My Specs........
Operating System = Microsoft Windows ME
CPU Type = Intel Celeron II, 566 MHz
System Memory = 192 MB (SDRAM)
Video Adapter = ELSA GLADIAC 511 PCI + Intel(r) 82810 Graphics Controller
ISP = AOL 6.0

Hi, I recently had a probelm with the bridge.dll error on startup, I managed to get rid of it and some other things by running Spybot and Hijack this to remove the required files.

Now the problem has gone I was wondering if someone could take a look at the latest log file from Hijack This and tell me if I should remove anything else?

If so plz let me know so I can post the log.

A few more questions...
When I started up Hijack this it crashed my firewall which is Zone Alarm 4.5.538.001 and Hijack This takes awhile to start up when I open it. Should it crash my firewall?

Thnx.

!Hmm!

HotShot

Since Spybot removed a bunch of stuff...also download and run Ad-aware. It will catch some things Spybot misses.

Download here:

http://www.lavasoftusa.com/software/adaware

Help to set it up properly here:

http://www.lavahelp.com/howto/fullscan/index.html

Run the scan while offline and antivirus disabled to prevent conflicts.
Choose the custom scan mode.

Let it remove all it finds.

Reboot when done.

Then post a fresh log and I will check it.

No...Hijack should not crash your firewall. I run Zone Alarm too and don't have any problems.
Mine takes a while to scan because I have thousands of sites in restricted zone of IE and hijack scans that too...other than that it shouldn't take much time to run.

Might be worth running a virus scan here:

http://www.ravantivirus.com/scan/

Disable your own antivirus to run the online scan.

Let me know results of virus scan if anything turns up. (copy/paste report)
___________________________________

I never give up!

Windows Update

Ok I got Ad aware and did a full scan and let it remove the objects it found, and then run Hijack This, heres the log..............

Logfile of HijackThis v1.97.7
Scan saved at 02:06:39, on 09/04/2004
Platform: Windows ME (Win9x 4.90.3000)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:
C:\WINDOWS\SYSTEM\KERNEL32.DLL
C:\WINDOWS\SYSTEM\MSGSRV32.EXE
C:\WINDOWS\SYSTEM\mmtask.tsk
C:\WINDOWS\SYSTEM\MPREXE.EXE
C:\WINDOWS\SYSTEM\MSTASK.EXE
C:\WINDOWS\SYSTEM\SSDPSRV.EXE
C:\WINDOWS\EXPLORER.EXE
C:\WINDOWS\SYSTEM\RESTORE\STMGR.EXE
C:\WINDOWS\TASKMON.EXE
C:\WINDOWS\SYSTEM\SYSTRAY.EXE
C:\WINDOWS\SYSTEM\PELMICED.EXE
C:\IBMTOOLS\APTEZBTN\APTEZBP.EXE
C:\WINDOWS\SYSTEM\WMIEXE.EXE
C:\WINDOWS\MIXER.EXE
C:\WINDOWS\SYSTEM\SPOOL32.EXE
C:\WINDOWS\SYSTEM\DDHELP.EXE
C:\PROGRAM FILES\HIJACK THIS\HIJACKTHIS.EXE

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://www.aol.co.uk/search
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://charlotte.poncet.free.fr/hs-lair/
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Microsoft Internet Explorer provided by AOL
O2 - BHO: (no name) - {9C691A33-7DDA-4C2F-BE4C-C176083F35CF} - C:\WINDOWS\SYSTEM\BRIDGE.DLL (file missing)
O2 - BHO: RUPK - {604B283A-4E26-4504-98E7-72859F949547} - C:\PROGRA~1\HITWAR~1\SYPCMS.DLL
O4 - HKLM\..\Run: [ScanRegistry] C:\WINDOWS\scanregw.exe /autorun
O4 - HKLM\..\Run: [TaskMonitor] C:\WINDOWS\taskmon.exe
O4 - HKLM\..\Run: [PCHealth] C:\WINDOWS\PCHealth\Support\PCHSchd.exe -s
O4 - HKLM\..\Run: [SystemTray] SysTray.Exe
O4 - HKLM\..\Run: [LoadPowerProfile] Rundll32.exe powrprof.dll,LoadCurrentPwrScheme
O4 - HKLM\..\Run: [GDRIVE] C:\IBMTOOLS\IBMBOOT\GDRIVE.EXE -N
O4 - HKLM\..\Run: [Mouse Suite 98 Daemon] PELMICED.EXE
O4 - HKLM\..\Run: [AEZBProc] c:\ibmtools\aptezbtn\aptezbp.exe
O4 - HKLM\..\Run: [ZIBMACC] c:\windows\rundll.exe setupx.dll,InstallHinfSection DefaultInstall 128 C:\WINDOWS\INF\ZIBMACC.INF
O4 - HKLM\..\Run: [POINTER] point32.exe
O4 - HKLM\..\Run: [WinampAgent] "C:\Program Files\Winamp3\winampa.exe"
O4 - HKLM\..\Run: [C-Media Mixer] Mixer.exe /startup
O4 - HKLM\..\Run: [Zone Labs Client] C:\PROGRAM FILES\ZONE LABS\ZONEALARM\ZLCLIENT.EXE
O4 - HKLM\..\RunServices: [LoadPowerProfile] Rundll32.exe powrprof.dll,LoadCurrentPwrScheme
O4 - HKLM\..\RunServices: [SchedulingAgent] mstask.exe
O4 - HKLM\..\RunServices: [SSDPSRV] C:\WINDOWS\SYSTEM\ssdpsrv.exe
O4 - HKLM\..\RunServices: [*StateMgr] C:\WINDOWS\System\Restore\StateMgr.exe
O4 - HKLM\..\RunServices: [TrueVector] C:\WINDOWS\SYSTEM\ZONELABS\VSMON.EXE -service
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background
O4 - Startup: AOL 6.0 Tray Icon.lnk = C:\AOL 6.0\aoltray.exe
O4 - Startup: Adobe Gamma Loader.exe.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O9 - Extra button: Real.com (HKLM)
O14 - IERESET.INF: START_PAGE_URL=http://www.aol.co.uk
O16 - DPF: {9F1C11AA-197B-4942-BA54-47A8489BB47F} (Update Class) - http://v4.windowsupdate.microsoft.com/CAB/x86/ansi/iuctl.CAB?38064.3088541667
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://www.pandasoftware.com/activescan/as5/asinst.cab
O16 - DPF: {02BF25D5-8C17-4B23-BC80-D3488ABDDC6B} (QuickTime Object) - http://www.apple.com/qtactivex/qtplugin.cab
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://download.macromedia.com/pub/shockwave/cabs/flash/swflash.cab

Hope thats what u meant as I wasn't sure if u meant the Ad Aware log or Hijack This, although I kept the Ad Aware logs just incase. Now im going to try that virus scan you recommended, I will post any info from that if it comes up with anything.

Id like to thank you for your help and time so far, so Thnx! :)

!Hmm!

I Did a Virus scan as you suggested and it found 2 trojan Downloaders.
Here is the report...
=============================================
Scan started at 09/04/2004 03:24:50 AM

Scanning memory...
c:\WINDOWS\SYSTEM\sysapp.exe - TrojanDownloader:Win32/Moss.A -> Infected
c:\AOL 6.0\download\ISTactivex.dll - TrojanDownloader:Win32/IstBar.DC -> Infected

Scanned
============================
Objects: 23899
Directories: 2468
Archives: 687
Size(Kb): 125962
Infected files: 2

Found
============================
Viruses found: 2
Suspicious files: 0
Disinfected files: 0
Mail files: 54

I wont delete them untill ive read your reply just incase I should delete them a certain way.
=============================================

!Hmm!

HotShot

Looks like ad-aware did alot of good..

Start hijackthis again, run it's scan and check the following:

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://charlotte.poncet.free.fr/hs-lair/ <- not sure what this is all about...when I visit that url I just get black page with a decorative blue box???

O2 - BHO: (no name) - {9C691A33-7DDA-4C2F-BE4C-C176083F35CF} - C:\WINDOWS\SYSTEM\BRIDGE.DLL (file missing)

O14 - IERESET.INF: START_PAGE_URL=http://www.aol.co.uk

Once all are checked, close all open windows except hijack and click fix checked

Reboot the computer and delete the following:

c:\WINDOWS\SYSTEM\sysapp.exe <-file
c:\AOL 6.0\download\ISTactivex.dll <-file

They may be hidden files
To show hidden files/folders:

Open my computer
Select tools menu and click folder options
Select view tab
Under hidden files/folders heading check "show hidden files and folders"
Click apply
Click ok

Run another scan with ad-aware to see if it has cleaned out all the junk...and post a fresh hijack log.

Has this fixed the issues or are there still problems?
Is hijack still crashing firewall?

I will check back in a bit...
____________________________________

I never give up!

Windows Update

Ok I did the above although sysapp.exe wasn't there (not even a hidden file) I assume this was the virus panda activescan removed last night, I did a scan with panda to double check if I had any viruses, it found 1 and removed it.

So heres a fresh Hijack this log.........

Logfile of HijackThis v1.97.7
Scan saved at 09:02:50, on 09/04/2004
Platform: Windows ME (Win9x 4.90.3000)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:
C:\WINDOWS\SYSTEM\KERNEL32.DLL
C:\WINDOWS\SYSTEM\MSGSRV32.EXE
C:\WINDOWS\SYSTEM\mmtask.tsk
C:\WINDOWS\SYSTEM\MPREXE.EXE
C:\WINDOWS\SYSTEM\MSTASK.EXE
C:\WINDOWS\SYSTEM\SSDPSRV.EXE
C:\WINDOWS\SYSTEM\ZONELABS\VSMON.EXE
C:\WINDOWS\EXPLORER.EXE
C:\WINDOWS\SYSTEM\RESTORE\STMGR.EXE
C:\WINDOWS\TASKMON.EXE
C:\WINDOWS\SYSTEM\SYSTRAY.EXE
C:\WINDOWS\SYSTEM\PELMICED.EXE
C:\IBMTOOLS\APTEZBTN\APTEZBP.EXE
C:\WINDOWS\SYSTEM\WMIEXE.EXE
C:\PROGRAM FILES\ZONE LABS\ZONEALARM\ZLCLIENT.EXE
C:\PROGRAM FILES\MSN MESSENGER\MSNMSGR.EXE
C:\WINDOWS\SYSTEM\DDHELP.EXE
C:\PROGRAM FILES\HIJACK THIS\HIJACKTHIS.EXE

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://www.aol.co.uk/search
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Microsoft Internet Explorer provided by AOL
O2 - BHO: RUPK - {604B283A-4E26-4504-98E7-72859F949547} - C:\PROGRA~1\HITWAR~1\SYPCMS.DLL
O4 - HKLM\..\Run: [ScanRegistry] C:\WINDOWS\scanregw.exe /autorun
O4 - HKLM\..\Run: [TaskMonitor] C:\WINDOWS\taskmon.exe
O4 - HKLM\..\Run: [PCHealth] C:\WINDOWS\PCHealth\Support\PCHSchd.exe -s
O4 - HKLM\..\Run: [SystemTray] SysTray.Exe
O4 - HKLM\..\Run: [LoadPowerProfile] Rundll32.exe powrprof.dll,LoadCurrentPwrScheme
O4 - HKLM\..\Run: [GDRIVE] C:\IBMTOOLS\IBMBOOT\GDRIVE.EXE -N
O4 - HKLM\..\Run: [Mouse Suite 98 Daemon] PELMICED.EXE
O4 - HKLM\..\Run: [AEZBProc] c:\ibmtools\aptezbtn\aptezbp.exe
O4 - HKLM\..\Run: [ZIBMACC] c:\windows\rundll.exe setupx.dll,InstallHinfSection DefaultInstall 128 C:\WINDOWS\INF\ZIBMACC.INF
O4 - HKLM\..\Run: [POINTER] point32.exe
O4 - HKLM\..\Run: [WinampAgent] "C:\Program Files\Winamp3\winampa.exe"
O4 - HKLM\..\Run: [C-Media Mixer] Mixer.exe /startup
O4 - HKLM\..\Run: [Zone Labs Client] C:\PROGRAM FILES\ZONE LABS\ZONEALARM\ZLCLIENT.EXE
O4 - HKLM\..\RunServices: [LoadPowerProfile] Rundll32.exe powrprof.dll,LoadCurrentPwrScheme
O4 - HKLM\..\RunServices: [SchedulingAgent] mstask.exe
O4 - HKLM\..\RunServices: [SSDPSRV] C:\WINDOWS\SYSTEM\ssdpsrv.exe
O4 - HKLM\..\RunServices: [*StateMgr] C:\WINDOWS\System\Restore\StateMgr.exe
O4 - HKLM\..\RunServices: [TrueVector] C:\WINDOWS\SYSTEM\ZONELABS\VSMON.EXE -service
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background
O4 - Startup: AOL 6.0 Tray Icon.lnk = C:\AOL 6.0\aoltray.exe
O4 - Startup: Adobe Gamma Loader.exe.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O9 - Extra button: Real.com (HKLM)
O16 - DPF: {9F1C11AA-197B-4942-BA54-47A8489BB47F} (Update Class) - http://v4.windowsupdate.microsoft.com/CAB/x86/ansi/iuctl.CAB?38064.3088541667
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://www.pandasoftware.com/activescan/as5/asinst.cab
O16 - DPF: {02BF25D5-8C17-4B23-BC80-D3488ABDDC6B} (QuickTime Object) - http://www.apple.com/qtactivex/qtplugin.cab
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://download.macromedia.com/pub/shockwave/cabs/flash/swflash.cab
O16 - DPF: {A3009861-330C-4E10-822B-39D16EC8829D} (CRAVOnline Object) - http://www.ravantivirus.com/scan/ravonline.cab

MY firewall hasn't crashed yet when starting Hijack This since I did as you told me to do.

Also just so you know the url http://charlotte.poncet.free.fr/hs-lair/
is a server I use to upload my website for testing I haven't done any html since I found out about the trojans so thats why the page looks how it does.

!Hmm!

HotShot

Your log looks good now.

Has that resolved the issues?

You assumed right about sysapp.exe...if panda removed it...that would be why you can't find it.

Since that strange url is a server you use...I told you to delete it...but you can restore it if you want.

To do:

Start hijackthis
Click config
Click backups
Hilight the following entry:

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://charlotte.poncet.free.fr/hs-lair/

Then click restore

Reboot to have it take affect. That page should load up when IE starts like it did before we "fixed" it.

For future protection..

Make sure you have all your windows updates.

I recommend installing Spywareblaster, Spywareguard and IE-Spyad.

Spywareblaster installs a "killbit" to the resistry blocking 1800+ bad products from being installed on your computer. It also can set up IE security settings properly. (windows default is not good enough)

Spywareguard watches home and search page settings....if something tries to change it (including you) it alerts you with a popup, you have the choice to keep new value or have it revert back to old settings.

IE-Spyad puts thousands of crap sites in restricted zone of IE where java, active x, and anything else potientially dangerous is disabled. If you happen on a bad site...chances are they can't do anything.

All are free and take no resorces to speak of.

Spywareblaster/spywareguard download:

http://www.javacoolsoftware.com/downloads.html

IE-Spyad download:

http://www.staff.uiuc.edu/~ehowes/resource.htm

Read the instructions on install of ie-spyad...it is a little different.

You might also want to consider purging your system restore (if you havn't already).
Windows may have backed up sone of the infected files in there.
Windows locks that file from modification from any programs including antivirus, ad-aware and the like.
The only way to clean it is to disable system restore, reboot, if you know you are clean then re-enable system restore again, reboot again so it makes new restore point.

Details on how to do here if you need it:

http://service1.symantec.com/SUPPORT/tsgeninfo.nsf/docid/2001012513122239?OpenDocument&src=sec_doc_nam
_____________________________________

I never give up!

Windows Update

Yea everything seems to be running fine now, so thnx :) Although if you wouldn't mind I would appreciate it if you could take a look at the following System Report by SISoftware Sandra......................................

System Summary

Mainboard Information

Power / Aux Temperature 52.0°C / 125.6°F
Notice 224 SMBIOS/DMI information may be inaccurate.
Warning 2507 Mainboard has too few memory slots. Upgrading the memory may be difficult or expensive.
Warning 2508 All memory slots are full. Upgrading the memory may be difficult or expensive.
Warning 2544 System/Video shared memory greatly reduces performance. Use external video card.
Warning 2518 Mainboard temperature is too high.

CPU and BIOS Information

Tip 210 Processor 1 : Mainboard supports faster CPUs, so the CPU can be upgraded when needed.
Notice 224 Processor 1 : SMBIOS/DMI information may be inaccurate.
Tip 201 System BIOS : System BIOS is old. Check for an update.
Notice 224 System BIOS : SMBIOS/DMI information may be inaccurate.
Tip 207 System BIOS : A SMBIOS/DMI 2.3 or later compliant BIOS is recommended. Check for a BIOS update.
Tip 212 System BIOS : BIOS can be shadowed so check whether it is.
Tip 211 System BIOS : BIOS is flash-able and socketed so it can be upgraded when needed.

APM and ACPI Information

Notice 224 SMBIOS/DMI information may be inaccurate.

Video System Information

Tip 2221 Primary Display Driver (display) : Driver is not certified.
Tip 314 Primary Display Driver (display) : Video BIOS is too old. Check for an update.
Tip 2221 ELSA GLADIAC 511 PCI (\\.\Display1\Unit0) @ \\.\Display1\Unit0 : Driver is not certified.
Tip 314 ELSA GLADIAC 511 PCI (\\.\Display1\Unit0) @ \\.\Display1\Unit0 : Video BIOS is too old. Check for an update.
Tip 316 Default Monitor : Use a Energy Star (DPMS) power saving monitor.
Warning 332 Default Monitor : Use a Plug & Play/DDC compatible monitor and video adapter.
Tip 316 Default Monitor : Use a Energy Star (DPMS) power saving monitor.
Warning 332 Default Monitor : Use a Plug & Play/DDC compatible monitor and video adapter

Drives Information

Warning 1.44MB 3.5" (A:) : Cannot obtain drive information; check that a disk is in the drive and it is correctly formatted.
Tip 1805 Ibm_preload (C:) : Change typical role to 'Network Server' to improve disk performance.
Warning CD-ROM/DVD (G:) : Cannot obtain drive information; check that a disk is in the drive and it is correctly formatted.
Warning CD-ROM/DVD (H:) : Cannot obtain
drive information; check that a disk is in
the drive and it is correctly formatted.

Ports Information

Tip 1400 Communications Port (COM1) : An 16550AF+ UART is recommended for good Windows communication.
Tip 1400 Communications Port (COM2) : An
16550AF+ UART is recommended for good
Windows communication.

DirectX Information

Tip 2221 Primary Display Driver (display) : Driver is not certified.
Tip 2221 ELSA GLADIAC 511 PCI (\\.\Display1\Unit0) @ \\.\Display1\Unit0 : Driver is not
certified
.............................................

I had just updated my bios to the latest version I could find at IBM's website before I did this scan and it still says theres a newer version?

Also I can't find any drivers for my Elsa Gladiac 511 PCI GFX card, Elsa don't support it any more :/ I also checked http://www.drivershq.com and they had 1 which said it was for a Elsa Gladiac PCI but when I tried to install it it said it wasn't compatible, If you know of any better places where I could get the drivers please let me know.

One last thing, do You know of any decent free popup killers that are aol compatible?
I could use one, I do have Hiltware popupkiller lite but its not blocked any popups in aol as of yet :/

!Hmm!

HotShot

About the drivers...might want to try driverguide.com

username=drivers
password=all

You can submit a request for hard to find drivers.
One warning tho..I have downloaded a few from there...and they were infected...so make sure you scan em.

Can't really help on the bios part...mine says I need to upgrade too...and I am too chicken to flash it.

Not familliar with AOL hell at all...never used it but I use google (it has a built in popup blocker) for IE..works great...did a popup test and passed every one.

Another great utility for checking stuff about your system is AIDA32...its free and will tell you tons of stuff about your computer.
Including the licence keys for several softwares you may have...comes in handy cus I lost cd cover for couple of my programs and therefore lost the key. Aida32 listed the keys for almost all my programs including winxp and officexp.

One thing that would concern me...in your system report...mainboard temp too high?
Not sure what the temps are supposed to be exactly but might want to look at better cooling system or a good dustbunny cleanout.

Anyway hope some of above helps.

You might also want to post that system log in the hardware forum..lots of good guys there to help. I am more useful in virus/security...lol.
The driver forum at left may point you to something that will work too.

Good luck.

Take care and all the best.
___________________________________

I never give up!

Windows Update

Thnx for your help, SISoftware Sandra wasn't reading the temperature right for some reason, Where as AIDA32 read it at a more stable speed of 30% :)

Also I will check out Nvidia aswell as driverguide.com as AIDA32 gave NVIDIA at the url to get the drivers for the gfx card.

Once again, THNX for the help as its proven very usefull :)

!Hmm!

HotShot

Glad to be of help...Thanks for posting back.

Take care and surf safe.
___________________________________

I never give up!

Windows Update