|
| ||
| bridge.dll and persistent annoyance I'm detecting and removing persistant annoyances. Ad aware finds and removes and also Spybot SD, but they come back. I'm specially worried about "Bridge" should I remove bridge.dll? Is that safe? Please help me with this HJT log: Logfile of HijackThis v1.97.7 Scan saved at 08:44:35 p.m., on 18/06/2004 Platform: Windows XP SP1 (WinNT 5.01.2600) MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106) Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\system32\spoolsv.exe C:\Archivos de programa\Archivos comunes\Symantec Shared\ccEvtMgr.exe C:\WINDOWS\Explorer.EXE C:\Archivos de programa\Archivos comunes\Microsoft Shared\VS7Debug\mdm.exe C:\Archivos de programa\Norton AntiVirus\navapsvc.exe C:\Archivos de programa\Norton AntiVirus\AdvTools\NPROTECT.EXE C:\WINDOWS\System32\nvsvc32.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\htpatch.exe C:\Archivos de programa\Archivos comunes\Symantec Shared\ccApp.exe C:\Archivos de programa\Archivos comunes\Real\Update_OB\realsched.exe C:\Archivos de programa\ScanSoft\OmniPageSE\opware32.exe C:\Archivos de programa\Java\j2re1.4.2_04\bin\jusched.exe C:\Archivos de programa\iHateSpam Outlook Express\siService.exe C:\Archivos de programa\IE New Window Maximizer\iemaximizer.exe C:\Archivos de programa\Aladdin Systems\DragStrip\DragStrip.exe C:\Archivos de programa\SpywareGuard\sgmain.exe C:\Archivos de programa\iHateSpam Outlook Express\siSpamFilterEngine.exe C:\WINDOWS\System32\ctfmon.exe C:\Archivos de programa\iHateSpam Outlook Express\siMailProxyServer.exe C:\Archivos de programa\SpywareGuard\sgbhp.exe C:\Archivos de programa\Messenger\msmsgs.exe C:\Archivos de programa\Link Wrangler Demo\LinkWranglerDemo.exe C:\Archivos de programa\Internet Explorer\IEXPLORE.EXE C:\Archivos de programa\Compass\Compass.exe C:\Archivos de programa\HijackThis.exe R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = VĂ*nculos F2 - REG:system.ini: UserInit=C:\Windows\System32\wsaupdater.exe, O2 - BHO: (no name) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\Archivos de programa\Yahoo!\Companion\Installs\cpn0\ycomp5_3_16_0.dll O2 - BHO: (no name) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Archivos de programa\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll O2 - BHO: (no name) - {4A368E80-174F-4872-96B5-0B27DDD11DB2} - C:\Archivos de programa\SpywareGuard\dlprotect.dll O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Archivos de programa\Spybot - Search & Destroy\SDHelper.dll O2 - BHO: (no name) - {626636D0-04B8-4241-84B5-8A6BC3F03501} - C:\ARCHIV~1\ABFINT~1\ABFIET~1.DLL O2 - BHO: (no name) - {724d43a9-0d85-11d4-9908-00400523e39a} - C:\Archivos de programa\Siber Systems\AI RoboForm\RoboForm.dll O2 - BHO: (no name) - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\archivos de programa\google\googletoolbar1.dll O2 - BHO: (no name) - {BDF3E430-B101-42AD-A544-FADC6B084872} - C:\Archivos de programa\Norton AntiVirus\NavShExt.dll (disabled by BHODemon) O2 - BHO: (no name) - {E479EDE1-923E-11D3-B82B-00E09871521B} - C:\Archivos de programa\Compass\CmpsIE.dll O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - C:\Archivos de programa\Norton AntiVirus\NavShExt.dll O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\system32\msdxm.ocx O3 - Toolbar: &RoboForm - {724d43a0-0d85-11d4-9908-00400523e39a} - C:\Archivos de programa\Siber Systems\AI RoboForm\RoboForm.dll O3 - Toolbar: ABF Internet Explorer Tools - {B2CE7F1F-9039-462A-B3B7-3935C3CCCCAC} - C:\ARCHIV~1\ABFINT~1\ABFIET~1.DLL O3 - Toolbar: Yahoo! Companion - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Archivos de programa\Yahoo!\Companion\Installs\cpn0\ycomp5_3_16_0.dll O3 - Toolbar: Hotmail Spam Filter - {58A83E4F-477A-4A3F-BF9B-B65BC2BD5598} - C:\Archivos de programa\iHateSpam Outlook Express\siClientUIHotmail.dll O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\archivos de programa\google\googletoolbar1.dll O4 - HKLM\..\Run: [HTpatch] C:\WINDOWS\htpatch.exe O4 - HKLM\..\Run: [nwiz] nwiz.exe /install O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\System32\NvCpl.dll,NvStartup O4 - HKLM\..\Run: [IMJPMIG8.1] "C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE" /Spoil /RemAdvDef /Migration32 O4 - HKLM\..\Run: [ccRegVfy] "C:\Archivos de programa\Archivos comunes\Symantec Shared\ccRegVfy.exe" O4 - HKLM\..\Run: [ccApp] "C:\Archivos de programa\Archivos comunes\Symantec Shared\ccApp.exe" O4 - HKLM\..\Run: [Advanced Tools Check] C:\ARCHIV~1\NORTON~1\AdvTools\ADVCHK.EXE O4 - HKLM\..\Run: [TkBellExe] "C:\Archivos de programa\Archivos comunes\Real\Update_OB\realsched.exe" -osboot O4 - HKLM\..\Run: [PHIME2002ASync] C:\WINDOWS\System32\IME\TINTLGNT\TINTSETP.EXE /SYNC O4 - HKLM\..\Run: [PHIME2002A] C:\WINDOWS\System32\IME\TINTLGNT\TINTSETP.EXE /IMEName O4 - HKLM\..\Run: [QuickTime Task] "C:\Archivos de programa\QuickTime\qttask.exe" -atboottime O4 - HKLM\..\Run: [Omnipage] C:\Archivos de programa\ScanSoft\OmniPageSE\opware32.exe O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Archivos de programa\Java\j2re1.4.2_04\bin\jusched.exe O4 - HKLM\..\Run: [siService.exe] "C:\Archivos de programa\iHateSpam Outlook Express\siService.exe" O4 - HKLM\..\Run: [searchbar] C:\WINDOWS\System32\vnmispoisn_downloader.exe O4 - HKLM\..\Run: [RunDLL] rundll32.exe "C:\WINDOWS\System32\bridge.dll",Load O4 - HKCU\..\Run: [IE New Window Maximizer] C:\Archivos de programa\IE New Window Maximizer\iemaximizer.exe O4 - HKCU\..\Run: [SoniqueQuickStart] C:\Archivos de programa\Sonique\sqstart.exe -nostick O4 - Startup: SpywareGuard.lnk = C:\Archivos de programa\SpywareGuard\sgmain.exe O4 - Global Startup: DragStrip.lnk = C:\Archivos de programa\Aladdin Systems\DragStrip\DragStrip.exe O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Restrictions present O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present O8 - Extra context menu item: &Copy Location - C:\WINDOWS\WEB\graburl.htm O8 - Extra context menu item: &Document Tree - C:\WINDOWS\web\tree.htm O8 - Extra context menu item: &Downlad Flash Files - C:\ARCHIV~1\FLASHU~1\FLASHH~1\save.htm O8 - Extra context menu item: &Google Search - res://C:\Archivos de programa\Google\GoogleToolbar1.dll/cmsearch.html O8 - Extra context menu item: AccountLogon - C:\WINDOWS\al-popup-zero.html O8 - Extra context menu item: Advanced Email Extractor - res://C:\Archivos%20de%20programa\Advanced%20Email%20Extractor%20PRO\AeePMsie.dll/page.html O8 - Extra context menu item: Backward &Links - res://C:\Archivos de programa\Google\GoogleToolbar1.dll/cmbacklinks.html O8 - Extra context menu item: Cac&hed Snapshot of Page - res://C:\Archivos de programa\Google\GoogleToolbar1.dll/cmcache.html O8 - Extra context menu item: Customize Menu &4 - file://C:\Archivos de programa\Siber Systems\AI RoboForm\RoboFormComCustomizeIEMenu.html O8 - Extra context menu item: E&xportar a Microsoft Excel - res://C:\ARCHIV~1\MICROS~2\Office10\EXCEL.EXE/3000 O8 - Extra context menu item: Fill Forms &] - file://C:\Archivos de programa\Siber Systems\AI RoboForm\RoboFormComFillForms.html O8 - Extra context menu item: ImTranslator - C:\ARCHIV~1\IMTRAN~1\startup.html O8 - Extra context menu item: Save Forms &[ - file://C:\Archivos de programa\Siber Systems\AI RoboForm\RoboFormComSavePass.html O8 - Extra context menu item: Scan link with AEE - res://C:\Archivos%20de%20programa\Advanced%20Email%20Extractor%20PRO\AeePMsie.dll/link.html O8 - Extra context menu item: Si&milar Pages - res://C:\Archivos de programa\Google\GoogleToolbar1.dll/cmsimilar.html O8 - Extra context menu item: Translate into English - res://C:\Archivos de programa\Google\GoogleToolbar1.dll/cmtrans.html O8 - Extra context menu item: View Partial So&urce - C:\WINDOWS\web\source.htm O9 - Extra 'Tools' menuitem: Consola de Sun Java (HKLM) O9 - Extra button: @C:\ARCHIV~1\ABFINT~1\ABFIET~1.DLL,-33@1033,ABF Internet Explorer Tools Options (HKLM) O9 - Extra 'Tools' menuitem: @C:\ARCHIV~1\ABFINT~1\ABFIET~1.DLL,-31@1033,ABF Internet Explorer Tools Options... (HKLM) O9 - Extra button: Fill Forms (HKLM) O9 - Extra 'Tools' menuitem: Fill Forms &] (HKLM) O9 - Extra button: Save (HKLM) O9 - Extra 'Tools' menuitem: Save Forms &[ (HKLM) O9 - Extra 'Tools' menuitem: &Document Tree (HKLM) O9 - Extra button: RoboForm (HKLM) O9 - Extra 'Tools' menuitem: RF Toolbar &2 (HKLM) O9 - Extra button: @C:\ARCHIV~1\ABFINT~1\ABFIET~1.DLL,-200@1033,Save all images (HKLM) O9 - Extra button: @C:\ARCHIV~1\ABFINT~1\ABFIET~1.DLL,-43@1033,About ABF Internet Explorer Tools (HKLM) O9 - Extra 'Tools' menuitem: @C:\ARCHIV~1\ABFINT~1\ABFIET~1.DLL,-41@1033,About ABF Internet Explorer Tools... (HKLM) O9 - Extra button: @C:\ARCHIV~1\ABFINT~1\ABFIET~1.DLL,-20@1033,Magnifier (HKLM) O9 - Extra button: Selected Links (HKLM) O9 - Extra 'Tools' menuitem: Selected Links (HKLM) O9 - Extra button: Flash Hunter (HKLM) O9 - Extra 'Tools' menuitem: &Flash Hunter (HKLM) O9 - Extra button: @C:\ARCHIV~1\ABFINT~1\ABFIET~1.DLL,-300@1033,Refresh (ignore cache) (HKLM) O9 - Extra button: @C:\ARCHIV~1\ABFINT~1\ABFIET~1.DLL,-10@1033,Page browser (HKLM) O9 - Extra 'Tools' menuitem: Add to R&estricted Zone (HKLM) O9 - Extra 'Tools' menuitem: Add to Tr&usted Zone (HKLM) O9 - Extra button: @C:\ARCHIV~1\ABFINT~1\ABFIET~1.DLL,-400@1033,Block pop-ups (HKLM) O9 - Extra button: @C:\ARCHIV~1\ABFINT~1\ABFIET~1.DLL,-100@1033,Refresh images (HKLM) O9 - Extra button: Messenger (HKLM) O9 - Extra 'Tools' menuitem: Messenger (HKLM) O9 - Extra button: Offline (HKLM) O9 - Extra button: AccountLogon (HKCU) O9 - Extra 'Tools' menuitem: AccountLogon (HKCU) O9 - Extra button: ImTranslator (HKCU) O9 - Extra 'Tools' menuitem: ImTranslator (HKCU) O9 - Extra button: Email Extractor (HKCU) O9 - Extra 'Tools' menuitem: Advanced Email Extractor (HKCU) O16 - DPF: Yahoo! Chat - http://us.chat1.yimg.com/us.yimg.com.../c381/chat.cab O16 - DPF: {166B1BCA-3F9C-11CF-8075-444553540000} (Shockwave ActiveX Control) - http://download.macromedia.com/pub/s...irector/sw.cab O16 - DPF: {2B323CD9-50E3-11D3-9466-00A0C9700498} (Yahoo! Audio Conferencing) - http://us.chat1.yimg.com/us.yimg.com...45/yacscom.cab O16 - DPF: {30528230-99F7-4BB4-88D8-FA1D4F56A2AB} (YInstStarter Class) - http://us.dl1.yimg.com/download.yaho.../yinst0401.cab O16 - DPF: {342999A3-728D-4DF6-BB81-CDD1A743096A} (MRActivXUI Class) - http://comp.mediaring.com/partner/pc...baxuiph514.cab O16 - DPF: {3E68E405-C6DE-49FF-83AE-41EE9F4C36CE} (Office Update Installation Engine) - http://office.microsoft.com/officeup...ntent/opuc.cab O16 - DPF: {6CB5E471-C305-11D3-99A8-000086395495} - http://toolbar.google.com/data/es/bi.../GoogleNav.cab O16 - DPF: {74D05D43-3236-11D4-BDCD-00C04F9A3B61} (HouseCall Control) - http://a840.g.akamai.net/7/840/537/b...ll/xscan53.cab O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://www.pandasoftware.com/activescan/as5/asinst.cab O16 - DPF: {9F1C11AA-197B-4942-BA54-47A8489BB47F} (Update Class) - http://v4.windowsupdate.microsoft.co...853.7981134259 O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload.macromedia.com/pub...sh/swflash.cab O17 - HKLM\System\CCS\Services\Tcpip\..\{0BE2870A-298D-481E-94CC-609B2A162E65}: NameServer = 200.51.254.238 200.51.209.22 Your help is very appreciated! |
| ||
| Re: bridge.dll and persistent annoyance Bridge.dll is added as a result of malware. Please do the following: Unzip HJT into it's own permanent folder before doing anything in order for it to create backups. (Not a temporary folder or directly on the desktop & not directly on your hard drive). Close all (browser) windows & rescan with hijackthis. When the scan is finished place a check in the box to the left of the following entries & click 'fix checked' : F2 - REG:system.ini: UserInit=C:\Windows\System32\wsaupdater.exe, These next two also unless you can vouch for them: O2 - BHO: (no name) - {626636D0-04B8-4241-84B5-8A6BC3F03501} - C:\ARCHIV~1\ABFINT~1\ABFIET~1.DLL O3 - Toolbar: ABF Internet Explorer Tools - {B2CE7F1F-9039-462A-B3B7-3935C3CCCCAC} - C:\ARCHIV~1\ABFINT~1\ABFIET~1.DLL O4 - HKLM\..\Run: [searchbar] C:\WINDOWS\System32\vnmispoisn_downloader.exe O4 - HKLM\..\Run: [RunDLL] rundll32.exe "C:\WINDOWS\System32\bridge.dll",Load These also unless you can vouch for them: O9 - Extra button: @C:\ARCHIV~1\ABFINT~1\ABFIET~1.DLL,-33@1033,ABF Internet Explorer Tools Options (HKLM) O9 - Extra 'Tools' menuitem: @C:\ARCHIV~1\ABFINT~1\ABFIET~1.DLL,-31@1033,ABF Internet Explorer Tools Options... (HKLM) O9 - Extra 'Tools' menuitem: @C:\ARCHIV~1\ABFINT~1\ABFIET~1.DLL,-41@1033,About ABF Internet Explorer Tools... (HKLM) O9 - Extra button: @C:\ARCHIV~1\ABFINT~1\ABFIET~1.DLL,-20@1033,Magnifier (HKLM) Reboot into safe mode following the instructions here & navigate to & delete the following if found: C:\WINDOWS\System32\vnmispoisn_downloader.exe< file Reboot normally after doing the above then post a fresh log plz. |
| ||
| Re: bridge.dll and persistent annoyance Thanks a lot. I did what you said, when restarted in safemode the file was there and deleted it. Heres the new log: Logfile of HijackThis v1.97.7 Scan saved at 07:48:35 p.m., on 19/06/2004 Platform: Windows XP SP1 (WinNT 5.01.2600) MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106) Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\Explorer.EXE F:\download\HijackThis.exe C:\WINDOWS\system32\NOTEPAD.EXE R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = VĂ*nculos O2 - BHO: IDM Helper - {0055C089-8582-441B-A0BF-17B458C2A3A8} - C:\Archivos de programa\Internet Download Manager\IDMIECC.dll O2 - BHO: (no name) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\Archivos de programa\Yahoo!\Companion\Installs\cpn0\ycomp5_3_16_0.dll O2 - BHO: (no name) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Archivos de programa\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll O2 - BHO: SpywareGuard Download Protection - {4A368E80-174F-4872-96B5-0B27DDD11DB2} - C:\Archivos de programa\SpywareGuard\dlprotect.dll O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\ARCHIV~1\SPYBOT~1\SDHelper.dll O2 - BHO: (no name) - {626636D0-04B8-4241-84B5-8A6BC3F03501} - C:\ARCHIV~1\ABFINT~1\ABFIET~1.DLL O2 - BHO: (no name) - {724d43a9-0d85-11d4-9908-00400523e39a} - C:\Archivos de programa\Siber Systems\AI RoboForm\RoboForm.dll O2 - BHO: (no name) - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\archivos de programa\google\googletoolbar1.dll O2 - BHO: (no name) - {BDF3E430-B101-42AD-A544-FADC6B084872} - C:\Archivos de programa\Norton AntiVirus\NavShExt.dll (disabled by BHODemon) O2 - BHO: (no name) - {E479EDE1-923E-11D3-B82B-00E09871521B} - C:\Archivos de programa\Compass\CmpsIE.dll O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - C:\Archivos de programa\Norton AntiVirus\NavShExt.dll O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\system32\msdxm.ocx O3 - Toolbar: &RoboForm - {724d43a0-0d85-11d4-9908-00400523e39a} - C:\Archivos de programa\Siber Systems\AI RoboForm\RoboForm.dll O3 - Toolbar: ABF Internet Explorer Tools - {B2CE7F1F-9039-462A-B3B7-3935C3CCCCAC} - C:\ARCHIV~1\ABFINT~1\ABFIET~1.DLL O3 - Toolbar: Yahoo! Companion - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Archivos de programa\Yahoo!\Companion\Installs\cpn0\ycomp5_3_16_0.dll O3 - Toolbar: Hotmail Spam Filter - {58A83E4F-477A-4A3F-BF9B-B65BC2BD5598} - C:\Archivos de programa\iHateSpam Outlook Express\siClientUIHotmail.dll O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\archivos de programa\google\googletoolbar1.dll O4 - HKLM\..\Run: [HTpatch] C:\WINDOWS\htpatch.exe O4 - HKLM\..\Run: [nwiz] nwiz.exe /install O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\System32\NvCpl.dll,NvStartup O4 - HKLM\..\Run: [IMJPMIG8.1] "C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE" /Spoil /RemAdvDef /Migration32 O4 - HKLM\..\Run: [ccRegVfy] "C:\Archivos de programa\Archivos comunes\Symantec Shared\ccRegVfy.exe" O4 - HKLM\..\Run: [ccApp] "C:\Archivos de programa\Archivos comunes\Symantec Shared\ccApp.exe" O4 - HKLM\..\Run: [Advanced Tools Check] C:\ARCHIV~1\NORTON~1\AdvTools\ADVCHK.EXE O4 - HKLM\..\Run: [PHIME2002ASync] C:\WINDOWS\System32\IME\TINTLGNT\TINTSETP.EXE /SYNC O4 - HKLM\..\Run: [PHIME2002A] C:\WINDOWS\System32\IME\TINTLGNT\TINTSETP.EXE /IMEName O4 - HKLM\..\Run: [Omnipage] C:\Archivos de programa\ScanSoft\OmniPageSE\opware32.exe O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Archivos de programa\Java\j2re1.4.2_04\bin\jusched.exe O4 - HKLM\..\Run: [siService.exe] "C:\Archivos de programa\iHateSpam Outlook Express\siService.exe" O4 - HKLM\..\Run: [MSConfig] C:\WINDOWS\PCHealth\HelpCtr\Binaries\MSConfig.exe /auto O4 - HKCU\..\Run: [IE New Window Maximizer] C:\Archivos de programa\IE New Window Maximizer\iemaximizer.exe O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Archivos de programa\Spybot - Search & Destroy\TeaTimer.exe O4 - Startup: SpywareGuard.lnk = C:\Archivos de programa\SpywareGuard\sgmain.exe O4 - Global Startup: DragStrip.lnk = C:\Archivos de programa\Aladdin Systems\DragStrip\DragStrip.exe O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Restrictions present O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present O8 - Extra context menu item: &Copy Location - C:\WINDOWS\WEB\graburl.htm O8 - Extra context menu item: &Document Tree - C:\WINDOWS\web\tree.htm O8 - Extra context menu item: &Downlad Flash Files - C:\ARCHIV~1\FLASHU~1\FLASHH~1\save.htm O8 - Extra context menu item: &Google Search - res://C:\Archivos de programa\Google\GoogleToolbar1.dll/cmsearch.html O8 - Extra context menu item: AccountLogon - C:\WINDOWS\al-popup-zero.html O8 - Extra context menu item: Advanced Email Extractor - res://C:\Archivos%20de%20programa\Advanced%20Email%20Extractor%20PRO\AeePMsie.dll/page.html O8 - Extra context menu item: Backward &Links - res://C:\Archivos de programa\Google\GoogleToolbar1.dll/cmbacklinks.html O8 - Extra context menu item: Cac&hed Snapshot of Page - res://C:\Archivos de programa\Google\GoogleToolbar1.dll/cmcache.html O8 - Extra context menu item: Customize Menu &4 - file://C:\Archivos de programa\Siber Systems\AI RoboForm\RoboFormComCustomizeIEMenu.html O8 - Extra context menu item: Download All Links with IDM - C:\Archivos de programa\Internet Download Manager\IEGetAll.htm O8 - Extra context menu item: Download with IDM - C:\Archivos de programa\Internet Download Manager\IEExt.htm O8 - Extra context menu item: E&xportar a Microsoft Excel - res://C:\ARCHIV~1\MICROS~2\Office10\EXCEL.EXE/3000 O8 - Extra context menu item: Fill Forms &] - file://C:\Archivos de programa\Siber Systems\AI RoboForm\RoboFormComFillForms.html O8 - Extra context menu item: ImTranslator - C:\ARCHIV~1\IMTRAN~1\startup.html O8 - Extra context menu item: Save Forms &[ - file://C:\Archivos de programa\Siber Systems\AI RoboForm\RoboFormComSavePass.html O8 - Extra context menu item: Scan link with AEE - res://C:\Archivos%20de%20programa\Advanced%20Email%20Extractor%20PRO\AeePMsie.dll/link.html O8 - Extra context menu item: Si&milar Pages - res://C:\Archivos de programa\Google\GoogleToolbar1.dll/cmsimilar.html O8 - Extra context menu item: Translate into English - res://C:\Archivos de programa\Google\GoogleToolbar1.dll/cmtrans.html O8 - Extra context menu item: View Partial So&urce - C:\WINDOWS\web\source.htm O9 - Extra 'Tools' menuitem: Consola de Sun Java (HKLM) O9 - Extra button: @C:\ARCHIV~1\ABFINT~1\ABFIET~1.DLL,-33@1033,ABF Internet Explorer Tools Options (HKLM) O9 - Extra 'Tools' menuitem: @C:\ARCHIV~1\ABFINT~1\ABFIET~1.DLL,-31@1033,ABF Internet Explorer Tools Options... (HKLM) O9 - Extra button: Fill Forms (HKLM) O9 - Extra 'Tools' menuitem: Fill Forms &] (HKLM) O9 - Extra button: Save (HKLM) O9 - Extra 'Tools' menuitem: Save Forms &[ (HKLM) O9 - Extra 'Tools' menuitem: &Document Tree (HKLM) O9 - Extra button: RoboForm (HKLM) O9 - Extra 'Tools' menuitem: RF Toolbar &2 (HKLM) O9 - Extra button: @C:\ARCHIV~1\ABFINT~1\ABFIET~1.DLL,-200@1033,Save all images (HKLM) O9 - Extra button: @C:\ARCHIV~1\ABFINT~1\ABFIET~1.DLL,-43@1033,About ABF Internet Explorer Tools (HKLM) O9 - Extra 'Tools' menuitem: @C:\ARCHIV~1\ABFINT~1\ABFIET~1.DLL,-41@1033,About ABF Internet Explorer Tools... (HKLM) O9 - Extra button: @C:\ARCHIV~1\ABFINT~1\ABFIET~1.DLL,-20@1033,Magnifier (HKLM) O9 - Extra button: Selected Links (HKLM) O9 - Extra 'Tools' menuitem: Selected Links (HKLM) O9 - Extra button: Flash Hunter (HKLM) O9 - Extra 'Tools' menuitem: &Flash Hunter (HKLM) O9 - Extra button: @C:\ARCHIV~1\ABFINT~1\ABFIET~1.DLL,-300@1033,Refresh (ignore cache) (HKLM) O9 - Extra button: @C:\ARCHIV~1\ABFINT~1\ABFIET~1.DLL,-10@1033,Page browser (HKLM) O9 - Extra 'Tools' menuitem: Add to R&estricted Zone (HKLM) O9 - Extra 'Tools' menuitem: Add to Tr&usted Zone (HKLM) O9 - Extra button: @C:\ARCHIV~1\ABFINT~1\ABFIET~1.DLL,-400@1033,Block pop-ups (HKLM) O9 - Extra button: @C:\ARCHIV~1\ABFINT~1\ABFIET~1.DLL,-100@1033,Refresh images (HKLM) O9 - Extra button: Messenger (HKLM) O9 - Extra 'Tools' menuitem: Messenger (HKLM) O9 - Extra button: Offline (HKLM) O9 - Extra button: AccountLogon (HKCU) O9 - Extra 'Tools' menuitem: AccountLogon (HKCU) O9 - Extra button: ImTranslator (HKCU) O9 - Extra 'Tools' menuitem: ImTranslator (HKCU) O9 - Extra button: Email Extractor (HKCU) O9 - Extra 'Tools' menuitem: Advanced Email Extractor (HKCU) O10 - Unknown file in Winsock LSP: c:\windows\system32\idmmbc.dll O10 - Unknown file in Winsock LSP: c:\windows\system32\idmmbc.dll O10 - Unknown file in Winsock LSP: c:\windows\system32\idmmbc.dll O10 - Unknown file in Winsock LSP: c:\windows\system32\idmmbc.dll O10 - Unknown file in Winsock LSP: c:\windows\system32\idmmbc.dll O16 - DPF: Yahoo! Chat - http://us.chat1.yimg.com/us.yimg.com.../c381/chat.cab O16 - DPF: {166B1BCA-3F9C-11CF-8075-444553540000} (Shockwave ActiveX Control) - http://download.macromedia.com/pub/s...irector/sw.cab O16 - DPF: {2B323CD9-50E3-11D3-9466-00A0C9700498} (Yahoo! Audio Conferencing) - http://us.chat1.yimg.com/us.yimg.com...45/yacscom.cab O16 - DPF: {30528230-99F7-4BB4-88D8-FA1D4F56A2AB} (YInstStarter Class) - http://us.dl1.yimg.com/download.yaho.../yinst0401.cab O16 - DPF: {342999A3-728D-4DF6-BB81-CDD1A743096A} (MRActivXUI Class) - http://comp.mediaring.com/partner/pc...baxuiph514.cab O16 - DPF: {3E68E405-C6DE-49FF-83AE-41EE9F4C36CE} (Office Update Installation Engine) - http://office.microsoft.com/officeup...ntent/opuc.cab O16 - DPF: {6CB5E471-C305-11D3-99A8-000086395495} - http://toolbar.google.com/data/es/bi.../GoogleNav.cab O16 - DPF: {74D05D43-3236-11D4-BDCD-00C04F9A3B61} (HouseCall Control) - http://a840.g.akamai.net/7/840/537/b...ll/xscan53.cab O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://www.pandasoftware.com/activescan/as5/asinst.cab O16 - DPF: {9F1C11AA-197B-4942-BA54-47A8489BB47F} (Update Class) - http://v4.windowsupdate.microsoft.co...853.7981134259 O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload.macromedia.com/pub...sh/swflash.cab Am I clean? |
| ||
| Re: bridge.dll and persistent annoyance About ABF is ok is just a toolbar I installed time ago but they are real helpers for IE such pop up blocker, zoom on images and so on. The thing is that after that ran Ad aware and: Vendor:Possible Browser Hijack attempt Category:Data Miner Object Type:RegData Size:- Location:Software\Microsoft\Internet Explorer\Main "Start Page" ("about:blank") Last Activity:19/06/2004 Risk LevelMedium Comment:Possible browser hijack attempt Description:Possible attempt to control\redirect the browser. This object referrs to a "blacklisted" site. I think that means my spybot resident and spyguard (i have both runing to prevent) are trying to keep safe my about:blank page that's what I set up... am I right? Or still have a pest hidden? |
| ||
| Re: bridge.dll and persistent annoyance ran spybot sd after that and: Congratulations!: No immediate threats were found. () --- Spybot - Search && Destroy version: 1.3 --- 2004-06-16 Includes\Cookies.sbi 2004-06-16 Includes\Dialer.sbi 2004-06-16 Includes\Hijackers.sbi 2004-06-16 Includes\Keyloggers.sbi 2004-05-12 Includes\LSP.sbi 2004-06-16 Includes\Malware.sbi 2003-04-28 Includes\plugin-ignore.ini 2004-06-16 Includes\Revision.sbi 2004-06-16 Includes\Security.sbi 2004-06-16 Includes\Spybots.sbi 2003-08-28 Includes\Temporary.sbi 2004-06-16 Includes\Tracks.uti 2004-06-16 Includes\Trojans.sbi ? |
| ||
| Re: bridge.dll and persistent annoyance Because there is a legitimate about:blank from M$, adaware will sometimes flag it as a possible hijack. If you notice in internet options in IE, there is a *use blank* as your homepage. Can see no signs of about:blank (the baddy) in your log :) |
| ||
| Re: bridge.dll and persistent annoyance Quote:
|
| All times are GMT -4. The time now is 9:56 am. |
Forum system based on vBulletin Copyright ©2000 - 2009, Jelsoft Enterprises Ltd.
©2003 - 2009 DaniWeb® LLC