microsoft Office system 2007 (972581)
Security Update for Microsoft Office system 2007 (KB969613)
Security Update for Microsoft Office system 2007 (KB974234)
Security Update for Microsoft Office Visio Viewer 2007 (KB973709)
Security Update for Microsoft Office Word 2007 (KB969604)
Security Update for Step By Step Interactive Training (KB923723)
Security Update for Windows Internet Explorer 7 (KB938127)
Security Update for Windows Internet Explorer 7 (KB942615)
Security Update for Windows Internet Explorer 7 (KB944533)
Security Update for Windows Internet Explorer 7 (KB950759)
Security Update for Windows Internet Explorer 7 (KB953838)
Security Update for Windows Internet Explorer 7 (KB956390)
Security Update for Windows Internet Explorer 7 (KB958215)
Security Update for Windows Internet Explorer 7 (KB960714)
Security Update for Windows Internet Explorer 7 (KB961260)
Security Update for Windows Internet Explorer 7 (KB963027)
Security Update for Windows Internet Explorer 7 (KB969897)
Security Update for Windows Internet Explorer 8 (KB969897)
Security Update for Windows Internet Explorer 8 (KB971961)
Security Update for Windows Internet Explorer 8 (KB972260)
Security Update for Windows Internet Explorer 8 (KB974455)
Security Update for Windows Internet Explorer 8 (KB976325)
Security Update for Windows Internet Explorer 8 (KB978207)
Security Update for Windows Media Player (KB911564)
Security Update for Windows Media Player (KB952069)
Security Update for Windows Media Player (KB954155)
Security Update for Windows Media Player (KB968816)
Security Update for Windows Media Player (KB973540)
Security Update for Windows Media Player 10 (KB936782)
Security Update for Windows Media Player 11 (KB936782)
Security Update for Windows Media Player 11 (KB954154)
Security Update for Windows Media Player 6.4 (KB925398)
Security Update for Windows XP (KB923561)
Security Update for Windows XP (KB923689)
Security Update for Windows XP (KB938464)
Security Update for Windows XP (KB941569)
Security Update for Windows XP (KB946648)
Security Update for Windows XP (KB950760)
Security Update for Windows XP (KB950762)
Security Update for Windows XP (KB950974)
Security Update for Windows XP (KB951066)
Security Update for Windows XP (KB951376-v2)
Security Update for Windows XP (KB951376)
Security Update for Windows XP (KB951698)
Security Update for Windows XP (KB951748)
Security Update for Windows XP (KB952004)
Security Update for Windows XP (KB952954)
Security Update for Windows XP (KB953839)
Security Update for Windows XP (KB954211)
Security Update for Windows XP (KB954459)
Security Update for Windows XP (KB954600)
Security Update for Windows XP (KB955069)
Security Update for Windows XP (KB956391)
Security Update for Windows XP (KB956572)
Security Update for Windows XP (KB956744)
Security Update for Windows XP (KB956802)
Security Update for Windows XP (KB956803)
Security Update for Windows XP (KB956841)
Security Update for Windows XP (KB956844)
Security Update for Windows XP (KB957095)
Security Update for Windows XP (KB957097)
Security Update for Windows XP (KB958644)
Security Update for Windows XP (KB958687)
Security Update for Windows XP (KB958690)
Security Update for Windows XP (KB958869)
Security Update for Windows XP (KB959426)
Security Update for Windows XP (KB960225)
Security Update for Windows XP (KB960715)
Security Update for Windows XP (KB960803)
Security Update for Windows XP (KB960859)
Security Update for Windows XP (KB961371)
Security Update for Windows XP (KB961373)
Security Update for Windows XP (KB961501)
Security Update for Windows XP (KB968537)
Security Update for Windows XP (KB969059)
Security Update for Windows XP (KB969898)
Security Update for Windows XP (KB969947)
Security Update for Windows XP (KB970238)
Security Update for Windows XP (KB970430)
Security Update for Windows XP (KB971468)
Security Update for Windows XP (KB971486)
Security Update for Windows XP (KB971557)
Security Update for Windows XP (KB971633)
Security Update for Windows XP (KB971657)
Security Update for Windows XP (KB972270)
Security Update for Windows XP (KB973346)
Security Update for Windows XP (KB973354)
Security Update for Windows XP (KB973507)
Security Update for Windows XP (KB973525)
Security Update for Windows XP (KB973869)
Security Update for Windows XP (KB973904)
Security Update for Windows XP (KB974112)
Security Update for Windows XP (KB974318)
Security Update for Windows XP (KB974392)
Security Update for Windows XP (KB974571)
Security Update for Windows XP (KB975025)
Security Update for Windows XP (KB975467)
Security Update for Windows XP (KB975560)
Security Update for Windows XP (KB975713)
Security Update for Windows XP (KB977165)
Security Update for Windows XP (KB977914)
Security Update for Windows XP (KB978037)
Security Update for Windows XP (KB978251)
Security Update for Windows XP (KB978262)
Security Update for Windows XP (KB978706)
SFR
SHASTA
Silver Efex Pro
skin0001
SKINXSDK
SMPlayer 0.6.6
Snagit 9.1.2
Sonic Activation Module
staticcr
tooltips
TurboTax 2008
TurboTax 2008 WinPerFedFormset
TurboTax 2008 WinPerProgramHelp
TurboTax 2008 WinPerReleaseEngine
TurboTax 2008 WinPerTaxSupport
TurboTax 2008 WinPerUserEducation
TurboTax 2008 wrapper
Update for 2007 Microsoft Office System (KB967642)
Update for Microsoft .NET Framework 3.5 SP1 (KB963707)
Update for Microsoft Office InfoPath 2007 (KB976416)
Update for Windows Internet Explorer 8 (KB971930)
Update for Windows Internet Explorer 8 (KB976749)
Update for Windows XP (KB951072-v2)
Update for Windows XP (KB951978)
Update for Windows XP (KB955759)
Update for Windows XP (KB955839)
Update for Windows XP (KB967715)
Update for Windows XP (KB968389)
Update for Windows XP (KB971737)
Update for Windows XP (KB973687)
Update for Windows XP (KB973815)
Viewpoint Media Player
Viveza
VPRINTOL
WD Anywhere Backup
WD Diagnostics
WD Drive Manager (x86)
WebFldrs XP
Windows Genuine Advantage Validation Tool (KB892130)
Windows Installer 3.1 (KB893803)
Windows Internet Explorer 7
Windows Internet Explorer 8
Windows Media Format 11 runtime
Windows Media Player 10
Windows Media Player 11
Windows XP Service Pack 3
WIRELESS
Yahoo! Toolbar

==== Event Viewer Messages From Past Week ========

2/21/2010 12:14:41 PM, error: Service Control Manager [7009] - Timeout (30000 milliseconds) waiting for the Application Layer Gateway Service service to connect.
2/21/2010 12:14:41 PM, error: Service Control Manager [7000] - The Application Layer Gateway Service service failed to start due to the following error: The service did not respond to the start or control request in a timely fashion.
2/21/2010 1:51:51 PM, error: Service Control Manager [7026] - The following boot-start or system-start driver(s) failed to load: iaStor
2/18/2010 8:32:09 AM, error: Service Control Manager [7031] - The Norton Internet Security service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 120000 milliseconds: Restart the service.
2/17/2010 8:34:50 AM, error: Service Control Manager [7000] - The Par1284 service failed to start due to the following error: The system cannot find the device specified.
2/15/2010 9:59:51 PM, error: Service Control Manager [7022] - The KodakDigitalDisplayService service hung on starting.

==== End Of File ===========================

phototec · 2010/02/21

I may be doing something wrong, I have tried twice to post the DDS file and it does't show up?

wildfire · 2010/02/21

"phototec said: ↑

I may be doing something wrong, I have tried twice to post the DDS file and it does't show up?
Click to expand...

As a new user your posts are moderated, give it a little time and it'll appear...

Don't try to post the logs again.

phototec · 2010/02/21

Wildfire,

Ok, I tried to load the DDS.txt before the Attach.txt file, however the Attach.txt file was loaded first. I did try to send the DSS.txt file a second time, I will not send it again.

Thanks for the heads up.

broni · 2010/02/21

Print these instructions out.

NOTE. If any of the programs listed below refuse to run, try renaming executive file to something else; for instance, rename hijackthis.exe to scanner.exe

***VERY IMPORTANT! Make sure, you update Malwarebytes before running the scans.***

STEP 1. Download Malwarebytes' Anti-Malware: http://www.malwarebytes.org/mbam.php to your desktop.
(Malwarebytes is free to use as a manual scanner. Payment is only required if you wish to have it run and update automatically which is not necessary for our purposes)

* Double-click mbam-setup.exe and follow the prompts to install the program.
* At the end, be sure a checkmark is placed next to Update Malwarebytes' Anti-Malware and Launch Malwarebytes' Anti-Malware, then click Finish.
* If an update is found, it will download and install the latest version.
* Once the program has loaded, select Perform Quick Scan, then click Scan.
* When the scan is complete, click OK, then Show Results to view the results.
* Be sure that everything is checked, and click Remove Selected.
* When completed, a log will open in Notepad.
* Post the log back here.

The log can also be found here:
C:\Documents and Settings\Username\Application Data\Malwarebytes\Malwarebytes' Anti-Malware\Logs\log-date.txt
Or at C:\Program Files\Malwarebytes' Anti-Malware\Logs\log-date.txt

RESTART COMPUTER!

STEP 2. Download GMER: http://www.gmer.net/files.php, by clicking on Download EXE button.
Alternative downloads:
- http://majorgeeks.com/GMER_d5198.html
- http://www.softpedia.com/get/Interne...ers/GMER.shtml
Double click on downloaded .exe file, select Rootkit tab and click the Scan button.
When scan is completed, click Save button, and save the results as gmer.log
Warning ! Please, do not select the "Show all" checkbox during the scan.
Post the log to your next reply.

RESTART COMPUTER

STEP 3. Download HijackThis:
http://www.trendsecure.com/portal/en-US/tools/security_tools/hijackthis/download
by clicking on Installer under Version 2.0.2
[DO NOT download version 2.0.3 (beta)]
Install, and run it.
Post HijackThis log.
NOTE. If you're using Vista, or 7, right click on HijackThis, and click Run as Administrator
Do NOT attempt to "fix" anything!

DO NOT make any other changes to your computer (like installing programs, using other cleaning tools, etc.), until it's officially declared clean!!!

phototec · 2010/02/21

While I was waiting I had already updated malwarebytes and ran the program, it found some infections and fixed them, however the issue of getting a prompt for credit card information still happens when I log onto ebay. I rebotted after the first scan and during a second scan, nothing was found. I will now do step two and three. Thanks for the help!

Malwarebytes' Anti-Malware 1.44
Database version: 3772
Windows 5.1.2600 Service Pack 3
Internet Explorer 8.0.6001.18702

2/21/2010 1:48:07 PM
mbam-log-2010-02-21 (13-48-07).txt

Scan type: Quick Scan
Objects scanned: 176473
Time elapsed: 15 minute(s), 46 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 0
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 6

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
(No malicious items detected)

Registry Values Infected:
(No malicious items detected)

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
(No malicious items detected)

Files Infected:
C:\Documents and Settings\HelpAssistant\Local Settings\Temp\AbGb.dll (Trojan.Dropper) -> Quarantined and deleted successfully.
C:\Documents and Settings\HelpAssistant\Local Settings\Temp\cvevtq.dll (Trojan.Dropper) -> Quarantined and deleted successfully.
C:\Documents and Settings\Jon\Local Settings\Temp\cvevtq.dll (Trojan.Dropper) -> Quarantined and deleted successfully.
C:\Documents and Settings\Jon\Local Settings\Temp\AbGb.dll (Trojan.Dropper) -> Quarantined and deleted successfully.
C:\Documents and Settings\HelpAssistant\Local Settings\Temporary Internet Files\Content.IE5\LMTXC261\eU230d9c2eH9982993fV0100f080006R568572e6102Td2027b6a201l0409K986b825530dP000201080[1] (Trojan.Dropper) -> Quarantined and deleted successfully.
C:\Documents and Settings\Jon\Local Settings\Temporary Internet Files\Content.IE5\LMTXC261\eU230d9c2eH9982993fV0100f080006R568572e6102Td2027b6a201l0409K986b825530dP000201080[1] (Trojan.Dropper) -> Quarantined and deleted successfully.

broni · 2010/02/21

I need two other logs.

phototec · 2010/02/21

Here is step 2 gmer log:

GMER 1.0.15.15281 - http://www.gmer.net
Rootkit quick scan 2010-02-21 17:55:19
Windows 5.1.2600 Service Pack 3
Running: czeziyu5.exe; Driver: C:\DOCUME~1\Jon\LOCALS~1\Temp\pwldrpow.sys

---- Devices - GMER 1.0.15 ----

AttachedDevice \Driver\Tcpip \Device\Ip SYMTDI.SYS (Network Dispatch Driver/Symantec Corporation)
AttachedDevice \Driver\Tcpip \Device\Tcp SYMTDI.SYS (Network Dispatch Driver/Symantec Corporation)
AttachedDevice \Driver\Tcpip \Device\Udp SYMTDI.SYS (Network Dispatch Driver/Symantec Corporation)
AttachedDevice \Driver\Tcpip \Device\RawIp SYMTDI.SYS (Network Dispatch Driver/Symantec Corporation)

---- EOF - GMER 1.0.15 ----

phototec · 2010/02/21

Ok, here is step 3, HijackThis log:

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 6:12:29 PM, on 2/21/2010
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v8.00 (8.00.6001.18702)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\LEXBCES.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\LEXPPS.EXE
C:\Program Files\Common Files\EPSON\EBAPI\eEBSVC.exe
C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ACService.exe
C:\Program Files\Common Files\Seagate\Schedule2\schedul2.exe
C:\WINDOWS\SYSTEM32\astsrv.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Common Files\Intuit\Update Service\IntuitUpdateService.exe
C:\Program Files\Norton Internet Security\Norton Internet Security\Engine\16.8.0.41\ccSvcHst.exe
C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxWatch9.exe
C:\Program Files\Dell\Dell Webcam Manager\DellWMgr.exe
C:\WINDOWS\RTHDCPL.EXE
C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ACDaemon.exe
C:\Program Files\Western Digital\WD Drive Manager\WDBtnMgrUI.exe
C:\Program Files\Dell Support Center\bin\sprtcmd.exe
C:\Program Files\Dell Support Center\bin\sprtsvc.exe
C:\Program Files\Ask & Record Toolbar\FLVSrvc.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_S5I0M2.EXE
C:\Program Files\Western Digital\WD Drive Manager\WDBtnMgrSvc.exe
C:\Program Files\CyberLink\PowerDVD DX\PDVDDXSrv.exe
C:\Program Files\Messenger\msmsgs.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATIBOA.EXE
C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe
C:\Program Files\Norton Internet Security\Norton Internet Security\Engine\16.8.0.41\ccSvcHst.exe
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = www.google.com/ig/dell?hl=en&client=dell-usuk-rel&channel=us&ibd=0071218
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Search,Default_Page_URL = www.google.com/ig/dell?hl=en&client=dell-usuk-rel&channel=us&ibd=0071218
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = http=127.0.0.1:5555
R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O2 - BHO: SnagIt Toolbar Loader - {00C6482D-C502-44C8-8409-FCE54AD9C208} - C:\Program Files\TechSmith\Snagit 9\SnagitBHO.dll
O2 - BHO: Symantec NCO BHO - {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} - C:\Program Files\Norton Internet Security\Norton Internet Security\Engine\16.8.0.41\coIEPlg.dll
O2 - BHO: Symantec Intrusion Prevention - {6D53EC84-6AAE-4787-AEEE-F4628F01010C} - C:\Program Files\Norton Internet Security\Norton Internet Security\Engine\16.8.0.41\IPSBHO.DLL
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.5.4723.1820\swg.dll
O2 - BHO: Ask Toolbar BHO - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files\Ask.com\GenericAskToolbar.dll
O3 - Toolbar: Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O3 - Toolbar: Ask && Record Toolbar - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files\Ask.com\GenericAskToolbar.dll
O3 - Toolbar: Snagit - {8FF5E183-ABDE-46EB-B09E-D2AAB95CABE3} - C:\Program Files\TechSmith\Snagit 9\SnagitIEAddin.dll
O3 - Toolbar: Norton Toolbar - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files\Norton Internet Security\Norton Internet Security\Engine\16.8.0.41\coIEPlg.dll
O3 - Toolbar: Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll
O4 - HKLM\..\Run: [IgfxTray] C:\WINDOWS\system32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\system32\hkcmd.exe
O4 - HKLM\..\Run: [Persistence] C:\WINDOWS\system32\igfxpers.exe
O4 - HKLM\..\Run: [DELL Webcam Manager] "C:\Program Files\Dell\Dell Webcam Manager\DellWMgr.exe" /s
O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE
O4 - HKLM\..\Run: [Alcmtr] ALCMTR.EXE
O4 - HKLM\..\Run: [ArcSoft Connection Service] C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ACDaemon.exe
O4 - HKLM\..\Run: [WD Drive Manager] C:\Program Files\Western Digital\WD Drive Manager\WDBtnMgrUI.exe
O4 - HKLM\..\Run: [dellsupportcenter] "C:\Program Files\Dell Support Center\bin\sprtcmd.exe" /P dellsupportcenter
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [Ask and Record FLV Service] "C:\Program Files\Ask & Record Toolbar\FLVSrvc.exe" /run
O4 - HKLM\..\Run: [EPSON Stylus Pro 4800] C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_S5I0M2.EXE /P21 "EPSON Stylus Pro 4800" /O6 "USB004" /M "Stylus Pro 4800 "
O4 - HKLM\..\Run: [dscactivate] "C:\Program Files\Dell Support Center\gs_agent\custom\dsca.exe "
O4 - HKLM\..\Run: [PDVDDXSrv] "C:\Program Files\CyberLink\PowerDVD DX\PDVDDXSrv.exe "
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [swg] "C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe "
O4 - HKCU\..\Run: [EPSON Stylus Photo R380 Series] C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATIBOA.EXE /FU "C:\DOCUME~1\Jon\LOCALS~1\Temp\E_S2B.tmp" /EF "HKCU "
O4 - HKCU\..\Run: [LDM] C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe
O4 - Global Startup: Logitech Desktop Messenger.lnk = C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LDMConf.exe
O8 - Extra context menu item: Append to existing PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: Bayside Sniper - Add Auction Item - res://C:\Documents and Settings\Jon\Application Data\BaysideSniperII\BaysideSniperIE.dll/IE/201
O8 - Extra context menu item: Bayside Sniper - Item Feedback Analyzer - res://C:\Documents and Settings\Jon\Application Data\BaysideSniperII\BaysideSniperIE.dll/IE/202
O8 - Extra context menu item: Convert link target to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: Convert link target to existing PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: Convert selected links to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
O8 - Extra context menu item: Convert selected links to existing PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
O8 - Extra context menu item: Convert selection to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: Convert selection to existing PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: Convert to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MI1933~1\Office12\EXCEL.EXE/3000
O8 - Extra context menu item: Google Sidewiki... - res://C:\Program Files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_96D6FF0C6D236BF8.dll/cmsidewiki.html
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MI1933~1\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MI1933~1\Office12\ONBttnIE.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MI1933~1\Office12\REFIEBAR.DLL
O9 - Extra button: Bayside Sniper - Add Auction Item - {C8644EC1-E8D3-4691-B778-6458E3701177} - res://C:\Documents and Settings\Jon\Application Data\BaysideSniperII\BaysideSniperIE.dll/IE/201 (file missing)
O9 - Extra 'Tools' menuitem: Bayside Sniper - Add Auction Item - {C8644EC1-E8D3-4691-B778-6458E3701177} - res://C:\Documents and Settings\Jon\Application Data\BaysideSniperII\BaysideSniperIE.dll/IE/201 (file missing)
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\system32\Shdocvw.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {01A88BB1-1174-41EC-ACCB-963509EAE56B} (SysProWmi Class) - http://support.dell.com/systemprofiler/SysPro.CAB
O16 - DPF: {6A344D34-5231-452A-8A57-D064AC9B7862} (Symantec Download Manager) - https://webdl.symantec.com/activex/symdlmgr.cab
O18 - Protocol: bw+0 - {1280A127-4C74-4A17-9ECE-31E68C34E42E} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw+0s - {1280A127-4C74-4A17-9ECE-31E68C34E42E} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw-0 - {1280A127-4C74-4A17-9ECE-31E68C34E42E} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw-0s - {1280A127-4C74-4A17-9ECE-31E68C34E42E} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw00 - {1280A127-4C74-4A17-9ECE-31E68C34E42E} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw00s - {1280A127-4C74-4A17-9ECE-31E68C34E42E} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw10 - {1280A127-4C74-4A17-9ECE-31E68C34E42E} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw10s - {1280A127-4C74-4A17-9ECE-31E68C34E42E} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw20 - {1280A127-4C74-4A17-9ECE-31E68C34E42E} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw20s - {1280A127-4C74-4A17-9ECE-31E68C34E42E} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw30 - {1280A127-4C74-4A17-9ECE-31E68C34E42E} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw30s - {1280A127-4C74-4A17-9ECE-31E68C34E42E} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw40 - {1280A127-4C74-4A17-9ECE-31E68C34E42E} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw40s - {1280A127-4C74-4A17-9ECE-31E68C34E42E} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw50 - {1280A127-4C74-4A17-9ECE-31E68C34E42E} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw50s - {1280A127-4C74-4A17-9ECE-31E68C34E42E} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw60 - {1280A127-4C74-4A17-9ECE-31E68C34E42E} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw60s - {1280A127-4C74-4A17-9ECE-31E68C34E42E} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw70 - {1280A127-4C74-4A17-9ECE-31E68C34E42E} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw70s - {1280A127-4C74-4A17-9ECE-31E68C34E42E} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw80 - {1280A127-4C74-4A17-9ECE-31E68C34E42E} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw80s - {1280A127-4C74-4A17-9ECE-31E68C34E42E} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw90 - {1280A127-4C74-4A17-9ECE-31E68C34E42E} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw90s - {1280A127-4C74-4A17-9ECE-31E68C34E42E} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwa0 - {1280A127-4C74-4A17-9ECE-31E68C34E42E} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwa0s - {1280A127-4C74-4A17-9ECE-31E68C34E42E} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwb0 - {1280A127-4C74-4A17-9ECE-31E68C34E42E} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwb0s - {1280A127-4C74-4A17-9ECE-31E68C34E42E} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwc0 - {1280A127-4C74-4A17-9ECE-31E68C34E42E} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwc0s - {1280A127-4C74-4A17-9ECE-31E68C34E42E} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwd0 - {1280A127-4C74-4A17-9ECE-31E68C34E42E} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwd0s - {1280A127-4C74-4A17-9ECE-31E68C34E42E} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwe0 - {1280A127-4C74-4A17-9ECE-31E68C34E42E} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwe0s - {1280A127-4C74-4A17-9ECE-31E68C34E42E} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwf0 - {1280A127-4C74-4A17-9ECE-31E68C34E42E} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwf0s - {1280A127-4C74-4A17-9ECE-31E68C34E42E} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwfile-8876480 - {9462A756-7B47-47BC-8C80-C34B9B80B32B} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\GAPlugProtocol-8876480.dll
O18 - Protocol: bwg0 - {1280A127-4C74-4A17-9ECE-31E68C34E42E} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwg0s - {1280A127-4C74-4A17-9ECE-31E68C34E42E} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwh0 - {1280A127-4C74-4A17-9ECE-31E68C34E42E} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwh0s - {1280A127-4C74-4A17-9ECE-31E68C34E42E} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwi0 - {1280A127-4C74-4A17-9ECE-31E68C34E42E} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwi0s - {1280A127-4C74-4A17-9ECE-31E68C34E42E} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwj0 - {1280A127-4C74-4A17-9ECE-31E68C34E42E} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwj0s - {1280A127-4C74-4A17-9ECE-31E68C34E42E} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwk0 - {1280A127-4C74-4A17-9ECE-31E68C34E42E} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwk0s - {1280A127-4C74-4A17-9ECE-31E68C34E42E} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwl0 - {1280A127-4C74-4A17-9ECE-31E68C34E42E} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwl0s - {1280A127-4C74-4A17-9ECE-31E68C34E42E} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwm0 - {1280A127-4C74-4A17-9ECE-31E68C34E42E} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwm0s - {1280A127-4C74-4A17-9ECE-31E68C34E42E} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwn0 - {1280A127-4C74-4A17-9ECE-31E68C34E42E} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwn0s - {1280A127-4C74-4A17-9ECE-31E68C34E42E} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwo0 - {1280A127-4C74-4A17-9ECE-31E68C34E42E} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwo0s - {1280A127-4C74-4A17-9ECE-31E68C34E42E} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwp0 - {1280A127-4C74-4A17-9ECE-31E68C34E42E} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwp0s - {1280A127-4C74-4A17-9ECE-31E68C34E42E} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwq0 - {1280A127-4C74-4A17-9ECE-31E68C34E42E} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwq0s - {1280A127-4C74-4A17-9ECE-31E68C34E42E} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwr0 - {1280A127-4C74-4A17-9ECE-31E68C34E42E} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwr0s - {1280A127-4C74-4A17-9ECE-31E68C34E42E} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bws0 - {1280A127-4C74-4A17-9ECE-31E68C34E42E} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bws0s - {1280A127-4C74-4A17-9ECE-31E68C34E42E} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwt0 - {1280A127-4C74-4A17-9ECE-31E68C34E42E} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwt0s - {1280A127-4C74-4A17-9ECE-31E68C34E42E} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwu0 - {1280A127-4C74-4A17-9ECE-31E68C34E42E} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwu0s - {1280A127-4C74-4A17-9ECE-31E68C34E42E} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwv0 - {1280A127-4C74-4A17-9ECE-31E68C34E42E} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwv0s - {1280A127-4C74-4A17-9ECE-31E68C34E42E} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bww0 - {1280A127-4C74-4A17-9ECE-31E68C34E42E} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bww0s - {1280A127-4C74-4A17-9ECE-31E68C34E42E} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwx0 - {1280A127-4C74-4A17-9ECE-31E68C34E42E} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwx0s - {1280A127-4C74-4A17-9ECE-31E68C34E42E} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwy0 - {1280A127-4C74-4A17-9ECE-31E68C34E42E} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwy0s - {1280A127-4C74-4A17-9ECE-31E68C34E42E} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwz0 - {1280A127-4C74-4A17-9ECE-31E68C34E42E} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwz0s - {1280A127-4C74-4A17-9ECE-31E68C34E42E} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: offline-8876480 - {1280A127-4C74-4A17-9ECE-31E68C34E42E} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: symres - {AA1061FE-6C41-421F-9344-69640C9732AB} - C:\Program Files\Norton Internet Security\Norton Internet Security\Engine\16.8.0.41\coIEPlg.dll
O20 - Winlogon Notify: GoToAssist - C:\Program Files\Citrix\GoToAssist\480\G2AWinLogon.dll
O23 - Service: ArcSoft Connect Daemon (ACDaemon) - ArcSoft Inc. - C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ACService.exe
O23 - Service: Acronis Scheduler2 Service (AcrSch2Svc) - Acronis - C:\Program Files\Common Files\Seagate\Schedule2\schedul2.exe
O23 - Service: Adobe Version Cue CS3 - Adobe Systems Incorporated - C:\Program Files\Common Files\Adobe\Adobe Version Cue CS3\Server\bin\VersionCueCS3.exe
O23 - Service: AST Service (astcc) - Nalpeiron Ltd. - C:\WINDOWS\SYSTEM32\astsrv.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
O23 - Service: ##Id_String1.6844F930_1628_4223_B5CC_5BB94B879762## (Bonjour Service) - Apple Computer, Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: EpsonBidirectionalService - SEIKO EPSON CORPORATION - C:\Program Files\Common Files\EPSON\EBAPI\eEBSVC.exe
O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
O23 - Service: GoogleDesktopManager - Google - C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe
O23 - Service: GoToAssist - Citrix Online, a division of Citrix Systems, Inc. - C:\Program Files\Citrix\GoToAssist\480\g2aservice.exe
O23 - Service: Google Update Service (gupdate1c9ed2d43e74af4) (gupdate1c9ed2d43e74af4) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe
O23 - Service: Google Software Updater (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe
O23 - Service: Intuit Update Service (IntuitUpdateService) - Intuit Inc. - C:\Program Files\Common Files\Intuit\Update Service\IntuitUpdateService.exe
O23 - Service: KodakDigitalDisplayService - Orb Networks, Inc. - C:\Program Files\Kodak\Digital Display\OrbKodakLauncher\DllStartupService.exe
O23 - Service: LexBce Server (LexBceS) - Lexmark International, Inc. - C:\WINDOWS\system32\LEXBCES.EXE
O23 - Service: Norton Internet Security - Symantec Corporation - C:\Program Files\Norton Internet Security\Norton Internet Security\Engine\16.8.0.41\ccSvcHst.exe
O23 - Service: RoxMediaDB9 - Sonic Solutions - C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxMediaDB9.exe
O23 - Service: Roxio Hard Drive Watcher 9 (RoxWatch9) - Sonic Solutions - C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxWatch9.exe
O23 - Service: SupportSoft Sprocket Service (dellsupportcenter) (sprtsvc_dellsupportcenter) - SupportSoft, Inc. - C:\Program Files\Dell Support Center\bin\sprtsvc.exe
O23 - Service: stllssvr - MicroVision Development, Inc. - C:\Program Files\Common Files\SureThing Shared\stllssvr.exe
O23 - Service: WD Drive Manager Service (WDBtnMgrSvc.exe) - WDC - C:\Program Files\Western Digital\WD Drive Manager\WDBtnMgrSvc.exe

--
End of file - 25492 bytes

broni · 2010/02/21

Please download ComboFix from [color= "Red"]Here[/color] or [color= "#FF0000"]Here[/color] to your Desktop.

**Note: In the event you already have Combofix, this is a new version that I need you to download. It is important that it is saved directly to your desktop**

Please, never rename Combofix unless instructed.

Close any open browsers.

Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.

Very Important! Temporarily disable your anti-virus, script blocking and any anti-malware real-time protection before performing a scan. They can interfere with ComboFix or remove some of its embedded files which may cause "unpredictable results ".

Click on this link to see a list of programs that should be disabled. The list is not all inclusive. If yours is not listed and you don't know how to disable it, please ask.

NOTE1. If Combofix asks you to install Recovery Console, please allow it.
NOTE 2. If Combofix asks you to update the program, always do so.

Close any open browsers.

WARNING: Combofix will disconnect your machine from the Internet as soon as it starts

Please do not attempt to re-connect your machine back to the Internet until Combofix has completely finished.

If there is no internet connection after running Combofix, then restart your computer to restore back your connection.

Double click on combofix.exe & follow the prompts.

When finished, it will produce a report for you.

Please post the "C:\ComboFix.txt" along with a new HijackThis log for further review.

**Note: Do not mouseclick combofix's window while it's running. That may cause it to stall**

Make sure, you re-enable your security programs, when you're done with Combofix.

DO NOT make any other changes to your computer (like installing programs, using other cleaning tools, etc.), until it's officially declared clean!!!

phototec · 2010/02/21

Combofix log

Ok, teh Combofix step has been done, here is the report, it took a while:

ComboFix 10-02-21.02 - Jon 02/21/2010 18:51:49.1.2 - x86
Microsoft Windows XP Home Edition 5.1.2600.3.1252.1.1033.18.3061.2176 [GMT -6:00]
Running from: c:\documents and settings\Jon\Desktop\ComboFix.exe
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\docume~1\Jon\LOCALS~1\Temp\IadHide5.dll
c:\documents and settings\Jon\Local Settings\Temp\IadHide5.dll
c:\windows\COUPON~1.OCX
c:\windows\CouponPrinter.ocx
c:\windows\system32\twain_32.dll

.
original MBR restored successfully !
.
((((((((((((((((((((((((( Files Created from 2010-01-22 to 2010-02-22 )))))))))))))))))))))))))))))))
.

2010-02-21 20:27 . 2010-02-21 20:27 -------- d-----w- c:\program files\Trend Micro
2010-02-21 15:59 . 2010-02-21 15:59 -------- d-----w- c:\documents and settings\HelpAssistant\WINDOWS
2010-02-21 15:59 . 2010-02-21 15:59 -------- d-----w- c:\documents and settings\HelpAssistant\UserData
2010-02-21 15:59 . 2010-02-21 15:59 -------- d-----w- c:\documents and settings\HelpAssistant\PrivacIE
2010-02-21 15:57 . 2010-02-21 15:57 -------- d-----w- c:\documents and settings\HelpAssistant\Logitech
2010-02-21 07:48 . 2010-02-21 07:48 -------- d-----w- c:\documents and settings\HelpAssistant\IETldCache
2010-02-21 07:48 . 2010-02-21 07:48 -------- d-----w- c:\documents and settings\HelpAssistant\IECompatCache
2010-02-21 07:48 . 2008-05-27 04:16 60968 ----a-w- c:\documents and settings\HelpAssistant\GoToAssistDownloadHelper.exe
2010-01-27 07:32 . 2010-01-27 07:31 286720 ----a-w- c:\windows\iun507.exe
2010-01-27 07:32 . 2010-01-27 07:32 -------- d-----w- c:\program files\RescuePRO

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2010-02-21 19:03 . 2009-12-20 17:42 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2010-02-21 07:40 . 2008-12-21 05:25 -------- d-----w- c:\program files\EPSON Print CD
2010-02-21 06:37 . 2008-04-02 06:48 -------- d-----w- c:\documents and settings\All Users\Application Data\Google Updater
2010-02-15 18:41 . 2010-01-14 16:04 -------- d-----w- c:\documents and settings\Jon\Application Data\BaysideSniperII
2010-02-13 09:24 . 2008-11-24 02:39 -------- d-----w- c:\documents and settings\Jon\Application Data\Vso
2010-02-06 22:01 . 2007-12-18 03:08 -------- d-----w- c:\program files\Google
2010-01-20 14:08 . 2009-01-22 02:43 -------- d-----w- c:\program files\Microsoft Silverlight
2010-01-07 22:07 . 2009-12-20 17:42 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2010-01-07 22:07 . 2009-12-20 17:42 19160 ----a-w- c:\windows\system32\drivers\mbam.sys
2010-01-03 18:04 . 2007-12-18 02:58 -------- d--h--w- c:\program files\InstallShield Installation Information
2010-01-03 09:31 . 2007-12-18 03:06 -------- d-----w- c:\program files\CyberLink
2009-12-31 16:50 . 2004-08-10 17:51 353792 ----a-w- c:\windows\system32\drivers\srv.sys
2009-12-30 23:48 . 2007-12-18 03:07 -------- d-----w- c:\program files\Common Files\Adobe
2009-12-21 19:14 . 2004-08-10 17:51 916480 ----a-w- c:\windows\system32\wininet.dll
2009-12-16 18:43 . 2004-08-10 18:01 343040 ----a-w- c:\windows\system32\mspaint.exe
2009-12-14 07:08 . 2004-08-10 17:50 33280 ----a-w- c:\windows\system32\csrsrv.dll
2009-12-08 19:26 . 2004-08-10 17:51 2145280 ----a-w- c:\windows\system32\ntoskrnl.exe
2009-12-08 18:43 . 2004-08-04 03:59 2023936 ----a-w- c:\windows\system32\ntkrnlpa.exe
2009-12-04 18:22 . 2004-08-10 17:51 455424 ----a-w- c:\windows\system32\drivers\mrxsmb.sys
2009-12-04 07:10 . 2009-09-17 05:07 878 ----a-w- c:\documents and settings\Jon\Application Data\wklnhst.dat
2009-12-01 16:28 . 2008-01-23 20:53 292416 ----a-w- c:\documents and settings\Jon\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
2009-11-27 17:11 . 2004-08-10 17:51 1291776 ----a-w- c:\windows\system32\quartz.dll
2009-11-27 17:11 . 2004-08-04 05:56 17920 ----a-w- c:\windows\system32\msyuv.dll
2009-11-27 16:07 . 2004-08-10 17:51 28672 ----a-w- c:\windows\system32\msvidc32.dll
2009-11-27 16:07 . 2001-08-18 03:36 8704 ----a-w- c:\windows\system32\tsbyuv.dll
2009-11-27 16:07 . 2004-08-10 17:51 11264 ----a-w- c:\windows\system32\msrle32.dll
2009-11-27 16:07 . 2004-08-10 17:50 84992 ----a-w- c:\windows\system32\avifil32.dll
2009-11-27 16:07 . 2004-08-04 05:56 48128 ----a-w- c:\windows\system32\iyuv_32.dll
2007-12-18 02:59 . 2007-12-18 02:59 76 --sh--r- c:\windows\CT4CET.bin
.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{D4027C7F-154A-4066-A1AD-4243D8127440}]
2009-06-04 23:04 1144712 ----a-w- c:\program files\Ask.com\GenericAskToolbar.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
"{D4027C7F-154A-4066-A1AD-4243D8127440} "= "c:\program files\Ask.com\GenericAskToolbar.dll" [2009-06-04 1144712]

[HKEY_CLASSES_ROOT\clsid\{d4027c7f-154a-4066-a1ad-4243d8127440}]
[HKEY_CLASSES_ROOT\GenericAskToolbar.ToolbarWnd.1]
[HKEY_CLASSES_ROOT\TypeLib\{2996F0E7-292B-4CAE-893F-47B8B1C05B56}]
[HKEY_CLASSES_ROOT\GenericAskToolbar.ToolbarWnd]

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\Webbrowser]
"{D4027C7F-154A-4066-A1AD-4243D8127440} "= "c:\program files\Ask.com\GenericAskToolbar.dll" [2009-06-04 1144712]

[HKEY_CLASSES_ROOT\clsid\{d4027c7f-154a-4066-a1ad-4243d8127440}]
[HKEY_CLASSES_ROOT\GenericAskToolbar.ToolbarWnd.1]
[HKEY_CLASSES_ROOT\TypeLib\{2996F0E7-292B-4CAE-893F-47B8B1C05B56}]
[HKEY_CLASSES_ROOT\GenericAskToolbar.ToolbarWnd]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"MSMSGS "= "c:\program files\Messenger\msmsgs.exe" [2008-04-14 1695232]
"swg "= "c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2007-12-18 68856]
"LDM "= "c:\program files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe" [2009-10-13 36864]
"ctfmon.exe "= "c:\windows\system32\ctfmon.exe" [2008-04-14 15360]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"IgfxTray "= "c:\windows\system32\igfxtray.exe" [2007-07-17 142104]
"HotKeysCmds "= "c:\windows\system32\hkcmd.exe" [2007-07-17 162584]
"Persistence "= "c:\windows\system32\igfxpers.exe" [2007-07-17 138008]
"DELL Webcam Manager "= "c:\program files\Dell\Dell Webcam Manager\DellWMgr.exe" [2007-07-27 118784]
"RTHDCPL "= "RTHDCPL.EXE" [2007-07-17 16132608]
"ArcSoft Connection Service "= "c:\program files\Common Files\ArcSoft\Connection Service\Bin\ACDaemon.exe" [2009-10-10 203264]
"WD Drive Manager "= "c:\program files\Western Digital\WD Drive Manager\WDBtnMgrUI.exe" [2008-06-12 430080]
"dellsupportcenter "= "c:\program files\Dell Support Center\bin\sprtcmd.exe" [2009-05-21 206064]
"QuickTime Task "= "c:\program files\QuickTime\qttask.exe" [2008-05-27 413696]
"Ask and Record FLV Service "= "c:\program files\Ask & Record Toolbar\FLVSrvc.exe" [2009-03-10 156672]
"EPSON Stylus Pro 4800 "= "c:\windows\System32\spool\DRIVERS\W32X86\3\E_S5I0M2.EXE" [2004-08-11 98304]
"dscactivate "= "c:\program files\Dell Support Center\gs_agent\custom\dsca.exe" [2007-11-15 16384]
"PDVDDXSrv "= "c:\program files\CyberLink\PowerDVD DX\PDVDDXSrv.exe" [2007-06-09 128560]

c:\documents and settings\All Users\Start Menu\Programs\Startup\
Logitech Desktop Messenger.lnk - c:\program files\Logitech\Desktop Messenger\8876480\Program\LDMConf.exe [2009-10-13 196608]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\GoToAssist]
2008-05-27 04:16 10792 ----a-w- c:\program files\Citrix\GoToAssist\480\g2awinlogon.dll

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\SymEFA.sys]
@= "FSFilter Activity Monitor "

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Digital Line Detect.lnk]
path=c:\documents and settings\All Users\Start Menu\Programs\Startup\Digital Line Detect.lnk
backup=c:\windows\pss\Digital Line Detect.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Kodak EasyShare software.lnk]
path=c:\documents and settings\All Users\Start Menu\Programs\Startup\Kodak EasyShare software.lnk
backup=c:\windows\pss\Kodak EasyShare software.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^WD Anywhere Backup Launcher.lnk]
path=c:\documents and settings\All Users\Start Menu\Programs\Startup\WD Anywhere Backup Launcher.lnk
backup=c:\windows\pss\WD Anywhere Backup Launcher.lnkCommon Startup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Acrobat Assistant 8.0]
2008-01-12 00:54 623992 ----a-w- c:\program files\Adobe\Acrobat 8.0\Acrobat\Acrotray.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Acronis Scheduler2 Service]
2007-04-20 02:29 149024 ----a-w- c:\program files\Common Files\Seagate\Schedule2\schedhlp.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AcronisTimounterMonitor]
2007-04-20 02:38 1945688 ----a-w- c:\program files\Seagate\DiscWizard\TimounterMonitor.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Reader Speed Launcher]
2008-01-12 03:16 39792 ----a-w- c:\program files\Adobe\Reader 8.0\Reader\reader_sl.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe_ID0EYTHM]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Dell AIO Printer A920]
2003-05-12 20:02 270336 ------w- c:\program files\Dell AIO Printer A920\dlbkbmgr.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DellSupportCenter]
2009-05-21 15:55 206064 ----a-w- c:\program files\Dell Support Center\bin\sprtcmd.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DiscWizardMonitor.exe]
2007-04-20 02:24 1169744 ----a-w- c:\program files\Seagate\DiscWizard\DiscWizardMonitor.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\dscactivate]
2007-11-15 14:24 16384 ----a-w- c:\program files\Dell Support Center\gs_agent\custom\dsca.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ECenter]
2007-05-24 12:03 17920 ----a-w- c:\dell\E-Center\EULALauncher.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\EPSON Stylus Photo R380 Series]
2006-05-29 09:00 139264 ----a-w- c:\windows\system32\spool\drivers\w32x86\3\E_FATIBOA.EXE

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Google Desktop Search]
2007-12-18 03:08 1838592 ----a-w- c:\program files\Google\Google Desktop Search\GoogleDesktop.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ISUSPM Startup]
2006-10-03 16:35 221184 ----a-w- c:\progra~1\COMMON~1\INSTAL~1\UPDATE~1\ISUSPM.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ISUSScheduler]
2006-10-03 16:37 81920 ----a-w- c:\program files\Common Files\InstallShield\UpdateService\issch.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PDVDDXSrv]
2007-06-09 00:40 128560 ------w- c:\program files\CyberLink\PowerDVD DX\PDVDDXSrv.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
2008-05-27 15:50 413696 ----a-w- c:\program files\QuickTime\QTTask.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RoxioDragToDisc]
2006-08-17 14:00 1116920 ----a-w- c:\program files\Roxio\Drag-to-Disc\DrgToDsc.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RoxWatchTray]
2006-11-05 16:22 221184 ----a-w- c:\program files\Common Files\Roxio Shared\9.0\SharedCOM\RoxWatchTray9.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\swg]
2007-12-18 03:08 68856 ----a-w- c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring]
"DisableMonitoring "=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]
"DisableMonitoring "=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall]
"DisableMonitoring "=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall "= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe "=
"c:\\Program Files\\Bonjour\\mDNSResponder.exe "=
"c:\\Program Files\\Common Files\\Adobe\\Adobe Version Cue CS3\\Server\\bin\\VersionCueCS3.exe "=
"%windir%\\Network Diagnostic\\xpnetdiag.exe "=
"c:\\Program Files\\Kodak\\Digital Display\\KodakDigitalDisplaySoftware.exe "=
"c:\\Program Files\\Kodak\\Digital Display\\OrbKodakLauncher\\DllStartupService.exe "=
"c:\\Program Files\\Kodak\\Kodak EasyShare software\\bin\\EasyShare.exe "=
"e:\\uTorrent.exe "=
"c:\\Program Files\\Microsoft Office\\Office12\\ONENOTE.EXE "=
"c:\\Program Files\\Logitech\\Desktop Messenger\\8876480\\Program\\LogitechDesktopMessenger.exe "=
"c:\\Program Files\\Logitech\\Logitech Harmony Remote Software 7\\HarmonyRemote.exe "=

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"3703:TCP "= 3703:TCP:Adobe Version Cue CS3 Server
"3704:TCP "= 3704:TCP:Adobe Version Cue CS3 Server
"50900:TCP "= 50900:TCP:Adobe Version Cue CS3 Server
"50901:TCP "= 50901:TCP:Adobe Version Cue CS3 Server
"65533:TCP "= 65533:TCP:Services
"52344:TCP "= 52344:TCP:Services
"2479:TCP "= 2479:TCP:Services
"3304:TCP "= 3304:TCP:Services
"3389:TCP "= 3389:TCP:Remote Desktop
"6520:TCP "= 6520:TCP:Services

R0 SymEFA;Symantec Extended File Attributes;c:\windows\system32\drivers\NIS\1008000.029\SymEFA.sys [2/2/2010 11:25 PM 310320]
R1 BHDrvx86;Symantec Heuristics Driver;c:\windows\system32\drivers\NIS\1008000.029\BHDrvx86.sys [2/2/2010 11:25 PM 259632]
R1 ccHP;Symantec Hash Provider;c:\windows\system32\drivers\NIS\1008000.029\cchpx86.sys [2/2/2010 9:56 PM 482432]
R1 IDSxpx86;IDSxpx86;c:\documents and settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\Norton\Definitions\IPSDefs\20100218.001\IDSXpx86.sys [2/19/2010 11:47 PM 329592]
R2 KodakDigitalDisplayService;KodakDigitalDisplayService;c:\program files\Kodak\Digital Display\OrbKodakLauncher\DllStartupService.exe [8/14/2008 1:10 PM 98304]
R2 Norton Internet Security;Norton Internet Security;c:\program files\Norton Internet Security\Norton Internet Security\Engine\16.8.0.41\ccSvcHst.exe [2/2/2010 11:25 PM 117640]
R2 WDBtnMgrSvc.exe;WD Drive Manager Service;c:\program files\Western Digital\WD Drive Manager\WDBtnMgrSvc.exe [6/12/2008 10:13 AM 102400]
R3 EraserUtilRebootDrv;EraserUtilRebootDrv;c:\program files\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys [9/22/2009 2:00 AM 102448]
R3 RLDesignVirtualAudioCableWdm;Live! Cam Virtual;c:\windows\system32\drivers\livecamv.sys [12/17/2007 8:59 PM 31616]
S2 gupdate1c9ed2d43e74af4;Google Update Service (gupdate1c9ed2d43e74af4);c:\program files\Google\Update\GoogleUpdate.exe [6/14/2009 2:18 PM 133104]
S3 WDC_SAM;WD SCSI Pass Thru driver;c:\windows\system32\drivers\wdcsam.sys [12/27/2008 2:09 AM 11520]
.
Contents of the 'Scheduled Tasks' folder

2010-02-22 c:\windows\Tasks\Google Software Updater.job
- c:\program files\Google\Common\Google Updater\GoogleUpdaterService.exe [2007-12-18 03:29]

2010-02-22 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2009-06-14 20:18]

2010-02-21 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2009-06-14 20:18]

2010-02-22 c:\windows\Tasks\Scheduled Update for Ask Toolbar.job
- c:\program files\Ask.com\UpdateTask.exe [2009-06-04 23:04]

2010-02-21 c:\windows\Tasks\User_Feed_Synchronization-{0FD3F505-6AFC-419D-931A-D77414371BCD}.job
- c:\windows\system32\msfeedssync.exe [2007-08-13 09:31]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.google.com
mStart Page = hxxp://www.google.com
uInternet Connection Wizard,ShellNext = hxxp://www.google.com/ig/dell?hl=en&client=dell-usuk-rel&channel=us&ibd=0071218
uInternet Settings,ProxyServer = http=127.0.0.1:5555
uInternet Settings,ProxyOverride = <local>
IE: Append to existing PDF - c:\program files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
IE: Bayside Sniper - Add Auction Item - c:\documents and settings\Jon\Application Data\BaysideSniperII\BaysideSniperIE.dll/IE/201
IE: Bayside Sniper - Item Feedback Analyzer - c:\documents and settings\Jon\Application Data\BaysideSniperII\BaysideSniperIE.dll/IE/202
IE: Convert link target to Adobe PDF - c:\program files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
IE: Convert link target to existing PDF - c:\program files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
IE: Convert selected links to Adobe PDF - c:\program files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
IE: Convert selected links to existing PDF - c:\program files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
IE: Convert selection to Adobe PDF - c:\program files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
IE: Convert selection to existing PDF - c:\program files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
IE: Convert to Adobe PDF - c:\program files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
IE: E&xport to Microsoft Excel - c:\progra~1\MI1933~1\Office12\EXCEL.EXE/3000
IE: Google Sidewiki... - c:\program files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_96D6FF0C6D236BF8.dll/cmsidewiki.html
IE: {{C8644EC1-E8D3-4691-B778-6458E3701177} - res://c:\documents and settings\Jon\Application Data\BaysideSniperII\BaysideSniperIE.dll/IE/201
Handler: bwfile-8876480 - {9462A756-7B47-47BC-8C80-C34B9B80B32B} - c:\program files\Logitech\Desktop Messenger\8876480\Program\GAPlugProtocol-8876480.dll
.
- - - - ORPHANS REMOVED - - - -

WebBrowser-{8FF5E180-ABDE-46EB-B09E-D2AAB95CABE3} - (no file)
MSConfigStartUp-Advanced SystemCare 3 - c:\program files\IObit\Advanced SystemCare 3\AWC.exe
AddRemove-DVD Shrink_is1 - e:\dvd shrink\unins000.exe

**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2010-02-21 18:58
Windows 5.1.2600 Service Pack 3 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

c:\windows\TEMP\Perflib_Perfdata_ce0.dat 16384 bytes

scan completed successfully
hidden files: 1

**************************************************************************

Stealth MBR rootkit/Mebroot/Sinowal detector 0.3.7 by Gmer, http://www.gmer.net

device: opened successfully
user: MBR read successfully
called modules: ntkrnlpa.exe CLASSPNP.SYS disk.sys >>UNKNOWN [0x8AE91840]<<
kernel: MBR read successfully
detected MBR rootkit hooks:
\Driver\Disk -> CLASSPNP.SYS @ 0xba0ecf28
\Driver\ACPI -> 0x8ae91840
\Driver\atapi -> atapi.sys @ 0xb9f37852
\Driver\iaStor -> iaStor.sys @ 0xb9ea4918
IoDeviceObjectType -> ParseProcedure -> ntkrnlpa.exe @ 0x805827e8
\Device\Harddisk0\DR0 -> ParseProcedure -> ntkrnlpa.exe @ 0x805827e8
NDIS: Intel(R) 82562V-2 10/100 Network Connection -> SendCompleteHandler -> 0x893cd330
PacketIndicateHandler -> NDIS.sys @ 0xb9d24a21
SendHandler -> NDIS.sys @ 0xb9d0287b
Warning: possible MBR rootkit infection !
copy of MBR has been found in sector 0x01D1A4F79
malicious code @ sector 0x01D1A4F7C !
PE file found in sector at 0x01D1A4F92 !
MBR rootkit infection detected ! Use: "mbr.exe -f" to fix.

**************************************************************************

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\Norton Internet Security]
"ImagePath "= "\ "c:\program files\Norton Internet Security\Norton Internet Security\Engine\16.8.0.41\ccSvcHst.exe\" /s \ "Norton Internet Security\" /m \ "c:\program files\Norton Internet Security\Norton Internet Security\Engine\16.8.0.41\diMaster.dll\" /prefetch:1 "
.
--------------------- DLLs Loaded Under Running Processes ---------------------

- - - - - - - > 'winlogon.exe'(1268)
c:\windows\system32\Ati2evxx.dll
c:\program files\Citrix\GoToAssist\480\G2AWinLogon.dll

- - - - - - - > 'lsass.exe'(1384)
c:\windows\system32\relog_ap.dll

- - - - - - - > 'explorer.exe'(5052)
c:\windows\system32\WININET.dll
c:\documents and settings\Jon\Local Settings\Application Data\FLVService\lib\FLVSrvLib.dll
c:\windows\system32\ieframe.dll
c:\windows\system32\webcheck.dll
c:\windows\system32\WPDShServiceObj.dll
c:\program files\Roxio\Drag-to-Disc\Shellex.dll
c:\windows\system32\DLAAPI_W.DLL
c:\windows\system32\CDRTC.DLL
c:\program files\Roxio\Drag-to-Disc\ShellRes.dll
c:\windows\system32\PortableDeviceTypes.dll
c:\windows\system32\PortableDeviceApi.dll
.
------------------------ Other Running Processes ------------------------
.
c:\windows\system32\Ati2evxx.exe
c:\windows\system32\Ati2evxx.exe
c:\windows\system32\LEXBCES.EXE
c:\windows\system32\LEXPPS.EXE
c:\program files\Common Files\EPSON\EBAPI\eEBSVC.exe
c:\program files\Common Files\ArcSoft\Connection Service\Bin\ACService.exe
c:\program files\Common Files\Seagate\Schedule2\schedul2.exe
c:\windows\SYSTEM32\astsrv.exe
c:\program files\Bonjour\mDNSResponder.exe
c:\program files\Common Files\Intuit\Update Service\IntuitUpdateService.exe
c:\program files\Common Files\Roxio Shared\9.0\SharedCOM\RoxWatch9.exe
c:\program files\Dell Support Center\bin\sprtsvc.exe
c:\windows\system32\wscntfy.exe
c:\windows\RTHDCPL.EXE
.
**************************************************************************
.
Completion time: 2010-02-21 19:09:24 - machine was rebooted
ComboFix-quarantined-files.txt 2010-02-22 01:09

Pre-Run: 198,822,113,280 bytes free
Post-Run: 199,308,656,640 bytes free

WindowsXP-KB310994-SP2-Home-BootDisk-ENU.exe
[boot loader]
timeout=2
default=multi(0)disk(0)rdisk(0)partition(2)\WINDOWS
[operating systems]
c:\cmdcons\BOOTSECT.DAT= "Microsoft Windows Recovery Console" /cmdcons
multi(0)disk(0)rdisk(0)partition(2)\WINDOWS= "Microsoft Windows XP Home Edition" /noexecute=optin /fastdetect /bootlog

- - End Of File - - 6C161629AA7B429808DE74EF069F9848

broni · 2010/02/21

Download the MBR Rootkit Detector: http://www2.gmer.net/mbr/mbr.exe to your desktop.

* Doubleclick mbr.exe and follow prompts (Vista users: right click on mbr.exe and click "Run As Administrator ").
* A black DOS window will quickly appear then disappear.
* When mbr.exe is finished it will create a log on your desktop.
* Copy and paste contents of that log (mbr.log) file to your next reply.

phototec · 2010/02/21

Broni,

Do you think the virus is gone? I will not do anything until I hear back from you, I guess I should not even try to login to ebay until you give me the ok.

I will be waiting for your reply.

Thanks

phototec · 2010/02/21

mbr.log

Stealth MBR rootkit/Mebroot/Sinowal detector 0.3.7 by Gmer, http://www.gmer.net

device: opened successfully
user: MBR read successfully
kernel: MBR read successfully
detected MBR rootkit hooks:
\Driver\ACPI -> 0x8ae91840
NDIS: Intel(R) 82562V-2 10/100 Network Connection -> SendCompleteHandler -> 0x893cd330
Warning: possible MBR rootkit infection !
copy of MBR has been found in sector 0x01D1A4F79
malicious code @ sector 0x01D1A4F7C !
PE file found in sector at 0x01D1A4F92 !
MBR rootkit infection detected ! Use: "mbr.exe -f" to fix.

broni · 2010/02/21

Don't go to any eBay until I say, you're clear.
Just follow my instructions.

broni · 2010/02/21

Go Start>Run, type in:
cmd
Click OK.

At the DOS prompt type:
mbr.exe -f (<------make sure you have a space before the -f)
Hit Enter.

Type:
exit
Hit Enter.

Restart the computer normally.

Run the mbr.exe again.
Post new log.

phototec · 2010/02/21

mbr.log?

I followed your last instructions, then rebotted, Norton came up with two warnings:

Boot.Mebroot detected by Auto-Protect - Quarantined

Auto-Protect has detected Boot.Mebroot - Blocked

Then I ran mbr.exe again (per instructions), it ran real fast, a blink of an eye, however I don't know if this log (on my desktop), is a new log or the first log?

Stealth MBR rootkit/Mebroot/Sinowal detector 0.3.7 by Gmer, http://www.gmer.net

device: opened successfully
user: MBR read successfully
kernel: MBR read successfully
user & kernel MBR OK
copy of MBR has been found in sector 0x01D1A4F79
malicious code @ sector 0x01D1A4F7C !
PE file found in sector at 0x01D1A4F92 !

broni · 2010/02/21

That's good result

Uninstall Combofix:
Go Start > Run [Vista users, go Start> "Start search"]
Type in:
Combofix /Uninstall
Note the space between the "Combofix" and the "/Uninstall "
Click OK (Vista users - press Enter).
Restart computer.

==============================================================

1. Download Temp File Cleaner (TFC)
Double click on TFC.exe to run the program.
Click on Start button to begin cleaning process.
TFC will close all running programs, and it may ask you to restart computer.

2. Go to Kaspersky website and perform an online antivirus scan.

1. Disable your active antivirus program.
2. Read through the requirements and privacy statement and click on Accept button.
3. It will start downloading and installing the scanner and virus definitions. You will be prompted to install an application from Kaspersky. Click Run.
4. When the downloads have finished, click on Settings.
5. Make sure these boxes are checked (ticked). If they are not, please tick them and click on the Save button:

Spyware, Adware, Dialers, and other potentially dangerous programs
[*] Archives
[*] Mail databases

6. Click on My Computer under Scan.
7. Once the scan is complete, it will display the results. Click on View Scan Report.
8. You will see a list of infected items there. Click on Save Report As....
9. Save this report to a convenient place. Change the Files of type to Text file (.txt) before clicking on the Save button. Then post it here.

Post fresh HijackThis log as well.

Log in or Sign up

Solved ebay login asking for credit card info

phototec Inactive Thread Starter

phototec Inactive Thread Starter

phototec Inactive Thread Starter

phototec Inactive Thread Starter

wildfire Getting Old

phototec Inactive Thread Starter

broni Moderator Malware Analyst

phototec Inactive Thread Starter

broni Moderator Malware Analyst

phototec Inactive Thread Starter

phototec Inactive Thread Starter

broni Moderator Malware Analyst

phototec Inactive Thread Starter

broni Moderator Malware Analyst

phototec Inactive Thread Starter

phototec Inactive Thread Starter

broni Moderator Malware Analyst

broni Moderator Malware Analyst

phototec Inactive Thread Starter

broni Moderator Malware Analyst

Share This Page

Log in or Sign up

Solved ebay login asking for credit card info

phototec Inactive Thread Starter

phototec Inactive Thread Starter

phototec Inactive Thread Starter

phototec Inactive Thread Starter

wildfire Getting Old

phototec Inactive Thread Starter

broni Moderator Malware Analyst

phototec Inactive Thread Starter

broni Moderator Malware Analyst

phototec Inactive Thread Starter

phototec Inactive Thread Starter

broni Moderator Malware Analyst

phototec Inactive Thread Starter

broni Moderator Malware Analyst

phototec Inactive Thread Starter

phototec Inactive Thread Starter

broni Moderator Malware Analyst

broni Moderator Malware Analyst

phototec Inactive Thread Starter

broni Moderator Malware Analyst

Share This Page

Useful Searches