 |  |  |  |  |  |  |  |
bridge.dll and persistent annoyance
Thread Solved
 |
I'm detecting and removing persistant annoyances.
Ad aware finds and removes and also Spybot SD, but
they come back. I'm specially worried about "Bridge"
should I remove bridge.dll? Is that safe?
Please help me with this HJT log:
Logfile of HijackThis v1.97.7
Scan saved at 08:44:35 p.m., on 18/06/2004
Platform: Windows XP SP1 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Archivos de programa\Archivos comunes\Symantec Shared\ccEvtMgr.exe
C:\WINDOWS\Explorer.EXE
C:\Archivos de programa\Archivos comunes\Microsoft Shared\VS7Debug\mdm.exe
C:\Archivos de programa\Norton AntiVirus\navapsvc.exe
C:\Archivos de programa\Norton AntiVirus\AdvTools\NPROTECT.EXE
C:\WINDOWS\System32\nvsvc32.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\htpatch.exe
C:\Archivos de programa\Archivos comunes\Symantec Shared\ccApp.exe
C:\Archivos de programa\Archivos comunes\Real\Update_OB\realsched.exe
C:\Archivos de programa\ScanSoft\OmniPageSE\opware32.exe
C:\Archivos de programa\Java\j2re1.4.2_04\bin\jusched.exe
C:\Archivos de programa\iHateSpam Outlook Express\siService.exe
C:\Archivos de programa\IE New Window Maximizer\iemaximizer.exe
C:\Archivos de programa\Aladdin Systems\DragStrip\DragStrip.exe
C:\Archivos de programa\SpywareGuard\sgmain.exe
C:\Archivos de programa\iHateSpam Outlook Express\siSpamFilterEngine.exe
C:\WINDOWS\System32\ctfmon.exe
C:\Archivos de programa\iHateSpam Outlook Express\siMailProxyServer.exe
C:\Archivos de programa\SpywareGuard\sgbhp.exe
C:\Archivos de programa\Messenger\msmsgs.exe
C:\Archivos de programa\Link Wrangler Demo\LinkWranglerDemo.exe
C:\Archivos de programa\Internet Explorer\IEXPLORE.EXE
C:\Archivos de programa\Compass\Compass.exe
C:\Archivos de programa\HijackThis.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = VĂ*nculos
F2 - REG:system.ini: UserInit=C:\Windows\System32\wsaupdater.exe,
O2 - BHO: (no name) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\Archivos de programa\Yahoo!\Companion\Installs\cpn0\ycomp5_3_16_0.dll
O2 - BHO: (no name) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Archivos de programa\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {4A368E80-174F-4872-96B5-0B27DDD11DB2} - C:\Archivos de programa\SpywareGuard\dlprotect.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Archivos de programa\Spybot - Search & Destroy\SDHelper.dll
O2 - BHO: (no name) - {626636D0-04B8-4241-84B5-8A6BC3F03501} - C:\ARCHIV~1\ABFINT~1\ABFIET~1.DLL
O2 - BHO: (no name) - {724d43a9-0d85-11d4-9908-00400523e39a} - C:\Archivos de programa\Siber Systems\AI RoboForm\RoboForm.dll
O2 - BHO: (no name) - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\archivos de programa\google\googletoolbar1.dll
O2 - BHO: (no name) - {BDF3E430-B101-42AD-A544-FADC6B084872} - C:\Archivos de programa\Norton AntiVirus\NavShExt.dll (disabled by BHODemon)
O2 - BHO: (no name) - {E479EDE1-923E-11D3-B82B-00E09871521B} - C:\Archivos de programa\Compass\CmpsIE.dll
O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - C:\Archivos de programa\Norton AntiVirus\NavShExt.dll
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\system32\msdxm.ocx
O3 - Toolbar: &RoboForm - {724d43a0-0d85-11d4-9908-00400523e39a} - C:\Archivos de programa\Siber Systems\AI RoboForm\RoboForm.dll
O3 - Toolbar: ABF Internet Explorer Tools - {B2CE7F1F-9039-462A-B3B7-3935C3CCCCAC} - C:\ARCHIV~1\ABFINT~1\ABFIET~1.DLL
O3 - Toolbar: Yahoo! Companion - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Archivos de programa\Yahoo!\Companion\Installs\cpn0\ycomp5_3_16_0.dll
O3 - Toolbar: Hotmail Spam Filter - {58A83E4F-477A-4A3F-BF9B-B65BC2BD5598} - C:\Archivos de programa\iHateSpam Outlook Express\siClientUIHotmail.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\archivos de programa\google\googletoolbar1.dll
O4 - HKLM\..\Run: [HTpatch] C:\WINDOWS\htpatch.exe
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\System32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [IMJPMIG8.1] "C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE" /Spoil /RemAdvDef /Migration32
O4 - HKLM\..\Run: [ccRegVfy] "C:\Archivos de programa\Archivos comunes\Symantec Shared\ccRegVfy.exe"
O4 - HKLM\..\Run: [ccApp] "C:\Archivos de programa\Archivos comunes\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [Advanced Tools Check] C:\ARCHIV~1\NORTON~1\AdvTools\ADVCHK.EXE
O4 - HKLM\..\Run: [TkBellExe] "C:\Archivos de programa\Archivos comunes\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [PHIME2002ASync] C:\WINDOWS\System32\IME\TINTLGNT\TINTSETP.EXE /SYNC
O4 - HKLM\..\Run: [PHIME2002A] C:\WINDOWS\System32\IME\TINTLGNT\TINTSETP.EXE /IMEName
O4 - HKLM\..\Run: [QuickTime Task] "C:\Archivos de programa\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [Omnipage] C:\Archivos de programa\ScanSoft\OmniPageSE\opware32.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Archivos de programa\Java\j2re1.4.2_04\bin\jusched.exe
O4 - HKLM\..\Run: [siService.exe] "C:\Archivos de programa\iHateSpam Outlook Express\siService.exe"
O4 - HKLM\..\Run: [searchbar] C:\WINDOWS\System32\vnmispoisn_downloader.exe
O4 - HKLM\..\Run: [RunDLL] rundll32.exe "C:\WINDOWS\System32\bridge.dll",Load
O4 - HKCU\..\Run: [IE New Window Maximizer] C:\Archivos de programa\IE New Window Maximizer\iemaximizer.exe
O4 - HKCU\..\Run: [SoniqueQuickStart] C:\Archivos de programa\Sonique\sqstart.exe -nostick
O4 - Startup: SpywareGuard.lnk = C:\Archivos de programa\SpywareGuard\sgmain.exe
O4 - Global Startup: DragStrip.lnk = C:\Archivos de programa\Aladdin Systems\DragStrip\DragStrip.exe
O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O8 - Extra context menu item: &Copy Location - C:\WINDOWS\WEB\graburl.htm
O8 - Extra context menu item: &Document Tree - C:\WINDOWS\web\tree.htm
O8 - Extra context menu item: &Downlad Flash Files - C:\ARCHIV~1\FLASHU~1\FLASHH~1\save.htm
O8 - Extra context menu item: &Google Search - res://C:\Archivos de programa\Google\GoogleToolbar1.dll/cmsearch.html
O8 - Extra context menu item: AccountLogon - C:\WINDOWS\al-popup-zero.html
O8 - Extra context menu item: Advanced Email Extractor - res://C:\Archivos%20de%20programa\Advanced%20Email%20Extractor%20PRO\AeePMsie.dll/page.html
O8 - Extra context menu item: Backward &Links - res://C:\Archivos de programa\Google\GoogleToolbar1.dll/cmbacklinks.html
O8 - Extra context menu item: Cac&hed Snapshot of Page - res://C:\Archivos de programa\Google\GoogleToolbar1.dll/cmcache.html
O8 - Extra context menu item: Customize Menu &4 - file://C:\Archivos de programa\Siber Systems\AI RoboForm\RoboFormComCustomizeIEMenu.html
O8 - Extra context menu item: E&xportar a Microsoft Excel - res://C:\ARCHIV~1\MICROS~2\Office10\EXCEL.EXE/3000
O8 - Extra context menu item: Fill Forms &] - file://C:\Archivos de programa\Siber Systems\AI RoboForm\RoboFormComFillForms.html
O8 - Extra context menu item: ImTranslator - C:\ARCHIV~1\IMTRAN~1\startup.html
O8 - Extra context menu item: Save Forms &[ - file://C:\Archivos de programa\Siber Systems\AI RoboForm\RoboFormComSavePass.html
O8 - Extra context menu item: Scan link with AEE - res://C:\Archivos%20de%20programa\Advanced%20Email%20Extractor%20PRO\AeePMsie.dll/link.html
O8 - Extra context menu item: Si&milar Pages - res://C:\Archivos de programa\Google\GoogleToolbar1.dll/cmsimilar.html
O8 - Extra context menu item: Translate into English - res://C:\Archivos de programa\Google\GoogleToolbar1.dll/cmtrans.html
O8 - Extra context menu item: View Partial So&urce - C:\WINDOWS\web\source.htm
O9 - Extra 'Tools' menuitem: Consola de Sun Java (HKLM)
O9 - Extra button: @C:\ARCHIV~1\ABFINT~1\ABFIET~1.DLL,-33@1033,ABF Internet Explorer Tools Options (HKLM)
O9 - Extra 'Tools' menuitem: @C:\ARCHIV~1\ABFINT~1\ABFIET~1.DLL,-31@1033,ABF Internet Explorer Tools Options... (HKLM)
O9 - Extra button: Fill Forms (HKLM)
O9 - Extra 'Tools' menuitem: Fill Forms &] (HKLM)
O9 - Extra button: Save (HKLM)
O9 - Extra 'Tools' menuitem: Save Forms &[ (HKLM)
O9 - Extra 'Tools' menuitem: &Document Tree (HKLM)
O9 - Extra button: RoboForm (HKLM)
O9 - Extra 'Tools' menuitem: RF Toolbar &2 (HKLM)
O9 - Extra button: @C:\ARCHIV~1\ABFINT~1\ABFIET~1.DLL,-200@1033,Save all images (HKLM)
O9 - Extra button: @C:\ARCHIV~1\ABFINT~1\ABFIET~1.DLL,-43@1033,About ABF Internet Explorer Tools (HKLM)
O9 - Extra 'Tools' menuitem: @C:\ARCHIV~1\ABFINT~1\ABFIET~1.DLL,-41@1033,About ABF Internet Explorer Tools... (HKLM)
O9 - Extra button: @C:\ARCHIV~1\ABFINT~1\ABFIET~1.DLL,-20@1033,Magnifier (HKLM)
O9 - Extra button: Selected Links (HKLM)
O9 - Extra 'Tools' menuitem: Selected Links (HKLM)
O9 - Extra button: Flash Hunter (HKLM)
O9 - Extra 'Tools' menuitem: &Flash Hunter (HKLM)
O9 - Extra button: @C:\ARCHIV~1\ABFINT~1\ABFIET~1.DLL,-300@1033,Refresh (ignore cache) (HKLM)
O9 - Extra button: @C:\ARCHIV~1\ABFINT~1\ABFIET~1.DLL,-10@1033,Page browser (HKLM)
O9 - Extra 'Tools' menuitem: Add to R&estricted Zone (HKLM)
O9 - Extra 'Tools' menuitem: Add to Tr&usted Zone (HKLM)
O9 - Extra button: @C:\ARCHIV~1\ABFINT~1\ABFIET~1.DLL,-400@1033,Block pop-ups (HKLM)
O9 - Extra button: @C:\ARCHIV~1\ABFINT~1\ABFIET~1.DLL,-100@1033,Refresh images (HKLM)
O9 - Extra button: Messenger (HKLM)
O9 - Extra 'Tools' menuitem: Messenger (HKLM)
O9 - Extra button: Offline (HKLM)
O9 - Extra button: AccountLogon (HKCU)
O9 - Extra 'Tools' menuitem: AccountLogon (HKCU)
O9 - Extra button: ImTranslator (HKCU)
O9 - Extra 'Tools' menuitem: ImTranslator (HKCU)
O9 - Extra button: Email Extractor (HKCU)
O9 - Extra 'Tools' menuitem: Advanced Email Extractor (HKCU)
O16 - DPF: Yahoo! Chat - http://us.chat1.yimg.com/us.yimg.com.../c381/chat.cab
O16 - DPF: {166B1BCA-3F9C-11CF-8075-444553540000} (Shockwave ActiveX Control) - http://download.macromedia.com/pub/s...irector/sw.cab
O16 - DPF: {2B323CD9-50E3-11D3-9466-00A0C9700498} (Yahoo! Audio Conferencing) - http://us.chat1.yimg.com/us.yimg.com...45/yacscom.cab
O16 - DPF: {30528230-99F7-4BB4-88D8-FA1D4F56A2AB} (YInstStarter Class) - http://us.dl1.yimg.com/download.yaho.../yinst0401.cab
O16 - DPF: {342999A3-728D-4DF6-BB81-CDD1A743096A} (MRActivXUI Class) - http://comp.mediaring.com/partner/pc...baxuiph514.cab
O16 - DPF: {3E68E405-C6DE-49FF-83AE-41EE9F4C36CE} (Office Update Installation Engine) - http://office.microsoft.com/officeup...ntent/opuc.cab
O16 - DPF: {6CB5E471-C305-11D3-99A8-000086395495} - http://toolbar.google.com/data/es/bi.../GoogleNav.cab
O16 - DPF: {74D05D43-3236-11D4-BDCD-00C04F9A3B61} (HouseCall Control) - http://a840.g.akamai.net/7/840/537/b...ll/xscan53.cab
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://www.pandasoftware.com/activescan/as5/asinst.cab
O16 - DPF: {9F1C11AA-197B-4942-BA54-47A8489BB47F} (Update Class) - http://v4.windowsupdate.microsoft.co...853.7981134259
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload.macromedia.com/pub...sh/swflash.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{0BE2870A-298D-481E-94CC-609B2A162E65}: NameServer = 200.51.254.238 200.51.209.22
Your help is very appreciated!
Ad aware finds and removes and also Spybot SD, but
they come back. I'm specially worried about "Bridge"
should I remove bridge.dll? Is that safe?
Please help me with this HJT log:
Logfile of HijackThis v1.97.7
Scan saved at 08:44:35 p.m., on 18/06/2004
Platform: Windows XP SP1 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Archivos de programa\Archivos comunes\Symantec Shared\ccEvtMgr.exe
C:\WINDOWS\Explorer.EXE
C:\Archivos de programa\Archivos comunes\Microsoft Shared\VS7Debug\mdm.exe
C:\Archivos de programa\Norton AntiVirus\navapsvc.exe
C:\Archivos de programa\Norton AntiVirus\AdvTools\NPROTECT.EXE
C:\WINDOWS\System32\nvsvc32.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\htpatch.exe
C:\Archivos de programa\Archivos comunes\Symantec Shared\ccApp.exe
C:\Archivos de programa\Archivos comunes\Real\Update_OB\realsched.exe
C:\Archivos de programa\ScanSoft\OmniPageSE\opware32.exe
C:\Archivos de programa\Java\j2re1.4.2_04\bin\jusched.exe
C:\Archivos de programa\iHateSpam Outlook Express\siService.exe
C:\Archivos de programa\IE New Window Maximizer\iemaximizer.exe
C:\Archivos de programa\Aladdin Systems\DragStrip\DragStrip.exe
C:\Archivos de programa\SpywareGuard\sgmain.exe
C:\Archivos de programa\iHateSpam Outlook Express\siSpamFilterEngine.exe
C:\WINDOWS\System32\ctfmon.exe
C:\Archivos de programa\iHateSpam Outlook Express\siMailProxyServer.exe
C:\Archivos de programa\SpywareGuard\sgbhp.exe
C:\Archivos de programa\Messenger\msmsgs.exe
C:\Archivos de programa\Link Wrangler Demo\LinkWranglerDemo.exe
C:\Archivos de programa\Internet Explorer\IEXPLORE.EXE
C:\Archivos de programa\Compass\Compass.exe
C:\Archivos de programa\HijackThis.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = VĂ*nculos
F2 - REG:system.ini: UserInit=C:\Windows\System32\wsaupdater.exe,
O2 - BHO: (no name) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\Archivos de programa\Yahoo!\Companion\Installs\cpn0\ycomp5_3_16_0.dll
O2 - BHO: (no name) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Archivos de programa\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {4A368E80-174F-4872-96B5-0B27DDD11DB2} - C:\Archivos de programa\SpywareGuard\dlprotect.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Archivos de programa\Spybot - Search & Destroy\SDHelper.dll
O2 - BHO: (no name) - {626636D0-04B8-4241-84B5-8A6BC3F03501} - C:\ARCHIV~1\ABFINT~1\ABFIET~1.DLL
O2 - BHO: (no name) - {724d43a9-0d85-11d4-9908-00400523e39a} - C:\Archivos de programa\Siber Systems\AI RoboForm\RoboForm.dll
O2 - BHO: (no name) - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\archivos de programa\google\googletoolbar1.dll
O2 - BHO: (no name) - {BDF3E430-B101-42AD-A544-FADC6B084872} - C:\Archivos de programa\Norton AntiVirus\NavShExt.dll (disabled by BHODemon)
O2 - BHO: (no name) - {E479EDE1-923E-11D3-B82B-00E09871521B} - C:\Archivos de programa\Compass\CmpsIE.dll
O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - C:\Archivos de programa\Norton AntiVirus\NavShExt.dll
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\system32\msdxm.ocx
O3 - Toolbar: &RoboForm - {724d43a0-0d85-11d4-9908-00400523e39a} - C:\Archivos de programa\Siber Systems\AI RoboForm\RoboForm.dll
O3 - Toolbar: ABF Internet Explorer Tools - {B2CE7F1F-9039-462A-B3B7-3935C3CCCCAC} - C:\ARCHIV~1\ABFINT~1\ABFIET~1.DLL
O3 - Toolbar: Yahoo! Companion - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Archivos de programa\Yahoo!\Companion\Installs\cpn0\ycomp5_3_16_0.dll
O3 - Toolbar: Hotmail Spam Filter - {58A83E4F-477A-4A3F-BF9B-B65BC2BD5598} - C:\Archivos de programa\iHateSpam Outlook Express\siClientUIHotmail.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\archivos de programa\google\googletoolbar1.dll
O4 - HKLM\..\Run: [HTpatch] C:\WINDOWS\htpatch.exe
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\System32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [IMJPMIG8.1] "C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE" /Spoil /RemAdvDef /Migration32
O4 - HKLM\..\Run: [ccRegVfy] "C:\Archivos de programa\Archivos comunes\Symantec Shared\ccRegVfy.exe"
O4 - HKLM\..\Run: [ccApp] "C:\Archivos de programa\Archivos comunes\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [Advanced Tools Check] C:\ARCHIV~1\NORTON~1\AdvTools\ADVCHK.EXE
O4 - HKLM\..\Run: [TkBellExe] "C:\Archivos de programa\Archivos comunes\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [PHIME2002ASync] C:\WINDOWS\System32\IME\TINTLGNT\TINTSETP.EXE /SYNC
O4 - HKLM\..\Run: [PHIME2002A] C:\WINDOWS\System32\IME\TINTLGNT\TINTSETP.EXE /IMEName
O4 - HKLM\..\Run: [QuickTime Task] "C:\Archivos de programa\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [Omnipage] C:\Archivos de programa\ScanSoft\OmniPageSE\opware32.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Archivos de programa\Java\j2re1.4.2_04\bin\jusched.exe
O4 - HKLM\..\Run: [siService.exe] "C:\Archivos de programa\iHateSpam Outlook Express\siService.exe"
O4 - HKLM\..\Run: [searchbar] C:\WINDOWS\System32\vnmispoisn_downloader.exe
O4 - HKLM\..\Run: [RunDLL] rundll32.exe "C:\WINDOWS\System32\bridge.dll",Load
O4 - HKCU\..\Run: [IE New Window Maximizer] C:\Archivos de programa\IE New Window Maximizer\iemaximizer.exe
O4 - HKCU\..\Run: [SoniqueQuickStart] C:\Archivos de programa\Sonique\sqstart.exe -nostick
O4 - Startup: SpywareGuard.lnk = C:\Archivos de programa\SpywareGuard\sgmain.exe
O4 - Global Startup: DragStrip.lnk = C:\Archivos de programa\Aladdin Systems\DragStrip\DragStrip.exe
O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O8 - Extra context menu item: &Copy Location - C:\WINDOWS\WEB\graburl.htm
O8 - Extra context menu item: &Document Tree - C:\WINDOWS\web\tree.htm
O8 - Extra context menu item: &Downlad Flash Files - C:\ARCHIV~1\FLASHU~1\FLASHH~1\save.htm
O8 - Extra context menu item: &Google Search - res://C:\Archivos de programa\Google\GoogleToolbar1.dll/cmsearch.html
O8 - Extra context menu item: AccountLogon - C:\WINDOWS\al-popup-zero.html
O8 - Extra context menu item: Advanced Email Extractor - res://C:\Archivos%20de%20programa\Advanced%20Email%20Extractor%20PRO\AeePMsie.dll/page.html
O8 - Extra context menu item: Backward &Links - res://C:\Archivos de programa\Google\GoogleToolbar1.dll/cmbacklinks.html
O8 - Extra context menu item: Cac&hed Snapshot of Page - res://C:\Archivos de programa\Google\GoogleToolbar1.dll/cmcache.html
O8 - Extra context menu item: Customize Menu &4 - file://C:\Archivos de programa\Siber Systems\AI RoboForm\RoboFormComCustomizeIEMenu.html
O8 - Extra context menu item: E&xportar a Microsoft Excel - res://C:\ARCHIV~1\MICROS~2\Office10\EXCEL.EXE/3000
O8 - Extra context menu item: Fill Forms &] - file://C:\Archivos de programa\Siber Systems\AI RoboForm\RoboFormComFillForms.html
O8 - Extra context menu item: ImTranslator - C:\ARCHIV~1\IMTRAN~1\startup.html
O8 - Extra context menu item: Save Forms &[ - file://C:\Archivos de programa\Siber Systems\AI RoboForm\RoboFormComSavePass.html
O8 - Extra context menu item: Scan link with AEE - res://C:\Archivos%20de%20programa\Advanced%20Email%20Extractor%20PRO\AeePMsie.dll/link.html
O8 - Extra context menu item: Si&milar Pages - res://C:\Archivos de programa\Google\GoogleToolbar1.dll/cmsimilar.html
O8 - Extra context menu item: Translate into English - res://C:\Archivos de programa\Google\GoogleToolbar1.dll/cmtrans.html
O8 - Extra context menu item: View Partial So&urce - C:\WINDOWS\web\source.htm
O9 - Extra 'Tools' menuitem: Consola de Sun Java (HKLM)
O9 - Extra button: @C:\ARCHIV~1\ABFINT~1\ABFIET~1.DLL,-33@1033,ABF Internet Explorer Tools Options (HKLM)
O9 - Extra 'Tools' menuitem: @C:\ARCHIV~1\ABFINT~1\ABFIET~1.DLL,-31@1033,ABF Internet Explorer Tools Options... (HKLM)
O9 - Extra button: Fill Forms (HKLM)
O9 - Extra 'Tools' menuitem: Fill Forms &] (HKLM)
O9 - Extra button: Save (HKLM)
O9 - Extra 'Tools' menuitem: Save Forms &[ (HKLM)
O9 - Extra 'Tools' menuitem: &Document Tree (HKLM)
O9 - Extra button: RoboForm (HKLM)
O9 - Extra 'Tools' menuitem: RF Toolbar &2 (HKLM)
O9 - Extra button: @C:\ARCHIV~1\ABFINT~1\ABFIET~1.DLL,-200@1033,Save all images (HKLM)
O9 - Extra button: @C:\ARCHIV~1\ABFINT~1\ABFIET~1.DLL,-43@1033,About ABF Internet Explorer Tools (HKLM)
O9 - Extra 'Tools' menuitem: @C:\ARCHIV~1\ABFINT~1\ABFIET~1.DLL,-41@1033,About ABF Internet Explorer Tools... (HKLM)
O9 - Extra button: @C:\ARCHIV~1\ABFINT~1\ABFIET~1.DLL,-20@1033,Magnifier (HKLM)
O9 - Extra button: Selected Links (HKLM)
O9 - Extra 'Tools' menuitem: Selected Links (HKLM)
O9 - Extra button: Flash Hunter (HKLM)
O9 - Extra 'Tools' menuitem: &Flash Hunter (HKLM)
O9 - Extra button: @C:\ARCHIV~1\ABFINT~1\ABFIET~1.DLL,-300@1033,Refresh (ignore cache) (HKLM)
O9 - Extra button: @C:\ARCHIV~1\ABFINT~1\ABFIET~1.DLL,-10@1033,Page browser (HKLM)
O9 - Extra 'Tools' menuitem: Add to R&estricted Zone (HKLM)
O9 - Extra 'Tools' menuitem: Add to Tr&usted Zone (HKLM)
O9 - Extra button: @C:\ARCHIV~1\ABFINT~1\ABFIET~1.DLL,-400@1033,Block pop-ups (HKLM)
O9 - Extra button: @C:\ARCHIV~1\ABFINT~1\ABFIET~1.DLL,-100@1033,Refresh images (HKLM)
O9 - Extra button: Messenger (HKLM)
O9 - Extra 'Tools' menuitem: Messenger (HKLM)
O9 - Extra button: Offline (HKLM)
O9 - Extra button: AccountLogon (HKCU)
O9 - Extra 'Tools' menuitem: AccountLogon (HKCU)
O9 - Extra button: ImTranslator (HKCU)
O9 - Extra 'Tools' menuitem: ImTranslator (HKCU)
O9 - Extra button: Email Extractor (HKCU)
O9 - Extra 'Tools' menuitem: Advanced Email Extractor (HKCU)
O16 - DPF: Yahoo! Chat - http://us.chat1.yimg.com/us.yimg.com.../c381/chat.cab
O16 - DPF: {166B1BCA-3F9C-11CF-8075-444553540000} (Shockwave ActiveX Control) - http://download.macromedia.com/pub/s...irector/sw.cab
O16 - DPF: {2B323CD9-50E3-11D3-9466-00A0C9700498} (Yahoo! Audio Conferencing) - http://us.chat1.yimg.com/us.yimg.com...45/yacscom.cab
O16 - DPF: {30528230-99F7-4BB4-88D8-FA1D4F56A2AB} (YInstStarter Class) - http://us.dl1.yimg.com/download.yaho.../yinst0401.cab
O16 - DPF: {342999A3-728D-4DF6-BB81-CDD1A743096A} (MRActivXUI Class) - http://comp.mediaring.com/partner/pc...baxuiph514.cab
O16 - DPF: {3E68E405-C6DE-49FF-83AE-41EE9F4C36CE} (Office Update Installation Engine) - http://office.microsoft.com/officeup...ntent/opuc.cab
O16 - DPF: {6CB5E471-C305-11D3-99A8-000086395495} - http://toolbar.google.com/data/es/bi.../GoogleNav.cab
O16 - DPF: {74D05D43-3236-11D4-BDCD-00C04F9A3B61} (HouseCall Control) - http://a840.g.akamai.net/7/840/537/b...ll/xscan53.cab
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://www.pandasoftware.com/activescan/as5/asinst.cab
O16 - DPF: {9F1C11AA-197B-4942-BA54-47A8489BB47F} (Update Class) - http://v4.windowsupdate.microsoft.co...853.7981134259
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload.macromedia.com/pub...sh/swflash.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{0BE2870A-298D-481E-94CC-609B2A162E65}: NameServer = 200.51.254.238 200.51.209.22
Your help is very appreciated!
•
•
Join Date: Feb 2004
Posts: 9,920
Reputation: 
Solved Threads: 709
Bridge.dll is added as a result of malware. Please do the following:
Unzip HJT into it's own permanent folder before doing anything in order for it to create backups. (Not a temporary folder or directly on the desktop & not directly on your hard drive). Close all (browser) windows & rescan with hijackthis. When the scan is finished place a check in the box to the left of the following entries & click 'fix checked' :
F2 - REG:system.ini: UserInit=C:\Windows\System32\wsaupdater.exe,
These next two also unless you can vouch for them:
O2 - BHO: (no name) - {626636D0-04B8-4241-84B5-8A6BC3F03501} - C:\ARCHIV~1\ABFINT~1\ABFIET~1.DLL
O3 - Toolbar: ABF Internet Explorer Tools - {B2CE7F1F-9039-462A-B3B7-3935C3CCCCAC} - C:\ARCHIV~1\ABFINT~1\ABFIET~1.DLL
O4 - HKLM\..\Run: [searchbar] C:\WINDOWS\System32\vnmispoisn_downloader.exe
O4 - HKLM\..\Run: [RunDLL] rundll32.exe "C:\WINDOWS\System32\bridge.dll",Load
These also unless you can vouch for them:
O9 - Extra button: @C:\ARCHIV~1\ABFINT~1\ABFIET~1.DLL,-33@1033,ABF Internet Explorer Tools Options (HKLM)
O9 - Extra 'Tools' menuitem: @C:\ARCHIV~1\ABFINT~1\ABFIET~1.DLL,-31@1033,ABF Internet Explorer Tools Options... (HKLM)
O9 - Extra 'Tools' menuitem: @C:\ARCHIV~1\ABFINT~1\ABFIET~1.DLL,-41@1033,About ABF Internet Explorer Tools... (HKLM)
O9 - Extra button: @C:\ARCHIV~1\ABFINT~1\ABFIET~1.DLL,-20@1033,Magnifier (HKLM)
Reboot into safe mode following the instructions here & navigate to & delete the following if found:
C:\WINDOWS\System32\vnmispoisn_downloader.exe< file
Reboot normally after doing the above then post a fresh log plz.
Unzip HJT into it's own permanent folder before doing anything in order for it to create backups. (Not a temporary folder or directly on the desktop & not directly on your hard drive). Close all (browser) windows & rescan with hijackthis. When the scan is finished place a check in the box to the left of the following entries & click 'fix checked' :
F2 - REG:system.ini: UserInit=C:\Windows\System32\wsaupdater.exe,
These next two also unless you can vouch for them:
O2 - BHO: (no name) - {626636D0-04B8-4241-84B5-8A6BC3F03501} - C:\ARCHIV~1\ABFINT~1\ABFIET~1.DLL
O3 - Toolbar: ABF Internet Explorer Tools - {B2CE7F1F-9039-462A-B3B7-3935C3CCCCAC} - C:\ARCHIV~1\ABFINT~1\ABFIET~1.DLL
O4 - HKLM\..\Run: [searchbar] C:\WINDOWS\System32\vnmispoisn_downloader.exe
O4 - HKLM\..\Run: [RunDLL] rundll32.exe "C:\WINDOWS\System32\bridge.dll",Load
These also unless you can vouch for them:
O9 - Extra button: @C:\ARCHIV~1\ABFINT~1\ABFIET~1.DLL,-33@1033,ABF Internet Explorer Tools Options (HKLM)
O9 - Extra 'Tools' menuitem: @C:\ARCHIV~1\ABFINT~1\ABFIET~1.DLL,-31@1033,ABF Internet Explorer Tools Options... (HKLM)
O9 - Extra 'Tools' menuitem: @C:\ARCHIV~1\ABFINT~1\ABFIET~1.DLL,-41@1033,About ABF Internet Explorer Tools... (HKLM)
O9 - Extra button: @C:\ARCHIV~1\ABFINT~1\ABFIET~1.DLL,-20@1033,Magnifier (HKLM)
Reboot into safe mode following the instructions here & navigate to & delete the following if found:
C:\WINDOWS\System32\vnmispoisn_downloader.exe< file
Reboot normally after doing the above then post a fresh log plz.
Proud member of ASAP (Alliance of Security analysis Professionals).
Opera AVAST anti-virus Comodo Firewall Spywareblaster
Opera AVAST anti-virus Comodo Firewall Spywareblaster
Thanks a lot. I did what you said, when restarted in safemode
the file was there and deleted it.
Heres the new log:
Logfile of HijackThis v1.97.7
Scan saved at 07:48:35 p.m., on 19/06/2004
Platform: Windows XP SP1 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\Explorer.EXE
F:\download\HijackThis.exe
C:\WINDOWS\system32\NOTEPAD.EXE
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = VĂ*nculos
O2 - BHO: IDM Helper - {0055C089-8582-441B-A0BF-17B458C2A3A8} - C:\Archivos de programa\Internet Download Manager\IDMIECC.dll
O2 - BHO: (no name) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\Archivos de programa\Yahoo!\Companion\Installs\cpn0\ycomp5_3_16_0.dll
O2 - BHO: (no name) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Archivos de programa\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll
O2 - BHO: SpywareGuard Download Protection - {4A368E80-174F-4872-96B5-0B27DDD11DB2} - C:\Archivos de programa\SpywareGuard\dlprotect.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\ARCHIV~1\SPYBOT~1\SDHelper.dll
O2 - BHO: (no name) - {626636D0-04B8-4241-84B5-8A6BC3F03501} - C:\ARCHIV~1\ABFINT~1\ABFIET~1.DLL
O2 - BHO: (no name) - {724d43a9-0d85-11d4-9908-00400523e39a} - C:\Archivos de programa\Siber Systems\AI RoboForm\RoboForm.dll
O2 - BHO: (no name) - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\archivos de programa\google\googletoolbar1.dll
O2 - BHO: (no name) - {BDF3E430-B101-42AD-A544-FADC6B084872} - C:\Archivos de programa\Norton AntiVirus\NavShExt.dll (disabled by BHODemon)
O2 - BHO: (no name) - {E479EDE1-923E-11D3-B82B-00E09871521B} - C:\Archivos de programa\Compass\CmpsIE.dll
O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - C:\Archivos de programa\Norton AntiVirus\NavShExt.dll
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\system32\msdxm.ocx
O3 - Toolbar: &RoboForm - {724d43a0-0d85-11d4-9908-00400523e39a} - C:\Archivos de programa\Siber Systems\AI RoboForm\RoboForm.dll
O3 - Toolbar: ABF Internet Explorer Tools - {B2CE7F1F-9039-462A-B3B7-3935C3CCCCAC} - C:\ARCHIV~1\ABFINT~1\ABFIET~1.DLL
O3 - Toolbar: Yahoo! Companion - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Archivos de programa\Yahoo!\Companion\Installs\cpn0\ycomp5_3_16_0.dll
O3 - Toolbar: Hotmail Spam Filter - {58A83E4F-477A-4A3F-BF9B-B65BC2BD5598} - C:\Archivos de programa\iHateSpam Outlook Express\siClientUIHotmail.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\archivos de programa\google\googletoolbar1.dll
O4 - HKLM\..\Run: [HTpatch] C:\WINDOWS\htpatch.exe
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\System32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [IMJPMIG8.1] "C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE" /Spoil /RemAdvDef /Migration32
O4 - HKLM\..\Run: [ccRegVfy] "C:\Archivos de programa\Archivos comunes\Symantec Shared\ccRegVfy.exe"
O4 - HKLM\..\Run: [ccApp] "C:\Archivos de programa\Archivos comunes\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [Advanced Tools Check] C:\ARCHIV~1\NORTON~1\AdvTools\ADVCHK.EXE
O4 - HKLM\..\Run: [PHIME2002ASync] C:\WINDOWS\System32\IME\TINTLGNT\TINTSETP.EXE /SYNC
O4 - HKLM\..\Run: [PHIME2002A] C:\WINDOWS\System32\IME\TINTLGNT\TINTSETP.EXE /IMEName
O4 - HKLM\..\Run: [Omnipage] C:\Archivos de programa\ScanSoft\OmniPageSE\opware32.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Archivos de programa\Java\j2re1.4.2_04\bin\jusched.exe
O4 - HKLM\..\Run: [siService.exe] "C:\Archivos de programa\iHateSpam Outlook Express\siService.exe"
O4 - HKLM\..\Run: [MSConfig] C:\WINDOWS\PCHealth\HelpCtr\Binaries\MSConfig.exe /auto
O4 - HKCU\..\Run: [IE New Window Maximizer] C:\Archivos de programa\IE New Window Maximizer\iemaximizer.exe
O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Archivos de programa\Spybot - Search & Destroy\TeaTimer.exe
O4 - Startup: SpywareGuard.lnk = C:\Archivos de programa\SpywareGuard\sgmain.exe
O4 - Global Startup: DragStrip.lnk = C:\Archivos de programa\Aladdin Systems\DragStrip\DragStrip.exe
O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O8 - Extra context menu item: &Copy Location - C:\WINDOWS\WEB\graburl.htm
O8 - Extra context menu item: &Document Tree - C:\WINDOWS\web\tree.htm
O8 - Extra context menu item: &Downlad Flash Files - C:\ARCHIV~1\FLASHU~1\FLASHH~1\save.htm
O8 - Extra context menu item: &Google Search - res://C:\Archivos de programa\Google\GoogleToolbar1.dll/cmsearch.html
O8 - Extra context menu item: AccountLogon - C:\WINDOWS\al-popup-zero.html
O8 - Extra context menu item: Advanced Email Extractor - res://C:\Archivos%20de%20programa\Advanced%20Email%20Extractor%20PRO\AeePMsie.dll/page.html
O8 - Extra context menu item: Backward &Links - res://C:\Archivos de programa\Google\GoogleToolbar1.dll/cmbacklinks.html
O8 - Extra context menu item: Cac&hed Snapshot of Page - res://C:\Archivos de programa\Google\GoogleToolbar1.dll/cmcache.html
O8 - Extra context menu item: Customize Menu &4 - file://C:\Archivos de programa\Siber Systems\AI RoboForm\RoboFormComCustomizeIEMenu.html
O8 - Extra context menu item: Download All Links with IDM - C:\Archivos de programa\Internet Download Manager\IEGetAll.htm
O8 - Extra context menu item: Download with IDM - C:\Archivos de programa\Internet Download Manager\IEExt.htm
O8 - Extra context menu item: E&xportar a Microsoft Excel - res://C:\ARCHIV~1\MICROS~2\Office10\EXCEL.EXE/3000
O8 - Extra context menu item: Fill Forms &] - file://C:\Archivos de programa\Siber Systems\AI RoboForm\RoboFormComFillForms.html
O8 - Extra context menu item: ImTranslator - C:\ARCHIV~1\IMTRAN~1\startup.html
O8 - Extra context menu item: Save Forms &[ - file://C:\Archivos de programa\Siber Systems\AI RoboForm\RoboFormComSavePass.html
O8 - Extra context menu item: Scan link with AEE - res://C:\Archivos%20de%20programa\Advanced%20Email%20Extractor%20PRO\AeePMsie.dll/link.html
O8 - Extra context menu item: Si&milar Pages - res://C:\Archivos de programa\Google\GoogleToolbar1.dll/cmsimilar.html
O8 - Extra context menu item: Translate into English - res://C:\Archivos de programa\Google\GoogleToolbar1.dll/cmtrans.html
O8 - Extra context menu item: View Partial So&urce - C:\WINDOWS\web\source.htm
O9 - Extra 'Tools' menuitem: Consola de Sun Java (HKLM)
O9 - Extra button: @C:\ARCHIV~1\ABFINT~1\ABFIET~1.DLL,-33@1033,ABF Internet Explorer Tools Options (HKLM)
O9 - Extra 'Tools' menuitem: @C:\ARCHIV~1\ABFINT~1\ABFIET~1.DLL,-31@1033,ABF Internet Explorer Tools Options... (HKLM)
O9 - Extra button: Fill Forms (HKLM)
O9 - Extra 'Tools' menuitem: Fill Forms &] (HKLM)
O9 - Extra button: Save (HKLM)
O9 - Extra 'Tools' menuitem: Save Forms &[ (HKLM)
O9 - Extra 'Tools' menuitem: &Document Tree (HKLM)
O9 - Extra button: RoboForm (HKLM)
O9 - Extra 'Tools' menuitem: RF Toolbar &2 (HKLM)
O9 - Extra button: @C:\ARCHIV~1\ABFINT~1\ABFIET~1.DLL,-200@1033,Save all images (HKLM)
O9 - Extra button: @C:\ARCHIV~1\ABFINT~1\ABFIET~1.DLL,-43@1033,About ABF Internet Explorer Tools (HKLM)
O9 - Extra 'Tools' menuitem: @C:\ARCHIV~1\ABFINT~1\ABFIET~1.DLL,-41@1033,About ABF Internet Explorer Tools... (HKLM)
O9 - Extra button: @C:\ARCHIV~1\ABFINT~1\ABFIET~1.DLL,-20@1033,Magnifier (HKLM)
O9 - Extra button: Selected Links (HKLM)
O9 - Extra 'Tools' menuitem: Selected Links (HKLM)
O9 - Extra button: Flash Hunter (HKLM)
O9 - Extra 'Tools' menuitem: &Flash Hunter (HKLM)
O9 - Extra button: @C:\ARCHIV~1\ABFINT~1\ABFIET~1.DLL,-300@1033,Refresh (ignore cache) (HKLM)
O9 - Extra button: @C:\ARCHIV~1\ABFINT~1\ABFIET~1.DLL,-10@1033,Page browser (HKLM)
O9 - Extra 'Tools' menuitem: Add to R&estricted Zone (HKLM)
O9 - Extra 'Tools' menuitem: Add to Tr&usted Zone (HKLM)
O9 - Extra button: @C:\ARCHIV~1\ABFINT~1\ABFIET~1.DLL,-400@1033,Block pop-ups (HKLM)
O9 - Extra button: @C:\ARCHIV~1\ABFINT~1\ABFIET~1.DLL,-100@1033,Refresh images (HKLM)
O9 - Extra button: Messenger (HKLM)
O9 - Extra 'Tools' menuitem: Messenger (HKLM)
O9 - Extra button: Offline (HKLM)
O9 - Extra button: AccountLogon (HKCU)
O9 - Extra 'Tools' menuitem: AccountLogon (HKCU)
O9 - Extra button: ImTranslator (HKCU)
O9 - Extra 'Tools' menuitem: ImTranslator (HKCU)
O9 - Extra button: Email Extractor (HKCU)
O9 - Extra 'Tools' menuitem: Advanced Email Extractor (HKCU)
O10 - Unknown file in Winsock LSP: c:\windows\system32\idmmbc.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\idmmbc.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\idmmbc.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\idmmbc.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\idmmbc.dll
O16 - DPF: Yahoo! Chat - http://us.chat1.yimg.com/us.yimg.com.../c381/chat.cab
O16 - DPF: {166B1BCA-3F9C-11CF-8075-444553540000} (Shockwave ActiveX Control) - http://download.macromedia.com/pub/s...irector/sw.cab
O16 - DPF: {2B323CD9-50E3-11D3-9466-00A0C9700498} (Yahoo! Audio Conferencing) - http://us.chat1.yimg.com/us.yimg.com...45/yacscom.cab
O16 - DPF: {30528230-99F7-4BB4-88D8-FA1D4F56A2AB} (YInstStarter Class) - http://us.dl1.yimg.com/download.yaho.../yinst0401.cab
O16 - DPF: {342999A3-728D-4DF6-BB81-CDD1A743096A} (MRActivXUI Class) - http://comp.mediaring.com/partner/pc...baxuiph514.cab
O16 - DPF: {3E68E405-C6DE-49FF-83AE-41EE9F4C36CE} (Office Update Installation Engine) - http://office.microsoft.com/officeup...ntent/opuc.cab
O16 - DPF: {6CB5E471-C305-11D3-99A8-000086395495} - http://toolbar.google.com/data/es/bi.../GoogleNav.cab
O16 - DPF: {74D05D43-3236-11D4-BDCD-00C04F9A3B61} (HouseCall Control) - http://a840.g.akamai.net/7/840/537/b...ll/xscan53.cab
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://www.pandasoftware.com/activescan/as5/asinst.cab
O16 - DPF: {9F1C11AA-197B-4942-BA54-47A8489BB47F} (Update Class) - http://v4.windowsupdate.microsoft.co...853.7981134259
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload.macromedia.com/pub...sh/swflash.cab
Am I clean?
the file was there and deleted it.
Heres the new log:
Logfile of HijackThis v1.97.7
Scan saved at 07:48:35 p.m., on 19/06/2004
Platform: Windows XP SP1 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\Explorer.EXE
F:\download\HijackThis.exe
C:\WINDOWS\system32\NOTEPAD.EXE
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = VĂ*nculos
O2 - BHO: IDM Helper - {0055C089-8582-441B-A0BF-17B458C2A3A8} - C:\Archivos de programa\Internet Download Manager\IDMIECC.dll
O2 - BHO: (no name) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\Archivos de programa\Yahoo!\Companion\Installs\cpn0\ycomp5_3_16_0.dll
O2 - BHO: (no name) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Archivos de programa\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll
O2 - BHO: SpywareGuard Download Protection - {4A368E80-174F-4872-96B5-0B27DDD11DB2} - C:\Archivos de programa\SpywareGuard\dlprotect.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\ARCHIV~1\SPYBOT~1\SDHelper.dll
O2 - BHO: (no name) - {626636D0-04B8-4241-84B5-8A6BC3F03501} - C:\ARCHIV~1\ABFINT~1\ABFIET~1.DLL
O2 - BHO: (no name) - {724d43a9-0d85-11d4-9908-00400523e39a} - C:\Archivos de programa\Siber Systems\AI RoboForm\RoboForm.dll
O2 - BHO: (no name) - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\archivos de programa\google\googletoolbar1.dll
O2 - BHO: (no name) - {BDF3E430-B101-42AD-A544-FADC6B084872} - C:\Archivos de programa\Norton AntiVirus\NavShExt.dll (disabled by BHODemon)
O2 - BHO: (no name) - {E479EDE1-923E-11D3-B82B-00E09871521B} - C:\Archivos de programa\Compass\CmpsIE.dll
O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - C:\Archivos de programa\Norton AntiVirus\NavShExt.dll
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\system32\msdxm.ocx
O3 - Toolbar: &RoboForm - {724d43a0-0d85-11d4-9908-00400523e39a} - C:\Archivos de programa\Siber Systems\AI RoboForm\RoboForm.dll
O3 - Toolbar: ABF Internet Explorer Tools - {B2CE7F1F-9039-462A-B3B7-3935C3CCCCAC} - C:\ARCHIV~1\ABFINT~1\ABFIET~1.DLL
O3 - Toolbar: Yahoo! Companion - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Archivos de programa\Yahoo!\Companion\Installs\cpn0\ycomp5_3_16_0.dll
O3 - Toolbar: Hotmail Spam Filter - {58A83E4F-477A-4A3F-BF9B-B65BC2BD5598} - C:\Archivos de programa\iHateSpam Outlook Express\siClientUIHotmail.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\archivos de programa\google\googletoolbar1.dll
O4 - HKLM\..\Run: [HTpatch] C:\WINDOWS\htpatch.exe
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\System32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [IMJPMIG8.1] "C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE" /Spoil /RemAdvDef /Migration32
O4 - HKLM\..\Run: [ccRegVfy] "C:\Archivos de programa\Archivos comunes\Symantec Shared\ccRegVfy.exe"
O4 - HKLM\..\Run: [ccApp] "C:\Archivos de programa\Archivos comunes\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [Advanced Tools Check] C:\ARCHIV~1\NORTON~1\AdvTools\ADVCHK.EXE
O4 - HKLM\..\Run: [PHIME2002ASync] C:\WINDOWS\System32\IME\TINTLGNT\TINTSETP.EXE /SYNC
O4 - HKLM\..\Run: [PHIME2002A] C:\WINDOWS\System32\IME\TINTLGNT\TINTSETP.EXE /IMEName
O4 - HKLM\..\Run: [Omnipage] C:\Archivos de programa\ScanSoft\OmniPageSE\opware32.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Archivos de programa\Java\j2re1.4.2_04\bin\jusched.exe
O4 - HKLM\..\Run: [siService.exe] "C:\Archivos de programa\iHateSpam Outlook Express\siService.exe"
O4 - HKLM\..\Run: [MSConfig] C:\WINDOWS\PCHealth\HelpCtr\Binaries\MSConfig.exe /auto
O4 - HKCU\..\Run: [IE New Window Maximizer] C:\Archivos de programa\IE New Window Maximizer\iemaximizer.exe
O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Archivos de programa\Spybot - Search & Destroy\TeaTimer.exe
O4 - Startup: SpywareGuard.lnk = C:\Archivos de programa\SpywareGuard\sgmain.exe
O4 - Global Startup: DragStrip.lnk = C:\Archivos de programa\Aladdin Systems\DragStrip\DragStrip.exe
O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O8 - Extra context menu item: &Copy Location - C:\WINDOWS\WEB\graburl.htm
O8 - Extra context menu item: &Document Tree - C:\WINDOWS\web\tree.htm
O8 - Extra context menu item: &Downlad Flash Files - C:\ARCHIV~1\FLASHU~1\FLASHH~1\save.htm
O8 - Extra context menu item: &Google Search - res://C:\Archivos de programa\Google\GoogleToolbar1.dll/cmsearch.html
O8 - Extra context menu item: AccountLogon - C:\WINDOWS\al-popup-zero.html
O8 - Extra context menu item: Advanced Email Extractor - res://C:\Archivos%20de%20programa\Advanced%20Email%20Extractor%20PRO\AeePMsie.dll/page.html
O8 - Extra context menu item: Backward &Links - res://C:\Archivos de programa\Google\GoogleToolbar1.dll/cmbacklinks.html
O8 - Extra context menu item: Cac&hed Snapshot of Page - res://C:\Archivos de programa\Google\GoogleToolbar1.dll/cmcache.html
O8 - Extra context menu item: Customize Menu &4 - file://C:\Archivos de programa\Siber Systems\AI RoboForm\RoboFormComCustomizeIEMenu.html
O8 - Extra context menu item: Download All Links with IDM - C:\Archivos de programa\Internet Download Manager\IEGetAll.htm
O8 - Extra context menu item: Download with IDM - C:\Archivos de programa\Internet Download Manager\IEExt.htm
O8 - Extra context menu item: E&xportar a Microsoft Excel - res://C:\ARCHIV~1\MICROS~2\Office10\EXCEL.EXE/3000
O8 - Extra context menu item: Fill Forms &] - file://C:\Archivos de programa\Siber Systems\AI RoboForm\RoboFormComFillForms.html
O8 - Extra context menu item: ImTranslator - C:\ARCHIV~1\IMTRAN~1\startup.html
O8 - Extra context menu item: Save Forms &[ - file://C:\Archivos de programa\Siber Systems\AI RoboForm\RoboFormComSavePass.html
O8 - Extra context menu item: Scan link with AEE - res://C:\Archivos%20de%20programa\Advanced%20Email%20Extractor%20PRO\AeePMsie.dll/link.html
O8 - Extra context menu item: Si&milar Pages - res://C:\Archivos de programa\Google\GoogleToolbar1.dll/cmsimilar.html
O8 - Extra context menu item: Translate into English - res://C:\Archivos de programa\Google\GoogleToolbar1.dll/cmtrans.html
O8 - Extra context menu item: View Partial So&urce - C:\WINDOWS\web\source.htm
O9 - Extra 'Tools' menuitem: Consola de Sun Java (HKLM)
O9 - Extra button: @C:\ARCHIV~1\ABFINT~1\ABFIET~1.DLL,-33@1033,ABF Internet Explorer Tools Options (HKLM)
O9 - Extra 'Tools' menuitem: @C:\ARCHIV~1\ABFINT~1\ABFIET~1.DLL,-31@1033,ABF Internet Explorer Tools Options... (HKLM)
O9 - Extra button: Fill Forms (HKLM)
O9 - Extra 'Tools' menuitem: Fill Forms &] (HKLM)
O9 - Extra button: Save (HKLM)
O9 - Extra 'Tools' menuitem: Save Forms &[ (HKLM)
O9 - Extra 'Tools' menuitem: &Document Tree (HKLM)
O9 - Extra button: RoboForm (HKLM)
O9 - Extra 'Tools' menuitem: RF Toolbar &2 (HKLM)
O9 - Extra button: @C:\ARCHIV~1\ABFINT~1\ABFIET~1.DLL,-200@1033,Save all images (HKLM)
O9 - Extra button: @C:\ARCHIV~1\ABFINT~1\ABFIET~1.DLL,-43@1033,About ABF Internet Explorer Tools (HKLM)
O9 - Extra 'Tools' menuitem: @C:\ARCHIV~1\ABFINT~1\ABFIET~1.DLL,-41@1033,About ABF Internet Explorer Tools... (HKLM)
O9 - Extra button: @C:\ARCHIV~1\ABFINT~1\ABFIET~1.DLL,-20@1033,Magnifier (HKLM)
O9 - Extra button: Selected Links (HKLM)
O9 - Extra 'Tools' menuitem: Selected Links (HKLM)
O9 - Extra button: Flash Hunter (HKLM)
O9 - Extra 'Tools' menuitem: &Flash Hunter (HKLM)
O9 - Extra button: @C:\ARCHIV~1\ABFINT~1\ABFIET~1.DLL,-300@1033,Refresh (ignore cache) (HKLM)
O9 - Extra button: @C:\ARCHIV~1\ABFINT~1\ABFIET~1.DLL,-10@1033,Page browser (HKLM)
O9 - Extra 'Tools' menuitem: Add to R&estricted Zone (HKLM)
O9 - Extra 'Tools' menuitem: Add to Tr&usted Zone (HKLM)
O9 - Extra button: @C:\ARCHIV~1\ABFINT~1\ABFIET~1.DLL,-400@1033,Block pop-ups (HKLM)
O9 - Extra button: @C:\ARCHIV~1\ABFINT~1\ABFIET~1.DLL,-100@1033,Refresh images (HKLM)
O9 - Extra button: Messenger (HKLM)
O9 - Extra 'Tools' menuitem: Messenger (HKLM)
O9 - Extra button: Offline (HKLM)
O9 - Extra button: AccountLogon (HKCU)
O9 - Extra 'Tools' menuitem: AccountLogon (HKCU)
O9 - Extra button: ImTranslator (HKCU)
O9 - Extra 'Tools' menuitem: ImTranslator (HKCU)
O9 - Extra button: Email Extractor (HKCU)
O9 - Extra 'Tools' menuitem: Advanced Email Extractor (HKCU)
O10 - Unknown file in Winsock LSP: c:\windows\system32\idmmbc.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\idmmbc.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\idmmbc.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\idmmbc.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\idmmbc.dll
O16 - DPF: Yahoo! Chat - http://us.chat1.yimg.com/us.yimg.com.../c381/chat.cab
O16 - DPF: {166B1BCA-3F9C-11CF-8075-444553540000} (Shockwave ActiveX Control) - http://download.macromedia.com/pub/s...irector/sw.cab
O16 - DPF: {2B323CD9-50E3-11D3-9466-00A0C9700498} (Yahoo! Audio Conferencing) - http://us.chat1.yimg.com/us.yimg.com...45/yacscom.cab
O16 - DPF: {30528230-99F7-4BB4-88D8-FA1D4F56A2AB} (YInstStarter Class) - http://us.dl1.yimg.com/download.yaho.../yinst0401.cab
O16 - DPF: {342999A3-728D-4DF6-BB81-CDD1A743096A} (MRActivXUI Class) - http://comp.mediaring.com/partner/pc...baxuiph514.cab
O16 - DPF: {3E68E405-C6DE-49FF-83AE-41EE9F4C36CE} (Office Update Installation Engine) - http://office.microsoft.com/officeup...ntent/opuc.cab
O16 - DPF: {6CB5E471-C305-11D3-99A8-000086395495} - http://toolbar.google.com/data/es/bi.../GoogleNav.cab
O16 - DPF: {74D05D43-3236-11D4-BDCD-00C04F9A3B61} (HouseCall Control) - http://a840.g.akamai.net/7/840/537/b...ll/xscan53.cab
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://www.pandasoftware.com/activescan/as5/asinst.cab
O16 - DPF: {9F1C11AA-197B-4942-BA54-47A8489BB47F} (Update Class) - http://v4.windowsupdate.microsoft.co...853.7981134259
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload.macromedia.com/pub...sh/swflash.cab
Am I clean?
About ABF is ok is just a toolbar I installed time ago but they are real helpers for IE such pop up blocker, zoom on images and so on.
The thing is that after that ran Ad aware and:
Vendor
ossible Browser Hijack attempt
Category
ata Miner
Object Type:RegData
Size:-
Location
oftware\Microsoft\Internet Explorer\Main "Start Page" ("about:blank")
Last Activity:19/06/2004
Risk LevelMedium
Commentossible browser hijack attempt
Descriptionossible attempt to control\redirect the browser. This object referrs to a "blacklisted" site.
I think that means my spybot resident and spyguard (i have both runing to prevent) are trying to keep safe my about:blank page that's what I set up... am I right? Or still have a pest hidden?
The thing is that after that ran Ad aware and:
Vendor
ossible Browser Hijack attemptCategory
ata MinerObject Type:RegData
Size:-
Location
oftware\Microsoft\Internet Explorer\Main "Start Page" ("about:blank")Last Activity:19/06/2004
Risk LevelMedium
Comment
ossible browser hijack attemptDescription
ossible attempt to control\redirect the browser. This object referrs to a "blacklisted" site.I think that means my spybot resident and spyguard (i have both runing to prevent) are trying to keep safe my about:blank page that's what I set up... am I right? Or still have a pest hidden?
ran spybot sd after that and:
Congratulations!: No immediate threats were found. ()
--- Spybot - Search && Destroy version: 1.3 ---
2004-06-16 Includes\Cookies.sbi
2004-06-16 Includes\Dialer.sbi
2004-06-16 Includes\Hijackers.sbi
2004-06-16 Includes\Keyloggers.sbi
2004-05-12 Includes\LSP.sbi
2004-06-16 Includes\Malware.sbi
2003-04-28 Includes\plugin-ignore.ini
2004-06-16 Includes\Revision.sbi
2004-06-16 Includes\Security.sbi
2004-06-16 Includes\Spybots.sbi
2003-08-28 Includes\Temporary.sbi
2004-06-16 Includes\Tracks.uti
2004-06-16 Includes\Trojans.sbi
?
Congratulations!: No immediate threats were found. ()
--- Spybot - Search && Destroy version: 1.3 ---
2004-06-16 Includes\Cookies.sbi
2004-06-16 Includes\Dialer.sbi
2004-06-16 Includes\Hijackers.sbi
2004-06-16 Includes\Keyloggers.sbi
2004-05-12 Includes\LSP.sbi
2004-06-16 Includes\Malware.sbi
2003-04-28 Includes\plugin-ignore.ini
2004-06-16 Includes\Revision.sbi
2004-06-16 Includes\Security.sbi
2004-06-16 Includes\Spybots.sbi
2003-08-28 Includes\Temporary.sbi
2004-06-16 Includes\Tracks.uti
2004-06-16 Includes\Trojans.sbi
?
•
•
Join Date: Feb 2004
Posts: 9,920
Reputation:
Solved Threads: 709
Because there is a legitimate about:blank from M$, adaware will sometimes flag it as a possible hijack. If you notice in internet options in IE, there is a *use blank* as your homepage.
Can see no signs of about:blank (the baddy) in your log
Can see no signs of about:blank (the baddy) in your log
Proud member of ASAP (Alliance of Security analysis Professionals).
Opera AVAST anti-virus Comodo Firewall Spywareblaster
Opera AVAST anti-virus Comodo Firewall Spywareblaster
|
Similar Threads
- What is BRIDGE.DLL (Viruses, Spyware and other Nasties)
Other Threads in the Viruses, Spyware and other Nasties Forum
- Previous Thread: CURED - about:blank , "Search for..."
- Next Thread: can't connect to internet when panda running?
| Thread Tools | Search this Thread |
You need to join our community in order to build your list of favorite forums. You can visit the forum index for a listing of all forums.
Related Forum Features
Latest Viruses, Spyware and other Nasties Posts
adware anti-malware anti-virussitesaccessissue antivirus apple audio avg backtoschoolspeech bar blackhat botnet botnets censorship china commercial commercials conficker control crosssitescripting cyber cybercrime cyberwarfare domains e-mafia education email europe exam facebook fancheckvirus gaming gtaiv halloween hijack hosting internet iphone kaspersky legal logfiles mail malware mcafee messagelabs microsoft mobile msn nazi news obama onlinethreats paedophile panel parents patch phishing police policeprovirusmba-mblockedinternetaccess president privacy pro problem reliability report research risk rogueantivirus samhain sans scareware school search security seopoisoning software spam spyware spywareexternalwindows7adminstratortrojans sqlinjection symantec teen translate trojan unabletoaccessanti-virussites unwanted update usa virus viruses war warning windows worm yahoo zeroday