please help novis in trouble

**shazza_170** · 29-05-2006

Hi i have rundll on my computer everytime i start my computer i only cleaned it with endow yesterday. Please help. I am not a computer expert by no means but i use the computer and so does my daughter we would miss it if it wasnt there for us. My son (expert) came over the other day with the sh*#! about something and since then my computer is like this and seems to be getting worse. It seems everytime he has a bad day my computer is paying for it. Thanks for your help. Logfile of HijackThis v1.99.1
Scan saved at 7:02:20 PM, on 29/05/2006
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\acer\Acer eConsole\MediaServerService.exe
C:\Program Files\CA\eTrust Internet Security Suite\eTrust EZ Antivirus\ISafe.exe
C:\Program Files\ewido anti-malware\ewidoctrl.exe
C:\WINDOWS\system32\drivers\KodakCCS.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\SOUNDMAN.EXE
C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe
C:\WINDOWS\AGRSMMSG.exe
C:\WINDOWS\vsnpstd2.exe
C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_S4I3V 1.EXE
C:\Program Files\Acer\Acer eMode Management\AspireService.exe
C:\Program Files\Acer\Acer eConsole\MediaSync.exe
C:\Program Files\QuickTime\qttask.exe
C:\Program Files\CA\eTrust Internet Security Suite\caissdt.exe
C:\Program Files\CA\eTrust Internet Security Suite\eTrust EZ Antivirus\CAVTray.exe
C:\Program Files\CA\eTrust Internet Security Suite\eTrust EZ Antivirus\CAVRID.exe
C:\Program Files\eBay\eBay Toolbar2\eBayTBDaemon.exe
C:\Program Files\Adobe\Photoshop Album Starter Edition\3.0\Apps\apdproxy.exe
C:\PROGRA~1\MYWEBS~1\bar\1.bin\mwsoemon.exe
C:\Program Files\acer\eRecovery\Monitor.exe
C:\WINDOWS\system32\sistray.exe
C:\Program Files\LimeWire\LimeWire.exe
C:\Program Files\CA\eTrust Internet Security Suite\eTrust EZ Antivirus\VetMsg.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Documents and Settings\RR\Desktop\hijackthis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.bigpond.com/myaccount
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.bigpond.com/
O2 - BHO: (no name) - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - (no file)
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: eBay Toolbar Helper - {22D8E815-4A5E-4DFB-845E-AAB64207F5BD} - C:\Program Files\eBay\eBay Toolbar2\eBayTB.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O2 - BHO: EpsonToolBandKicker Class - {E99421FB-68DD-40F0-B4AC-B7027CAE2F1A} - C:\Program Files\EPSON\EPSON Web-To-Page\EPSON Web-To-Page.dll
O3 - Toolbar: EPSON Web-To-Page - {EE5D279F-081B-4404-994D-C6B60AAEBA6D} - C:\Program Files\EPSON\EPSON Web-To-Page\EPSON Web-To-Page.dll
O3 - Toolbar: DAP Bar - {62999427-33FC-4baf-9C9C-BCE6BD127F08} - C:\Program Files\DAP\DAPIEBar.dll
O3 - Toolbar: eBay Toolbar - {92085AD4-F48A-450D-BD93-B28CC7DF67CE} - C:\Program Files\eBay\eBay Toolbar2\eBayTB.dll
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - (no file)
O4 - HKLM\..\Run: [LaunchApp] Alaunch
O4 - HKLM\..\Run: [SiSUSBRG] C:\WINDOWS\SiSUSBrg.exe
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [RemoteControl] "C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe"
O4 - HKLM\..\Run: [IMJPMIG8.1] "C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE" /Spoil /RemAdvDef /Migration32
O4 - HKLM\..\Run: [MSPY2002] C:\WINDOWS\system32\IME\PINTLGNT\ImScInst.exe /SYNC
O4 - HKLM\..\Run: [PHIME2002ASync] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /SYNC
O4 - HKLM\..\Run: [PHIME2002A] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /IMEName
O4 - HKLM\..\Run: [eRecoveryService] C:\Windows\System32\Check.exe
O4 - HKLM\..\Run: [SiSPower] Rundll32.exe SiSPower.dll,ModeAgent
O4 - HKLM\..\Run: [AGRSMMSG] AGRSMMSG.exe
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [SNPSTD2] C:\WINDOWS\vsnpstd2.exe
O4 - HKLM\..\Run: [EPSON Stylus CX1500 Series] C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_S4I3V 1.EXE /P26 "EPSON Stylus CX1500 Series" /O6 "USB002" /M "Stylus CX1500"
O4 - HKLM\..\Run: [EPSON Stylus CX1500 Series (Copy 1)] C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_S4I3V 1.EXE /P35 "EPSON Stylus CX1500 Series (Copy 1)" /O6 "USB002" /M "Stylus CX1500"
O4 - HKLM\..\Run: [AspireService] C:\Program Files\Acer\Acer eMode Management\AspireService.exe
O4 - HKLM\..\Run: [MediaSync] C:\Program Files\Acer\Acer eConsole\MediaSync.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [CaISSDT] "C:\Program Files\CA\eTrust Internet Security Suite\caissdt.exe"
O4 - HKLM\..\Run: [CaAvTray] "C:\Program Files\CA\eTrust Internet Security Suite\eTrust EZ Antivirus\CAVTray.exe"
O4 - HKLM\..\Run: [CAVRID] "C:\Program Files\CA\eTrust Internet Security Suite\eTrust EZ Antivirus\CAVRID.exe"
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [eBayToolbar] C:\Program Files\eBay\eBay Toolbar2\eBayTBDaemon.exe
O4 - HKLM\..\Run: [CloneDVDElbyDelay] "C:\Program Files\Elaborate Bytes\CloneDVD\ElbyCheck.exe" /L ElbyDelay
O4 - HKLM\..\Run: [Adobe Photo Downloader] "C:\Program Files\Adobe\Photoshop Album Starter Edition\3.0\Apps\apdproxy.exe"
O4 - HKLM\..\Run: [My Web Search Bar] rundll32 C:\PROGRA~1\MYWEBS~1\bar\1.bin\MWSBAR.DLL,S
O4 - HKLM\..\Run: [MyWebSearch Email Plugin] C:\PROGRA~1\MYWEBS~1\bar\1.bin\mwsoemon.exe
O4 - Startup: LimeWire On Startup.lnk = C:\Program Files\LimeWire\LimeWire.exe
O4 - Global Startup: Utility Tray.lnk = C:\WINDOWS\system32\sistray.exe
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O8 - Extra context menu item: &Download with &DAP - C:\Program Files\DAP\dapextie.htm
O8 - Extra context menu item: &eBay Search - res://C:\Program Files\eBay\eBay Toolbar2\eBayTb.dll/RCSearch.html
O8 - Extra context menu item: Download &all with DAP - C:\Program Files\DAP\dapextie2.htm
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll
O14 - IERESET.INF: START_PAGE_URL=http://www.bigpond.com/
O16 - DPF: {193C772A-87BE-4B19-A7BB-445B226FE9A1} (ewidoOnlineScan Control) - http://download.ewido.net/ewidoOnlineScan.cab
O16 - DPF: {1F2F4C9E-6F09-47BC-970D-3C54734667FE} (LSSupCtl Class) - http://www.symantec.com/techsupp/asa/ctrl/LSSupCtl.cab
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsof...?1144108616781
O16 - DPF: {B38870E4-7ECB-40DA-8C6A-595F0A5519FF} (MsnMessengerSetupDownloadControl Class) - http://messenger.msn.com/download/Ms...Downloader.cab
O16 - DPF: {CE28D5D2-60CF-4C7D-9FE8-0F47A3308078} (ActiveDataInfo Class) - http://www.symantec.com/techsupp/asa/ctrl/SymAData.cab
O16 - DPF: {E991BDE0-9816-4094-853E-6BDB60F0342D} (Get_ActiveX Control) - http://apps.corel.com/nos_dl_manager...etOpPlugin.ocx
O17 - HKLM\System\CS1\Services\Tcpip\Parameters: SearchList = qld.bigpond.net.au
O17 - HKLM\System\CS1\Services\VxD\MSTCP: SearchList = qld.bigpond.net.au
O17 - HKLM\System\CS2\Services\Tcpip\Parameters: SearchList = qld.bigpond.net.au
O17 - HKLM\System\CS2\Services\VxD\MSTCP: SearchList = qld.bigpond.net.au
O17 - HKLM\System\CCS\Services\VxD\MSTCP: SearchList = qld.bigpond.net.au
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: SearchList = qld.bigpond.net.au
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - "C:\PROGRA~1\MSNMES~1\msgrapp.dll" (file missing)
O20 - AppInit_DLLs: MsgPlusLoader.dll
O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll
O23 - Service: Acer Media Server - Acer Inc. - C:\Program Files\acer\Acer eConsole\MediaServerService.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
O23 - Service: CAISafe - Computer Associates International, Inc. - C:\Program Files\CA\eTrust Internet Security Suite\eTrust EZ Antivirus\ISafe.exe
O23 - Service: ewido security suite control - ewido networks - C:\Program Files\ewido anti-malware\ewidoctrl.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPodService - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Kodak Camera Connection Software (KodakCCS) - Eastman Kodak Company - C:\WINDOWS\system32\drivers\KodakCCS.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: VET Message Service (VETMSGNT) - Computer Associates International, Inc. - C:\Program Files\CA\eTrust Internet Security Suite\eTrust EZ Antivirus\VetMsg.exe

**Neal** · 29-05-2006

Welcome to DAL,

Go into add/remove program and remove:(IF FOUND)

MyWebSearch/MyWebSearch Bar
LimeWire
Messengerplus---if installed with sponsors

Reboot if anything removed.

Then two scans:

Please download, install, and update the NEW free version of Ewido trojan scanner:

When installing, under "Additional Options" uncheck "Install background guard" and "Install scan via context menu".

When you run ewido for the first time, you may get a warning "Database could not be found!". Click OK. We will fix this in a moment.

From the main ewido screen, click on update in the left menu, then click the Start update button.

After the update finishes (the status bar at the bottom will display "Update successful")

Click on the Scanner button in the left menu, then click on Complete System Scan. This scan can take quite a while to run.

If ewido finds anything, it will pop up a notification. We have been finding some cases of false positives with the new version of Ewido, so we need to step through the fixes one-by-one. If Ewido finds something that you KNOW is legitimate (for example, parts of AVG Antivirus, pcAnywhere and the game "Risk" have been flagged), select "none" as the action. DO NOT check "Perform action with all infections". If you are unsure of an entry, select "none" for the time being. I'll see that in the log you will post later and let you know if ewido needs to be run again.

When the scan finishes, click on "Save Report". This will create a text file. Make sure you know where to find this file again.

Post the log Ewido makes back here please and a new hijackthis log. Thanks.

Go here http://www.bitdefender.com/scan8/ie.html and run an online scan with BitDefender (you will need to use Internet Explorer for this scan). When the ActiveX Control has loaded, click on "Click here to scan" and grab a coffee.

When BitDefender completes the scan, select the "Detected Problems" tab. Click on "Click here to export scan". Save the file as an HTML to your Desktop. Then click on the saved file and allow it to open with your browser. Go to Edit - Select All then copy/paste that log back here. Post back and let us know what it found (post the log).

And post a new HJT log also with scan results from both scanners thanks.

**shazza_170** · 30-05-2006

--------------------------------------------------------
ewido anti-malware - Scan report
---------------------------------------------------------

+ Created on: 9:39:19 AM, 30/05/2006
+ Report-Checksum: EBC83B7B

+ Scan result:

HKLM\SOFTWARE\Classes\DyFuCA_BH.BHObj -> Adware.MoneyTree : Error during cleaning
HKLM\SOFTWARE\Classes\DyFuCA_BH.BHObj.1 -> Adware.MoneyTree : Error during cleaning
HKLM\SOFTWARE\Classes\DyFuCA_BH.SinkObj -> Adware.MoneyTree : Error during cleaning
HKLM\SOFTWARE\Classes\DyFuCA_BH.SinkObj.1 -> Adware.MoneyTree : Error during cleaning
HKLM\SOFTWARE\Classes\YSBactivex.Installer -> Adware.YourSiteBar : Error during cleaning
HKLM\SOFTWARE\YourSiteBar -> Adware.ISTBar : Error during cleaning
HKLM\SOFTWARE\YourSiteBar\Historyfiles -> Adware.ISTBar : Error during cleaning
HKLM\SOFTWARE\YourSiteBar\Historymusic_keyword -> Adware.ISTBar : Error during cleaning
C:\Documents and Settings\RR\Cookies\rr@hitbox[1].txt -> TrackingCookie.Hitbox : Cleaned with backup
C:\Documents and Settings\RR\Cookies\rr@doubleclick[1].txt -> TrackingCookie.Doubleclick : Cleaned with backup
C:\Documents and Settings\RR\Cookies\rr@ehg-logantod.hitbox[1].txt -> TrackingCookie.Hitbox : Cleaned with backup
C:\Documents and Settings\RR\Cookies\rr@e-2dj6wgkoagd5kho.stats.esomniture[2].txt -> TrackingCookie.Esomniture : Cleaned with backup
C:\Documents and Settings\RR\Cookies\rr@microsofteup.112.2o7[1].txt -> TrackingCookie.2o7 : Cleaned with backup
C:\Documents and Settings\family\My Documents\My Pictures\krissy's folder\Setup.exe -> Adware.Zango : Cleaned with backup
C:\Documents and Settings\family\Cookies\family@atdmt[1].txt -> TrackingCookie.Atdmt : Cleaned with backup
C:\Documents and Settings\family\Cookies\family@bs.serving-sys[1].txt -> TrackingCookie.Serving-sys : Cleaned with backup
C:\Documents and Settings\family\Cookies\family@doubleclick[1].txt -> TrackingCookie.Doubleclick : Cleaned with backup
C:\Documents and Settings\family\Cookies\family@msnportal.112.2o7[1].txt -> TrackingCookie.2o7 : Cleaned with backup
C:\Documents and Settings\family\Cookies\family@tacoda[1].txt -> TrackingCookie.Tacoda : Cleaned with backup
C:\Documents and Settings\family\Cookies\family@targetnet[2].txt -> TrackingCookie.Targetnet : Cleaned with backup
C:\Documents and Settings\family\Cookies\family@mediaplex[1].txt -> TrackingCookie.Mediaplex : Cleaned with backup
C:\Documents and Settings\family\Cookies\family@serving-sys[2].txt -> TrackingCookie.Serving-sys : Cleaned with backup
C:\Documents and Settings\family\Cookies\family@casalemedia[2].txt -> TrackingCookie.Casalemedia : Cleaned with backup
C:\Documents and Settings\family\Cookies\family@e-2dj6wgk4klazido.stats.esomniture[1].txt -> TrackingCookie.Esomniture : Cleaned with backup
C:\Documents and Settings\family\Cookies\family@e-2dj6wjl4omczmlp.stats.esomniture[2].txt -> TrackingCookie.Esomniture : Cleaned with backup
C:\Documents and Settings\family\Cookies\family@fastclick[2].txt -> TrackingCookie.Fastclick : Cleaned with backup
C:\Documents and Settings\family\Cookies\family@media.fastclick[2].txt -> TrackingCookie.Fastclick : Cleaned with backup
C:\Documents and Settings\family\Cookies\family@zedo[1].txt -> TrackingCookie.Zedo : Cleaned with backup
C:\Documents and Settings\family\Cookies\family@ad.yieldmanager[1].txt -> TrackingCookie.Yieldmanager : Cleaned with backup
C:\System Volume Information\_restore{C6174862-F908-49C1-A35C-2FA1940B5F23}\RP68\A0007972.dll -> Adware.HotBar : Cleaned with backup
C:\System Volume Information\_restore{C6174862-F908-49C1-A35C-2FA1940B5F23}\RP68\A0007976.dll -> Adware.HotBar : Cleaned with backup
C:\System Volume Information\_restore{C6174862-F908-49C1-A35C-2FA1940B5F23}\RP70\A0008717.dll -> Adware.HotBar : Cleaned with backup
C:\System Volume Information\_restore{C6174862-F908-49C1-A35C-2FA1940B5F23}\RP70\A0008721.dll -> Adware.HotBar : Cleaned with backup
C:\System Volume Information\_restore{C6174862-F908-49C1-A35C-2FA1940B5F23}\RP70\A0009346.dll -> Adware.HotBar : Cleaned with backup
C:\System Volume Information\_restore{C6174862-F908-49C1-A35C-2FA1940B5F23}\RP70\A0009350.dll -> Adware.HotBar : Cleaned with backup
C:\System Volume Information\_restore{C6174862-F908-49C1-A35C-2FA1940B5F23}\RP93\A0015797.DLL -> Downloader.IstBar : Cleaned with backup

::Report EndLogfile of HijackThis v1.99.1
Scan saved at 9:44:58 AM, on 30/05/2006
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\acer\Acer eConsole\MediaServerService.exe
C:\Program Files\CA\eTrust Internet Security Suite\eTrust EZ Antivirus\ISafe.exe
C:\Program Files\ewido anti-malware\ewidoctrl.exe
C:\Program Files\ewido anti-malware\ewidoguard.exe
C:\WINDOWS\SOUNDMAN.EXE
C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe
C:\WINDOWS\AGRSMMSG.exe
C:\WINDOWS\vsnpstd2.exe
C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_S4I3V 1.EXE
C:\Program Files\Acer\Acer eMode Management\AspireService.exe
C:\Program Files\Acer\Acer eConsole\MediaSync.exe
C:\Program Files\QuickTime\qttask.exe
C:\Program Files\CA\eTrust Internet Security Suite\caissdt.exe
C:\Program Files\CA\eTrust Internet Security Suite\eTrust EZ Antivirus\CAVTray.exe
C:\WINDOWS\system32\drivers\KodakCCS.exe
C:\Program Files\CA\eTrust Internet Security Suite\eTrust EZ Antivirus\CAVRID.exe
C:\Program Files\eBay\eBay Toolbar2\eBayTBDaemon.exe
C:\Program Files\Adobe\Photoshop Album Starter Edition\3.0\Apps\apdproxy.exe
C:\PROGRA~1\MYWEBS~1\bar\1.bin\mwsoemon.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\sistray.exe
C:\Program Files\CA\eTrust Internet Security Suite\eTrust EZ Antivirus\VetMsg.exe
C:\Program Files\acer\eRecovery\Monitor.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\NOTEPAD.EXE
C:\Documents and Settings\RR\Desktop\hijackthis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.bigpond.com/myaccount
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.bigpond.com/
O2 - BHO: (no name) - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - (no file)
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: eBay Toolbar Helper - {22D8E815-4A5E-4DFB-845E-AAB64207F5BD} - C:\Program Files\eBay\eBay Toolbar2\eBayTB.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O2 - BHO: EpsonToolBandKicker Class - {E99421FB-68DD-40F0-B4AC-B7027CAE2F1A} - C:\Program Files\EPSON\EPSON Web-To-Page\EPSON Web-To-Page.dll
O3 - Toolbar: EPSON Web-To-Page - {EE5D279F-081B-4404-994D-C6B60AAEBA6D} - C:\Program Files\EPSON\EPSON Web-To-Page\EPSON Web-To-Page.dll
O3 - Toolbar: DAP Bar - {62999427-33FC-4baf-9C9C-BCE6BD127F08} - C:\Program Files\DAP\DAPIEBar.dll
O3 - Toolbar: eBay Toolbar - {92085AD4-F48A-450D-BD93-B28CC7DF67CE} - C:\Program Files\eBay\eBay Toolbar2\eBayTB.dll
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - (no file)
O4 - HKLM\..\Run: [LaunchApp] Alaunch
O4 - HKLM\..\Run: [SiSUSBRG] C:\WINDOWS\SiSUSBrg.exe
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [RemoteControl] "C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe"
O4 - HKLM\..\Run: [IMJPMIG8.1] "C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE" /Spoil /RemAdvDef /Migration32
O4 - HKLM\..\Run: [MSPY2002] C:\WINDOWS\system32\IME\PINTLGNT\ImScInst.exe /SYNC
O4 - HKLM\..\Run: [PHIME2002ASync] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /SYNC
O4 - HKLM\..\Run: [PHIME2002A] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /IMEName
O4 - HKLM\..\Run: [eRecoveryService] C:\Windows\System32\Check.exe
O4 - HKLM\..\Run: [SiSPower] Rundll32.exe SiSPower.dll,ModeAgent
O4 - HKLM\..\Run: [AGRSMMSG] AGRSMMSG.exe
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [SNPSTD2] C:\WINDOWS\vsnpstd2.exe
O4 - HKLM\..\Run: [EPSON Stylus CX1500 Series] C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_S4I3V 1.EXE /P26 "EPSON Stylus CX1500 Series" /O6 "USB002" /M "Stylus CX1500"
O4 - HKLM\..\Run: [EPSON Stylus CX1500 Series (Copy 1)] C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_S4I3V 1.EXE /P35 "EPSON Stylus CX1500 Series (Copy 1)" /O6 "USB002" /M "Stylus CX1500"
O4 - HKLM\..\Run: [AspireService] C:\Program Files\Acer\Acer eMode Management\AspireService.exe
O4 - HKLM\..\Run: [MediaSync] C:\Program Files\Acer\Acer eConsole\MediaSync.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [CaISSDT] "C:\Program Files\CA\eTrust Internet Security Suite\caissdt.exe"
O4 - HKLM\..\Run: [CaAvTray] "C:\Program Files\CA\eTrust Internet Security Suite\eTrust EZ Antivirus\CAVTray.exe"
O4 - HKLM\..\Run: [CAVRID] "C:\Program Files\CA\eTrust Internet Security Suite\eTrust EZ Antivirus\CAVRID.exe"
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [eBayToolbar] C:\Program Files\eBay\eBay Toolbar2\eBayTBDaemon.exe
O4 - HKLM\..\Run: [CloneDVDElbyDelay] "C:\Program Files\Elaborate Bytes\CloneDVD\ElbyCheck.exe" /L ElbyDelay
O4 - HKLM\..\Run: [Adobe Photo Downloader] "C:\Program Files\Adobe\Photoshop Album Starter Edition\3.0\Apps\apdproxy.exe"
O4 - HKLM\..\Run: [My Web Search Bar] rundll32 C:\PROGRA~1\MYWEBS~1\bar\1.bin\MWSBAR.DLL,S
O4 - HKLM\..\Run: [MyWebSearch Email Plugin] C:\PROGRA~1\MYWEBS~1\bar\1.bin\mwsoemon.exe
O4 - Global Startup: Utility Tray.lnk = C:\WINDOWS\system32\sistray.exe
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O8 - Extra context menu item: &Download with &DAP - C:\Program Files\DAP\dapextie.htm
O8 - Extra context menu item: &eBay Search - res://C:\Program Files\eBay\eBay Toolbar2\eBayTb.dll/RCSearch.html
O8 - Extra context menu item: Download &all with DAP - C:\Program Files\DAP\dapextie2.htm
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll
O14 - IERESET.INF: START_PAGE_URL=http://www.bigpond.com/
O16 - DPF: {193C772A-87BE-4B19-A7BB-445B226FE9A1} (ewidoOnlineScan Control) - http://download.ewido.net/ewidoOnlineScan.cab
O16 - DPF: {1F2F4C9E-6F09-47BC-970D-3C54734667FE} (LSSupCtl Class) - http://www.symantec.com/techsupp/asa/ctrl/LSSupCtl.cab
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsof...?1144108616781
O16 - DPF: {B38870E4-7ECB-40DA-8C6A-595F0A5519FF} (MsnMessengerSetupDownloadControl Class) - http://messenger.msn.com/download/Ms...Downloader.cab
O16 - DPF: {CE28D5D2-60CF-4C7D-9FE8-0F47A3308078} (ActiveDataInfo Class) - http://www.symantec.com/techsupp/asa/ctrl/SymAData.cab
O16 - DPF: {E991BDE0-9816-4094-853E-6BDB60F0342D} (Get_ActiveX Control) - http://apps.corel.com/nos_dl_manager...etOpPlugin.ocx
O17 - HKLM\System\CS1\Services\Tcpip\Parameters: SearchList = qld.bigpond.net.au
O17 - HKLM\System\CS1\Services\VxD\MSTCP: SearchList = qld.bigpond.net.au
O17 - HKLM\System\CS2\Services\Tcpip\Parameters: SearchList = qld.bigpond.net.au
O17 - HKLM\System\CS2\Services\VxD\MSTCP: SearchList = qld.bigpond.net.au
O17 - HKLM\System\CCS\Services\VxD\MSTCP: SearchList = qld.bigpond.net.au
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: SearchList = qld.bigpond.net.au
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - "C:\PROGRA~1\MSNMES~1\msgrapp.dll" (file missing)
O20 - AppInit_DLLs: MsgPlusLoader.dll
O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll
O23 - Service: Acer Media Server - Acer Inc. - C:\Program Files\acer\Acer eConsole\MediaServerService.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
O23 - Service: CAISafe - Computer Associates International, Inc. - C:\Program Files\CA\eTrust Internet Security Suite\eTrust EZ Antivirus\ISafe.exe
O23 - Service: ewido security suite control - ewido networks - C:\Program Files\ewido anti-malware\ewidoctrl.exe
O23 - Service: ewido security suite guard - ewido networks - C:\Program Files\ewido anti-malware\ewidoguard.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPodService - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Kodak Camera Connection Software (KodakCCS) - Eastman Kodak Company - C:\WINDOWS\system32\drivers\KodakCCS.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: VET Message Service (VETMSGNT) - Computer Associates International, Inc. - C:\Program Files\CA\eTrust Internet Security Suite\eTrust EZ Antivirus\VetMsg.exe
Glad this makes sense to you. Thanks for your help so far . When i turned on the computer it loaded about 50 pages from explorer, took ages to get rid of them , they kept somming up and filling the screen but they all exentually stopped. Dont understand what that was either......

**Neal** · 30-05-2006

HI,

Go here http://www.bitdefender.com/scan8/ie.html and run an online scan with BitDefender (you will need to use Internet Explorer for this scan). When the ActiveX Control has loaded, click on "Click here to scan" and grab a coffee.

When BitDefender completes the scan, select the "Detected Problems" tab. Click on "Click here to export scan". Save the file as an HTML to your Desktop. Then click on the saved file and allow it to open with your browser. Go to Edit - Select All then copy/paste that log back here. Post back and let us know what it found (post the log).

And post a new HJT log also with scan results from both scanners thanks.

Also...

Open Hijackthis.

Click the "Open the Misc Tools" section Button.

Click the "Open Uninstall Manager" Button.

Click the "Save list..." Button.

Save it to your desktop. Copy and paste the contents into your reply.

**shazza_170** · 31-05-2006

Hi Neal, buggered up when it went to send report to desktop i pressed save but it hasnt gone there.
What do i look in to find it and send it back to desktop???????????????????? thanks shazz

**Neal** · 31-05-2006

I don't know, just try again, was this what your talking about:

Open Hijackthis.

Click the "Open the Misc Tools" section Button.

Click the "Open Uninstall Manager" Button.

Click the "Save list..." Button.

Save it to your desktop. Copy and paste the contents into your reply.

Don't forget BitDefender log also.

**shazza_170** · 01-06-2006

Hi Neal sorry when i was doing the bitfinder that is the 1 i can find. Some times i think everyone can see what i can see and i forget all you have in front of you (IS NOT MY SCREEN OR COMPUTER).

Seems i am conufsing more than just me at the moment.

**Neal** · 01-06-2006

Please post all relavent information I need to see.

**shazza_170** · 02-06-2006

BitDefender Online Scanner

Scan report generated at: Fri, Jun 02, 2006 - 15:57:24

Scan path: C:\;D:\;E:\;F:\;G:\;H:\;I:\;

Statistics

Time
00:57:45

Files
397074

Folders
6999

Boot Sectors
4

Archives
10279

Packed Files
27807

Results

Identified Viruses
1

Infected Files
5

Suspect Files
0

Warnings
0

Disinfected
0

Deleted Files
5

Engines Info

Virus Definitions
386147

Engine build
AVCORE v1.0 (build 2310) (i386) (Apr 17 2006 16:24:38)

Scan plugins
13

Archive plugins
40

Unpack plugins
4

E-mail plugins
6

System plugins
1

Scan Settings

First Action
Disinfect

Second Action
Delete

Heuristics
Yes

Enable Warnings
Yes

Scanned Extensions
*;

Exclude Extensions

Scan Emails
Yes

Scan Archives
Yes

Scan Packed
Yes

Scan Files
Yes

Scan Boot
Yes

Scanned File

C:\Documents and Settings\RR\.housecall\Quarantine\A0022889.exe.bac _a03924=>(Quarantine-4)=>(NSIS o)=>lzma_nsis0004
Infected with: Trojan.Downloader.IstBar.OK

C:\Documents and Settings\RR\.housecall\Quarantine\A0022889.exe.bac _a03924=>(Quarantine-4)=>(NSIS o)=>lzma_nsis0004
Disinfection failed

C:\Documents and Settings\RR\.housecall\Quarantine\A0022889.exe.bac _a03924=>(Quarantine-4)=>(NSIS o)=>lzma_nsis0004
Deleted

C:\Documents and Settings\RR\.housecall\Quarantine\A0022889.exe.bac _a03924=>(Quarantine-4)=>(NSIS o)
Update failed

C:\Documents and Settings\RR\.housecall\Quarantine\A0022890.exe.bac _a03924=>(Quarantine-4)=>(NSIS o)=>lzma_nsis0004
Infected with: Trojan.Downloader.IstBar.OK

C:\Documents and Settings\RR\.housecall\Quarantine\A0022890.exe.bac _a03924=>(Quarantine-4)=>(NSIS o)=>lzma_nsis0004
Disinfection failed

C:\Documents and Settings\RR\.housecall\Quarantine\A0022890.exe.bac _a03924=>(Quarantine-4)=>(NSIS o)=>lzma_nsis0004
Deleted

C:\Documents and Settings\RR\.housecall\Quarantine\A0022890.exe.bac _a03924=>(Quarantine-4)=>(NSIS o)
Update failed

C:\Documents and Settings\RR\.housecall\Quarantine\A0022907.exe.bac _a03924=>(Quarantine-4)=>(NSIS o)=>lzma_nsis0004
Infected with: Trojan.Downloader.IstBar.OK

C:\Documents and Settings\RR\.housecall\Quarantine\A0022907.exe.bac _a03924=>(Quarantine-4)=>(NSIS o)=>lzma_nsis0004
Disinfection failed

C:\Documents and Settings\RR\.housecall\Quarantine\A0022907.exe.bac _a03924=>(Quarantine-4)=>(NSIS o)=>lzma_nsis0004
Deleted

C:\Documents and Settings\RR\.housecall\Quarantine\A0022907.exe.bac _a03924=>(Quarantine-4)=>(NSIS o)
Update failed

C:\Documents and Settings\RR\.housecall\Quarantine\A0022908.exe.bac _a03924=>(Quarantine-4)=>(NSIS o)=>lzma_nsis0004
Infected with: Trojan.Downloader.IstBar.OK

C:\Documents and Settings\RR\.housecall\Quarantine\A0022908.exe.bac _a03924=>(Quarantine-4)=>(NSIS o)=>lzma_nsis0004
Disinfection failed

C:\Documents and Settings\RR\.housecall\Quarantine\A0022908.exe.bac _a03924=>(Quarantine-4)=>(NSIS o)=>lzma_nsis0004
Deleted

C:\Documents and Settings\RR\.housecall\Quarantine\A0022908.exe.bac _a03924=>(Quarantine-4)=>(NSIS o)
Update failed

C:\Documents and Settings\RR\.housecall\Quarantine\A0014187.exe.bac _a03924=>(Quarantine-4)=>(NSIS o)=>lzma_nsis0004
Infected with: Trojan.Downloader.IstBar.OK

C:\Documents and Settings\RR\.housecall\Quarantine\A0014187.exe.bac _a03924=>(Quarantine-4)=>(NSIS o)=>lzma_nsis0004
Disinfection failed

C:\Documents and Settings\RR\.housecall\Quarantine\A0014187.exe.bac _a03924=>(Quarantine-4)=>(NSIS o)=>lzma_nsis0004
Deleted

C:\Documents and Settings\RR\.housecall\Quarantine\A0014187.exe.bac _a03924=>(Quarantine-4)=>(NSIS o)
Update failed

Acer eConsole
Acer eMode Management
Ad-Aware SE Personal
Adobe Acrobat 5.0
Adobe Download Manager 2.0 (Remove Only)
Adobe Reader 7.0.7
Adobe® Photoshop® Album Starter Edition 3.0
Alchemy Deluxe 1.6
ATI - Software Uninstall Utility
ATI Display Driver
BigPond ADSL SIK 5.6 Files
CA eTrust EZ Antivirus
CardRd81
CCHelp
CCScore
CloneDVD
Collab
Corel Paint Shop Pro X
CR2
Crystal 3D IMPACT! Pro
DigiGuide TV Guide
DivX
DivX Player
DivX Web Player
Download Accelerator Plus (DAP)
DVD Decrypter (Remove Only)
eBay Toolbar
EPSON CardMonitor
EPSON PhotoQuicker3.5
EPSON PhotoStarter3.1
EPSON PRINT Image Framer Tool2.1
EPSON Printer Software
EPSON Scan Tool Light 1.0
EPSON Web-To-Page
ESSAdpt
ESSANUP
ESSBrwr
ESSCAM
ESSCDBK
ESScore
ESSCT
ESSgui
ESShelp
ESSini
ESSPCD
ESSPDock
ESSSONIC
ESSTUTOR
ESSvpaht
ESSvpot
ewido anti-malware
Google Video Player
Grouper
HijackThis 1.99.1
HLPCCTR
HLPIndex
HLPPDOCK
HLPRFO
iTunes
J2SE Runtime Environment 5.0 Update 6
Jasc Paint Shop Pro 8
Java Runtime Environment 1.1
Kodak EasyShare software
KSU
Macromedia Flash Player 8
Macromedia Shockwave Player
Microsoft .NET Framework 1.1
Microsoft .NET Framework 1.1
Microsoft .NET Framework 1.1 Hotfix (KB886903)
Microsoft Works
MSN Messenger 7.5
Notifier
NTI Backup NOW! 4
NTI CD & DVD-Maker
NVIDIA Drivers
openCanvas3.06E Plus
OTtBP
OTtBPSDK
PC DoorGuard 4
PCDLNCH
PIF DESIGNER2.1
PowerDVD
QuickTime
Realtek AC'97 Audio
RelevantKnowledge
Security Update for Windows Media Player (KB911564)
Security Update for Windows XP (KB890046)
Security Update for Windows XP (KB893066)
Security Update for Windows XP (KB893756)
Security Update for Windows XP (KB896358)
Security Update for Windows XP (KB896422)
Security Update for Windows XP (KB896423)
Security Update for Windows XP (KB896424)
Security Update for Windows XP (KB896428)
Security Update for Windows XP (KB899587)
Security Update for Windows XP (KB899591)
Security Update for Windows XP (KB900725)
Security Update for Windows XP (KB901017)
Security Update for Windows XP (KB901190)
Security Update for Windows XP (KB901214)
Security Update for Windows XP (KB902400)
Security Update for Windows XP (KB904706)
Security Update for Windows XP (KB905414)
Security Update for Windows XP (KB905749)
Security Update for Windows XP (KB905915)
Security Update for Windows XP (KB908519)
Security Update for Windows XP (KB908531)
Security Update for Windows XP (KB911562)
Security Update for Windows XP (KB911567)
Security Update for Windows XP (KB911927)
Security Update for Windows XP (KB912812)
Security Update for Windows XP (KB912919)
Security Update for Windows XP (KB913446)
Security Update for Windows XP (KB913580)
SFR
SFR2
SiS 900 PCI Fast Ethernet Adapter Driver
SiS VGA Utilities
SiSAGP driver
SlimCam 4600
SmartCamera Ver 2.1
Spybot - Search & Destroy 1.4
The Sudoku Challenge!
Ultimate Mahjongg
Update for Windows XP (KB894391)
Update for Windows XP (KB898461)
Update for Windows XP (KB900485)
Update for Windows XP (KB910437)
USB PC Camera (SN9C103)
VCAMCEN
VPRINTOL
Windows Backup Utility
Windows Installer 3.1 (KB893803)
Windows Installer 3.1 (KB893803)
Windows Media Format Runtime
Windows Media Player 10
Windows XP Hotfix - KB867282
Windows XP Hotfix - KB873339
Windows XP Hotfix - KB885250
Windows XP Hotfix - KB885835
Windows XP Hotfix - KB885836
Windows XP Hotfix - KB886185
Windows XP Hotfix - KB887472
Windows XP Hotfix - KB887742
Windows XP Hotfix - KB888113
Windows XP Hotfix - KB888302
Windows XP Hotfix - KB890047
Windows XP Hotfix - KB890175
Windows XP Hotfix - KB890859
Windows XP Hotfix - KB891781
WinRAR archiver
Yahoo! Toolbar

Hope this time i have done it right. Thank you for being patient with me Many thanks, shazz

**Neal** · 02-06-2006

Hi youre doing just fine.

If DAP is the free version...

Go to Control Panel > Add/Remove Programs and uninstall (if found):
DAP (Download Accelerator Plus)
(Note: it opens half a dozen connections to ad-servers and downloads and infects you with the Cydoor infection.)

Reboot.

This one is better:
Leechget:
http://www.leechget.net/en/

Info on other alternates are here:
http://www.safer-networking.org/inde...nload-managers

Also Sunjava is out of date and as such is a security issue..

Update Java:

* Go to Start > Control Panel double-click on the Software icon > add/remove programs.
* Search in the list for all previous installed versions of Java. (J2SE Runtime Environment.... )

It should have next icon next to it:

Select it and click Remove.
* Then Download and install the newest version from here:
Sun Java

How is your computer behaving now?

Please post another hijackthis log after the above.

please help novis in trouble

please help novis in trouble

Similar Threads

Net trouble

Add-ons Trouble

SWF trouble

New CD rom trouble

USB trouble