Author Topic: bank error messages! (Read 999 times)

badboy123 · « **on:** May 14, 2006, 08:47:57 AM »

Hi, I was on the net this morning and my pc froze for a minute...then I got a message regarding Window Explorer not working or something along those lines (with the Send, Dont Send Report)..when I clicked on Dont Send and minimized my Internet Browser, all my icons on the desktop and my taskbar disappeared (not the first time this has happened either), so I decided to restart my pc (using ctrl + alt + del) and I did a full scan with Windows Defender just to make sure everything was alright and that came up with scan complete with no errors...but then, when i opened Internet Explorer I went through a series of OK messages (each of the messages had an Internet Explorer icon in the taskbar):

[attachment=567:attachment]
[attachment=566:attachment]
[attachment=568:attachment]
[attachment=569:attachment]

The same thing happens when I open My Computer or a folder on the desktop etc. Does anyone have any ideas on what the problem might be?

guestolo · « **Reply #1 on:** May 14, 2006, 10:12:59 AM »

Can I have a closer look please
From my signature below, download and save too a permanent folder of it's own onto your harddrive
Hijackthis 1.99.1
Open Hijackthis.exe

Do a "SCAN and Save a Log file"
A log will open in Notepad
Copy and paste the WHOLE contents of the log here... Don't try and fix anything yet----It is all important

badboy123 · « **Reply #2 on:** May 14, 2006, 10:18:45 AM »

Logfile of HijackThis v1.99.1
Scan saved at 14:08:59, on 04/05/2006
Platform: Windows XP SP1 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\SYSTEM32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Windows Defender\MsMpEng.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\explorer.exe
C:\WINDOWS\System32\ctfmon.exe
C:\WINDOWS\System32\aniServ.exe
C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\WINDOWS\System32\atiptaxx.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe
C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
C:\Program Files\Windows Defender\MSASCui.exe
C:\WINDOWS\System32\DrvMon.exe
C:\Program Files\Common Files\Ahead\lib\NMBgMonitor.exe
C:\WINDOWS\System32\devldr32.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\WINDOWS\System32\wuauclt.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Documents and Settings\Admin (Tahir)\Desktop\hijackthis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.ntlworld.com
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.ntlworld.com
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = http=62.73.175.88:80
F2 - REG:system.ini: Shell=explorer.exe "C:\Program Files\Common Files\Microsoft Shared\Web Folders\ibm00011.exe"
F2 - REG:system.ini: UserInit=C:\WINDOWS\System32\userinit.exe
O2 - BHO: IEHlprObj Class - {CE7C3CF0-4B15-11D1-ABED-709549C10000} - C:\Documents and Settings\All Users\Application Data\NMD\iehelp0.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [Cmaudio] RunDll32 cmicnfg.cpl,CMICtrlWnd
O4 - HKLM\..\Run: [AtiPTA] atiptaxx.exe
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe
O4 - HKLM\..\Run: [Windows Defender] "C:\Program Files\Windows Defender\MSASCui.exe" -hide
O4 - HKLM\..\Run: [NeroFilterCheck] C:\Program Files\Common Files\Ahead\Lib\NeroCheck.exe
O4 - HKLM\..\RunOnce: [MessengerPlusUninstall] C:\WINDOWS\system32\cmd.exe /C "C:\DOCUME~1\ADMIN(~1\LOCALS~1\Temp\MsgPlusUninst.bat"
O4 - HKCU\..\Run: [DrvMon.exe] C:\WINDOWS\System32\DrvMon.exe
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\System32\ctfmon.exe
O4 - HKCU\..\Run: [BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Program Files\Common Files\Ahead\lib\NMBgMonitor.exe"
O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\MSN Messenger\msnmsgr.exe" /background
O4 - HKCU\..\Run: [shell] "C:\Program Files\Common Files\Microsoft Shared\Web Folders\ibm00011.exe"
O4 - Startup: Watch.lnk = C:\WINDOWS\TWAIN_32\A4S2_600\watch.exe
O4 - Global Startup: Adobe Gamma Loader.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O8 - Extra context menu item: &Download with &DAP - C:\Program Files\DAP\dapextie.htm
O8 - Extra context menu item: &Google Search - res://c:\program files\google\GoogleToolbar1.dll/cmsearch.html
O8 - Extra context menu item: &Translate English Word - res://c:\program files\google\GoogleToolbar1.dll/cmwordtrans.html
O8 - Extra context menu item: Backward Links - res://c:\program files\google\GoogleToolbar1.dll/cmbacklinks.html
O8 - Extra context menu item: Cached Snapshot of Page - res://c:\program files\google\GoogleToolbar1.dll/cmcache.html
O8 - Extra context menu item: Download &all with DAP - C:\Program Files\DAP\dapextie2.htm
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
O8 - Extra context menu item: Similar Pages - res://c:\program files\google\GoogleToolbar1.dll/cmsimilar.html
O8 - Extra context menu item: Translate Page into English - res://c:\program files\google\GoogleToolbar1.dll/cmtrans.html
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\MSMSGS.EXE
O9 - Extra 'Tools' menuitem: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\MSMSGS.EXE
O12 - Plugin for .pdf: C:\Program Files\Internet Explorer\PLUGINS\nppdf32.dll
O16 - DPF: {09C6CAC0-936E-40A0-BC26-707480103DC3} (shizmoo Class) - http://www.uproar.com/applets/activex/shiz...pside_web18.cab
O16 - DPF: {2917297F-F02B-4B9D-81DF-494B6333150B} (Minesweeper Flags Class) - http://messenger.zone.msn.com/binary/MineS...er.cab31267.cab
O16 - DPF: {85D1F3B2-2A21-11D7-97B9-0010DC2A6243} (SecureLogin class) - http://secure2.comned.com/signuptemplates/...login-devel.cab
O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/Messe...nt.cab31267.cab
O16 - DPF: {B38870E4-7ECB-40DA-8C6A-595F0A5519FF} (MsnMessengerSetupDownloadControl Class) - http://messenger.msn.com/download/MsnMesse...pDownloader.cab
O16 - DPF: {FF3F0F03-0F01-131A-A3F9-08F02B23E0CC} - http://66.117.37.13/gba1865.exe
O18 - Protocol: ImageX - {C311A9DC-21E5-405A-AE7C-19D9C1144E89} - C:\Program Files\Intava\Gravity\ImgX.dll
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - "C:\PROGRA~1\MSNMES~1\msgrapp.dll" (file missing)
O23 - Service: Airgo Networks NIC Service (ANISERVICE) - Airgo Networks, Inc. - C:\WINDOWS\System32\aniServ.exe
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
O23 - Service: Symantec Password Validation (ccPwdSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccPwdSvc.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPodService - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Remote Packet Capture Protocol v.0 (experimental) (rpcapd) - Unknown owner - %ProgramFiles%\WinPcap\rpcapd.exe" -d -f "%ProgramFiles%\WinPcap\rpcapd.ini (file missing)
O23 - Service: Symantec SPBBCSvc (SPBBCSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe

guestolo · « **Reply #3 on:** May 14, 2006, 10:25:03 AM »

I see some bad guys in your log
Can you do the following please
I want to see 2 more logs from Hijackthis

Open Hijackthis>>Open Misc tools section>>Open Uninstall manager
Click the SAVE LIST button
Save the list to your desktop

Back in Hijackthis
Click BACK under Other stuff
Then click CONFIG
Open Hosts File manager
Click the OPEN IN NOTEPAD button

A text file will open, copy and paste the whole contents back here
Also post the Uninstall list you saved earlier

badboy123 · « **Reply #4 on:** May 14, 2006, 11:00:35 AM »

# Copyright © 1993-1999 Microsoft Corp.
#
# This is a sample HOSTS file used by Microsoft TCP/IP for Windows.
#
# This file contains the mappings of IP addresses to host names. Each
# entry should be kept on an individual line. The IP address should
# be placed in the first column followed by the corresponding host name.
# The IP address and the host name should be separated by at least one
# space.
#
# Additionally, comments (such as these) may be inserted on individual
# lines or following the machine name denoted by a '#' symbol.
#
# For example:
#
# 102.54.94.97 rhino.acme.com # source server
# 38.25.63.10 x.acme.com # x client host

127.0.0.1 localhost

Adobe Download Manager 2.0 (Remove Only)
Adobe Photoshop 7.0
Adobe Reader 7.0.7
ATI Display Driver
Azureus
Belkin Wireless Client Utility
ccCommon
C-Media WDM Audio Driver
Codec Pack - All In 1 6.0.3.0
Counter-Strike Source
Cucusoft MPEG/MOV/RM/DivX/AVI to DVD/VCD/SVCD Creator Pro 7.07
DAEMON Tools
DirectVobSub (remove only)
DivX Codec 3.1alpha release
Download Accelerator Plus (DAP)
Google Toolbar for Internet Explorer
HijackThis 1.99.1
Indeo® software
iTunes
J2SE Runtime Environment 5.0 Update 6
LimeWire PRO 4.9.28
LiveUpdate 2.5 (Symantec Corporation)
Macromedia Flash Player 8
Macromedia Shockwave Player
Microsoft Office XP Professional with FrontPage
Microsoft Speech Recognition Engine 4.0 (English)
Microsoft Visual Studio 6.0 Enterprise Edition
Microsoft Web Publishing Wizard 1.53
Microsoft Windows Journal Viewer
MSN Messenger 7.5
Nero 7 Demo
Nokia Connectivity Cable Driver
Nokia PC Suite
Norton Internet Security
Philips Vesta Camera WebUpdate
PPLive 1.1.0.7
QuickTime
Security Update for Windows Media Player 9 (KB911565)
Security Update for Windows XP (KB890046)
Security Update for Windows XP (KB893066)
Security Update for Windows XP (KB893756)
Security Update for Windows XP (KB896358)
Security Update for Windows XP (KB896422)
Security Update for Windows XP (KB896423)
Security Update for Windows XP (KB896424)
Security Update for Windows XP (KB896426)
Security Update for Windows XP (KB896428)
Security Update for Windows XP (KB899587)
Security Update for Windows XP (KB899588)
Security Update for Windows XP (KB899589)
Security Update for Windows XP (KB899591)
Security Update for Windows XP (KB900725)
Security Update for Windows XP (KB901017)
Security Update for Windows XP (KB901190)
Security Update for Windows XP (KB901214)
Security Update for Windows XP (KB902400)
Security Update for Windows XP (KB905414)
Security Update for Windows XP (KB905495)
Security Update for Windows XP (KB905749)
Security Update for Windows XP (KB905915)
Security Update for Windows XP (KB908519)
Security Update for Windows XP (KB911927)
Security Update for Windows XP (KB912919)
Security Update for Windows XP (KB913446)
Servant Salamander 2.5 beta 11
Shizmoo Web Games (Uproar)
Shockwave
Soldier of Fortune Platinum
SPBBC
StuffPlug-NG (Messenger Plus! Plugins)
Synacast Plug-in 1.1.0.7
Theorica Divx ;-) Codecs (remove only)
Update for Windows XP (KB898461)
Update for Windows XP (KB910437)
VobSub v2.05 (Remove Only)
Windows Defender
Windows Defender Signatures
Windows Genuine Advantage v1.3.0254.0
Windows Installer 3.1 (KB893803)
Windows Media Format Runtime
Windows VistaTheme
Windows XP Hotfix - KB828741
Windows XP Hotfix - KB835732
Windows XP Hotfix - KB842773
Windows XP Hotfix - KB873333
Windows XP Hotfix - KB873339
Windows XP Hotfix - KB885250
Windows XP Hotfix - KB885835
Windows XP Hotfix - KB885836
Windows XP Hotfix - KB885884
Windows XP Hotfix - KB886185
Windows XP Hotfix - KB887472
Windows XP Hotfix - KB887742
Windows XP Hotfix - KB888113
Windows XP Hotfix - KB888302
Windows XP Hotfix - KB890859
Windows XP Hotfix - KB891781
Windows XP Hotfix - KB892944
Windows XP Hotfix - KB893086
Windows XP Hotfix - KB896688
Windows XP Hotfix - KB896727
WinPcap 3.1
WinRAR archiver

guestolo · « **Reply #5 on:** May 14, 2006, 11:20:31 AM »

Thanks for the info, the Hosts file looks good

Can you do the following please
==Download and install Windows CleanUp! 4.5.1
Don't run this yet

==Download and then Install
Ewido anti-malware 3.5

When installing, under "Additional Options" UNCHECK

From the main ewido screen, click on Update in the left menu, then click the Start update button.
After the update finishes (the status bar at the bottom will display "Update successful")
Close out Ewido for now, we'll need it later
If for some reason the Updater won't work can you manually download the
Updates from this link after you have Ewido installed
http://www.ewido.net/en/download/updates/

Please save these instructions to a Notepad file and save it to your Desktop for reference
or Print them out!

Can I have you disable Windows Defender realtime protections until we have you clean please
It may/will interfere with any fixes we are to try
Window's Defender
Open Windows Defender.
Click on Tools, General Settings.
Scroll down and uncheck Turn on real-time protection (recommended).
After you uncheck this, click on the Save button and close Windows Defender.

Afterwards, Open the Windows Control panel
Double click to Open the Java Icon>>Under the General tab click the
Delete Files button
Leave all 3 selected and click OK

RESTART your Computer in SAFE MODE
You can do this by tapping the F8 key as the system is restarting, just before Windows loads
Choose Safe mode from the startup menu
In safe mode

Set Windows To Show Hidden Files and Folders
* Click Start.
* Open My Computer.
* Select the Tools menu and click Folder Options.
* Select the View Tab.
* Under the Hidden files and folders heading select Show hidden files and folders.
* Uncheck the Hide protected operating system files (recommended) option.
* Uncheck the Hide Extensions for known file types
* Click Yes to confirm.
* Click OK.
Leave it set this way until we are done here please
Find and delete this file if found
C:\Program Files\Common Files\Microsoft Shared\Web Folders\ibm00011.exe <-this file

==Open Cleanup! by double-clicking the icon on your desktop (or from the Start > All Programs menu).
Set the program up as follows:
Click "Options..."
Move the arrow down to "Custom CleanUp!"
Put a check next to the following (Make sure nothing else is checked!):

* Empty Recycle Bins
* Delete Cookies
* Delete Prefetch files
* Cleanup! All Users

Click OK
Press the CleanUp! button to start the program.
When it's done>>Click Close
DECLINE to Log off or Restart the computer

==Open Ewido Anti-malware
Click on the Scanner button on the left menu
Select Complete System Scan
*If Ewido finds something it will prompt you with "Infected Object found"
Ensure the following are Selected
*1. Perform Action = Remove
*2. Create Encrypted Backup in Quarantine (Recommended)
*3. Perform action with all infections
Then click OK
When Ewido has finished it's scan click the "Save Report" button
Save the report to the desktop or someplace you will remember
Exit Ewido
NOTE: When Ewido is running, don't open any other windows, let it run uninterrupted

Do a "System scan only" with Hijackthis and put a check next to these entries:

F2 - REG:system.ini: Shell=explorer.exe "C:\Program Files\Common Files\Microsoft Shared\Web Folders\ibm00011.exe"
O4 - HKLM\..\RunOnce: [MessengerPlusUninstall] C:\WINDOWS\system32\cmd.exe /C "C:\DOCUME~1\ADMIN(~1\LOCALS~1\Temp\MsgPlusUninst.bat"
O4 - HKCU\..\Run: [shell] "C:\Program Files\Common Files\Microsoft Shared\Web Folders\ibm00011.exe"
O16 - DPF: {FF3F0F03-0F01-131A-A3F9-08F02B23E0CC} - http://66.117.37.13/gba1865.exe

After you have ticked the above entry, close All other open windows
Leave Hijackthis open and click FIX CHECKED
OK the prompt and exit Hijackthis

Reboot back to Normal mode
I need to see a a couple new logs

1. Run a Scan and save logfile with Hijackthis and post a fresh log
2. Post the whole report from Ewidos'

I didn't have you fix one entry with Hijackthis
Can we check that file out please, if Ewido doesn't peg it as a bad guy
Go to either of these links
http://virusscan.jotti.org/
or
http://www.virustotal.com/flash/index_en.html

Use the browse button and navigate to this file on your hard disk
C:\Documents and Settings\All Users\Application Data\NMD\iehelp0.dll <-this file

Right click on the file and choose Select
Then use the Submit button
Let it finish scanning
Could you post back the results of the scan back here please

badboy123 · « **Reply #6 on:** May 14, 2006, 01:09:30 PM »

Logfile of HijackThis v1.99.1
Scan saved at 19:05:40, on 04/05/2006
Platform: Windows XP SP1 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\SYSTEM32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Windows Defender\MsMpEng.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\System32\ctfmon.exe
C:\WINDOWS\System32\aniServ.exe
C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
C:\Program Files\ewido anti-malware\ewidoctrl.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\WINDOWS\System32\atiptaxx.exe
C:\WINDOWS\System32\devldr32.exe
C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe
C:\Program Files\Windows Defender\MSASCui.exe
C:\WINDOWS\System32\DrvMon.exe
C:\Program Files\Common Files\Ahead\lib\NMBgMonitor.exe
C:\Program Files\MSN Messenger\msnmsgr.exe
C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\WINDOWS\System32\wuauclt.exe
C:\WINDOWS\System32\wuauclt.exe
C:\WINDOWS\system32\NOTEPAD.EXE
C:\WINDOWS\system32\NOTEPAD.EXE
C:\Documents and Settings\Admin (Tahir)\Desktop\hijackthis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.ntlworld.com
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.ntlworld.com
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = http=62.73.175.88:80
F2 - REG:system.ini: UserInit=C:\WINDOWS\System32\userinit.exe
O2 - BHO: IEHlprObj Class - {CE7C3CF0-4B15-11D1-ABED-709549C10000} - C:\Documents and Settings\All Users\Application Data\NMD\iehelp0.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [Cmaudio] RunDll32 cmicnfg.cpl,CMICtrlWnd
O4 - HKLM\..\Run: [AtiPTA] atiptaxx.exe
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe
O4 - HKLM\..\Run: [Windows Defender] "C:\Program Files\Windows Defender\MSASCui.exe" -hide
O4 - HKLM\..\Run: [NeroFilterCheck] C:\Program Files\Common Files\Ahead\Lib\NeroCheck.exe
O4 - HKCU\..\Run: [DrvMon.exe] C:\WINDOWS\System32\DrvMon.exe
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\System32\ctfmon.exe
O4 - HKCU\..\Run: [BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Program Files\Common Files\Ahead\lib\NMBgMonitor.exe"
O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\MSN Messenger\msnmsgr.exe" /background
O4 - Startup: Watch.lnk = C:\WINDOWS\TWAIN_32\A4S2_600\watch.exe
O4 - Global Startup: Adobe Gamma Loader.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O8 - Extra context menu item: &Download with &DAP - C:\Program Files\DAP\dapextie.htm
O8 - Extra context menu item: &Google Search - res://c:\program files\google\GoogleToolbar1.dll/cmsearch.html
O8 - Extra context menu item: &Translate English Word - res://c:\program files\google\GoogleToolbar1.dll/cmwordtrans.html
O8 - Extra context menu item: Backward Links - res://c:\program files\google\GoogleToolbar1.dll/cmbacklinks.html
O8 - Extra context menu item: Cached Snapshot of Page - res://c:\program files\google\GoogleToolbar1.dll/cmcache.html
O8 - Extra context menu item: Download &all with DAP - C:\Program Files\DAP\dapextie2.htm
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
O8 - Extra context menu item: Similar Pages - res://c:\program files\google\GoogleToolbar1.dll/cmsimilar.html
O8 - Extra context menu item: Translate Page into English - res://c:\program files\google\GoogleToolbar1.dll/cmtrans.html
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\MSMSGS.EXE
O9 - Extra 'Tools' menuitem: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\MSMSGS.EXE
O12 - Plugin for .pdf: C:\Program Files\Internet Explorer\PLUGINS\nppdf32.dll
O16 - DPF: {09C6CAC0-936E-40A0-BC26-707480103DC3} (shizmoo Class) - http://www.uproar.com/applets/activex/shiz...pside_web18.cab
O16 - DPF: {2917297F-F02B-4B9D-81DF-494B6333150B} (Minesweeper Flags Class) - http://messenger.zone.msn.com/binary/MineS...er.cab31267.cab
O16 - DPF: {85D1F3B2-2A21-11D7-97B9-0010DC2A6243} (SecureLogin class) - http://secure2.comned.com/signuptemplates/...login-devel.cab
O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/Messe...nt.cab31267.cab
O16 - DPF: {B38870E4-7ECB-40DA-8C6A-595F0A5519FF} (MsnMessengerSetupDownloadControl Class) - http://messenger.msn.com/download/MsnMesse...pDownloader.cab
O18 - Protocol: ImageX - {C311A9DC-21E5-405A-AE7C-19D9C1144E89} - C:\Program Files\Intava\Gravity\ImgX.dll
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - "C:\PROGRA~1\MSNMES~1\msgrapp.dll" (file missing)
O23 - Service: Airgo Networks NIC Service (ANISERVICE) - Airgo Networks, Inc. - C:\WINDOWS\System32\aniServ.exe
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
O23 - Service: Symantec Password Validation (ccPwdSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccPwdSvc.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
O23 - Service: ewido security suite control - ewido networks - C:\Program Files\ewido anti-malware\ewidoctrl.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPodService - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Remote Packet Capture Protocol v.0 (experimental) (rpcapd) - Unknown owner - %ProgramFiles%\WinPcap\rpcapd.exe" -d -f "%ProgramFiles%\WinPcap\rpcapd.ini (file missing)
O23 - Service: Symantec SPBBCSvc (SPBBCSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe

---------------------------------------------------------
ewido anti-malware - Scan report
---------------------------------------------------------

+ Created on:         18:54:28, 04/05/2006
+ Report-Checksum:      4E7BCAAD

+ Scan result:

   HKLM\SOFTWARE\Classes\CLSID\{B212D577-05B7-4963-911E-4A8588160DFA} -> Trojan.Delf.nj : Cleaned with backup
   HKLM\SOFTWARE\Classes\IEHlprObj.IEHlprObj -> Adware.CoolWebSearch : Cleaned with backup
   HKLM\SOFTWARE\Classes\IEHlprObj.IEHlprObj\CurVer -> Adware.CoolWebSearch : Cleaned with backup
   HKLM\SOFTWARE\Classes\IEHlprObj.IEHlprObj.1 -> Adware.CoolWebSearch : Cleaned with backup
   [820] C:\Program Files\Common Files\Microsoft Shared\Web Folders\ibm00012.dll -> Trojan.Sinowal.m : Cleaned with backup
   [836] C:\Program Files\Common Files\Microsoft Shared\Web Folders\ibm00012.dll -> Trojan.Sinowal.m : Error during cleaning
   [992] C:\Program Files\Common Files\Microsoft Shared\Web Folders\ibm00012.dll -> Trojan.Sinowal.m : Error during cleaning
   C:\WINDOWS\SYSTEM32\srv.exe -> Downloader.Small.bkq : Cleaned with backup
   C:\WINDOWS\SYSTEM32\2.exe -> Downloader.Small.aqt : Cleaned with backup
   C:\My Documents\My Downloads\flooder.exe -> Not-A-Virus.IMFlooder.Win32.VB.f : Cleaned with backup
   C:\My Documents\My Received Files\Messenger Plus! - Setup.exe/70000011.exe -> Downloader.Swizzor.g : Cleaned with backup
   C:\My Documents\My Received Files\hahaha, this is gud.exe/hauntpc.exe -> Not-A-Virus.BadJoke.Win32.Hauntpc : Cleaned with backup
   C:\Program Files\Common Files\Microsoft Shared\Web Folders\ibm00008.dll -> Trojan.Sinowal.m : Cleaned with backup
   C:\Program Files\Common Files\Microsoft Shared\Web Folders\ibm00010.dll -> Trojan.Sinowal.m : Cleaned with backup
   C:\Program Files\Common Files\Microsoft Shared\Web Folders\ibm00012.dll -> Trojan.Sinowal.m : Cleaned with backup
   C:\Documents And Settings\Admin (Tahir)\My Documents\Other\multi_nudge_sender(Msnpoint.com)\nudgeor.exe -> Not-A-Virus.IMFlooder.Win32.VB.bt : Cleaned with backup
   C:\Documents And Settings\Admin (Tahir)\My Documents\Other\multi_nudge_sender(Msnpoint.com)\multi_nudge_sender(Msnpoint.com).zip/nudgeor.exe -> Not-A-Virus.IMFlooder.Win32.VB.bt : Cleaned with backup
   C:\System Volume Information\_restore{19CD0D41-D3F7-4BFC-8965-84D10BD94F61}\RP303\A0060818.exe -> Trojan.Sinowal.m : Cleaned with backup
   C:\System Volume Information\_restore{19CD0D41-D3F7-4BFC-8965-84D10BD94F61}\RP303\A0060819.dll -> Trojan.Sinowal.m : Cleaned with backup
   C:\System Volume Information\_restore{19CD0D41-D3F7-4BFC-8965-84D10BD94F61}\RP304\A0061827.dll -> Trojan.Sinowal.m : Cleaned with backup
   C:\System Volume Information\_restore{19CD0D41-D3F7-4BFC-8965-84D10BD94F61}\RP304\A0061828.exe -> Trojan.Sinowal.m : Cleaned with backup
   C:\System Volume Information\_restore{19CD0D41-D3F7-4BFC-8965-84D10BD94F61}\RP304\A0061829.dll -> Trojan.Sinowal.m : Cleaned with backup
   C:\System Volume Information\_restore{19CD0D41-D3F7-4BFC-8965-84D10BD94F61}\RP304\A0061830.dll -> Trojan.Sinowal.m : Cleaned with backup
   C:\System Volume Information\_restore{19CD0D41-D3F7-4BFC-8965-84D10BD94F61}\RP305\A0065872.dll -> Trojan.Sinowal.m : Cleaned with backup

::Report End

guestolo · « **Reply #7 on:** May 14, 2006, 01:14:53 PM »

Quote

Go to either of these links
http://virusscan.jotti.org/
or
http://www.virustotal.com/flash/index_en.html

Use the browse button and navigate to this file on your hard disk
C:\Documents and Settings\All Users\Application Data\NMD\iehelp0.dll <-this file

Right click on the file and choose Select
Then use the Submit button
Let it finish scanning
Could you post back the results of the scan back here please

badboy123 · « **Reply #8 on:** May 14, 2006, 01:19:30 PM »

File: iehelp0.dll
Status: OK
MD5 771f581cf3048d169c2a3fff9810d3f5
Packers detected: -

Scanner results

AntiVir Found nothing
ArcaVir Found nothing
Avast Found nothing
AVG Antivirus Found nothing
BitDefender Found nothing
ClamAV Found nothing
Dr.Web Found nothing
F-Prot Antivirus Found nothing
Fortinet Found nothing
Kaspersky Anti-Virus Found nothing
NOD32 Found nothing
Norman Virus Control Found nothing
UNA Found nothing
VirusBuster Found nothing
VBA32 Found nothing

guestolo · « **Reply #9 on:** May 14, 2006, 01:27:02 PM »

Can you navigate to this folder
By double clicking on MyComputer>>C:\ >>Documents and Settings>>and so on
C:\Documents and Settings\All Users\Application Data\NMD

Inside the NMD folder
Can you right click on iehelp0.dll and left click properties
What was the creation date?
Do you remember installing anything on that date that may be related?
Is there a version tab, do you know what it's related too?

Any other files in the NMD folder?

How's everything running?

badboy123 · « **Reply #10 on:** May 14, 2006, 01:32:33 PM »

I checked the Created/Modified date and its todays date roughly the same time as when i started getting the error messages...I didnt install anything today and thats the only file in the NMD folder

guestolo · « **Reply #11 on:** May 14, 2006, 01:40:58 PM »

Do a "System scan only" with Hijackthis and put a check next to these entries:

O2 - BHO: IEHlprObj Class - {CE7C3CF0-4B15-11D1-ABED-709549C10000} - C:\Documents and Settings\All Users\Application Data\NMD\iehelp0.dll

After you have ticked the above entry, close All other open windows
Including this one
Leave Hijackthis open and click FIX CHECKED
OK the prompt and exit Hijackthis

Reboot the computer
Back in Windows, send this folder to the recycle bin

C:\Documents and Settings\All Users\Application Data\NMD <-this folder

Leave it there for now

Let me know how everythings running please, if you have any problems

Code: [Select]

EDIT>>Could you also post one last hijackthis log after doing the above

badboy123 · « **Reply #12 on:** May 14, 2006, 02:05:21 PM »

Hey, Ive stopped getting the error messages...Thanks

guestolo · « **Reply #13 on:** May 14, 2006, 02:19:45 PM »

Sounds good
For your information:
You are using Download Accelerator Plus, if it's the free version, it is ad-supported
Be informed that it delivers popup/popunder ads, and tracks your internet usage. You can find safer alternatives here: http://www.spywareinfo.com/downloads.php?cat=dlman#dlman
here is an older link with reviews>>I don't use a download accelerator, but take a look at your options
http://www.safer-networking.org/en/article...d-managers.html
I suggest you access your add/remove programs and remove it if it is the free version
Then have hijackthis fix these entries:
O8 - Extra context menu item: &Download with &DAP - C:\Program Files\DAP\dapextie.htm
O8 - Extra context menu item: Download &all with DAP - C:\Program Files\DAP\dapextie2.htm

I wouldn't count on just Windows Defender alone for a Spyware scanner
On top of it, I would also install and run updated scans with Ad-Aware SE Personal 1.06 and Spybot 1.4
Hold onto them, they're yours for free

Here's the instructions I normally give:
=============================================================
Download and Install
Ad-Aware SE Personal 1.06

Open Ad-Aware, ensure to click the check for updates now link and Connect to download the latest updates
Open Ad-Aware SE 1.06
Click START
Click the radio button to Perform a Full system scan then click NEXT
When it's finished scanning
At this point you should either right click on the screen and and choose the "Select All" Objects option or individually put a checkmark in each objects checkbox
click on the Next button. Ad-Aware SE will now present you with a confirmation box as to whether or not you would like to remove the objects you have just selected. Press the "OK" button

RESTART your computer to finish the cleaning process

Download and Install Spybot 1.4 from
HERE
or HERE
After installation--Click the UPDATE button on the left
SEARCH FOR UPDATES on the right
Check, and then download all updates
After update is complete
Click the "Search & Destroy" button on the left
"Check for Problems"---When the Scan is complete
FIX all selected promblems in RED

RESTART the computer if anything in Red was found and fixed
=========================================================

Final Cleanup
If everything is running better
We should flush all your restore points to ensure you don't restore any nasties that may be sitting idle

msconfig
Click OK
Click the "Launch System Restore" button
On the Left hand side click on "System Restore Settings"
Put a Check in "Turn off System Restore"
Apply it and OK out of there>>Reboot your computer
[/list]
Back in Windows, Go back and take the check out of "Turn off system restore"
This will reenable the System Restore feature and creates a new restore point

[indent][color=\"#CC0000\"]Protect yourself against Future Attacks[/color][/i][/b][/indent]
*Install SpywareBlaster 3.5.1 by JavaCool

After installation, Check for updates and then click the "Enable all protection"
"Check for updates every couple of weeks"
after every update just simply click the "enable protection on all unprotected items"

*Make sure your Anti-Virus software is always kept up to date and actively running in the background

*Make sure your Firewall is enabled and running
A Firewall is also very important
This provides a line of defense against someone who might try to access your computer without your permission

Update and do scan's with your Anti-Spyware programs on a regular basis
In addition: Open Spybot 1.4
Click the "Immunize" button on the left>>>OK at the prompt>>Immunzine at the top green cross
Immunize after every update

*Keep up to date on Windows updates (High Priorities)
This is the most important step in keeping your system secure
Make sure you check for updates at least once a month!
you still haven't updated to Service pack 2?
Is there a reason for this?
I would take this oppurtunity to update
Please see this link:
http://www.microsoft.com/windowsxp/sp2/default.mspx
Take note on that page and read the following
[indent]What to know before you download and install[/indent]

Before updating I would run the disk defragmentor on your computer
Disable any download accelerators as they might interfere....
If your on dialup, you may choose to order the free CD
There is a link on that page also

+ You have Microsoft Office Products installed
You will find a link at Windows updates to keep up to date on these products as well
"Office Family"

P.S. You can now reenable Windows Defender's realtime protections if they are still disabled

Stay safe

http://images.thetechguide.com/forum/public/style_emoticons/<#EMO_DIR#>/biggrin.gif\' class=\'bbc_emoticon\' alt=\'

\' />

guestolo · « **Reply #14 on:** June 13, 2006, 12:00:47 AM »

Since these issues appear resolved, I'll lock this topic
Take care

http://images.thetechguide.com/forum/public/style_emoticons/<#EMO_DIR#>/smile.gif\' class=\'bbc_emoticon\' alt=\'

\' />

TheTechGuide Forum

News:

Author Topic: bank error messages! (Read 999 times)

badboy123

bank error messages!

guestolo

bank error messages!

badboy123

bank error messages!

guestolo

bank error messages!

badboy123

bank error messages!

guestolo

bank error messages!

badboy123

bank error messages!

guestolo

bank error messages!

badboy123

bank error messages!

guestolo

bank error messages!

badboy123

bank error messages!

guestolo

bank error messages!

badboy123

bank error messages!

guestolo

bank error messages!

guestolo

bank error messages!