Posts by caperjack

Check out ,How I got infected in the first place ,in our signatures .
for info on learning the howto's go here and join up. http://forums.spywareinfo.com/

Tabascoman4 please do the following ,and after you do start you own thread,with a little info about being here ! and post your hijackthis log .

Might I suggest Ad-Aware and Spybot

Download the latest version of Ad-Aware at ADAWARE

Download SPYBOT

How to setup Ad-Aware and Spy-Bot S&D
http://www.zerosrealm.com/scanning.php

And after that, please do the following:

Download 'Hijack This!'.HERE

Unzip (extract) it to a folder of its own.Like c:\HJT\hijackthis.exe , Then Doubleclick HijackThis.exe (in the new folder), and hit "Scan".
When the scan is finished, the "Scan" button will change into a "Save Log" button.
Press that, then Ctrl-A to Select All, and copy its contents here. for hijackthis,most of what it lists will be harmless or even essential, don't fix anything yet.

reboot computer and post a new hijackthis log

Check this out .And get the programs suggested
http://www.computercops.biz/postlite7736-.html

is it a logitech keyboard :p !?
What happens when you click the 4 keys

Just because the lights are on doesn't mean the computer posted ,do you hear the first beep to indicate it passed the post test ,the beep will come from the internal computer speaker .

the athlon xp2800 should be a 2.08mhZ,download WCPUID ,one of the best cpu tools out there .It will show what it clock speed is .get it here .
http://www.majorgeeks.com/downloadget.php?id=435&file=9&evp=2a23f8684d79daa09dd116ef30d3652d

Might I suggest Ad-Aware and Spybot

Download the latest version of Ad-Aware at ADAWARE

Download SPYBOT

How to setup Ad-Aware and Spy-Bot S&D
http://www.zerosrealm.com/scanning.php

And after that, please do the following:

Please Download CWShredder from HERE and run the Program in safe mode . Press the "Fix Button" Let it fix all variants. Next, Close the program and all windows and IE windows and run hijackthis and Post a Fresh log.

Reboot to SAFE mode to run swshredder

How to start computer in safe mode

reboot computer and post a new log

Important: Create a folder on the C: drive called C:\HJT.
You can do this by going to My Computer (Windows key+e) then double click on C: then right click and select New then Folder and name it HJT.
Unzip HijackThis into this folder. When you run HijackThis from this folder and have it "Fixed checked" it will create a backup file of modifications to use if restore is necessary.

Have Hijack This fix the following by placing a check in the appropriate boxes and selecting fix checked. Make sure all browser and all Windows Explorer windows are closed before fixing.

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://red.clientapps.yahoo.com/cus...rch/search.html

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://red.clientapps.yahoo.com/cus...//www.yahoo.com

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com/

R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://red.clientapps.yahoo.com/cus...://my.yahoo.com

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://red.clientapps.yahoo.com/cus...rch/search.html

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://red.clientapps.yahoo.com/cus...//www.yahoo.com

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://red.clientapps.yahoo.com/cus...://my.yahoo.com

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://red.clientapps.yahoo.com/cus...//www.yahoo.com

R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://red.clientapps.yahoo.com/cus...//www.yahoo.com

O4 - HKLM\..\Run: [btcnlrgo] C:\WINDOWS\System32\btcnlrgo.exe

O4 - HKCU\..\Run: [Weather] C:\PROGRA~1\AWS\WEATHE~1\Weather.exe 1

Now reboot into safe mode and delete the following files and folders if found .
C:\WINDOWS\System32\btcnlrgo.exe... delete file

C:\PROGRA~1\AWS\WEATHE~1\Weather.exe ...delete file

to delete the above files and folder you will need to do the following

Hello

You have a peper infection

http://www.memorywatcher.com/uninst.exe

When you run the uninstaller, you MUST have an internet connection active for it to work.

Please run this twice with a reboot in between.

Then post a new log

Have Hijack This fix the following by placing a check in the appropriate boxes and selecting fix checked. Make sure all browser and all Windows Explorer windows are closed before fixing.

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://websearch.drsnsrch.com/sidesearch.cgi?id=

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://websearch.drsnsrch.com/sidesearch.cgi?id=

R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch = http://websearch.drsnsrch.com/sidesearch.cgi?id=

R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://websearch.drsnsrch.com/sidesearch.cgi?id=

R3 - URLSearchHook: (no name) - _{CFBFAE00-17A6-11D0-99CB-00C04FD64497} - (no file)

O2 - BHO: (no name) - {01F44A8A-8C97-4325-A378-76E68DC4AB2E} - C:\WINDOWS\systb.dll (file missing)

O3 - Toolbar: (no name) - {2CDE1A7D-A478-4291-BF31-E1B4C16F92EB} - (no file)

O4 - HKLM\..\Run: [Open Site] C:\Program Files\Open Site\opnste.exe

O4 - HKLM\..\Run: [gszycfccjuo] C:\WINDOWS\System32\qnyuzw.exe

O4 - HKLM\..\Run: [alchem] C:\WINDOWS\alchem.exe

O13 - Mosaic Prefix: http://www.nkvd.us/

O16 - DPF: {56336BCB-3D8A-11D6-A00B-0050DA18DE71} (RdxIE Class) - http://software-dl.real.com/0412bbe...ip/RdxIE601.cab

Now reboot into safe mode and delete the following files and folders if found .

C:\Program Files\Open Site\opnste.exe>>>>> Delete file

C:\WINDOWS\System32\qnyuzw.exe >>>>> Delete file

C:\WINDOWS\alchem.exe >>>>> Delete file

to delete the above files and folder you will need to do the following
go to
Show hidden files & folders

"Fix Checked"...Reboot to SAFE mode to delete files
How to start computer in safe mode

reboot computer and post a new log

Important: Create a folder on the C: drive called C:\HJT.
You can do this by going to My Computer (Windows key+e) then double click on C: then right click and select New then Folder and name it HJT.
Unzip HijackThis into this folder. When you run HijackThis from this folder and have it "Fixed checked" it will create a backup file of modifications to use if restore is necessary.

So when you restore to a earlyer time the computer then works ok!if not .can you boot to safe mode and will it work in safe mode !! run you virus scan in safe mode.to see if it finds anything
hit f8 on boot up to get to safe mode

Long time, no post.

There are some computers that I run the install, delete the partition that has 98 on it. When I go to install 2000 on it, it says that I need to create a partition. Well, I go to create that partition, and I the number that I put in will not hold.

IHas anyone else ran into this problem?

Are you removing win98 or upgrading from98 to 2000 .you say delete win98 partition just how are you doing this !!

Thats what mine did when it burnt out !

Important: Create a folder on the C: drive called C:\HJT.
You can do this by going to My Computer (Windows key+e) then double click on C: then right click and select New then Folder and name it HJT.
Unzip HijackThis into this folder. When you run HijackThis from this folder and have it "Fixed checked" it will create a backup file of modifications to use if restore is necessary.

Then do this .
Have Hijack This fix the following by placing a check in the appropriate boxes and selecting fix checked. Make sure all browser and all Windows Explorer windows are closed before fixing.

R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://red.clientapps.yahoo.com/cus...://my.yahoo.com

R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,SearchAssistant = http://www.websearch.com/ie.aspx?tb_id=99

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://red.clientapps.yahoo.com/cus...rch/search.html

O4 - HKLM\..\Run: [mduhszef] C:\WINDOWS\System32\wlzylwqd.exe

O4 - HKLM\..\Run: [fash] C:\WINDOWS\fash.exe

O4 - HKLM\..\Run: [RunDLL] rundll32.exe "C:\WINDOWS\System32\bridge.dll",Load

you may find wintools in add and remove programs and unistall it there
O4 - HKLM\..\Run: [WinTools] C:\Program Files\Common files\WinTools\WToolsA.exe

This one is optional ,resource hogg ,not needed in startup.
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office\OSA9.EXE

O8 - Extra context menu item: &Search - http://bar.mywebsearch.com/menusearch.html?p=ZS

Now reboot into safe mode and delete the following files and folders if found .

to delete the above files and folder you will need to do the …

Don't break out the cyber beer yet .lol
first do this ,
Important: Create a folder on the C: drive called C:\HJT.
You can do this by going to My Computer (Windows key+e) then double click on C: then right click and select New then Folder and name it HJT.
Unzip HijackThis into this folder. When you run HijackThis from this folder and have it "Fixed checked" it will create a backup file of modifications to use if restore is necessary.

then this

Have Hijack This fix the following by placing a check in the appropriate boxes and selecting fix checked. Make sure all browser and all Windows Explorer windows are closed before fixing.

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://prosearching.com/searchbar.html

R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = about:blank

R1 - HKLM\Software\Microsoft\Internet Explorer\Search,(Default) = about:blank

O4 - HKLM\..\Run: [This Bore] C:\PROGRA~1\SIZECL~1\Cool Cash.exe

O4 - HKLM\..\Run: [WebScan] C:\Program Files\Acceleration Software\Anti-Virus\defscangui.exe -k

O4 - HKLM\..\Run: [RoughRiders] C:\Program Files\WMx\Dialers\RoughRiders\RoughRiders.exe /dontdial

O4 - HKLM\..\Run: [sginst] C:\PROGRA~1\ACCELE~1\SCRIPT~1\sginst.exe /upd

O4 - HKLM\..\Run: [eMailEncryption] C:\PROGRA~1\ACCELE~1\VELOZD~1\velozsys.exe runstart

O4 - HKLM\..\Run: [LSPFix] C:\Program Files\Common Files\eAcceleration\LSPfix\LSPmonitor.exe normal

O4 - HKLM\..\Run: [eanth_system_patcher] C:\PROGRA~1\ACCELE~1\SYSTEM~1\sys_alert.exe /Startup

O4 - HKCU\..\RunServices: [Image] rundll32 C:\WINDOWS\image.dll,Install

O16 - DPF: {1EB17D1C-141D-4D9D-91CB-24D99215851D} - http://akamai.downloadv3.com/binari...tia32_EN_XP.cab

O16 - DPF: {AD7FAFB0-16D6-40C3-AF27-585D6E6453FD} -

O16 - DPF: {B3A5878E-5B4C-4D12-9156-4D7FD8D0AF6C} (Cltbuilder Class) - http://akamai.downloadv3.com/binari...ne2oneSvcEN.cab

Now reboot into safe mode and delete the following files …

Download 'Hijack This!'.HERE

Unzip (extract) it to a folder of its own.Like c:\HJT\hijackthis.exe , Then Doubleclick HijackThis.exe (in the new folder), and hit "Scan".
When the scan is finished, the "Scan" button will change into a "Save Log" button.
Press that, then Ctrl-A to Select All, and copy its contents here. for hijackthis,most of what it lists will be harmless or even essential, don't fix anything yet.

Quite a bit going on in you log, lets start with this .

Important: Create a folder on the C: drive called C:\HJT.
You can do this by going to My Computer (Windows key+e) then double click on C: then right click and select New then Folder and name it HJT.
Unzip HijackThis into this folder. When you run HijackThis from this folder and have it "Fixed checked" it will create a backup file of modifications to use if restore is necessary.

Might I suggest Ad-Aware and Spybot

Download the latest version of Ad-Aware at ADAWARE

Download SPYBOT

How to setup ad-Aware and spyBot
http://www.zerosrealm.com/scanning.php

And after that, please do the following:
Please Download CWShredder from HERE and run the Program in safe mode . Press the "Fix Button" Let it fix all variants. Next, Close the program and all windows and IE windows and run hijackthis and Post a Fresh log.

Reboot to SAFE mode to run swshredder

How to start computer in safe mode

reboot computer and post a new log

Important: Create a folder on the C: drive called C:\HJT.
You can do this by going to My Computer (Windows key+e) then double click on C: then right click and select New then Folder and name it HJT.
Unzip HijackThis into this folder. When you run HijackThis from this folder and have it "Fixed checked" it will create a backup file of modifications to use if restore is necessary.

Might I suggest Ad-Aware and Spybot

Download the latest version of Ad-Aware at ADAWARE

Download SPYBOT

How to setup ad-Aware and spyBot
http://www.zerosrealm.com/scanning.php

And after that, please do the following:

Download 'Hijack This!'.HERE

Unzip (extract) it to a folder of its own.Like c:\HJT\hijackthis.exe , Then Doubleclick HijackThis.exe (in the new folder), and hit "Scan".
When the scan is finished, the "Scan" button will change into a "Save Log" button.
Press that, then Ctrl-A to Select All, and copy its contents here. for hijackthis,most of what it lists will be harmless or even essential, don't fix anything yet.

Please Download CWShredder from HERE and run the Program in safe mode . Press the "Fix Button" Let it fix all variants. Next, Close the program and all windows and IE windows and run hijackthis and Post a Fresh log.

Reboot to SAFE mode to run swshredder

How to start computer in safe mode

reboot computer and post a new log

the log looks clean ,not sure why you adaware freezes ,berhaps try running it in safe mode .
As for the spoolsv.exe it part of winxp ,it doesent mater if you ahve a printer installed ,not sure why you would be getting the error message .

Reboot to SAFE mode to run Adaware
How to start computer in safe mode

spoolsv.exe =a service that stores printer jobs and forwards them to the printer when it is ready,
it also can be virus releated depending on where its located on you computer ,if you have hijackthis [if not download it in my signature ]on your compute run it and post a log .

log is clean .

you have the mblast virus===O4 - HKLM\..\Run: [windows auto update] msblast.exe

removal tips here .
http://www.pchell.com/virus/msblast.shtml

you should unzip hijackthis to a folder of its own like c:\HJT\hijackthis.exe ,for backups .

then run it and fix the following.
O1 - Hosts: 207.36.196.189 auto.search.msn.com
O1 - Hosts: 207.36.196.189 search.netscape.com
O1 - Hosts: 207.36.196.189 ieautosearch
reboot and post new log .

Also a trip to windows updates is needed for critical updates and SP1's
WINDOWS UPDATES

rescourch =resource

Have Hijack This fix the following by placing a check in the appropriate boxes and selecting fix checked. Make sure all browser and all Windows Explorer windows are closed before fixing.

O2 - BHO: (no name) - {1C78AB3F-A857-482e-80C0-3A1E5238A565} - C:\WINDOWS\System32\toolbar.dll

this is not malware but is a rescourch hogg and not needed in startup ,suggested fix .
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE

Now reboot into safe mode and delete the following files and folders if found .

C:\WINDOWS\System32\toolbar.dll >>> delet file if found

to delete the above files and folder you will need to do the following
go to
Show hidden files & folders

"Fix Checked"...Reboot to SAFE mode to delete files
How to start computer in safe mode

reboot computer and post a new log

this program is responsiable for you browse hijack problems ,i suggest removing it ,
O4 - HKLM\..\Run: [SysUpd] C:\WINDOWS\sysupd.exe

Have Hijack This fix the following by placing a check in the appropriate boxes and selecting fix checked. Make sure all browser and all Windows Explorer windows are closed before fixing.

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://srch-us5.hpwis.com/

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://us5.hpwis.com/

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://srch-us5.hpwis.com/

R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://us5.hpwis.com/

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://srch-us5.hpwis.com/

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://srch-us5.hpwis.com/

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://srch-us5.hpwis.com/

R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch = http://srch-us5.hpwis.com/

R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://srch-us5.hpwis.com/

O4 - HKLM\..\Run: [SysUpd] C:\WINDOWS\sysupd.exe

This one isn't spyware but is a suggested fix as its a rescorce hogg and not needed in startup.
O4 - Startup: Office Startup.lnk = C:\Program Files\Microsoft Office\Office\OSA.EXE

Now reboot into safe mode and delete the following files and folders if found .

C:\WINDOWS\sysupd.exe >>>> Delete file

to delete the above files and folder you will need to do the following
go to
Show hidden files & folders

"Fix Checked"...Reboot to SAFE mode to delete files
How to start computer in safe mode

reboot computer and post a new log

Important: Create a folder on the C: drive called C:\HJT.
You can do this by going to My Computer (Windows key+e) then double click on C: then right click and select New then Folder and name it HJT.
Unzip HijackThis into this folder. When you run HijackThis from this folder and have it "Fixed checked" it will create a backup file of modifications to use if restore is necessary.

Please Download CWShredder from HERE and run the Program in safe mode . Press the "Fix Button" Let it fix all variants. Next, Close the program and all windows and IE windows and run hijackthis and Post a Fresh log.

Reboot to SAFE mode to run swshredder

How to start computer in safe mode

reboot computer and post a new log

Download the latest version of Ad-Aware at http://www.lavasoftusa.com/support/download/
After installing AAW, and before running the program, FIRST update the reference file following these instructions.
http://www.lavahelp.com/howto/updref/index.html
Now do the following:
- Under Ad-aware 6 > Settings (Gear at the top) > Tweaks > Scanning Engine:
check: "Unload recognized processes during scanning."
- Under Ad-aware 6 > Settings (Gear at the top) > Tweaks > Cleaning Engine:
Check: "Let Windows remove files in use after reboot."
Press "Scan Now"
- Check option "Use Custom scanning options"
- Check option "Activate In-Depth Scan"
- Press "Select drives\folders to scan"
- Select the active partition which is usually C:
Now press "Next" to let Ad-aware scan your drives...
It will find a number of "bad" files and registry keys.
Right-click in that pane and choose "select all"
Now press "Next" again.
It will ask you whether you'd like to remove all checked items. Click OK.
Finally, close Ad-Aware, and reboot.

Then:
Download 'Hijack This!'.HERE

Unzip (extract) it to a folder of its own.Like c:\HJT\hijackthis.exe , Then Doubleclick HijackThis.exe (in the new folder), and hit "Scan".
When the scan is finished, the "Scan" button will change into a "Save Log" button.
Press that, then Ctrl-A to Select All, and copy its contents here. for hijackthis,most of what it lists will be harmless or even essential, don't fix …

Well, I think that I may have got it sorted!! It was a varient (f) of the Blaster worm..

Can someone have a quick look at the HJT log and let me know if they see anything there that shouldn't be cause i'm not sure what to look for!

Logfile of HijackThis v1.97.7
Scan saved at 14:44:11, on 07/05/2004
Platform: Windows 2000 SP4 (WinNT 5.00.2195)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)
Running processes:
C:\WINNT\System32\smss.exe
C:\WINNT\system32\winlogon.exe
C:\WINNT\system32\services.exe
C:\WINNT\system32\lsass.exe
C:\WINNT\system32\svchost.exe
C:\WINNT\system32\spoolsv.exe
C:\WINNT\System32\svchost.exe
C:\WINNT\System32\nvsvc32.exe
C:\WINNT\system32\regsvc.exe
C:\WINNT\system32\MSTask.exe
C:\WINNT\System32\WBEM\WinMgmt.exe
C:\WINNT\system32\svchost.exe
C:\WINNT\System32\svchost.exe
C:\WINNT\Explorer.EXE
C:\WINNT\system32\spool\drivers\w32x86\3\hpztsb04.exe
C:\Program Files\Sony Corporation\Image Transfer\SonyTray.exe
C:\Program Files\Zone Labs\ZoneAlarm\zapro.exe
C:\WINNT\system32\ZoneLabs\vsmon.exe
C:\WINNT\system32\mmc.exe
C:\WINNT\system32\DfrgNtfs.exe
C:\Backup\HijackThis.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.co.uk/
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = http=http://www-cache.freeserve.com:8080;ftp=http://www-cache.freeserve.com:8080
O2 - BHO: (no name) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINNT\system32\msdxm.ocx
O3 - Toolbar: MSN Toolbar - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\MSN Toolbar\01.01.1601.0\en-gb\msntb.dll
O4 - HKLM\..\Run: [Synchronization Manager] mobsync.exe /logon
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINNT\System32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [NeroCheck] C:\WINNT\system32\NeroCheck.exe
O4 - HKLM\..\Run: [HPDJ Taskbar Utility] C:\WINNT\system32\spool\drivers\w32x86\3\hpztsb04.exe
O4 - HKLM\..\Run: [Zone Labs Client] C:\PROGRA~1\Zone Labs\ZoneAlarm\zapro.exe
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background
O4 - Global Startup: Adobe Gamma Loader.lnk …

Sad we had to create a fourm for spyware what is the world coming to haha.

One coming for Formatting ,you wanna be the host !:)

your up too early ,yeah we clean him up good ,got him to format LOL

What a mess my god man. Reformat!!!!!

No that log in the qoute from another poster ,isn't it ,I think .:)LOL

well thats craptacular. how do i put it back? its all already been fixed.

It won't hurt any thin by not using it just run hijack again and click config/backups and highlite it and click restore,sorry for the miss!!

assumming you are using winxp,go this site download shoot the messenge and run it .'
http://www.grc.com/stm/shootthemessenger.htm

Google results on voice bridge .

http://www.google.com/search?sourceid=navclient-menuext&ie=UTF-8&oe=UTF-8&q=%22voice+%22Bridge%22

I copyied this in by mistake ,it should be left unfixed as it is actuall quite usefull .

O4 - HKLM\..\Run: [NeroCheck] C:\WINDOWS\system32\NeroCheck.exe

its spyware releated ,it's a dll file put on you computer by a virus or trojan and you will get the misiing dll error if you us sptbot or ad-aware ,they remove it but not all of the references to it in you registry Run command ,hence the error .the registry looking for the dll !1 or something like that! What it actually does is beond me.

O4 - HKLM\..\Run: [RunDLL] rundll32.exe "C:\WINDOWS\System32\bridge.dll",Load

sry. Didn't think much of it considering it was the same problem. But anyway, running the fixes in safe-mode did the trick. case closed.

Don't count you chickens ! It can return ,and don't forget to run you windows updates .

Log is clean almost !:)

Important: Create a folder on the C: drive called C:\HJT.
You can do this by going to My Computer (Windows key+e) then double click on C: then right click and select New then Folder and name it HJT.
Unzip HijackThis into this folder. When you run HijackThis from this folder and have it "Fixed checked" it will create a backup file of modifications to use if restore is necessary.

Have Hijack This fix the following by placing a check in the appropriate boxes and selecting fix checked. Make sure all browser and all Windows Explorer windows are closed before fixing.

These are ok but not needed and the cthelper.exe is know to cause the cpu to run 100%,fix on all of these is by your choice .

O4 - HKLM\..\Run: [UpdReg] C:\WINDOWS\Updreg.exe

O4 - HKLM\..\Run: [CTHelper] CTHELPER.EXE

O4 - HKLM\..\Run: [NeroCheck] C:\WINDOWS\system32\NeroCheck.exe

This ,nuisance program.unless you use it all the time and want it running all the time
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background

O16 - DPF: {AB29A544-D6B4-4E36-A1F8-D3E34FC7B00A} (WTHoster Class) - http://install.wildtangent.com/bgn/...stx/install.cab

CTHELPER =is a background task that is a plug-in manager for Creative drivers. The theory is that 3rd party manufacturers can use the CTHELPER plug-in interface to produce drivers, add-on features, and fixes that will integrate with a tighter fit with Creative’s sound drivers and utilities. Given its purpose …

You Have A Variant of the CoolWebSearch Trojan.

Please Download CWShredder from HERE and run the Program in safe mode . Press the "Fix Button" Let it fix all variants. Next, Close the program and all windows and IE windows and run hijackthis and Post a Fresh log.

Reboot to SAFE mode to run swshredder

How to start computer in safe mode

reboot computer and post a new log

please go into msconfig and select "normal startup load all devices and services "so all the things you have selected to not run on startup will show in you log .reboot and post a frsh hijackthis log .

3 things first ,
1's =Important: Create a folder on the C: drive called C:\HJT.
You can do this by going to My Computer (Windows key+e) then double click on C: then right click and select New then Folder and name it HJT.
Unzip HijackThis into this folder. When you run HijackThis from this folder and have it "Fixed checked" it will create a backup file of modifications to use if restore is necessary.

2nd= a little info any antiSpyware programs you may have allready used .thanks .I will have a look at the log and advise !

3rd=Also a trip to windows updates is needed for critical updates and SP1's
WINDOWS UPDATES

it currently running Win95 and can’t be updated because of the OS.

what are you refering to when you say can't be upgraded because of the OS,win95 is the OS , I know there are missing MSVBVM60.DLL file messeages, when trying to run programs like cwshredder and hijackthis ,on win95 and win98 , If you get such message you can download the file here

Just a not about the really good program called AIDA32,the developer of the program has stoped support and developing it !gone but not forgotton

http://www.aida32.hu/

glad i could help:)

Make backups of your important personal files from your PC, then destroy your DOS partitions. Reformat your hard drive. Then reinstall your OS and software.

BUT before you even connect online, buy the lastest anti-Virus software from somewhere like McAfee, and also install a firewall - Zonealarm is free (but make sure you are very strict as to what you allow to access the net).

That should go a long way to eliminating the threat.

I've found that downloaded software simply cannot remove very embedded scumware, which is why I recommend start from scratch with a full reformat. Otherwise you may never be rid. And, hey, be more careful in future. :)

6 months ago I had a computer full of spyware /trojans ,i did a search and found and used all the programs to remove the unwanted spyware ,I now use these tools to help otheres remove spyware ,I didn't format my computer ,I have't formated my computer is almost a year .I run windows updates regulary and install a couple of programs to block spyware sites ,so formating is not necessasry,but is sometimes the fastes way!!