Jump to content


Photo

Startup and Shutdown errors


  • Please log in to reply
3 replies to this topic

#1 AstralPuke

AstralPuke

    Member

  • New Member
  • Pip
  • 2 posts

Posted 26 July 2004 - 04:22 PM

Hello, this is my first post here, so I'm a bit new to this. I read the FAQ section and I promise to do my best to follow etiquette.

I have two problems which I require assistance with. I recently removed a few Trojan viruses from my pc and I think it damaged a few files. During startup, I get an error loading bridge.dll and when I close, I get an error loading trd ww ... and then it trails off. I've read a few topics about this and have read some of the suggestions but it appears that each problem should be handled separately, especially since I am unfamiliar and uncomfortable with running hijack. From reading through some posts, it looks like I should run ad aware, then run hijack and post my results.. is this correct? Anything else I should do? Thanks in advance for any help, it is greatly appreciated.

#2 DonnaB

DonnaB

    Advanced Member

  • Retired Staff - Helper
  • PipPipPip
  • 183 posts

Posted 31 July 2004 - 06:00 AM

Hi there,

Yes, first run the spyware removal tools. Click on the following links for instructions on how to use them.
1. Spybot S&D - http://forums.spywar...showtopic=11150
2. Ad-aware - http://forums.spywar...showtopic=11150
3. CWShredder - http://forums.spywar...showtopic=11202

Do not forget to reboot the computer after using the above tools or if it prompt you to reboot. If any programs asked you to re-scan, please do so.

Next, scan your system using an online virus scan.
Use any of these services:
Housecall http://housecall.ant.../start_corp.asp
Panda ActiveScan http://www.pandasoft...ivescan-com.asp

Confirm your work by re-scanning the system to make sure that there's no infection.

Last but not the least, post your HijackThis log.

You can download HijackThis from http://www.spywarein.../downloads.html

It is important that you will run HijackThis.exe in its own folder so the backup files that HijackThis file will create will not be accidentally deleted.

Open 'My Computer', then double-click to open C:\ (or the drive letter that your Windows is installed)
In the menu bar, click File-->New-->Folder.
That will create a folder named New Folder, which you can rename to "HJT" or "HijackThis". Now you have C:\HJT\ or C:\HijackThis\ folder. Put your HijackThis.exe there, and double click to run it.

Click 'Scan' button. Click 'Save log' button. Save the 'hijackthis.log' in your desktop. Copy and paste the content of 'hijackthis.log' and post it here.
Calendar of Updates
Keep Your Security Software Current
Upgrades, Updates & Definitions
Get involved - Microsoft MVP Program
Read it from SecurityFlash

Do what you feel in your heart to be right - for you'll be criticized anyway.
You'll be damned if you do, and damned if you don't.

-- Eleanor Roosevelt

#3 AstralPuke

AstralPuke

    Member

  • New Member
  • Pip
  • 2 posts

Posted 04 August 2004 - 01:05 PM

Thank you very much for the reply! Here is my log:

Logfile of HijackThis v1.98.0
Scan saved at 1:08:19 PM, on 8/1/2004
Platform: Windows XP (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP1 (6.00.2600.0000)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.exe
C:\Program Files\Panicware\Pop-Up Stopper\dpps2.exe
C:\WINDOWS\HCHnG.EXe
C:\Program Files\Ahead\InCD\InCD.exe
C:\Program Files\Viewpoint\Viewpoint Manager\ViewMgr.exe
C:\Program Files\HighCriteria\TotalRecorder\TotRecSched.exe
C:\Program Files\NaviSearch\bin\nls.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\Netscape\Netscape\Netscp.exe
C:\Program Files\Common Files\PSD Tools\ChannelUp.exe
C:\Program Files\MSAC-FD1\MSSTAT.EXE
C:\Program Files\Common Files\Microsoft Shared\Works Shared\wkcalrem.exe
C:\Program Files\AIM95\aim.exe
C:\WINDOWS\System32\wuauclt.exe
C:\Documents and Settings\Kevin Lesko\Desktop\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = +s
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.timreynolds.com/
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,SearchURL = http://www.allcybersearch.com/ie/
R1 - HKCU\Software\Microsoft\Internet Explorer\Search,SearchAssistant = +s
R1 - HKCU\Software\Microsoft\Internet Explorer\Search,CustomizeSearch = http://drvvv.com/
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = C:\WINDOWS\SYSTEM\blank.htm
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,AutoConfigURL = http://proxy.uci.edu/proxy_config.pac
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = localhost
R3 - URLSearchHook: (no name) - _{CFBFAE00-17A6-11D0-99CB-00C04FD64497} - (no file)
O1 - Hosts: 65.61.161.115 creditreports #HCHNGX
O1 - Hosts: 65.61.161.115 creditreport #HCHNGX
O1 - Hosts: 65.61.161.115 mp3 #HCHNGX
O1 - Hosts: 65.61.161.115 games #HCHNGX
O1 - Hosts: 65.61.161.115 music #HCHNGX
O1 - Hosts: 65.61.161.115 wallpaper #HCHNGX
O1 - Hosts: 65.61.161.115 jobs #HCHNGX
O1 - Hosts: 65.61.161.115 music #HCHNGX
O1 - Hosts: 65.61.161.115 chat #HCHNGX
O1 - Hosts: 65.61.161.115 lyrics #HCHNGX
O1 - Hosts: 65.61.161.115 dvd #HCHNGX
O1 - Hosts: 65.61.161.115 cheats #HCHNGX
O1 - Hosts: 65.61.161.115 free #HCHNGX
O1 - Hosts: 65.61.161.115 maps #HCHNGX
O1 - Hosts: 65.61.161.115 freeware #HCHNGX
O1 - Hosts: 65.61.161.115 cars #HCHNGX
O1 - Hosts: 65.61.161.115 searchscout.com #HCHNGX
O1 - Hosts: 65.61.161.115 pictures #HCHNGX
O1 - Hosts: 65.61.161.115 dictionary #HCHNGX
O1 - Hosts: 65.61.161.115 weather #HCHNGX
O1 - Hosts: 65.61.161.115 software #HCHNGX
O1 - Hosts: 65.61.161.115 download #HCHNGX
O1 - Hosts: 65.61.161.115 warez #HCHNGX
O1 - Hosts: 65.61.161.115 jokes #HCHNGX
O1 - Hosts: 65.61.161.115 cracks #HCHNGX
O1 - Hosts: 65.61.161.115 screensavers #HCHNGX
O1 - Hosts: 65.61.161.115 hentai #HCHNGX
O1 - Hosts: 65.61.161.115 travel #HCHNGX
O1 - Hosts: 65.61.161.115 hotels #HCHNGX
O1 - Hosts: 65.61.161.115 airplanes #HCHNGX
O1 - Hosts: 65.61.161.115 airports #HCHNGX
O1 - Hosts: 65.61.161.115 sms #HCHNGX
O1 - Hosts: 65.61.161.115 freesms #HCHNGX
O1 - Hosts: 65.61.161.115 computer #HCHNGX
O1 - Hosts: 65.61.161.115 nero #HCHNGX
O1 - Hosts: 65.61.161.115 morpheus #HCHNGX
O1 - Hosts: 65.61.161.115 money #HCHNGX
O1 - Hosts: 65.61.161.115 cash #HCHNGX
O1 - Hosts: 65.61.161.115 sex #HCHNGX
O1 - Hosts: 65.61.161.115 fun #HCHNGX
O1 - Hosts: 65.61.161.115 loans #HCHNGX
O1 - Hosts: 65.61.161.115 casino #HCHNGX
O1 - Hosts: 65.61.161.115 crossword #HCHNGX
O1 - Hosts: 65.61.161.115 spam #HCHNGX
O1 - Hosts: 65.61.161.115 videos #HCHNGX
O1 - Hosts: 65.61.161.115 credit #HCHNGX
O1 - Hosts: 65.61.161.115 pharmacy #HCHNGX
O1 - Hosts: 65.61.161.115 battery #HCHNGX
O1 - Hosts: 65.61.161.115 mobile #HCHNGX
O1 - Hosts: 65.61.161.115 cellphone #HCHNGX
O1 - Hosts: 65.61.161.115 cell #HCHNGX
O1 - Hosts: 65.61.161.115 telephone #HCHNGX
O1 - Hosts: 65.61.161.115 logos #HCHNGX
O1 - Hosts: 65.61.161.115 ringtones #HCHNGX
O1 - Hosts: 65.61.161.115 gsm #HCHNGX
O1 - Hosts: 65.61.161.115 shopping #HCHNGX
O1 - Hosts: 65.61.161.115 searchco.com #HCHNGX
O1 - Hosts: 65.61.161.115 www.searchco.com #HCHNGX
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx
O4 - HKLM\..\Run: [hpfsched] C:\WINDOWS\hpfsched.exe
O4 - HKLM\..\Run: [Pop-Up Stopper] "C:\Program Files\Panicware\Pop-Up Stopper\dpps2.exe"
O4 - HKLM\..\Run: [HChng] C:\WINDOWS\HCHnG.EXe
O4 - HKLM\..\Run: [couponsandoffers] wjview /cp:p "C:\Program Files\couponsandoffers\System\Code" Main lp: "C:\Program Files\couponsandoffers"
O4 - HKLM\..\Run: [hqwsmhsc] C:\WINDOWS\lsiqkgxe.exe
O4 - HKLM\..\Run: [NeroCheck] C:\WINDOWS\System32\\NeroCheck.exe
O4 - HKLM\..\Run: [InCD] C:\Program Files\Ahead\InCD\InCD.exe
O4 - HKLM\..\Run: [wcmdmgr] C:\WINDOWS\wt\updater\wcmdmgrl.exe -launch
O4 - HKLM\..\Run: [ViewMgr] C:\Program Files\Viewpoint\Viewpoint Manager\ViewMgr.exe
O4 - HKLM\..\Run: [TotalRecorderScheduler] C:\Program Files\HighCriteria\TotalRecorder\TotRecSched.exe
O4 - HKLM\..\Run: [RunDLL] rundll32.exe "C:\WINDOWS\Downloaded Program Files\bridge.dll",Load
O4 - HKLM\..\Run: [NaviSearch] C:\Program Files\NaviSearch\bin\nls.exe
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKCU\..\Run: [MoneyAgent] "C:\Program Files\Microsoft Money\System\Money Express.exe"
O4 - HKCU\..\Run: [Mozilla Quick Launch] "C:\Program Files\Netscape\Netscape\Netscp.exe" -turbo
O4 - HKCU\..\Run: [PSD Tools Channel] C:\Program Files\Common Files\PSD Tools\ChannelUp.exe
O4 - Global Startup: Reminder-hpc41001.lnk = C:\Program Files\HP DeskJet 690C Series\ereg\Remind32.exe
O4 - Global Startup: Adobe Gamma Loader.exe.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Global Startup: Memory Stick Monitor.lnk = ?
O4 - Global Startup: Microsoft Works Calendar Reminders.lnk = ?
O8 - Extra context menu item: Coupons - file://C:\Program Files\couponsandoffers\System\Temp\couponsandoffers_script0.htm
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINDOWS\System32\msjava.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINDOWS\System32\msjava.dll
O9 - Extra button: HuntBar - {59450DB0-341D-4436-B380-B8377D8B6796} - http://www.huntbar.c...ult.asp?aff=857 (file missing)
O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\Program Files\AIM95\aim.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\MSMSGS.EXE (file missing)
O9 - Extra 'Tools' menuitem: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\MSMSGS.EXE (file missing)
O12 - Plugin for .aam: C:\PROGRA~1\INTERN~1\PLUGINS\NP32ASW.DLL
O12 - Plugin for .spop: C:\PROGRA~1\INTERN~1\Plugins\NPDocBox.dll
O16 - DPF: ConferenceRoom Java Client - http://chat.privatef...000/java/cr.cab
O16 - DPF: Yahoo! Freecell Solitaire - http://yog55.games.s...og/y/fs10_x.cab
O16 - DPF: {41F17733-B041-4099-A042-B518BB6A408C} - http://a1540.g.akama...00...taller.exe
O16 - DPF: {56336BCB-3D8A-11D6-A00B-0050DA18DE71} (RdxIE Class) - http://software-dl.r...90...xIE601.cab
O16 - DPF: {74D05D43-3236-11D4-BDCD-00C04F9A3B61} (HouseCall Control) - http://a840.g.akamai...04...scan53.cab
O16 - DPF: {90C9629E-CD32-11D3-BBFB-00105A1F0D68} (InstallShield Setup Player) - http://www.installen...gine/isetup.cab
O16 - DPF: {E855A2D4-987E-4F3B-A51C-64D10A7E2479} (EPSImageControl Class) - http://tools.ebayimg...ntrol_v1-32.cab
O16 - DPF: {FDDCE9FF-1FC6-413C-80B1-37B101FDA1D4} - http://download.budd...llInstaller.cab

#4 DonnaB

DonnaB

    Advanced Member

  • Retired Staff - Helper
  • PipPipPip
  • 183 posts

Posted 16 September 2004 - 09:12 AM

:( Was away for holidays last month.

If you still need help, please post a new log

Download the current version of HijackThis from any download locations below:
http://www.allsecpro.../HijackThis.zip
http://www.zerosreal...wnloads/hjt.zip
http://www.downloads.../hijackthis.zip

Where to put HijackThis:
After downloading hijackthis.zip, extract HijackThis.exe in its own folder. To do this:

Open 'My Computer', then double-click to open C:\ (or the drive letter that your Windows is installed)
In the menu bar, click File-->New-->Folder.
That will create a folder named New Folder, which you can rename to "HJT" or "HijackThis". Now you have C:\HJT\ or C:\HijackThis\ folder. Put or extract your HijackThis.exe there.

How to use HijackThis:
Double-click HijackThis.exe. Click “Scan”, click “Save Log”. Save the log in your desktop. Copy the content of the hijackthis.log and paste it here in your next reply.
Calendar of Updates
Keep Your Security Software Current
Upgrades, Updates & Definitions
Get involved - Microsoft MVP Program
Read it from SecurityFlash

Do what you feel in your heart to be right - for you'll be criticized anyway.
You'll be damned if you do, and damned if you don't.

-- Eleanor Roosevelt




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

Member of ASAP and UNITE
Support SpywareInfo Forum - click the button