954,198 Members — Technology Publication meets Social Media
Username:
Password:
Lost login information?
Have something to say? Contribute New Article Reply to this Article
7 Years Ago
0

bridge.dll and persistent annoyance

I'm detecting and removing persistant annoyances.
Ad aware finds and removes and also Spybot SD, but
they come back. I'm specially worried about "Bridge"
should I remove bridge.dll? Is that safe?
Please help me with this HJT log:

Logfile of HijackThis v1.97.7
Scan saved at 08:44:35 p.m., on 18/06/2004
Platform: Windows XP SP1 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Archivos de programa\Archivos comunes\Symantec Shared\ccEvtMgr.exe
C:\WINDOWS\Explorer.EXE
C:\Archivos de programa\Archivos comunes\Microsoft Shared\VS7Debug\mdm.exe
C:\Archivos de programa\Norton AntiVirus\navapsvc.exe
C:\Archivos de programa\Norton AntiVirus\AdvTools\NPROTECT.EXE
C:\WINDOWS\System32\nvsvc32.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\htpatch.exe
C:\Archivos de programa\Archivos comunes\Symantec Shared\ccApp.exe
C:\Archivos de programa\Archivos comunes\Real\Update_OB\realsched.exe
C:\Archivos de programa\ScanSoft\OmniPageSE\opware32.exe
C:\Archivos de programa\Java\j2re1.4.2_04\bin\jusched.exe
C:\Archivos de programa\iHateSpam Outlook Express\siService.exe
C:\Archivos de programa\IE New Window Maximizer\iemaximizer.exe
C:\Archivos de programa\Aladdin Systems\DragStrip\DragStrip.exe
C:\Archivos de programa\SpywareGuard\sgmain.exe
C:\Archivos de programa\iHateSpam Outlook Express\siSpamFilterEngine.exe
C:\WINDOWS\System32\ctfmon.exe
C:\Archivos de programa\iHateSpam Outlook Express\siMailProxyServer.exe
C:\Archivos de programa\SpywareGuard\sgbhp.exe
C:\Archivos de programa\Messenger\msmsgs.exe
C:\Archivos de programa\Link Wrangler Demo\LinkWranglerDemo.exe
C:\Archivos de programa\Internet Explorer\IEXPLORE.EXE
C:\Archivos de programa\Compass\Compass.exe
C:\Archivos de programa\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Vnculos
F2 - REG:system.ini: UserInit=C:\Windows\System32\wsaupdater.exe,
O2 - BHO: (no name) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\Archivos de programa\Yahoo!\Companion\Installs\cpn0\ycomp5_3_16_0.dll
O2 - BHO: (no name) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Archivos de programa\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {4A368E80-174F-4872-96B5-0B27DDD11DB2} - C:\Archivos de programa\SpywareGuard\dlprotect.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Archivos de programa\Spybot - Search & Destroy\SDHelper.dll
O2 - BHO: (no name) - {626636D0-04B8-4241-84B5-8A6BC3F03501} - C:\ARCHIV~1\ABFINT~1\ABFIET~1.DLL
O2 - BHO: (no name) - {724d43a9-0d85-11d4-9908-00400523e39a} - C:\Archivos de programa\Siber Systems\AI RoboForm\RoboForm.dll
O2 - BHO: (no name) - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\archivos de programa\google\googletoolbar1.dll
O2 - BHO: (no name) - {BDF3E430-B101-42AD-A544-FADC6B084872} - C:\Archivos de programa\Norton AntiVirus\NavShExt.dll (disabled by BHODemon)
O2 - BHO: (no name) - {E479EDE1-923E-11D3-B82B-00E09871521B} - C:\Archivos de programa\Compass\CmpsIE.dll
O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - C:\Archivos de programa\Norton AntiVirus\NavShExt.dll
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\system32\msdxm.ocx
O3 - Toolbar: &RoboForm - {724d43a0-0d85-11d4-9908-00400523e39a} - C:\Archivos de programa\Siber Systems\AI RoboForm\RoboForm.dll
O3 - Toolbar: ABF Internet Explorer Tools - {B2CE7F1F-9039-462A-B3B7-3935C3CCCCAC} - C:\ARCHIV~1\ABFINT~1\ABFIET~1.DLL
O3 - Toolbar: Yahoo! Companion - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Archivos de programa\Yahoo!\Companion\Installs\cpn0\ycomp5_3_16_0.dll
O3 - Toolbar: Hotmail Spam Filter - {58A83E4F-477A-4A3F-BF9B-B65BC2BD5598} - C:\Archivos de programa\iHateSpam Outlook Express\siClientUIHotmail.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\archivos de programa\google\googletoolbar1.dll
O4 - HKLM\..\Run: [HTpatch] C:\WINDOWS\htpatch.exe
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\System32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [IMJPMIG8.1] "C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE" /Spoil /RemAdvDef /Migration32
O4 - HKLM\..\Run: [ccRegVfy] "C:\Archivos de programa\Archivos comunes\Symantec Shared\ccRegVfy.exe"
O4 - HKLM\..\Run: [ccApp] "C:\Archivos de programa\Archivos comunes\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [Advanced Tools Check] C:\ARCHIV~1\NORTON~1\AdvTools\ADVCHK.EXE
O4 - HKLM\..\Run: [TkBellExe] "C:\Archivos de programa\Archivos comunes\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [PHIME2002ASync] C:\WINDOWS\System32\IME\TINTLGNT\TINTSETP.EXE /SYNC
O4 - HKLM\..\Run: [PHIME2002A] C:\WINDOWS\System32\IME\TINTLGNT\TINTSETP.EXE /IMEName
O4 - HKLM\..\Run: [QuickTime Task] "C:\Archivos de programa\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [Omnipage] C:\Archivos de programa\ScanSoft\OmniPageSE\opware32.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Archivos de programa\Java\j2re1.4.2_04\bin\jusched.exe
O4 - HKLM\..\Run: [siService.exe] "C:\Archivos de programa\iHateSpam Outlook Express\siService.exe"
O4 - HKLM\..\Run: [searchbar] C:\WINDOWS\System32\vnmispoisn_downloader.exe
O4 - HKLM\..\Run: [RunDLL] rundll32.exe "C:\WINDOWS\System32\bridge.dll",Load
O4 - HKCU\..\Run: [IE New Window Maximizer] C:\Archivos de programa\IE New Window Maximizer\iemaximizer.exe
O4 - HKCU\..\Run: [SoniqueQuickStart] C:\Archivos de programa\Sonique\sqstart.exe -nostick
O4 - Startup: SpywareGuard.lnk = C:\Archivos de programa\SpywareGuard\sgmain.exe
O4 - Global Startup: DragStrip.lnk = C:\Archivos de programa\Aladdin Systems\DragStrip\DragStrip.exe
O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O8 - Extra context menu item: &Copy Location - C:\WINDOWS\WEB\graburl.htm
O8 - Extra context menu item: &Document Tree - C:\WINDOWS\web\tree.htm
O8 - Extra context menu item: &Downlad Flash Files - C:\ARCHIV~1\FLASHU~1\FLASHH~1\save.htm
O8 - Extra context menu item: &Google Search - res://C:\Archivos de programa\Google\GoogleToolbar1.dll/cmsearch.html
O8 - Extra context menu item: AccountLogon - C:\WINDOWS\al-popup-zero.html
O8 - Extra context menu item: Advanced Email Extractor - res://C:\Archivos%20de%20programa\Advanced%20Email%20Extractor%20PRO\AeePMsie.dll/page.html
O8 - Extra context menu item: Backward &Links - res://C:\Archivos de programa\Google\GoogleToolbar1.dll/cmbacklinks.html
O8 - Extra context menu item: Cac&hed Snapshot of Page - res://C:\Archivos de programa\Google\GoogleToolbar1.dll/cmcache.html
O8 - Extra context menu item: Customize Menu &4 - file://C:\Archivos de programa\Siber Systems\AI RoboForm\RoboFormComCustomizeIEMenu.html
O8 - Extra context menu item: E&xportar a Microsoft Excel - res://C:\ARCHIV~1\MICROS~2\Office10\EXCEL.EXE/3000
O8 - Extra context menu item: Fill Forms &] - file://C:\Archivos de programa\Siber Systems\AI RoboForm\RoboFormComFillForms.html
O8 - Extra context menu item: ImTranslator - C:\ARCHIV~1\IMTRAN~1\startup.html
O8 - Extra context menu item: Save Forms &[ - file://C:\Archivos de programa\Siber Systems\AI RoboForm\RoboFormComSavePass.html
O8 - Extra context menu item: Scan link with AEE - res://C:\Archivos%20de%20programa\Advanced%20Email%20Extractor%20PRO\AeePMsie.dll/link.html
O8 - Extra context menu item: Si&milar Pages - res://C:\Archivos de programa\Google\GoogleToolbar1.dll/cmsimilar.html
O8 - Extra context menu item: Translate into English - res://C:\Archivos de programa\Google\GoogleToolbar1.dll/cmtrans.html
O8 - Extra context menu item: View Partial So&urce - C:\WINDOWS\web\source.htm
O9 - Extra 'Tools' menuitem: Consola de Sun Java (HKLM)
O9 - Extra button: @C:\ARCHIV~1\ABFINT~1\ABFIET~1.DLL,-33@1033,ABF Internet Explorer Tools Options (HKLM)
O9 - Extra 'Tools' menuitem: @C:\ARCHIV~1\ABFINT~1\ABFIET~1.DLL,-31@1033,ABF Internet Explorer Tools Options... (HKLM)
O9 - Extra button: Fill Forms (HKLM)
O9 - Extra 'Tools' menuitem: Fill Forms &] (HKLM)
O9 - Extra button: Save (HKLM)
O9 - Extra 'Tools' menuitem: Save Forms &[ (HKLM)
O9 - Extra 'Tools' menuitem: &Document Tree (HKLM)
O9 - Extra button: RoboForm (HKLM)
O9 - Extra 'Tools' menuitem: RF Toolbar &2 (HKLM)
O9 - Extra button: @C:\ARCHIV~1\ABFINT~1\ABFIET~1.DLL,-200@1033,Save all images (HKLM)
O9 - Extra button: @C:\ARCHIV~1\ABFINT~1\ABFIET~1.DLL,-43@1033,About ABF Internet Explorer Tools (HKLM)
O9 - Extra 'Tools' menuitem: @C:\ARCHIV~1\ABFINT~1\ABFIET~1.DLL,-41@1033,About ABF Internet Explorer Tools... (HKLM)
O9 - Extra button: @C:\ARCHIV~1\ABFINT~1\ABFIET~1.DLL,-20@1033,Magnifier (HKLM)
O9 - Extra button: Selected Links (HKLM)
O9 - Extra 'Tools' menuitem: Selected Links (HKLM)
O9 - Extra button: Flash Hunter (HKLM)
O9 - Extra 'Tools' menuitem: &Flash Hunter (HKLM)
O9 - Extra button: @C:\ARCHIV~1\ABFINT~1\ABFIET~1.DLL,-300@1033,Refresh (ignore cache) (HKLM)
O9 - Extra button: @C:\ARCHIV~1\ABFINT~1\ABFIET~1.DLL,-10@1033,Page browser (HKLM)
O9 - Extra 'Tools' menuitem: Add to R&estricted Zone (HKLM)
O9 - Extra 'Tools' menuitem: Add to Tr&usted Zone (HKLM)
O9 - Extra button: @C:\ARCHIV~1\ABFINT~1\ABFIET~1.DLL,-400@1033,Block pop-ups (HKLM)
O9 - Extra button: @C:\ARCHIV~1\ABFINT~1\ABFIET~1.DLL,-100@1033,Refresh images (HKLM)
O9 - Extra button: Messenger (HKLM)
O9 - Extra 'Tools' menuitem: Messenger (HKLM)
O9 - Extra button: Offline (HKLM)
O9 - Extra button: AccountLogon (HKCU)
O9 - Extra 'Tools' menuitem: AccountLogon (HKCU)
O9 - Extra button: ImTranslator (HKCU)
O9 - Extra 'Tools' menuitem: ImTranslator (HKCU)
O9 - Extra button: Email Extractor (HKCU)
O9 - Extra 'Tools' menuitem: Advanced Email Extractor (HKCU)
O16 - DPF: Yahoo! Chat - http://us.chat1.yimg.com/us.yimg.com/i/chat/applet/c381/chat.cab
O16 - DPF: {166B1BCA-3F9C-11CF-8075-444553540000} (Shockwave ActiveX Control) - http://download.macromedia.com/pub/shockwave/cabs/director/sw.cab
O16 - DPF: {2B323CD9-50E3-11D3-9466-00A0C9700498} (Yahoo! Audio Conferencing) - http://us.chat1.yimg.com/us.yimg.com/i/chat/applet/v45/yacscom.cab
O16 - DPF: {30528230-99F7-4BB4-88D8-FA1D4F56A2AB} (YInstStarter Class) - http://us.dl1.yimg.com/download.yahoo.com/dl/installs/yinst0401.cab
O16 - DPF: {342999A3-728D-4DF6-BB81-CDD1A743096A} (MRActivXUI Class) - http://comp.mediaring.com/partner/pcphone/ver5.1.4.0/wbaxuiph514.cab
O16 - DPF: {3E68E405-C6DE-49FF-83AE-41EE9F4C36CE} (Office Update Installation Engine) - http://office.microsoft.com/officeupdate/content/opuc.cab
O16 - DPF: {6CB5E471-C305-11D3-99A8-000086395495} - http://toolbar.google.com/data/es/big/1.1.62-big/GoogleNav.cab
O16 - DPF: {74D05D43-3236-11D4-BDCD-00C04F9A3B61} (HouseCall Control) - http://a840.g.akamai.net/7/840/537/bcd48c18cb7498/housecall.antivirus.com/housecall/xscan53.cab
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://www.pandasoftware.com/activescan/as5/asinst.cab
O16 - DPF: {9F1C11AA-197B-4942-BA54-47A8489BB47F} (Update Class) - http://v4.windowsupdate.microsoft.com/CAB/x86/unicode/iuctl.CAB?37853.7981134259
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload.macromedia.com/pub/shockwave/cabs/flash/swflash.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{0BE2870A-298D-481E-94CC-609B2A162E65}: NameServer = 200.51.254.238 200.51.209.22


Your help is very appreciated!

z3r0
Newbie Poster
20 posts since Jun 2004
Reputation Points: 10
Solved Threads: 0
 
7 Years Ago
0

Bridge.dll is added as a result of malware. Please do the following:
Unzip HJT into it's own permanent folder before doing anything in order for it to create backups. (Not a temporary folder or directly on the desktop & not directly on your hard drive). Close all (browser) windows & rescan with hijackthis. When the scan is finished place a check in the box to the left of the following entries & click 'fix checked' :

F2 - REG:system.ini: UserInit=C:\Windows\System32\wsaupdater.exe,

These next two also unless you can vouch for them:
O2 - BHO: (no name) - {626636D0-04B8-4241-84B5-8A6BC3F03501} - C:\ARCHIV~1\ABFINT~1\ABFIET~1.DLL

O3 - Toolbar: ABF Internet Explorer Tools - {B2CE7F1F-9039-462A-B3B7-3935C3CCCCAC} - C:\ARCHIV~1\ABFINT~1\ABFIET~1.DLL

O4 - HKLM\..\Run: [searchbar] C:\WINDOWS\System32\vnmispoisn_downloader.exe
O4 - HKLM\..\Run: [RunDLL] rundll32.exe "C:\WINDOWS\System32\bridge.dll",Load

These also unless you can vouch for them:
O9 - Extra button: @C:\ARCHIV~1\ABFINT~1\ABFIET~1.DLL,-33@1033,ABF Internet Explorer Tools Options (HKLM)
O9 - Extra 'Tools' menuitem: @C:\ARCHIV~1\ABFINT~1\ABFIET~1.DLL,-31@1033,ABF Internet Explorer Tools Options... (HKLM)
O9 - Extra 'Tools' menuitem: @C:\ARCHIV~1\ABFINT~1\ABFIET~1.DLL,-41@1033,About ABF Internet Explorer Tools... (HKLM)
O9 - Extra button: @C:\ARCHIV~1\ABFINT~1\ABFIET~1.DLL,-20@1033,Magnifier (HKLM)

Reboot into safe mode following the instructions here & navigate to & delete the following if found:

C:\WINDOWS\System32\vnmispoisn_downloader.exe< file

Reboot normally after doing the above then post a fresh log plz.

crunchie
Most Valuable Poster
Moderator
20,095 posts since Feb 2004
Reputation Points: 1,142
Solved Threads: 985
 
7 Years Ago
0

Thanks a lot. I did what you said, when restarted in safemode
the file was there and deleted it.
Heres the new log:

Logfile of HijackThis v1.97.7
Scan saved at 07:48:35 p.m., on 19/06/2004
Platform: Windows XP SP1 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\Explorer.EXE
F:\download\HijackThis.exe
C:\WINDOWS\system32\NOTEPAD.EXE

R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Vnculos
O2 - BHO: IDM Helper - {0055C089-8582-441B-A0BF-17B458C2A3A8} - C:\Archivos de programa\Internet Download Manager\IDMIECC.dll
O2 - BHO: (no name) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\Archivos de programa\Yahoo!\Companion\Installs\cpn0\ycomp5_3_16_0.dll
O2 - BHO: (no name) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Archivos de programa\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll
O2 - BHO: SpywareGuard Download Protection - {4A368E80-174F-4872-96B5-0B27DDD11DB2} - C:\Archivos de programa\SpywareGuard\dlprotect.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\ARCHIV~1\SPYBOT~1\SDHelper.dll
O2 - BHO: (no name) - {626636D0-04B8-4241-84B5-8A6BC3F03501} - C:\ARCHIV~1\ABFINT~1\ABFIET~1.DLL
O2 - BHO: (no name) - {724d43a9-0d85-11d4-9908-00400523e39a} - C:\Archivos de programa\Siber Systems\AI RoboForm\RoboForm.dll
O2 - BHO: (no name) - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\archivos de programa\google\googletoolbar1.dll
O2 - BHO: (no name) - {BDF3E430-B101-42AD-A544-FADC6B084872} - C:\Archivos de programa\Norton AntiVirus\NavShExt.dll (disabled by BHODemon)
O2 - BHO: (no name) - {E479EDE1-923E-11D3-B82B-00E09871521B} - C:\Archivos de programa\Compass\CmpsIE.dll
O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - C:\Archivos de programa\Norton AntiVirus\NavShExt.dll
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\system32\msdxm.ocx
O3 - Toolbar: &RoboForm - {724d43a0-0d85-11d4-9908-00400523e39a} - C:\Archivos de programa\Siber Systems\AI RoboForm\RoboForm.dll
O3 - Toolbar: ABF Internet Explorer Tools - {B2CE7F1F-9039-462A-B3B7-3935C3CCCCAC} - C:\ARCHIV~1\ABFINT~1\ABFIET~1.DLL
O3 - Toolbar: Yahoo! Companion - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Archivos de programa\Yahoo!\Companion\Installs\cpn0\ycomp5_3_16_0.dll
O3 - Toolbar: Hotmail Spam Filter - {58A83E4F-477A-4A3F-BF9B-B65BC2BD5598} - C:\Archivos de programa\iHateSpam Outlook Express\siClientUIHotmail.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\archivos de programa\google\googletoolbar1.dll
O4 - HKLM\..\Run: [HTpatch] C:\WINDOWS\htpatch.exe
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\System32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [IMJPMIG8.1] "C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE" /Spoil /RemAdvDef /Migration32
O4 - HKLM\..\Run: [ccRegVfy] "C:\Archivos de programa\Archivos comunes\Symantec Shared\ccRegVfy.exe"
O4 - HKLM\..\Run: [ccApp] "C:\Archivos de programa\Archivos comunes\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [Advanced Tools Check] C:\ARCHIV~1\NORTON~1\AdvTools\ADVCHK.EXE
O4 - HKLM\..\Run: [PHIME2002ASync] C:\WINDOWS\System32\IME\TINTLGNT\TINTSETP.EXE /SYNC
O4 - HKLM\..\Run: [PHIME2002A] C:\WINDOWS\System32\IME\TINTLGNT\TINTSETP.EXE /IMEName
O4 - HKLM\..\Run: [Omnipage] C:\Archivos de programa\ScanSoft\OmniPageSE\opware32.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Archivos de programa\Java\j2re1.4.2_04\bin\jusched.exe
O4 - HKLM\..\Run: [siService.exe] "C:\Archivos de programa\iHateSpam Outlook Express\siService.exe"
O4 - HKLM\..\Run: [MSConfig] C:\WINDOWS\PCHealth\HelpCtr\Binaries\MSConfig.exe /auto
O4 - HKCU\..\Run: [IE New Window Maximizer] C:\Archivos de programa\IE New Window Maximizer\iemaximizer.exe
O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Archivos de programa\Spybot - Search & Destroy\TeaTimer.exe
O4 - Startup: SpywareGuard.lnk = C:\Archivos de programa\SpywareGuard\sgmain.exe
O4 - Global Startup: DragStrip.lnk = C:\Archivos de programa\Aladdin Systems\DragStrip\DragStrip.exe
O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O8 - Extra context menu item: &Copy Location - C:\WINDOWS\WEB\graburl.htm
O8 - Extra context menu item: &Document Tree - C:\WINDOWS\web\tree.htm
O8 - Extra context menu item: &Downlad Flash Files - C:\ARCHIV~1\FLASHU~1\FLASHH~1\save.htm
O8 - Extra context menu item: &Google Search - res://C:\Archivos de programa\Google\GoogleToolbar1.dll/cmsearch.html
O8 - Extra context menu item: AccountLogon - C:\WINDOWS\al-popup-zero.html
O8 - Extra context menu item: Advanced Email Extractor - res://C:\Archivos%20de%20programa\Advanced%20Email%20Extractor%20PRO\AeePMsie.dll/page.html
O8 - Extra context menu item: Backward &Links - res://C:\Archivos de programa\Google\GoogleToolbar1.dll/cmbacklinks.html
O8 - Extra context menu item: Cac&hed Snapshot of Page - res://C:\Archivos de programa\Google\GoogleToolbar1.dll/cmcache.html
O8 - Extra context menu item: Customize Menu &4 - file://C:\Archivos de programa\Siber Systems\AI RoboForm\RoboFormComCustomizeIEMenu.html
O8 - Extra context menu item: Download All Links with IDM - C:\Archivos de programa\Internet Download Manager\IEGetAll.htm
O8 - Extra context menu item: Download with IDM - C:\Archivos de programa\Internet Download Manager\IEExt.htm
O8 - Extra context menu item: E&xportar a Microsoft Excel - res://C:\ARCHIV~1\MICROS~2\Office10\EXCEL.EXE/3000
O8 - Extra context menu item: Fill Forms &] - file://C:\Archivos de programa\Siber Systems\AI RoboForm\RoboFormComFillForms.html
O8 - Extra context menu item: ImTranslator - C:\ARCHIV~1\IMTRAN~1\startup.html
O8 - Extra context menu item: Save Forms &[ - file://C:\Archivos de programa\Siber Systems\AI RoboForm\RoboFormComSavePass.html
O8 - Extra context menu item: Scan link with AEE - res://C:\Archivos%20de%20programa\Advanced%20Email%20Extractor%20PRO\AeePMsie.dll/link.html
O8 - Extra context menu item: Si&milar Pages - res://C:\Archivos de programa\Google\GoogleToolbar1.dll/cmsimilar.html
O8 - Extra context menu item: Translate into English - res://C:\Archivos de programa\Google\GoogleToolbar1.dll/cmtrans.html
O8 - Extra context menu item: View Partial So&urce - C:\WINDOWS\web\source.htm
O9 - Extra 'Tools' menuitem: Consola de Sun Java (HKLM)
O9 - Extra button: @C:\ARCHIV~1\ABFINT~1\ABFIET~1.DLL,-33@1033,ABF Internet Explorer Tools Options (HKLM)
O9 - Extra 'Tools' menuitem: @C:\ARCHIV~1\ABFINT~1\ABFIET~1.DLL,-31@1033,ABF Internet Explorer Tools Options... (HKLM)
O9 - Extra button: Fill Forms (HKLM)
O9 - Extra 'Tools' menuitem: Fill Forms &] (HKLM)
O9 - Extra button: Save (HKLM)
O9 - Extra 'Tools' menuitem: Save Forms &[ (HKLM)
O9 - Extra 'Tools' menuitem: &Document Tree (HKLM)
O9 - Extra button: RoboForm (HKLM)
O9 - Extra 'Tools' menuitem: RF Toolbar &2 (HKLM)
O9 - Extra button: @C:\ARCHIV~1\ABFINT~1\ABFIET~1.DLL,-200@1033,Save all images (HKLM)
O9 - Extra button: @C:\ARCHIV~1\ABFINT~1\ABFIET~1.DLL,-43@1033,About ABF Internet Explorer Tools (HKLM)
O9 - Extra 'Tools' menuitem: @C:\ARCHIV~1\ABFINT~1\ABFIET~1.DLL,-41@1033,About ABF Internet Explorer Tools... (HKLM)
O9 - Extra button: @C:\ARCHIV~1\ABFINT~1\ABFIET~1.DLL,-20@1033,Magnifier (HKLM)
O9 - Extra button: Selected Links (HKLM)
O9 - Extra 'Tools' menuitem: Selected Links (HKLM)
O9 - Extra button: Flash Hunter (HKLM)
O9 - Extra 'Tools' menuitem: &Flash Hunter (HKLM)
O9 - Extra button: @C:\ARCHIV~1\ABFINT~1\ABFIET~1.DLL,-300@1033,Refresh (ignore cache) (HKLM)
O9 - Extra button: @C:\ARCHIV~1\ABFINT~1\ABFIET~1.DLL,-10@1033,Page browser (HKLM)
O9 - Extra 'Tools' menuitem: Add to R&estricted Zone (HKLM)
O9 - Extra 'Tools' menuitem: Add to Tr&usted Zone (HKLM)
O9 - Extra button: @C:\ARCHIV~1\ABFINT~1\ABFIET~1.DLL,-400@1033,Block pop-ups (HKLM)
O9 - Extra button: @C:\ARCHIV~1\ABFINT~1\ABFIET~1.DLL,-100@1033,Refresh images (HKLM)
O9 - Extra button: Messenger (HKLM)
O9 - Extra 'Tools' menuitem: Messenger (HKLM)
O9 - Extra button: Offline (HKLM)
O9 - Extra button: AccountLogon (HKCU)
O9 - Extra 'Tools' menuitem: AccountLogon (HKCU)
O9 - Extra button: ImTranslator (HKCU)
O9 - Extra 'Tools' menuitem: ImTranslator (HKCU)
O9 - Extra button: Email Extractor (HKCU)
O9 - Extra 'Tools' menuitem: Advanced Email Extractor (HKCU)
O10 - Unknown file in Winsock LSP: c:\windows\system32\idmmbc.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\idmmbc.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\idmmbc.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\idmmbc.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\idmmbc.dll
O16 - DPF: Yahoo! Chat - http://us.chat1.yimg.com/us.yimg.com/i/chat/applet/c381/chat.cab
O16 - DPF: {166B1BCA-3F9C-11CF-8075-444553540000} (Shockwave ActiveX Control) - http://download.macromedia.com/pub/shockwave/cabs/director/sw.cab
O16 - DPF: {2B323CD9-50E3-11D3-9466-00A0C9700498} (Yahoo! Audio Conferencing) - http://us.chat1.yimg.com/us.yimg.com/i/chat/applet/v45/yacscom.cab
O16 - DPF: {30528230-99F7-4BB4-88D8-FA1D4F56A2AB} (YInstStarter Class) - http://us.dl1.yimg.com/download.yahoo.com/dl/installs/yinst0401.cab
O16 - DPF: {342999A3-728D-4DF6-BB81-CDD1A743096A} (MRActivXUI Class) - http://comp.mediaring.com/partner/pcphone/ver5.1.4.0/wbaxuiph514.cab
O16 - DPF: {3E68E405-C6DE-49FF-83AE-41EE9F4C36CE} (Office Update Installation Engine) - http://office.microsoft.com/officeupdate/content/opuc.cab
O16 - DPF: {6CB5E471-C305-11D3-99A8-000086395495} - http://toolbar.google.com/data/es/big/1.1.62-big/GoogleNav.cab
O16 - DPF: {74D05D43-3236-11D4-BDCD-00C04F9A3B61} (HouseCall Control) - http://a840.g.akamai.net/7/840/537/bcd48c18cb7498/housecall.antivirus.com/housecall/xscan53.cab
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://www.pandasoftware.com/activescan/as5/asinst.cab
O16 - DPF: {9F1C11AA-197B-4942-BA54-47A8489BB47F} (Update Class) - http://v4.windowsupdate.microsoft.com/CAB/x86/unicode/iuctl.CAB?37853.7981134259
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload.macromedia.com/pub/shockwave/cabs/flash/swflash.cab

Am I clean?

z3r0
Newbie Poster
20 posts since Jun 2004
Reputation Points: 10
Solved Threads: 0
 
7 Years Ago
0

About ABF is ok is just a toolbar I installed time ago but they are real helpers for IE such pop up blocker, zoom on images and so on.

The thing is that after that ran Ad aware and:

Vendor:Possible Browser Hijack attempt
Category:Data Miner
Object Type:RegData
Size:-
Location:Software\Microsoft\Internet Explorer\Main "Start Page" ("about:blank")
Last Activity:19/06/2004
Risk LevelMedium
Comment:Possible browser hijack attempt
Description:Possible attempt to control\redirect the browser. This object referrs to a "blacklisted" site.

I think that means my spybot resident and spyguard (i have both runing to prevent) are trying to keep safe my about:blank page that's what I set up... am I right? Or still have a pest hidden?

z3r0
Newbie Poster
20 posts since Jun 2004
Reputation Points: 10
Solved Threads: 0
 
7 Years Ago
0

ran spybot sd after that and:
Congratulations!: No immediate threats were found. ()


--- Spybot - Search && Destroy version: 1.3 ---
2004-06-16 Includes\Cookies.sbi
2004-06-16 Includes\Dialer.sbi
2004-06-16 Includes\Hijackers.sbi
2004-06-16 Includes\Keyloggers.sbi
2004-05-12 Includes\LSP.sbi
2004-06-16 Includes\Malware.sbi
2003-04-28 Includes\plugin-ignore.ini
2004-06-16 Includes\Revision.sbi
2004-06-16 Includes\Security.sbi
2004-06-16 Includes\Spybots.sbi
2003-08-28 Includes\Temporary.sbi
2004-06-16 Includes\Tracks.uti
2004-06-16 Includes\Trojans.sbi

?

z3r0
Newbie Poster
20 posts since Jun 2004
Reputation Points: 10
Solved Threads: 0
 
7 Years Ago
0

Because there is a legitimate about:blank from M$, adaware will sometimes flag it as a possible hijack. If you notice in internet options in IE, there is a *use blank* as your homepage.
Can see no signs of about:blank (the baddy) in your log :)

crunchie
Most Valuable Poster
Moderator
20,095 posts since Feb 2004
Reputation Points: 1,142
Solved Threads: 985
 
7 Years Ago
0
Because there is a legitimate about:blank from M$, adaware will sometimes flag it as a possible hijack. If you notice in internet options in IE, there is a *use blank* as your homepage.
Can see no signs of about:blank (the baddy) in your log :)


Thanks a lot!

z3r0
Newbie Poster
20 posts since Jun 2004
Reputation Points: 10
Solved Threads: 0
 

This question has already been solved

Post: Markdown Syntax: Formatting Help
You
 
© 2012 DaniWeb® LLC
Home | About Us | Contact Us | Terms of Service | Advertising Opportunities
RSS Feed RSS Feed