Hi Crunchie, I have no idea what Body01part is, I will try and find out before I do anything. It may be a couple of days before I can get back to the machine.
Many thanks for you help.
Bob.

Hi Crunchie, done everhing ou said, but cannot find p2p networking???
Here is the new hjt file.

Logfile of HijackThis v1.97.7
Scan saved at 12:37:37, on 11/05/2004
Platform: Windows XP SP1 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Sygate\SPF\smc.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Common Files\EPSON\EBAPI\eEBSVC.exe
C:\Program Files\Common Files\EPSON\EBAPI\SAgent2.exe
C:\WINDOWS\System32\nvsvc32.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Messenger Plus! 2\MsgPlus.exe
C:\WINDOWS\System32\gsicon.exe
C:\WINDOWS\System32\dslagent.exe
C:\Program Files\QuickTime\qttask.exe
C:\Program Files\Ulead Systems\Ulead Photo Express 3.0 SE\CalCheck.exe
C:\PROGRA~1\INCRED~1\bin\IMApp.exe
C:\Program Files\BT Broadband\Help\bin\mpbtn.exe
C:\Program Files\MSN Messenger\msnmsgr.exe
C:\Documents and Settings\Leanne Belmore\Desktop\HijackThis.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.wanadoo.co.uk/
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE NvQTwk,NvCplDaemon initialize
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [MessengerPlus2] "C:\Program Files\Messenger Plus! 2\MsgPlus.exe"
O4 - HKLM\..\Run: [GSICONEXE] gsicon.exe
O4 - HKLM\..\Run: [DSLAGENTEXE] dslagent.exe USB
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [SmcService] C:\PROGRA~1\Sygate\SPF\smc.exe -startgui
O4 - HKLM\..\Run: [1 upload] C:\PROGRA~1\BODY01~1\Warn stop.exe
O4 - HKCU\..\Run: [MoneyAgent] "C:\Program Files\Microsoft Money\System\Money Express.exe"
O4 - HKCU\..\Run: [MessengerPlus2] "C:\Program Files\Messenger Plus! 2\MsgPlus.exe" /WinStart
O4 - HKCU\..\Run: [IncrediMail] C:\PROGRA~1\INCRED~1\bin\IncMail.exe /c
O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\MSN Messenger\msnmsgr.exe" /background
O4 - Global Startup: BT Broadband Help.lnk = C:\Program Files\BT Broadband\Help\bin\matcli.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office\OSA9.EXE
O4 - Global Startup: Ulead Photo Express 3.0 SE Calendar Checker.lnk = C:\Program Files\Ulead Systems\Ulead Photo Express 3.0 SE\CalCheck.exe
O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O8 - Extra context menu item: &Add animation to IncrediMail Style Box - C:\PROGRA~1\INCRED~1\bin\resources\WebMenuImg.htm
O9 - Extra button: Money Viewer (HKLM)
O9 - Extra button: Messenger (HKLM)
O9 - Extra 'Tools' menuitem: Windows Messenger (HKLM)
O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll
O14 - IERESET.INF: START_PAGE_URL=http://www.btopenworld.com/togetherinternet
O16 - DPF: {166B1BCA-3F9C-11CF-8075-444553540000} (Shockwave ActiveX Control) - http://active.macromedia.com/director/cabs/sw.cab
O16 - DPF: {62475759-9E84-458E-A1AB-5D2C442ADFDE} - http://a1540.g.akamai.net/7/1540/52/...eInstaller.exe
O16 - DPF: {74D05D43-3236-11D4-BDCD-00C04F9A3B61} (HouseCall Control) - http://a840.g.akamai.net/7/840/537/2...ll/xscan53.cab
O16 - DPF: {8EF27A70-DD04-11D6-B7F6-00A0C9CD5F8A} - http://www.quikshield.com/qshsetup.exe
O16 - DPF: {9DD6A49C-CF35-4544-BF13-34DF413BCF7A} ({9DD6A49C-CF35-4544-BF13-34DF413BCF7A}) - http://195.39.204.19/codebase/Stealthnet.cab
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://download.macromedia.com/pub/s...sh/swflash.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{BCE8A7D0-5ABA-41E8-B7F6-CB48BEF6F79F}: NameServer = 194.74.65.69 217.35.209.180

Once again, many thanks for you help, Bob.

Apart from this one C:\PROGRA~1\BODY01~1\Warn stop.exe the log is good.
P2P networking I think I mixed you up with another log. Sorry. What I think I meant was uninstall messenger plus as it comes with LOP. You can reinstall it manually but do not install the 3rd party sponsor.

I was concerned about viruses, specifically, sasser. I downloaded a trial copy of Norton, and scanned my computer. There were over 50 files that could not be deleted. I made changes to my registry, as recommended, and I was able to delete most of the files (most were related to Actware). I am receiving the same message as another poster (cannot find bridge.dll). I printed the responses and when I get home, I will attempt this process. However, I am unable to access the internet now. I attempted to import the backup copy of the registry that I have, but I am unable to because some processes are open. I am not able to identify the processes in task manager. Long story short, I have big problems. Is the bridge.dll file related to IE? Also, my modem is not being recognized.

I'm running XP.

Any help would be appreciated.

Thank you.

Bridge.dll is installed by a browser hijacker. It sounds like you have corrupted your registry there. With your registry backup, can you just double click on it & have it restore? You may have to reinstall your modem drivers also. Once up & running Download & instal Adaware from here
& update it B4 scanning.
In settings under 'scanning,' have it set to
'scan within archives,'
'scan active processes,'
'scan registry,'
'deepscan registry'
'scan my IE Favourites for banned URL's,'
'scan my host's file.'
In 'tweaks' under 'scanning engine' set it to 'unload recognised processes during scanning.'
Also in 'tweaks' under 'cleaning engine' set it to 'Automatically try to unregister objects prior to deletion' & 'let Windows remove files in use at next reboot.'
Select 'activate in-depth scan' before starting scan.
When the scan is finished select 'next.'
Remove what it finds by placing a check in the box to the left of the object. Reboot

Download & instal Spybot S&D from here Update it B4 scanning. Go into settings & have it check for Beta releases also & download if available.
After the scan is complete, have spybot fix everything marked RED.
On the page that first opens when you start Spybot there is an option to immunise, you should do this. In the immunise section there is also a link to download Spywareblaster. Download that & you can keep it updated by selecting the same link that you use to download it. Reboot

Download HijackThis from here & unzip it into it's own, permanent folder, (not a temporary folder & not on the desktop). Start HJT & press the scan button. When the scan is finished the scan button will change to save. Save the log to a text file, copy the entire contents of the text file & paste it into the body of your post. DO NOT FIX ANYTHING YET. Most of what is there is harmless & even necessary to the running of your system.

proettger,

Please follow the advice crunchie gave above. It becomes very difficult to efficiently solve members' problems when questions are being asked by mutiple members in a single thread. This is especially true of threads that contain many long and complex HijackThis logs. If you need to pursue your problem further, start a new thread in this forum.

Thanks for understanding.

I appreciate the help Crunchie. This is the 1st time I've posted in any forum. I actually found this site when I did a search on bridge.dll. It's a great site, tons of info. I'm not sure if double clicking on the registry backup will work. I tried to import it, but there were processes open that prevented it. I'm not sure what processes to close. I'm at work now, but when I get home, I'll give it a whirl.

I'll let you know how it goes. Since I can't access the Internet, I'm having a friend bring a computer over tonight. Hopefully, I won't need it.

Thanks again.

Hi Crunchie,
I have fixed C:\PROGRA~1\BODY01~1\Warn stop.exe must have copied the txt file before doing it, I have also removed the body01part folder. I will remove Messenger plus (I don't think it is used anyway).

Once again Crunchie, many, many thanks for you help. Bob

No problem, happy to help.