bridge.dll RUNDLL error

Computing.Net > Forums > Windows Me > bridge.dll RUNDLL error

Computer Problems? Computing.Net has over 1,000,000 posts about all things technology related! Over 90% answered within 24 hours! Click here to start participating now! Also, be sure to check out the New User Guide.

bridge.dll RUNDLL error

Name: Gary89
Date: January 22, 2004 at 14:03:23 Pacific
OS: Window ME
CPU/Ram: Pentium-4, 512RAM

Comment:

On starting my PC, the following RUNDLL error is displayed:
error loading "C:\windows\system\bridge.dll"
The system cannot find the specified file.
Can anybody please advise how to fix this error.

Sponsored Link

Ads by Google

Response Number 1

Name: mesich
Date: January 23, 2004 at 00:29:04 Pacific

Reply:

Hi Gary, hello everyone,
It's a reference to Spyware that was on your computer.
Download, update, and run Spybot.
Download, update, and run CWShredder.
If the problem still exist after those then download and run Hijackthis and post back with the log file.
Best Regards,
Mesich

Response Number 2

Name: Megorbess
Date: January 25, 2004 at 22:31:04 Pacific

Reply:

I also am having the same problem and have run both Spybot and CWShredder with no avail. I have also run Hijackthis and have copied the results below:
Logfile of HijackThis v1.97.7
Scan saved at 1:21:01 AM, on 1/26/2004
Platform: Windows ME (Win9x 4.90.3000)
MSIE: Internet Explorer v5.50 SP1 (5.50.4522.1800)
Running processes:
C:\WINDOWS\SYSTEM\KERNEL32.DLL
C:\WINDOWS\SYSTEM\MSGSRV32.exe
C:\WINDOWS\SYSTEM\mmtask.tsk
C:\WINDOWS\SYSTEM\MPREXE.exe
C:\WINDOWS\SYSTEM\SSDPSRV.exe
C:\PROGRAM FILES\NETROPA\ONE-TOUCH MULTIMEDIA KEYBOARD\MMKEYBD.exe
C:\WINDOWS\SYSTEM\MSTASK.exe
C:\WINDOWS\EXPLORER.exe
C:\PROGRAM FILES\NETROPA\ONE-TOUCH MULTIMEDIA KEYBOARD\KEYBDMGR.exe
C:\PROGRAM FILES\NETROPA\ONSCREEN DISPLAY\OSD.exe
C:\WINDOWS\SYSTEM\RESTORE\STMGR.exe
C:\PROGRAM FILES\NETROPA\ONE-TOUCH MULTIMEDIA KEYBOARD\MMUSBKB2.exe
C:\WINDOWS\SYSTEM\SYSTRAY.exe
C:\WINDOWS\SYSTEM\USBMMKBD.exe
C:\PROGRAM FILES\ADAPTEC\DIRECTCD\DIRECTCD.exe
C:\PROGRAM FILES\MOTIVE\MOTMON.exe
C:\WINDOWS\TASKMON.exe
C:\WINDOWS\DELAYRUN.exe
C:\WINDOWS\SYSTEM\WMIEXE.exe
C:\WINDOWS\SYSTEM\HPSYSDRV.exe
C:\WINDOWS\SYSTEM\HPOOPM07.exe
C:\WINDOWS\SYSTEM\HIDSERV.exe
C:\PROGRAM FILES\HASBRO INTERACTIVE\ATARI ARCADE HITS 1\ATARI ICON.exe
C:\WINDOWS\SYSTEM\QTTASK.exe
C:\PROGRAM FILES\COMMON FILES\REAL\UPDATE_OB\REALSCHED.exe
C:\WINDOWS\GYCKDVTW.exe
C:\WINDOWS\SYSTEM\NAIKHCQN.exe
C:\PROGRAM FILES\COMMON FILES\SLMSS\SLMSS.exe
C:\WINDOWS\MWSVM.exe
C:\WINDOWS\RunDLL.exe
C:\PROGRAM FILES\AWS\WEATHERBUG\WEATHER.exe
C:\WINDOWS\SYSTEM\SPOOL32.exe
C:\PROGRAM FILES\MICROSOFT OFFICE\OFFICE\OSA.exe
C:\PROGRAM FILES\CREATACARD\PLUS\FMREMIND.exe
C:\PROGRAM FILES\HEWLETT-PACKARD\HP PSC 700 SERIES\BIN\HPODEV07.exe
C:\WINDOWS\APPLICATION DATA\DOWNLOADPLUS.exe
C:\WINDOWS\SYSTEM\DDHELP.exe
C:\PROGRAM FILES\HEWLETT-PACKARD\HP PSC 700 SERIES\BIN\HPOEVM07.exe
C:\WINDOWS\SYSTEM\HPOIPM07.exe
C:\PROGRAM FILES\HEWLETT-PACKARD\HP PSC 700 SERIES\BIN\HPOSTS07.exe
C:\WINDOWS\TEMP\TD_0002.DIR\HIJACKTHIS.exe
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://search.instantalbert.com/search.php
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://search.instantalbert.com/search.php
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.iwon.com/
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://search.instantalbert.com/search.php
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://search.instantalbert.com/search.php
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://search.instantalbert.com/search.php
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://search.instantalbert.com/search.php
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = ;localhost;<local>
R3 - URLSearchHook: (no name) - {DD1BCA06-F674-424D-A08E-42DA97C4D5DD} - (no file)
O2 - BHO: (no name) - {71ED4FBA-4024-4bbe-91DC-9704C93F453E} - C:\PROGRAM FILES\IESEARCHBAR\IESEARCHBAR.DLL
O2 - BHO: (no name) - {D8E25C53-9508-4f5c-9249-D98D438891D5} - C:\WINDOWS\SYSTEM\SSURF022.DLL
O2 - BHO: (no name) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\PROGRAM FILES\ADOBE\ACROBAT 6.0\READER\ACTIVEX\ACROIEHELPER.DLL (file missing)
O2 - BHO: iWon Co-Pilot BHO - {C298FB42-E3E2-11D3-ADCD-0050DAC24E8F} - C:\PROGRAM FILES\IWON\IWONBAR\2.BIN\IWONBAR.DLL
O2 - BHO: DefaultSearch.SeekSeek - {5074851C-F67A-488E-A9C9-C244573F4068} - C:\WINDOWS\IEASST.DLL
O2 - BHO: (no name) - {9C691A33-7DDA-4C2F-BE4C-C176083F35CF} - C:\WINDOWS\SYSTEM\BRIDGE.DLL
O2 - BHO: (no name) - {A20CB830-38DA-4F3B-D29F-FBCF728E49FD} - C:\windows\system\sknsdafz.dll
O3 - Toolbar: @msdxmLC.dll,-1@1033,&Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\SYSTEM\MSDXM.OCX
O3 - Toolbar: (no name) - {014DA6C9-189F-421a-88CD-07CFE51CFF10} - (no file)
O3 - Toolbar: IE Search Bar - {71ED4FBA-4024-4bbe-91DC-9704C93F453E} - C:\PROGRAM FILES\IESEARCHBAR\IESEARCHBAR.DLL
O3 - Toolbar: i&Won Co-Pilot - {CA0B9B71-C2AF-11D3-B376-0800460222F0} - C:\PROGRAM FILES\IWON\IWONBAR\2.BIN\IWONBAR.DLL
O4 - HKLM\..\Run: [ScanRegistry] C:\WINDOWS\scanregw.exe /autorun
O4 - HKLM\..\Run: [SystemTray] SysTray.exe
O4 - HKLM\..\Run: [USBMMKBD] usbmmkbd.exe
O4 - HKLM\..\Run: [Adaptec DirectCD] C:\Program Files\ADAPTEC\DIRECTCD\DIRECTCD.exe
O4 - HKLM\..\Run: [MotiveMonitor] C:\Program Files\Motive\motmon.exe
O4 - HKLM\..\Run: [TaskMonitor] C:\WINDOWS\taskmon.exe
O4 - HKLM\..\Run: [PCHealth] C:\WINDOWS\PCHealth\Support\PCHSchd.exe -s
O4 - HKLM\..\Run: [Delay] C:\WINDOWS\delayrun.exe
O4 - HKLM\..\Run: [Hidserv] Hidserv.exe run
O4 - HKLM\..\Run: [LoadPowerProfile] Rundll32.exe powrprof.dll,LoadCurrentPwrScheme
O4 - HKLM\..\Run: [hpsysdrv] c:\windows\system\hpsysdrv.exe
O4 - HKLM\..\Run: [WorksFUD] C:\Program Files\Microsoft Works\wkfud.exe
O4 - HKLM\..\Run: [Microsoft Works Portfolio] C:\Program Files\Microsoft Works\WksSb.exe /AllUsers
O4 - HKLM\..\Run: [HPAIO_PrintFolderMgr] C:\WINDOWS\SYSTEM\hpoopm07.exe
O4 - HKLM\..\Run: [Atari Launcher] C:\Program Files\Hasbro Interactive\Atari Arcade Hits 1\Atari icon.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\WINDOWS\SYSTEM\QTTASK.exe" -atboottime
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [hufrkxmk] C:\WINDOWS\gyckdvtw.exe
O4 - HKLM\..\Run: [SafeSurfingUpdate] C:\WINDOWS\SYSTEM\SSUpdate.exe
O4 - HKLM\..\Run: [apeupdvu] C:\WINDOWS\SYSTEM\naikhcqn.exe
O4 - HKLM\..\Run: [slmss] C:\Program Files\Common Files\slmss\slmss.exe
O4 - HKLM\..\Run: [Mwsvm] C:\WINDOWS\mwsvm.exe
O4 - HKLM\..\Run: [RunDLL] rundll32.exe "C:\WINDOWS\SYSTEM\BRIDGE.DLL",Load
O4 - HKLM\..\Run: [systray] C:\WINDOWS\SYSTEM\A.exe
O4 - HKLM\..\Run: [frsk] C:\WINDOWS\frsk.exe
O4 - HKLM\..\RunServices: [SSDPSRV] C:\WINDOWS\SYSTEM\ssdpsrv.exe
O4 - HKLM\..\RunServices: [LoadPowerProfile] Rundll32.exe powrprof.dll,LoadCurrentPwrScheme
O4 - HKLM\..\RunServices: [*StateMgr] C:\WINDOWS\System\Restore\StateMgr.exe
O4 - HKLM\..\RunServices: [Keyboard Manager] c:\Program Files\Netropa\One-touch Multimedia Keyboard\MMKeybd.exe
O4 - HKLM\..\RunServices: [SchedulingAgent] mstask.exe
O4 - HKCU\..\Run: [Taskbar Display Controls] RunDLL deskcp16.dll,QUICKRES_RUNDLLENTRY
O4 - HKCU\..\Run: [Weather] C:\PROGRAM FILES\AWS\WEATHERBUG\WEATHER.exe 1
O4 - HKCU\..\Run: [Yahoo! Pager] C:\Program Files\Yahoo!\Messenger\ypager.exe -quiet
O4 - Startup: America Online 7.0 Tray Icon.lnk = C:\Program Files\America Online 7.0\aoltray.exe
O4 - Startup: Office Startup.lnk = C:\Program Files\Microsoft Office\Office\OSA.exe
O4 - Startup: Microsoft Find Fast.lnk = C:\Program Files\Microsoft Office\Office\FINDFAST.exe
O4 - Startup: CreataCard Plus 3 Forget Me Not Reminders Tray Icon.lnk = C:\Program Files\CreataCard\Plus\FMRemind.exe
O4 - Startup: HPAiODevice.lnk = C:\Program Files\Hewlett-Packard\hp psc 700 series\bin\hpodev07.exe
O4 - Startup: Download Plus.lnk = C:\WINDOWS\Application Data\DownloadPlus.exe
O9 - Extra button: Related (HKLM)
O9 - Extra 'Tools' menuitem: Show &Related Links (HKLM)
O9 - Extra button: AIM (HKLM)
O9 - Extra button: Real.com (HKLM)
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://download.macromedia.com/pub/shockwave/cabs/flash/swflash.cab
O16 - DPF: {02BF25D5-8C17-4B23-BC80-D3488ABDDC6B} (QuickTime Object) - http://www.apple.com/qtactivex/qtplugin.cab
O16 - DPF: {41F17733-B041-4099-A042-B518BB6A408C} - http://a1540.g.akamai.net/7/1540/52/20011217/qtinstall.info.apple.com/qt505/us/win/QuickTimeInstaller.exe
O16 - DPF: {11260943-421B-11D0-8EAC-0000C07D88CF} (iPIX ActiveX Control) - http://www.ipix.com/viewers/ipixx.cab
O16 - DPF: CTCBridge UTS - https://gw-r8.airline.compuserve.com/http://as-r8.airline.compuserve.com:8080/juts/classi/jutsi.cab
O16 - DPF: {072D3F2E-5FB6-11D3-B461-00C04FA35A21} (CFForm Runtime) - http://www.cityyear.org/CFIDE/classes/CFJava.cab
O16 - DPF: {166B1BCA-3F9C-11CF-8075-444553540000} (Shockwave ActiveX Control) - http://download.macromedia.com/pub/shockwave/cabs/director/sw.cab
O16 - DPF: {D61570B1-61E1-6851-CBF7-B7915CBDFA4E} (DownloadUL Class) - http://public.searchbarcash.com/cab/002/zqonalph.cab
O16 - DPF: {D9EC0A76-03BF-11D4-A509-0090270F86E3} - http://cdn2.adsdk.com/bannerfarm/47309/BundleOuter1132031209.EXE
O16 - DPF: {EB6AFDAB-E16D-430B-A5EE-0408A12289DC} (Installer2 Class) - http://download.mediacharger.com/swimsuitnetwork.cab
O16 - DPF: {4EE301F2-2A6A-4BE0-9FBD-97CDAA40E3E4} - http://i1img.com/images/nocache/copilot/i1initialsetup1.0.0.5.cab
O16 - DPF: {30528230-99F7-4BB4-88D8-FA1D4F56A2AB} (YInstStarter Class) - http://download.yahoo.com/dl/installs/yinst0309.cab
O16 - DPF: {13197ACE-6851-45C3-A7FF-C281324D5489} - http://www.2nd-thought.com/files/install.exe
Please let me know what I need to fix/delete.
Thank you,
Meg

Response Number 3

Name: mesich
Date: January 26, 2004 at 00:26:47 Pacific

Reply:

Hi Meg, hello everyone,
Here is a list of the items you should remove. The items in red are those associated with your error. The others are spyware/adware garbage that definitly should be removed also.
Let me know when you've removed those and we'll clean up some items still leftover on the hard drive.
R3 - URLSearchHook: (no name) - {DD1BCA06-F674-424D-A08E-42DA97C4D5DD} - (no file)
O2 - BHO: (no name) - {71ED4FBA-4024-4bbe-91DC-9704C93F453E} - C:\PROGRAM FILES\IESEARCHBAR\IESEARCHBAR.DLL
O2 - BHO: (no name) - {D8E25C53-9508-4f5c-9249-D98D438891D5} - C:\WINDOWS\SYSTEM\SSURF022.DLL
O2 - BHO: iWon Co-Pilot BHO - {C298FB42-E3E2-11D3-ADCD-0050DAC24E8F} - C:\PROGRAM FILES\IWON\IWONBAR\2.BIN\IWONBAR.DLL
O2 - BHO: DefaultSearch.SeekSeek - {5074851C-F67A-488E-A9C9-C244573F4068} - C:\WINDOWS\IEASST.DLL
O2 - BHO: (no name) - {9C691A33-7DDA-4C2F-BE4C-C176083F35CF} - C:\WINDOWS\SYSTEM\BRIDGE.DLL
O2 - BHO: (no name) - {A20CB830-38DA-4F3B-D29F-FBCF728E49FD} - C:\windows\system\sknsdafz.dll
O3 - Toolbar: (no name) - {014DA6C9-189F-421a-88CD-07CFE51CFF10} - (no file)
O3 - Toolbar: IE Search Bar - {71ED4FBA-4024-4bbe-91DC-9704C93F453E} - C:\PROGRAM FILES\IESEARCHBAR\IESEARCHBAR.DLL
O3 - Toolbar: i&Won Co-Pilot - {CA0B9B71-C2AF-11D3-B376-0800460222F0} - C:\PROGRAM FILES\IWON\IWONBAR\2.BIN\IWONBAR.DLL
O4 - HKLM\..\Run: [hufrkxmk] C:\WINDOWS\gyckdvtw.exe
O4 - HKLM\..\Run: [SafeSurfingUpdate] C:\WINDOWS\SYSTEM\SSUpdate.exe
O4 - HKLM\..\Run: [apeupdvu] C:\WINDOWS\SYSTEM\naikhcqn.exe
O4 - HKLM\..\Run: [slmss] C:\Program Files\Common Files\slmss\slmss.exe
O4 - HKLM\..\Run: [Mwsvm] C:\WINDOWS\mwsvm.exe
O4 - HKLM\..\Run: [RunDLL] rundll32.exe "C:\WINDOWS\SYSTEM\BRIDGE.DLL",Load
O4 - HKLM\..\Run: [systray] C:\WINDOWS\SYSTEM\A.exe
O4 - HKLM\..\Run: [frsk] C:\WINDOWS\frsk.exe
O4 - Startup: Download Plus.lnk = C:\WINDOWS\Application Data\DownloadPlus.exe
O16 - DPF: {D61570B1-61E1-6851-CBF7-B7915CBDFA4E} (DownloadUL Class) - http://public.searchbarcash.com/cab/002/zqonalph.cab
O16 - DPF: {D9EC0A76-03BF-11D4-A509-0090270F86E3} - http://cdn2.adsdk.com/bannerfarm/47309/BundleOuter1132031209.EXE
O16 - DPF: {EB6AFDAB-E16D-430B-A5EE-0408A12289DC} (Installer2 Class) - http://download.mediacharger.com/swimsuitnetwork.cab
O16 - DPF: {13197ACE-6851-45C3-A7FF-C281324D5489} - http://www.2nd-thought.com/files/install.exe
Best Regards,
Mesich

Response Number 4

Name: daniel61
Date: January 27, 2004 at 08:05:30 Pacific

Reply:

How ho dou remove the items in red you mentioned above. Thanks.

Response Number 5

Name: mesich
Date: January 27, 2004 at 08:08:18 Pacific

Reply:

Hi Daniel, hello everyone,
Did you run Spybot and CWShredder?
Best Regards,
Mesich

speech.dll PopCapLoaderCtrl Class popcaploader.dll funwebproducts errors	nvcpl.dll nvstartup error sport.dll kodak easyshare rundll error
See More

Response Number 6

Name: daniel61
Date: January 27, 2004 at 08:12:36 Pacific

Reply:

no, not yet. I will try it tonight. I am just wondering what should I do if I get the same problem like Meg above and you had mentioned to remove the items in red so I wanted to know how do you do it. Thanks for your help.

Response Number 7

Name: mesich
Date: January 27, 2004 at 08:22:50 Pacific

Reply:

Hi Daniel, hello everyone,
The easiest way is to run Hijackthis and have it fix the two items. I would highly recommend having someone take a look at the Hijackthis log file before removing anything.
I asked if you ran Spybot and CWShedder as they will remove many of the nasties within the Hijackthis log file making it much easier to analyze. These logs can be very time consuming to look over and much less time consuming if the above programs are ran first.
Best Regards,
Mesich

Response Number 8

Name: Royalgrrl99
Date: January 27, 2004 at 17:37:30 Pacific

Reply:

I am also having error messages pop up in regards to Rundll and rundll32. Though I cannot recall what they said, I wanted to know what this could mean. I recently put in a new harddrive in my computer so I don't know why I'm getting error messages unless rundll has nothing to do with the harddrive?

Response Number 9

Name: daniel61
Date: January 27, 2004 at 21:51:22 Pacific

Reply:

Hi Mesich,
I ran both Spybot and CWShredder and still have the same problem. Here is the log from Hijackthis. Please help.
Logfile of HijackThis v1.97.7
Scan saved at 9:54:44 PM, on 1/27/2004
Platform: Windows ME (Win9x 4.90.3000)
MSIE: Internet Explorer v5.50 (5.50.4134.0100)
Running processes:
C:\WINDOWS\SYSTEM\KERNEL32.DLL
C:\WINDOWS\SYSTEM\MSGSRV32.exe
C:\WINDOWS\SYSTEM\mmtask.tsk
C:\WINDOWS\SYSTEM\MPREXE.exe
C:\WINDOWS\SYSTEM\MSTASK.exe
C:\WINDOWS\SYSTEM\SSDPSRV.exe
C:\PROGRAM FILES\NETWORK ASSOCIATES\MCAFEE VIRUSSCAN\VSHWIN32.exe
C:\PROGRAM FILES\TAIS\CVPND.exe
C:\PROGRAM FILES\NETWORK ASSOCIATES\MCAFEE VIRUSSCAN\VSSTAT.exe
C:\WINDOWS\SYSTEM\RESTORE\STMGR.exe
C:\WINDOWS\EXPLORER.exe
C:\WINDOWS\TASKMON.exe
C:\WINDOWS\SYSTEM\SYSTRAY.exe
C:\PROGRAM FILES\NETWORK ASSOCIATES\MCAFEE VIRUSSCAN\AVCONSOL.exe
C:\PROGRAM FILES\SUPPORT.COM\CLIENT\BIN\TGCMD.exe
C:\PROGRAM FILES\DIGSTREAM\DIGSTREAM.exe
C:\WINDOWS\SYSTEM\WMIEXE.exe
C:\PROGRAM FILES\COMMONNAME\ADDRESSBAR\WINNET.exe
C:\WINDOWS\RUNDLL32.exe
C:\PROGRAM FILES\YAHOO!\MESSENGER\YPAGER.exe
C:\PROGRAM FILES\MICROSOFT ACTIVESYNC\WCESCOMM.exe
C:\PROGRAM FILES\NETSCAPE\COMMUNICATOR\PROGRAM\AIM\AIM.exe
C:\PROGRAM FILES\COMMONNAME\ADDRESSBAR\COMWIZ.exe
C:\PROGRAM FILES\SONY\VAIO ACTION SETUP\VASERV.exe
C:\PROGRAM FILES\COMMON FILES\MICROSOFT SHARED\WORKS SHARED\WKCALREM.exe
C:\PROGRAM FILES\MSNIA\TRAYCLNT.exe
C:\PROGRAM FILES\WINZIP\WZQKPICK.exe
C:\WINDOWS\APPLICATION DATA\DOWNLOADPLUS.exe
C:\WINDOWS\SYSTEM\DDHELP.exe
C:\PROGRAM FILES\INTERNET EXPLORER\IEXPLORE.exe
C:\PROGRAM FILES\WINZIP\WINZIP32.exe
C:\WINDOWS\TEMP\HIJACKTHIS.exe
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://www.blazefind.com/search.php?search=%s
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.blazefind.com
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://msnmember.msn.com
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://www.blazefind.com/search_page.php
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://www.blazefind.com
F1 - win.ini: run=hpfsched
O2 - BHO: (no name) - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - (no file)
O2 - BHO: (no name) - {71ED4FBA-4024-4bbe-91DC-9704C93F453E} - C:\PROGRAM FILES\IESEARCHBAR\IESEARCHBAR.DLL
O2 - BHO: (no name) - {000006B1-19B5-414A-849F-2A3C64AE6939} - (no file)
O2 - BHO: (no name) - {C44B4EAD-DA61-AD95-C088-3BBA61D6092D} - C:\windows\system\dffrgrfj.dll
O2 - BHO: (no name) - {FE7C3C1F-D35B-D68D-DCF7-B8FC8772AAD5} - C:\windows\system\xhyualvl.dll
O3 - Toolbar: @msdxmLC.dll,-1@1033,&Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\SYSTEM\MSDXM.OCX
O3 - Toolbar: IE Search Bar - {71ED4FBA-4024-4bbe-91DC-9704C93F453E} - C:\PROGRAM FILES\IESEARCHBAR\IESEARCHBAR.DLL
O4 - HKLM\..\Run: [ScanRegistry] C:\WINDOWS\scanregw.exe /autorun
O4 - HKLM\..\Run: [TaskMonitor] C:\WINDOWS\taskmon.exe
O4 - HKLM\..\Run: [PCHealth] C:\WINDOWS\PCHealth\Support\PCHSchd.exe -s
O4 - HKLM\..\Run: [SystemTray] SysTray.exe
O4 - HKLM\..\Run: [LoadPowerProfile] Rundll32.exe powrprof.dll,LoadCurrentPwrScheme
O4 - HKLM\..\Run: [AvconsoleEXE] C:\Program Files\Network Associates\McAfee VirusScan\avconsol.exe /minimize
O4 - HKLM\..\Run: [VsecomrEXE] C:\Program Files\Network Associates\McAfee VirusScan\VSEcomR.exe
O4 - HKLM\..\Run: [Vshwin32EXE] C:\PROGRAM FILES\NETWORK ASSOCIATES\MCAFEE VIRUSSCAN\VSHWIN32.exe
O4 - HKLM\..\Run: [VsStatEXE] C:\Program Files\Network Associates\McAfee VirusScan\VSSTAT.exe /SHOWWARNING
O4 - HKLM\..\Run: [Tgcmd] "C:\Program Files\Support.com\Client\bin\tgcmd.exe" /server /nosystray
O4 - HKLM\..\Run: [ZTgServerSwitch] C:\Program Files\support.com\client\lserver\server.vbs
O4 - HKLM\..\Run: [Client Access Service] "C:\Program Files\IBM\Client Access\CwbSvStr.exe"
O4 - HKLM\..\Run: [Client Access Help Update] "C:\Program Files\IBM\Client Access\cwbinhlp.exe"
O4 - HKLM\..\Run: [Client Access Check Version] "C:\Program Files\IBM\Client Access\cwbckver.exe" LOGIN
O4 - HKLM\..\Run: [DIGStream] C:\Program Files\DIGStream\digstream.exe
O4 - HKLM\..\Run: [RunDLL] rundll32.exe "C:\WINDOWS\SYSTEM\BRIDGE.DLL",Load
O4 - HKLM\..\Run: [JAQHXO] C:\WINNT\JAQHXO.exe
O4 - HKLM\..\Run: [BELT] C:\WINDOWS\BELT.exe
O4 - HKLM\..\Run: [WinFavorites] C:\PROGRAM FILES\WINFAVORITES\WINFAVORITES.exe1
O4 - HKLM\..\Run: [] c:\Windows\System\
O4 - HKLM\..\Run: [nvid] C:\WINDOWS\SYSTEM\tudvscby.exe
O4 - HKLM\..\Run: [winnet] C:\PROGRA~1\COMMON~2\ADDRES~1\winnet.exe
O4 - HKLM\..\RunServices: [LoadPowerProfile] Rundll32.exe powrprof.dll,LoadCurrentPwrScheme
O4 - HKLM\..\RunServices: [SchedulingAgent] mstask.exe
O4 - HKLM\..\RunServices: [SSDPSRV] C:\WINDOWS\SYSTEM\ssdpsrv.exe
O4 - HKLM\..\RunServices: [*StateMgr] C:\WINDOWS\System\Restore\StateMgr.exe
O4 - HKLM\..\RunServices: [Vshwin32EXE] C:\PROGRAM FILES\NETWORK ASSOCIATES\MCAFEE VIRUSSCAN\VSHWIN32.exe
O4 - HKLM\..\RunServices: [Client Access Start Incoming RC] ###C:\WINDOWS\command\start.exe /MINIMIZED C:\WINDOWS\cwbrxd.exe
O4 - HKLM\..\RunServices: [CVPND] "C:\Program Files\TAIS\cvpnd.exe" start
O4 - HKCU\..\Run: [OfotoNow USB Detection] C:\WINDOWS\RunDLL32.exe C:\PROGRA~1\OFOTO\OFOTONOW\OFUSBS.DLL,WatchForConnection OfotoNow
O4 - HKCU\..\Run: [Yahoo! Pager] C:\Program Files\Yahoo!\Messenger\ypager.exe -quiet
O4 - HKCU\..\Run: [H/PC Connection Agent] "C:\PROGRAM FILES\MICROSOFT ACTIVESYNC\WCESCOMM.exe"
O4 - HKCU\..\Run: [AIM] C:\PROGRAM FILES\NETSCAPE\COMMUNICATOR\PROGRAM\AIM\aim.exe -cnetwait.odl
O4 - HKCU\..\Run: [] c:\Windows\System\
O4 - Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.exe
O4 - Startup: Event Reminder.lnk = C:\Program Files\Mindscape\PrintMaster\PMREMIND.exe
O4 - Startup: Microsoft Works Calendar Reminders.lnk = C:\Program Files\Common Files\Microsoft Shared\Works Shared\wkcalrem.exe
O4 - Startup: MSN Internet Access.lnk = C:\Program Files\MSNIA\TRAYCLNT.exe
O4 - Startup: WinZip Quick Pick.lnk = C:\Program Files\WinZip\WZQKPICK.exe
O4 - Startup: Download Plus.lnk = C:\WINDOWS\Application Data\DownloadPlus.exe
O4 - Global Startup: VAIO Action Setup (Server).lnk = C:\Program Files\Sony\VAIO Action Setup\VAServ.exe
O9 - Extra button: Related (HKLM)
O9 - Extra 'Tools' menuitem: Show &Related Links (HKLM)
O9 - Extra button: Messenger (HKLM)
O9 - Extra 'Tools' menuitem: MSN Messenger Service (HKLM)
O9 - Extra button: Messenger (HKLM)
O9 - Extra 'Tools' menuitem: Yahoo! Messenger (HKLM)
O9 - Extra button: Create Mobile Favorite (HKLM)
O9 - Extra 'Tools' menuitem: Create Mobile Favorite... (HKLM)
O9 - Extra button: AIM (HKLM)
O12 - Plugin for .MID: C:\PROGRA~1\INTERN~1\PLUGINS\npqtplugin.dll
O12 - Plugin for .mov: C:\PROGRA~1\INTERN~1\PLUGINS\npqtplugin.dll
O12 - Plugin for .wav: C:\PROGRA~1\INTERN~1\PLUGINS\npqtplugin.dll
O14 - IERESET.INF: START_PAGE_URL=http://msnmember.msn.com
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://download.macromedia.com/pub/shockwave/cabs/flash/swflash.cab
O16 - DPF: {776706AE-CACA-4EA3-93DF-BB83D9259DA9} (MailConfigure Class) - http://supportservices.msn.com/us/smtptool/MailCfg.cab
O16 - DPF: {30528230-99F7-4BB4-88D8-FA1D4F56A2AB} (YInstStarter Class) - http://download.yahoo.com/dl/installs/yinst.cab
O16 - DPF: {166B1BCA-3F9C-11CF-8075-444553540000} (Shockwave ActiveX Control) - http://download.macromedia.com/pub/shockwave/cabs/director/sw.cab
O16 - DPF: {9C691A33-7DDA-4C2F-BE4C-C176083F35CF} (brdg Class) - http://www2.flingstone.com/cab/98ME/bridge.cab

Response Number 10

Name: mesich
Date: January 28, 2004 at 05:31:27 Pacific

Reply:

Hi Daniel, hello everyone,
I have briefly looked over you log file.
Did you run an update on Spybot?
I ask because your computer still has the CommonName Parasite and Transponder/TPS108.
An updated Spybot should take care of these along with the others on your computer making the log much easier to analyze.
Run an update for Spybot and then clean up anything it finds.
Here is the one for the bridge.dll error.
O4 - HKLM\..\Run: [RunDLL] rundll32.exe "C:\WINDOWS\SYSTEM\
BRIDGE.DLL",Load
I would also do an on-line virus scan as there are many references to files containing random letters and numbers.
Let us know when that's done.
Best Regards,
Mesich

Response Number 11

Name: daniel61
Date: January 28, 2004 at 22:04:30 Pacific

Reply:

Hi Mesich,
I did like what you asked me to. It looks like it worked. Here is the latest log from Hijackthis. Can you let me know if I should remove anything else. Thanks for your help.
Logfile of HijackThis v1.97.7
Scan saved at 10:08:55 PM, on 1/28/2004
Platform: Windows ME (Win9x 4.90.3000)
MSIE: Internet Explorer v5.50 (5.50.4134.0100)
Running processes:
C:\WINDOWS\SYSTEM\KERNEL32.DLL
C:\WINDOWS\SYSTEM\MSGSRV32.exe
C:\WINDOWS\SYSTEM\mmtask.tsk
C:\WINDOWS\SYSTEM\MPREXE.exe
C:\WINDOWS\SYSTEM\MSTASK.exe
C:\WINDOWS\SYSTEM\SSDPSRV.exe
C:\PROGRAM FILES\NETWORK ASSOCIATES\MCAFEE VIRUSSCAN\VSHWIN32.exe
C:\PROGRAM FILES\TAIS\CVPND.exe
C:\PROGRAM FILES\NETWORK ASSOCIATES\MCAFEE VIRUSSCAN\VSSTAT.exe
C:\WINDOWS\EXPLORER.exe
C:\WINDOWS\SYSTEM\RESTORE\STMGR.exe
C:\WINDOWS\TASKMON.exe
C:\WINDOWS\SYSTEM\SYSTRAY.exe
C:\PROGRAM FILES\NETWORK ASSOCIATES\MCAFEE VIRUSSCAN\AVCONSOL.exe
C:\WINDOWS\SYSTEM\WMIEXE.exe
C:\PROGRAM FILES\SUPPORT.COM\CLIENT\BIN\TGCMD.exe
C:\PROGRAM FILES\DIGSTREAM\DIGSTREAM.exe
C:\WINNT\JAQHXO.exe
C:\PROGRAM FILES\COMMONNAME\ADDRESSBAR\WINNET.exe
C:\WINDOWS\RUNDLL32.exe
C:\PROGRAM FILES\YAHOO!\MESSENGER\YPAGER.exe
C:\PROGRAM FILES\MICROSOFT ACTIVESYNC\WCESCOMM.exe
C:\PROGRAM FILES\NETSCAPE\COMMUNICATOR\PROGRAM\AIM\AIM.exe
C:\PROGRAM FILES\COMMONNAME\ADDRESSBAR\COMWIZ.exe
C:\PROGRAM FILES\SONY\VAIO ACTION SETUP\VASERV.exe
C:\PROGRAM FILES\COMMON FILES\MICROSOFT SHARED\WORKS SHARED\WKCALREM.exe
C:\PROGRAM FILES\MSNIA\TRAYCLNT.exe
C:\PROGRAM FILES\WINZIP\WZQKPICK.exe
C:\WINDOWS\APPLICATION DATA\DOWNLOADPLUS.exe
C:\PROGRAM FILES\INTERNET EXPLORER\IEXPLORE.exe
C:\WINDOWS\SYSTEM\DDHELP.exe
C:\PROGRAM FILES\WINZIP\WINZIP32.exe
C:\WINDOWS\TEMP\HIJACKTHIS.exe
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://www.blazefind.com/search.php?search=%s
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.blazefind.com
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://msnmember.msn.com
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://www.blazefind.com/search_page.php
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://www.blazefind.com
F1 - win.ini: run=hpfsched
O2 - BHO: (no name) - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - (no file)
O2 - BHO: (no name) - {71ED4FBA-4024-4bbe-91DC-9704C93F453E} - C:\PROGRAM FILES\IESEARCHBAR\IESEARCHBAR.DLL
O2 - BHO: (no name) - {C44B4EAD-DA61-AD95-C088-3BBA61D6092D} - C:\windows\system\dffrgrfj.dll
O2 - BHO: (no name) - {FE7C3C1F-D35B-D68D-DCF7-B8FC8772AAD5} - C:\windows\system\xhyualvl.dll
O3 - Toolbar: @msdxmLC.dll,-1@1033,&Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\SYSTEM\MSDXM.OCX
O3 - Toolbar: IE Search Bar - {71ED4FBA-4024-4bbe-91DC-9704C93F453E} - C:\PROGRAM FILES\IESEARCHBAR\IESEARCHBAR.DLL
O4 - HKLM\..\Run: [ScanRegistry] C:\WINDOWS\scanregw.exe /autorun
O4 - HKLM\..\Run: [TaskMonitor] C:\WINDOWS\taskmon.exe
O4 - HKLM\..\Run: [PCHealth] C:\WINDOWS\PCHealth\Support\PCHSchd.exe -s
O4 - HKLM\..\Run: [SystemTray] SysTray.exe
O4 - HKLM\..\Run: [LoadPowerProfile] Rundll32.exe powrprof.dll,LoadCurrentPwrScheme
O4 - HKLM\..\Run: [AvconsoleEXE] C:\Program Files\Network Associates\McAfee VirusScan\avconsol.exe /minimize
O4 - HKLM\..\Run: [VsecomrEXE] C:\Program Files\Network Associates\McAfee VirusScan\VSEcomR.exe
O4 - HKLM\..\Run: [Vshwin32EXE] C:\PROGRAM FILES\NETWORK ASSOCIATES\MCAFEE VIRUSSCAN\VSHWIN32.exe
O4 - HKLM\..\Run: [VsStatEXE] C:\Program Files\Network Associates\McAfee VirusScan\VSSTAT.exe /SHOWWARNING
O4 - HKLM\..\Run: [Tgcmd] "C:\Program Files\Support.com\Client\bin\tgcmd.exe" /server /nosystray
O4 - HKLM\..\Run: [ZTgServerSwitch] C:\Program Files\support.com\client\lserver\server.vbs
O4 - HKLM\..\Run: [Client Access Service] "C:\Program Files\IBM\Client Access\CwbSvStr.exe"
O4 - HKLM\..\Run: [Client Access Help Update] "C:\Program Files\IBM\Client Access\cwbinhlp.exe"
O4 - HKLM\..\Run: [Client Access Check Version] "C:\Program Files\IBM\Client Access\cwbckver.exe" LOGIN
O4 - HKLM\..\Run: [DIGStream] C:\Program Files\DIGStream\digstream.exe
O4 - HKLM\..\Run: [JAQHXO] C:\WINNT\JAQHXO.exe
O4 - HKLM\..\Run: [nvid] C:\WINDOWS\SYSTEM\tudvscby.exe
O4 - HKLM\..\Run: [winnet] C:\PROGRA~1\COMMON~2\ADDRES~1\winnet.exe
O4 - HKLM\..\RunServices: [LoadPowerProfile] Rundll32.exe powrprof.dll,LoadCurrentPwrScheme
O4 - HKLM\..\RunServices: [SchedulingAgent] mstask.exe
O4 - HKLM\..\RunServices: [SSDPSRV] C:\WINDOWS\SYSTEM\ssdpsrv.exe
O4 - HKLM\..\RunServices: [*StateMgr] C:\WINDOWS\System\Restore\StateMgr.exe
O4 - HKLM\..\RunServices: [Vshwin32EXE] C:\PROGRAM FILES\NETWORK ASSOCIATES\MCAFEE VIRUSSCAN\VSHWIN32.exe
O4 - HKLM\..\RunServices: [Client Access Start Incoming RC] ###C:\WINDOWS\command\start.exe /MINIMIZED C:\WINDOWS\cwbrxd.exe
O4 - HKLM\..\RunServices: [CVPND] "C:\Program Files\TAIS\cvpnd.exe" start
O4 - HKCU\..\Run: [OfotoNow USB Detection] C:\WINDOWS\RunDLL32.exe C:\PROGRA~1\OFOTO\OFOTONOW\OFUSBS.DLL,WatchForConnection OfotoNow
O4 - HKCU\..\Run: [Yahoo! Pager] C:\Program Files\Yahoo!\Messenger\ypager.exe -quiet
O4 - HKCU\..\Run: [H/PC Connection Agent] "C:\PROGRAM FILES\MICROSOFT ACTIVESYNC\WCESCOMM.exe"
O4 - HKCU\..\Run: [AIM] C:\PROGRAM FILES\NETSCAPE\COMMUNICATOR\PROGRAM\AIM\aim.exe -cnetwait.odl
O4 - HKCU\..\Run: [] c:\Windows\System\
O4 - Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.exe
O4 - Startup: Event Reminder.lnk = C:\Program Files\Mindscape\PrintMaster\PMREMIND.exe
O4 - Startup: Microsoft Works Calendar Reminders.lnk = C:\Program Files\Common Files\Microsoft Shared\Works Shared\wkcalrem.exe
O4 - Startup: MSN Internet Access.lnk = C:\Program Files\MSNIA\TRAYCLNT.exe
O4 - Startup: WinZip Quick Pick.lnk = C:\Program Files\WinZip\WZQKPICK.exe
O4 - Startup: Download Plus.lnk = C:\WINDOWS\Application Data\DownloadPlus.exe
O4 - Global Startup: VAIO Action Setup (Server).lnk = C:\Program Files\Sony\VAIO Action Setup\VAServ.exe
O9 - Extra button: Related (HKLM)
O9 - Extra 'Tools' menuitem: Show &Related Links (HKLM)
O9 - Extra button: Messenger (HKLM)
O9 - Extra 'Tools' menuitem: MSN Messenger Service (HKLM)
O9 - Extra button: Messenger (HKLM)
O9 - Extra 'Tools' menuitem: Yahoo! Messenger (HKLM)
O9 - Extra button: Create Mobile Favorite (HKLM)
O9 - Extra 'Tools' menuitem: Create Mobile Favorite... (HKLM)
O9 - Extra button: AIM (HKLM)
O12 - Plugin for .MID: C:\PROGRA~1\INTERN~1\PLUGINS\npqtplugin.dll
O12 - Plugin for .mov: C:\PROGRA~1\INTERN~1\PLUGINS\npqtplugin.dll
O12 - Plugin for .wav: C:\PROGRA~1\INTERN~1\PLUGINS\npqtplugin.dll
O14 - IERESET.INF: START_PAGE_URL=http://msnmember.msn.com
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://download.macromedia.com/pub/shockwave/cabs/flash/swflash.cab
O16 - DPF: {776706AE-CACA-4EA3-93DF-BB83D9259DA9} (MailConfigure Class) - http://supportservices.msn.com/us/smtptool/MailCfg.cab
O16 - DPF: {30528230-99F7-4BB4-88D8-FA1D4F56A2AB} (YInstStarter Class) - http://download.yahoo.com/dl/installs/yinst.cab
O16 - DPF: {166B1BCA-3F9C-11CF-8075-444553540000} (Shockwave ActiveX Control) - http://download.macromedia.com/pub/shockwave/cabs/director/sw.cab
O16 - DPF: {9C691A33-7DDA-4C2F-BE4C-C176083F35CF} (brdg Class) - http://www2.flingstone.com/cab/98ME/bridge.cab
O16 - DPF: {74D05D43-3236-11D4-BDCD-00C04F9A3B61} (HouseCall Control) - http://a840.g.akamai.net/7/840/537/2003120501/housecall.antivirus.com/housecall/xscan53.cab

Response Number 12

Name: vlester
Date: January 29, 2004 at 00:19:47 Pacific

Reply:

Had the bridge.dll error, did Spybot, Ad Aware, and Housecall scans, then ran Hijacker and got rid of bridge.dll error. Am looking at the logfile from Hijacker and wondering if I should zap anything else. Can anyone provide some knowledgeable feedback?
vlester
Here's the Hijacker log file:
Logfile of HijackThis v1.97.7
Scan saved at 12:12:56 AM, on 1/29/04
Platform: Windows 98 SE (Win9x 4.10.2222A)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)
Running processes:
C:\WINDOWS\SYSTEM\KERNEL32.DLL
C:\WINDOWS\SYSTEM\MSGSRV32.exe
C:\WINDOWS\SYSTEM\MPREXE.exe
C:\WINDOWS\SYSTEM\mmtask.tsk
C:\WINDOWS\EXPLORER.exe
C:\WINDOWS\TASKMON.exe
C:\WINDOWS\SYSTEM\SYSTRAY.exe
C:\WINDOWS\STARTER.exe
C:\WINDOWS\EXGJYSEC.exe
C:\WINDOWS\BJUQRUKY.exe
C:\MY DOCUMENTS\DOWNLOAD\HIJACKTHIS\HIJACKTHIS.exe
O2 - BHO: (no name) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\PROGRAM FILES\ADOBE\ACROBAT 5.0\READER\ACTIVEX\ACROIEHELPER.OCX
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHELPER.DLL
O2 - BHO: (no name) - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar1.dll
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\SYSTEM\MSDXM.OCX
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll
O4 - HKLM\..\Run: [ScanRegistry] C:\WINDOWS\scanregw.exe /autorun
O4 - HKLM\..\Run: [TaskMonitor] C:\WINDOWS\taskmon.exe
O4 - HKLM\..\Run: [SystemTray] SysTray.exe
O4 - HKLM\..\Run: [LoadPowerProfile] Rundll32.exe powrprof.dll,LoadCurrentPwrScheme
O4 - HKLM\..\Run: [EnsoniqMixer] starter.exe
O4 - HKLM\..\Run: [C2K] C:\WINDOWS\CYB2K.exe
O4 - HKLM\..\Run: [fbtzjcym] C:\WINDOWS\exgjysec.exe
O4 - HKLM\..\Run: [] c:\WINDOWS\System\
O4 - HKLM\..\Run: [adtijtzy] C:\WINDOWS\bjuqruky.exe
O4 - HKLM\..\Run: [DJNQ] C:\WINDOWS\DJNQ.exe
O4 - HKLM\..\Run: [DeadAIM] rundll32.exe C:\PROGRA~1\AIM\DeadAIM.ocm,ExportedCheckODLs
O4 - HKLM\..\RunServices: [LoadPowerProfile] Rundll32.exe powrprof.dll,LoadCurrentPwrScheme
O4 - HKCU\..\Run: [SoniqueQuickStart] C:\Program Files\Sonique\sqstart.exe -nostick
O4 - HKCU\..\Run: [] c:\WINDOWS\System\
O4 - Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office\OSA9.exe
O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O8 - Extra context menu item: &Google Search - res://C:\PROGRAM FILES\GOOGLE\GOOGLETOOLBAR1.DLL/cmsearch.html
O8 - Extra context menu item: Cac&hed Snapshot of Page - res://C:\PROGRAM FILES\GOOGLE\GOOGLETOOLBAR1.DLL/cmcache.html
O8 - Extra context menu item: Si&milar Pages - res://C:\PROGRAM FILES\GOOGLE\GOOGLETOOLBAR1.DLL/cmsimilar.html
O8 - Extra context menu item: Backward &Links - res://C:\PROGRAM FILES\GOOGLE\GOOGLETOOLBAR1.DLL/cmbacklinks.html
O8 - Extra context menu item: Translate into English - res://C:\PROGRAM FILES\GOOGLE\GOOGLETOOLBAR1.DLL/cmtrans.html
O9 - Extra button: AIM (HKLM)
O12 - Plugin for .spop: C:\PROGRA~1\INTERN~1\Plugins\NPDocBox.dll
O15 - Trusted Zone: http://www3.neveron.com
O15 - Trusted Zone: http://www.neveron.com
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://download.macromedia.com/pub/shockwave/cabs/flash/swflash.cab
O16 - DPF: {166B1BCA-3F9C-11CF-8075-444553540000} (Shockwave ActiveX Control) - http://download.macromedia.com/pub/shockwave/cabs/director/sw.cab
O16 - DPF: {9F1C11AA-197B-4942-BA54-47A8489BB47F} (Update Class) - http://v4.windowsupdate.microsoft.com/CAB/x86/ansi/iuctl.CAB?37952.9274884259
O16 - DPF: {74D05D43-3236-11D4-BDCD-00C04F9A3B61} (HouseCall Control) - http://a840.g.akamai.net/7/840/537/2003120501/housecall.antivirus.com/housecall/xscan53.cab

Response Number 13

Name: mesich
Date: January 29, 2004 at 05:10:13 Pacific

Reply:

Hi Daniel, hello everyone,
Daniel,
Remove these items.
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://www.blazefind.com/search.php?
search=%s
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.blazefind.com
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://www.blazefind.com/search_page.php
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://www.blazefind.com
O2 - BHO: (no name) -
{71ED4FBA-4024-4bbe-91DC-9704C93F453E}
- C:\PROGRAM FILES\IESEARCHBAR\IESEARCHBAR.DLL
O2 - BHO: (no name) - {C44B4EAD-DA61-AD95-C088-3BBA61D6092D} - C:\windows\system\dffrgrfj.dll
O2 - BHO: (no name) -
{FE7C3C1F-D35B-D68D-DCF7-B8FC8772AAD5}
- C:\windows\system\xhyualvl.dll
O3 - Toolbar: IE Search Bar -
{71ED4FBA-4024-4bbe-91DC-9704C93F453E}
- C:\PROGRAM FILES\IESEARCHBAR\IESEARCHBAR.DLL
O4 - HKLM\..\Run: [JAQHXO] C:\WINNT\JAQHXO.exe
O4 - HKLM\..\Run: [nvid] C:\WINDOWS\SYSTEM\tudvscby.exe
O4 - HKLM\..\Run: [winnet] C:\PROGRA~1\COMMON~2\ADDRES~1\winnet.exe
O4 - HKCU\..\Run: [] c:\Windows\System\
O4 - Startup: Download Plus.lnk = C:\WINDOWS\Application Data\
DownloadPlus.exe
O16 - DPF: {9C691A33-7DDA-4C2F-BE4C-C176083F35CF} (brdg Class) - http://www2.flingstone.com/cab/98ME/
bridge.cab
Best Regards,
Mesich

Response Number 14

Name: mesich
Date: January 29, 2004 at 05:22:59 Pacific

Reply:

Hi Vlester, hello everyone,
Vlester,
Remove the items.
O4 - HKLM\..\Run: [fbtzjcym] C:\WINDOWS\exgjysec.exe
O4 - HKLM\..\Run: [] c:\WINDOWS\System\
O4 - HKLM\..\Run: [adtijtzy] C:\WINDOWS\bjuqruky.exe
O4 - HKLM\..\Run: [DJNQ] C:\WINDOWS\DJNQ.exe
O4 - HKCU\..\Run: [] c:\WINDOWS\System\
O6 - HKCU\Software\Policies\Microsoft\
Internet Explorer\Restrictions present
Best Regards,
Mesich

Response Number 15

Name: vlester
Date: January 29, 2004 at 08:03:48 Pacific

Reply:

Thank you so much!
Now I can run scans on my daughter's computer...
Vlester

Response Number 16

Name: vlester
Date: January 29, 2004 at 08:23:16 Pacific

Reply:

For my daughter's computer I ran all scans for Spybot, Adaware and Housecall, then ran HijackThis and deleted a few of the items mentioned above. Still have some things on the HijackThis list as shown below. Anything on the list to "fix" in your opinion?
Thanks again!
Vlester
Logfile of HijackThis v1.97.7
Scan saved at 8:17:27 AM, on 1/29/04
Platform: Windows 98 SE (Win9x 4.10.2222A)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)
Running processes:
C:\WINDOWS\SYSTEM\KERNEL32.DLL
C:\WINDOWS\SYSTEM\MSGSRV32.exe
C:\WINDOWS\SYSTEM\MPREXE.exe
C:\WINDOWS\SYSTEM\mmtask.tsk
C:\WINDOWS\EXPLORER.exe
C:\WINDOWS\TASKMON.exe
C:\WINDOWS\SYSTEM\SYSTRAY.exe
C:\WINDOWS\SYSTEM\ATIPTAXX.exe
C:\PROGRAM FILES\COMMON FILES\REAL\UPDATE_OB\REALSCHED.exe
C:\WINDOWS\LOADQM.exe
C:\WINDOWS\OTLOFLKN.exe
C:\PROGRAM FILES\MSN MESSENGER\MSNMSGR.exe
C:\WINDOWS\SYSTEM\WMIEXE.exe
C:\WINDOWS\SYSTEM\MSTASK.exe
C:\DOWNLOADS\HIJACKTHIS\HIJACKTHIS.exe
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page_bak = http://www.sqwire.com/homepage.php?aid=975
R3 - Default URLSearchHook is missing
O2 - BHO: (no name) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\PROGRAM FILES\ADOBE\ACROBAT 5.0\READER\ACTIVEX\ACROIEHELPER.OCX
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHELPER.DLL
O2 - BHO: (no name) - {71ED4FBA-4024-4bbe-91DC-9704C93F453E} - C:\PROGRAM FILES\IESEARCHBAR\IESEARCHBAR.DLL (file missing)
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\SYSTEM\MSDXM.OCX
O4 - HKLM\..\Run: [ScanRegistry] C:\WINDOWS\scanregw.exe /autorun
O4 - HKLM\..\Run: [TaskMonitor] C:\WINDOWS\taskmon.exe
O4 - HKLM\..\Run: [SystemTray] SysTray.exe
O4 - HKLM\..\Run: [LoadPowerProfile] Rundll32.exe powrprof.dll,LoadCurrentPwrScheme
O4 - HKLM\..\Run: [AtiPTA] Atiptaxx.exe
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [QuickTime Task] "C:\WINDOWS\SYSTEM\QTTASK.exe" -atboottime
O4 - HKLM\..\Run: [CriticalUpdate] C:\WINDOWS\SYSTEM\wucrtupd.exe -startup
O4 - HKLM\..\Run: [LoadQM] loadqm.exe
O4 - HKLM\..\Run: [DeadAIM] rundll32.exe \DeadAIM.ocm,ExportedCheckODLs
O4 - HKLM\..\Run: [iwhdlyyv] C:\WINDOWS\otloflkn.exe
O4 - HKLM\..\Run: [SQInstaller] SQInstaller.exe
O4 - HKLM\..\Run: [] c:\WINDOWS\System\
O4 - HKLM\..\Run: [nvid] C:\WINDOWS\SYSTEM\djzcis.exe
O4 - HKLM\..\Run: [PSW] C:\WINDOWS\PSW.exe
O4 - HKLM\..\RunServices: [LoadPowerProfile] Rundll32.exe powrprof.dll,LoadCurrentPwrScheme
O4 - HKLM\..\RunServices: [ATIGART] c:\ati\gart\atigart.exe
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\MSN Messenger\MsnMsgr.exe" /background
O4 - HKCU\..\Run: [AIM] C:\PROGRAM FILES\AIM\aim.exe -cnetwait.odl
O9 - Extra button: AIM (HKLM)
O12 - Plugin for .spop: C:\PROGRA~1\INTERN~1\Plugins\NPDocBox.dll
O15 - Trusted Zone: http://*.neveron.com
O16 - DPF: {9F1C11AA-197B-4942-BA54-47A8489BB47F} (Update Class) - http://v4.windowsupdate.microsoft.com/CAB/x86/ansi/iuctl.CAB?37862.8773263889
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://download.macromedia.com/pub/shockwave/cabs/flash/swflash.cab
O16 - DPF: {166B1BCA-3F9C-11CF-8075-444553540000} (Shockwave ActiveX Control) - http://download.macromedia.com/pub/shockwave/cabs/director/sw.cab
O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsClient.cab
O16 - DPF: {2917297F-F02B-4B9D-81DF-494B6333150B} (Minesweeper Flags Class) - http://messenger.zone.msn.com/binary/MineSweeper.cab
O16 - DPF: {665585FD-2068-4C5E-A6D3-53AC3270ECD4} (FileSharingCtrl Class) - http://appdirectory.messenger.msn.com/AppDirectory/P4Apps/FileSharing/en/filesharingctrl.cab
O16 - DPF: {74D05D43-3236-11D4-BDCD-00C04F9A3B61} (HouseCall Control) - http://a840.g.akamai.net/7/840/537/2003120501/housecall.antivirus.com/housecall/xscan53.cab

Response Number 17

Name: mesich
Date: January 29, 2004 at 08:43:13 Pacific

Reply:

Hi Vlester, hello everyone,
I would be more than happy to. It might be about an hour as I've managed to hose up one of my websites. :-)
Best Regards,
Mesich

Response Number 18

Name: mesich
Date: January 29, 2004 at 09:05:22 Pacific

Reply:

Hi Vlester, hello everyone,
Remove these.
O2 - BHO: (no name) - {71ED4FBA-4024-4bbe-91DC-9704C93F453E} - C:\PROGRAM FILES\IESEARCHBAR\IESEARCHBAR.DLL (file missing)
O4 - HKLM\..\Run: [iwhdlyyv] C:\WINDOWS\otloflkn.exe
O4 - HKLM\..\Run: [SQInstaller] SQInstaller.exe
O4 - HKLM\..\Run: [nvid] C:\WINDOWS\SYSTEM\djzcis.exe
Best Regards,
Mesich

Response Number 19

Name: vlester
Date: January 29, 2004 at 12:02:21 Pacific

Reply:

Thanks!
Vlester

Response Number 20

Name: mesich
Date: January 29, 2004 at 12:06:13 Pacific

Reply:

Hi Vlester, hello everyone,
You are welcome.
Hope you are still following this thread as I forgot to list one.
O4 - HKLM\..\Run: [] c:\WINDOWS\System\
Not that big of a deal, more of an annoyance. It launches the Windows System folder at StartUp.
Best Regards,
Mesich

Response Number 21

Name: DTO
Date: January 29, 2004 at 12:36:14 Pacific

Reply:

I also am having the same problem and have run both Spybot and CWShredder with no success. I have also run Hijackthis and have copied the results below:
Please help:
Logfile of HijackThis v1.97.7
Scan saved at 3:30:45 PM, on 1/29/04
Platform: Windows 98 Gold (Win9x 4.10.1998)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)
Running processes:
C:\WINDOWS\SYSTEM\KERNEL32.DLL
C:\WINDOWS\SYSTEM\MSGSRV32.exe
C:\WINDOWS\SYSTEM\MPREXE.exe
C:\MCAFEE\VIRUSSCAN\VSHWIN32.exe
C:\WINDOWS\SYSTEM\MPRMMON.exe
C:\PROGRAM FILES\ALWIL SOFTWARE\AVAST4\ASHSERV.exe
C:\PROGRAM FILES\STOPZILLA!\SZNTSVC.exe
C:\WINDOWS\SYSTEM\M2AUDMON.exe
C:\PROGRAM FILES\NORTON ANTIVIRUS\NAVAPW32.exe
C:\WINDOWS\SYSTEM\mmtask.tsk
C:\WINDOWS\EXPLORER.exe
C:\WINDOWS\SYSTEM\RPCSS.exe
C:\WINDOWS\GWHOTKEY.exe
C:\WINDOWS\STARTER.exe
C:\WINDOWS\SYSTEM\SYSTRAY.exe
C:\WINDOWS\RIBFENHX.exe
C:\WINDOWS\LOADQM.exe
C:\WINDOWS\KOOIPYBC.exe
C:\PROGRAM FILES\STOPZILLA!\STOPZILLA.exe
C:\WINDOWS\SYSTEM\A.exe
C:\WINDOWS\SYSTEM\USBMONIT.exe
C:\WINDOWS\SYSTEM\PDSKJTBH.exe
C:\WINDOWS\SYSTEM\IOSB.exe
C:\PROGRAM FILES\INTERNET EXPLORER\IEXPLORE.exe
C:\WINDOWS\SYSTEM\DDHELP.exe
C:\WINDOWS\DESKTOP\HIJACKTHIS.exe
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Microsoft Internet Explorer provided by MSN
O2 - BHO: Veevo Library - {6E34D984-4054-45E3-8452-0159A2F0D232} - C:\WINDOWS\SYSTEM\VEEVO.DLL
O2 - BHO: HTML tools - {00673769-777F-4814-BE0F-74CBA1D823B8} - C:\WINDOWS\IEHOOK.DLL
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\SYSTEM\MSDXM.OCX
O4 - HKLM\..\Run: [ScanRegistry] c:\windows\scanregw.exe /autorun
O4 - HKLM\..\Run: [LoadPowerProfile] Rundll32.exe powrprof.dll,LoadCurrentPwrScheme
O4 - HKLM\..\Run: [Vshwin32EXE] C:\McAfee\VirusScan\VSHWIN32.exe
O4 - HKLM\..\Run: [Multi-function Keyboard] GWHotKey.exe
O4 - HKLM\..\Run: [Norton Auto-Protect] C:\PROGRA~1\NORTON~1\NAVAPW32.exe /LOADQUIET
O4 - HKLM\..\Run: [EnsoniqMixer] starter.exe
O4 - HKLM\..\Run: [SystemTray] SysTray.exe
O4 - HKLM\..\Run: [Antivirus] C:\WINDOWS\B.exe
O4 - HKLM\..\Run: [bfexbgxn] C:\WINDOWS\ribfenhx.exe
O4 - HKLM\..\Run: [] c:\WINDOWS\System\
O4 - HKLM\..\Run: [nvid] C:\WINDOWS\SYSTEM\gbpnhnpz.exe
O4 - HKLM\..\Run: [SafeSurfingUpdate] C:\WINDOWS\SYSTEM\SSUpdate.exe
O4 - HKLM\..\Run: [LoadQM] loadqm.exe
O4 - HKLM\..\Run: [dytqgljb] C:\WINDOWS\kooipybc.exe
O4 - HKLM\..\Run: [STOPzilla] "c:\Program Files\STOPzilla!\Stopzilla.exe" /autorun
O4 - HKLM\..\Run: [RunDLL] rundll32.exe "C:\WINDOWS\SYSTEM\BRIDGE.DLL",Load
O4 - HKLM\..\Run: [systray] C:\WINDOWS\SYSTEM\A.exe
O4 - HKLM\..\Run: [Gene USB Monitor] c:\windows\SYSTEM\USBMonit.exe
O4 - HKLM\..\Run: [IOSB] C:\WINDOWS\SYSTEM\IOSB.exe
O4 - HKLM\..\Run: [PDSKJTBH] C:\WINDOWS\SYSTEM\PDSKJTBH.exe
O4 - HKLM\..\RunServices: [LoadPowerProfile] Rundll32.exe powrprof.dll,LoadCurrentPwrScheme
O4 - HKLM\..\RunServices: [Vshwin32EXE] C:\McAfee\VirusScan\VSHWIN32.exe
O4 - HKLM\..\RunServices: [rmmon] c:\windows\SYSTEM\mprmmon.exe
O4 - HKLM\..\RunServices: [avast!] C:\Program Files\Alwil Software\Avast4\ashServ.exe
O4 - HKLM\..\RunServices: [STOPzilla Service] C:\PROGRAM FILES\STOPZILLA!\SZNTSVC.exe
O4 - HKCU\..\Run: [AIM] C:\PROGRAM FILES\AIM95\aim.exe -cnetwait.odl
O4 - HKCU\..\Run: [msnmsgr] "C:\PROGRAM FILES\MSN MESSENGER\MSNMSGR.exe" /background
O4 - HKCU\..\Run: [] c:\WINDOWS\System\
O4 - Startup: CAMEDIA Master.lnk = C:\Program Files\OLYMPUS\CAMEDIA Master 4.1\CM_camera.exe
O9 - Extra button: Related (HKLM)
O9 - Extra 'Tools' menuitem: Show &Related Links (HKLM)
O9 - Extra button: AIM (HKLM)
O9 - Extra 'Tools' menuitem: Sun Java Console (HKLM)
O9 - Extra 'Tools' menuitem: Popup Blocker Options (HKLM)
O12 - Plugin for .spop: C:\PROGRA~1\INTERN~1\Plugins\NPDocBox.dll
O16 - DPF: {0246ECA8-996F-11D1-BE2F-00A0C9037DFE} (TDServer Control) - http://www.space-amazones.com/sa/include/tdserver.cab
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://download.macromedia.com/pub/shockwave/cabs/flash/swflash.cab
O16 - DPF: {2FF18E10-DE11-11D1-8161-00A0C90DD90C} (MSNBC News Menu Control 3.0) - http://msnbc.com/download/nm0713.cab
O16 - DPF: {F72A7B0E-0DD8-11D1-BD6E-00AA00B92AF1} (IE Active Setup Control) - http://www.microsoft.com/windows/ie/ie40/download/cdf/setupctl.cab
O16 - DPF: {11260943-421B-11D0-8EAC-0000C07D88CF} (IPIX ActiveX Control) - http://www.ipix.com/viewers/ipixx.cab
O16 - DPF: {7944C497-34C7-11D3-B09C-00C04F612FF1} (MSNChatFrame Class) - http://fdl.msn.com/public/chat/msnchat.cab
O16 - DPF: {EE5CA45C-BFAC-48E6-BE6C-3C607620FF43} (IMViewerControl Class) - http://companion.logitech.com/companion/bin/imvid.cab
O16 - DPF: {90C9629E-CD32-11D3-BBFB-00105A1F0D68} (InstallShield International Setup Player) - http://www.installengine.com/engine/isetup.cab
O16 - DPF: {A4639D2F-774E-11D3-A490-00C04F6843FB} (IEAnimBehaviorFactory Class) - http://download.microsoft.com/download/vizact2000/Install/10/WIN98Me/EN-US/msorun.cab
O16 - DPF: {9F1C11AA-197B-4942-BA54-47A8489BB47F} (Update Class) - http://v4.windowsupdate.microsoft.com/CAB/x86/ansi/iuctl.CAB?37990.7018518519
O16 - DPF: {F7ADCFE3-AA28-F99E-E665-B13AC332D249} (DownloadUL Class) - http://public.searchbarcash.com/cab/351/atrwzpca.cab
O16 - DPF: {CA034DCC-A580-4333-B52F-15F98C42E04C} (Downloader Class) - https://www.stopzilla.com/_download/Auto_Installer/dwnldr.cab
O16 - DPF: {74D05D43-3236-11D4-BDCD-00C04F9A3B61} (HouseCall Control) - http://a840.g.akamai.net/7/840/537/2003120501/housecall.antivirus.com/housecall/xscan53.cab

Response Number 22

Name: mesich
Date: January 29, 2004 at 13:03:54 Pacific

Reply:

Hi Derek, hello everyone,
I don't have time right now to look over your entire log as I must grab some dinner.
They can take quite sometime to analyze.
Remove this one to get rid of the error.
Then go to the Windows\System folder and delete Bridge.dll if it exist.
I shall look the rest of your log over after dinner.
Click on the Alert Me after reading this so I will be reminded.
O4 - HKLM\..\Run: [RunDLL] rundll32.exe "C:\WINDOWS\SYSTEM\
BRIDGE.DLL",Load
Best Regards,
Mesich

Response Number 23

Name: blitzkrieg_bop
Date: January 30, 2004 at 01:04:57 Pacific

Reply:

Hi everyone.
I downloaded/updated and ran Spybot and then CWShredder. I'm still getting the "error loading c:\windows\downloaded program files\bridge.dll" message. Below is the log file from HijackThis. I know that I need to remove the entry for bridge.dll but are there other things?
Thanks in advance!
Ian
Logfile of HijackThis v1.97.7
Scan saved at 2:48:59 AM, on 1/30/2004
Platform: Windows XP SP1 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
C:\WINDOWS\System32\inetsrv\inetinfo.exe
C:\Program Files\Common Files\Microsoft Shared\VS7Debug\mdm.exe
C:\Program Files\Microsoft SQL Server\MSSQL\Binn\sqlservr.exe
C:\WINDOWS\Explorer.exe
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\Program Files\Norton AntiVirus\navapsvc.exe
C:\WINDOWS\System32\spool\drivers\w32x86\3\hpztsb04.exe
C:\Program Files\MUSICMATCH\MUSICMATCH Jukebox\mm_tray.exe
C:\Program Files\Norton AntiVirus\AdvTools\NPROTECT.exe
C:\Program Files\Hewlett-Packard\HP Share-to-Web\hpgs2wnd.exe
C:\PROGRA~1\Dantz\RETROS~1\ComboButton.exe
C:\WINDOWS\MXOaldr.exe
C:\Program Files\QuickTime\qttask.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\PROGRA~1\Dantz\RETROS~1\retrorun.exe
C:\Program Files\MUSICMATCH\MUSICMATCH Jukebox\mmtask.exe
C:\Program Files\PestPatrol\PPControl.exe
C:\PROGRA~1\PESTPA~1\PPMemCheck.exe
C:\PROGRA~1\PESTPA~1\CookiePatrol.exe
C:\Program Files\Messenger\msmsgs.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Logitech\MouseWare\system\em_exec.exe
C:\Program Files\ICQ\ICQ.exe
C:\Program Files\Hewlett-Packard\HP Share-to-Web\hpgs2wnf.exe
C:\Program Files\InterVideo\Common\Bin\WinCinemaMgr.exe
C:\Program Files\3M\PSNotes\psn.exe
C:\Program Files\Common Files\Intuit\QuickBooks\QBUpdate\qbupdate.exe
C:\Program Files\Microsoft SQL Server\80\Tools\Binn\sqlmangr.exe
C:\Program Files\WinZip\WZQKPICK.exe
C:\PROGRA~1\3M\PSNotes\PSNGive.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\PROGRA~1\WINZIP\winzip32.exe
C:\Documents and Settings\Ian\Local Settings\Temp\HijackThis.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com/
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = localhost
R3 - URLSearchHook: (no name) - - (no file)
O2 - BHO: (no name) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {4E7BD74F-2B8D-469E-C0FF-FD60B590A87D} - C:\PROGRA~1\COMMON~1\Real\Toolbar\RealBar.dll
O2 - BHO: (no name) - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar1.dll
O2 - BHO: NAV Helper - {BDF3E430-B101-42AD-A544-FADC6B084872} - C:\Program Files\Norton AntiVirus\NavShExt.dll
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [ccRegVfy] "C:\Program Files\Common Files\Symantec Shared\ccRegVfy.exe"
O4 - HKLM\..\Run: [Advanced Tools Check] C:\PROGRA~1\NORTON~1\AdvTools\ADVCHK.exe
O4 - HKLM\..\Run: [HPDJ Taskbar Utility] C:\WINDOWS\System32\spool\drivers\w32x86\3\hpztsb04.exe
O4 - HKLM\..\Run: [MMTray] C:\Program Files\MUSICMATCH\MUSICMATCH Jukebox\mm_tray.exe
O4 - HKLM\..\Run: [Logitech Utility] Logi_MwX.exe
O4 - HKLM\..\Run: [Mirabilis ICQ] C:\Program Files\ICQ\ICQNet.exe
O4 - HKLM\..\Run: [Share-to-Web Namespace Daemon] C:\Program Files\Hewlett-Packard\HP Share-to-Web\hpgs2wnd.exe
O4 - HKLM\..\Run: [MaxtorCombo] "C:\PROGRA~1\Dantz\RETROS~1\ComboButton.exe"
O4 - HKLM\..\Run: [MXO Auto Loader] C:\WINDOWS\MXOaldr.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [RunDLL] rundll32.exe "C:\WINDOWS\Downloaded Program Files\bridge.dll",Load
O4 - HKLM\..\Run: [mmtask] C:\Program Files\MUSICMATCH\MUSICMATCH Jukebox\mmtask.exe
O4 - HKLM\..\Run: [PestPatrol Control Center] C:\Program Files\PestPatrol\PPControl.exe
O4 - HKLM\..\Run: [PPMemCheck] C:\PROGRA~1\PESTPA~1\PPMemCheck.exe
O4 - HKLM\..\Run: [CookiePatrol] C:\PROGRA~1\PESTPA~1\CookiePatrol.exe
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [LDM] \Program\BackWeb-8876480.exe
O4 - HKCU\..\RunOnce: [ICQ] C:\Program Files\ICQ\ICQ.exe -trayboot
O4 - Global Startup: Adobe Gamma Loader.exe.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Global Startup: Billminder.lnk = C:\Program Files\Quicken\billmind.exe
O4 - Global Startup: InterVideo WinCinema Manager.lnk = C:\Program Files\InterVideo\Common\Bin\WinCinemaMgr.exe
O4 - Global Startup: Logitech Desktop Messenger.lnk = C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LDMConf.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.exe
O4 - Global Startup: Post-it� Software Notes.lnk = C:\Program Files\3M\PSNotes\psn.exe
O4 - Global Startup: QuickBooks Update Agent.lnk = C:\Program Files\Common Files\Intuit\QuickBooks\QBUpdate\qbupdate.exe
O4 - Global Startup: Quicken Scheduled Updates.lnk = C:\Program Files\Quicken\bagent.exe
O4 - Global Startup: Quicken Startup.lnk = C:\Program Files\Quicken\QWDLLS.exe
O4 - Global Startup: Service Manager.lnk = C:\Program Files\Microsoft SQL Server\80\Tools\Binn\sqlmangr.exe
O4 - Global Startup: WinZip Quick Pick.lnk = C:\Program Files\WinZip\WZQKPICK.exe
O8 - Extra context menu item: &Google Search - res://C:\Program Files\Google\GoogleToolbar1.dll/cmsearch.html
O8 - Extra context menu item: &ieSpell Options - res://C:\Program Files\ieSpell\iespell.dll/SPELLOPTION.HTM
O8 - Extra context menu item: Backward &Links - res://C:\Program Files\Google\GoogleToolbar1.dll/cmbacklinks.html
O8 - Extra context menu item: Cac&hed Snapshot of Page - res://C:\Program Files\Google\GoogleToolbar1.dll/cmcache.html
O8 - Extra context menu item: Check &Spelling - res://C:\Program Files\ieSpell\iespell.dll/SPELLCHECK.HTM
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
O8 - Extra context menu item: Si&milar Pages - res://C:\Program Files\Google\GoogleToolbar1.dll/cmsimilar.html
O8 - Extra context menu item: Translate into English - res://C:\Program Files\Google\GoogleToolbar1.dll/cmtrans.html
O8 - Extra context menu item: Translate Page - res://c:\windows\GoogleToolbar_en_2.0.95-big.dll/cmtrans.html
O9 - Extra button: ieSpell (HKLM)
O9 - Extra 'Tools' menuitem: ieSpell (HKLM)
O9 - Extra 'Tools' menuitem: ieSpell Options (HKLM)
O9 - Extra button: ICQ Pro (HKLM)
O9 - Extra 'Tools' menuitem: ICQ (HKLM)
O9 - Extra button: Messenger (HKLM)
O9 - Extra 'Tools' menuitem: Messenger (HKLM)
O16 - DPF: {02BCC737-B171-4746-94C9-0D8A0B2C0089} (Microsoft Office Template and Media Control) - http://office.microsoft.com/templates/ieawsdc.cab
O16 - DPF: {02BF25D5-8C17-4B23-BC80-D3488ABDDC6B} (QuickTime Object) - http://www.apple.com/qtactivex/qtplugin.cab
O16 - DPF: {166B1BCA-3F9C-11CF-8075-444553540000} (Shockwave ActiveX Control) - http://download.macromedia.com/pub/shockwave/cabs/director/sw.cab
O16 - DPF: {1D4DB7D2-6EC9-47A3-BD87-1E41684E07BB} - http://ak.imgfarm.com/images/nocache/funwebproducts/SmileyCentralInitialSetup1.0.0.6.cab
O16 - DPF: {41F17733-B041-4099-A042-B518BB6A408C} - http://a1540.g.akamai.net/7/1540/52/20021205/qtinstall.info.apple.com/drakken/us/win/QuickTimeInstaller.exe
O16 - DPF: {597C45C2-2D39-11D5-8D53-0050048383FE} (OPUCatalog Class) - http://office.microsoft.com/productupdates/content/opuc.cab
O16 - DPF: {8EDAD21C-3584-4E66-A8AB-EB0E5584767D} - http://toolbar.google.com/data/GoogleActivate.cab
O16 - DPF: {C6B086D2-146B-47A4-A218-B82DCAF2D872} (cpbrxpie Control) - http://a19.g.akamai.net/7/19/7125/4007/ftp.coupons.com/r3120/cpbrxpie.cab
O16 - DPF: {D1E7CBDA-E60E-4970-A01C-37301EF7BF98} (Measurement Service Client v.3.4) - http://ccon.madonion.com/global/msc34.cab
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://download.macromedia.com/pub/shockwave/cabs/flash/swflash.cab

Response Number 24

Name: mesich
Date: January 30, 2004 at 01:23:50 Pacific

Reply:

Hi Derek, hello everyone,
Remove the following items.
O2 - BHO: Veevo Library - {6E34D984-4054-45E3-8452-0159A2F0D232} - C:\WINDOWS\SYSTEM\VEEVO.DLL
O2 - BHO: HTML tools - {00673769-777F-4814-BE0F-74CBA1D823B8} - C:\WINDOWS\IEHOOK.DLL
O4 - HKLM\..\Run: [Antivirus] C:\WINDOWS\B.exe
O4 - HKLM\..\Run: [bfexbgxn] C:\WINDOWS\ribfenhx.exe
O4 - HKLM\..\Run: [] c:\WINDOWS\System\
O4 - HKLM\..\Run: [nvid] C:\WINDOWS\SYSTEM\gbpnhnpz.exe
O4 - HKLM\..\Run: [SafeSurfingUpdate] C:\WINDOWS\SYSTEM\SSUpdate.exe
O4 - HKLM\..\Run: [dytqgljb] C:\WINDOWS\kooipybc.exe
O4 - HKLM\..\Run: [RunDLL] rundll32.exe "C:\WINDOWS\SYSTEM\BRIDGE.DLL",Load
O4 - HKLM\..\Run: [systray] C:\WINDOWS\SYSTEM\A.exe
O4 - HKLM\..\Run: [PDSKJTBH] C:\WINDOWS\SYSTEM\PDSKJTBH.exe
O4 - HKCU\..\Run: [] c:\WINDOWS\System\
O16 - DPF: {F7ADCFE3-AA28-F99E-E665-B13AC332D249} (DownloadUL Class) - http://public.searchbarcash.com/cab/351/atrwzpca.cab
Best Regards,
Mesich

Response Number 25

Name: mesich
Date: January 30, 2004 at 01:33:07 Pacific

Reply:

Hi blitzkrieg_bop, hello everyone,
Just the bridge.dll and one other.
O4 - HKLM\..\Run: [RunDLL] rundll32.exe "C:\WINDOWS\
Downloaded Program Files\bridge.dll",Load
O16 - DPF: {1D4DB7D2-6EC9-47A3-BD87-1E41684E07BB} - http://ak.imgfarm.com/images/nocache/
funwebproducts/SmileyCentralInitialSetup
1.0.0.6.cab
Best Regards,
Mesich

Response Number 26

Name: Megorbess
Date: February 2, 2004 at 18:46:16 Pacific

Reply:

Hi Mesich,
Thanks for your help. I ran Hijackthis again and have pasted the log file below. Please let me know if there's anything else I need to remove. Thanks again
Logfile of HijackThis v1.97.7
Scan saved at 9:41:46 PM, on 2/2/2004
Platform: Windows ME (Win9x 4.90.3000)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)
Running processes:
C:\WINDOWS\SYSTEM\KERNEL32.DLL
C:\WINDOWS\SYSTEM\MSGSRV32.exe
C:\WINDOWS\SYSTEM\mmtask.tsk
C:\WINDOWS\SYSTEM\MPREXE.exe
C:\WINDOWS\SYSTEM\SSDPSRV.exe
C:\PROGRAM FILES\NETROPA\ONE-TOUCH MULTIMEDIA KEYBOARD\MMKEYBD.exe
C:\WINDOWS\SYSTEM\MSTASK.exe
C:\PROGRAM FILES\NETROPA\ONE-TOUCH MULTIMEDIA KEYBOARD\KEYBDMGR.exe
C:\PROGRAM FILES\NETROPA\ONSCREEN DISPLAY\OSD.exe
C:\PROGRAM FILES\NETROPA\ONE-TOUCH MULTIMEDIA KEYBOARD\MMUSBKB2.exe
C:\WINDOWS\SYSTEM\RESTORE\STMGR.exe
C:\WINDOWS\SYSTEM\DDHELP.exe
C:\WINDOWS\SYSTEM\PSTORES.exe
C:\WINDOWS\EXPLORER.exe
C:\WINDOWS\SYSTEM\SYSTRAY.exe
C:\WINDOWS\SYSTEM\USBMMKBD.exe
C:\PROGRAM FILES\ADAPTEC\DIRECTCD\DIRECTCD.exe
C:\PROGRAM FILES\MOTIVE\MOTMON.exe
C:\WINDOWS\TASKMON.exe
C:\WINDOWS\SYSTEM\HPSYSDRV.exe
C:\WINDOWS\SYSTEM\HPOOPM07.exe
C:\PROGRAM FILES\HASBRO INTERACTIVE\ATARI ARCADE HITS 1\ATARI ICON.exe
C:\WINDOWS\SYSTEM\QTTASK.exe
C:\PROGRAM FILES\COMMON FILES\REAL\UPDATE_OB\REALSCHED.exe
C:\WINDOWS\SYSTEM\HIDSERV.exe
C:\WINDOWS\GYCKDVTW.exe
C:\WINDOWS\SYSTEM\NAIKHCQN.exe
C:\PROGRAM FILES\COMMON FILES\SLMSS\SLMSS.exe
C:\WINDOWS\SYSTEM\WMIEXE.exe
C:\WINDOWS\MWSVM.exe
C:\WINDOWS\RunDLL.exe
C:\PROGRAM FILES\COMMON FILES\REAL\UPDATE_OB\RNATHCHK.exe
C:\PROGRAM FILES\AWS\WEATHERBUG\WEATHER.exe
C:\WINDOWS\SYSTEM\SPOOL32.exe
C:\PROGRAM FILES\MICROSOFT OFFICE\OFFICE\OSA.exe
C:\PROGRAM FILES\CREATACARD\PLUS\FMREMIND.exe
C:\PROGRAM FILES\HEWLETT-PACKARD\HP PSC 700 SERIES\BIN\HPODEV07.exe
C:\PROGRAM FILES\HEWLETT-PACKARD\HP PSC 700 SERIES\BIN\HPOEVM07.exe
C:\WINDOWS\SYSTEM\HPOIPM07.exe
C:\PROGRAM FILES\HEWLETT-PACKARD\HP PSC 700 SERIES\BIN\HPOSTS07.exe
C:\PROGRAM FILES\OUTLOOK EXPRESS\MSIMN.exe
C:\WINDOWS\TEMP\TD_0006.DIR\HIJACKTHIS.exe
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://search.instantalbert.com/search.php
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://search.instantalbert.com/search.php
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://home.iwon.com/index_gen.html
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://search.instantalbert.com/search.php
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://search.instantalbert.com/search.php
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://search.instantalbert.com/search.php
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://search.instantalbert.com/search.php
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = ;localhost;<local>
O2 - BHO: (no name) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\PROGRAM FILES\ADOBE\ACROBAT 6.0\READER\ACTIVEX\ACROIEHELPER.DLL (file missing)
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\SYSTEM\MSDXM.OCX
O4 - HKLM\..\Run: [ScanRegistry] C:\WINDOWS\scanregw.exe /autorun
O4 - HKLM\..\Run: [SystemTray] SysTray.exe
O4 - HKLM\..\Run: [USBMMKBD] usbmmkbd.exe
O4 - HKLM\..\Run: [Adaptec DirectCD] C:\Program Files\ADAPTEC\DIRECTCD\DIRECTCD.exe
O4 - HKLM\..\Run: [MotiveMonitor] C:\Program Files\Motive\motmon.exe
O4 - HKLM\..\Run: [TaskMonitor] C:\WINDOWS\taskmon.exe
O4 - HKLM\..\Run: [PCHealth] C:\WINDOWS\PCHealth\Support\PCHSchd.exe -s
O4 - HKLM\..\Run: [Delay] C:\WINDOWS\delayrun.exe
O4 - HKLM\..\Run: [Hidserv] Hidserv.exe run
O4 - HKLM\..\Run: [LoadPowerProfile] Rundll32.exe powrprof.dll,LoadCurrentPwrScheme
O4 - HKLM\..\Run: [hpsysdrv] c:\windows\system\hpsysdrv.exe
O4 - HKLM\..\Run: [WorksFUD] C:\Program Files\Microsoft Works\wkfud.exe
O4 - HKLM\..\Run: [Microsoft Works Portfolio] C:\Program Files\Microsoft Works\WksSb.exe /AllUsers
O4 - HKLM\..\Run: [HPAIO_PrintFolderMgr] C:\WINDOWS\SYSTEM\hpoopm07.exe
O4 - HKLM\..\Run: [Atari Launcher] C:\Program Files\Hasbro Interactive\Atari Arcade Hits 1\Atari icon.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\WINDOWS\SYSTEM\QTTASK.exe" -atboottime
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\RunServices: [SSDPSRV] C:\WINDOWS\SYSTEM\ssdpsrv.exe
O4 - HKLM\..\RunServices: [LoadPowerProfile] Rundll32.exe powrprof.dll,LoadCurrentPwrScheme
O4 - HKLM\..\RunServices: [*StateMgr] C:\WINDOWS\System\Restore\StateMgr.exe
O4 - HKLM\..\RunServices: [Keyboard Manager] c:\Program Files\Netropa\One-touch Multimedia Keyboard\MMKeybd.exe
O4 - HKLM\..\RunServices: [SchedulingAgent] mstask.exe
O4 - HKCU\..\Run: [Taskbar Display Controls] RunDLL deskcp16.dll,QUICKRES_RUNDLLENTRY
O4 - HKCU\..\Run: [Weather] C:\PROGRAM FILES\AWS\WEATHERBUG\WEATHER.exe 1
O4 - HKCU\..\Run: [Yahoo! Pager] C:\Program Files\Yahoo!\Messenger\ypager.exe -quiet
O4 - Startup: America Online 7.0 Tray Icon.lnk = C:\Program Files\America Online 7.0\aoltray.exe
O4 - Startup: Office Startup.lnk = C:\Program Files\Microsoft Office\Office\OSA.exe
O4 - Startup: Microsoft Find Fast.lnk = C:\Program Files\Microsoft Office\Office\FINDFAST.exe
O4 - Startup: CreataCard Plus 3 Forget Me Not Reminders Tray Icon.lnk = C:\Program Files\CreataCard\Plus\FMRemind.exe
O4 - Startup: HPAiODevice.lnk = C:\Program Files\Hewlett-Packard\hp psc 700 series\bin\hpodev07.exe
O9 - Extra button: AIM (HKLM)
O9 - Extra button: Real.com (HKLM)
O9 - Extra button: Related (HKLM)
O9 - Extra 'Tools' menuitem: Show &Related Links (HKLM)
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://download.macromedia.com/pub/shockwave/cabs/flash/swflash.cab
O16 - DPF: {02BF25D5-8C17-4B23-BC80-D3488ABDDC6B} (QuickTime Object) - http://www.apple.com/qtactivex/qtplugin.cab
O16 - DPF: {41F17733-B041-4099-A042-B518BB6A408C} - http://a1540.g.akamai.net/7/1540/52/20011217/qtinstall.info.apple.com/qt505/us/win/QuickTimeInstaller.exe
O16 - DPF: {11260943-421B-11D0-8EAC-0000C07D88CF} (iPIX ActiveX Control) - http://www.ipix.com/viewers/ipixx.cab
O16 - DPF: CTCBridge UTS - https://gw-r8.airline.compuserve.com/http://as-r8.airline.compuserve.com:8080/juts/classi/jutsi.cab
O16 - DPF: {072D3F2E-5FB6-11D3-B461-00C04FA35A21} (CFForm Runtime) - http://www.cityyear.org/CFIDE/classes/CFJava.cab
O16 - DPF: {166B1BCA-3F9C-11CF-8075-444553540000} (Shockwave ActiveX Control) - http://download.macromedia.com/pub/shockwave/cabs/director/sw.cab
O16 - DPF: {30528230-99F7-4BB4-88D8-FA1D4F56A2AB} (YInstStarter Class) - http://download.yahoo.com/dl/installs/yinst0309.cab
O16 - DPF: {9F1C11AA-197B-4942-BA54-47A8489BB47F} (Update Class) - http://v4.windowsupdate.microsoft.com/CAB/x86/ansi/iuctl.CAB?38019.6919907407

Response Number 27

Name: fhrl
Date: February 3, 2004 at 17:22:43 Pacific

Reply:

Hello Everyone,
I had the same Bridge.dll-problem and its solved now but can anybody tell me if I need to remove some more things?!
Thanks in advance,
Best Regards.
fhrl
...............................................
Logfile of HijackThis v1.97.7
Scan saved at 2:23:53, on 4-2-2004
Platform: Windows ME (Win9x 4.90.3000)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)
Running processes:
C:\WINDOWS\SYSTEM\KERNEL32.DLL
C:\WINDOWS\SYSTEM\MSGSRV32.exe
C:\WINDOWS\SYSTEM\mmtask.tsk
C:\WINDOWS\SYSTEM\MPREXE.exe
C:\WINDOWS\EXPLORER.exe
C:\PROGRAM FILES\NORTON ANTIVIRUS 2002 V8.0\NAVAPW32.exe
C:\PROGRAM FILES\COMMON FILES\REAL\UPDATE_OB\REALSCHED.exe
C:\PROGRAM FILES\RBENHANCE\RBENH.exe
C:\WINDOWS\SYSTEM\A.exe
C:\PROGRAM FILES\MSN MESSENGER\MSNMSGR.exe
C:\PROGRAM FILES\WEBSHOTS\WEBSHOTSTRAY.exe
C:\PROGRAM FILES\INTERVIDEO\COMMON\BIN\WINCINEMAMGR.exe
C:\WINDOWS\SYSTEM\TAPISRV.exe
C:\WINDOWS\SYSTEM\DDHELP.exe
C:\PROGRAM FILES\NETSCAPE\NETSCAPE 6\NETSCP6.exe
C:\WINDOWS\DESKTOP\ZIP'S\HIJACKTHIS.exe
C:\WINDOWS\SYSTEM\STIMON.exe
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = about:blank
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = about:blank
R1 - HKCU\Software\Microsoft\Internet Explorer\Search,SearchAssistant = about:blank
R1 - HKCU\Software\Microsoft\Internet Explorer\Search,CustomizeSearch = about:blank
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = about:blank
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = about:blank
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = about:blank
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = http://www.searchalot.com
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
N2 - Netscape 6: user_pref("browser.startup.homepage", "www.nu.nl"); (C:\WINDOWS\Application Data\Mozilla\Profiles\default\8fhswhrt.slt\prefs.js)
N2 - Netscape 6: user_pref("browser.search.defaultengine", "engine://C%3A%5CPROGRAM%20FILES%5CNETSCAPE%5CNETSCAPE%206%5Csearchplugins%5CSBWeb_01.src"); (C:\WINDOWS\Application Data\Mozilla\Profiles\default\8fhswhrt.slt\prefs.js)
O2 - BHO: (no name) - {BDF3E430-B101-42AD-A544-FADC6B084872} - C:\Program Files\Norton Antivirus 2002 v8.0\NavShExt.dll
O2 - BHO: (no name) - {1E1B2879-88FF-11D2-8D96-D7ACAC31337F} - C:\windows\system\Mslink32.dll
O2 - BHO: (no name) - {BCF96FB4-5F1B-497B-AECC-910304A55011} - C:\WINDOWS\HH.DLL
O2 - BHO: (no name) - {4E7BD74F-2B8D-469E-C0FF-FD60B590A87D} - C:\PROGRA~1\COMMON~1\REAL\TOOLBAR\REALBAR.DLL
O2 - BHO: (no name) - {00000EF1-0786-4633-87C6-1AA7A44296DA} - (no file)
O4 - HKLM\..\Run: [NAV Agent] C:\PROGRA~1\NORTON~1.0\NAVAPW32.exe
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [SafeSurfingUpdate] C:\WINDOWS\SYSTEM\SSUpdate.exe
O4 - HKLM\..\Run: [rbenh 2l5191] "C:\Program Files\RBEnhance\rbenh.exe"
O4 - HKLM\..\Run: [systray] C:\WINDOWS\SYSTEM\A.exe
O4 - HKCU\..\Run: [msnmsgr] "C:\PROGRAM FILES\MSN MESSENGER\MSNMSGR.exe" /background
O4 - Startup: Webshots.lnk = C:\Program Files\Webshots\WebshotsTray.exe
O4 - Startup: InterVideo WinCinema Manager.lnk = C:\Program Files\InterVideo\Common\Bin\WinCinemaMgr.exe
O9 - Extra button: Related (HKLM)
O9 - Extra 'Tools' menuitem: Show &Related Links (HKLM)
O14 - IERESET.INF: SEARCH_PAGE_URL=
O14 - IERESET.INF: START_PAGE_URL=

Response Number 28

Name: benjaminl
Date: February 5, 2004 at 18:16:05 Pacific

Reply:

Heres a list of the files scanned in Hijackthis. I deleted some of the files I knew were bad, and was fairly sure I should delete the blazefind items, but with my luck I'm wrong. Please get back to me, and thank you for doing this Mesich
Logfile of HijackThis v1.97.7
Scan saved at 8:05:00 PM, on 2/5/04
Platform: Windows 98 SE (Win9x 4.10.2222A)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)
Running processes:
C:\WINDOWS\SYSTEM\KERNEL32.DLL
C:\WINDOWS\SYSTEM\MSGSRV32.exe
C:\WINDOWS\SYSTEM\MPREXE.exe
C:\WINDOWS\SYSTEM\mmtask.tsk
C:\WINDOWS\SYSTEM\MSTASK.exe
C:\PROGRAM FILES\COMMON FILES\SYMANTEC SHARED\CCEVTMGR.exe
C:\WINDOWS\EXPLORER.exe
C:\WINDOWS\SYSTEM\SYSTRAY.exe
C:\PROGRAM FILES\COMMON FILES\CMEII\CMESYS.exe
C:\PROGRAM FILES\COMMON FILES\SYMANTEC SHARED\CCAPP.exe
C:\PROGRAM FILES\SYMANTEC\LIVEUPDATE\ALUNOTIFY.exe
C:\WINDOWS\APPLICATION DATA\DOWNLOADPLUS.exe
C:\PROGRAM FILES\COMMON FILES\GMT\GMT.exe
C:\WINDOWS\SYSTEM\WMIEXE.exe
C:\WINDOWS\SYSTEM\P2P NETWORKING\P2P NETWORKING.exe
C:\WINDOWS\SYSTEM\DDHELP.exe
C:\PROGRAM FILES\RAPIDBLASTER\RB32.exe
C:\PROGRAM FILES\KAZAA\KAZAA.exe
C:\UNZIPPED\HIJACKTHIS\HIJACKTHIS.exe
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://www.blazefind.com/search.php?search=%s
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.blazefind.com
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.blazefind.com/
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://default-homepage-network.com/start.cgi?hklm
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://server224.smartbotpro.net/7search/?hklm
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.microsoft.com/isapi/redir.dll?prd=ie&pver=6&ar=msnhome
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://www.blazefind.com/search_page.php
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://www.blazefind.com
O2 - BHO: (no name) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\PROGRAM FILES\YAHOO!\COMPANION\INSTALLS\CPN\YCOMP5_3_11_0.DLL
O2 - BHO: (no name) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\PROGRAM FILES\ADOBE\ACROBAT 5.0\READER\ACTIVEX\ACROIEHELPER.OCX
O2 - BHO: (no name) - {BDF3E430-B101-42AD-A544-FADC6B084872} - c:\Program Files\Norton AntiVirus\NavShExt.dll
O2 - BHO: (no name) - {9C691A33-7DDA-4C2F-BE4C-C176083F35CF} - C:\WINDOWS\SYSTEM\BRIDGE.DLL
O2 - BHO: (no name) - {000006B1-19B5-414A-849F-2A3C64AE6939} - C:\WINDOWS\BI.DLL
O2 - BHO: (no name) - {71ED4FBA-4024-4bbe-91DC-9704C93F453E} - C:\PROGRAM FILES\IESEARCHBAR\IESEARCHBAR.DLL
O2 - BHO: (no name) - {D8E25C53-9508-4f5c-9249-D98D438891D5} - C:\WINDOWS\SYSTEM\SSURF022.DLL
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\SYSTEM\MSDXM.OCX
O3 - Toolbar: IE Search Bar - {71ED4FBA-4024-4bbe-91DC-9704C93F453E} - C:\PROGRAM FILES\IESEARCHBAR\IESEARCHBAR.DLL
O4 - HKLM\..\Run: [ScanRegistry] c:\windows\scanregw.exe /autorun
O4 - HKLM\..\Run: [SystemTray] SysTray.exe
O4 - HKLM\..\Run: [LoadPowerProfile] Rundll32.exe powrprof.dll,LoadCurrentPwrScheme
O4 - HKLM\..\Run: [WindowsMGM] A:\MOVIE_0074.MPEG.PIF
O4 - HKLM\..\Run: [WhenUSave] C:\PROGRA~1\SAVE\Save.exe
O4 - HKLM\..\Run: [CMESys] "C:\PROGRAM FILES\COMMON FILES\CMEII\CMESYS.exe"
O4 - HKLM\..\Run: [KAZAA] C:\PROGRAM FILES\KAZAA\KAZAA.exe /SYSTRAY
O4 - HKLM\..\Run: [ccApp] "c:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [ccRegVfy] "c:\Program Files\Common Files\Symantec Shared\ccRegVfy.exe"
O4 - HKLM\..\Run: [tzvlqvik] C:\WINDOWS\ohihnanb.exe
O4 - HKLM\..\Run: [SafeSurfingUpdate] C:\WINDOWS\SYSTEM\SSUpdate.exe
O4 - HKLM\..\Run: [rb32 ml042e] "c:\program files\RapidBlaster\rb32.exe"
O4 - HKLM\..\Run: [RunDLL] rundll32.exe "C:\WINDOWS\SYSTEM\BRIDGE.DLL",Load
O4 - HKLM\..\Run: [systray] C:\WINDOWS\SYSTEM\A.exe
O4 - HKLM\..\Run: [BELT] C:\WINDOWS\BELT.exe
O4 - HKLM\..\RunServices: [LoadPowerProfile] Rundll32.exe powrprof.dll,LoadCurrentPwrScheme
O4 - HKLM\..\RunServices: [SchedulingAgent] mstask.exe
O4 - HKLM\..\RunServices: [ccEvtMgr] "c:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe"
O4 - HKLM\..\RunServices: [ScriptBlocking] "C:\Program Files\Common Files\Symantec Shared\Script Blocking\SBServ.exe" -reg
O4 - HKCU\..\Run: [WindowsMGM] A:\MOVIE_0074.MPEG.PIF
O4 - HKCU\..\Run: [ALUAlert] C:\Program Files\Symantec\LiveUpdate\ALUNotify.exe
O4 - Startup: Download Plus.lnk = C:\WINDOWS\Application Data\DownloadPlus.exe
O4 - Startup: PowerReg Scheduler.exe
O4 - Startup: GStartup.lnk = C:\Program Files\Common Files\GMT\GMT.exe
O9 - Extra button: Related (HKLM)
O9 - Extra 'Tools' menuitem: Show &Related Links (HKLM)
O9 - Extra button: AIM (HKLM)
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://download.macromedia.com/pub/shockwave/cabs/flash/swflash.cab
O16 - DPF: {74D05D43-3236-11D4-BDCD-00C04F9A3B61} (HouseCall Control) - http://a840.g.akamai.net/7/840/537/0fb5e03023def1/housecall.antivirus.com/housecall/xscan53.cab
O16 - DPF: {33564D57-0000-0010-8000-00AA00389B71} - http://download.microsoft.com/download/F/6/E/F6E491A6-77E1-4E20-9F5F-94901338C922/wmv9VCM.CAB
O16 - DPF: {9F1C11AA-197B-4942-BA54-47A8489BB47F} (Update Class) - http://v4.windowsupdate.microsoft.com/CAB/x86/ansi/iuctl.CAB?37865.8983796296
O16 - DPF: {166B1BCA-3F9C-11CF-8075-444553540000} (Shockwave ActiveX Control) - http://download.macromedia.com/pub/shockwave/cabs/director/sw.cab
O16 - DPF: Yahoo! Spades - http://download.games.yahoo.com/games/clients/y/st2_x.cab
O16 - DPF: {02BF25D5-8C17-4B23-BC80-D3488ABDDC6B} - http://www.apple.com/qtactivex/qtplugin.cab
O16 - DPF: {F58E1CEF-A068-4C15-BA5E-587CAF3EE8C6} (MSN Chat Control 4.5) - http://chat.msn.com/bin/msnchat45.cab
O16 - DPF: {30528230-99F7-4BB4-88D8-FA1D4F56A2AB} (YInstStarter Class) - http://download.yahoo.com/dl/installs/yinstc.cab
O16 - DPF: Yahoo! Gin - http://download.games.yahoo.com/games/clients/y/nt1_x.cab

Response Number 29

Name: mesich
Date: February 6, 2004 at 06:08:52 Pacific

Reply:

Hi Megorbess, fhrl, Ben, hello everyone,
Megorbess,
You log is clean now.
fhrl,
Remove these using HiJackThis.
O2 - BHO: (no name) -
{1E1B2879-88FF-11D2-8D96-D7ACAC31337F}
- C:\windows\system\Mslink32.dll
O2 - BHO: (no name) -
{BCF96FB4-5F1B-497B-AECC-910304A55011}
- C:\WINDOWS\HH.DLL
O2 - BHO: (no name) - {00000EF1-0786-4633-87C6-1AA7A44296DA} - (no file)
O4 - HKLM\..\Run: [SafeSurfingUpdate] C:\WINDOWS\SYSTEM\SSUpdate.exe
O4 - HKLM\..\Run: [systray] C:\WINDOWS\SYSTEM\A.exe
O14 - IERESET.INF: SEARCH_PAGE_URL=
O14 - IERESET.INF: START_PAGE_URL=
You also have Rapid Blaster. Download and run Rapid Blaster Killer.
Ben,
I will check out your log file after a cup of coffee.
Best Regards,
Mesich

Response Number 30

Name: mesich
Date: February 6, 2004 at 06:41:41 Pacific

Reply:

Hi Ben, hello everyone,
Ben,
To put it lightly, we've got a mess on that computer.
Among many different spyware and adware on the computer you also have a virus.
Let's start with an online virus scan from here.
Then download and update Spybot and run it. Be sure to update it after downloading.
Post back a new HiJackThis log after doing that. I have to put a battery in the car but will be done by the time you run those.
Best Regards,
Mesich

Response Number 31

Name: benjaminl
Date: February 6, 2004 at 22:11:56 Pacific

Reply:

Thank you Meisch. This is the second log:
Logfile of HijackThis v1.97.7
Scan saved at 12:08:05 AM, on 2/7/04
Platform: Windows 98 SE (Win9x 4.10.2222A)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)
Running processes:
C:\WINDOWS\SYSTEM\KERNEL32.DLL
C:\WINDOWS\SYSTEM\MSGSRV32.exe
C:\WINDOWS\SYSTEM\MPREXE.exe
C:\WINDOWS\SYSTEM\mmtask.tsk
C:\WINDOWS\SYSTEM\MSTASK.exe
C:\PROGRAM FILES\COMMON FILES\SYMANTEC SHARED\CCEVTMGR.exe
C:\WINDOWS\EXPLORER.exe
C:\WINDOWS\SYSTEM\SYSTRAY.exe
C:\PROGRAM FILES\KAZAA\KAZAA.exe
C:\PROGRAM FILES\COMMON FILES\SYMANTEC SHARED\CCAPP.exe
C:\PROGRAM FILES\SYMANTEC\LIVEUPDATE\ALUNOTIFY.exe
C:\PROGRAM FILES\COMMON FILES\GMT\GMT.exe
C:\WINDOWS\SYSTEM\WMIEXE.exe
C:\WINDOWS\SYSTEM\P2P NETWORKING\P2P NETWORKING.exe
C:\WINDOWS\SYSTEM\DDHELP.exe
C:\PROGRAM FILES\AIM\AIM.exe
C:\UNZIPPED\HIJACKTHIS\HIJACKTHIS.exe
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://www.blazefind.com/search.php?search=%s
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.blazefind.com
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.blazefind.com/
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://default-homepage-network.com/start.cgi?hklm
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://server224.smartbotpro.net/7search/?hklm
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://www.blazefind.com/search_page.php
O2 - BHO: (no name) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\PROGRAM FILES\YAHOO!\COMPANION\INSTALLS\CPN\YCOMP5_3_11_0.DLL
O2 - BHO: (no name) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\PROGRAM FILES\ADOBE\ACROBAT 5.0\READER\ACTIVEX\ACROIEHELPER.OCX
O2 - BHO: (no name) - {BDF3E430-B101-42AD-A544-FADC6B084872} - c:\Program Files\Norton AntiVirus\NavShExt.dll
O2 - BHO: (no name) - {9C691A33-7DDA-4C2F-BE4C-C176083F35CF} - C:\WINDOWS\SYSTEM\BRIDGE.DLL
O2 - BHO: (no name) - {000006B1-19B5-414A-849F-2A3C64AE6939} - (no file)
O2 - BHO: (no name) - {71ED4FBA-4024-4bbe-91DC-9704C93F453E} - C:\PROGRAM FILES\IESEARCHBAR\IESEARCHBAR.DLL
O2 - BHO: (no name) - {D8E25C53-9508-4f5c-9249-D98D438891D5} - C:\WINDOWS\SYSTEM\SSURF022.DLL
O2 - BHO: (no name) - {00000EF1-0786-4633-87C6-1AA7A44296DA} - (no file)
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\SYSTEM\MSDXM.OCX
O3 - Toolbar: IE Search Bar - {71ED4FBA-4024-4bbe-91DC-9704C93F453E} - C:\PROGRAM FILES\IESEARCHBAR\IESEARCHBAR.DLL
O4 - HKLM\..\Run: [ScanRegistry] c:\windows\scanregw.exe /autorun
O4 - HKLM\..\Run: [SystemTray] SysTray.exe
O4 - HKLM\..\Run: [LoadPowerProfile] Rundll32.exe powrprof.dll,LoadCurrentPwrScheme
O4 - HKLM\..\Run: [KAZAA] C:\PROGRAM FILES\KAZAA\KAZAA.exe /SYSTRAY
O4 - HKLM\..\Run: [ccApp] "c:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [ccRegVfy] "c:\Program Files\Common Files\Symantec Shared\ccRegVfy.exe"
O4 - HKLM\..\Run: [SafeSurfingUpdate] C:\WINDOWS\SYSTEM\SSUpdate.exe
O4 - HKLM\..\Run: [rb32 ml042e] "c:\program files\RapidBlaster\rb32.exe"
O4 - HKLM\..\Run: [RunDLL] rundll32.exe "C:\WINDOWS\SYSTEM\BRIDGE.DLL",Load
O4 - HKLM\..\Run: [systray] C:\WINDOWS\SYSTEM\A.exe
O4 - HKLM\..\Run: [BELT] C:\WINDOWS\BELT.exe
O4 - HKLM\..\RunServices: [LoadPowerProfile] Rundll32.exe powrprof.dll,LoadCurrentPwrScheme
O4 - HKLM\..\RunServices: [SchedulingAgent] mstask.exe
O4 - HKLM\..\RunServices: [ccEvtMgr] "c:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe"
O4 - HKLM\..\RunServices: [ScriptBlocking] "C:\Program Files\Common Files\Symantec Shared\Script Blocking\SBServ.exe" -reg
O4 - HKCU\..\Run: [ALUAlert] C:\Program Files\Symantec\LiveUpdate\ALUNotify.exe
O4 - HKLM\..\RunOnce: [SpyBotSnD] "C:\PROGRAM FILES\SPYBOT - SEARCH & DESTROY\SPYBOTSD.exe" /autocheck
O4 - Startup: Download Plus.lnk = C:\WINDOWS\Application Data\DownloadPlus.exe
O4 - Startup: PowerReg Scheduler.exe
O9 - Extra button: Related (HKLM)
O9 - Extra 'Tools' menuitem: Show &Related Links (HKLM)
O9 - Extra button: AIM (HKLM)
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://download.macromedia.com/pub/shockwave/cabs/flash/swflash.cab
O16 - DPF: {74D05D43-3236-11D4-BDCD-00C04F9A3B61} (HouseCall Control) - http://a840.g.akamai.net/7/840/537/2003120501/housecall.antivirus.com/housecall/xscan53.cab
O16 - DPF: {33564D57-0000-0010-8000-00AA00389B71} - http://download.microsoft.com/download/F/6/E/F6E491A6-77E1-4E20-9F5F-94901338C922/wmv9VCM.CAB
O16 - DPF: {9F1C11AA-197B-4942-BA54-47A8489BB47F} (Update Class) - http://v4.windowsupdate.microsoft.com/CAB/x86/ansi/iuctl.CAB?37865.8983796296
O16 - DPF: {166B1BCA-3F9C-11CF-8075-444553540000} (Shockwave ActiveX Control) - http://download.macromedia.com/pub/shockwave/cabs/director/sw.cab
O16 - DPF: Yahoo! Spades - http://download.games.yahoo.com/games/clients/y/st2_x.cab
O16 - DPF: {02BF25D5-8C17-4B23-BC80-D3488ABDDC6B} - http://www.apple.com/qtactivex/qtplugin.cab
O16 - DPF: {F58E1CEF-A068-4C15-BA5E-587CAF3EE8C6} (MSN Chat Control 4.5) - http://chat.msn.com/bin/msnchat45.cab
O16 - DPF: {30528230-99F7-4BB4-88D8-FA1D4F56A2AB} (YInstStarter Class) - http://download.yahoo.com/dl/installs/yinstc.cab
O16 - DPF: Yahoo! Gin - http://download.games.yahoo.com/games/clients/y/nt1_x.cab

Response Number 32

Name: mesich
Date: February 7, 2004 at 04:47:55 Pacific

Reply:

Hi Ben, hello everyone
Remove these items using HiJackThis.
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://www.blazefind.com/search.php?search=%s
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.blazefind.com
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.blazefind.com/
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://default-homepage-network.com/start.cgi?hklm
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://server224.smartbotpro.net/7search/?hklm
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://www.blazefind.com/search_page.php
O2 - BHO: (no name) - {9C691A33-7DDA-4C2F-BE4C-C176083F35CF} - C:\WINDOWS\SYSTEM\BRIDGE.DLL
O2 - BHO: (no name) - {000006B1-19B5-414A-849F-2A3C64AE6939} - (no file)
O2 - BHO: (no name) - {71ED4FBA-4024-4bbe-91DC-9704C93F453E} - C:\PROGRAM FILES\IESEARCHBAR\IESEARCHBAR.DLL
O2 - BHO: (no name) - {D8E25C53-9508-4f5c-9249-D98D438891D5} - C:\WINDOWS\SYSTEM\SSURF022.DLL
O2 - BHO: (no name) - {00000EF1-0786-4633-87C6-1AA7A44296DA} - (no file)
O3 - Toolbar: IE Search Bar - {71ED4FBA-4024-4bbe-91DC-9704C93F453E} - C:\PROGRAM FILES\IESEARCHBAR\IESEARCHBAR.DLL
O4 - HKLM\..\Run: [SafeSurfingUpdate] C:\WINDOWS\SYSTEM\SSUpdate.exe
O4 - HKLM\..\Run: [rb32 ml042e] "c:\program files\RapidBlaster\rb32.exe"
O4 - HKLM\..\Run: [RunDLL] rundll32.exe "C:\WINDOWS\SYSTEM\BRIDGE.DLL",Load
O4 - HKLM\..\Run: [systray] C:\WINDOWS\SYSTEM\A.exe
O4 - HKLM\..\Run: [BELT] C:\WINDOWS\BELT.exe
O4 - Startup: Download Plus.lnk = C:\WINDOWS\Application Data\DownloadPlus.exe
After doing so restart the computer. Post back and we will work on removing some of the files associated with these registry entries if they exist.
Best Regards,
Mesich

Response Number 33

Name: benjaminl
Date: February 10, 2004 at 20:52:15 Pacific

Reply:

Thanks again Mesich, and sorry for taking so long to do this. This is the next Highjack Log:
Logfile of HijackThis v1.97.7
Scan saved at 10:48:26 PM, on 2/10/04
Platform: Windows 98 SE (Win9x 4.10.2222A)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)
Running processes:
C:\WINDOWS\SYSTEM\KERNEL32.DLL
C:\WINDOWS\SYSTEM\MSGSRV32.exe
C:\WINDOWS\SYSTEM\MPREXE.exe
C:\WINDOWS\SYSTEM\MSTASK.exe
C:\WINDOWS\SYSTEM\mmtask.tsk
C:\PROGRAM FILES\COMMON FILES\SYMANTEC SHARED\CCEVTMGR.exe
C:\WINDOWS\EXPLORER.exe
C:\WINDOWS\SYSTEM\SYSTRAY.exe
C:\PROGRAM FILES\COMMON FILES\SYMANTEC SHARED\CCAPP.exe
C:\PROGRAM FILES\SYMANTEC\LIVEUPDATE\ALUNOTIFY.exe
C:\WINDOWS\SYSTEM\WMIEXE.exe
C:\WINDOWS\SYSTEM\P2P NETWORKING\P2P NETWORKING.exe
C:\WINDOWS\SYSTEM\DDHELP.exe
C:\UNZIPPED\HIJACKTHIS\HIJACKTHIS.exe
O2 - BHO: (no name) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\PROGRAM FILES\YAHOO!\COMPANION\INSTALLS\CPN\YCOMP5_3_11_0.DLL
O2 - BHO: (no name) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\PROGRAM FILES\ADOBE\ACROBAT 5.0\READER\ACTIVEX\ACROIEHELPER.OCX
O2 - BHO: (no name) - {BDF3E430-B101-42AD-A544-FADC6B084872} - c:\Program Files\Norton AntiVirus\NavShExt.dll
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\SYSTEM\MSDXM.OCX
O4 - HKLM\..\Run: [ScanRegistry] c:\windows\scanregw.exe /autorun
O4 - HKLM\..\Run: [SystemTray] SysTray.exe
O4 - HKLM\..\Run: [LoadPowerProfile] Rundll32.exe powrprof.dll,LoadCurrentPwrScheme
O4 - HKLM\..\Run: [KAZAA] C:\PROGRAM FILES\KAZAA\KAZAA.exe /SYSTRAY
O4 - HKLM\..\Run: [ccApp] "c:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [ccRegVfy] "c:\Program Files\Common Files\Symantec Shared\ccRegVfy.exe"
O4 - HKLM\..\RunServices: [LoadPowerProfile] Rundll32.exe powrprof.dll,LoadCurrentPwrScheme
O4 - HKLM\..\RunServices: [SchedulingAgent] mstask.exe
O4 - HKLM\..\RunServices: [ccEvtMgr] "c:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe"
O4 - HKLM\..\RunServices: [ScriptBlocking] "C:\Program Files\Common Files\Symantec Shared\Script Blocking\SBServ.exe" -reg
O4 - HKCU\..\Run: [ALUAlert] C:\Program Files\Symantec\LiveUpdate\ALUNotify.exe
O4 - Startup: PowerReg Scheduler.exe
O9 - Extra button: Related (HKLM)
O9 - Extra 'Tools' menuitem: Show &Related Links (HKLM)
O9 - Extra button: AIM (HKLM)
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://download.macromedia.com/pub/shockwave/cabs/flash/swflash.cab
O16 - DPF: {74D05D43-3236-11D4-BDCD-00C04F9A3B61} (HouseCall Control) - http://a840.g.akamai.net/7/840/537/2003120501/housecall.antivirus.com/housecall/xscan53.cab
O16 - DPF: {33564D57-0000-0010-8000-00AA00389B71} - http://download.microsoft.com/download/F/6/E/F6E491A6-77E1-4E20-9F5F-94901338C922/wmv9VCM.CAB
O16 - DPF: {9F1C11AA-197B-4942-BA54-47A8489BB47F} (Update Class) - http://v4.windowsupdate.microsoft.com/CAB/x86/ansi/iuctl.CAB?37865.8983796296
O16 - DPF: {166B1BCA-3F9C-11CF-8075-444553540000} (Shockwave ActiveX Control) - http://download.macromedia.com/pub/shockwave/cabs/director/sw.cab
O16 - DPF: Yahoo! Spades - http://download.games.yahoo.com/games/clients/y/st2_x.cab
O16 - DPF: {02BF25D5-8C17-4B23-BC80-D3488ABDDC6B} - http://www.apple.com/qtactivex/qtplugin.cab
O16 - DPF: {F58E1CEF-A068-4C15-BA5E-587CAF3EE8C6} (MSN Chat Control 4.5) - http://chat.msn.com/bin/msnchat45.cab
O16 - DPF: {30528230-99F7-4BB4-88D8-FA1D4F56A2AB} (YInstStarter Class) - http://download.yahoo.com/dl/installs/yinstc.cab
O16 - DPF: Yahoo! Gin - http://download.games.yahoo.com/games/clients/y/nt1_x.cab

Response Number 34

Name: mesich
Date: February 11, 2004 at 04:47:01 Pacific

Reply:

Hi Ben, hello everyone,
Ben,
Your log is now clean.
Go to C:\Program Files and delete the folder IESEARCHBAR. Also delete the RapidBlaster folder.
In C:\Windows\SYSTEM\ delete SSUpdate.exe, Bridge.dll and A.exe.
In C:\Windows delete belt.exe.
C:\WINDOWS\Application Data delete DownloadPlus.exe.

Best Regards,
Mesich

Response Number 35

Name: Paul Lambrix
Date: February 12, 2004 at 19:37:35 Pacific

Reply:

I'm also getting this "Error Loading C:/windows/systems/bridge.dll" when booting the computer. When I turn on the computer it immediately tries to bring up the internet and all sorts of adds and changes my homepage, etc...
I've run spybot, CW Shredder and Hijack this and I have saved a copy of the log file that was created. Please help. I'm quite annoyed.

Response Number 36

Name: mesich
Date: February 12, 2004 at 19:55:00 Pacific

Reply:

Hi Paul, hello everyone,
Thanks for running CWShredder and Spybot first. It makes it so much easier to analyze a HijackThis log.
Post back with your log and we will get it sorted out.
Best Regards,
Mesich

Response Number 37

Name: Paul Lambrix
Date: February 13, 2004 at 11:33:42 Pacific

Reply:

Thanks for taking a look. I'll appreciate any help you can give. I think I'll just not download anything ever again. Yeah, right!
Paul Lambrix, Kalamazoo, MI
Here's the Hijack log file:
Logfile of HijackThis v1.97.7
Scan saved at 10:25:38 PM, on 2/12/2004
Platform: Windows ME (Win9x 4.90.3000)
MSIE: Internet Explorer v5.50 (5.50.4134.0100)
Running processes:
C:\WINDOWS\SYSTEM\KERNEL32.DLL
C:\WINDOWS\SYSTEM\MSGSRV32.exe
C:\WINDOWS\SYSTEM\mmtask.tsk
C:\WINDOWS\BCMDMMSG.exe
C:\WINDOWS\SYSTEM\MPREXE.exe
C:\WINDOWS\SYSTEM\MSTASK.exe
C:\WINDOWS\SYSTEM\SSDPSRV.exe
C:\WINDOWS\SYSTEM\ATI2EVXX.exe
C:\WINDOWS\SYSTEM\DEVLDR16.exe
C:\WINDOWS\EXPLORER.exe
C:\WINDOWS\TASKMON.exe
C:\WINDOWS\SYSTEM\SYSTRAY.exe
C:\WINDOWS\SYSTEM\ATIPTAXX.exe
C:\PROGRAM FILES\MICROSOFT HARDWARE\MOUSE\POINT32.exe
C:\WINDOWS\SYSTEM\SK9910DM.exe
C:\WINDOWS\SYSTEM\RESTORE\STMGR.exe
C:\PROGRAM FILES\CREATIVE\SBLIVE\AUDIOHQ\AHQTB.exe
C:\WINDOWS\SYSTEM\WMIEXE.exe
C:\PROGRAM FILES\IOMEGA\DRIVEICONS\IMGICON.exe
C:\WINDOWS\SYSTEM\HPZTSB01.exe
C:\PROGRAM FILES\NORTON ANTIVIRUS\NAVAPW32.exe
C:\PROGRAM FILES\REAL\REALPLAYER\REALPLAY.exe
C:\WINDOWS\SYSTEM\SPOOL32.exe
C:\PROGRAM FILES\COMMON FILES\UPDATER\WUPDATER.exe
C:\WINDOWS\SYSTEM\SAHAGENT.exe
C:\WINDOWS\SYSTEM\RNAAPP.exe
C:\WINDOWS\SYSTEM\TAPISRV.exe
C:\WINDOWS\APPLICATION DATA\DOWNLOADPLUS.exe
C:\WINDOWS\SYSTEM\DDHELP.exe
C:\PROGRAM FILES\RAPIDBLASTER\RB32.exe
C:\WINDOWS\TEMP\RAR$EX00.715\HIJACKTHIS.exe
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://www.blazefind.com/search.php?search=%s
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.blazefind.com
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com/
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://www.blazefind.com/search_page.php
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://www.blazefind.com
R3 - URLSearchHook: IncrediFindBHO Class - {5D60FF48-95BE-4956-B4C6-6BB168A70310} - C:\PROGRA~1\INCRED~1\BHO\INCFIN~1.DLL
O2 - BHO: (no name) - {00000EF1-0786-4633-87C6-1AA7A44296DA} - (no file)
O2 - BHO: (no name) - {9C691A33-7DDA-4C2F-BE4C-C176083F35CF} - C:\WINDOWS\SYSTEM\BRIDGE.DLL
O2 - BHO: (no name) - {000006B1-19B5-414A-849F-2A3C64AE6939} - C:\WINDOWS\BI.DLL
O2 - BHO: NavErrRedir Class - {5D60FF48-95BE-4956-B4C6-6BB168A70310} - C:\PROGRA~1\INCRED~1\BHO\INCFIN~1.DLL
O2 - BHO: (no name) - {D8E25C53-9508-4f5c-9249-D98D438891D5} - C:\WINDOWS\SYSTEM\SSURF022.DLL
O2 - BHO: (no name) - {71ED4FBA-4024-4bbe-91DC-9704C93F453E} - C:\PROGRAM FILES\IESEARCHBAR\IESEARCHBAR.DLL
O3 - Toolbar: @msdxmLC.dll,-1@1033,&Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\SYSTEM\MSDXM.OCX
O3 - Toolbar: IE Search Bar - {71ED4FBA-4024-4bbe-91DC-9704C93F453E} - C:\PROGRAM FILES\IESEARCHBAR\IESEARCHBAR.DLL
O4 - HKLM\..\Run: [ScanRegistry] C:\WINDOWS\scanregw.exe /autorun
O4 - HKLM\..\Run: [TaskMonitor] C:\WINDOWS\taskmon.exe
O4 - HKLM\..\Run: [PCHealth] C:\WINDOWS\PCHealth\Support\PCHSchd.exe -s
O4 - HKLM\..\Run: [SystemTray] SysTray.exe
O4 - HKLM\..\Run: [LoadPowerProfile] Rundll32.exe powrprof.dll,LoadCurrentPwrScheme
O4 - HKLM\..\Run: [OEMRUNONCE] c:\windows\options\cabs\oemrun.exe
O4 - HKLM\..\Run: [AtiPTA] Atiptaxx.exe
O4 - HKLM\..\Run: [BCMDMMSG] BCMDMMSG.exe
O4 - HKLM\..\Run: [POINTER] point32.exe
O4 - HKLM\..\Run: [Hot Key Kbd 9910 Daemon] SK9910DM.exe
O4 - HKLM\..\Run: [AudioHQ] C:\Program Files\Creative\SBLive\AudioHQ\AHQTB.exe
O4 - HKLM\..\Run: [InkWatch] C:\PROGRA~1\GATEWAY\GATEWA~2\INKWATCH.exe
O4 - HKLM\..\Run: [Iomega Drive Icons] C:\Program Files\Iomega\DriveIcons\ImgIcon.exe
O4 - HKLM\..\Run: [Iomega Startup Options] C:\Program Files\Iomega\Common\ImgStart.exe
O4 - HKLM\..\Run: [HPDJ Taskbar Utility] C:\WINDOWS\SYSTEM\hpztsb01.exe
O4 - HKLM\..\Run: [Norton Auto-Protect] C:\PROGRA~1\NORTON~1\NAVAPW32.exe /LOADQUIET
O4 - HKLM\..\Run: [RealTray] C:\Program Files\Real\RealPlayer\RealPlay.exe SYSTEMBOOTHIDEPLAYER
O4 - HKLM\..\Run: [NAV DefAlert] C:\PROGRA~1\NORTON~1\DEFALERT.exe
O4 - HKLM\..\Run: [rb32 ml809e] "C:\Program Files\RapidBlaster\rb32.exe"
O4 - HKLM\..\Run: [RunDLL] rundll32.exe "C:\WINDOWS\SYSTEM\BRIDGE.DLL",Load
O4 - HKLM\..\Run: [systray] C:\WINDOWS\SYSTEM\A.exe
O4 - HKLM\..\Run: [SafeSurfingUpdate] C:\WINDOWS\SYSTEM\SSUpdate.exe
O4 - HKLM\..\Run: [updater] C:\Program Files\Common files\updater\wupdater.exe
O4 - HKLM\..\Run: [SAHAgent] C:\WINDOWS\SYSTEM\SahAgent.exe
O4 - HKLM\..\Run: [devldr16.exe] C:\WINDOWS\SYSTEM\devldr16.exe
O4 - HKLM\..\RunServices: [LoadPowerProfile] Rundll32.exe powrprof.dll,LoadCurrentPwrScheme
O4 - HKLM\..\RunServices: [SchedulingAgent] mstask.exe
O4 - HKLM\..\RunServices: [SSDPSRV] C:\WINDOWS\SYSTEM\ssdpsrv.exe
O4 - HKLM\..\RunServices: [*StateMgr] C:\WINDOWS\System\Restore\StateMgr.exe
O4 - HKLM\..\RunServices: [ATIPOLAB] ati2evxx.exe
O4 - HKLM\..\RunServices: [GoBack Polling Service] C:\Program Files\Adaptec\GoBack\GBPoll.exe
O4 - HKLM\..\RunServices: [ScriptBlocking] "C:\Program Files\Common Files\Symantec Shared\Script Blocking\SBServ.exe" -reg
O4 - Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office\OSA9.exe
O4 - Startup: America Online 8.0 Tray Icon.lnk = C:\Program Files\America Online 8.0\aoltray.exe
O4 - Startup: Adobe Gamma Loader.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Startup: Download Plus.lnk = C:\WINDOWS\Application Data\DownloadPlus.exe
O9 - Extra button: Related (HKLM)
O9 - Extra 'Tools' menuitem: Show &Related Links (HKLM)
O9 - Extra button: Messenger (HKLM)
O9 - Extra 'Tools' menuitem: MSN Messenger Service (HKLM)
O9 - Extra button: Real.com (HKLM)
O14 - IERESET.INF: START_PAGE_URL=http://gateway.yahoo.com
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://download.macromedia.com/pub/shockwave/cabs/flash/swflash.cab
O16 - DPF: {0D6451B3-FDDA-11D3-BFEC-00D0B725EB0B} (Yahoo! Vision) - http://download.yahoo.com/dl/fv/yv.cab

Response Number 38

Name: mesich
Date: February 13, 2004 at 11:54:52 Pacific

Reply:

Hi Paul, hello everyone,
I think I'll just not download anything ever again. Yeah, right! :-)
I have to run and pick up the kid from school but will be back in about an hour and take a close look at your log.
Best Regards,
Mesich

Response Number 39

Name: mesich
Date: February 14, 2004 at 05:02:42 Pacific

Reply:

Hi Paul, hello everyone,
There is a link in respose #29 for RapidBaster Killer. Download it and run it to remove RapidBlaster first.
Then delete these items using HijackThis.
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://www.blazefind.com/search.php?search=%s
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.blazefind.com
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://www.blazefind.com/search_page.php
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://www.blazefind.com
R3 - URLSearchHook: IncrediFindBHO Class - {5D60FF48-95BE-4956-B4C6-6BB168A70310} - C:\PROGRA~1\INCRED~1\BHO\INCFIN~1.DLL
O2 - BHO: (no name) - {00000EF1-0786-4633-87C6-1AA7A44296DA} - (no file)
O2 - BHO: (no name) - {9C691A33-7DDA-4C2F-BE4C-C176083F35CF} - C:\WINDOWS\SYSTEM\BRIDGE.DLL
O2 - BHO: (no name) - {000006B1-19B5-414A-849F-2A3C64AE6939} - C:\WINDOWS\BI.DLL
O2 - BHO: NavErrRedir Class - {5D60FF48-95BE-4956-B4C6-6BB168A70310} - C:\PROGRA~1\INCRED~1\BHO\INCFIN~1.DLL
O2 - BHO: (no name) - {D8E25C53-9508-4f5c-9249-D98D438891D5} - C:\WINDOWS\SYSTEM\SSURF022.DLL
O2 - BHO: (no name) - {71ED4FBA-4024-4bbe-91DC-9704C93F453E} - C:\PROGRAM FILES\IESEARCHBAR\IESEARCHBAR.DLL
O3 - Toolbar: IE Search Bar - {71ED4FBA-4024-4bbe-91DC-9704C93F453E} - C:\PROGRAM FILES\IESEARCHBAR\IESEARCHBAR.DLL
O4 - HKLM\..\Run: [RunDLL] rundll32.exe "C:\WINDOWS\SYSTEM\BRIDGE.DLL",Load
O4 - HKLM\..\Run: [systray] C:\WINDOWS\SYSTEM\A.exe
O4 - HKLM\..\Run: [SafeSurfingUpdate] C:\WINDOWS\SYSTEM\SSUpdate.exe
O4 - HKLM\..\Run: [SAHAgent] C:\WINDOWS\SYSTEM\SahAgent.exe
O4 - Startup: Download Plus.lnk = C:\WINDOWS\Application Data\DownloadPlus.exe
Restart the computer.
Best Regards,
Mesich

Response Number 40

Name: mesich
Date: February 14, 2004 at 05:03:55 Pacific

Reply:

Hi Paul, hello everyone,
Post back when you are done and we will remove so files that have remained behind.
Best Regards,
Mesich

Response Number 41

Name: bdalk
Date: February 14, 2004 at 07:55:39 Pacific

Reply:

Hello,
I'm unfortunately a member of the "bridge.dll" club as well.
I've run Spybot and CWShredder and I've attached the log from HiJackThis.
If someone could please review to see if there's anything else I can do, it would be greatly appreciated!
thanks!
-- bob
==========================
Logfile of HijackThis v1.97.7
Scan saved at 9:49:49 AM, on 2/14/2004
Platform: Windows ME (Win9x 4.90.3000)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)
Running processes:
C:\WINDOWS\SYSTEM\KERNEL32.DLL
C:\WINDOWS\SYSTEM\MSGSRV32.exe
C:\WINDOWS\SYSTEM\SPOOL32.exe
C:\WINDOWS\SYSTEM\MPREXE.exe
C:\WINDOWS\SYSTEM\mmtask.tsk
C:\WINDOWS\SYSTEM\MSTASK.exe
C:\WINDOWS\SYSTEM\MDM.exe
C:\PROGRAM FILES\NETWORK ASSOCIATES\VIRUSSCAN\AVSYNMGR.exe
C:\WINDOWS\SYSTEM\STIMON.exe
C:\WINDOWS\SYSTEM\DEVLDR16.exe
C:\WINDOWS\SYSTEM\LEXBCES.exe
C:\WINDOWS\SYSTEM\RPCSS.exe
C:\WINDOWS\SYSTEM\LEXPPS.exe
C:\PROGRAM FILES\NETWORK ASSOCIATES\VIRUSSCAN\VSSTAT.exe
C:\PROGRAM FILES\NETWORK ASSOCIATES\VIRUSSCAN\VSHWIN32.exe
C:\PROGRAM FILES\NETWORK ASSOCIATES\VIRUSSCAN\AVCONSOL.exe
C:\WINDOWS\EXPLORER.exe
C:\WINDOWS\SYSTEM\RESTORE\STMGR.exe
C:\PROGRAM FILES\NETWORK ASSOCIATES\VIRUSSCAN\WEBSCANX.exe
C:\WINDOWS\TASKMON.exe
C:\WINDOWS\SYSTEM\SYSTRAY.exe
C:\PROGRAM FILES\CREATIVE\SBLIVE\AUDIOHQ\AHQTB.exe
C:\PROGRAM FILES\CREATIVE\SHAREDLL\AHQ\CTMIX32.exe
C:\WINDOWS\SYSTEM\WMIEXE.exe
C:\PROGRAM FILES\ADAPTEC\DIRECTCD\DIRECTCD.exe
C:\WINDOWS\LOADQM.exe
C:\WINDOWS\SYSTEM\LVCOMS.exe
C:\PROGRAM FILES\MUSICMATCH\MUSICMATCH JUKEBOX\MM_TRAY.exe
C:\WINDOWS\SYSTEM\LMPDPSRV.exe
C:\WINDOWS\SYSTEM\QTTASK.exe
C:\PROGRAM FILES\COMMON FILES\UPDATER\WUPDATER.exe
C:\PROGRAM FILES\ADAPTEC\EASY CD CREATOR 4\CREATECD\CREATECD.exe
C:\PROGRAM FILES\MSN MESSENGER\MSNMSGR.exe
C:\VSTASCAN\VSACCESS.exe
C:\OPLIMIT\OCRAWARE.exe
C:\OPLIMIT\OCRAWR32.exe
C:\PROGRAM FILES\COMMON FILES\MICROSOFT SHARED\WORKS SHARED\WKCALREM.exe
C:\WINDOWS\SYSTEM\DDHELP.exe
C:\PROGRAM FILES\INSTANT MESSAGING\AIM\AIM.exe
C:\WINDOWS\SYSTEM\WBEM\WINMGMT.exe
C:\PROGRAM FILES\INTERNET EXPLORER\IEXPLORE.exe
C:\HIJACKTHIS\HIJACKTHIS.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.excite.com/
R3 - URLSearchHook: (no name) - {5D60FF48-95BE-4956-B4C6-6BB168A70310} - (no file)
O2 - BHO: (no name) - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar1.dll
O2 - BHO: (no name) - {71ED4FBA-4024-4bbe-91DC-9704C93F453E} - (no file)
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHELPER.DLL
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\SYSTEM\MSDXM.OCX
O4 - HKLM\..\Run: [ScanRegistry] C:\WINDOWS\scanregw.exe /autorun
O4 - HKLM\..\Run: [TaskMonitor] C:\WINDOWS\taskmon.exe
O4 - HKLM\..\Run: [PCHealth] C:\WINDOWS\PCHealth\Support\PCHSchd.exe -s
O4 - HKLM\..\Run: [SystemTray] SysTray.exe
O4 - HKLM\..\Run: [LoadPowerProfile] Rundll32.exe powrprof.dll,LoadCurrentPwrScheme
O4 - HKLM\..\Run: [Speed racer] C:\Program Files\Creative\PlayCenter\CTSRReg.exe
O4 - HKLM\..\Run: [AudioHQ] C:\Program Files\Creative\SBLive\AudioHQ\AHQTB.exe
O4 - HKLM\..\Run: [CreativeMixer] C:\Program Files\Creative\Sharedll\AHQ\CTMIX32.exe /t
O4 - HKLM\..\Run: [UpdReg] C:\WINDOWS\Updreg.exe
O4 - HKLM\..\Run: [Adaptec DirectCD] C:\PROGRA~1\ADAPTEC\DIRECTCD\DIRECTCD.exe
O4 - HKLM\..\Run: [LexStart] Lexstart.exe
O4 - HKLM\..\Run: [LexmarkPrinTray] PrinTray.exe
O4 - HKLM\..\Run: [LoadQM] loadqm.exe
O4 - HKLM\..\Run: [LVComs] C:\WINDOWS\SYSTEM\LVComS.exe
O4 - HKLM\..\Run: [MMTray] C:\Program Files\MUSICMATCH\MUSICMATCH Jukebox\mm_tray.exe
O4 - HKLM\..\Run: [LMPDPSRV] C:\WINDOWS\SYSTEM\LMPDPSRV.exe
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [QuickTime Task] "C:\WINDOWS\SYSTEM\QTTASK.exe" -atboottime
O4 - HKLM\..\Run: [updater] C:\Program Files\Common files\updater\wupdater.exe
O4 - HKLM\..\Run: [SpyHunter] C:\PROGRAM FILES\SPYHUNTER\SPYHUNTER.exe
O4 - HKLM\..\Run: [devldr16.exe] C:\WINDOWS\SYSTEM\devldr16.exe
O4 - HKLM\..\Run: [CreateCD] C:\PROGRA~1\ADAPTEC\EASYCD~1\CREATECD\CREATECD.exe -r
O4 - HKLM\..\RunServices: [LoadPowerProfile] Rundll32.exe powrprof.dll,LoadCurrentPwrScheme
O4 - HKLM\..\RunServices: [SchedulingAgent] mstask.exe
O4 - HKLM\..\RunServices: [*StateMgr] C:\WINDOWS\System\Restore\StateMgr.exe
O4 - HKLM\..\RunServices: [Machine Debug Manager] C:\WINDOWS\SYSTEM\MDM.exe
O4 - HKLM\..\RunServices: [McAfeeVirusScanService] C:\Program Files\Network Associates\VirusScan\AVSYNMGR.exe
O4 - HKLM\..\RunServices: [StillImageMonitor] C:\WINDOWS\SYSTEM\STIMON.exe
O4 - HKCU\..\Run: [AIM] C:\PROGRAM FILES\INSTANT MESSAGING\AIM\aim.exe -cnetwait.odl
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\MSN Messenger\MsnMsgr.exe" /background
O4 - Startup: UMAX VistaAccess.lnk = C:\VSTASCAN\vsaccess.exe
O4 - Startup: OCRAWARE.lnk = C:\OPLIMIT\OCRAWARE.exe
O4 - Startup: Microsoft Works Calendar Reminders.lnk = C:\Program Files\Common Files\Microsoft Shared\Works Shared\wkcalrem.exe
O4 - User Startup: UMAX VistaAccess.lnk = C:\VSTASCAN\vsaccess.exe
O4 - User Startup: OCRAWARE.lnk = C:\OPLIMIT\OCRAWARE.exe
O4 - User Startup: Microsoft Works Calendar Reminders.lnk = C:\Program Files\Common Files\Microsoft Shared\Works Shared\wkcalrem.exe
O9 - Extra button: Related (HKLM)
O9 - Extra 'Tools' menuitem: Show &Related Links (HKLM)
O9 - Extra button: AIM (HKLM)
O16 - DPF: {9F1C11AA-197B-4942-BA54-47A8489BB47F} (Update Class) - http://v4.windowsupdate.microsoft.com/CAB/x86/ansi/iuctl.CAB?37873.8190277778
O16 - DPF: {2B96D5CC-C5B5-49A5-A69D-CC0A30F9028C} (MiniBugTransporterX Class) - http://download.weatherbug.com/minibug/tricklers/AWS/MiniBugTransporter.cab?
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://download.macromedia.com/pub/shockwave/cabs/flash/swflash.cab
O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsClient.cab
O16 - DPF: {00B71CFB-6864-4346-A978-C0A14556272C} (Checkers Class) - http://messenger.zone.msn.com/binary/msgrchkr.cab
O16 - DPF: {166B1BCA-3F9C-11CF-8075-444553540000} (Shockwave ActiveX Control) - http://download.macromedia.com/pub/shockwave/cabs/director/sw.cab
O16 - DPF: {02BF25D5-8C17-4B23-BC80-D3488ABDDC6B} (QuickTime Object) - http://www.apple.com/qtactivex/qtplugin.cab
O16 - DPF: {62475759-9E84-458E-A1AB-5D2C442ADFDE} - http://a1540.g.akamai.net/7/1540/52/20031216/qtinstall.info.apple.com/mickey/us/win/QuickTimeInstaller.exe

Response Number 42

Name: mesich
Date: February 14, 2004 at 09:01:02 Pacific

Reply:

Hi Bob, hello everyone,
Pretty clean log. Delete these two items.
You have no additional files to delete.
R3 - URLSearchHook: (no name) - {5D60FF48-95BE-4956-B4C6-6BB168A70310} - (no file)
O2 - BHO: (no name) - {71ED4FBA-4024-4bbe-91DC-9704C93F453E} - (no file)
Best Regards,
Mesich

Response Number 43

Name: DanielleLikesBlue
Date: February 14, 2004 at 11:44:18 Pacific

Reply:

Logfile of HijackThis v1.97.7
Scan saved at 2:40:36 PM, on 2/14/2004
Platform: Windows ME (Win9x 4.90.3000)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)
Running processes:
C:\WINDOWS\SYSTEM\KERNEL32.DLL
C:\WINDOWS\SYSTEM\MSGSRV32.exe
C:\WINDOWS\SYSTEM\SPOOL32.exe
C:\WINDOWS\SYSTEM\MPREXE.exe
C:\WINDOWS\SYSTEM\MSTASK.exe
C:\WINDOWS\SYSTEM\mmtask.tsk
C:\WINDOWS\TASKMON.exe
C:\WINDOWS\SYSTEM\SYSTRAY.exe
C:\WINDOWS\SM56HLPR.exe
C:\WINDOWS\SYSTEM\HPZTSB07.exe
C:\PROGRAM FILES\COMMONNAME\ADDRESSBAR\WINNET.exe
C:\PROGRAM FILES\COMMONNAME\ADDRESSBAR\COMWIZ.exe
C:\PROGRAM FILES\MEDIA\MEDIA\UPDATESTATS.exe
C:\WINDOWS\RUNDLL32.exe
C:\WINDOWS\RUNDLL32.exe
C:\PROGRAM FILES\COMMON FILES\UPDATER\WUPDATER.exe
C:\PROGRAM FILES\COMMON FILES\REAL\UPDATE_OB\EVNTSVC.exe
C:\WINDOWS\SYSTEM\QTTASK.exe
C:\WINDOWS\SYSTEM\YSDQLZIY.exe
C:\WINDOWS\SYSTEM\WMIEXE.exe
C:\PROGRAM FILES\COMET SYSTEMS\DM\BIN\DMSERVER.exe
C:\PROGRAM FILES\CLOCKSYNC\SYNC.exe
C:\PROGRAM FILES\ALSET\HELPEXPRESS\END USER\HXIUL.exe
C:\PROGRAM FILES\ALSET\HELPEXPRESS\END USER\CLIENT\HELPEXP.exe
C:\PROGRAM FILES\MICROSOFT OFFICE\OFFICE\FINDFAST.exe
C:\PROGRAM FILES\MICROSOFT OFFICE\OFFICE\OSA.exe
C:\WINDOWS\SYSTEM\RESTORE\STMGR.exe
C:\PROGRAM FILES\ALSET\HELPEXPRESS\END USER\CLIENT\PRINTMONITOR.exe
C:\WINDOWS\EMSW.exe
C:\WINDOWS\SYSTEM\PSTORES.exe
C:\WINDOWS\EXPLORER.exe
C:\WINDOWS\SYSTEM\DDHELP.exe
C:\WINDOWS\TEMP\TD_0001.DIR\HIJACKTHIS.exe
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://www.blazefind.com/search.php?search=%s
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.blazefind.com
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.sqwire.com/homepage.php?aid=975
R1 - HKCU\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://www.couldnotfind.com/search_page.html?&account_id=132986
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://files.cc.cometsystems.com/assist/cc/1.0/1B/assist.html
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://www.blazefind.com
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = 127.0.0.1
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page_bak = http://www.sqwire.com/homepage.php?aid=975
R3 - URLSearchHook: XTSearchHook Class - {6E6DD93E-1FC3-4F43-8AFB-1B7B90C9D3EB} - C:\PROGRAM FILES\SQWIRE\S.DLL (file missing)
O2 - BHO: BabeIE - {00000000-0000-0000-0000-000000000000} - C:\PROGRAM FILES\COMMONNAME\ADDRESSBAR\CNBABE.DLL (file missing)
O2 - BHO: (no name) - {8FE2FA1C-1E4F-3AFB-6A90-B87D9EB8EE5E} - C:\windows\system\yqgdrshj.dll
O2 - BHO: (no name) - {00000762-3965-4A1A-98CE-3D4BF457D4C8} - C:\PROGRAM FILES\LYCOS\SIDESEARCH\SIDESEARCH1311.DLL
O2 - BHO: (no name) - {89D95B00-50C4-B07A-36F4-EF6F6B25C182} - C:\windows\system\qyfnunaq.dll
O2 - BHO: (no name) - {2CF0B992-5EEB-4143-99C0-5297EF71F443} - C:\WINDOWS\SYSTEM\STLBDIST.DLL
O2 - BHO: (no name) - {C83BC5BB-CE8D-4799-B2B4-DC2CB7C10B91} - C:\WINDOWS\SYSTEM\MSPROINT.DLL
O2 - BHO: NavErrRedir Class - {5D60FF48-95BE-4956-B4C6-6BB168A70310} - C:\PROGRA~1\INCRED~1\BHO\INCFIN~1.DLL
O2 - BHO: (no name) - {000006B1-19B5-414A-849F-2A3C64AE6939} - C:\WINDOWS\BI.DLL
O2 - BHO: CSBHO - {D14D6793-9B65-11D3-80B6-00500487BDBA} - C:\PROGRAM FILES\COMET SYSTEMS\PLATFORM\BIN\CSBHO.DLL (file missing)
O2 - BHO: (no name) - {71ED4FBA-4024-4bbe-91DC-9704C93F453E} - C:\PROGRAM FILES\IESEARCHBAR\IESEARCHBAR.DLL
O2 - BHO: (no name) - {2662BDD7-05D6-408F-B241-FF98FACE6054} - C:\PROGRAM FILES\SQWIRE\U.DLL (file missing)
O2 - BHO: (no name) - {0DDBB570-0396-44C9-986A-8F6F61A51C2F} - C:\WINDOWS\SYSTEM\MSIEFR40.DLL
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\SYSTEM\MSDXM.OCX
O3 - Toolbar: IE Search Bar - {71ED4FBA-4024-4bbe-91DC-9704C93F453E} - C:\PROGRAM FILES\IESEARCHBAR\IESEARCHBAR.DLL
O4 - HKLM\..\Run: [ScanRegistry] C:\WINDOWS\scanregw.exe /autorun
O4 - HKLM\..\Run: [TaskMonitor] C:\WINDOWS\taskmon.exe
O4 - HKLM\..\Run: [PCHealth] C:\WINDOWS\PCHealth\Support\PCHSchd.exe -s
O4 - HKLM\..\Run: [SystemTray] SysTray.exe
O4 - HKLM\..\Run: [LoadPowerProfile] Rundll32.exe powrprof.dll,LoadCurrentPwrScheme
O4 - HKLM\..\Run: [SMSERIAL] sm56hlpr.exe
O4 - HKLM\..\Run: [HPDJ Taskbar Utility] C:\WINDOWS\SYSTEM\hpztsb07.exe
O4 - HKLM\..\Run: [winnet] C:\PROGRA~1\COMMON~2\ADDRES~1\WINNET.exe
O4 - HKLM\..\Run: [WinFavorites] C:\PROGRAM FILES\WINFAVORITES\WINFAVORITES.exe1
O4 - HKLM\..\Run: [SQUpdatesChecker] C:\Program Files\Sqwire\uc.exe
O4 - HKLM\..\Run: [UpdateStats] C:\Program Files\Media\Media\UpdateStats.exe
O4 - HKLM\..\Run: [{2CF0B992-5EEB-4143-99C0-5297EF71F444}] rundll32.exe C:\WINDOWS\SYSTEM\STLBDIST.DLL,DllRunMain
O4 - HKLM\..\Run: [WhenUSave] C:\PROGRA~1\SAVE\Save.exe
O4 - HKLM\..\Run: [Rundll32_7] rundll32.exe C:\WINDOWS\SYSTEM\MSIEFR40.DLL,DllRunServer
O4 - HKLM\..\Run: [updater] C:\Program Files\Common files\updater\wupdater.exe
O4 - HKLM\..\Run: [TkBellExe] C:\Program Files\Common Files\Real\Update_OB\evntsvc.exe -osboot
O4 - HKLM\..\Run: [QuickTime Task] "C:\WINDOWS\SYSTEM\QTTASK.exe" -atboottime
O4 - HKLM\..\Run: [nvid] C:\WINDOWS\SYSTEM\ysdqlziy.exe
O4 - HKLM\..\Run: [BELT] C:\WINDOWS\BELT.exe
O4 - HKLM\..\Run: [DM_Server] C:\PROGRA~1\COMETS~1\DM\BIN\DMSERVER.exe /onreboot
O4 - HKLM\..\Run: [SQConfigChecker] C:\Program Files\Sqwire\cc.exe
O4 - HKLM\..\Run: [wcmdmgr] C:\WINDOWS\wt\updater\wcmdmgrl.exe -launch
O4 - HKLM\..\RunServices: [LoadPowerProfile] Rundll32.exe powrprof.dll,LoadCurrentPwrScheme
O4 - HKLM\..\RunServices: [SchedulingAgent] mstask.exe
O4 - HKLM\..\RunServices: [*StateMgr] C:\WINDOWS\System\Restore\StateMgr.exe
O4 - HKCU\..\Run: [ClockSync] C:\Program Files\ClockSync\Sync.exe /q
O4 - HKCU\..\Run: [eZmmod] C:\PROGRA~1\ezula\mmod.exe
O4 - HKCU\..\Run: [HXIUL.EXE] C:\Program Files\Alset\HelpExpress\End User\HXIUL.exe
O4 - HKCU\..\Run: [HELPEXP.EXE] C:\Program Files\Alset\HelpExpress\End User\Client\HelpExp.exe
O4 - HKLM\..\RunOnce: [_UnwiseF1] command.com /c del C:\WINDOWS\SYSTEM\N3TPA1P.DLL
O4 - HKLM\..\RunOnce: [_UnwiseF1_] command.com /c del C:\WINDOWS\SYSTEM\im64.dll
O4 - Startup: Microsoft Find Fast.lnk = C:\Program Files\Microsoft Office\Office\FINDFAST.exe
O4 - Startup: Office Startup.lnk = C:\Program Files\Microsoft Office\Office\OSA.exe
O4 - Startup: Download Plus.lnk = C:\WINDOWS\Application Data\DownloadPlus.exe
O8 - Extra context menu item: Bookmark This Page - C:\Program Files\CommonName\AddressBar\createbookmark.htm
O8 - Extra context menu item: Add A Page Note - C:\Program Files\CommonName\AddressBar\createnote.htm
O8 - Extra context menu item: Email This Link - C:\Program Files\CommonName\AddressBar\emaillink.htm
O8 - Extra context menu item: Search using CommonName - C:\Program Files\CommonName\AddressBar\navigate.htm
O9 - Extra button: Related (HKLM)
O9 - Extra 'Tools' menuitem: Show &Related Links (HKLM)
O9 - Extra button: AIM (HKLM)
O9 - Extra button: Sidesearch (HKLM)
O9 - Extra 'Tools' menuitem: Turbo Download (HKLM)
O9 - Extra 'Tools' menuitem: Sun Java Console (HKLM)
O11 - Options group: [CommonName] CommonName
O16 - DPF: {9F1C11AA-197B-4942-BA54-47A8489BB47F} (Update Class) - http://v4.windowsupdate.microsoft.com/CAB/x86/ansi/iuctl.CAB?37931.4053240741
O16 - DPF: {33564D57-0000-0010-8000-00AA00389B71} - http://download.microsoft.com/download/F/6/E/F6E491A6-77E1-4E20-9F5F-94901338C922/wmv9VCM.CAB
O16 - DPF: {52DCAD2D-D5DD-8EA5-315A-B4FE032A28F9} (DownloadUL Class) - http://public.searchbarcash.com/cab/350/anmqsrho.cab
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://download.macromedia.com/pub/shockwave/cabs/flash/swflash.cab
O16 - DPF: {018B7EC3-EECA-11D3-8E71-0000E82C6C0D} (Installer Class) - http://www.xxxtoolbar.com/ist/softwares/v3.0/0006.cab
O16 - DPF: {56336BCB-3D8A-11D6-A00B-0050DA18DE71} - http://207.188.7.150/16cf503349779486bd23/netzip/RdxIE2.cab
O16 - DPF: {62475759-9E84-458E-A1AB-5D2C442ADFDE} - http://a1540.g.akamai.net/7/1540/52/20031216/qtinstall.info.apple.com/mickey/us/win/QuickTimeInstaller.exe
O16 - DPF: {197AB1D7-A7DD-4C86-A938-1FCC0DB21B85} (DMProxyCtl Class) - http://dm.cometsystems.com/dm/dm_274.cab

Response Number 44

Name: DanielleLikesBlue
Date: February 14, 2004 at 11:46:22 Pacific

Reply:

That's what the HiJackThis log was, can you help me? I have the same Bridge.dll error as everyone else on this forum...
Thanks!

Response Number 45

Name: DanielleLikesBlue
Date: February 14, 2004 at 12:04:28 Pacific

Reply:

P.S.
After I ran Spybot, when I tried to fix the problems that came up it kept telling me that the problems couldn't be fixed because they were still in use (memory) and that it could be fixed after restarting. But after I restarted, the same message came up for the same problems....

Response Number 46

Name: DanielleLikesBlue
Date: February 14, 2004 at 12:19:59 Pacific

Reply:

Nevermind about that last post, it worked this time after I restarted.... the Bridge.dll error is now gone, but I noticed you told people to delete files containing the blazefind URL with the HiJackThis program.... of course I didn't delete anything yet, I would like your OK first, but blazefind.com is still coming up as my homepage after I used Spybot and CWShredder. I'd appreciate it if you could review my HiJackThis log and tell me what needs to be done. Thank you so much.
Danielle

Response Number 47

Name: Paul Lambrix
Date: February 14, 2004 at 13:47:50 Pacific

Reply:

You are a genius. That seems to have done the trick. I ran rapidblaster killer as you said, then ran hijack this again and cleaned up the files you listed for me and restarted. My system came up normally and did not automatically try to start the internet and came up as it used to with no pop ups. Thanks very much for your help. Post back to me if there's any last thing I'll need to run or do to finish up; I'll check back once more later.
Paul Lambrix, Kalamazoo, MI

Response Number 48

Name: jmh123
Date: February 15, 2004 at 02:35:07 Pacific

Reply:

I too have this problem--so far the only symptom is the error message on start-up:
Error loading C:\WINNT\Downloaded Program Files\bridge.dll - The specified module could not be found. The Bridge program is listing in "Add/Remove" and cannot be removed. I have downloaded, updated, and run the programs as advised. Here is my "hijack this" log:
Logfile of HijackThis v1.97.7
Scan saved at 5:18:44 AM, on 2/15/2004
Platform: Windows 2000 SP4 (WinNT 5.00.2195)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)
Running processes:
C:\WINNT\System32\smss.exe
C:\WINNT\system32\winlogon.exe
C:\WINNT\system32\services.exe
C:\WINNT\system32\lsass.exe
C:\WINNT\system32\svchost.exe
C:\WINNT\system32\spoolsv.exe
C:\WINNT\System32\cisvc.exe
C:\WINNT\System32\svchost.exe
c:\PROGRA~1\mcafee.com\vso\mcvsrte.exe
C:\WINNT\system32\regsvc.exe
C:\WINNT\system32\MSTask.exe
C:\WINNT\system32\svchost.exe
c:\PROGRA~1\mcafee.com\vso\mcshield.exe
C:\WINNT\Explorer.exe
C:\WINNT\system32\pctspk.exe
C:\WINNT\system32\PRPCUI.exe
C:\Program Files\Dell\AccessDirect\dadapp.exe
C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
C:\Program Files\Dell\AccessDirect\DadTray.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Program Files\Adaptec\Easy CD Creator 5\DirectCD\DirectCD.exe
C:\PROGRA~1\mcafee.com\agent\mcagent.exe
C:\PROGRA~1\mcafee.com\vso\mcvsshld.exe
c:\progra~1\mcafee.com\vso\mcvsescn.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\GetRight\getright.exe
C:\Program Files\GetRight\getright.exe
C:\Program Files\Hijack This\HijackThis.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://pub206.ezboard.com/ftheclayboardfrm11
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.dell.com
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://home.netscape.com/home/winsearch200.html
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://home.netscape.com/home/winsearch.html
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://home.netscape.com/home/winsearch.html
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: (no name) - {9C691A33-7DDA-4C2F-BE4C-C176083F35CF} - (no file)
O2 - BHO: (no name) - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\winnt\googletoolbar2.dll
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINNT\System32\msdxm.ocx
O3 - Toolbar: McAfee VirusScan - {BA52B914-B692-46c4-B683-905236F6F655} - c:\progra~1\mcafee.com\vso\mcvsshl.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\winnt\googletoolbar2.dll
O4 - HKLM\..\Run: [Synchronization Manager] mobsync.exe /logon
O4 - HKLM\..\Run: [PCTVOICE] pctspk.exe
O4 - HKLM\..\Run: [IgfxTray] C:\WINNT\system32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\WINNT\system32\hkcmd.exe
O4 - HKLM\..\Run: [PRPCMonitor] PRPCUI.exe
O4 - HKLM\..\Run: [DadApp] C:\Program Files\Dell\AccessDirect\dadapp.exe
O4 - HKLM\..\Run: [SynTPLpr] C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [AdaptecDirectCD] "C:\Program Files\Adaptec\Easy CD Creator 5\DirectCD\DirectCD.exe"
O4 - HKLM\..\Run: [MCAgentExe] c:\PROGRA~1\mcafee.com\agent\mcagent.exe
O4 - HKLM\..\Run: [MCUpdateExe] C:\PROGRA~1\mcafee.com\agent\mcupdate.exe
O4 - HKLM\..\Run: [VirusScan Online] "c:\PROGRA~1\mcafee.com\vso\mcvsshld.exe"
O4 - HKLM\..\Run: [QuickFinder Scheduler] "C:\Program Files\Corel\WordPerfect Office 2002\Programs\QFSCHD100.exe"
O4 - HKLM\..\Run: [VSOCheckTask] "c:\PROGRA~1\mcafee.com\vso\mcmnhdlr.exe" /checktask
O4 - HKLM\..\Run: [windows auto update] msblast.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [System Configuration] winsyr.exe
O4 - HKLM\..\Run: [Network Service] ntdma.exe
O4 - HKLM\..\Run: [SpyHunter] C:\Program Files\SpyHunter\SpyHunter.exe
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [RunDLL] rundll32.exe "C:\WINNT\Downloaded Program Files\bridge.dll",Load
O4 - HKLM\..\Run: [SpybotSnD] "C:\Program Files\Spybot - Search & Destroy\SpybotSD.exe"
O4 - HKLM\..\RunServices: [System Configuration] winsyr.exe
O4 - HKLM\..\RunServices: [Network Service] ntdma.exe
O4 - HKCU\..\Run: [Network Service] ntdma.exe
O4 - Global Startup: GetRight - Tray Icon.lnk = C:\Program Files\GetRight\getright.exe
O8 - Extra context menu item: &Google Search - res://c:\winnt\GoogleToolbar2.dll/cmsearch.html
O8 - Extra context menu item: Backward &Links - res://c:\winnt\GoogleToolbar2.dll/cmbacklinks.html
O8 - Extra context menu item: Cac&hed Snapshot of Page - res://c:\winnt\GoogleToolbar2.dll/cmcache.html
O8 - Extra context menu item: Download with GetRight - C:\Program Files\GetRight\GRdownload.htm
O8 - Extra context menu item: Open with GetRight Browser - C:\Program Files\GetRight\GRbrowse.htm
O8 - Extra context menu item: Si&milar Pages - res://c:\winnt\GoogleToolbar2.dll/cmsimilar.html
O8 - Extra context menu item: Translate into English - res://c:\winnt\GoogleToolbar2.dll/cmtrans.html
O9 - Extra button: Related (HKLM)
O9 - Extra 'Tools' menuitem: Show &Related Links (HKLM)
O16 - DPF: {01A88BB1-1174-41EC-ACCB-963509EAE56B} (SysProWmi Class) - http://support.dell.com/systemprofiler/SysPro.CAB
O16 - DPF: {02BF25D5-8C17-4B23-BC80-D3488ABDDC6B} (QuickTime Object) - http://www.apple.com/qtactivex/qtplugin.cab
O16 - DPF: {0C568603-D79D-11D2-87A7-00C04FF158BB} (BrowseFolderPopup Class) - http://download.mcafee.com/molbin/Shared/MGBrwFld.cab
O16 - DPF: {2253F320-AB68-4A07-917D-4F12D8884A06} (ChainCast VMR Client Proxy) - http://64.124.45.181/downloads/ccpm_0237.cab
O16 - DPF: {4620BC29-8B8E-4F4E-9D92-1DB6633D6793} (SurferNETWORK Plugin) - http://rd1.surfernetwork.com/surferplugin.ocx
O16 - DPF: {4ED9DDF0-7479-4BBE-9335-5A1EDB1D8A21} (McAfee.com Operating System Class) - http://bin.mcafee.com/molbin/shared/mcinsctl/en-us/4,0,0,72/mcinsctl.cab
O16 - DPF: {4FAE30E1-EE9C-477D-8D06-BF8D3429B60F} (WebIQ Technology Client) - http://webiq001.webiqonline.com/WebIQ/bin/WebIQ.cab
O16 - DPF: {56336BCB-3D8A-11D6-A00B-0050DA18DE71} (RdxIE Class) - http://software-dl.real.com/06c5188f23b2f18bb705/netzip/RdxIE601.cab
O16 - DPF: {8EDAD21C-3584-4E66-A8AB-EB0E5584767D} - http://toolbar.google.com/data/GoogleActivate.cab
O16 - DPF: {9F1C11AA-197B-4942-BA54-47A8489BB47F} (Update Class) - http://v4.windowsupdate.microsoft.com/CAB/x86/unicode/iuctl.CAB?37832.1329166667
O16 - DPF: {BCC0FF27-31D9-4614-A68E-C18E1ADA4389} (DwnldGroupMgr Class) - http://bin.mcafee.com/molbin/shared/mcgdmgr/en-us/1,0,0,16/mcgdmgr.cab
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://download.macromedia.com/pub/shockwave/cabs/flash/swflash.cab
Please advise at your convenience which items should be removed. Huge thanks for your help.
Julia

Response Number 49

Name: jmh123
Date: February 15, 2004 at 03:04:58 Pacific

Reply:

P.S. I see msblast.exe in there--it is effectively neutered--but I will follow steps to manually remove to make sure.

Response Number 50

Name: jmh123
Date: February 15, 2004 at 15:46:19 Pacific

Reply:

Another P.S. "neutralized" would be a better word for msblast--had Triumph the not-such-a-wonder-dog on the brain (and was wishfully thinking). At any rate, I have now taken care of that.
There is one strange thing happening which may be related to this hijacking. There is one website I cannot access that I've gone to a gazillion times--I keep getting the message one gets when a site is down temporarily--but I'm on several messsage boards where people are talking about it, so I know that it isn't down. (Rollingstone.com) This has been happening for several days now. I did get in once yesterday morning. Weird. I checked security settings, even placed a special "allow" notice for the site, but nothing works.
Thanks again.

Response Number 51

Name: Chridge
Date: February 16, 2004 at 18:52:44 Pacific

Reply:

Hello,
I'm having the same problem with the misiing bridge.dll message and Instant Albert on my computer. Please help. Thank you.

Response Number 52

Name: Chridge
Date: February 16, 2004 at 22:17:32 Pacific

Reply:

P.S. I ran cwshredder and found nothing. When I tried to run Spybot I got a imagehlp.dll file missing message. I ran HJT and have the log.

Response Number 53

Name: Ceil
Date: February 17, 2004 at 04:48:16 Pacific

Reply:

I get the bridge.dll error and my System folder opens on startup. I ran Spybot S&D ((a program I used a while back but eventually forgot about)), but the link to CWShredder doesn't work for me. I got the Hijackthis thing tho and ran it. I hope you don't got too bored of looking at these logs ;/ Help would be greatly appreciated. Here's the log:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\LEXBCES.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\LEXPPS.exe
C:\WINDOWS\System32\CTSvcCDA.exe
C:\WINDOWS\system32\crypserv.exe
C:\Program Files\Panda Software\Panda Platinum Internet Security\Firewall\PavFires.exe
C:\Program Files\Common Files\Panda Software\PavShld\pavprsrv.exe
C:\Program Files\Panda Software\Panda Platinum Internet Security\pavsrv51.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Panda Software\Panda Platinum Internet Security\AVENGINE.exe
C:\WINDOWS\Explorer.exe
C:\Program Files\Google\ggviewer67-16.exe
C:\WINDOWS\SYSTEM32\hpsysdrv.exe
C:\PROGRA~1\LEXMAR~1\ACMonitor_X73.exe
C:\PROGRA~1\LEXMAR~1\AcBtnMgr_X73.exe
C:\Program Files\AWS\WeatherBug\Weather.exe
C:\Program Files\AceLogix\Free Ram Optimizer\fro.exe
C:\Program Files\Panda Software\Panda Platinum Internet Security\SRVLOAD.exe
C:\Program Files\Windows Media Components\Encoder\WMENCAGT.exe
C:\Program Files\AdsGone\adsgone.exe
C:\Program Files\Panda Software\Panda Platinum Internet Security\WebProxy.exe
C:\Program Files\Internet Explorer\IEXPLORE.exe
C:\C\mIRC\mirc.exe
C:\C\Security\hijackthis1977\HijackThis.exe
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://search.hpwis.com/
O2 - BHO: (no name) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx
O2 - BHO: (no name) - {0DDEDE73-5FA5-C0E9-4B9B-E15702F6E1DC} - (no file)
O2 - BHO: (no name) - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar2.dll
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx
O4 - HKLM\..\Run: [NPROTECT] C:\PROGRA~1\NORTON~1\ADVTOOLS\NPROTECT.exe
O4 - HKLM\..\Run: [HPLogiFinder] \WINDOWS\OPTIONS\CABS\LOGITECH\HP_FINDER.exe
O4 - HKLM\..\Run: [DJRegFix] regedit /s c:\hp\djregfix.reg
O4 - HKLM\..\Run: [Delay] C:\WINDOWS\delayrun.exe
O4 - HKLM\..\Run: [LoadPowerProfile] Rundll32.exe powrprof.dll,LoadCurrentPwrScheme
O4 - HKLM\..\Run: [PrinTray] C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\printray.exe
O4 - HKLM\..\Run: [Advanced Tools Check] C:\PROGRA~1\NORTON~1\AdvTools\ADVCHK.exe
O4 - HKLM\..\Run: [NeroCheck] C:\WINDOWS\System32\\NeroCheck.exe
O4 - HKLM\..\Run: [mgavrtclexe] C:\WINDOWS\MCBin\AV\Rt\mgavrtcl.exe
O4 - HKLM\..\Run: [hpsysdrv] C:\WINDOWS\SYSTEM32\hpsysdrv.exe
O4 - HKLM\..\Run: [RunDLL] rundll32.exe "C:\WINDOWS\System32\bridge.dll",Load
O4 - HKLM\..\Run: [Lexmark X73 Button Monitor] C:\PROGRA~1\LEXMAR~1\ACMonitor_X73.exe
O4 - HKLM\..\Run: [Lexmark X73 Button Manager] C:\PROGRA~1\LEXMAR~1\AcBtnMgr_X73.exe
O4 - HKLM\..\Run: [taskmanager] c:\windows\taskmgr.com
O4 - HKLM\..\Run: [SCANINICIO] "C:\Program Files\Panda Software\Panda Platinum Internet Security\Inicio.exe"
O4 - HKLM\..\Run: [APVXDWIN] "C:\Program Files\Panda Software\Panda Platinum Internet Security\APVXDWIN.exe" /s
O4 - HKLM\..\Run: [QuickTime Task] "C:\c\qttask.exe" -atboottime
O4 - HKCU\..\Run: [PopupWar] C:\Program Files\PopupWar\PopupWar.exe
O4 - HKCU\..\Run: [Weather] C:\Program Files\AWS\WeatherBug\Weather.exe 1
O4 - HKCU\..\Run: [Free Ram Optimizer] C:\Program Files\AceLogix\Free Ram Optimizer\fro.exe
O4 - HKCU\..\Run: [] c:\WINDOWS\System32\
O4 - HKCU\..\Run: [WinMX] C:\Progra~1\WinMX\WinMX.exe -m
O4 - Global Startup: FSScrCtl.exe
O4 - Global Startup: ENCODER AGENT.LNK = C:\Program Files\Windows Media Components\Encoder\WMENCAGT.exe
O4 - Global Startup: Verizon Online Support Center.lnk = C:\Program Files\Verizon Online\SupportCenter\bin\matcli.exe
O4 - Global Startup: AdsGone 2004.lnk = C:\Program Files\AdsGone\adsgone.exe
O8 - Extra context menu item: &Google Search - res://C:\Program Files\Google\GoogleToolbar2.dll/cmsearch.html
O8 - Extra context menu item: &NeoTrace It! - C:\PROGRA~1\NEOTRA~1\NTXcontext.htm
O8 - Extra context menu item: Backward &Links - res://C:\Program Files\Google\GoogleToolbar2.dll/cmbacklinks.html
O8 - Extra context menu item: Cac&hed Snapshot of Page - res://C:\Program Files\Google\GoogleToolbar2.dll/cmcache.html
O8 - Extra context menu item: Si&milar Pages - res://C:\Program Files\Google\GoogleToolbar2.dll/cmsimilar.html
O8 - Extra context menu item: Translate into English - res://C:\Program Files\Google\GoogleToolbar2.dll/cmtrans.html
O9 - Extra button: Messenger (HKLM)
O9 - Extra 'Tools' menuitem: Yahoo! Messenger (HKLM)
O9 - Extra button: Messenger (HKLM)
O9 - Extra 'Tools' menuitem: Windows Messenger (HKLM)
O9 - Extra button: NeoTrace It! (HKCU)
O9 - Extra button: WeatherBug (HKCU)
O10 - Unknown file in Winsock LSP: c:\program files\panda software\panda platinum internet security\pavlsp.dll
O10 - Unknown file in Winsock LSP: c:\program files\panda software\panda platinum internet security\pavlsp.dll
O10 - Unknown file in Winsock LSP: c:\program files\panda software\panda platinum internet security\pavlsp.dll
O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll
O16 - DPF: HushEncryptionEngine - https://mailserver3.hushmail.com/shared/HushEncryptionEngine.cab
O16 - DPF: Tornado 21 - http://download.games.yahoo.com/games/clients/y/t21t0_x.cab
O16 - DPF: Yahoo! Dominoes - http://download.games.yahoo.com/games/clients/y/dot4_x.cab
O16 - DPF: Yahoo! Euchre - http://download.games.yahoo.com/games/clients/y/et1_x.cab
O16 - DPF: Yahoo! Literati - http://download.games.yahoo.com/games/clients/y/tt0_x.cab
O16 - DPF: Yahoo! Pyramids - http://download.games.yahoo.com/games/clients/y/pyt1_x.cab
O16 - DPF: Yahoo! Spades - http://download.games.yahoo.com/games/clients/y/st2_x.cab
O16 - DPF: Yahoo! Spelldown - http://download.games.yahoo.com/games/clients/y/sdt1_x.cab
O16 - DPF: {2B96D5CC-C5B5-49A5-A69D-CC0A30F9028C} (MiniBugTransporterX Class) - http://download.weatherbug.com/minibug/tricklers/AWS/MiniBugTransporter.cab?
O16 - DPF: {30528230-99F7-4BB4-88D8-FA1D4F56A2AB} (YInstStarter Class) - http://download.yahoo.com/dl/installs/yinst.cab
O16 - DPF: {4E888414-DB8F-11D1-9CD9-00C04F98436A} (Microsoft.WinRep) - https://webresponse.one.microsoft.com/oas/ActiveX/winrep.cab
O16 - DPF: {62475759-9E84-458E-A1AB-5D2C442ADFDE} - http://a1540.g.akamai.net/7/1540/52/20031216/qtinstall.info.apple.com/mickey/us/win/QuickTimeInstaller.exe
O16 - DPF: {869F3BBC-A812-4D13-A93B-7B3FC816DCD5} (McAfee.com Updater) - http://download.mcafee.com/molbin/clinic/virusscan/mcasupd.cab
O16 - DPF: {94B82441-A413-4E43-8422-D49930E69764} (TLIEFlashObj Class) - https://rtc.webresponse.one.microsoft.com/media/xp/TLIEFlash.CAB
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://www.pandasoftware.com/activescan/as5/asinst.cab
O16 - DPF: {9F1C11AA-197B-4942-BA54-47A8489BB47F} (Update Class) - http://v4.windowsupdate.microsoft.com/CAB/x86/unicode/iuctl.CAB?37975.6736111111
O16 - DPF: {CA034DCC-A580-4333-B52F-15F98C42E04C} (Downloader Class) - https://www.stopzilla.com/_download/Auto_Installer/dwnldr.cab
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://download.macromedia.com/pub/shockwave/cabs/flash/swflash.cab
O16 - DPF: {F58E1CEF-A068-4C15-BA5E-587CAF3EE8C6} (MSN Chat Control 4.5) - http://chat.msn.com/bin/msnchat45.cab
I'd go through and delete any matches to the stuph you already mentioned above, but I don't know if I should. Thank you for any help you can give me.

!

Response Number 54

Name: Ceil
Date: February 17, 2004 at 04:51:53 Pacific

Reply:

I have Windows XP Pro btw ((dno if that makes a difference)). I didn't notice that this was a WinME forum until after I posted :x Sorrie
!

Response Number 55

Name: mesich
Date: February 17, 2004 at 05:47:36 Pacific

Reply:

Hi Julia, hello everyone
Julia,
Remove the following items using hijackthis.
O2 - BHO: (no name) - {9C691A33-7DDA-4C2F-BE4C-C176083F35CF} - (no file)
O4 - HKLM\..\Run: [windows auto update] msblast.exe
O4 - HKLM\..\Run: [RunDLL] rundll32.exe "C:\WINNT\Downloaded Program Files\bridge.dll",Load
O16 - DPF: {56336BCB-3D8A-11D6-A00B-0050DA18DE71} (RdxIE Class) - http://software-dl.real.com/06c5188f23b2f18bb705/netzip/RdxIE601.cab
You also have a couple of items loading at startup that appear suspicious. I don't know what either of them are nor could I find any information on them.
I would first see if they are in StartUp within msconfig and disable them there.
Then find the two files on your computer and rename them from .exe to .old.
If you don't have any problems after a few days, remove them with hijack this and delete the files.
They are these.
O4 - HKLM\..\Run: [System Configuration] winsyr.exe
O4 - HKLM\..\Run: [Network Service] ntdma.exe
O4 - HKLM\..\RunServices: [System Configuration] winsyr.exe
O4 - HKLM\..\RunServices: [Network Service] ntdma.exe
O4 - HKCU\..\Run: [Network Service] ntdma.exe
Chridge,

Go ahead and post your log and I will take a look at it.
Ceil,
I will take a look at yours right now and post back.
Best Regards,
Mesich

Response Number 56

Name: mesich
Date: February 17, 2004 at 06:13:25 Pacific

Reply:

Hi Ceil, hello everyone
Ceil,
Remove the following items using hijackthis.
O2 - BHO: (no name) - {0DDEDE73-5FA5-C0E9-4B9B-E15702F6E1DC} - (no file)
O4 - HKLM\..\Run: [RunDLL] rundll32.exe "C:\WINDOWS\System32\bridge.dll",Load
O4 - HKCU\..\Run: [] c:\WINDOWS\System32\
That will take care of the bride.dll error message and the system folder opening at startup.
Everything look good.
Best Regards,
Mesich

Response Number 57

Name: Ceil
Date: February 17, 2004 at 06:47:30 Pacific

Reply:

ah! i can't thank you enough! You do have my deepest gratitude, and I'll remember this site for future computer problems ((and I'll be sure to go to the right forum :x)) Thanks :D
!

Response Number 58

Name: mesich
Date: February 17, 2004 at 07:01:13 Pacific

Reply:

Hi Ceil, hello everyone
Ceil,
You just did. :-) You are very welcome. Glad to hear everything is all better.
Yeah, it is best to post in the forum for you operating system or the Security and Virus forum. Both have a lot of regulars which are very knowledgable.
I don't run WinME myself. :-) I usually hang out in the Win98 forum but normally boot using WinXP.
Take care and best regards,
Mesich

Response Number 59

Name: DanielleLikesBlue
Date: February 17, 2004 at 08:11:24 Pacific

Reply:

What about me??!! You answered everyone but me.... :(
Here's my HiJackThis Log (again)....
Logfile of HijackThis v1.97.7
Scan saved at 2:40:36 PM, on 2/14/2004
Platform: Windows ME (Win9x 4.90.3000)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)
Running processes:
C:\WINDOWS\SYSTEM\KERNEL32.DLL
C:\WINDOWS\SYSTEM\MSGSRV32.exe
C:\WINDOWS\SYSTEM\SPOOL32.exe
C:\WINDOWS\SYSTEM\MPREXE.exe
C:\WINDOWS\SYSTEM\MSTASK.exe
C:\WINDOWS\SYSTEM\mmtask.tsk
C:\WINDOWS\TASKMON.exe
C:\WINDOWS\SYSTEM\SYSTRAY.exe
C:\WINDOWS\SM56HLPR.exe
C:\WINDOWS\SYSTEM\HPZTSB07.exe
C:\PROGRAM FILES\COMMONNAME\ADDRESSBAR\WINNET.exe
C:\PROGRAM FILES\COMMONNAME\ADDRESSBAR\COMWIZ.exe
C:\PROGRAM FILES\MEDIA\MEDIA\UPDATESTATS.exe
C:\WINDOWS\RUNDLL32.exe
C:\WINDOWS\RUNDLL32.exe
C:\PROGRAM FILES\COMMON FILES\UPDATER\WUPDATER.exe
C:\PROGRAM FILES\COMMON FILES\REAL\UPDATE_OB\EVNTSVC.exe
C:\WINDOWS\SYSTEM\QTTASK.exe
C:\WINDOWS\SYSTEM\YSDQLZIY.exe
C:\WINDOWS\SYSTEM\WMIEXE.exe
C:\PROGRAM FILES\COMET SYSTEMS\DM\BIN\DMSERVER.exe
C:\PROGRAM FILES\CLOCKSYNC\SYNC.exe
C:\PROGRAM FILES\ALSET\HELPEXPRESS\END USER\HXIUL.exe
C:\PROGRAM FILES\ALSET\HELPEXPRESS\END USER\CLIENT\HELPEXP.exe
C:\PROGRAM FILES\MICROSOFT OFFICE\OFFICE\FINDFAST.exe
C:\PROGRAM FILES\MICROSOFT OFFICE\OFFICE\OSA.exe
C:\WINDOWS\SYSTEM\RESTORE\STMGR.exe
C:\PROGRAM FILES\ALSET\HELPEXPRESS\END USER\CLIENT\PRINTMONITOR.exe
C:\WINDOWS\EMSW.exe
C:\WINDOWS\SYSTEM\PSTORES.exe
C:\WINDOWS\EXPLORER.exe
C:\WINDOWS\SYSTEM\DDHELP.exe
C:\WINDOWS\TEMP\TD_0001.DIR\HIJACKTHIS.exe
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://www.blazefind.com/search.php?search=%s
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.blazefind.com
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.sqwire.com/homepage.php?aid=975
R1 - HKCU\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://www.couldnotfind.com/search_page.html?&account_id=132986
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://files.cc.cometsystems.com/assist/cc/1.0/1B/assist.html
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://www.blazefind.com
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = 127.0.0.1
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page_bak = http://www.sqwire.com/homepage.php?aid=975
R3 - URLSearchHook: XTSearchHook Class - {6E6DD93E-1FC3-4F43-8AFB-1B7B90C9D3EB} - C:\PROGRAM FILES\SQWIRE\S.DLL (file missing)
O2 - BHO: BabeIE - {00000000-0000-0000-0000-000000000000} - C:\PROGRAM FILES\COMMONNAME\ADDRESSBAR\CNBABE.DLL (file missing)
O2 - BHO: (no name) - {8FE2FA1C-1E4F-3AFB-6A90-B87D9EB8EE5E} - C:\windows\system\yqgdrshj.dll
O2 - BHO: (no name) - {00000762-3965-4A1A-98CE-3D4BF457D4C8} - C:\PROGRAM FILES\LYCOS\SIDESEARCH\SIDESEARCH1311.DLL
O2 - BHO: (no name) - {89D95B00-50C4-B07A-36F4-EF6F6B25C182} - C:\windows\system\qyfnunaq.dll
O2 - BHO: (no name) - {2CF0B992-5EEB-4143-99C0-5297EF71F443} - C:\WINDOWS\SYSTEM\STLBDIST.DLL
O2 - BHO: (no name) - {C83BC5BB-CE8D-4799-B2B4-DC2CB7C10B91} - C:\WINDOWS\SYSTEM\MSPROINT.DLL
O2 - BHO: NavErrRedir Class - {5D60FF48-95BE-4956-B4C6-6BB168A70310} - C:\PROGRA~1\INCRED~1\BHO\INCFIN~1.DLL
O2 - BHO: (no name) - {000006B1-19B5-414A-849F-2A3C64AE6939} - C:\WINDOWS\BI.DLL
O2 - BHO: CSBHO - {D14D6793-9B65-11D3-80B6-00500487BDBA} - C:\PROGRAM FILES\COMET SYSTEMS\PLATFORM\BIN\CSBHO.DLL (file missing)
O2 - BHO: (no name) - {71ED4FBA-4024-4bbe-91DC-9704C93F453E} - C:\PROGRAM FILES\IESEARCHBAR\IESEARCHBAR.DLL
O2 - BHO: (no name) - {2662BDD7-05D6-408F-B241-FF98FACE6054} - C:\PROGRAM FILES\SQWIRE\U.DLL (file missing)
O2 - BHO: (no name) - {0DDBB570-0396-44C9-986A-8F6F61A51C2F} - C:\WINDOWS\SYSTEM\MSIEFR40.DLL
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\SYSTEM\MSDXM.OCX
O3 - Toolbar: IE Search Bar - {71ED4FBA-4024-4bbe-91DC-9704C93F453E} - C:\PROGRAM FILES\IESEARCHBAR\IESEARCHBAR.DLL
O4 - HKLM\..\Run: [ScanRegistry] C:\WINDOWS\scanregw.exe /autorun
O4 - HKLM\..\Run: [TaskMonitor] C:\WINDOWS\taskmon.exe
O4 - HKLM\..\Run: [PCHealth] C:\WINDOWS\PCHealth\Support\PCHSchd.exe -s
O4 - HKLM\..\Run: [SystemTray] SysTray.exe
O4 - HKLM\..\Run: [LoadPowerProfile] Rundll32.exe powrprof.dll,LoadCurrentPwrScheme
O4 - HKLM\..\Run: [SMSERIAL] sm56hlpr.exe
O4 - HKLM\..\Run: [HPDJ Taskbar Utility] C:\WINDOWS\SYSTEM\hpztsb07.exe
O4 - HKLM\..\Run: [winnet] C:\PROGRA~1\COMMON~2\ADDRES~1\WINNET.exe
O4 - HKLM\..\Run: [WinFavorites] C:\PROGRAM FILES\WINFAVORITES\WINFAVORITES.exe1
O4 - HKLM\..\Run: [SQUpdatesChecker] C:\Program Files\Sqwire\uc.exe
O4 - HKLM\..\Run: [UpdateStats] C:\Program Files\Media\Media\UpdateStats.exe
O4 - HKLM\..\Run: [{2CF0B992-5EEB-4143-99C0-5297EF71F444}] rundll32.exe C:\WINDOWS\SYSTEM\STLBDIST.DLL,DllRunMain
O4 - HKLM\..\Run: [WhenUSave] C:\PROGRA~1\SAVE\Save.exe
O4 - HKLM\..\Run: [Rundll32_7] rundll32.exe C:\WINDOWS\SYSTEM\MSIEFR40.DLL,DllRunServer
O4 - HKLM\..\Run: [updater] C:\Program Files\Common files\updater\wupdater.exe
O4 - HKLM\..\Run: [TkBellExe] C:\Program Files\Common Files\Real\Update_OB\evntsvc.exe -osboot
O4 - HKLM\..\Run: [QuickTime Task] "C:\WINDOWS\SYSTEM\QTTASK.exe" -atboottime
O4 - HKLM\..\Run: [nvid] C:\WINDOWS\SYSTEM\ysdqlziy.exe
O4 - HKLM\..\Run: [BELT] C:\WINDOWS\BELT.exe
O4 - HKLM\..\Run: [DM_Server] C:\PROGRA~1\COMETS~1\DM\BIN\DMSERVER.exe /onreboot
O4 - HKLM\..\Run: [SQConfigChecker] C:\Program Files\Sqwire\cc.exe
O4 - HKLM\..\Run: [wcmdmgr] C:\WINDOWS\wt\updater\wcmdmgrl.exe -launch
O4 - HKLM\..\RunServices: [LoadPowerProfile] Rundll32.exe powrprof.dll,LoadCurrentPwrScheme
O4 - HKLM\..\RunServices: [SchedulingAgent] mstask.exe
O4 - HKLM\..\RunServices: [*StateMgr] C:\WINDOWS\System\Restore\StateMgr.exe
O4 - HKCU\..\Run: [ClockSync] C:\Program Files\ClockSync\Sync.exe /q
O4 - HKCU\..\Run: [eZmmod] C:\PROGRA~1\ezula\mmod.exe
O4 - HKCU\..\Run: [HXIUL.EXE] C:\Program Files\Alset\HelpExpress\End User\HXIUL.exe
O4 - HKCU\..\Run: [HELPEXP.EXE] C:\Program Files\Alset\HelpExpress\End User\Client\HelpExp.exe
O4 - HKLM\..\RunOnce: [_UnwiseF1] command.com /c del C:\WINDOWS\SYSTEM\N3TPA1P.DLL
O4 - HKLM\..\RunOnce: [_UnwiseF1_] command.com /c del C:\WINDOWS\SYSTEM\im64.dll
O4 - Startup: Microsoft Find Fast.lnk = C:\Program Files\Microsoft Office\Office\FINDFAST.exe
O4 - Startup: Office Startup.lnk = C:\Program Files\Microsoft Office\Office\OSA.exe
O4 - Startup: Download Plus.lnk = C:\WINDOWS\Application Data\DownloadPlus.exe
O8 - Extra context menu item: Bookmark This Page - C:\Program Files\CommonName\AddressBar\createbookmark.htm
O8 - Extra context menu item: Add A Page Note - C:\Program Files\CommonName\AddressBar\createnote.htm
O8 - Extra context menu item: Email This Link - C:\Program Files\CommonName\AddressBar\emaillink.htm
O8 - Extra context menu item: Search using CommonName - C:\Program Files\CommonName\AddressBar\navigate.htm
O9 - Extra button: Related (HKLM)
O9 - Extra 'Tools' menuitem: Show &Related Links (HKLM)
O9 - Extra button: AIM (HKLM)
O9 - Extra button: Sidesearch (HKLM)
O9 - Extra 'Tools' menuitem: Turbo Download (HKLM)
O9 - Extra 'Tools' menuitem: Sun Java Console (HKLM)
O11 - Options group: [CommonName] CommonName
O16 - DPF: {9F1C11AA-197B-4942-BA54-47A8489BB47F} (Update Class) - http://v4.windowsupdate.microsoft.com/CAB/x86/ansi/iuctl.CAB?37931.4053240741
O16 - DPF: {33564D57-0000-0010-8000-00AA00389B71} - http://download.microsoft.com/download/F/6/E/F6E491A6-77E1-4E20-9F5F-94901338C922/wmv9VCM.CAB
O16 - DPF: {52DCAD2D-D5DD-8EA5-315A-B4FE032A28F9} (DownloadUL Class) - http://public.searchbarcash.com/cab/350/anmqsrho.cab
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://download.macromedia.com/pub/shockwave/cabs/flash/swflash.cab
O16 - DPF: {018B7EC3-EECA-11D3-8E71-0000E82C6C0D} (Installer Class) - http://www.xxxtoolbar.com/ist/softwares/v3.0/0006.cab
O16 - DPF: {56336BCB-3D8A-11D6-A00B-0050DA18DE71} - http://207.188.7.150/16cf503349779486bd23/netzip/RdxIE2.cab
O16 - DPF: {62475759-9E84-458E-A1AB-5D2C442ADFDE} - http://a1540.g.akamai.net/7/1540/52/20031216/qtinstall.info.apple.com/mickey/us/win/QuickTimeInstaller.exe
O16 - DPF: {197AB1D7-A7DD-4C86-A938-1FCC0DB21B85} (DMProxyCtl Class) - http://dm.cometsystems.com/dm/dm_274.cab
Thanks,
Danielle

Response Number 60

Name: DanielleLikesBlue
Date: February 17, 2004 at 08:14:47 Pacific

Reply:

P.S.
I'd really appreciate it if everyone could please wait until mesich replied to me before posting about your own problems so I don't get skipped over again.. Thanks a lot.
Danielle

Response Number 61

Name: mesich
Date: February 17, 2004 at 08:26:47 Pacific

Reply:

Hi Danielle, hello everyone
Sorry about that. Thread has gotten quite long and I guess I lost track. Memory not quite what it used to be. :-)
I have to run to a clients real quick, gotta make milk money for the kid.
I will be back in about an hour or so and promise to analyze your log first thing.
Best Regards,
Mesich

Response Number 62

Name: DanielleLikesBlue
Date: February 17, 2004 at 18:40:26 Pacific

Reply:

haha, thank you so very much!! :)

Response Number 63

Name: Chridge
Date: February 17, 2004 at 21:06:58 Pacific

Reply:

Hi! Thank you for your help. Here's the HJT log.

Logfile of HijackThis v1.97.7
Scan saved at 6:27:47 PM, on 2/16/04
Platform: Windows 98 Gold (Win9x 4.10.1998)
MSIE: Internet Explorer v6.00 (6.00.2600.0000)
Running processes:
C:\WINDOWS\SYSTEM\KERNEL32.DLL
C:\WINDOWS\SYSTEM\MSGSRV32.exe
C:\WINDOWS\SYSTEM\MPREXE.exe
C:\WINDOWS\SYSTEM\MSTASK.exe
C:\WINDOWS\SYSTEM\mmtask.tsk
C:\WINDOWS\EXPLORER.exe
C:\WINDOWS\TASKMON.exe
C:\WINDOWS\SYSTEM\SYSTRAY.exe
C:\WINDOWS\STARTER.exe
C:\WINDOWS\GWHOTKEY.exe
C:\PROGRAM FILES\DIRECTCD\DIRECTCD.exe
C:\PROGRAM FILES\SUPPORT.COM\BIN\TGCMD.exe
C:\PROGRAM FILES\COMMON FILES\REAL\UPDATE_OB\REALSCHED.exe
C:\WINDOWS\LOADQM.exe
C:\WINDOWS\PLJQGGJW.exe
C:\WINDOWS\SYSTEM\OYGJJVPV.exe
C:\PROGRAM FILES\COMMONNAME\ADDRESSBAR\WINNET.exe
C:\PROGRAM FILES\DOWNLOADWARE\DW.exe
C:\PROGRAM FILES\COMMON FILES\CMEII\CMESYS.exe
C:\PROGRAM FILES\SAVE\SAVE.exe
C:\PROGRAM FILES\COMMONNAME\ADDRESSBAR\COMWIZ.exe
C:\WINDOWS\SYSTEM\SYS32.exe
C:\WINDOWS\SYSTEM\WINDRV32.exe
C:\WINDOWS\RunDLL.exe
C:\PROGRAM FILES\CLOCKSYNC\SYNC.exe
C:\PROGRAM FILES\COMMON FILES\GMT\GMT.exe
C:\WINDOWS\SYSTEM\DDHELP.exe
C:\PROGRAM FILES\COMMON FILES\REAL\UPDATE_OB\RNATHCHK.exe
C:\PROGRAM FILES\WINZIP\WZQKPICK.exe
C:\UNZIPPED\HIJACKTHIS\HIJACKTHIS.exe
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://search.instantalbert.com/search.php
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://search.instantalbert.com/search.php
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://search.instantalbert.com/search.php
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://search.instantalbert.com/search.php
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://search.instantalbert.com/search.php
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://search.instantalbert.com/search.php
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Microsoft Internet Explorer provided by Cox High Speed Internet
N1 - Netscape 4: user_pref("browser.startup.homepage", "http://www.sdinsider.com/transition.html"); (C:\Program Files\Netscape\Users\default\prefs.js)
O2 - BHO: (no name) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\PROGRAM FILES\ADOBE\ACROBAT 5.0\READER\ACTIVEX\ACROIEHELPER.OCX
O2 - BHO: Httper - {A5483501-070C-41DD-AF44-9BD8864B3015} - C:\PROGRAM FILES\HTTPER\HTTPER.DLL
O2 - BHO: (no name) - {42D8C47F-B556-80DA-B8D2-014E3A9B820B} - C:\windows\system\fkwgbmwz.dll
O2 - BHO: (no name) - {71ED4FBA-4024-4bbe-91DC-9704C93F453E} - C:\PROGRAM FILES\IESEARCHBAR\IESEARCHBAR.DLL
O2 - BHO: SmartPops - {D5C778F1-CF13-4E70-ADF0-45A953E7CB8B} - C:\PROGRAM FILES\NETWORK ESSENTIALS\V11\NE.DLL
O2 - BHO: (no name) - {9C691A33-7DDA-4C2F-BE4C-C176083F35CF} - C:\WINDOWS\SYSTEM\BRIDGE.DLL
O2 - BHO: (no name) - {000006B1-19B5-414A-849F-2A3C64AE6939} - C:\WINDOWS\BI.DLL
O2 - BHO: HTML tools - {00673769-777F-4814-BE0F-74CBA1D823B8} - C:\WINDOWS\IEHOOK.DLL
O2 - BHO: Recommended Hotfix - {0421701D-CF13-4E70-ADF0-45A953E7CB8B} - C:\PROGRAM FILES\RECOMMENDED HOTFIX - 421701D\V15\RH.DLL
O2 - BHO: (no name) - {F9374DE1-E63C-4483-90F8-74F08041834F} - C:\PROGRA~1\SAFESU~1\SAFESU~1.DLL (file missing)
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\SYSTEM\MSDXM.OCX
O3 - Toolbar: IE Search Bar - {71ED4FBA-4024-4bbe-91DC-9704C93F453E} - C:\PROGRAM FILES\IESEARCHBAR\IESEARCHBAR.DLL
O4 - HKLM\..\Run: [ScanRegistry] c:\windows\scanregw.exe /autorun
O4 - HKLM\..\Run: [TaskMonitor] c:\windows\taskmon.exe
O4 - HKLM\..\Run: [SystemTray] SysTray.exe
O4 - HKLM\..\Run: [EAPCISetup] c:\windows\SYSTEM\sbsetup.exe c:\windows\SYSTEM
O4 - HKLM\..\Run: [EnsoniqMixer] starter.exe
O4 - HKLM\..\Run: [Multi-function Keyboard] GWHotKey.exe
O4 - HKLM\..\Run: [Adaptec DirectCD] C:\PROGRA~1\DIRECTCD\DIRECTCD.exe
O4 - HKLM\..\Run: [AtiCwd32] Aticwd32.exe
O4 - HKLM\..\Run: [AtiQiPcl] AtiQiPcl.exe
O4 - HKLM\..\Run: [LoadPowerProfile] Rundll32.exe powrprof.dll,LoadCurrentPwrScheme
O4 - HKLM\..\Run: [tgcmd] "C:\Program Files\Support.com\bin\tgcmd.exe" /server
O4 - HKLM\..\Run: [BJCFD] C:\Program Files\BroadJump\Client Foundation\CFD.exe
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [LoadQM] loadqm.exe
O4 - HKLM\..\Run: [mtwdtdls] C:\WINDOWS\pljqggjw.exe
O4 - HKLM\..\Run: [WinFavorites] C:\PROGRAM FILES\WINFAVORITES\WINFAVORITES.exe1
O4 - HKLM\..\Run: [nvid] C:\WINDOWS\SYSTEM\oygjjvpv.exe
O4 - HKLM\..\Run: [winnet] C:\PROGRA~1\COMMON~2\ADDRES~1\winnet.exe
O4 - HKLM\..\Run: [DownloadWare] "C:\Program Files\DownloadWare\dw.exe" /H
O4 - HKLM\..\Run: [RunDLL] rundll32.exe "C:\WINDOWS\SYSTEM\BRIDGE.DLL",Load
O4 - HKLM\..\Run: [systray] C:\WINDOWS\SYSTEM\A.exe
O4 - HKLM\..\Run: [CMESys] "C:\PROGRAM FILES\COMMON FILES\CMEII\CMESYS.exe"
O4 - HKLM\..\Run: [WhenUSave] C:\Program Files\Save\Save.exe
O4 - HKLM\..\Run: [BELT] C:\WINDOWS\BELT.exe
O4 - HKLM\..\Run: [Windows Configuration] SYS32.exe
O4 - HKLM\..\Run: [Windllv32 driver] WINDRV32.exe
O4 - HKLM\..\Run: [SwimSuitNetwork] "C:\Program Files\SwimSuitNetwork\SwimSuitNetwork.exe" /H
O4 - HKLM\..\Run: [SafeSurfingEXE] C:\PROGRAM FILES\SAFESURFING\SAFESURFING.exe
O4 - HKLM\..\RunServices: [SchedulingAgent] mstask.exe
O4 - HKCU\..\Run: [Taskbar Display Controls] RunDLL deskcp16.dll,QUICKRES_RUNDLLENTRY
O4 - HKCU\..\Run: [Internet Washer Pro] C:\PROGRAM FILES\INTERNET WASHER PRO\IW.exe min
O4 - HKCU\..\Run: [MsnMsgr] "c:\Program Files\MSN Messenger\MsnMsgr.exe" /background
O4 - HKCU\..\Run: [ClockSync] C:\PROGRA~1\CLOCKS~1\Sync.exe /q
O4 - HKCU\..\RunOnce: [Windows Configuration] SYS32.exe
O4 - HKCU\..\RunOnce: [Windllv32 driver] WINDRV32.exe
O4 - Startup: Windows Guardian.lnk = C:\Program Files\the HelpSpot!\Fawgrd32.exe
O4 - Startup: WinZip Quick Pick.lnk = C:\Program Files\WinZip\WZQKPICK.exe
O9 - Extra button: @Home (HKCU)
O12 - Plugin for .viv: C:\PROGRAM FILES\NETSCAPE\COMMUNICATOR\PROGRAM\PLUGINS\npviv32.dll
O12 - Plugin for .mid: C:\PROGRA~1\INTERN~1\PLUGINS\npqtplugin.dll
O12 - Plugin for .wav: C:\PROGRA~1\INTERN~1\PLUGINS\npqtplugin.dll
O12 - Plugin for .mov: C:\PROGRA~1\INTERN~1\PLUGINS\npqtplugin.dll
O12 - Plugin for .net/display/vipvivo/13083/pam288cp: C:\PROGRAM FILES\NETSCAPE\COMMUNICATOR\PROGRAM\PLUGINS\npviv32.dll
O12 - Plugin for .spop: C:\PROGRA~1\INTERN~1\Plugins\NPDocBox.dll
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://active.macromedia.com/flash2/cabs/swflash.cab
O16 - DPF: {B3AA2F6B-6BAF-11D3-BA05-00C0F0322972} - http://link.exxxit.com/pce3/download/Uncensored_Sex.exe
O16 - DPF: Win32 Classes - file://c:\windows\Java\classes\win32ie4.cab
O16 - DPF: {9F1C11AA-197B-4942-BA54-47A8489BB47F} (Update Class) - http://v4.windowsupdate.microsoft.com/CAB/x86/ansi/iuctl.CAB?37589.7875925926
O16 - DPF: {E2F2B9D0-96B9-4B25-B90C-636ECB207D18} - http://www.whenusearch.com/WUInstSECS.cab
O16 - DPF: {0E5F0222-96B9-11D3-8997-00104BD12D94} (PCPitstop Utility) - http://pcpitstop.com/pcpitstop/PCPitStop.CAB

Response Number 64

Name: mesich
Date: February 17, 2004 at 23:40:34 Pacific

Reply:

Hi Danielle, hello everyone
Danielle,
Quite the log I might say. :-)
Delete the following items using hijackthis.
Post back when you are done and we shall remove any files left over from Spybot that appear to still remain.
Chridge,
I will look at yours right now.
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar =
http://www.blazefind.com/search.php?search=%s
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.blazefind.com
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) =
http://www.blazefind.com
R3 - URLSearchHook: XTSearchHook Class - {6E6DD93E-1FC3-4F43-8AFB-1B7B90C9D3EB} - C:\PROGRAM
FILES\SQWIRE\S.DLL (file missing)
O2 - BHO: BabeIE - {00000000-0000-0000-0000-000000000000} - C:\PROGRAM
FILES\COMMONNAME\ADDRESSBAR\CNBABE.DLL (file missing)
O2 - BHO: (no name) - {8FE2FA1C-1E4F-3AFB-6A90-B87D9EB8EE5E} -
C:\windows\system\yqgdrshj.dll
O2 - BHO: (no name) - {00000762-3965-4A1A-98CE-3D4BF457D4C8} - C:\PROGRAM
FILES\LYCOS\SIDESEARCH\SIDESEARCH1311.DLL
O2 - BHO: (no name) - {89D95B00-50C4-B07A-36F4-EF6F6B25C182} -
C:\windows\system\qyfnunaq.dll
O2 - BHO: (no name) - {2CF0B992-5EEB-4143-99C0-5297EF71F443} -
C:\WINDOWS\SYSTEM\STLBDIST.DLL
O2 - BHO: (no name) - {C83BC5BB-CE8D-4799-B2B4-DC2CB7C10B91} -
C:\WINDOWS\SYSTEM\MSPROINT.DLL
O2 - BHO: NavErrRedir Class - {5D60FF48-95BE-4956-B4C6-6BB168A70310} -
C:\PROGRA~1\INCRED~1\BHO\INCFIN~1.DLL
O2 - BHO: (no name) - {000006B1-19B5-414A-849F-2A3C64AE6939} - C:\WINDOWS\BI.DLL
O2 - BHO: CSBHO - {D14D6793-9B65-11D3-80B6-00500487BDBA} - C:\PROGRAM FILES\COMET
SYSTEMS\PLATFORM\BIN\CSBHO.DLL (file missing)
O2 - BHO: (no name) - {71ED4FBA-4024-4bbe-91DC-9704C93F453E} - C:\PROGRAM
FILES\IESEARCHBAR\IESEARCHBAR.DLL
O2 - BHO: (no name) - {2662BDD7-05D6-408F-B241-FF98FACE6054} - C:\PROGRAM FILES\SQWIRE\U.DLL
(file missing)
O2 - BHO: (no name) - {0DDBB570-0396-44C9-986A-8F6F61A51C2F} -
C:\WINDOWS\SYSTEM\MSIEFR40.DLL
O3 - Toolbar: IE Search Bar - {71ED4FBA-4024-4bbe-91DC-9704C93F453E} - C:\PROGRAM
FILES\IESEARCHBAR\IESEARCHBAR.DLL
O4 - HKLM\..\Run: [winnet] C:\PROGRA~1\COMMON~2\ADDRES~1\WINNET.exe
O4 - HKLM\..\Run: [WinFavorites] C:\PROGRAM FILES\WINFAVORITES\WINFAVORITES.exe1
O4 - HKLM\..\Run: [SQUpdatesChecker] C:\Program Files\Sqwire\uc.exe
O4 - HKLM\..\Run: [{2CF0B992-5EEB-4143-99C0-5297EF71F444}] rundll32.exe
C:\WINDOWS\SYSTEM\STLBDIST.DLL,DllRunMain
O4 - HKLM\..\Run: [WhenUSave] C:\PROGRA~1\SAVE\Save.exe
O4 - HKLM\..\Run: [Rundll32_7] rundll32.exe C:\WINDOWS\SYSTEM\MSIEFR40.DLL,DllRunServer
O4 - HKLM\..\Run: [updater] C:\Program Files\Common files\updater\wupdater.exe
O4 - HKLM\..\Run: [nvid] C:\WINDOWS\SYSTEM\ysdqlziy.exe
O4 - HKLM\..\Run: [BELT] C:\WINDOWS\BELT.exe
O4 - HKLM\..\Run: [DM_Server] C:\PROGRA~1\COMETS~1\DM\BIN\DMSERVER.exe /onreboot
O4 - HKLM\..\Run: [SQConfigChecker] C:\Program Files\Sqwire\cc.exe
O4 - HKCU\..\Run: [eZmmod] C:\PROGRA~1\ezula\mmod.exe
O4 - HKCU\..\Run: [HXIUL.EXE] C:\Program Files\Alset\HelpExpress\End User\HXIUL.exe
O4 - HKCU\..\Run: [HELPEXP.EXE] C:\Program Files\Alset\HelpExpress\End
User\Client\HelpExp.exe
O4 - Startup: Download Plus.lnk = C:\WINDOWS\Application Data\DownloadPlus.exe
O11 - Options group: [CommonName] CommonName
O16 - DPF: {52DCAD2D-D5DD-8EA5-315A-B4FE032A28F9} (DownloadUL Class) -
http://public.searchbarcash.com/cab/350/anmqsrho.cab
O16 - DPF: {018B7EC3-EECA-11D3-8E71-0000E82C6C0D} (Installer Class) -
http://www.xxxtoolbar.com/ist/softwares/v3.0/0006.cab
O16 - DPF: {56336BCB-3D8A-11D6-A00B-0050DA18DE71} -
http://207.188.7.150/16cf503349779486bd23/netzip/RdxIE2.cab
197AB1D7-A7DD-4C86-A938-1FCC0DB21B85
O16 - DPF: {197AB1D7-A7DD-4C86-A938-1FCC0DB21B85} (DMProxyCtl Class) - http://dm.cometsystems.com/dm/dm_274.cab

Best Regards,
Mesich

Response Number 65

Name: mesich
Date: February 18, 2004 at 00:24:48 Pacific

Reply:

Hi Chridge, hello everyon
Chridge,
Delete the following items using hijackthis.
O2 - BHO: Httper - {A5483501-070C-41DD-AF44-9BD8864B3015} - C:\PROGRAM FILES\HTTPER\HTTPER.DLL
O2 - BHO: (no name) - {42D8C47F-B556-80DA-B8D2-014E3A9B820B} - C:\windows\system\fkwgbmwz.dll
O2 - BHO: (no name) - {71ED4FBA-4024-4bbe-91DC-9704C93F453E} - C:\PROGRAM FILES\IESEARCHBAR\IESEARCHBAR.DLL
O2 - BHO: SmartPops - {D5C778F1-CF13-4E70-ADF0-45A953E7CB8B} - C:\PROGRAM FILES\NETWORK ESSENTIALS\V11\NE.DLL
O2 - BHO: (no name) - {9C691A33-7DDA-4C2F-BE4C-C176083F35CF} - C:\WINDOWS\SYSTEM\BRIDGE.DLL
O2 - BHO: (no name) - {000006B1-19B5-414A-849F-2A3C64AE6939} - C:\WINDOWS\BI.DLL
O2 - BHO: HTML tools - {00673769-777F-4814-BE0F-74CBA1D823B8} - C:\WINDOWS\IEHOOK.DLL
O2 - BHO: Recommended Hotfix - {0421701D-CF13-4E70-ADF0-45A953E7CB8B} - C:\PROGRAM FILES\RECOMMENDED HOTFIX - 421701D\V15\RH.DLL
O2 - BHO: (no name) - {F9374DE1-E63C-4483-90F8-74F08041834F} - C:\PROGRA~1\SAFESU~1\SAFESU~1.DLL (file missing)
O3 - Toolbar: IE Search Bar - {71ED4FBA-4024-4bbe-91DC-9704C93F453E} - C:\PROGRAM FILES\IESEARCHBAR\IESEARCHBAR.DLL
O4 - HKLM\..\Run: [mtwdtdls] C:\WINDOWS\pljqggjw.exe
O4 - HKLM\..\Run: [WinFavorites] C:\PROGRAM FILES\WINFAVORITES\WINFAVORITES.exe1
O4 - HKLM\..\Run: [nvid] C:\WINDOWS\SYSTEM\oygjjvpv.exe
O4 - HKLM\..\Run: [winnet] C:\PROGRA~1\COMMON~2\ADDRES~1\winnet.exe
O4 - HKLM\..\Run: [DownloadWare] "C:\Program Files\DownloadWare\dw.exe" /H
O4 - HKLM\..\Run: [RunDLL] rundll32.exe "C:\WINDOWS\SYSTEM\BRIDGE.DLL",Load
O4 - HKLM\..\Run: [systray] C:\WINDOWS\SYSTEM\A.exe
O4 - HKLM\..\Run: [CMESys] "C:\PROGRAM FILES\COMMON FILES\CMEII\CMESYS.exe"
O4 - HKLM\..\Run: [WhenUSave] C:\Program Files\Save\Save.exe
O4 - HKLM\..\Run: [BELT] C:\WINDOWS\BELT.exe
O4 - HKLM\..\Run: [Windows Configuration] SYS32.exe
O4 - HKLM\..\Run: [Windllv32 driver] WINDRV32.exe
O4 - HKLM\..\Run: [SwimSuitNetwork] "C:\Program Files\SwimSuitNetwork\SwimSuitNetwork.exe" /H
O4 - HKLM\..\Run: [SafeSurfingEXE] C:\PROGRAM FILES\SAFESURFING\SAFESURFING.exe
O4 - HKCU\..\RunOnce: [Windows Configuration] SYS32.exe
O4 - HKCU\..\RunOnce: [Windllv32 driver] WINDRV32.exe
O16 - DPF: {B3AA2F6B-6BAF-11D3-BA05-00C0F0322972} - http://link.exxxit.com/pce3/download/Uncensored_Sex.exe
O16 - DPF: {E2F2B9D0-96B9-4B25-B90C-636ECB207D18} - http://www.whenusearch.com/WUInstSECS.cab
Best Regards,
Mesich

Response Number 66

Name: hixsonfour
Date: February 18, 2004 at 05:50:16 Pacific

Reply:

I am having a similar problem to that listed above - I have run Spybot and CWShredder and am including the HijackThis log below.
Thanks in advance for any help you can offer.
Hal
Logfile of HijackThis v1.97.7
Scan saved at 5:32:32 PM, on 2/17/04
Platform: Windows 98 SE (Win9x 4.10.2222A)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)
Running processes:
C:\WINDOWS\SYSTEM\KERNEL32.DLL
C:\WINDOWS\SYSTEM\MSGSRV32.exe
C:\WINDOWS\SYSTEM\SPOOL32.exe
C:\WINDOWS\SYSTEM\MPREXE.exe
C:\WINDOWS\SYSTEM\MSTASK.exe
C:\PROGRAM FILES\COMMON FILES\SYMANTEC SHARED\CCEVTMGR.exe
C:\PROGRAM FILES\COMMON FILES\AOL\ACS\ACSD.exe
C:\WINDOWS\SYSTEM\mmtask.tsk
C:\WINDOWS\EXPLORER.exe
C:\WINDOWS\TASKMON.exe
C:\WINDOWS\SYSTEM\SYSTRAY.exe
C:\WINDOWS\SYSTEM\SBMX.exe
C:\WINDOWS\SYSTEM\EUSEXE.exe
C:\WINDOWS\SYSTEM\PROMON.exe
C:\PROGRAM FILES\REAL\REALPLAYER\REALPLAY.exe
C:\WINDOWS\SYSTEM\XL.exe
C:\PROGRAM FILES\COMMON FILES\SYMANTEC SHARED\CCAPP.exe
C:\WINDOWS\SYSTEM\SIQPJRSL.exe
C:\WINDOWS\SYSTEM\QTTASK.exe
C:\PROGRAM FILES\COMMONNAME\ADDRESSBAR\WINNET.exe
C:\WINDOWS\SYSTEM\A.exe
C:\PROGRAM FILES\AIM95\AIM.exe
C:\PROGRAM FILES\AMERICA ONLINE 9.0B\AOLTRAY.exe
C:\PROGRAM FILES\COMMONNAME\ADDRESSBAR\COMWIZ.exe
C:\PROGRAM FILES\COMMON FILES\MICROSOFT SHARED\WORKS
SHARED\WKCALREM.exe
C:\PROGRAM FILES\WINZIP\WZQKPICK.exe
C:\WINDOWS\SYSTEM\WMIEXE.exe
C:\PROGRAM FILES\AMERICA ONLINE 9.0B\WAOL.exe
C:\PROGRAM FILES\AMERICA ONLINE 9.0B\SHELLMON.exe
C:\WINDOWS\SYSTEM\RNAAPP.exe
C:\WINDOWS\SYSTEM\TAPISRV.exe
C:\WINDOWS\SYSTEM\DDHELP.exe
C:\PROGRAM FILES\INTERNET EXPLORER\IEXPLORE.exe
C:\WINDOWS\SYSTEM\NGIOUEBV.exe
C:\WINDOWS\SYSTEM\ZCUKQA8.exe
C:\PROGRAM FILES\AOL COMPANION\COMPANION.exe
C:\WINDOWS\DESKTOP\HIJACK\HIJACKTHIS.exe
C:\PROGRAM FILES\AMERICA ONLINE 9.0B\AOLWBSPD.exe
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar =
about:blank
R1 - HKCU\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
about:blank
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title =
Microsoft Internet Explorer provided by America Online
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page_bak =
http://my.msn.com/
F1 - win.ini: run=hpfsched
O2 - BHO: NAV Helper - {BDF3E430-B101-42AD-A544-FADC6B084872} -
C:\Program Files\Norton AntiVirus\NavShExt.dll
O2 - BHO: (no name) - {6CB82A09-A36B-7CCF-88D3-A3F69B8F2D25} -
C:\windows\system\eqakluzl.dll
O2 - BHO: (no name) - {BA9D8FD0-DEDD-C2C1-21C0-7BDE8C792255} -
C:\windows\system\ihrlvpna.dll
O2 - BHO: (no name) - {2345C2A0-1C52-11D8-9D94-0003470E3FE4} -
C:\WINDOWS\SYSTEM\COMMUDLG.DLL
O2 - BHO: NavErrRedir Class - {5D60FF48-95BE-4956-B4C6-6BB168A70310} -
C:\PROGRA~1\INCRED~1\BHO\INCFIN~1.DLL (file missing)
O2 - BHO: (no name) - {D8E25C53-9508-4f5c-9249-D98D438891D5} -
C:\WINDOWS\SYSTEM\SSURF022.DLL (file missing)
O2 - BHO: (no name) - {00000EF1-0786-4633-87C6-1AA7A44296DA} -
C:\WINDOWS\SYSTEM\N3TPA1P.DLL (file missing)
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} -
C:\WINDOWS\SYSTEM\MSDXM.OCX
O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6}
- C:\Program Files\Norton AntiVirus\NavShExt.dll
O3 - Toolbar: (no name) - {C569BEC0-1C51-11D8-9D95-0003470E3FE4} - (no
file)
O4 - HKLM\..\Run: [ScanRegistry] C:\WINDOWS\scanregw.exe /autorun
O4 - HKLM\..\Run: [TaskMonitor] C:\WINDOWS\taskmon.exe
O4 - HKLM\..\Run: [SystemTray] SysTray.exe
O4 - HKLM\..\Run: [LoadPowerProfile] Rundll32.exe
powrprof.dll,LoadCurrentPwrScheme
O4 - HKLM\..\Run: [SBMX] C:\WINDOWS\SYSTEM\sbmx.exe
O4 - HKLM\..\Run: [ICH Synth] eusexe.exe
O4 - HKLM\..\Run: [Promon.exe] Promon.exe
O4 - HKLM\..\Run: [RealTray] C:\Program
Files\Real\RealPlayer\RealPlay.exe SYSTEMBOOTHIDEPLAYER
O4 - HKLM\..\Run: [XtreamLok License Manager] C:\WINDOWS\SYSTEM\xl.exe
start
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec
Shared\ccApp.exe"
O4 - HKLM\..\Run: [ccRegVfy] "C:\Program Files\Common Files\Symantec
Shared\ccRegVfy.exe"
O4 - HKLM\..\Run: [gfcmdfxy] C:\WINDOWS\jsnfyzss.exe
O4 - HKLM\..\Run: [2Y9WEQQ5SKXNCG] C:\WINDOWS\SYSTEM\GufjlA.exe
O4 - HKLM\..\Run: [SafeSurfingUpdate] C:\WINDOWS\SYSTEM\SSUpdate.exe
O4 - HKLM\..\Run: [zoyigcpj] C:\WINDOWS\SYSTEM\siqpjrsl.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\WINDOWS\SYSTEM\QTTASK.exe"
-atboottime
O4 - HKLM\..\Run: [winnet] C:\PROGRA~1\COMMON~2\ADDRES~1\winnet.exe
O4 - HKLM\..\Run: [systray] C:\WINDOWS\SYSTEM\A.exe
O4 - HKLM\..\RunServices: [LoadPowerProfile] Rundll32.exe
powrprof.dll,LoadCurrentPwrScheme
O4 - HKLM\..\RunServices: [SchedulingAgent] mstask.exe
O4 - HKLM\..\RunServices: [ccEvtMgr] "C:\Program Files\Common
Files\Symantec Shared\ccEvtMgr.exe"
O4 - HKLM\..\RunServices: [ScriptBlocking] "C:\Program Files\Common
Files\Symantec Shared\Script Blocking\SBServ.exe" -reg
O4 - HKLM\..\RunServices: [AolAcsDaemon1] "C:\PROGRAM FILES\COMMON
FILES\AOL\ACS\ACSD.exe"
O4 - HKCU\..\Run: [MoneyAgent] "C:\Program Files\Microsoft
Money\System\Money Express.exe"
O4 - HKCU\..\Run: [AIM] C:\PROGRAM FILES\AIM95\aim.exe -cnetwait.odl
O4 - HKCU\..\Run: [] c:\WINDOWS\System\
O4 - Startup: America Online 9.0 Tray Icon.lnk = C:\Program
Files\America Online 9.0b\aoltray.exe
O4 - Startup: Microsoft Office.lnk = C:\Program Files\Microsoft
Office\Office\OSA9.exe
O4 - Startup: AOL Companion.lnk = C:\Program Files\AOL
Companion\companion.exe
O4 - Startup: Microsoft Works Calendar Reminders.lnk = C:\Program
Files\Common Files\Microsoft Shared\Works Shared\wkcalrem.exe
O4 - Startup: WinZip Quick Pick.lnk = C:\Program
Files\WinZip\WZQKPICK.exe
O9 - Extra button: Related (HKLM)
O9 - Extra 'Tools' menuitem: Show &Related Links (HKLM)
O9 - Extra button: Real.com (HKLM)
O9 - Extra button: AIM (HKLM)
O9 - Extra 'Tools' menuitem: Turbo Download (HKLM)
O12 - Plugin for .MTD: C:\PROGRA~1\INTERN~1\Plugins\npmusicn.dll
O14 - IERESET.INF: START_PAGE_URL=http://www.aol.com
O16 - DPF: {E09F6B38-3A0D-11D3-B5E7-0008C7BF61F2} (DetectMN) -
http://www.musicnotes.com/download/npmusicn.cab
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash
Object) -
http://download.macromedia.com/pub/shockwave/cabs/flash/swflash.cab
O16 - DPF: {0122955E-1FB0-11D2-A238-006097FAEE8B} (CscClnt Class) -
http://205.159.125.199/central/02030106/cccabs/CleverContent.cab
O16 - DPF: {9F1C11AA-197B-4942-BA54-47A8489BB47F} (Update Class) -
http://v4.windowsupdate.microsoft.com/CAB/x86/ansi/iuctl.CAB?37955.6625115741
O16 - DPF: {4A3CF76B-EC7A-405D-A67D-8DC6B52AB35B} (QDiagAOLCCUpdateObj
Class) - http://aolcc.aol.com/computercheckup/qdiagcc.cab
O16 - DPF: {02BF25D5-8C17-4B23-BC80-D3488ABDDC6B} (QuickTime Object) -
http://www.apple.com/qtactivex/qtplugin.cab
O17 - HKLM\System\CCS\Services\VxD\MSTCP: Domain = aoldsl.net

Response Number 67

Name: mesich
Date: February 18, 2004 at 06:10:43 Pacific

Reply:

Hi Hal, hello everyone
Hal,
Remove the following using hijackthis.
O2 - BHO: (no name) - {6CB82A09-A36B-7CCF-88D3-A3F69B8F2D25} -
C:\windows\system\eqakluzl.dll
O2 - BHO: (no name) - {BA9D8FD0-DEDD-C2C1-21C0-7BDE8C792255} -
C:\windows\system\ihrlvpna.dll
O2 - BHO: NavErrRedir Class - {5D60FF48-95BE-4956-B4C6-6BB168A70310} -
C:\PROGRA~1\INCRED~1\BHO\INCFIN~1.DLL (file missing)
O2 - BHO: (no name) - {D8E25C53-9508-4f5c-9249-D98D438891D5} -
C:\WINDOWS\SYSTEM\SSURF022.DLL (file missing)
O2 - BHO: (no name) - {00000EF1-0786-4633-87C6-1AA7A44296DA} -
C:\WINDOWS\SYSTEM\N3TPA1P.DLL (file missing)
O3 - Toolbar: (no name) - {C569BEC0-1C51-11D8-9D95-0003470E3FE4} - (no
file)
O4 - HKLM\..\Run: [gfcmdfxy] C:\WINDOWS\jsnfyzss.exe
O4 - HKLM\..\Run: [2Y9WEQQ5SKXNCG] C:\WINDOWS\SYSTEM\GufjlA.exe
O4 - HKLM\..\Run: [SafeSurfingUpdate] C:\WINDOWS\SYSTEM\SSUpdate.exe
O4 - HKLM\..\Run: [zoyigcpj] C:\WINDOWS\SYSTEM\siqpjrsl.exe
O4 - HKLM\..\Run: [winnet] C:\PROGRA~1\COMMON~2\ADDRES~1\winnet.exe
O4 - HKLM\..\Run: [systray] C:\WINDOWS\SYSTEM\A.exe
O4 - HKCU\..\Run: [] c:\WINDOWS\System\
Best Regards,
Mesich

Response Number 68

Name: hixsonfour
Date: February 18, 2004 at 07:57:42 Pacific

Reply:

Thanks for the quick response, Mesich.
I'll give it a try.
Hal

Response Number 69

Name: mesich
Date: February 18, 2004 at 08:09:27 Pacific

Reply:

Hi Hal, hello everyone
Hal,
You are very welcome. Let us know how everything turns out.
Best Regards,
Mesich

Response Number 70

Name: DanielleLikesBlue
Date: February 18, 2004 at 14:16:14 Pacific

Reply:

Thank you so much. I haven't restarted yet, but here's the list of the revised log. Thanks again!
Logfile of HijackThis v1.97.7
Scan saved at 5:13:39 PM, on 2/18/2004
Platform: Windows ME (Win9x 4.90.3000)
MSIE: Internet Explorer v6.00 SP1
Running processes:
C:\WINDOWS\SYSTEM\KERNEL32.DLL
C:\WINDOWS\SYSTEM\MSGSRV32.exe
C:\WINDOWS\SYSTEM\mmtask.tsk
C:\WINDOWS\SYSTEM\MPREXE.exe
C:\WINDOWS\SYSTEM\MSTASK.exe
C:\WINDOWS\TASKMON.exe
C:\WINDOWS\SYSTEM\SYSTRAY.exe
C:\WINDOWS\SM56HLPR.exe
C:\WINDOWS\SYSTEM\HPZTSB07.exe
C:\PROGRAM FILES\MEDIA\MEDIA\UPDATESTATS.exe
C:\WINDOWS\RUNDLL32.exe
C:\WINDOWS\RUNDLL32.exe
C:\PROGRAM FILES\COMMON FILES\UPDATER\WUPDATER.exe
C:\WINDOWS\SYSTEM\SPOOL32.exe
C:\PROGRAM FILES\COMMON FILES\REAL\UPDATE_OB\EVNTSVC.exe
C:\WINDOWS\SYSTEM\QTTASK.exe
C:\WINDOWS\SYSTEM\YSDQLZIY.exe
C:\PROGRAM FILES\BARGAIN BUDDY\BIN2\BARGAINS.exe
C:\PROGRAM FILES\CLOCKSYNC\SYNC.exe
C:\PROGRAM FILES\MICROSOFT OFFICE\OFFICE\FINDFAST.exe
C:\PROGRAM FILES\MICROSOFT OFFICE\OFFICE\OSA.exe
C:\WINDOWS\SYSTEM\WMIEXE.exe
C:\WINDOWS\SYSTEM\RESTORE\STMGR.exe
C:\PROGRAM FILES\AIM\AIM.exe
C:\WINDOWS\RUNDLL32.exe
C:\PROGRAM FILES\RAPIDBLASTER\RB32.exe
C:\WINDOWS\SYSTEM\DDHELP.exe
C:\WINDOWS\SYSTEM\PSTORES.exe
C:\WINDOWS\EXPLORER.exe
C:\PROGRAM FILES\ALSET\HELPEXPRESS\END USER\HXIUL.exe
C:\PROGRAM FILES\ALSET\HELPEXPRESS\END USER\CLIENT\HELPEXP.exe
C:\PROGRAM FILES\ALSET\HELPEXPRESS\END USER\CLIENT\PRINTMONITOR.exe
C:\WINDOWS\EMSW.exe
C:\WINDOWS\TEMP\TD_0004.DIR\HIJACKTHIS.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com/
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://www.blazefind.com/search_page.php
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = 127.0.0.1
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page_bak = http://www.sqwire.com/homepage.php?aid=975
O2 - BHO: (no name) - {00000762-3965-4A1A-98CE-3D4BF457D4C8} - C:\PROGRAM FILES\LYCOS\SIDESEARCH\SIDESEARCH1311.DLL
O2 - BHO: (no name) - {89D95B00-50C4-B07A-36F4-EF6F6B25C182} - C:\windows\system\qyfnunaq.dll
O2 - BHO: (no name) - {2CF0B992-5EEB-4143-99C0-5297EF71F443} - C:\WINDOWS\SYSTEM\STLBDIST.DLL
O2 - BHO: (no name) - {63F4ED6A-CADC-B394-7B0F-ED018BCC0262} - C:\windows\system\dujluyld.dll
O2 - BHO: (no name) - {BCF96FB4-5F1B-497B-AECC-910304A55011} - C:\WINDOWS\HH.DLL
O2 - BHO: Url Catcher - {CE31A1F7-3D90-4874-8FBE-A5D97F8BC8F1} - C:\PROGRA~1\BARGAI~1\BIN2\APUC.DLL
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\SYSTEM\MSDXM.OCX
O4 - HKLM\..\Run: [ScanRegistry] C:\WINDOWS\scanregw.exe /autorun
O4 - HKLM\..\Run: [TaskMonitor] C:\WINDOWS\taskmon.exe
O4 - HKLM\..\Run: [PCHealth] C:\WINDOWS\PCHealth\Support\PCHSchd.exe -s
O4 - HKLM\..\Run: [SystemTray] SysTray.exe
O4 - HKLM\..\Run: [LoadPowerProfile] Rundll32.exe powrprof.dll,LoadCurrentPwrScheme
O4 - HKLM\..\Run: [SMSERIAL] sm56hlpr.exe
O4 - HKLM\..\Run: [HPDJ Taskbar Utility] C:\WINDOWS\SYSTEM\hpztsb07.exe
O4 - HKLM\..\Run: [UpdateStats] C:\Program Files\Media\Media\UpdateStats.exe
O4 - HKLM\..\Run: [TkBellExe] C:\Program Files\Common Files\Real\Update_OB\evntsvc.exe -osboot
O4 - HKLM\..\Run: [QuickTime Task] "C:\WINDOWS\SYSTEM\QTTASK.exe" -atboottime
O4 - HKLM\..\Run: [DM_Server] C:\PROGRA~1\COMETS~1\DM\BIN\DMSERVER.exe /onreboot
O4 - HKLM\..\Run: [rb32 ml708e] "C:\Program Files\RapidBlaster\rb32.exe"
O4 - HKLM\..\Run: [Bargains] C:\Program Files\Bargain Buddy\bin2\bargains.exe
O4 - HKLM\..\Run: [emsw.exe] C:\WINDOWS\emsw.exe
O4 - HKLM\..\Run: [couponsandoffers] wjview /cp:p "C:\Program Files\couponsandoffers\System\Code" Main lp: "C:\Program Files\couponsandoffers"
O4 - HKLM\..\RunServices: [LoadPowerProfile] Rundll32.exe powrprof.dll,LoadCurrentPwrScheme
O4 - HKLM\..\RunServices: [SchedulingAgent] mstask.exe
O4 - HKLM\..\RunServices: [*StateMgr] C:\WINDOWS\System\Restore\StateMgr.exe
O4 - HKCU\..\Run: [ClockSync] C:\Program Files\ClockSync\Sync.exe /q
O4 - HKCU\..\Run: [HXIUL.EXE] C:\Program Files\Alset\HelpExpress\End User\HXIUL.exe
O4 - HKCU\..\Run: [HELPEXP.EXE] C:\Program Files\Alset\HelpExpress\End User\Client\HelpExp.exe
O4 - HKCU\..\Run: [emsw.exe] C:\WINDOWS\emsw.exe
O4 - Startup: Microsoft Find Fast.lnk = C:\Program Files\Microsoft Office\Office\FINDFAST.exe
O4 - Startup: Office Startup.lnk = C:\Program Files\Microsoft Office\Office\OSA.exe
O9 - Extra button: Related (HKLM)
O9 - Extra 'Tools' menuitem: Show &Related Links (HKLM)
O9 - Extra button: AIM (HKLM)
O9 - Extra button: Sidesearch (HKLM)
O9 - Extra 'Tools' menuitem: Turbo Download (HKLM)
O9 - Extra 'Tools' menuitem: Sun Java Console (HKLM)
O16 - DPF: {9F1C11AA-197B-4942-BA54-47A8489BB47F} (Update Class) - http://v4.windowsupdate.microsoft.com/CAB/x86/ansi/iuctl.CAB?37931.4053240741
O16 - DPF: {33564D57-0000-0010-8000-00AA00389B71} - http://download.microsoft.com/download/F/6/E/F6E491A6-77E1-4E20-9F5F-94901338C922/wmv9VCM.CAB
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://download.macromedia.com/pub/shockwave/cabs/flash/swflash.cab
O16 - DPF: {62475759-9E84-458E-A1AB-5D2C442ADFDE} - http://a1540.g.akamai.net/7/1540/52/20031216/qtinstall.info.apple.com/mickey/us/win/QuickTimeInstaller.exe
O16 - DPF: {F54C1137-5E34-4B95-95A5-BA56D4D8D743} (Secure Delivery) - http://www.gamespot.com/KDX/kdx.cab
O16 - DPF: IEToolbarCab - http://www.dailytoolbar.com/DailyToolbar.CAB
O16 - DPF: {29CAC0B6-D6C2-4395-8289-BF3FBF27AD5F} (AInst Class) - http://209.47.15.72/inst/activeinstaller.dll

Response Number 71

Name: enfiladeDTS
Date: February 18, 2004 at 17:56:55 Pacific

Reply:

here is my log, i had a couple problems, i don't know what to delete though. thanks.
Logfile of HijackThis v1.97.7
Scan saved at 8:54:11 PM, on 2/18/2004
Platform: Windows XP SP1 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)
Running processes:
C:\WINNT\System32\smss.exe
C:\WINNT\system32\winlogon.exe
C:\WINNT\system32\services.exe
C:\WINNT\system32\lsass.exe
C:\WINNT\system32\svchost.exe
C:\WINNT\System32\svchost.exe
C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
C:\WINNT\system32\spoolsv.exe
C:\WINNT\System32\Ati2evxx.exe
C:\WINNT\System32\gearsec.exe
C:\Program Files\Norton AntiVirus\navapsvc.exe
C:\WINNT\system32\slserv.exe
C:\WINNT\System32\svchost.exe
C:\WINNT\Explorer.exe
C:\Program Files\Gateway Utilities\GWInkMonitor.exe
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\Program Files\HP\HP Software Update\HPWuSchd.exe
C:\Program Files\Microsoft Hardware\Keyboard\type32.exe
C:\Program Files\Media\Media\UpdateStats.exe
C:\WINNT\wt\updater\wcmdmgr.exe
C:\Program Files\Common Files\Dpi\dpi.exe
C:\Program Files\QuickTime\qttask.exe
C:\Program Files\MusicMatch\MusicMatch Jukebox\mmtask.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\program files\steam\steam.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\Internet Explorer\IEXPLORE.exe
C:\PROGRA~1\WINZIP\winzip32.exe
C:\Documents and Settings\Brian\Local Settings\Temp\HijackThis.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = www.netspry.com
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,Shellnext = http://www.gateway.net/
O2 - BHO: (no name) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll
O2 - BHO: WinPage Blocker - {12DF6E3E-6272-4AE8-880B-2158D60791C0} - C:\Program Files\Homepage\WinPage.dll
O2 - BHO: (no name) - {549B5CA7-4A86-11D7-A4DF-000874180BB3} - (no file)
O2 - BHO: (no name) - {71ED4FBA-4024-4bbe-91DC-9704C93F453E} - (no file)
O2 - BHO: NAV Helper - {BDF3E430-B101-42AD-A544-FADC6B084872} - C:\Program Files\Norton AntiVirus\NavShExt.dll
O2 - BHO: (no name) - {FDD3B846-8D59-4ffb-8758-209B6AD74ACC} - (no file)
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINNT\System32\msdxm.ocx
O4 - HKLM\..\Run: [IgfxTray] C:\WINNT\System32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\WINNT\System32\hkcmd.exe
O4 - HKLM\..\Run: [Gateway Ink Monitor] "C:\Program Files\Gateway Utilities\GWInkMonitor.exe"
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [wcmdmgr] C:\WINNT\wt\updater\wcmdmgrl.exe -launch
O4 - HKLM\..\Run: [HP Software Update] "C:\Program Files\HP\HP Software Update\HPWuSchd.exe"
O4 - HKLM\..\Run: [IntelliType] "C:\Program Files\Microsoft Hardware\Keyboard\type32.exe"
O4 - HKLM\..\Run: [UpdateStats] C:\Program Files\Media\Media\UpdateStats.exe
O4 - HKLM\..\Run: [Dpi] C:\Program Files\Common Files\Dpi\dpi.exe
O4 - HKLM\..\Run: [Belt] C:\WINNT\Belt.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [mmtask] c:\Program Files\MusicMatch\MusicMatch Jukebox\mmtask.exe
O4 - HKLM\..\Run: [iPodManager] C:\Program Files\iPod\bin\iPodManager.exe
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKCU\..\Run: [Steam] "c:\program files\steam\steam.exe" -silent
O4 - HKCU\..\Run: [ClockSync] C:\PROGRA~1\CLOCKS~1\Sync.exe /q
O9 - Extra button: AIM (HKLM)
O9 - Extra button: Related (HKLM)
O9 - Extra 'Tools' menuitem: Show &Related Links (HKLM)

Response Number 72

Name: mesich
Date: February 19, 2004 at 03:55:11 Pacific

Reply:

Hi Danielle, hello everyone,
Danielle,
Wow, different nasties are now showing up.
Go ahead and restart the computer and post back with another log.
enfiladeDTS,
I will try and get to your log in just a bit.
Best Regards,
Mesich

Best Regards,
Mesich

Response Number 73

Name: mesich
Date: February 19, 2004 at 04:11:28 Pacific

Reply:

Hi enfiladeDTS, hello everyone
enfiladeDTS,
Remove these items using hijackthis.
O2 - BHO: (no name) - {549B5CA7-4A86-11D7-A4DF-000874180BB3} - (no file)
O2 - BHO: (no name) - {71ED4FBA-4024-4bbe-91DC-9704C93F453E} - (no file)
O4 - HKLM\..\Run: [Dpi] C:\Program Files\Common Files\Dpi\dpi.exe
O4 - HKLM\..\Run: [Belt] C:\WINNT\Belt.exe
Restart the computer and delete these files.
C:\WINNT\Belt.exe
C:\Program Files\Common Files\Dpi\dpi.exe

Best Regards,
Mesich

Response Number 74

Name: DanielleLikesBlue
Date: February 19, 2004 at 11:22:51 Pacific

Reply:

Yeah, and I also noticed that a lot of the stuff you told me to delete is coming back after I delete and restart.. I have no clue what that means though, haha.
Here's the new log....
Logfile of HijackThis v1.97.7
Scan saved at 2:21:01 PM, on 2/19/2004
Platform: Windows ME (Win9x 4.90.3000)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)
Running processes:
C:\WINDOWS\SYSTEM\KERNEL32.DLL
C:\WINDOWS\SYSTEM\MSGSRV32.exe
C:\WINDOWS\SYSTEM\mmtask.tsk
C:\WINDOWS\SYSTEM\MPREXE.exe
C:\WINDOWS\SYSTEM\MSTASK.exe
C:\WINDOWS\EXPLORER.exe
C:\WINDOWS\TASKMON.exe
C:\WINDOWS\SYSTEM\SYSTRAY.exe
C:\WINDOWS\SM56HLPR.exe
C:\WINDOWS\SYSTEM\HPZTSB07.exe
C:\PROGRAM FILES\MEDIA\MEDIA\UPDATESTATS.exe
C:\WINDOWS\SYSTEM\QTTASK.exe
C:\PROGRAM FILES\BARGAIN BUDDY\BIN2\BARGAINS.exe
C:\PROGRAM FILES\CLOCKSYNC\SYNC.exe
C:\PROGRAM FILES\ALSET\HELPEXPRESS\END USER\HXIUL.exe
C:\WINDOWS\SYSTEM\SPOOL32.exe
C:\WINDOWS\SYSTEM\DDHELP.exe
C:\PROGRAM FILES\ALSET\HELPEXPRESS\END USER\CLIENT\HELPEXP.exe
C:\PROGRAM FILES\MICROSOFT OFFICE\OFFICE\FINDFAST.exe
C:\PROGRAM FILES\MICROSOFT OFFICE\OFFICE\OSA.exe
C:\WINDOWS\SYSTEM\WMIEXE.exe
C:\WINDOWS\SYSTEM\RESTORE\STMGR.exe
C:\WINDOWS\RUNDLL32.exe
C:\PROGRAM FILES\ALSET\HELPEXPRESS\END USER\CLIENT\PRINTMONITOR.exe
C:\WINDOWS\EMSW.exe
C:\WINDOWS\SYSTEM\WBEM\WINMGMT.exe
C:\PROGRAM FILES\AIM\AIM.exe
C:\WINDOWS\SYSTEM\PSTORES.exe
C:\PROGRAM FILES\COMMON FILES\REAL\UPDATE_OB\EVNTSVC.exe
C:\PROGRAM FILES\RAPIDBLASTER\RB32.exe
C:\WINDOWS\TEMP\TD_0001.DIR\HIJACKTHIS.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com/
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = 127.0.0.1
O2 - BHO: (no name) - {89D95B00-50C4-B07A-36F4-EF6F6B25C182} - C:\windows\system\qyfnunaq.dll
O2 - BHO: (no name) - {63F4ED6A-CADC-B394-7B0F-ED018BCC0262} - C:\windows\system\dujluyld.dll
O2 - BHO: (no name) - {BCF96FB4-5F1B-497B-AECC-910304A55011} - C:\WINDOWS\HH.DLL
O2 - BHO: Url Catcher - {CE31A1F7-3D90-4874-8FBE-A5D97F8BC8F1} - C:\PROGRA~1\BARGAI~1\BIN2\APUC.DLL
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\SYSTEM\MSDXM.OCX
O4 - HKLM\..\Run: [ScanRegistry] C:\WINDOWS\scanregw.exe /autorun
O4 - HKLM\..\Run: [TaskMonitor] C:\WINDOWS\taskmon.exe
O4 - HKLM\..\Run: [PCHealth] C:\WINDOWS\PCHealth\Support\PCHSchd.exe -s
O4 - HKLM\..\Run: [SystemTray] SysTray.exe
O4 - HKLM\..\Run: [LoadPowerProfile] Rundll32.exe powrprof.dll,LoadCurrentPwrScheme
O4 - HKLM\..\Run: [SMSERIAL] sm56hlpr.exe
O4 - HKLM\..\Run: [HPDJ Taskbar Utility] C:\WINDOWS\SYSTEM\hpztsb07.exe
O4 - HKLM\..\Run: [UpdateStats] C:\Program Files\Media\Media\UpdateStats.exe
O4 - HKLM\..\Run: [TkBellExe] C:\Program Files\Common Files\Real\Update_OB\evntsvc.exe -osboot
O4 - HKLM\..\Run: [QuickTime Task] "C:\WINDOWS\SYSTEM\QTTASK.exe" -atboottime
O4 - HKLM\..\Run: [rb32 ml708e] "C:\Program Files\RapidBlaster\rb32.exe"
O4 - HKLM\..\Run: [Bargains] C:\Program Files\Bargain Buddy\bin2\bargains.exe
O4 - HKLM\..\Run: [couponsandoffers] wjview /cp:p "C:\Program Files\couponsandoffers\System\Code" Main lp: "C:\Program Files\couponsandoffers"
O4 - HKLM\..\Run: [kdx] C:\WINDOWS\KDX\KHOST.exe
O4 - HKLM\..\Run: [emsw.exe] C:\WINDOWS\emsw.exe
O4 - HKLM\..\RunServices: [LoadPowerProfile] Rundll32.exe powrprof.dll,LoadCurrentPwrScheme
O4 - HKLM\..\RunServices: [SchedulingAgent] mstask.exe
O4 - HKLM\..\RunServices: [*StateMgr] C:\WINDOWS\System\Restore\StateMgr.exe
O4 - HKCU\..\Run: [ClockSync] C:\Program Files\ClockSync\Sync.exe /q
O4 - HKCU\..\Run: [HXIUL.EXE] C:\Program Files\Alset\HelpExpress\End User\HXIUL.exe
O4 - HKCU\..\Run: [HELPEXP.EXE] C:\Program Files\Alset\HelpExpress\End User\Client\HelpExp.exe
O4 - HKCU\..\Run: [emsw.exe] C:\WINDOWS\emsw.exe
O4 - Startup: Microsoft Find Fast.lnk = C:\Program Files\Microsoft Office\Office\FINDFAST.exe
O4 - Startup: Office Startup.lnk = C:\Program Files\Microsoft Office\Office\OSA.exe
O9 - Extra button: Related (HKLM)
O9 - Extra 'Tools' menuitem: Show &Related Links (HKLM)
O9 - Extra button: AIM (HKLM)
O9 - Extra button: Sidesearch (HKLM)
O9 - Extra 'Tools' menuitem: Turbo Download (HKLM)
O9 - Extra 'Tools' menuitem: Sun Java Console (HKLM)
O16 - DPF: {9F1C11AA-197B-4942-BA54-47A8489BB47F} (Update Class) - http://v4.windowsupdate.microsoft.com/CAB/x86/ansi/iuctl.CAB?37931.4053240741
O16 - DPF: {33564D57-0000-0010-8000-00AA00389B71} - http://download.microsoft.com/download/F/6/E/F6E491A6-77E1-4E20-9F5F-94901338C922/wmv9VCM.CAB
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://download.macromedia.com/pub/shockwave/cabs/flash/swflash.cab
O16 - DPF: {62475759-9E84-458E-A1AB-5D2C442ADFDE} - http://a1540.g.akamai.net/7/1540/52/20031216/qtinstall.info.apple.com/mickey/us/win/QuickTimeInstaller.exe
O16 - DPF: {F54C1137-5E34-4B95-95A5-BA56D4D8D743} (Secure Delivery) - http://www.gamespot.com/KDX/kdx.cab
O16 - DPF: IEToolbarCab - http://www.dailytoolbar.com/DailyToolbar.CAB
O16 - DPF: {29CAC0B6-D6C2-4395-8289-BF3FBF27AD5F} (AInst Class) - http://209.47.15.72/inst/activeinstaller.dll
Thanks again,
Danielle

Response Number 75

Name: mesich
Date: February 20, 2004 at 07:31:06 Pacific

Reply:

Hi Danielle, hello everyone,
First download and run RapidBlaster.
Have it fix anything it finds and then post back with a new log.
Best Regards,
Mesich

Response Number 76

Name: braindead1
Date: February 20, 2004 at 23:26:34 Pacific

Reply:

I'm having the same general problem with bridge.dll loaded by rundll32.exe. I did manage to disable the bridge.dll load with System Mechanic but it is still on the startup list. I have the Hijack This log. Can you help me edit it?
Thanks a million,
braindead1

Response Number 77

Name: mesich
Date: February 21, 2004 at 07:13:49 Pacific

Reply:

Hi braindead1, hello everyone
Have you ran Spybot or Ad-Aware yet?
If not download, update and run either of them. Then post your log.
Best Regards,
Mesich

Response Number 78

Name: braindead1
Date: February 21, 2004 at 14:36:47 Pacific

Reply:

Yes I ran ad-aware, spybot, system mechanic, cwshredder ect. System mechanic showed that it was on its startup manager list. I disabled it through the startup manager and the problem isn't expressing itself so far. I can't get AIM to start either. Here is the entry:
rundll32.exe"C:\WINNT\system32\bridge.dll",Load
The location is:
HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run

Is the bridge.dll a necessary file? How do I fix the problem permanently so it doesn't come back?
Thanks for your time,
braindead1

Response Number 79

Name: mesich
Date: February 21, 2004 at 15:10:55 Pacific

Reply:

Hi Braindead1, hello everyone
Post your hijackthis log and I'll take a look at it. I believe this thread will be over tomorrow for posting responses as it will be 30 days old. I will find out for sure in just a few minutes.
Best Regards,
Mesich

Response Number 80

Name: braindead1
Date: February 21, 2004 at 23:01:29 Pacific

Reply:

Hi Mesich!
Here is my hijackthis log post.
Thanks for the help,
braindead1

Logfile of HijackThis v1.97.7
Scan saved at 10:55:36 PM, on 2/21/2004
Platform: Windows 2000 SP4 (WinNT 5.00.2195)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)
Running processes:
C:\WINNT\System32\smss.exe
C:\WINNT\system32\winlogon.exe
C:\WINNT\system32\services.exe
C:\WINNT\system32\lsass.exe
C:\WINNT\system32\svchost.exe
C:\WINNT\system32\spoolsv.exe
C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
C:\WINNT\system32\CTsvcCDA.exe
C:\Program Files\Executive Software\DiskeeperLite\DKService.exe
C:\WINNT\system32\svchost.exe
C:\Program Files\Norton SystemWorks\Norton AntiVirus\navapsvc.exe
C:\Program Files\Norton SystemWorks\Norton Utilities\NPROTECT.exe
C:\WINNT\system32\nvsvc32.exe
C:\WINNT\system32\regsvc.exe
C:\WINNT\system32\MSTask.exe
C:\PROGRA~1\NORTON~1\SPEEDD~1\nopdb.exe
C:\WINNT\system32\stisvc.exe
C:\WINNT\System32\WBEM\WinMgmt.exe
C:\WINNT\system32\MsPMSPSv.exe
C:\WINNT\system32\svchost.exe
C:\Program Files\Intel\Intel(R) Active Monitor\imonnt.exe
C:\WINNT\Explorer.exe
C:\Program Files\Common Files\Symantec Shared\SymTray.exe
C:\Program Files\Intel\Intel(R) Active Monitor\imontray.exe
C:\WINNT\system32\CTHELPER.exe
C:\WINNT\system32\P2P Networking\P2P Networking.exe
C:\program files\altnet\points manager\points manager.exe
C:\WINNT\system32\a.exe
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\PROGRA~1\Altnet\DOWNLO~1\asm.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\unzipped\hijackthis\HijackThis.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com/
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
R3 - Default URLSearchHook is missing
O2 - BHO: myBar BHO - {0494D0D1-F8E0-41ad-92A3-14154ECE70AC} - C:\Program Files\MyWay\myBar\1.bin\MYBAR.DLL
O2 - BHO: (no name) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx
O2 - BHO: NAV Helper - {BDF3E430-B101-42AD-A544-FADC6B084872} - C:\Program Files\Norton SystemWorks\Norton AntiVirus\NavShExt.dll
O3 - Toolbar: @msdxmLC.dll,-1@1033,&Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINNT\system32\msdxm.ocx
O3 - Toolbar: &SearchBar - {0494D0D9-F8E0-41ad-92A3-14154ECE70AC} - C:\Program Files\MyWay\myBar\1.bin\MYBAR.DLL
O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - C:\Program Files\Norton SystemWorks\Norton AntiVirus\NavShExt.dll
O4 - HKLM\..\Run: [Synchronization Manager] mobsync.exe /logon
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.exe C:\WINNT\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [IMONTRAY] C:\Program Files\Intel\Intel(R) Active Monitor\imontray.exe
O4 - HKLM\..\Run: [CTHelper] CTHELPER.exe
O4 - HKLM\..\Run: [UpdReg] C:\WINNT\UpdReg.exe
O4 - HKLM\..\Run: [Jet Detection] "C:\Program Files\Creative\SBLive\PROGRAM\ADGJDet.exe"
O4 - HKLM\..\Run: [P2P Networking] C:\WINNT\system32\P2P Networking\P2P Networking.exe /AUTOSTART
O4 - HKLM\..\Run: [AltnetPointsManager] c:\program files\altnet\points manager\points manager.exe -s
O4 - HKLM\..\Run: [systray] C:\WINNT\system32\a.exe
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [ccRegVfy] "C:\Program Files\Common Files\Symantec Shared\ccRegVfy.exe"
O4 - HKLM\..\Run: [SymTray - Norton SystemWorks] C:\Program Files\Common Files\Symantec Shared\Symtray.exe SetReg
O4 - HKCU\..\Run: [NoAds] "C:\Program Files\NoAds\NoAds.exe"
O4 - HKCU\..\Run: [Steam] "e:\counterstrikesteam\steam.exe" -silent
O4 - HKLM\..\RunOnce: [SymTray - Norton SystemWorks] C:\Program Files\Common Files\Symantec Shared\Symtrdr.exe
O8 - Extra context menu item: E&xport to Microsoft Excel - res://E:\OFFICE~1\Office10\EXCEL.EXE/3000
O9 - Extra button: Messenger (HKLM)
O9 - Extra 'Tools' menuitem: Yahoo! Messenger (HKLM)
O9 - Extra button: AIM (HKLM)
O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll
O16 - DPF: {02BF25D5-8C17-4B23-BC80-D3488ABDDC6B} (QuickTime Object) - http://www.apple.com/qtactivex/qtplugin.cab
O16 - DPF: {1D6711C8-7154-40BB-8380-3DEA45B69CBF} (Web P2P Installer) -
O16 - DPF: {30528230-99F7-4BB4-88D8-FA1D4F56A2AB} (YInstStarter Class) - http://download.yahoo.com/dl/installs/yinst0309.cab
O16 - DPF: {88D969C0-F192-11D4-A65F-0040963251E5} (XML DOM Document 4.0) - file://C:\Documents and Settings\Administrator\Local Settings\Temp\EI40_\msxml4.cab
O16 - DPF: {9F1C11AA-197B-4942-BA54-47A8489BB47F} (Update Class) - http://v4.windowsupdate.microsoft.com/CAB/x86/unicode/iuctl.CAB?37987.560775463
O16 - DPF: {C2FCEF52-ACE9-11D3-BEBD-00105AA9B6AE} (Symantec RuFSI Registry Information Class) - http://security.symantec.com/sscv6/SharedContent/common/bin/cabsa.cab
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://download.macromedia.com/pub/shockwave/cabs/flash/swflash.cab
O16 - DPF: {FF0C042C-98E9-4C36-B2EC-E21FDFDCEF75} - http://download.redswoosh.net/Installer/104/rsinstaller.cab

Response Number 81

Name: nintendofire
Date: February 22, 2004 at 13:07:58 Pacific

Reply:

Hey everybody. I need some help on what files I need to delete. Here is my system scan from hijackthis.
Logfile of HijackThis v1.97.7
Scan saved at 3:03:28 PM, on 2/22/2004
Platform: Windows ME (Win9x 4.90.3000)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)
Running processes:
C:\WINDOWS\SYSTEM\KERNEL32.DLL
C:\WINDOWS\SYSTEM\MSGSRV32.exe
C:\WINDOWS\SYSTEM\SPOOL32.exe
C:\WINDOWS\SYSTEM\mmtask.tsk
C:\WINDOWS\SYSTEM\MPREXE.exe
C:\WINDOWS\SYSTEM\SSDPSRV.exe
C:\WINDOWS\EXPLORER.exe
C:\WINDOWS\SYSTEM\RESTORE\STMGR.exe
C:\WINDOWS\TYPUSHPDRA.exe
C:\PROGRAM FILES\TIMESINK\ADGATEWAY\TSADBOT.exe
C:\PROGRAM FILES\DOWNLOADWARE\DW.exe
C:\PROGRAM FILES\COMMON FILES\CMEII\CMESYS.exe
C:\WINDOWS\SYSTEM\SYSTRAY.exe
C:\WINDOWS\SOUNDMAN.exe
C:\WINDOWS\BBSTORE\DSS\DSSAGENT.exe
C:\PROGRAM FILES\COMMON FILES\REAL\UPDATE_OB\REALSCHED.exe
C:\WINDOWS\SYSTEM\WUAUMQR.exe
C:\WINDOWS\TOIGPYIT.exe
C:\WINDOWS\AV.exe
C:\WINDOWS\SYSTEM\WMIEXE.exe
C:\PROGRAM FILES\COMMON FILES\DPI\DPI.exe
C:\WINDOWS\MSBB.exe
C:\PROGRAM FILES\COMMONNAME\ADDRESSBAR\WINNET.exe
C:\WINDOWS\DGXN.exe
C:\WINDOWS\SYSTEM\IEDRIVER\IEDRIVER.exe
C:\WINDOWS\SYSTEM32\PGTOOLS\TATSS.exe
C:\WINDOWS\RUNDLL32.exe
C:\WINDOWS\SYSTEM\MSREXE.exe
C:\WINDOWS\WT\UPDATER\WCMDMGR.exe
C:\PROGRAM FILES\COMMON FILES\GMT\GMT.exe
C:\PROGRAM FILES\COMMONNAME\ADDRESSBAR\COMWIZ.exe
C:\PROGRAM FILES\PRECISIONTIME\PRECISIONTIME.exe
C:\PROGRAM FILES\DATE MANAGER\DATEMANAGER.exe
C:\WINDOWS\APPLICATION DATA\DOWNLOADPLUS.exe
C:\WINDOWS\DESKTOP\HIJACKTHIS.exe
C:\WINDOWS\DESKTOP\HIJACKTHIS.exe
R1 - HKCU\Software\Microsoft\Internet Explorer,SearchURL = http://in.webcounter.cc/--/?cxlow (obfuscated)
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = file://C:\WINDOWS\SYSTEM\sb.htm
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://pblpkv.t.muxa.cc/s.php?aid=33 (obfuscated)
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://pblpkv.t.muxa.cc/h.php?aid=33 (obfuscated)
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://in.webcounter.cc/-/?cxlow (obfuscated)
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://in.webcounter.cc/--/?cxlow (obfuscated)
R1 - HKCU\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://pblpkv.t.muxa.cc/s.php?aid=33 (obfuscated)
R1 - HKCU\Software\Microsoft\Internet Explorer\Search,CustomizeSearch = http://in.webcounter.cc/--/?cxlow (obfuscated)
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://pblpkv.t.muxa.cc/h.php?aid=33 (obfuscated)
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://pblpkv.t.muxa.cc/s.php?aid=33 (obfuscated)
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://pblpkv.t.muxa.cc/s.php?aid=33 (obfuscated)
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.creative.com
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://in.webcounter.cc/--/?cxlow (obfuscated)
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch = res://C:\PROGRA~1\TOOLBAR\TOOLBAR.DLL/sa
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://pblpkv.t.muxa.cc/s.php?aid=33 (obfuscated)
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://www.blazefind.com
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = http://www.white-pages.ws/
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,HomeOldSP = http://pblpkv.t.muxa.cc/h.php?aid=33 (obfuscated)
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
R1 - HKCU\Software\Microsoft\Internet Explorer,Search = http://in.webcounter.cc/--/?cxlow (obfuscated)
R1 - HKLM\Software\Microsoft\Internet Explorer,Search = http://in.webcounter.cc/--/?cxlow (obfuscated)
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,SearchAssistant = C:\WINDOWS\system32\searchbar.html
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,SearchAssistant = http://www.websearch.com/ie.aspx?tb_id=50026
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,CustomizeSearch = res://C:\PROGRA~1\TOOLBAR\TOOLBAR.DLL/sa
R3 - URLSearchHook: (no name) - {8952A998-1E7E-4716-B23D-3DBE03910972} - C:\PROGRA~1\TOOLBAR\TOOLBAR.DLL
F1 - win.ini: run=fntldr.exe typushpdra.exe
O2 - BHO: SmartPops - {D5C778F1-CF13-4E70-ADF0-45A953E7CB8B} - C:\PROGRAM FILES\NETWORK ESSENTIALS\V11\NE.DLL
O2 - BHO: (no name) - {00041A26-7033-432C-94C7-6371DE343822} - C:\PROGRAM FILES\WINEX\V2\WINEX.DLL
O2 - BHO: (no name) - {3D898C55-74CC-4B7C-B5F1-45913F368388} - C:\PROGRA~1\ADKILL~1\NAMESP~1.DLL
O2 - BHO: (no name) - {000006B1-19B5-414A-849F-2A3C64AE6939} - C:\WINDOWS\BI.DLL
O2 - BHO: (no name) - {702AD576-FDDB-4d0f-9811-A43252064684} - C:\PROGRAM FILES\COMMON FILES\OE\TOOLBAR.DLL
O2 - BHO: (no name) - {D48F2E28-68E2-4920-9848-D6E6C7AB3EB7} - C:\PROGRAM FILES\COMMON FILES\OE\REDIRECTOR.DLL
O2 - BHO: myBar BHO - {0494D0D1-F8E0-41ad-92A3-14154ECE70AC} - C:\PROGRAM FILES\MYWAY\MYBAR\1.BIN\MYBAR.DLL
O2 - BHO: (no name) - {4E7BD74F-2B8D-469E-DFF7-EC6BF4D5FA7D} - C:\WINDOWS\GSIM.DLL
O2 - BHO: (no name) - {8952A998-1E7E-4716-B23D-3DBE03910972} - C:\PROGRA~1\TOOLBAR\TOOLBAR.DLL
O2 - BHO: BabeIE - {00000000-0000-0000-0000-000000000000} - C:\PROGRAM FILES\COMMONNAME\ADDRESSBAR\CNBABE.DLL
O2 - BHO: (no name) - {71ED4FBA-4024-4bbe-91DC-9704C93F453E} - C:\PROGRAM FILES\IESEARCHBAR\IESEARCHBAR.DLL
O2 - BHO: (no name) - {9C691A33-7DDA-4C2F-BE4C-C176083F35CF} - C:\WINDOWS\SYSTEM\BRIDGE.DLL
O2 - BHO: (no name) - {D8E25C53-9508-4f5c-9249-D98D438891D5} - C:\WINDOWS\SYSTEM\SSURF022.DLL
O2 - BHO: (no name) - {4A2AACF3-ADF6-11D5-98A9-00E018981B9E} - C:\Program Files\NewDotNet\newdotnet5_64.dll
O2 - BHO: (no name) - {CBC0C856-C7AA-FB3A-B1FE-245F0CBD40B0} - C:\windows\system\wmrcfoet.dll
O2 - BHO: (no name) - {00000EF1-0786-4633-87C6-1AA7A44296DA} - C:\WINDOWS\SYSTEM\N3TPA1P.DLL
O2 - BHO: (no name) - {00000762-3965-4A1A-98CE-3D4BF457D4C8} - C:\PROGRAM FILES\LYCOS\SIDESEARCH\SIDESEARCH1311.DLL
O2 - BHO: NavErrRedir Class - {5D60FF48-95BE-4956-B4C6-6BB168A70310} - C:\PROGRA~1\INCRED~1\BHO\INCFIN~1.DLL
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\SYSTEM\MSDXM.OCX
O3 - Toolbar: IE Search Bar - {71ED4FBA-4024-4bbe-91DC-9704C93F453E} - C:\PROGRAM FILES\IESEARCHBAR\IESEARCHBAR.DLL
O3 - Toolbar: &Search Toolbar - {339BB23F-A864-48C0-A59F-29EA915965EC} - C:\PROGRA~1\TOOLBAR\TOOLBAR.DLL
O4 - HKLM\..\Run: [PCHealth] C:\WINDOWS\PCHealth\Support\PCHSchd.exe -s
O4 - HKLM\..\Run: [LoadPowerProfile] Rundll32.exe powrprof.dll,LoadCurrentPwrScheme
O4 - HKLM\..\Run: [Microsoft Works Update Detection] C:\Program Files\Microsoft Works\WkDetect.exe
O4 - HKLM\..\Run: [Dcfssvc] C:\WINDOWS\System32\Drivers\dcfssvc.exe
O4 - HKLM\..\Run: [TimeSink Ad Client] "C:\Program Files\TimeSink\AdGateway\TSADBOT.exe"
O4 - HKLM\..\Run: [MediaLoads Installer] "C:\Program Files\DownloadWare\dw.exe" /H
O4 - HKLM\..\Run: [CMESys] "C:\PROGRAM FILES\COMMON FILES\CMEII\CMESYS.exe"
O4 - HKLM\..\Run: [SystemTray] SysTray.exe
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.exe
O4 - HKLM\..\Run: [SwimSuitNetwork] "C:\Program Files\SwimSuitNetwork\SwimSuitNetwork.exe" /H
O4 - HKLM\..\Run: [DSS] C:\WINDOWS\BBSTORE\DSS\DSSAGENT.exe
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [WindowEnhancer] "C:\PROGRAM FILES\WINEX\V2\WINEX.exe" /U
O4 - HKLM\..\Run: [Winsock2 driver] WUAUMQR.exe
O4 - HKLM\..\Run: [OrbitUpdate] C:\Program Files\Orbit\update.exe
O4 - HKLM\..\Run: [DownloadWare] "C:\Program Files\DownloadWare\dw.exe" /H
O4 - HKLM\..\Run: [BELT] C:\WINDOWS\BELT.exe
O4 - HKLM\..\Run: [OrbitView] C:\Program Files\Orbit\view.exe
O4 - HKLM\..\Run: [jafexptp] C:\WINDOWS\toigpyit.exe
O4 - HKLM\..\Run: [Antivirus] C:\WINDOWS\AV.exe
O4 - HKLM\..\Run: [Dpi] C:\PROGRAM FILES\COMMON FILES\DPI\DPI.exe
O4 - HKLM\..\Run: [Soundmx] \soundmx.exe
O4 - HKLM\..\Run: [msbb] C:\WINDOWS\MSBB.exe
O4 - HKLM\..\Run: [winnet] C:\PROGRA~1\COMMON~2\ADDRES~1\WINNET.exe
O4 - HKLM\..\Run: [WinFavorites] C:\PROGRAM FILES\WINFAVORITES\WINFAVORITES.exe1
O4 - HKLM\..\Run: [SafeSurfingUpdate] C:\WINDOWS\SYSTEM\SSUpdate.exe
O4 - HKLM\..\Run: [DGXN] C:\WINDOWS\DGXN.exe
O4 - HKLM\..\Run: [IEDriver] C:\WINDOWS\SYSTEM\IEDriver\IEDriver.exe
O4 - HKLM\..\Run: [RunDLL] rundll32.exe "C:\WINDOWS\SYSTEM\BRIDGE.DLL",Load
O4 - HKLM\..\Run: [systray] C:\WINDOWS\SYSTEM\A.exe
O4 - HKLM\..\Run: [Tat] C:\WINDOWS\system32\pgtools\tatss.exe
O4 - HKLM\..\Run: [sys] regedit -s sys.reg
O4 - HKLM\..\Run: [New.net Startup] rundll32 C:\PROGRA~1\NEWDOT~1\NEWDOT~2.DLL,NewDotNetStartup
O4 - HKLM\..\Run: [zzb] c:\Windows\System\zzb.exe
O4 - HKLM\..\Run: [wcmdmgr] C:\WINDOWS\wt\updater\wcmdmgrl.exe -launch
O4 - HKLM\..\Run: [System Service] C:\WINDOWS\SYSTEM\MSREXE.exe
O4 - HKLM\..\RunServices: [LoadPowerProfile] Rundll32.exe powrprof.dll,LoadCurrentPwrScheme
O4 - HKLM\..\RunServices: [SSDPSRV] C:\WINDOWS\SYSTEM\ssdpsrv.exe
O4 - HKLM\..\RunServices: [*StateMgr] C:\WINDOWS\System\Restore\StateMgr.exe
O4 - HKLM\..\RunServices: [AstonShellDoctor] shDoctor.exe check
O4 - HKCU\..\Run: [zzb] c:\Windows\System\zzb.exe
O4 - HKCU\..\RunServices: [zzb] c:\Windows\System\zzb.exe
O4 - HKCU\..\RunOnce: [Winsock2 driver] WUAUMQR.exe
O4 - Startup: GStartup.lnk = C:\Program Files\Common Files\GMT\GMT.exe
O4 - Startup: PrecisionTime.lnk = C:\Program Files\PrecisionTime\PrecisionTime.exe
O4 - Startup: Date Manager.lnk = C:\Program Files\Date Manager\DateManager.exe
O4 - Startup: PowerReg Scheduler.exe
O4 - Startup: PowerReg Scheduler V3.exe
O4 - Startup: Download Plus.lnk = C:\WINDOWS\Application Data\DownloadPlus.exe
O4 - Startup: America Online 8.0 Tray Icon.lnk = C:\Program Files\America Online 8.0\aoltray.exe
O8 - Extra context menu item: Bookmark This Page - C:\Program Files\CommonName\AddressBar\createbookmark.htm
O8 - Extra context menu item: Add A Page Note - C:\Program Files\CommonName\AddressBar\createnote.htm
O8 - Extra context menu item: Email This Link - C:\Program Files\CommonName\AddressBar\emaillink.htm
O8 - Extra context menu item: Search using CommonName - C:\Program Files\CommonName\AddressBar\navigate.htm
O9 - Extra button: Related (HKLM)
O9 - Extra 'Tools' menuitem: Show &Related Links (HKLM)
O9 - Extra button: Messenger (HKLM)
O9 - Extra 'Tools' menuitem: MSN Messenger Service (HKLM)
O9 - Extra button: Encarta Encyclopedia (HKLM)
O9 - Extra 'Tools' menuitem: Encarta Encyclopedia (HKLM)
O9 - Extra button: Define (HKLM)
O9 - Extra 'Tools' menuitem: Define (HKLM)
O9 - Extra button: AIM (HKLM)
O9 - Extra 'Tools' menuitem: &AD Killer (HKLM)
O9 - Extra 'Tools' menuitem: MaxSpeed (HKLM)
O9 - Extra button: Sidesearch (HKLM)
O10 - Hijacked Internet access by New.Net
O10 - Hijacked Internet access by New.Net
O10 - Hijacked Internet access by New.Net
O10 - Hijacked Internet access by New.Net
O11 - Options group: [CommonName] CommonName
O12 - Plugin for .mp3: C:\PROGRA~1\INTERN~1\PLUGINS\npqtplugin3.dll
O12 - Plugin for .mov: C:\PROGRA~1\INTERN~1\PLUGINS\npqtplugin.dll
O12 - Plugin for .au: C:\PROGRA~1\INTERN~1\PLUGINS\npqtplugin2.dll
O12 - Plugin for .mid: C:\PROGRA~1\INTERN~1\PLUGINS\npqtplugin2.dll
O12 - Plugin for .png: C:\PROGRA~1\INTERN~1\PLUGINS\npqtplugin4.dll
O14 - IERESET.INF: START_PAGE_URL=http://www.creative.com
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://download.macromedia.com/pub/shockwave/cabs/flash/swflash.cab
O16 - DPF: {D9EC0A76-03BF-11D4-A509-0090270F86E3} - http://www.spywarelabs.com/1203030306/VBouncerOuter1203.EXE
O16 - DPF: Yahoo! Pool 2 - http://download.games.yahoo.com/games/clients/y/potc_x.cab
O16 - DPF: {0EC4C9E3-EC6A-11CF-8E3B-444553540000} (WaveTab Control) - http://www.riffinteractive.com/setup/RiffLick.cab
O16 - DPF: {30000273-8230-4DD4-BE4F-6889D1E74167} - http://download.abetterinternet.com/download/cabs/FON19119/flash.cab
O16 - DPF: {1239CC52-59EF-4DFA-8C61-90FFA846DF7E} (Musicnotes Viewer) - http://www.musicnotes.com/download/mnviewer.cab
O17 - HKLM\System\CCS\Services\VxD\MSTCP: Domain = aoldsl.net
O19 - User stylesheet: C:\WINDOWS\Web\tips.ini
O19 - User stylesheet: C:\WINDOWS\hh.htt (HKLM)

Response Number 82

Name: TammyR
Date: February 23, 2004 at 00:52:46 Pacific

Reply:

Hi I am having the same error on start up with the bridge.dll. I ran both my mcafee firewall and viruscan and also my spybot and spyblaster. I got spyguard and nothing worked. Is there anything else I can use? Thanks

Response Number 83

Name: DanielleLikesBlue
Date: February 23, 2004 at 08:28:33 Pacific

Reply:

hey Mesich,
I downloaded and ran RapidBlast Killer. Here's my new log....
Logfile of HijackThis v1.97.7
Scan saved at 11:25:38 AM, on 2/23/2004
Platform: Windows ME (Win9x 4.90.3000)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)
Running processes:
C:\WINDOWS\SYSTEM\KERNEL32.DLL
C:\WINDOWS\SYSTEM\MSGSRV32.exe
C:\WINDOWS\SYSTEM\SPOOL32.exe
C:\WINDOWS\SYSTEM\MPREXE.exe
C:\WINDOWS\SYSTEM\mmtask.tsk
C:\WINDOWS\SYSTEM\MSTASK.exe
C:\WINDOWS\EXPLORER.exe
C:\WINDOWS\TASKMON.exe
C:\WINDOWS\SYSTEM\SYSTRAY.exe
C:\WINDOWS\SM56HLPR.exe
C:\WINDOWS\SYSTEM\HPZTSB07.exe
C:\PROGRAM FILES\MEDIA\MEDIA\UPDATESTATS.exe
C:\PROGRAM FILES\COMMON FILES\REAL\UPDATE_OB\EVNTSVC.exe
C:\WINDOWS\SYSTEM\QTTASK.exe
C:\PROGRAM FILES\BARGAIN BUDDY\BIN2\BARGAINS.exe
C:\WINDOWS\KDX\KHOST.exe
C:\WINDOWS\SYSTEM\WMIEXE.exe
C:\PROGRAM FILES\CLOCKSYNC\SYNC.exe
C:\PROGRAM FILES\ALSET\HELPEXPRESS\END USER\HXIUL.exe
C:\PROGRAM FILES\ALSET\HELPEXPRESS\END USER\CLIENT\HELPEXP.exe
C:\WINDOWS\SYSTEM\DDHELP.exe
C:\PROGRAM FILES\MICROSOFT OFFICE\OFFICE\FINDFAST.exe
C:\PROGRAM FILES\MICROSOFT OFFICE\OFFICE\OSA.exe
C:\WINDOWS\SYSTEM\RESTORE\STMGR.exe
C:\PROGRAM FILES\ALSET\HELPEXPRESS\END USER\CLIENT\PRINTMONITOR.exe
C:\WINDOWS\EMSW.exe
C:\PROGRAM FILES\AIM\AIM.exe
C:\WINDOWS\RUNDLL32.exe
C:\WINDOWS\SYSTEM\PSTORES.exe
C:\WINDOWS\TEMP\TD_0001.DIR\HIJACKTHIS.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com/
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = 127.0.0.1
O2 - BHO: (no name) - {89D95B00-50C4-B07A-36F4-EF6F6B25C182} - C:\windows\system\qyfnunaq.dll
O2 - BHO: (no name) - {63F4ED6A-CADC-B394-7B0F-ED018BCC0262} - C:\windows\system\dujluyld.dll
O2 - BHO: (no name) - {BCF96FB4-5F1B-497B-AECC-910304A55011} - C:\WINDOWS\HH.DLL
O2 - BHO: Url Catcher - {CE31A1F7-3D90-4874-8FBE-A5D97F8BC8F1} - C:\PROGRA~1\BARGAI~1\BIN2\APUC.DLL
O2 - BHO: (no name) - {0019C3E2-DD48-4A6D-ABCD-8D32436323D9} - C:\WINDOWS\BXXS5.DLL
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\SYSTEM\MSDXM.OCX
O4 - HKLM\..\Run: [ScanRegistry] C:\WINDOWS\scanregw.exe /autorun
O4 - HKLM\..\Run: [TaskMonitor] C:\WINDOWS\taskmon.exe
O4 - HKLM\..\Run: [PCHealth] C:\WINDOWS\PCHealth\Support\PCHSchd.exe -s
O4 - HKLM\..\Run: [SystemTray] SysTray.exe
O4 - HKLM\..\Run: [LoadPowerProfile] Rundll32.exe powrprof.dll,LoadCurrentPwrScheme
O4 - HKLM\..\Run: [SMSERIAL] sm56hlpr.exe
O4 - HKLM\..\Run: [HPDJ Taskbar Utility] C:\WINDOWS\SYSTEM\hpztsb07.exe
O4 - HKLM\..\Run: [UpdateStats] C:\Program Files\Media\Media\UpdateStats.exe
O4 - HKLM\..\Run: [TkBellExe] C:\Program Files\Common Files\Real\Update_OB\evntsvc.exe -osboot
O4 - HKLM\..\Run: [QuickTime Task] "C:\WINDOWS\SYSTEM\QTTASK.exe" -atboottime
O4 - HKLM\..\Run: [rb32 ml708e] "C:\Program Files\RapidBlaster\rb32.exe"
O4 - HKLM\..\Run: [Bargains] C:\Program Files\Bargain Buddy\bin2\bargains.exe
O4 - HKLM\..\Run: [couponsandoffers] wjview /cp:p "C:\Program Files\couponsandoffers\System\Code" Main lp: "C:\Program Files\couponsandoffers"
O4 - HKLM\..\Run: [kdx] C:\WINDOWS\KDX\KHOST.exe
O4 - HKLM\..\Run: [emsw.exe] C:\WINDOWS\emsw.exe
O4 - HKLM\..\Run: [bxxs5] RunDLL32.exe C:\WINDOWS\BXXS5.DLL,DllRun
O4 - HKLM\..\RunServices: [LoadPowerProfile] Rundll32.exe powrprof.dll,LoadCurrentPwrScheme
O4 - HKLM\..\RunServices: [SchedulingAgent] mstask.exe
O4 - HKLM\..\RunServices: [*StateMgr] C:\WINDOWS\System\Restore\StateMgr.exe
O4 - HKCU\..\Run: [ClockSync] C:\Program Files\ClockSync\Sync.exe /q
O4 - HKCU\..\Run: [HXIUL.EXE] C:\Program Files\Alset\HelpExpress\End User\HXIUL.exe
O4 - HKCU\..\Run: [HELPEXP.EXE] C:\Program Files\Alset\HelpExpress\End User\Client\HelpExp.exe
O4 - HKCU\..\Run: [emsw.exe] C:\WINDOWS\emsw.exe
O4 - Startup: Microsoft Find Fast.lnk = C:\Program Files\Microsoft Office\Office\FINDFAST.exe
O4 - Startup: Office Startup.lnk = C:\Program Files\Microsoft Office\Office\OSA.exe
O9 - Extra button: Related (HKLM)
O9 - Extra 'Tools' menuitem: Show &Related Links (HKLM)
O9 - Extra button: AIM (HKLM)
O9 - Extra button: Sidesearch (HKLM)
O9 - Extra 'Tools' menuitem: Turbo Download (HKLM)
O9 - Extra 'Tools' menuitem: Sun Java Console (HKLM)
O16 - DPF: {9F1C11AA-197B-4942-BA54-47A8489BB47F} (Update Class) - http://v4.windowsupdate.microsoft.com/CAB/x86/ansi/iuctl.CAB?37931.4053240741
O16 - DPF: {33564D57-0000-0010-8000-00AA00389B71} - http://download.microsoft.com/download/F/6/E/F6E491A6-77E1-4E20-9F5F-94901338C922/wmv9VCM.CAB
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://download.macromedia.com/pub/shockwave/cabs/flash/swflash.cab
O16 - DPF: {62475759-9E84-458E-A1AB-5D2C442ADFDE} - http://a1540.g.akamai.net/7/1540/52/20031216/qtinstall.info.apple.com/mickey/us/win/QuickTimeInstaller.exe
O16 - DPF: {F54C1137-5E34-4B95-95A5-BA56D4D8D743} (Secure Delivery) - http://www.gamespot.com/KDX/kdx.cab
O16 - DPF: IEToolbarCab - http://www.dailytoolbar.com/DailyToolbar.CAB
Thanks for all your help thus far,
Danielle

Response Number 84

Name: mesich
Date: February 23, 2004 at 09:01:31 Pacific

Reply:

Hi Daniell, hello everyone
Daniell,
Delete the following using hijackthis.
O2 - BHO: (no name) - {BCF96FB4-5F1B-497B-AECC-910304A55011} - C:\WINDOWS\HH.DLL
O2 - BHO: Url Catcher - {CE31A1F7-3D90-4874-8FBE-A5D97F8BC8F1} - C:\PROGRA~1\BARGAI~1\BIN2\APUC.DLL
O2 - BHO: (no name) - {0019C3E2-DD48-4A6D-ABCD-8D32436323D9} - C:\WINDOWS\BXXS5.DLL
O4 - HKLM\..\Run: [rb32 ml708e] "C:\Program Files\RapidBlaster\rb32.exe"
O4 - HKLM\..\Run: [Bargains] C:\Program Files\Bargain Buddy\bin2\bargains.exe
O4 - HKLM\..\RunServices: [LoadPowerProfile] Rundll32.exe powrprof.dll,LoadCurrentPwrScheme
O4 - HKLM\..\Run: [emsw.exe] C:\WINDOWS\emsw.exe
O4 - HKLM\..\Run: [bxxs5] RunDLL32.exe C:\WINDOWS\BXXS5.DLL,DllRun
O4 - HKCU\..\Run: [emsw.exe] C:\WINDOWS\emsw.exe
Restart the computer and delete these files.
C:\WINDOWS\HH.DLL
C:\WINDOWS\BXXS5.DLL
C:\WINDOWS\emsw.exe
C:\WINDOWS\BXXS5.DLL
Delete these folders
C:\Program Files\RapidBlaster
C:\Program Files\Bargain Buddy
Go to Add/Remove Programs and uninstall HelpExpress.
Post back with a new log when you are done, the above should take care of everything however we will double check and make sure.

Best Regards,
Mesich

Response Number 85

Name: mesich
Date: February 23, 2004 at 09:02:49 Pacific

Reply:

Hello everyone,
I will have to look at the other logs this evening. I have to go to a clients right now.

Best Regards,
Mesich

Response Number 86

Name: Gerhartz2000
Date: February 23, 2004 at 18:26:49 Pacific

Reply:

I too have had problems with this "RUNDLL" error appearing on my computer. I have done as you asked and have run spyware and cwshredder to no avail. So I now have ran the HijackThis program, please tell me which programs to get rid of. Here is my logfile:
Logfile of HijackThis v1.97.7
Scan saved at 6:19:00 PM, on 2/23/2004
Platform: Windows XP (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 (6.00.2600.0000)
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.exe
C:\PROGRA~1\mcafee.com\agent\mcagent.exe
C:\WINDOWS\System32\a.exe
C:\Program Files\QuickTime\qttask.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\PROGRA~1\mcafee.com\PERSON~1\MpfTray.exe
C:\PROGRA~1\mcafee.com\vso\mcvsshld.exe
c:\progra~1\mcafee.com\vso\mcvsescn.exe
C:\WINDOWS\System32\rundll32.exe
C:\PROGRA~1\mcafee.com\PERSON~1\MpfAgent.exe
C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
C:\Program Files\America Online 9.0\waol.exe
C:\WINDOWS\System32\PackethSvc.exe
C:\PROGRA~1\COMMON~1\AOL\ACS\acsd.exe
c:\PROGRA~1\mcafee.com\vso\mcvsrte.exe
C:\PROGRA~1\mcafee.com\PERSON~1\MPFSERVICE.exe
C:\WINDOWS\System32\nvsvc32.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\wanmpsvc.exe
C:\Program Files\America Online 9.0\shellmon.exe
c:\PROGRA~1\mcafee.com\vso\mcshield.exe
C:\Program Files\America Online 9.0\aolwbspd.exe
C:\Documents and Settings\Owner\Local Settings\Temporary Internet Files\Content.IE5\QDYBMTQ7\HijackThis[1].exe
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://srch-us4.hpwis.com/
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://srch-us4.hpwis.com/
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://aol.com/
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://us4.hpwis.com/
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://srch-us4.hpwis.com/
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://us4.hpwis.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://srch-us4.hpwis.com/
R3 - URLSearchHook: (no name) - {CFBFAE00-17A6-11D0-99CB-00C04FD64497}_ - (no file)
R3 - URLSearchHook: (no name) - _{707E6F76-9FFB-4920-A976-EA101271BC25} - (no file)
O2 - BHO: (no name) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx
O2 - BHO: (no name) - {FDD3B846-8D59-4ffb-8758-209B6AD74ACC} - c:\Program Files\Microsoft Money\System\mnyviewer.dll
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx
O3 - Toolbar: (no name) - {71ED4FBA-4024-4bbe-91DC-9704C93F453E} - (no file)
O3 - Toolbar: McAfee VirusScan - {BA52B914-B692-46c4-B683-905236F6F655} - c:\progra~1\mcafee.com\vso\mcvsshl.dll
O4 - HKLM\..\Run: [MCUpdateExe] C:\PROGRA~1\mcafee.com\agent\McUpdate.exe
O4 - HKLM\..\Run: [MCAgentExe] c:\PROGRA~1\mcafee.com\agent\mcagent.exe
O4 - HKLM\..\Run: [RunDLL] rundll32.exe "C:\WINDOWS\Downloaded Program Files\bridge.dll",Load
O4 - HKLM\..\Run: [systray] C:\WINDOWS\System32\a.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [MPFExe] C:\PROGRA~1\mcafee.com\PERSON~1\MpfTray.exe
O4 - HKLM\..\Run: [nrgpiapr] C:\WINDOWS\System32\amzqwjav.exe
O4 - HKLM\..\Run: [VSOCheckTask] "c:\PROGRA~1\mcafee.com\vso\mcmnhdlr.exe" /checktask
O4 - HKLM\..\Run: [VirusScan Online] "c:\PROGRA~1\mcafee.com\vso\mcvsshld.exe"
O4 - HKLM\..\Run: [New.net Startup] rundll32 C:\PROGRA~1\NEWDOT~1\NEWDOT~1.DLL,NewDotNetStartup
O4 - HKLM\..\Run: [TrojanScanner] C:\Program Files\Trojan Remover\Trjscan.exe
O4 - Global Startup: hp center UI.lnk = C:\Program Files\hp center\137903\Shadow\ShadowBar.exe
O4 - Global Startup: hp center.lnk = C:\Program Files\hp center\137903\Program\BackWeb-137903.exe
O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
O9 - Extra button: MktBrowser (HKLM)
O9 - Extra 'Tools' menuitem: MarketBrowser (HKLM)
O9 - Extra button: Researcher (HKLM)
O9 - Extra button: Real.com (HKLM)
O9 - Extra button: MoneySide (HKLM)
O10 - Hijacked Internet access by New.Net
O10 - Hijacked Internet access by New.Net
O10 - Hijacked Internet access by New.Net
O10 - Hijacked Internet access by New.Net
O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll
O16 - DPF: {166B1BCA-3F9C-11CF-8075-444553540000} (Shockwave ActiveX Control) - http://active.macromedia.com/director/cabs/sw.cab
O16 - DPF: {4A3CF76B-EC7A-405D-A67D-8DC6B52AB35B} (QDiagAOLCCUpdateObj Class) - http://aolcc.aol.com/computercheckup/qdiagcc.cab
O16 - DPF: {4ED9DDF0-7479-4BBE-9335-5A1EDB1D8A21} (McAfee.com Operating System Class) - http://download.av.aol.com/molbin/shared/mcinsctl/en-us/4,0,0,77/mcinsctl.cab
O16 - DPF: {76D90D08-EAB7-46D8-BF99-87445BF59E72} (SystemInfo Class) - http://directv.direcway.com/dwayready/dpcsysinfo.cab
O16 - DPF: {9522B3FB-7A2B-4646-8AF6-36E7F593073C} (cpbrkpie Control) - http://a19.g.akamai.net/7/19/7125/1435/ftp.coupons.com/v3123/cpbrkpie.cab
O16 - DPF: {BCC0FF27-31D9-4614-A68E-C18E1ADA4389} (DwnldGroupMgr Class) - http://download.av.aol.com/molbin/shared/mcgdmgr/en-us/1,0,0,18/mcgdmgr.cab
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://download.macromedia.com/pub/shockwave/cabs/flash/swflash.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{5E2A3A25-1A5D-4B6D-9414-D96319F39954}: NameServer = 198.81.17.4

Response Number 87

Name: TammyR
Date: February 23, 2004 at 22:45:54 Pacific

Reply:

Am I suppose to post my log from Hijack this on here?

Response Number 88

Name: DanielleLikesBlue
Date: February 24, 2004 at 20:44:16 Pacific

Reply:

Hey Mesich,
I did everything you said except delete the C:\WINDOWS\HH.DLL
C:\WINDOWS\BXXS5.DLL
folders because I couldn't find them on my computer. I searched in "Find Files or Folders" too, and nothing came up. So, I dunno, but here's the revised log....
Logfile of HijackThis v1.97.7
Scan saved at 11:41:14 PM, on 2/24/2004
Platform: Windows ME (Win9x 4.90.3000)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)
Running processes:
C:\WINDOWS\SYSTEM\KERNEL32.DLL
C:\WINDOWS\SYSTEM\MSGSRV32.exe
C:\WINDOWS\SYSTEM\mmtask.tsk
C:\WINDOWS\SYSTEM\MPREXE.exe
C:\WINDOWS\SYSTEM\MSTASK.exe
C:\WINDOWS\EXPLORER.exe
C:\WINDOWS\TASKMON.exe
C:\WINDOWS\SYSTEM\SYSTRAY.exe
C:\WINDOWS\SM56HLPR.exe
C:\WINDOWS\SYSTEM\HPZTSB07.exe
C:\PROGRAM FILES\MEDIA\MEDIA\UPDATESTATS.exe
C:\PROGRAM FILES\COMMON FILES\REAL\UPDATE_OB\EVNTSVC.exe
C:\WINDOWS\SYSTEM\QTTASK.exe
C:\WINDOWS\KDX\KHOST.exe
C:\WINDOWS\SYSTEM\SPOOL32.exe
C:\PROGRAM FILES\CLOCKSYNC\SYNC.exe
C:\WINDOWS\SYSTEM\DDHELP.exe
C:\PROGRAM FILES\MICROSOFT OFFICE\OFFICE\OSA.exe
C:\WINDOWS\SYSTEM\WMIEXE.exe
C:\WINDOWS\SYSTEM\RESTORE\STMGR.exe
C:\PROGRAM FILES\AIM\AIM.exe
C:\WINDOWS\TEMP\TD_0001.DIR\HIJACKTHIS.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com/
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = 127.0.0.1
O2 - BHO: (no name) - {89D95B00-50C4-B07A-36F4-EF6F6B25C182} - C:\windows\system\qyfnunaq.dll
O2 - BHO: (no name) - {63F4ED6A-CADC-B394-7B0F-ED018BCC0262} - C:\windows\system\dujluyld.dll
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\SYSTEM\MSDXM.OCX
O4 - HKLM\..\Run: [ScanRegistry] C:\WINDOWS\scanregw.exe /autorun
O4 - HKLM\..\Run: [TaskMonitor] C:\WINDOWS\taskmon.exe
O4 - HKLM\..\Run: [PCHealth] C:\WINDOWS\PCHealth\Support\PCHSchd.exe -s
O4 - HKLM\..\Run: [SystemTray] SysTray.exe
O4 - HKLM\..\Run: [LoadPowerProfile] Rundll32.exe powrprof.dll,LoadCurrentPwrScheme
O4 - HKLM\..\Run: [SMSERIAL] sm56hlpr.exe
O4 - HKLM\..\Run: [HPDJ Taskbar Utility] C:\WINDOWS\SYSTEM\hpztsb07.exe
O4 - HKLM\..\Run: [UpdateStats] C:\Program Files\Media\Media\UpdateStats.exe
O4 - HKLM\..\Run: [TkBellExe] C:\Program Files\Common Files\Real\Update_OB\evntsvc.exe -osboot
O4 - HKLM\..\Run: [QuickTime Task] "C:\WINDOWS\SYSTEM\QTTASK.exe" -atboottime
O4 - HKLM\..\Run: [kdx] C:\WINDOWS\KDX\KHOST.exe
O4 - HKLM\..\Run: [WinFavorites] C:\PROGRAM FILES\WINFAVORITES\WINFAVORITES.exe1
O4 - HKLM\..\RunServices: [SchedulingAgent] mstask.exe
O4 - HKLM\..\RunServices: [*StateMgr] C:\WINDOWS\System\Restore\StateMgr.exe
O4 - HKCU\..\Run: [ClockSync] C:\Program Files\ClockSync\Sync.exe /q
O4 - Startup: Office Startup.lnk = C:\Program Files\Microsoft Office\Office\OSA.exe
O9 - Extra button: Related (HKLM)
O9 - Extra 'Tools' menuitem: Show &Related Links (HKLM)
O9 - Extra button: AIM (HKLM)
O9 - Extra button: Sidesearch (HKLM)
O9 - Extra 'Tools' menuitem: Turbo Download (HKLM)
O9 - Extra 'Tools' menuitem: Sun Java Console (HKLM)
O16 - DPF: {9F1C11AA-197B-4942-BA54-47A8489BB47F} (Update Class) - http://v4.windowsupdate.microsoft.com/CAB/x86/ansi/iuctl.CAB?37931.4053240741
O16 - DPF: {33564D57-0000-0010-8000-00AA00389B71} - http://download.microsoft.com/download/F/6/E/F6E491A6-77E1-4E20-9F5F-94901338C922/wmv9VCM.CAB
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://download.macromedia.com/pub/shockwave/cabs/flash/swflash.cab
O16 - DPF: {62475759-9E84-458E-A1AB-5D2C442ADFDE} - http://a1540.g.akamai.net/7/1540/52/20031216/qtinstall.info.apple.com/mickey/us/win/QuickTimeInstaller.exe
O16 - DPF: {F54C1137-5E34-4B95-95A5-BA56D4D8D743} (Secure Delivery) - http://www.gamespot.com/KDX/kdx.cab
O16 - DPF: IEToolbarCab - http://www.dailytoolbar.com/DailyToolbar.CAB
Thanks so much for all of your help,
Danielle

Response Number 89

Name: Harvey
Date: February 26, 2004 at 09:34:24 Pacific

Reply:

Hi people.
Ran hijackthis and this is the log file.
Logfile of HijackThis v1.97.7
Scan saved at 17:28:35, on 26/02/2004
Platform: Windows XP SP1 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Common Files\Symantec Shared\ccProxy.exe
C:\WINDOWS\system32\cisvc.exe
C:\Program Files\Common Files\EPSON\EBAPI\SAgent2.exe
C:\Program Files\Norton Internet Security\Norton AntiVirus\navapsvc.exe
C:\WINDOWS\System32\nvsvc32.exe
C:\Program Files\Norton Internet Security\Norton AntiVirus\SAVScan.exe
C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
C:\WINDOWS\Explorer.exe
C:\WINDOWS\zHotkey.exe
C:\Program Files\Alcatel\SpeedTouch USB\Dragdiag.exe
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\Program Files\blss\blss.exe
C:\Program Files\Messenger Plus! 2\MsgPlus.exe
C:\DOCUME~1\Family\APPLIC~1\sglstied.exe
C:\Program Files\Real\RealPlayer\RealPlay.exe
C:\Program Files\Common files\updater\wupdater.exe
C:\WINDOWS\System32\SahAgent.exe
C:\WINDOWS\System32\IEDriver\IEDriver.exe
C:\WINDOWS\System32\rundll32.exe
C:\PROGRA~1\COMMON~2\ADDRES~1\winnet.exe
C:\DOCUME~1\Family\LOCALS~1\Temp\Ntn1.exe
C:\Program Files\BigFix\BigFix.exe
C:\PROGRA~1\COMMON~2\ADDRES~1\comwiz.exe
C:\Program Files\Messenger\msmsgs.exe
C:\WINDOWS\system32\cidaemon.exe
C:\PROGRA~1\WINZIP\winzip32.exe
C:\unzipped\hijackthis1977\HijackThis.exe
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.freeserve.com/
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Microsoft Internet Explorer provided by Freeserve
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://www.blazefind.com
R3 - URLSearchHook: (no name) - _{CFBFAE00-17A6-11D0-99CB-00C04FD64497} - (no file)
R3 - URLSearchHook: (no name) - _{5D60FF48-95BE-4956-B4C6-6BB168A70310} - (no file)
O1 - Hosts: auto.search.msn.com
O1 - Hosts: search.netscape.com
O1 - Hosts: ieautosearch
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx
O3 - Toolbar: IE Search Bar - {71ED4FBA-4024-4bbe-91DC-9704C93F453E} - c:\progra~1\iesearchbar\iesearchbar.dll
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.exe C:\WINDOWS\System32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [CHotkey] zHotkey.exe
O4 - HKLM\..\Run: [SpeedTouch USB Diagnostics] "C:\Program Files\Alcatel\SpeedTouch USB\Dragdiag.exe" /icon
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [URLLSTCK.exe] C:\Program Files\Norton Internet Security\UrlLstCk.exe
O4 - HKLM\..\Run: [blss] C:\Program Files\blss\blss.exe
O4 - HKLM\..\Run: [NeroCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [MessengerPlus2] "C:\Program Files\Messenger Plus! 2\MsgPlus.exe"
O4 - HKLM\..\Run: [xwftr] C:\DOCUME~1\Family\APPLIC~1\sglstied.exe -QuieT
O4 - HKLM\..\Run: [RunDLL] rundll32.exe "C:\WINDOWS\Downloaded Program Files\bridge.dll",Load
O4 - HKLM\..\Run: [RealTray] C:\Program Files\Real\RealPlayer\RealPlay.exe SYSTEMBOOTHIDEPLAYER
O4 - HKLM\..\Run: [Belt] C:\WINDOWS\Belt.exe
O4 - HKLM\..\Run: [updater] C:\Program Files\Common files\updater\wupdater.exe
O4 - HKLM\..\Run: [SAHAgent] C:\WINDOWS\System32\SahAgent.exe
O4 - HKLM\..\Run: [IEDriver] C:\WINDOWS\System32\IEDriver\IEDriver.exe
O4 - HKLM\..\Run: [New.net Startup] rundll32 C:\PROGRA~1\NEWDOT~1\NEWDOT~1.DLL,NewDotNetStartup
O4 - HKLM\..\Run: [winnet] C:\PROGRA~1\COMMON~2\ADDRES~1\winnet.exe
O4 - HKLM\..\Run: [SpyHunter] C:\Program Files\SpyHunter\SpyHunter.exe
O4 - HKCU\..\Run: [Shareaza] "C:\Program Files\Shareaza\Shareaza.exe" -tray
O4 - HKCU\..\Run: [MoneyAgent] "C:\Program Files\Microsoft Money\System\mnyexpr.exe"
O4 - HKCU\..\Run: [Microsoft Works Update Detection] c:\Program Files\Microsoft Works\WkDetect.exe
O4 - HKCU\..\Run: [MessengerPlus2] "C:\Program Files\Messenger Plus! 2\MsgPlus.exe" /WinStart
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - Global Startup: BigFix.lnk = C:\Program Files\BigFix\BigFix.exe
O4 - Global Startup: EPSON Status Monitor 3 Environment Check 2.lnk = C:\WINDOWS\system32\spool\drivers\w32x86\3\E_SRCV02.exe
O8 - Extra context menu item: Add A Page Note - C:\Program Files\CommonName\AddressBar\createnote.htm
O8 - Extra context menu item: Bookmark This Page - C:\Program Files\CommonName\AddressBar\createbookmark.htm
O8 - Extra context menu item: Email This Link - C:\Program Files\CommonName\AddressBar\emaillink.htm
O8 - Extra context menu item: Search using CommonName - C:\Program Files\CommonName\AddressBar\navigate.htm
O9 - Extra 'Tools' menuitem: MaxSpeed (HKLM)
O9 - Extra button: Research (HKLM)
O9 - Extra button: Related (HKLM)
O9 - Extra 'Tools' menuitem: Show &Related Links (HKLM)
O9 - Extra button: Real.com (HKLM)
O9 - Extra button: Money Viewer (HKLM)
O9 - Extra button: Messenger (HKLM)
O9 - Extra 'Tools' menuitem: Windows Messenger (HKLM)
O10 - Hijacked Internet access by New.Net
O11 - Options group: [CommonName] CommonName
O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll
O14 - IERESET.INF: START_PAGE_URL=http://www.freeserve.com/
O16 - DPF: {00000EF1-0786-4633-87C6-1AA7A44296DA} (F1 Organizer Class) - http://www.netpaloffers.net/NetpalOffers/DMO1/Fr03tp.cab
O16 - DPF: {00B71CFB-6864-4346-A978-C0A14556272C} (Checkers Class) - http://messenger.zone.msn.com/binary/msgrchkr.cab
O16 - DPF: {166B1BCA-3F9C-11CF-8075-444553540000} (Shockwave ActiveX Control) - http://download.macromedia.com/pub/shockwave/cabs/director/sw.cab
O16 - DPF: {2917297F-F02B-4B9D-81DF-494B6333150B} (Minesweeper Flags Class) - http://messenger.zone.msn.com/binary/MineSweeper.cab
O16 - DPF: {33564D57-0000-0010-8000-00AA00389B71} - http://download.microsoft.com/download/F/6/E/F6E491A6-77E1-4E20-9F5F-94901338C922/wmv9VCM.CAB
O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsClient.cab
O16 - DPF: {9C691A33-7DDA-4C2F-BE4C-C176083F35CF} (brdg Class) - http://www2.flingstone.com/cab/2000XP/bridge.cab
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://download.macromedia.com/pub/shockwave/cabs/flash/swflash.cab
O16 - DPF: {E4961D20-6367-4C75-BCF3-5213C29A827C} (llamapro) - https://www.pimpwar.com/crew/llamapro/llamapro.cab
O16 - DPF: {F6BF0D00-0B2A-4A75-BF7B-F385591623AF} (Solitaire Showdown Class) - http://messenger.zone.msn.com/binary/SolitaireShowdown.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{C2FA4975-F3DC-4B8E-813D-57E93437ED8C}: NameServer = 195.92.195.94 195.92.195.95
What should I delete or repair?

Response Number 90

Name: mesich
Date: February 26, 2004 at 09:43:43 Pacific

Reply:

Hello everyone,
I've been quite busy and have not had a chance to check out all of the logs. I shall start reviewing them right now in the order that they were first posted.
Tammy,
Go ahead and post your log.
Best Regards,
Mesich

Response Number 91

Name: mesich
Date: February 26, 2004 at 09:52:58 Pacific

Reply:

Hello everyone,
Danielle,
Just one item to remove using hijackthis.
O4 - HKLM\..\Run: [WinFavorites] C:\PROGRAM FILES\WINFAVORITES\WINFAVORITES.exe1
After removing that restart the computer and then remove this folder:
C:\PROGRAM FILES\WINFAVORITES
Best Regards,
Mesich

Response Number 92

Name: mesich
Date: February 26, 2004 at 10:02:12 Pacific

Reply:

Hello everyone,
braindead1,
Have hijackthis fix these:
R3 - Default URLSearchHook is missing
O2 - BHO: myBar BHO - {0494D0D1-F8E0-41ad-92A3-14154ECE70AC} - C:\Program Files\MyWay\myBar\1.bin\MYBAR.DLL
O3 - Toolbar: &SearchBar - {0494D0D9-F8E0-41ad-92A3-14154ECE70AC} - C:\Program Files\MyWay\myBar\1.bin\MYBAR.DLL
O4 - HKLM\..\Run: [systray] C:\WINNT\system32\a.exe
Restart the computer.
Remove this folder:
C:\Program Files\MyWay
Remove this file:
C:\WINNT\system32\a.exe

Best Regards,
Mesich

Response Number 93

Name: mesich
Date: February 26, 2004 at 10:10:07 Pacific

Reply:

Hello everyone,
Jason,
You have a lot, I mean a lot of stuff that should be removed using Spybot and CWShredder.
Download and Update both of these and run them, then post back with a new log.
Best Regards,
Mesich

Response Number 94

Name: mesich
Date: February 26, 2004 at 10:25:09 Pacific

Reply:

Hello everyone,
Gerhartz2000,
Have hijackthis remove the following items:
R3 - URLSearchHook: (no name) - {CFBFAE00-17A6-11D0-99CB-00C04FD64497}_ - (no file)
R3 - URLSearchHook: (no name) - _{707E6F76-9FFB-4920-A976-EA101271BC25} - (no file)
O3 - Toolbar: (no name) - {71ED4FBA-4024-4bbe-91DC-9704C93F453E} - (no file)
O4 - HKLM\..\Run: [RunDLL] rundll32.exe "C:\WINDOWS\Downloaded Program Files\bridge.dll",Load
O4 - HKLM\..\Run: [systray] C:\WINDOWS\System32\a.exe
O4 - HKLM\..\Run: [nrgpiapr] C:\WINDOWS\System32\amzqwjav.exe
O4 - HKLM\..\Run: [New.net Startup] rundll32 C:\PROGRA~1\NEWDOT~1\NEWDOT~1.DLL,NewDotNetStartup
Restart the computer.
Delete these files:
C:\WINDOWS\Downloaded Program Files\bridge.dll
C:\WINDOWS\System32\a.exe

Delete this folder:
C:\Program Files\NEWDOTNET
Go here and download then run the LSPFix.
Post back with a new log when the above has been completed.
Best Regards,
Mesich

Response Number 95

Name: mesich
Date: February 26, 2004 at 10:57:35 Pacific

Reply:

Hello everyone
Harvey,
Have hijackthis remove the following:
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://www.blazefind.com
R3 - URLSearchHook: (no name) - _{CFBFAE00-17A6-11D0-99CB-00C04FD64497} - (no file)
R3 - URLSearchHook: (no name) - _{5D60FF48-95BE-4956-B4C6-6BB168A70310} - (no file)
O1 - Hosts: auto.search.msn.com
O1 - Hosts: search.netscape.com
O1 - Hosts: ieautosearch
O3 - Toolbar: IE Search Bar - {71ED4FBA-4024-4bbe-91DC-9704C93F453E} - c:\progra~1\iesearchbar\iesearchbar.dll
O4 - HKLM\..\Run: [blss] C:\Program Files\blss\blss.exe
O4 - HKLM\..\Run: [RunDLL] rundll32.exe "C:\WINDOWS\Downloaded Program Files\bridge.dll",Load
O4 - HKLM\..\Run: [Belt] C:\WINDOWS\Belt.exe
O4 - HKLM\..\Run: [updater] C:\Program Files\Common files\updater\wupdater.exe
O4 - HKLM\..\Run: [SAHAgent] C:\WINDOWS\System32\SahAgent.exe
O4 - HKLM\..\Run: [IEDriver] C:\WINDOWS\System32\IEDriver\IEDriver.exe
O4 - HKLM\..\Run: [New.net Startup] rundll32 C:\PROGRA~1\NEWDOT~1\NEWDOT~1.DLL,NewDotNetStartup
O4 - HKLM\..\Run: [winnet] C:\PROGRA~1\COMMON~2\ADDRES~1\winnet.exe
O4 - Global Startup: BigFix.lnk = C:\Program Files\BigFix\BigFix.exe
O4 - Global Startup: EPSON Status Monitor 3 Environment Check 2.lnk = C:\WINDOWS\system32\spool\drivers\w32x86\3\E_SRCV02.exe
O8 - Extra context menu item: Add A Page Note - C:\Program
Files\CommonName\AddressBar\createnote.htm
O8 - Extra context menu item: Bookmark This Page - C:\Program Files\CommonName\AddressBar\createbookmark.htm
O8 - Extra context menu item: Email This Link - C:\Program Files\CommonName\AddressBar\emaillink.htm
O8 - Extra context menu item: Search using CommonName - C:\Program Files\CommonName\AddressBar\navigate.htm
O10 - Hijacked Internet access by New.Net
O11 - Options group: [CommonName] CommonName
O16 - DPF: {00000EF1-0786-4633-87C6-1AA7A44296DA} (F1 Organizer Class) - http://www.netpaloffers.net/NetpalOffers/DMO1/Fr03tp.cab
O16 - DPF: {9C691A33-7DDA-4C2F-BE4C-C176083F35CF} (brdg Class) - http://www2.flingstone.com/cab/2000XP/bridge.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{C2FA4975-F3DC-4B8E-813D-57E93437ED8C}: NameServer = 195.92.195.94 195.92.195.95
Restart the computer.
Delete the following files:
C:\WINDOWS\System32\SahAgent.exe
C:\PROGRA~1\COMMON~2\ADDRES~1\winnet.exe
C:\WINDOWS\Belt.exe
C:\WINDOWS\Downloaded Program Files\bridge.dll
Delete the following folders:
C:\Program Files\iesearchbar
C:\Program Files\blss
C:\WINDOWS\System32\IEDriver
C:\PROGRAM Files\NEWDOT~1
C:\Program Files\BigFix
Best Regards,
Mesich

Response Number 96

Name: Harvey
Date: February 26, 2004 at 11:19:26 Pacific

Reply:

C:\PROGRAM Files\NEWDOT~1
C:\WINDOWS\Downloaded Program Files\bridge.dll
These were not there to remove.
C:\Program Files\BigFix
Tried to remove this and said programs will not run without it. Why do I need to remove this?
Thanks a lot, everything else worked.
Harvey

Response Number 97

Name: mesich
Date: February 26, 2004 at 11:26:00 Pacific

Reply:

Hi Harvey, hello everyone,
You can leave the BigFix folder. It just doesn't need to run at StartUp.
If the other folders and files don't exist, great.
You could post back with another log if you like and we can ensure that it is clean now.
Best Regards,
Mesich

Response Number 98

Name: Harvey
Date: February 26, 2004 at 12:40:26 Pacific

Reply:

Logfile of HijackThis v1.97.7
Scan saved at 20:39:20, on 26/02/2004
Platform: Windows XP SP1 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Common Files\Symantec Shared\ccProxy.exe
C:\WINDOWS\system32\cisvc.exe
C:\Program Files\Common Files\EPSON\EBAPI\SAgent2.exe
C:\Program Files\Norton Internet Security\Norton AntiVirus\navapsvc.exe
C:\WINDOWS\System32\nvsvc32.exe
C:\Program Files\Norton Internet Security\Norton AntiVirus\SAVScan.exe
C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
C:\WINDOWS\Explorer.exe
C:\WINDOWS\zHotkey.exe
C:\Program Files\Alcatel\SpeedTouch USB\Dragdiag.exe
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\Program Files\Messenger Plus! 2\MsgPlus.exe
C:\DOCUME~1\Family\APPLIC~1\sglstied.exe
C:\Program Files\Real\RealPlayer\RealPlay.exe
C:\DOCUME~1\Family\LOCALS~1\Temp\Mec1.exe
C:\Program Files\Messenger\msmsgs.exe
C:\WINDOWS\system32\cidaemon.exe
C:\Program Files\MSN Messenger\msnmsgr.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\PROGRA~1\WINZIP\winzip32.exe
C:\unzipped\hijackthis1977\HijackThis.exe
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = file://C:\WINDOWS\System32\sb.htm
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.freeserve.com/
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Microsoft Internet Explorer provided by Freeserve
O1 - Hosts: 207.36.196.189 auto.search.msn.com
O1 - Hosts: 207.36.196.189 search.netscape.com
O1 - Hosts: 207.36.196.189 ieautosearch
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.exe C:\WINDOWS\System32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [CHotkey] zHotkey.exe
O4 - HKLM\..\Run: [SpeedTouch USB Diagnostics] "C:\Program Files\Alcatel\SpeedTouch USB\Dragdiag.exe" /icon
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [URLLSTCK.exe] C:\Program Files\Norton Internet Security\UrlLstCk.exe
O4 - HKLM\..\Run: [NeroCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [MessengerPlus2] "C:\Program Files\Messenger Plus! 2\MsgPlus.exe"
O4 - HKLM\..\Run: [xwftr] C:\DOCUME~1\Family\APPLIC~1\sglstied.exe -QuieT
O4 - HKLM\..\Run: [RealTray] C:\Program Files\Real\RealPlayer\RealPlay.exe SYSTEMBOOTHIDEPLAYER
O4 - HKLM\..\Run: [winnet] p8�w��D�wp}�w:��w@�\winnet.exe
O4 - HKCU\..\Run: [Shareaza] "C:\Program Files\Shareaza\Shareaza.exe" -tray
O4 - HKCU\..\Run: [MoneyAgent] "C:\Program Files\Microsoft Money\System\mnyexpr.exe"
O4 - HKCU\..\Run: [Microsoft Works Update Detection] c:\Program Files\Microsoft Works\WkDetect.exe
O4 - HKCU\..\Run: [MessengerPlus2] "C:\Program Files\Messenger Plus! 2\MsgPlus.exe" /WinStart
O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\MSN Messenger\msnmsgr.exe" /background
O4 - Startup: MemTurbo.lnk = C:\Program Files\Silicon Prairie Software\MemTurbo\memturbo.exe
O4 - Global Startup: MemTurbo.lnk = C:\Program Files\Silicon Prairie Software\MemTurbo\memturbo.exe
O9 - Extra 'Tools' menuitem: MaxSpeed (HKLM)
O9 - Extra button: Research (HKLM)
O9 - Extra button: Related (HKLM)
O9 - Extra 'Tools' menuitem: Show &Related Links (HKLM)
O9 - Extra button: Real.com (HKLM)
O9 - Extra button: Money Viewer (HKLM)
O9 - Extra button: Messenger (HKLM)
O9 - Extra 'Tools' menuitem: Windows Messenger (HKLM)
O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll
O14 - IERESET.INF: START_PAGE_URL=http://www.freeserve.com/
O16 - DPF: {00B71CFB-6864-4346-A978-C0A14556272C} (Checkers Class) - http://messenger.zone.msn.com/binary/msgrchkr.cab
O16 - DPF: {166B1BCA-3F9C-11CF-8075-444553540000} (Shockwave ActiveX Control) - http://download.macromedia.com/pub/shockwave/cabs/director/sw.cab
O16 - DPF: {2917297F-F02B-4B9D-81DF-494B6333150B} (Minesweeper Flags Class) - http://messenger.zone.msn.com/binary/MineSweeper.cab
O16 - DPF: {33564D57-0000-0010-8000-00AA00389B71} - http://download.microsoft.com/download/F/6/E/F6E491A6-77E1-4E20-9F5F-94901338C922/wmv9VCM.CAB
O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsClient.cab
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://download.macromedia.com/pub/shockwave/cabs/flash/swflash.cab
O16 - DPF: {E4961D20-6367-4C75-BCF3-5213C29A827C} (llamapro) - https://www.pimpwar.com/crew/llamapro/llamapro.cab
O16 - DPF: {F6BF0D00-0B2A-4A75-BF7B-F385591623AF} (Solitaire Showdown Class) - http://messenger.zone.msn.com/binary/SolitaireShowdown.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{C2FA4975-F3DC-4B8E-813D-57E93437ED8C}: NameServer = 195.92.195.94 195.92.195.95
Thanks a lot for the great and easy to follow help.
Help

Response Number 99

Name: JD22964
Date: February 26, 2004 at 15:17:03 Pacific

Reply:

I'd appreciate any advice you can offer, Mesich. I've updated and run Ad-aware, Spybot, CWShredder and still have the bridge.dll problem. Do you have the time to look over my HijackThis log?
JD

Response Number 100

Name: joshik151
Date: February 26, 2004 at 16:00:47 Pacific

Reply:

can ad aware remove it?

Response Number 101

Name: jbjjmeltz
Date: February 26, 2004 at 17:16:35 Pacific

Reply:

Hello everyone,
IF you could please look at the log and recommend what to delete, it will be greatly appreciated.
Logfile of HijackThis v1.97.7
Scan saved at 2:17:04 PM, on 2/26/2004
Platform: Windows ME (Win9x 4.90.3000)
MSIE: Internet Explorer v5.50 (5.50.4134.0600)
Running processes:
C:\WINDOWS\SYSTEM\KERNEL32.DLL
C:\WINDOWS\SYSTEM\MSGSRV32.exe
C:\WINDOWS\SYSTEM\SPOOL32.exe
C:\WINDOWS\SYSTEM\MPREXE.exe
C:\WINDOWS\SYSTEM\mmtask.tsk
C:\WINDOWS\SYSTEM\DEVLDR16.exe
C:\WINDOWS\EXPLORER.exe
C:\WINDOWS\SYSTEM\A.exe
C:\PROGRAM FILES\DESKTOP MESSENGER\8876480\PROGRAM\BACKWEB-8876480.exe
C:\WINDOWS\SYSTEM\PSTORES.exe
C:\WINDOWS\SYSTEM\DDHELP.exe
C:\PROGRAM FILES\WINRAR\WINRAR.exe
C:\WINDOWS\TEMP\RAR$EX02.723\HIJACKTHIS.exe
R1 - HKCU\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://lxhcdl.t.muxa.cc/s.php?aid=33 (obfuscated)
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://lxhcdl.t.muxa.cc/h.php?aid=33 (obfuscated)
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://lxhcdl.t.muxa.cc/s.php?aid=33 (obfuscated)
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://lxhcdl.t.muxa.cc/s.php?aid=33 (obfuscated)
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.comcast.net
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Microsoft Internet Explorer provided by Comcast High-Speed Internet
R3 - Default URLSearchHook is missing
O2 - BHO: (no name) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\PROGRAM FILES\YAHOO!\COMPANION\INSTALLS\CPN\YCOMP5_3_11_0.DLL
O2 - BHO: (no name) - {BDF3E430-B101-42AD-A544-FADC6B084872} - C:\Program Files\Norton AntiVirus\NavShExt.dll
O2 - BHO: (no name) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\PROGRAM FILES\ADOBE\ACROBAT 5.0\READER\ACTIVEX\ACROIEHELPER.OCX
O2 - BHO: (no name) - {F2AF8678-C8C6-4C41-97C4-887791DBAEB7} - C:\WINDOWS\SYSTEM\MOZ030715S.DLL
O2 - BHO: (no name) - {A4CE7B5A-1114-4880-B12E-0636F09D54A9} - C:\WINDOWS\SYSTEM\FMNLCNRO.DLL
O3 - Toolbar: @msdxmLC.dll,-1@1033,&Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\SYSTEM\MSDXM.OCX
O4 - HKLM\..\Run: [Windows Logon Application] C:\WINDOWS\winlogon.exe
O4 - HKLM\..\Run: [systray] C:\WINDOWS\SYSTEM\A.exe
O4 - HKLM\..\Run: [devldr16.exe] C:\WINDOWS\SYSTEM\devldr16.exe
O4 - HKLM\..\Run: [RunDLL] rundll32.exe "C:\WINDOWS\SYSTEM\BRIDGE.DLL",Load
O4 - HKLM\..\RunServices: [Windows Logon Application] C:\WINDOWS\winlogon.exe
O4 - HKLM\..\RunServices: [systray] C:\WINDOWS\SYSTEM\A.exe
O4 - HKLM\..\RunServices: [devldr16.exe] C:\WINDOWS\SYSTEM\devldr16.exe
O4 - HKLM\..\RunServices: [RunDLL] rundll32.exe "C:\WINDOWS\SYSTEM\BRIDGE.DLL",Load
O4 - HKCU\..\Run: [MoneyAgent] "C:\Program Files\Microsoft Money\System\Money Express.exe"
O4 - HKCU\..\Run: [LDM] C:\Program Files\Desktop Messenger\8876480\Program\BackWeb-8876480.exe
O4 - HKCU\..\Run: [Yahoo! Pager] C:\Program Files\Yahoo!\Messenger\ypager.exe -quiet
O8 - Extra context menu item: &Define - C:\Program Files\Common Files\Microsoft Shared\Reference 2001\A\ERS_DEF.HTM
O8 - Extra context menu item: Look Up in &Encyclopedia - C:\Program Files\Common Files\Microsoft Shared\Reference 2001\A\ERS_ENC.HTM
O9 - Extra button: Messenger (HKLM)
O9 - Extra 'Tools' menuitem: MSN Messenger Service (HKLM)
O9 - Extra button: Encarta Encyclopedia (HKLM)
O9 - Extra 'Tools' menuitem: Encarta Encyclopedia (HKLM)
O9 - Extra button: Define (HKLM)
O9 - Extra 'Tools' menuitem: Define (HKLM)
O9 - Extra button: Real.com (HKLM)
O9 - Extra button: AIM (HKLM)
O9 - Extra button: Dell Home (HKCU)
O12 - Plugin for .spop: C:\PROGRA~1\INTERN~1\Plugins\NPDocBox.dll
O12 - Plugin for .ASP: C:\PROGRA~1\INTERN~1\PLUGINS\nppdf32.dll
O14 - IERESET.INF: START_PAGE_URL=http://www.comcast.net
O16 - DPF: {7CF052DE-C74F-421B-B04A-3B3037EF5887} (CCMPGui Class) - http://64.124.45.181/chaincast/proxy/CCMP.cab
O16 - DPF: {5CC238A9-F547-49F9-BEC1-B4F03A3C566F} (hyperX Class) - http://nbafantasylive.hypertv.com/nba/stage/recv/dcn/hyperX.cab
O16 - DPF: Yahoo! Go Fish - http://download.games.yahoo.com/games/clients/y/zt3_x.cab
O16 - DPF: {6F6DBC29-7A0C-4AC0-A42D-10EC70678526} (Word Cubes Control) - http://mirror.worldwinner.com/games/v40/wordcube/wordcube.cab
O16 - DPF: {BA94245D-2AA0-4953-9D9F-B0EE4CC02C43} (Tilecity Control) - http://mirror.worldwinner.com/games/v40/tilecity/tilecity.cab
O16 - DPF: {5EE92643-21CE-4949-903F-39439DCC3944} (Shapetris Control) - http://mirror.worldwinner.com/games/v42/shape/shape.cab
O16 - DPF: {6BB594E2-6E4D-4CC9-98B0-931C323F9165} (DepHlp Control) - http://www.worldwinner.com/games/shared/dephlp.cab
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://download.macromedia.com/pub/shockwave/cabs/flash/swflash.cab
O16 - DPF: {17163BB4-107E-11D4-9B76-006097DF2317} (EABootStrap Class) - http://www.ea.com/downloads/games/common/boot_strap/iegils.cab
O16 - DPF: {90C9629E-CD32-11D3-BBFB-00105A1F0D68} (InstallShield International Setup Player) - http://www.installengine.com/engine/isetup.cab
O16 - DPF: {166B1BCA-3F9C-11CF-8075-444553540000} (Shockwave ActiveX Control) - http://download.macromedia.com/pub/shockwave/cabs/director/sw.cab
O16 - DPF: {6D5FCFCB-FA6C-4CFB-9918-5F0A9F7365F2} - http://www.gigex.com/tv/igor/gigexagent.dll
O16 - DPF: {70BA88C8-DAE8-4CE9-92BB-979C4A75F53B} (GSDACtl Class) - http://launch.gamespyarcade.com/software/launch/alaunch.cab
O16 - DPF: {90A29DA5-D020-4B18-8660-6689520C7CD7} (DmiReader Class) - http://ftp.us.dell.com/fixes/PROFILER.CAB
O16 - DPF: {F7DC2A2E-FC34-11D3-B1D9-00A0C99B41BB} (Zoom Class) - http://www.zoomify.com/download/zoomify305.cab
O16 - DPF: Yahoo! NBA StatTracker - http://aud5.sports.yahoo.com/java/y/nbast8262_x.cab
O16 - DPF: {2B323CD9-50E3-11D3-9466-00A0C9700498} - http://us.chat1.yimg.com/us.yimg.com/i/chat/applet/v43/yacscom.cab
O16 - DPF: Yahoo! Chat - http://us.chat1.yimg.com/us.yimg.com/i/chat/applet/c381/chat.cab
O16 - DPF: {56336BCB-3D8A-11D6-A00B-0050DA18DE71} (RdxIE Class) - http://207.188.7.150/04832f0e984e3a718702/netzip/RdxIE601.cab
O16 - DPF: {7D1E9C49-BD6A-11D3-87A8-009027A35D73} - http://chat.yahoo.com/cab/yacsui.cab
O16 - DPF: {11260943-421B-11D0-8EAC-0000C07D88CF} (iPIX ActiveX Control) - http://www.ipix.com/download/ipixx.cab
O16 - DPF: {9F1C11AA-197B-4942-BA54-47A8489BB47F} (Update Class) - http://v4.windowsupdate.microsoft.com/CAB/x86/ansi/iuctl.CAB?37873.7792361111
O16 - DPF: Pop Fu by pogo.com - http://popfu.pogo.com/applet/popfu/popfu-ob-assets.cab
O16 - DPF: {30528230-99F7-4BB4-88D8-FA1D4F56A2AB} (YInstStarter Class) - http://download.yahoo.com/dl/installs/yinst0309.cab

Response Number 102

Name: Gerhartz2000
Date: February 26, 2004 at 17:45:14 Pacific

Reply:

Alright I deleted all the files that you requested, except I was unable to delete the NEWDOTNET folder. Also I was unable to find
C:\WINDOWS\Downloaded Program Files\bridge.dll on my computer. And I was unable to delete the following file completely: C:\WINDOWS\System32\a.exe. Finally I performed the download you requested and ran the program. Here is my new HijackThis log file:
Logfile of HijackThis v1.97.7
Scan saved at 5:33:23 PM, on 2/26/2004
Platform: Windows XP (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 (6.00.2600.0000)
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.exe
C:\PROGRA~1\mcafee.com\agent\mcagent.exe
C:\Program Files\QuickTime\qttask.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\PROGRA~1\mcafee.com\PERSON~1\MpfTray.exe
C:\PROGRA~1\mcafee.com\vso\mcvsshld.exe
c:\progra~1\mcafee.com\vso\mcvsescn.exe
C:\WINDOWS\System32\rundll32.exe
C:\PROGRA~1\mcafee.com\PERSON~1\MpfAgent.exe
C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
C:\WINDOWS\System32\PackethSvc.exe
C:\PROGRA~1\COMMON~1\AOL\ACS\acsd.exe
c:\PROGRA~1\mcafee.com\vso\mcvsrte.exe
C:\PROGRA~1\mcafee.com\PERSON~1\MPFSERVICE.exe
C:\WINDOWS\System32\nvsvc32.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\wanmpsvc.exe
c:\PROGRA~1\mcafee.com\vso\mcshield.exe
C:\Program Files\America Online 9.0\waol.exe
C:\Program Files\America Online 9.0\shellmon.exe
C:\Program Files\America Online 9.0\aolwbspd.exe
C:\Documents and Settings\Owner\My Documents\HijackThis.exe
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://srch-us4.hpwis.com/
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://srch-us4.hpwis.com/
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://aol.com/
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://us4.hpwis.com/
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://srch-us4.hpwis.com/
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://us4.hpwis.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://srch-us4.hpwis.com/
R3 - URLSearchHook: (no name) - {CFBFAE00-17A6-11D0-99CB-00C04FD64497}_ - (no file)
R3 - URLSearchHook: TvmBho Class - {707E6F76-9FFB-4920-A976-EA101271BC25} - C:\Program Files\TV Media\TvmBho.dll
O2 - BHO: (no name) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx
O2 - BHO: (no name) - {707E6F76-9FFB-4920-A976-EA101271BC25} - C:\Program Files\TV Media\TvmBho.dll
O2 - BHO: (no name) - {FDD3B846-8D59-4ffb-8758-209B6AD74ACC} - c:\Program Files\Microsoft Money\System\mnyviewer.dll
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx
O3 - Toolbar: McAfee VirusScan - {BA52B914-B692-46c4-B683-905236F6F655} - c:\progra~1\mcafee.com\vso\mcvsshl.dll
O4 - HKLM\..\Run: [MCUpdateExe] C:\PROGRA~1\mcafee.com\agent\mcupdate.exe
O4 - HKLM\..\Run: [MCAgentExe] c:\PROGRA~1\mcafee.com\agent\mcagent.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [MPFExe] C:\PROGRA~1\mcafee.com\PERSON~1\MpfTray.exe
O4 - HKLM\..\Run: [VSOCheckTask] "c:\PROGRA~1\mcafee.com\vso\mcmnhdlr.exe" /checktask
O4 - HKLM\..\Run: [VirusScan Online] "c:\PROGRA~1\mcafee.com\vso\mcvsshld.exe"
O4 - HKLM\..\Run: [TrojanScanner] C:\Program Files\Trojan Remover\Trjscan.exe
O4 - HKLM\..\Run: [TV Media] C:\Program Files\TV Media\Tvm.exe
O4 - HKLM\..\Run: [New.net Startup] rundll32 C:\PROGRA~1\NEWDOT~1\NEWDOT~1.DLL,NewDotNetStartup
O4 - HKCU\..\Run: [Microsoft Works Update Detection] c:\Program Files\Microsoft Works\WkDetect.exe
O4 - HKCU\..\Run: [TV Media] C:\Program Files\TV Media\Tvm.exe
O4 - Global Startup: hp center UI.lnk = C:\Program Files\hp center\137903\Shadow\ShadowBar.exe
O4 - Global Startup: hp center.lnk = C:\Program Files\hp center\137903\Program\BackWeb-137903.exe
O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
O9 - Extra button: MktBrowser (HKLM)
O9 - Extra 'Tools' menuitem: MarketBrowser (HKLM)
O9 - Extra button: Researcher (HKLM)
O9 - Extra button: Real.com (HKLM)
O9 - Extra button: MoneySide (HKLM)
O10 - Hijacked Internet access by New.Net
O10 - Hijacked Internet access by New.Net
O10 - Hijacked Internet access by New.Net
O10 - Hijacked Internet access by New.Net
O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll
O16 - DPF: {166B1BCA-3F9C-11CF-8075-444553540000} (Shockwave ActiveX Control) - http://active.macromedia.com/director/cabs/sw.cab
O16 - DPF: {4A3CF76B-EC7A-405D-A67D-8DC6B52AB35B} (QDiagAOLCCUpdateObj Class) - http://aolcc.aol.com/computercheckup/qdiagcc.cab
O16 - DPF: {4ED9DDF0-7479-4BBE-9335-5A1EDB1D8A21} (McAfee.com Operating System Class) - http://download.av.aol.com/molbin/shared/mcinsctl/en-us/4,0,0,77/mcinsctl.cab
O16 - DPF: {76D90D08-EAB7-46D8-BF99-87445BF59E72} (SystemInfo Class) - http://directv.direcway.com/dwayready/dpcsysinfo.cab
O16 - DPF: {9522B3FB-7A2B-4646-8AF6-36E7F593073C} (cpbrkpie Control) - http://a19.g.akamai.net/7/19/7125/1435/ftp.coupons.com/v3123/cpbrkpie.cab
O16 - DPF: {BCC0FF27-31D9-4614-A68E-C18E1ADA4389} (DwnldGroupMgr Class) - http://download.av.aol.com/molbin/shared/mcgdmgr/en-us/1,0,0,18/mcgdmgr.cab
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://download.macromedia.com/pub/shockwave/cabs/flash/swflash.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{5E2A3A25-1A5D-4B6D-9414-D96319F39954}: NameServer = 198.81.18.4
Thanks for all you help

Response Number 103

Name: eod95
Date: February 26, 2004 at 19:32:33 Pacific

Reply:

I was having the same trouble with the bridge.dll I have that fixed but would like some help with the hijackthis log.
Logfile of HijackThis v1.97.7
Scan saved at 10:24:56 PM, on 2/26/2004
Platform: Windows XP SP1 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.exe
C:\WINDOWS\System32\taskswitch.exe
C:\WINDOWS\System32\fast.exe
C:\Program Files\NavNT\vptray.exe
C:\Program Files\QuickTime\qttask.exe
C:\Program Files\Microsoft Hardware\Keyboard\type32.exe
C:\Program Files\NavNT\defwatch.exe
C:\Program Files\NavNT\rtvscan.exe
C:\WINDOWS\system32\pcs\pcsvc.exe
C:\WINDOWS\System32\jsxmcwum.exe
C:\Program Files\Messenger\MSMSGS.exe
C:\WINDOWS\System32\wnstssv.exe
C:\Program Files\Adobe\Acrobat 6.0\Distillr\acrotray.exe
C:\WINDOWS\System32\nvsvc32.exe
C:\WINDOWS\System32\Fast.exe
C:\WINDOWS\System32\Iklbq.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Documents and Settings\Main\Desktop\HijackThis.exe
C:\WINDOWS\System32\EgndGcW1.exe
C:\WINDOWS\System32\MsgSys.exe
R3 - URLSearchHook: (no name) - _{CFBFAE00-17A6-11D0-99CB-00C04FD64497} - (no file)
R3 - URLSearchHook: (no name) - _{5D60FF48-95BE-4956-B4C6-6BB168A70310} - (no file)
O2 - BHO: (no name) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 6.0\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Program Files\Adobe\Acrobat 6.0\Acrobat\AcroIEFavClient.dll
O2 - BHO: (no name) - {ED761AC8-F51F-46CD-BA58-92F9F89C713D} - C:\WINDOWS\System32\keymgjr.dll (file missing)
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx
O3 - Toolbar: (no name) - {71ED4FBA-4024-4bbe-91DC-9704C93F453E} - (no file)
O4 - HKLM\..\Run: [CoolSwitch] C:\WINDOWS\System32\taskswitch.exe
O4 - HKLM\..\Run: [FastUser] C:\WINDOWS\System32\fast.exe
O4 - HKLM\..\Run: [vptray] C:\Program Files\NavNT\vptray.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.exe C:\WINDOWS\System32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [IntelliType] "C:\Program Files\Microsoft Hardware\Keyboard\type32.exe"
O4 - HKLM\..\Run: [WebSavingsfromEbates] javaw -cp "C:\Program Files\WebSavingsfromEbates\System\Code" Main lp: "C:\Program Files\WebSavingsfromEbates"
O4 - HKLM\..\Run: [PopUpInspector] C:\Program Files\GIANT Company Software inc\PopUp Inspector\PopUpInspector.exe
O4 - HKLM\..\Run: [54#EM375QRB86T] C:\WINDOWS\System32\Jel38T2.exe
O4 - HKLM\..\Run: [AutoUpdater] "C:\Program Files\AutoUpdate\AutoUpdate.exe"
O4 - HKLM\..\Run: [Pcsv] C:\WINDOWS\system32\pcs\pcsvc.exe
O4 - HKLM\..\Run: [nczzvxnw] C:\WINDOWS\System32\jsxmcwum.exe
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\MSMSGS.exe" /background
O4 - HKCU\..\Run: [Aobs] C:\Documents and Settings\Main\Application Data\caoo.exe
O4 - HKCU\..\Run: [WNSA] C:\WINDOWS\System32\wnstssv.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.exe
O4 - Global Startup: Adobe Gamma Loader.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Global Startup: Acrobat Assistant.lnk = C:\Program Files\Adobe\Acrobat 6.0\Distillr\acrotray.exe
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
O8 - Extra context menu item: Linked Ima&ges - C:\Program Files\IEimage\IEimage.htm
O8 - Extra context menu item: Stop popups from this web page - C:\Program Files\GIANT Company Software inc\PopUp Inspector\denysite.htm
O9 - Extra button: Messenger (HKLM)
O9 - Extra 'Tools' menuitem: Windows Messenger (HKLM)
O10 - Broken Internet access because of LSP provider 'vnsp.dll' missing
O16 - DPF: {9F1C11AA-197B-4942-BA54-47A8489BB47F} (Update Class) - http://v4.windowsupdate.microsoft.com/CAB/x86/unicode/iuctl.CAB?38043.7892708333
Thanks for the help

Response Number 104

Name: mesich
Date: February 27, 2004 at 04:39:34 Pacific

Reply:

Hello everyone,
Harvey,
Go to Start and All Programs.
Go to CommonName and to Uninstall CommonName Toolbar
After uninstalling it check the hijackthis log for this entry and delete it if it still exist.
O4 - HKLM\..\Run: [winnet] p8�w��D�wp}�w:��w@�\winnet.exe
JD,
Post your log and I shall take a look at it.
joshik,
Everyone in this thread has ran either AdAware or Spybot along with CWShredder. It appears they get rid of most of it but, leave behind several of the registry entries.
Joel, Gerhartz2000, and Brad,
I will check your logs as soon as I return from taking my son to school.
Best Regards,
Mesich

Response Number 105

Name: mesich
Date: February 27, 2004 at 07:44:05 Pacific

Reply:

Hello everyone,
Gerhartz2000,
First download LSP Fix
Do not run it yet.
Go to Add/Remove Programs in the Control Panel and Remove NewDotNet.
After removing if you have problems running Internet Explorer run the LSP Fix. If you connect to the internet OK then don't run it.
Post back with a new log after removing NewDotNet.
Best Regards,
Mesich

Response Number 106

Name: mesich
Date: February 27, 2004 at 08:02:25 Pacific

Reply:

Hello everyone,
Joel,
Have hijackthis remove the following:
R1 - HKCU\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://lxhcdl.t.muxa.cc/s.php?aid=33 (obfuscated)
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://lxhcdl.t.muxa.cc/h.php?aid=33 (obfuscated)
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://lxhcdl.t.muxa.cc/s.php?aid=33 (obfuscated)
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://lxhcdl.t.muxa.cc/s.php?aid=33 (obfuscated
O4 - HKLM\..\Run: [Windows Logon Application] C:\WINDOWS\winlogon.exe
O4 - HKLM\..\Run: [RunDLL] rundll32.exe "C:\WINDOWS\SYSTEM\BRIDGE.DLL",Load
O4 - HKLM\..\RunServices: [Windows Logon Application] C:\WINDOWS\winlogon.exe
O4 - HKLM\..\RunServices: [systray] C:\WINDOWS\SYSTEM\A.exe
O4 - HKLM\..\RunServices: [RunDLL] rundll32.exe "C:\WINDOWS\SYSTEM\BRIDGE.DLL",Load
O16 - DPF: {56336BCB-3D8A-11D6-A00B-0050DA18DE71} (RdxIE Class) - http://207.188.7.150/04832f0e984e3a718702/netzip/RdxIE601.cab
Restart the computer and delete the following files.
C:\WINDOWS\winlogon.exe
C:\WINDOWS\SYSTEM\BRIDGE.DLL
C:\WINDOWS\SYSTEM\A.exe
Just to clarify the winlogon.exe. This is not the legitimate winlogon.exe you find on an NT based operating system. The legitimate file is located in C:\Windows\System or C:\Windows\System32. The winlogon.exe in the C:\Windows directory is a hijacker.
Best Regards,
Mesich

Response Number 107

Name: mesich
Date: February 27, 2004 at 08:45:45 Pacific

Reply:

Hello everyone,
Brad,
Have hijackthis remove the following:
R3 - URLSearchHook: (no name) - _{CFBFAE00-17A6-11D0-99CB-00C04FD64497} - (no file)
R3 - URLSearchHook: (no name) - _{5D60FF48-95BE-4956-B4C6-6BB168A70310} - (no file)
O2 - BHO: (no name) - {ED761AC8-F51F-46CD-BA58-92F9F89C713D} - C:\WINDOWS\System32\keymgjr.dll (file missing)
O3 - Toolbar: (no name) - {71ED4FBA-4024-4bbe-91DC-9704C93F453E} - (no file)
This next one is Adware and should be removed via the Add/Remove Programs in the Control Panel.
O4 - HKLM\..\Run: [WebSavingsfromEbates] javaw -cp "C:\Program Files\WebSavingsfromEbates\System\Code" Main lp: "C:\Program Files\WebSavingsfromEbates"
It should be listed as WebSavings there.
These next entries I could find nothing about. Search all my databases and the internet. An online virus scan would be a good idea, it certainly wouldn't hurt.
Housecall
O4 - HKLM\..\Run: [54#EM375QRB86T] C:\WINDOWS\System32\Jel38T2.exe
O4 - HKLM\..\Run: [AutoUpdater] "C:\Program Files\AutoUpdate\AutoUpdate.exe"
O4 - HKLM\..\Run: [Pcsv] C:\WINDOWS\system32\pcs\pcsvc.exe
O4 - HKLM\..\Run: [nczzvxnw] C:\WINDOWS\System32\jsxmcwum.exe
O4 - HKCU\..\Run: [Aobs] C:\Documents and Settings\Main\Application Data\caoo.exe
O4 - HKCU\..\Run: [WNSA] C:\WINDOWS\System32\wnstssv.exe
I suggest having hijackthis fix these items.
Removing those entries for the items will stop them from running at StartUp. I would then rename each of the files to .old and leave them like that for several days or even a week. If you find you have no problems, I would then delete the files.
C:\WINDOWS\System32\Jel38T2.exe
C:\Program Files\AutoUpdate\AutoUpdate.exe
C:\WINDOWS\system32\pcs\pcsvc.exe
C:\WINDOWS\System32\jsxmcwum.exe
C:\Documents and Settings\Main\
Application Data\caoo.exe
C:\WINDOWS\System32\wnstssv.exe
Best Regards,
Mesich

Response Number 108

Name: mj_skratch
Date: February 27, 2004 at 10:43:06 Pacific

Reply:

Please could you help! I've had the same problem as others on this forum, I've run spybot and CWShredder, and neither of them have gotten rid of my problem, HiJackThis has come up with the following:
Logfile of HijackThis v1.97.7
Scan saved at 18:41:52, on 27/02/04
Platform: Windows 98 SE (Win9x 4.10.2222A)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)
Running processes:
C:\WINDOWS\SYSTEM\KERNEL32.DLL
C:\WINDOWS\SYSTEM\MSGSRV32.exe
C:\WINDOWS\SYSTEM\SPOOL32.exe
C:\WINDOWS\SYSTEM\MPREXE.exe
C:\PROGRAM FILES\GRISOFT\AVG6\AVGSERV9.exe
C:\PROGRAM FILES\MESSENGER PLUS! 2\MSGPLUS.exe
C:\WINDOWS\SYSTEM\mmtask.tsk
C:\WINDOWS\EXPLORER.exe
C:\WINDOWS\TASKMON.exe
C:\WINDOWS\SYSTEM\SYSTRAY.exe
C:\PROGRAM FILES\ADAPTEC\EASY CD CREATOR 5\DIRECTCD\DIRECTCD.exe
C:\WINDOWS\SYSTEM\ATIPTAXX.exe
C:\PROGRAM FILES\TRUST\AMI MOUSE SCROLL PRO\4DMAIN.exe
C:\PROGRAM FILES\GRISOFT\AVG6\AVGCC32.exe
C:\WINDOWS\LOADQM.exe
C:\PROGRAM FILES\MICROSOFT HARDWARE\DNETC.exe
C:\WINDOWS\RUNDLL32.exe
C:\PROGRAM FILES\NETPUMPER\NETPUMPERIEPROXY.exe
C:\WINDOWS\MXOALDR.exe
C:\WINDOWS\SYSTEM\PSTORES.exe
C:\PROGRAM FILES\COMMON FILES\REAL\UPDATE_OB\REALSCHED.exe
C:\WINDOWS\SYSTEM\MSTASK.exe
C:\PROGRAM FILES\MYWAY\BAR\1.BIN\MWSOEMON.exe
C:\PROGRAM FILES\MSN MESSENGER\MSNMSGR.exe
C:\PROGRAM FILES\WIDCOMM\BLUETOOTH SOFTWARE\BTTRAY.exe
C:\WINDOWS\SYSTEM\WMIEXE.exe
C:\PROGRAM FILES\MICROSOFT OFFICE\OFFICE\1033\MSOFFICE.exe
C:\PROGRAM FILES\WIDCOMM\BLUETOOTH SOFTWARE\BTSTACKSERVER.exe
C:\PROGRAM FILES\INTERNET EXPLORER\IEXPLORE.exe
C:\PROGRAM FILES\NETPUMPER\NETPUMPER.exe
C:\WINDOWS\TEMP\MSBB.exe
C:\WINDOWS\SYSTEM\DDHELP.exe
C:\MY DOCUMENTS\MY SOFTWARE\HIJACKTHIS.exe
O2 - BHO: (no name) - {2843DAC1-05EF-11D2-95BA-0060083493D6} - C:\WINDOWS\SPEECH\DRAGON\WEB_IE.DLL
O2 - BHO: (no name) - {4A2AACF3-ADF6-11D5-98A9-00E018981B9E} - C:\Program Files\NewDotNet\newdotnet4_50.dll
O2 - BHO: (no name) - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar2.dll
O2 - BHO: (no name) - {9C691A33-7DDA-4C2F-BE4C-C176083F35CF} - C:\WINDOWS\SYSTEM\BRIDGE.DLL
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\SYSTEM\MSDXM.OCX
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar2.dll
O4 - HKLM\..\Run: [ScanRegistry] C:\WINDOWS\scanregw.exe /autorun
O4 - HKLM\..\Run: [TaskMonitor] C:\WINDOWS\taskmon.exe
O4 - HKLM\..\Run: [SystemTray] SysTray.exe
O4 - HKLM\..\Run: [LoadPowerProfile] Rundll32.exe powrprof.dll,LoadCurrentPwrScheme
O4 - HKLM\..\Run: [AdaptecDirectCD] "C:\Program Files\Adaptec\Easy CD Creator 5\DirectCD\DirectCD.exe"
O4 - HKLM\..\Run: [AtiPTA] Atiptaxx.exe
O4 - HKLM\..\Run: [WheelMouse] 4dmain.exe
O4 - HKLM\..\Run: [AVG_CC] C:\PROGRA~1\GRISOFT\AVG6\avgcc32.exe /STARTUP
O4 - HKLM\..\Run: [LoadQM] loadqm.exe
O4 - HKLM\..\Run: [Windows Update Files] C:\Program Files\microsoft hardware\dnetc.exe
O4 - HKLM\..\Run: [New.net Startup] rundll32 C:\PROGRA~1\NEWDOT~1\NEWDOT~1.DLL,NewDotNetStartup
O4 - HKLM\..\Run: [NetPumper] "C:\Program Files\NetPumper\NetPumperIEProxy.exe"
O4 - HKLM\..\Run: [CriticalUpdate] C:\WINDOWS\SYSTEM\wucrtupd.exe -startup
O4 - HKLM\..\Run: [BtStart] C:\Program Files\WIDCOMM\Bluetooth Software\bin\btstart.exe
O4 - HKLM\..\Run: [MXO Auto Loader] C:\WINDOWS\MXOALDR.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\WINDOWS\SYSTEM\QTTASK.exe" -atboottime
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [MyWebSearch Email Plugin] C:\PROGRA~1\MYWAY\BAR\1.BIN\MWSOEMON.exe
O4 - HKLM\..\Run: [CFJMPSW] C:\WINDOWS\CFJMPSW.exe
O4 - HKLM\..\Run: [RunDLL] rundll32.exe "C:\WINDOWS\SYSTEM\BRIDGE.DLL",Load
O4 - HKLM\..\Run: [systray] C:\WINDOWS\SYSTEM\A.exe
O4 - HKLM\..\Run: [BVIPP] C:\WINDOWS\BVIPP.exe
O4 - HKLM\..\Run: [ADGKQT] C:\WINDOWS\ADGKQT.exe
O4 - HKLM\..\Run: [msbb] C:\WINDOWS\TEMP\MSBB.exe
O4 - HKLM\..\Run: [CPND] C:\WINDOWS\CPND.exe
O4 - HKLM\..\RunServices: [LoadPowerProfile] Rundll32.exe powrprof.dll,LoadCurrentPwrScheme
O4 - HKLM\..\RunServices: [ATIPOLAB] ati2evxx.exe
O4 - HKLM\..\RunServices: [Avgserv9.exe] C:\PROGRA~1\GRISOFT\AVG6\Avgserv9.exe
O4 - HKLM\..\RunServices: [MessengerPlus2] "C:\Program Files\Messenger Plus! 2\MsgPlus.exe"
O4 - HKCU\..\Run: [FreeMem Pro] "C:\PROGRAM FILES\FREEMEM PROFESSIONAL\FMEMPRO.exe" Startup
O4 - HKCU\..\Run: [MessengerPlus2] "C:\Program Files\Messenger Plus! 2\MsgPlus.exe" /WinStart
O4 - HKCU\..\Run: [msnmsgr] "C:\PROGRAM FILES\MSN MESSENGER\MSNMSGR.exe" /background
O4 - HKCU\..\RunServices: [FreeMem Pro] "C:\PROGRAM FILES\FREEMEM PROFESSIONAL\FMEMPRO.exe" Startup
O4 - HKCU\..\RunServices: [MessengerPlus2] "C:\Program Files\Messenger Plus! 2\MsgPlus.exe" /WinStart
O4 - HKCU\..\RunServices: [msnmsgr] "C:\PROGRAM FILES\MSN MESSENGER\MSNMSGR.exe" /background
O4 - Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office\OSA9.exe
O4 - Startup: BTTray.lnk = C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe
O8 - Extra context menu item: Download with NetPumper - C:\Program Files\NetPumper\AddUrl.htm
O8 - Extra context menu item: &Google Search - res://C:\PROGRAM FILES\GOOGLE\GOOGLETOOLBAR2.DLL/cmsearch.html
O8 - Extra context menu item: Cac&hed Snapshot of Page - res://C:\PROGRAM FILES\GOOGLE\GOOGLETOOLBAR2.DLL/cmcache.html
O8 - Extra context menu item: Si&milar Pages - res://C:\PROGRAM FILES\GOOGLE\GOOGLETOOLBAR2.DLL/cmsimilar.html
O8 - Extra context menu item: Backward &Links - res://C:\PROGRAM FILES\GOOGLE\GOOGLETOOLBAR2.DLL/cmbacklinks.html
O8 - Extra context menu item: Translate into English - res://C:\PROGRAM FILES\GOOGLE\GOOGLETOOLBAR2.DLL/cmtrans.html
O9 - Extra button: Related (HKLM)
O9 - Extra 'Tools' menuitem: Show &Related Links (HKLM)
O10 - Hijacked Internet access by New.Net
O10 - Hijacked Internet access by New.Net
O10 - Hijacked Internet access by New.Net
O10 - Hijacked Internet access by New.Net
O16 - DPF: {7A32634B-029C-4836-A023-528983982A49} (MSN Chat Control 4.2) - http://fdl.msn.com/public/chat/msnchat42.cab
O16 - DPF: {9F1C11AA-197B-4942-BA54-47A8489BB47F} (Update Class) - http://v4.windowsupdate.microsoft.com/CAB/x86/ansi/iuctl.CAB?37879.6469328704
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://download.macromedia.com/pub/shockwave/cabs/flash/swflash.cab
O16 - DPF: {31B7EB4E-8B4B-11D1-A789-00A0CC6651A8} (Cult3D ActiveX Player) - http://www.cult3d.com/download/cult.cab
O16 - DPF: {02BF25D5-8C17-4B23-BC80-D3488ABDDC6B} (QuickTime Object) - http://www.apple.com/qtactivex/qtplugin.cab
O16 - DPF: {70BA88C8-DAE8-4CE9-92BB-979C4A75F53B} (GSDACtl Class) - http://launch.gamespyarcade.com/software/launch/alaunch.cab
O16 - DPF: {56336BCB-3D8A-11D6-A00B-0050DA18DE71} (RdxIE Class) - http://207.188.7.150/16b795e6ca7c54c6d615/netzip/RdxIE601.cab
O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsClient.cab
O16 - DPF: {2917297F-F02B-4B9D-81DF-494B6333150B} (Minesweeper Flags Class) - http://messenger.zone.msn.com/binary/MineSweeper.cab
O16 - DPF: {1D4DB7D2-6EC9-47A3-BD87-1E41684E07BB} - http://ak.imgfarm.com/images/nocache/funwebproducts/SmileyCentralInitialSetup1.0.0.6.exe
O17 - HKLM\System\CCS\Services\VxD\MSTCP: Domain = Workgroup
O17 - HKLM\System\CCS\Services\VxD\MSTCP: NameServer = 168.95.1.1

Response Number 109

Name: Z-Matrix
Date: February 27, 2004 at 18:15:54 Pacific

Reply:

Hello all :) I too am having the same problem with the bridge.dll error. I have updated and ran ad-aware and spybot and have the log file for HiJackThis. Could someone look at my log and see what I need to get rid of to get my system clean again. Thanks in advance.
Logfile of HijackThis v1.97.7
Scan saved at 6:06:35 PM, on 2/27/2004
Platform: Windows XP SP1 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)
Running processes:
C:\WINNT\System32\smss.exe
C:\WINNT\system32\winlogon.exe
C:\WINNT\system32\services.exe
C:\WINNT\system32\lsass.exe
C:\WINNT\system32\svchost.exe
C:\WINNT\System32\svchost.exe
C:\WINNT\system32\spoolsv.exe
C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
C:\WINNT\Explorer.exe
C:\Program Files\Ahead\InCD\InCDsrv.exe
C:\Program Files\Common Files\Microsoft Shared\VS7Debug\mdm.exe
C:\Program Files\Norton SystemWorks\Norton AntiVirus\navapsvc.exe
C:\Program Files\Norton SystemWorks\Norton Utilities\NPROTECT.exe
C:\WINNT\System32\nvsvc32.exe
C:\PROGRA~1\NORTON~1\SPEEDD~1\nopdb.exe
C:\WINNT\System32\svchost.exe
C:\Program Files\Ahead\InCD\InCD.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\Program Files\Logitech\ImageStudio\LogiTray.exe
C:\Program Files\Logitech\Video\LogiTray.exe
C:\Program Files\Common Files\Logitech\QCDriver3\LVCOMS.exe
C:\WINNT\System32\tbctray.exe
C:\WINNT\System32\ctfmon.exe
C:\Program Files\InterVideo\Common\Bin\WinCinemaMgr.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Downloads\HiJackThis\HijackThis.exe
C:\Program Files\Messenger\msmsgs.exe
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
R3 - URLSearchHook: (no name) - _{D6DFF6D8-B94B-4720-B730-1C38C7065C3B} - (no file)
O2 - BHO: MyWay Search Assistant BHO - {04079851-5845-4dea-848C-3ECD647AA554} - C:\Program Files\MyWay\SrchAstt\1.bin\MYSRCHAS.DLL
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: NAV Helper - {BDF3E430-B101-42AD-A544-FADC6B084872} - C:\Program Files\Norton SystemWorks\Norton AntiVirus\NavShExt.dll
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINNT\System32\msdxm.ocx
O4 - HKLM\..\Run: [NeroCheck] C:\WINNT\system32\NeroCheck.exe
O4 - HKLM\..\Run: [InCD] C:\Program Files\Ahead\InCD\InCD.exe
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [TCASUTIEXE] TCAUDIAG -on
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [ccRegVfy] "C:\Program Files\Common Files\Symantec Shared\ccRegVfy.exe"
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.exe C:\WINNT\System32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [LogitechGalleryRepair] C:\Program Files\Logitech\ImageStudio\ISStart.exe
O4 - HKLM\..\Run: [LogitechImageStudioTray] C:\Program Files\Logitech\ImageStudio\LogiTray.exe
O4 - HKLM\..\Run: [LogitechVideoRepair] C:\Program Files\Logitech\Video\ISStart.exe
O4 - HKLM\..\Run: [LogitechVideoTray] C:\Program Files\Logitech\Video\LogiTray.exe
O4 - HKLM\..\Run: [LVCOMS] C:\Program Files\Common Files\Logitech\QCDriver3\LVCOMS.exe
O4 - HKLM\..\Run: [RunDLL] rundll32.exe "C:\WINNT\Downloaded Program Files\bridge.dll",Load
O4 - HKLM\..\Run: [TraySantaCruz] C:\WINNT\System32\tbctray.exe
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINNT\System32\ctfmon.exe
O4 - Global Startup: InterVideo WinCinema Manager.lnk = C:\Program Files\InterVideo\Common\Bin\WinCinemaMgr.exe
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~4\Office10\EXCEL.EXE/3000
O8 - Extra context menu item: LimeShop Preferences - file://C:\Program Files\LimeShop\System\Temp\limeshop_script0.htm
O9 - Extra button: Messenger (HKLM)
O9 - Extra 'Tools' menuitem: Yahoo! Messenger (HKLM)
O9 - Extra button: ICQ Pro (HKLM)
O9 - Extra 'Tools' menuitem: ICQ (HKLM)
O9 - Extra button: AIM (HKLM)
O9 - Extra button: Real.com (HKLM)
O9 - Extra button: Messenger (HKLM)
O9 - Extra 'Tools' menuitem: Messenger (HKLM)
O16 - DPF: {00B71CFB-6864-4346-A978-C0A14556272C} (Checkers Class) - http://messenger.zone.msn.com/binary/msgrchkr.cab
O16 - DPF: {01113300-3E00-11D2-8470-0060089874ED} (Support.com Configuration Class) - http://support.charter.com/sdccommon/download/tgctlcm.cab
O16 - DPF: {02BF25D5-8C17-4B23-BC80-D3488ABDDC6B} (QuickTime Object) - http://www.apple.com/qtactivex/qtplugin.cab
O16 - DPF: {166B1BCA-3F9C-11CF-8075-444553540000} (Shockwave ActiveX Control) - http://download.macromedia.com/pub/shockwave/cabs/director/sw.cab
O16 - DPF: {27527D31-447B-11D5-A46E-0001023B4289} (CoGSManager Class) - http://gamingzone.ubisoft.com/dev/packages/GSManager.cab
O16 - DPF: {2917297F-F02B-4B9D-81DF-494B6333150B} (Minesweeper Flags Class) - http://messenger.zone.msn.com/binary/MineSweeper.cab
O16 - DPF: {30528230-99F7-4BB4-88D8-FA1D4F56A2AB} (YInstStarter Class) - http://download.yahoo.com/dl/installs/yinst0309.cab
O16 - DPF: {3E68E405-C6DE-49FF-83AE-41EE9F4C36CE} (Office Update Installation Engine) - http://office.microsoft.com/officeupdate/content/opuc.cab
O16 - DPF: {4B9F2C37-C0CF-42BC-BB2D-DCFA8B25CABF} (PopCapLoaderCtrl Class) - http://zone.msn.com/bingame/rock/default/popcaploader1.cab
O16 - DPF: {4D7F48C0-CB49-4EA6-97D4-04F4EACC2F3B} (InstallShield Setup Player 2K2) - http://www.ipswitch.com/_installs/wsftp_le/setup.exe
O16 - DPF: {62475759-9E84-458E-A1AB-5D2C442ADFDE} - http://a1540.g.akamai.net/7/1540/52/20031216/qtinstall.info.apple.com/mickey/us/win/QuickTimeInstaller.exe
O16 - DPF: {8714912E-380D-11D5-B8AA-00D0B78F3D48} (Yahoo! Webcam Upload Wrapper) - http://chat.yahoo.com/cab/yuplapp.cab
O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsClient.cab
O16 - DPF: {9AA73F41-EC64-489E-9A73-9CD52E528BC4} (ZoneAxRcMgr Class) - http://zone.msn.com/binGame/ZAxRcMgr.cab
O16 - DPF: {9F1C11AA-197B-4942-BA54-47A8489BB47F} (Update Class) - http://v4.windowsupdate.microsoft.com/CAB/x86/unicode/iuctl.CAB?37692.9152314815
O16 - DPF: {AE1C01E3-0283-11D3-9B3F-00C04F8EF466} (HeartbeatCtl Class) - http://fdl.msn.com/zone/datafiles/heartbeat.cab
O16 - DPF: {AED98630-0251-4E83-917D-43A23D66D507} (WebHandler Class) - http://activex.microgaming.com/DLhelper/version7/dlhelper.cab
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://download.macromedia.com/pub/shockwave/cabs/flash/swflash.cab
O16 - DPF: {DF780F87-FF2B-4DF8-92D0-73DB16A1543A} (PopCapLoader Object) - http://zone.msn.com/bingame/zuma/default/popcaploader_v5.cab
O16 - DPF: {E855A2D4-987E-4F3B-A51C-64D10A7E2479} (EPSImageControl Class) - http://tools.ebayimg.com/eps/activex/EPSControl_v1-0-3-0.cab
O16 - DPF: {EB387D2F-E27B-4D36-979E-847D1036C65D} (QDiagHUpdateObj Class) - http://h30043.www3.hp.com/aio/eng/check/qdiagh.cab?315
O16 - DPF: {EDFCDAF5-95D9-40E9-BBE6-10C33190C3EF} (cGameControl Class) - http://zone.msn.com/bingame/rmcb/default/RumbleCube.cab

Response Number 110

Name: jbjjmeltz
Date: February 27, 2004 at 19:22:18 Pacific

Reply:

Mesich,
Thank you very much!! I was unable to delete the a.exe file and I couldn't find the winlogon.exe file. I had Hijackthis fix the files you specified. That has removed the Rundll error. I am getting "Explorer has caused an error in sql.dll. I'm unable to get rid of this error. Any help would be great.

Response Number 111

Name: mesich
Date: February 28, 2004 at 09:05:38 Pacific

Reply:

Hello everyone,
Sach,
First download LSP Fix
Do not run it yet.
Go to Add/Remove Programs in the Control Panel and Remove NewDotNet.
After removing if you have problems running Internet Explorer run the LSP Fix. If you connect to the internet OK then don't run it.
Post back with a new log after removing NewDotNet.
Best Regards,
Mesich

Response Number 112

Name: mesich
Date: February 28, 2004 at 09:19:20 Pacific

Reply:

Hello everyone,
Z-Matrix
Have hijackthis remove the following.
R3 - URLSearchHook: (no name) - _{D6DFF6D8-B94B-4720-B730-1C38C7065C3B} - (no file)
O2 - BHO: MyWay Search Assistant BHO - {04079851-5845-4dea-848C-3ECD647AA554} - C:\Program Files\MyWay\SrchAstt\1.bin\MYSRCHAS.DLL
O4 - HKLM\..\Run: [RunDLL] rundll32.exe "C:\WINNT\Downloaded Program Files\bridge.dll",Load
Restart the computer and delete this file.
C:\WINNT\Downloaded Program Files\bridge.dll
Delete this folder.
C:\Program Files\MyWay
Best Regards,
Mesich

Response Number 113

Name: mesich
Date: February 28, 2004 at 09:22:15 Pacific

Reply:

Hello everyone,
Joel,
If you can't find the winlogon.exe file don't worry about it.
Try and delete the a.exe file in Safe-Mode.
I would start the other error message in a new thread as this one will expire Monday.
Best Regards,
Mesich

Response Number 114

Name: kongo
Date: February 28, 2004 at 10:04:13 Pacific

Reply:

Hi Mesish :)
I too had the problem with the file bridge.dll, but I solved the problem with Spybot playing it in secure mode.
But the my pc it follow slow in internet.
I have used Spybot, Ad-aware, Cwshredder.
Could you look the my hijackthis and sayne if it is clean??
Logfile of HijackThis v1.97.7
Scan saved at 12:51:27, on 28/02/2004
Platform: Windows 2000 SP4 (WinNT 5.00.2195)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)
Running processes:
C:\WINNT\System32\smss.exe
C:\WINNT\system32\winlogon.exe
C:\WINNT\system32\services.exe
C:\WINNT\system32\lsass.exe
C:\WINNT\system32\svchost.exe
C:\WINNT\system32\spoolsv.exe
C:\WINNT\System32\svchost.exe
C:\Archivos de programa\Network Associates\Common Framework\FrameworkService.exe
C:\Archivos de programa\Network Associates\VirusScan\Mcshield.exe
C:\Archivos de programa\Network Associates\VirusScan\VsTskMgr.exe
C:\WINNT\system32\ZoneLabs\vsmon.exe
C:\WINNT\System32\WBEM\WinMgmt.exe
C:\WINNT\system32\svchost.exe
C:\WINNT\Explorer.exe
C:\Archivos de programa\Network Associates\VirusScan\SHSTAT.exe
C:\Archivos de programa\Network Associates\Common Framework\UpdaterUI.exe
C:\Archivos de programa\DU Meter\DUMeter.exe
C:\Archivos de programa\Hmonitor\hmonitor.exe
C:\WINNT\system32\spool\drivers\w32x86\3\hpztsb04.exe
C:\ARCHIV~1\ZONELA~1\ZONEAL~1\zlclient.exe
C:\WINNT\system32\SWEEPER.exe
C:\Archivos de programa\RamBooster\Rambooster.exe
C:\WINNT\system32\internat.exe
C:\Archivos de programa\FlashGet\flashget.exe
C:\Archivos de programa\Internet Explorer\IEXPLORE.exe
C:\WINNT\system32\NOTEPAD.exe
C:\Archivos de programa\Internet Explorer\IEXPLORE.exe
C:\Archivos de programa\Internet Explorer\IEXPLORE.exe
C:\Archivos de programa\Spybot - Search & Destroy\SpybotSD.exe
C:\Archivos de programa\Internet Explorer\IEXPLORE.exe
C:\WINNT\system32\NOTEPAD.exe
C:\Archivos de programa\Internet Explorer\IEXPLORE.exe
C:\install\hijackthis\hijackthis\HijackThis.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = V�nculos
O1 - Hosts: 64.91.255.87 www.dcsresearch.com
O2 - BHO: (no name) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Archivos de programa\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\ARCHIV~1\SPYBOT~1\SDHelper.dll
O2 - BHO: (no name) - {A5366673-E8CA-11D3-9CD9-0090271D075B} - C:\ARCHIV~1\FlashGet\jccatch.dll
O2 - BHO: (no name) - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\archivos de programa\google\googletoolbar1.dll
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINNT\system32\msdxm.ocx
O3 - Toolbar: FlashGet Bar - {E0E899AB-F487-11D5-8D29-0050BA6940E3} - C:\ARCHIV~1\FlashGet\fgiebar.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\archivos de programa\google\googletoolbar1.dll
O4 - HKLM\..\Run: [Synchronization Manager] mobsync.exe /logon
O4 - HKLM\..\Run: [ShStatEXE] "C:\Archivos de programa\Network Associates\VirusScan\SHSTAT.exe" /STANDALONE
O4 - HKLM\..\Run: [McAfeeUpdaterUI] "C:\Archivos de programa\Network Associates\Common Framework\UpdaterUI.exe"
O4 - HKLM\..\Run: [DU Meter] C:\Archivos de programa\DU Meter\DUMeter.exe
O4 - HKLM\..\Run: [NeroCheck] C:\WINNT\system32\NeroCheck.exe
O4 - HKLM\..\Run: [hmonitor] C:\Archivos de programa\Hmonitor\hmonitor.exe
O4 - HKLM\..\Run: [HPDJ Taskbar Utility] C:\WINNT\system32\spool\drivers\w32x86\3\hpztsb04.exe
O4 - HKLM\..\Run: [Zone Labs Client] C:\ARCHIV~1\ZONELA~1\ZONEAL~1\zlclient.exe
O4 - HKLM\..\Run: [Internet Sweeper] C:\WINNT\system32\SWEEPER.exe /Q
O4 - HKCU\..\Run: [RamBooster] C:\Archivos de programa\RamBooster\Rambooster.exe
O4 - HKCU\..\Run: [internat.exe] internat.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Archivos de programa\Microsoft Office\Office\OSA9.exe
O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O8 - Extra context menu item: &Google Search - res://c:\archivos de programa\google\GoogleToolbar1.dll/cmsearch.html
O8 - Extra context menu item: Add To &Restricted Sites - C:\WINNT\web\add-restricted.htm
O8 - Extra context menu item: Add To &Trusted Sites - C:\WINNT\web\add-trusted.htm
O8 - Extra context menu item: Backward &Links - res://c:\archivos de programa\google\GoogleToolbar1.dll/cmbacklinks.html
O8 - Extra context menu item: Cac&hed Snapshot of Page - res://c:\archivos de programa\google\GoogleToolbar1.dll/cmcache.html
O8 - Extra context menu item: Download All by FlashGet - C:\Archivos de programa\FlashGet\jc_all.htm
O8 - Extra context menu item: Download using FlashGet - C:\Archivos de programa\FlashGet\jc_link.htm
O8 - Extra context menu item: Si&milar Pages - res://c:\archivos de programa\google\GoogleToolbar1.dll/cmsimilar.html
O8 - Extra context menu item: Translate into English - res://c:\archivos de programa\google\GoogleToolbar1.dll/cmtrans.html
O9 - Extra button: Add To Restricted Sites (HKLM)
O9 - Extra button: Add To Trusted Sites (HKLM)
O9 - Extra button: FlashGet (HKLM)
O9 - Extra 'Tools' menuitem: &FlashGet (HKLM)
O15 - Trusted Zone: *.atletisme.com
O15 - Trusted Zone: http://www.atrapalo.com
O15 - Trusted Zone: http://www.Barceloviajes.com
O15 - Trusted Zone: *.cinevox.it
O15 - Trusted Zone: *.clubmarcopolo.es
O15 - Trusted Zone: *.computing-spain.com
O15 - Trusted Zone: *.contenidospc.com
O15 - Trusted Zone: http://www.granvall.com
O15 - Trusted Zone: *.gruposantander.es
O15 - Trusted Zone: http://www.Iberia.com
O15 - Trusted Zone: *.ingdirect.es
O15 - Trusted Zone: *.macromedia.com
O15 - Trusted Zone: http://*.Marsans.es
O15 - Trusted Zone: *.plus.es
O15 - Trusted Zone: *.proboards.com
O15 - Trusted Zone: http://www.Rumbo.es
O15 - Trusted Zone: *.siesports.com
O15 - Trusted Zone: http://www.solmelia.com
O15 - Trusted Zone: *.trendmicro.com
O15 - Trusted Zone: http://www.viajesecuador.com
O15 - Trusted Zone: *.viajesiberia.com
O15 - Trusted Zone: *.windowsupdate.com
O15 - Trusted Zone: *.zonavirus.com
O16 - DPF: {166B1BCA-3F9C-11CF-8075-444553540000} (Shockwave ActiveX Control) - http://active.macromedia.com/director/cabs/sw.cab
O16 - DPF: {2BC66F54-93A8-11D3-BEB6-00105AA9B6AE} (Symantec AntiVirus scanner) - http://security.symantec.com/sscv6/SharedContent/vc/bin/AvSniff.cab
O16 - DPF: {644E432F-49D3-41A1-8DD5-E099162EEEC5} (Symantec RuFSI Utility Class) - http://security.symantec.com/sscv6/SharedContent/common/bin/cabsa.cab
O16 - DPF: {74D05D43-3236-11D4-BDCD-00C04F9A3B61} (HouseCall Control) - http://a840.g.akamai.net/7/840/537/2003120501/housecall.antivirus.com/housecall/xscan53.cab
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://www.pandasoftware.com/activescan/as5/asinst.cab
O16 - DPF: {9F1C11AA-197B-4942-BA54-47A8489BB47F} (Update Class) - http://v4.windowsupdate.microsoft.com/CAB/x86/unicode/iuctl.CAB?37941.9015046296
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload.macromedia.com/pub/shockwave/cabs/flash/swflash.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{0A29494A-34A3-4D19-B34C-E8D5A723B665}: NameServer = 194.179.1.100,194.179.1.101
O17 - HKLM\System\CS1\Services\Tcpip\..\{0A29494A-34A3-4D19-B34C-E8D5A723B665}: NameServer = 194.179.1.100,194.179.1.101
O17 - HKLM\System\CS2\Services\Tcpip\..\{0A29494A-34A3-4D19-B34C-E8D5A723B665}: NameServer = 194.179.1.100,194.179.1.101
Thanks Mesich :))

Response Number 115

Name: The Count
Date: February 28, 2004 at 12:08:16 Pacific

Reply:

Hi everyone,
Kongo,
I'm deputizing for Mesich.
Although I am in learning mode to analyze the HijackThis Logs, I believe that yours is clean as a wistle. :-)
Check back for Mesich is findings.
Best Regards and Wishes,
The Count, Co-webmaster of mesich.com

Response Number 116

Name: The Count
Date: February 28, 2004 at 12:11:56 Pacific

Reply:

Hi everyone,
Ooops, sorry about the boldings. Forgot the closing tag (again).
Best Regards and Wishes,
The Count, Co-webmaster of mesich.com

Response Number 117

Name: fowzee
Date: February 28, 2004 at 13:30:46 Pacific

Reply:

Hey Mesich and crew,
I ran Spybot (with updates) and CWShredder (could not download the updates) and it did not solve the BRIDGE.DLL error that pops up whenever I start my computer. Do you think you could take a log at my HijackThis log and see what else I need to fix? Thanks alot!
Logfile of HijackThis v1.97.7
Scan saved at 4:16:37 PM, on 2/28/2004
Platform: Windows XP SP1 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.exe
C:\WINDOWS\System32\devldr32.exe
C:\Program Files\Real\RealPlayer\RealPlay.exe
C:\PROGRA~1\SYMANT~1\SYMANT~1\vptray.exe
C:\WINDOWS\System32\P2P Networking\P2P Networking.exe
C:\Program Files\Common files\updmgr\updmgr.exe
C:\WINDOWS\System32\ctfmon.exe
C:\PROGRA~1\COMMON~1\AOL\ACS\acsd.exe
C:\PROGRA~1\SYMANT~1\SYMANT~1\DefWatch.exe
C:\PROGRA~1\SYMANT~1\SYMANT~1\Rtvscan.exe
C:\WINDOWS\System32\ScsiAccess.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\MsPMSPSv.exe
C:\Documents and Settings\Tony\Desktop\HijackThis.exe
C:\Program Files\Internet Explorer\iexplore.exe
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = dynhost.inetcam.com;register.inetcam.com;;localhost
R3 - URLSearchHook: (no name) - _{CFBFAE00-17A6-11D0-99CB-00C04FD64497} - (no file)
R3 - URLSearchHook: (no name) - _{0428FFC7-1931-45b7-95CB-3CBB919777E1} - (no file)
O2 - BHO: NavErrRedir Class - {0428FFC7-1931-45b7-95CB-3CBB919777E1} - C:\PROGRA~1\PERFEC~1\BHO\PERFEC~1.DLL (file missing)
O2 - BHO: (no name) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx
O4 - HKLM\..\Run: [IMJPMIG8.1] C:\WINDOWS\IME\imjp8_1\IMJPMIG.exe /Spoil /RemAdvDef /Migration32
O4 - HKLM\..\Run: [PHIME2002ASync] C:\WINDOWS\System32\IME\TINTLGNT\TINTSETP.exe /SYNC
O4 - HKLM\..\Run: [PHIME2002A] C:\WINDOWS\System32\IME\TINTLGNT\TINTSETP.exe /IMEName
O4 - HKLM\..\Run: [DIAGENT] C:\Program Files\Creative\SBLive\Creative Diagnostics 2.0\DIAGENT.exe startup
O4 - HKLM\..\Run: [UpdReg] C:\WINDOWS\Updreg.exe
O4 - HKLM\..\Run: [AHQInit] C:\Program Files\Creative\SBLive\Program\AHQInit.exe
O4 - HKLM\..\Run: [RealTray] C:\Program Files\Real\RealPlayer\RealPlay.exe SYSTEMBOOTHIDEPLAYER
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [vptray] C:\PROGRA~1\SYMANT~1\SYMANT~1\vptray.exe
O4 - HKLM\..\Run: [P2P Networking] C:\WINDOWS\System32\P2P Networking\P2P Networking.exe /AUTOSTART
O4 - HKLM\..\Run: [updmgr] C:\Program Files\Common files\updmgr\updmgr.exe
O4 - HKLM\..\Run: [RunDLL] rundll32.exe "C:\WINDOWS\Downloaded Program Files\bridge.dll",Load
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\ctfmon.exe
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - Global Startup: Adobe Gamma Loader.lnk = ?
O4 - Global Startup: Kodak EasyShare software.lnk = C:\Program Files\Kodak\Kodak EasyShare software\bin\EasyShare.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.exe
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
O9 - Extra button: AIM (HKLM)
O9 - Extra button: Real.com (HKLM)
O16 - DPF: {1D6711C8-7154-40BB-8380-3DEA45B69CBF} (Web P2P Installer) -
O16 - DPF: {88D969C0-F192-11D4-A65F-0040963251E5} (XML DOM Document 4.0) - file://C:\WINDOWS\msxml4.cab

Response Number 118

Name: Z-Matrix
Date: February 28, 2004 at 15:47:11 Pacific

Reply:

Hello everyone,
Mesich thank you so much for your help!! It worked perfectly :) Take care and thanks again.
Z-Matrix

Response Number 119

Name: The Count
Date: February 28, 2004 at 18:32:50 Pacific

Reply:

Hi everyone,
fowzee,
As I wrote in response #115, I'm in learning mode, but I believe you should have Hijackthis remove these items:
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = dynhost.inetcam.com;register.inetcam.com;;localhost
R3 - URLSearchHook: (no name) - _{CFBFAE00-17A6-11D0-99CB-00C04FD64497} - (no file)
R3 - URLSearchHook: (no name) - _{0428FFC7-1931-45b7-95CB-3CBB919777E1} - (no file)
O2 - BHO: NavErrRedir Class - {0428FFC7-1931-45b7-95CB-3CBB919777E1} - C:\PROGRA~1\PERFEC~1\BHO\PERFEC~1.DLL (file missing)
O4 - HKLM\..\Run: [updmgr] C:\Program Files\Common files\updmgr\updmgr.exe
O4 - HKLM\..\Run: [RunDLL] rundll32.exe "C:\WINDOWS\Downloaded Program Files\bridge.dll",Load
and maybe this one to,
O4 - Global Startup: Adobe Gamma Loader.lnk = ?
You may also want to look in Control Panel -> Add/Remove Programs, Software for KeenValue and/or PowerSearch toolbar for IE. If listed, select and click on the Remove button.
Reboot your computer and and look for the file updmgr.exe in the C:\Program Files\Common files\updmgr folder, delete it.
Also look for bridge.dll in C:\WINDOWS\Downloaded Program Files folder, delete this one to.
If your Anti-virus software isn't up-to-date, update it and/or run the online virusscan as recommended by Mesich several times (Response #10, 30, 107).
Housecall
Don't take any actions with Hijack etc. till Mesich as responded. The virusscan of course doesn't hurt to be ran already. :-)
Best Regards and Wishes,
The Count, Co-webmaster of mesich.com

Response Number 120

Name: mesich
Date: February 29, 2004 at 04:51:15 Pacific

Reply:

Hello everyone,
Thank you Count for stepping in. Your knowledge and the time you spend are greatly appreciated.
Kongo,
As The Count stated, your log is clean.
You could try cleaning out the cache, Favorites, Cookies, ect...
You also have several things loading at StartUp that are not necessary. You should see a great increase in performance by disabling some of these.
Here is a link to help determine whether they are necessary or not.
StartUp List
Best Regards,
Mesich

Response Number 121

Name: mesich
Date: February 29, 2004 at 05:04:46 Pacific

Reply:

Hello everyone,
Fowzee,
The Count is right on. I would remove the items as he suggest.
You can also remove the O4 - Global Startup: Adobe Gamma Loader.lnk = ?
Although it is not harmfull, it is not necessary to run at StartUp.
Best Regards,
Mesich

Response Number 122

Name: mesich
Date: February 29, 2004 at 05:06:48 Pacific

Reply:

Hello everyone,
Z-Matrix,
You are very welcome. Glad to hear everything worked out.
Thank you for posting back with the results.
Best Regards,
Mesich

Response Number 123

Name: The Count
Date: February 29, 2004 at 06:43:51 Pacific

Reply:

Hi everyone,
Mesich,
Thank you! I have a outstanding teacher in you analyzing the logs! :-)
There is quite a lot to learn about these logs,
to bad the thread will expire as per tomorrow, Monday, March 1st 2004. :-(
Thank you for taking the time to help all these folks here with their logs, and getting them back on the track without any error messages! And for teaching me.
Best Regards and Wishes,
The Count, Co-webmaster of mesich.com

Response Number 124

Name: mj_skratch
Date: February 29, 2004 at 14:15:08 Pacific

Reply:

ok, thanks for that, IE is still working, but the *.*dll message is still coming up everytime I start windows.
Logfile of HijackThis v1.97.7
Scan saved at 22:21:57, on 29/02/04
Platform: Windows 98 SE (Win9x 4.10.2222A)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)
Running processes:
C:\WINDOWS\SYSTEM\KERNEL32.DLL
C:\WINDOWS\SYSTEM\MSGSRV32.exe
C:\WINDOWS\SYSTEM\MPREXE.exe
C:\PROGRAM FILES\GRISOFT\AVG6\AVGSERV9.exe
C:\PROGRAM FILES\MESSENGER PLUS! 2\MSGPLUS.exe
C:\WINDOWS\SYSTEM\mmtask.tsk
C:\WINDOWS\EXPLORER.exe
C:\WINDOWS\TASKMON.exe
C:\WINDOWS\SYSTEM\SYSTRAY.exe
C:\PROGRAM FILES\ADAPTEC\EASY CD CREATOR 5\DIRECTCD\DIRECTCD.exe
C:\WINDOWS\SYSTEM\ATIPTAXX.exe
C:\PROGRAM FILES\TRUST\AMI MOUSE SCROLL PRO\4DMAIN.exe
C:\PROGRAM FILES\GRISOFT\AVG6\AVGCC32.exe
C:\WINDOWS\LOADQM.exe
C:\PROGRAM FILES\MICROSOFT HARDWARE\DNETC.exe
C:\PROGRAM FILES\NETPUMPER\NETPUMPERIEPROXY.exe
C:\WINDOWS\MXOALDR.exe
C:\PROGRAM FILES\COMMON FILES\REAL\UPDATE_OB\REALSCHED.exe
C:\PROGRAM FILES\MYWAY\BAR\1.BIN\MWSOEMON.exe
C:\WINDOWS\SYSTEM\PSTORES.exe
C:\WINDOWS\SYSTEM\MSTASK.exe
C:\PROGRAM FILES\WIDCOMM\BLUETOOTH SOFTWARE\BTTRAY.exe
C:\PROGRAM FILES\MSN MESSENGER\MSNMSGR.exe
C:\PROGRAM FILES\MICROSOFT OFFICE\OFFICE\1033\MSOFFICE.exe
C:\WINDOWS\SYSTEM\WMIEXE.exe
C:\PROGRAM FILES\WIDCOMM\BLUETOOTH SOFTWARE\BTSTACKSERVER.exe
C:\WINDOWS\TEMP\MSBB.exe
C:\PROGRAM FILES\INTERNET EXPLORER\IEXPLORE.exe
C:\MY DOCUMENTS\MY SOFTWARE\HIJACKTHIS.exe
O2 - BHO: (no name) - {2843DAC1-05EF-11D2-95BA-0060083493D6} - C:\WINDOWS\SPEECH\DRAGON\WEB_IE.DLL
O2 - BHO: (no name) - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar2.dll
O2 - BHO: (no name) - {9C691A33-7DDA-4C2F-BE4C-C176083F35CF} - C:\WINDOWS\SYSTEM\BRIDGE.DLL
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\SYSTEM\MSDXM.OCX
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar2.dll
O4 - HKLM\..\Run: [ScanRegistry] C:\WINDOWS\scanregw.exe /autorun
O4 - HKLM\..\Run: [TaskMonitor] C:\WINDOWS\taskmon.exe
O4 - HKLM\..\Run: [SystemTray] SysTray.exe
O4 - HKLM\..\Run: [LoadPowerProfile] Rundll32.exe powrprof.dll,LoadCurrentPwrScheme
O4 - HKLM\..\Run: [AdaptecDirectCD] "C:\Program Files\Adaptec\Easy CD Creator 5\DirectCD\DirectCD.exe"
O4 - HKLM\..\Run: [AtiPTA] Atiptaxx.exe
O4 - HKLM\..\Run: [WheelMouse] 4dmain.exe
O4 - HKLM\..\Run: [AVG_CC] C:\PROGRA~1\GRISOFT\AVG6\avgcc32.exe /STARTUP
O4 - HKLM\..\Run: [LoadQM] loadqm.exe
O4 - HKLM\..\Run: [Windows Update Files] C:\Program Files\microsoft hardware\dnetc.exe
O4 - HKLM\..\Run: [NetPumper] "C:\Program Files\NetPumper\NetPumperIEProxy.exe"
O4 - HKLM\..\Run: [CriticalUpdate] C:\WINDOWS\SYSTEM\wucrtupd.exe -startup
O4 - HKLM\..\Run: [BtStart] C:\Program Files\WIDCOMM\Bluetooth Software\bin\btstart.exe
O4 - HKLM\..\Run: [MXO Auto Loader] C:\WINDOWS\MXOALDR.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\WINDOWS\SYSTEM\QTTASK.exe" -atboottime
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [MyWebSearch Email Plugin] C:\PROGRA~1\MYWAY\BAR\1.BIN\MWSOEMON.exe
O4 - HKLM\..\Run: [CFJMPSW] C:\WINDOWS\CFJMPSW.exe
O4 - HKLM\..\Run: [systray] C:\WINDOWS\SYSTEM\A.exe
O4 - HKLM\..\Run: [BVIPP] C:\WINDOWS\BVIPP.exe
O4 - HKLM\..\Run: [ADGKQT] C:\WINDOWS\ADGKQT.exe
O4 - HKLM\..\Run: [msbb] C:\WINDOWS\TEMP\MSBB.exe
O4 - HKLM\..\Run: [CPND] C:\WINDOWS\CPND.exe
O4 - HKLM\..\Run: [RunDLL] rundll32.exe "C:\WINDOWS\SYSTEM\BRIDGE.DLL",Load
O4 - HKLM\..\RunServices: [LoadPowerProfile] Rundll32.exe powrprof.dll,LoadCurrentPwrScheme
O4 - HKLM\..\RunServices: [ATIPOLAB] ati2evxx.exe
O4 - HKLM\..\RunServices: [Avgserv9.exe] C:\PROGRA~1\GRISOFT\AVG6\Avgserv9.exe
O4 - HKLM\..\RunServices: [MessengerPlus2] "C:\Program Files\Messenger Plus! 2\MsgPlus.exe"
O4 - HKCU\..\Run: [FreeMem Pro] "C:\PROGRAM FILES\FREEMEM PROFESSIONAL\FMEMPRO.exe" Startup
O4 - HKCU\..\Run: [MessengerPlus2] "C:\Program Files\Messenger Plus! 2\MsgPlus.exe" /WinStart
O4 - HKCU\..\Run: [msnmsgr] "C:\PROGRAM FILES\MSN MESSENGER\MSNMSGR.exe" /background
O4 - HKCU\..\RunServices: [FreeMem Pro] "C:\PROGRAM FILES\FREEMEM PROFESSIONAL\FMEMPRO.exe" Startup
O4 - HKCU\..\RunServices: [MessengerPlus2] "C:\Program Files\Messenger Plus! 2\MsgPlus.exe" /WinStart
O4 - HKCU\..\RunServices: [msnmsgr] "C:\PROGRAM FILES\MSN MESSENGER\MSNMSGR.exe" /background
O4 - Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office\OSA9.exe
O4 - Startup: BTTray.lnk = C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe
O8 - Extra context menu item: Download with NetPumper - C:\Program Files\NetPumper\AddUrl.htm
O8 - Extra context menu item: &Google Search - res://C:\PROGRAM FILES\GOOGLE\GOOGLETOOLBAR2.DLL/cmsearch.html
O8 - Extra context menu item: Cac&hed Snapshot of Page - res://C:\PROGRAM FILES\GOOGLE\GOOGLETOOLBAR2.DLL/cmcache.html
O8 - Extra context menu item: Si&milar Pages - res://C:\PROGRAM FILES\GOOGLE\GOOGLETOOLBAR2.DLL/cmsimilar.html
O8 - Extra context menu item: Backward &Links - res://C:\PROGRAM FILES\GOOGLE\GOOGLETOOLBAR2.DLL/cmbacklinks.html
O8 - Extra context menu item: Translate into English - res://C:\PROGRAM FILES\GOOGLE\GOOGLETOOLBAR2.DLL/cmtrans.html
O9 - Extra button: Related (HKLM)
O9 - Extra 'Tools' menuitem: Show &Related Links (HKLM)
O16 - DPF: {7A32634B-029C-4836-A023-528983982A49} (MSN Chat Control 4.2) - http://fdl.msn.com/public/chat/msnchat42.cab
O16 - DPF: {9F1C11AA-197B-4942-BA54-47A8489BB47F} (Update Class) - http://v4.windowsupdate.microsoft.com/CAB/x86/ansi/iuctl.CAB?37879.6469328704
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://download.macromedia.com/pub/shockwave/cabs/flash/swflash.cab
O16 - DPF: {31B7EB4E-8B4B-11D1-A789-00A0CC6651A8} (Cult3D ActiveX Player) - http://www.cult3d.com/download/cult.cab
O16 - DPF: {02BF25D5-8C17-4B23-BC80-D3488ABDDC6B} (QuickTime Object) - http://www.apple.com/qtactivex/qtplugin.cab
O16 - DPF: {70BA88C8-DAE8-4CE9-92BB-979C4A75F53B} (GSDACtl Class) - http://launch.gamespyarcade.com/software/launch/alaunch.cab
O16 - DPF: {56336BCB-3D8A-11D6-A00B-0050DA18DE71} (RdxIE Class) - http://207.188.7.150/16b795e6ca7c54c6d615/netzip/RdxIE601.cab
O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsClient.cab
O16 - DPF: {2917297F-F02B-4B9D-81DF-494B6333150B} (Minesweeper Flags Class) - http://messenger.zone.msn.com/binary/MineSweeper.cab
O16 - DPF: {1D4DB7D2-6EC9-47A3-BD87-1E41684E07BB} - http://ak.imgfarm.com/images/nocache/funwebproducts/SmileyCentralInitialSetup1.0.0.6.exe
O16 - DPF: {556DDE35-E955-11D0-A707-000000521958} - http://www.marketdart.com/promo/200211aer/md_er_200211aer.cab
O17 - HKLM\System\CCS\Services\VxD\MSTCP: Domain = Workgroup
O17 - HKLM\System\CCS\Services\VxD\MSTCP: NameServer = 168.95.1.1

Sponsored Link

Ads by Google

Keyboard problem in ME

Error message Help !!

Post Locked

This post is quite old and has been locked from receiving new replies. Please create a new posting instead.

Go to Windows Me Forum Home

Sponsored links

Ads by Google

Results for: bridge.dll RUNDLL error

Win ME mmsetup.dll and RUNDLL Error

Summary

www.computing.net/answers/windows-me/win-me-mmsetupdll-and-rundll-error/44853.html

RUNDLL Error

Summary

www.computing.net/answers/windows-me/rundll-error/22618.html

\system\bridge.dll cannot find path

Summary

www.computing.net/answers/windows-me/systembridgedll-cannot-find-path/41133.html

From the Geek Dictionary
gtg ttyl - got to go, talk to you later

Ask a Question!

Weekly Poll
What do you think of the new preview of Chrome OS?

Poll Finishes In 6 Days.
Discuss in The Lounge
Poll History

Recent Posts
web camera wont install

Problem in boot

acer laptop 1710 black screen

help please

IPV6 Tunnels/Firewalls and News

All Awaiting Reply

Tom's News
Woman Tracks Down Club Attacker on Facebook

Geolocation Functions Come to Twitter

New Craigslist Trend: Trade Sex for Rent?

Law Firm Investigates MS Over Xbox Live Bans

Amazon Charges $25 for Palm Pixi and $80 for Pre

More Tom's Guide News

Data Recovery

Manufacturer List | About Us | Advertising Info | Contact Us
The information on Computing.Net is the opinions of its users. Such opinions may not be accurate and they are to be used at your own risk. Computing.Net cannot verify the validity of the statements made on this site. Computing.Net and Computing.Net LLC hereby disclaim all responsibility and liability for the content of Computing.Net and its accuracy.
PLEASE READ THE FULL DISCLAIMER AND LEGAL TERMS BY CLICKING HERE