Hi guys :) me again.

When I turn pc on I have a message:
Error loading C:\WINDOWS\System32\bridge.dll
The specified modul caould not be found.

Ad-aware sad it can't fix it.

Here is my HijackThis log:

Logfile of HijackThis v1.97.7
Scan saved at 15:40:12, on 2.4.2004
Platform: Windows XP (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 (6.00.2600.0000)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\logonui.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\System32\optmouse.exe
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\Program Files\Norton SystemWorks\Norton Ghost\GhostStartTrayApp.exe
C:\Program Files\Java\j2re1.4.2_03\bin\jusched.exe
C:\Program Files\NetUp\NetUp.exe
C:\Program Files\RAM Idle LE\RAM_XP.exe
C:\Program Files\Grisoft\AVG6\avgcc32.exe
C:\PROGRA~1\ZONELA~1\ZONEAL~1\zlclient.exe
C:\Program Files\RFA\rfagent.exe
C:\WINDOWS\System32\RunDll32.exe
C:\Program Files\Winamp\winampa.exe
C:\Program Files\BillP Studios\WinPatrol\WinPatrol.exe
C:\Program Files\iISystem Wiper\SystemWiper.exe
C:\Program Files\Adobe\Acrobat 5.0\Distillr\AcroTray.exe
C:\Program Files\Microsoft SQL Server\80\Tools\Binn\sqlmangr.exe
C:\Program Files\Corel\Graphics9\Register\Remind32.exe
C:\PROGRA~1\Grisoft\AVG6\avgserv.exe
C:\WINDOWS\System32\drivers\CDAC11BA.EXE
C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
C:\PROGRA~1\NORTON~1\NORTON~2\GHOSTS~2.EXE
C:\Program Files\Microsoft SQL Server\MSSQL\Binn\sqlservr.exe
C:\Program Files\Norton SystemWorks\Norton AntiVirus\navapsvc.exe
C:\Program Files\Norton SystemWorks\Norton Utilities\NPROTECT.EXE
C:\WINDOWS\System32\nvsvc32.exe
C:\PROGRA~1\NORTON~1\SPEEDD~1\nopdb.exe
C:\WINDOWS\system32\ZoneLabs\vsmon.exe
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\Programi\HIJACKETHIS\HijackThis.exe

O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\System32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [OPTMOUSEMOUSE] C:\WINDOWS\System32\optmouse.exe
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [ccRegVfy] "C:\Program Files\Common Files\Symantec Shared\ccRegVfy.exe"
O4 - HKLM\..\Run: [GhostStartTrayApp] C:\Program Files\Norton SystemWorks\Norton Ghost\GhostStartTrayApp.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\j2re1.4.2_03\bin\jusched.exe
O4 - HKLM\..\Run: [NetUp] C:\Program Files\NetUp\NetUp.exe /T
O4 - HKLM\..\Run: [RAM Idle Professional] C:\Program Files\RAM Idle LE\RAM_XP.exe
O4 - HKLM\..\Run: [AVG_CC] C:\Program Files\Grisoft\AVG6\avgcc32.exe /startup
O4 - HKLM\..\Run: [Zone Labs Client] C:\PROGRA~1\ZONELA~1\ZONEAL~1\zlclient.exe
O4 - HKLM\..\Run: [RFAgent] C:\Program Files\RFA\rfagent.exe
O4 - HKLM\..\Run: [Cmaudio] RunDll32 cmicnfg.cpl,CMICtrlWnd
O4 - HKLM\..\Run: [Corel Graphics Suite 1117] C:\Program Files\Corel\Corel Graphics 11\Register\registration.exe /title="Corel Graphics Suite 11" /date=040504 serial=DR11CTD-9999999-KHM
O4 - HKLM\..\Run: [WinampAgent] C:\Program Files\Winamp\winampa.exe
O4 - HKLM\..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k
O4 - HKLM\..\Run: [WinPatrol] C:\Program Files\BillP Studios\WinPatrol\WinPatrol.exe
O4 - HKLM\..\Run: [RunDLL] rundll32.exe "C:\WINDOWS\System32\bridge.dll",Load
O4 - HKCU\..\Run: [iIWiper] C:\Program Files\iISystem Wiper\SystemWiper.exe m
O4 - HKCU\..\Run: [RFAgent] C:\Program Files\RFA\rfagent.exe
O4 - Startup: Corel Registration.lnk = C:\Program Files\Corel\Graphics9\Register\Remind32.exe
O4 - Global Startup: Acrobat Assistant.lnk = C:\Program Files\Adobe\Acrobat 5.0\Distillr\AcroTray.exe
O4 - Global Startup: Adobe Gamma Loader.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Global Startup: Check Local Printer.lnk = C:\Program Files\KXP6X00\Chkpnt.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
O4 - Global Startup: Service Manager.lnk = C:\Program Files\Microsoft SQL Server\80\Tools\Binn\sqlmangr.exe
O8 - Extra context menu item: Download using Download &Express - C:\Program Files\Download Express\Add_Url.htm
O8 - Extra context menu item: I&zvoz u Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
O8 - Extra context menu item: Save with Download Manager... - C:\Program Files\J River\Media Jukebox\DMDownload.htm
O9 - Extra 'Tools' menuitem: Sun Java Console (HKLM)
O9 - Extra button: ICQ Lite (HKLM)
O9 - Extra 'Tools' menuitem: ICQ Lite (HKLM)
O16 - DPF: {01FE8D0A-51AD-459B-B62B-85E135128B32} (DD_v4.DDv4) - http://www.drivershq.com/DD_v4.CAB
O16 - DPF: {0E5F0222-96B9-11D3-8997-00104BD12D94} (PCPitstop Utility) - http://www.pcpitstop.com/pcpitstop/PCPitStop.CAB
O16 - DPF: {166B1BCA-3F9C-11CF-8075-444553540000} (Shockwave ActiveX Control) - http://download.macromedia.com/pub/shockwa...ector/swdir.cab
O16 - DPF: {19E28AFC-EAE3-4CE5-AC83-2407B42F57C9} (MSSecurityAdvisor Class) - http://download.microsoft.com/download/0/5...b?1079103424267
O16 - DPF: {30528230-99F7-4BB4-88D8-FA1D4F56A2AB} (YInstStarter Class) - http://us.dl1.yimg.com/download.yahoo.com/...s/yinst0401.cab
O16 - DPF: {6BEA1C48-1850-486C-8F58-C7354BA3165E} (Install Class) - http://updates.lifescapeinc.com/installers...ll/pinstall.cab
O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/Messe...StatsClient.cab
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://www.pandasoftware.com/activescan/as5/asinst.cab
O16 - DPF: {9F1C11AA-197B-4942-BA54-47A8489BB47F} (Update Class) - http://v4.windowsupdate.microsoft.com/CAB/...8020.6175925926
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://download.macromedia.com/pub/shockwa...ash/swflash.cab
O16 - DPF: {F6BF0D00-0B2A-4A75-BF7B-F385591623AF} (Solitaire Showdown Class) - http://messenger.zone.msn.com/binary/SolitaireShowdown.cab


What should I delete?only the bridge.dll or something else as well?

Thanx

O4 - HKLM\..\Run: [RunDLL] rundll32.exe "C:\WINDOWS\System32\bridge.dll",Load


Is asking it to load so take that one out :)


FYI since you are an old timer here now :) This info will not hurt you to uderstand the numerical grouping of all items you see above..but glad you come back to ask and now the gurus might also see other things they can help you with on that log.


******************************
Section Name Description
R0, R1, R2, R3 Internet Explorer Start/Search pages URLs
F0, F1, F2,F3 Auto loading programs
N1, N2, N3, N4 Netscape/Mozilla Start/Search pages URLs
O1 Hosts file redirection
O2 Browser Helper Objects
O3 Internet Explorer toolbars
O4 Auto loading programs from Registry
O5 IE Options icon not visible in Control Panel
O6 IE Options access restricted by Administrator
O7 Regedit access restricted by Administrator
O8 Extra items in IE right
O9 Extra buttons on main IE button toolbar, or extra items in IE 'Tools' menu
O10 Winsock hijacker
O11 Extra group in IE 'Advanced Options' window
O12 IE plugins
O13 IE Default Prefix hijack
O14 'Reset Web Settings' hijack
O15 Unwanted site in Trusted Zone
O16 ActiveX Objects (aka Downloaded Program Files)
O17 Lop.com/Domain Hijackers
O18 Extra protocols and protocol hijackers
O19 User style sheet hijack


Make sure you keep that adaware and your AVG updated some people have been having problems updating the AVG..how about you ?

Is this item..

C:\WINDOWS\system32\logonui.exe

that thing which lets you get new log on screens called XP Themes..read something about that recently that the went the way of adware..I will have to read that again.

Hi Hunt! :) thax a lot!

About updating AVG..yes I had problems, but didn't work your advice: renaming existing url.ini to urlold.ini and creatin the new one url.ini. I did all that, but when I restart pc and open that new: url.ini I created it shows this:

SERVER_NAME]
1=free.grisoft.cz
2=ftp.grisoft.com
3=www.grisoft.com

[SERVER_URL]
1=http://free.grisoft.cz/softw/60/fe
2=ftp.grisoft.com/pub/softw/60/fe/
3=http://www.grisoft.com/softw/60/fe/
Actual URL=0

See- actual URL=0! I tried to put URL=3 there and save it but didn't work, when I restart It's again URL=0. So I can update AVG cause there is no server (it used to be http://free.grisoft.cz/softw/60/fe, now there is no server). I thought I should go to grisoft.com and download update files from there. I have AVG 6 free edition, program version 6.0.576. Maybe I should try downloading newer version, a?

I am thinking that you are not just a home user and that this is a working PC since you have server stuff set up and graphic work..is that correct ? Or are you just trying out these programs ? Asking not to be nosey but rather to understand what you really do want to keep on that PC. And also when you do decide to uninstall programs..even spyware or malware you might run into that you first look in the add/remove program and see if it pops up in there to uninstall. :)

Bummer on that AVG... :( Well put this link in your favorites and check it each day..there are some new development on that..

http://forum.gladiator-antivirus.com/index...=15&#entry41915

And Donna is posting them each day.

Grissoft almost has it sorted out..but lots o people using that AVG free and they have been overwhelmed..and now they have 7 servers not just the three trying to handle the load. So try to keep up with the updates as best you can.

No, this is my pc at home. I don't know what programs do you talk about? by - graphic work you think - corel, autocad? server stuff... which? don't know really :)

Thanx for the link for AVG, I'll read it.

Should I delete this C:\WINDOWS\system32\logonui.exe ?

No do not delete that one yet..and if you are just a home user and do not use

Microsoft SQL Server or some of those other items then they can be uninstalled or stopped from running at start up.

Do you use the Corel Graphics Suite ?

Which one and how do I stop them from running in startup?

I usually use only Corel Draw and Photo Painth from the Corel Suite.

My AVG just started updating banana banana banana

I tried Donna's 9 servers and it worked! :victory:

Thanx

What is Microsoft SQL Server ?


Microsoft SQL Server version 7.0 / 2000 is an industrial-strength relational database server capable of efficiently processing high volumes of critical data. Used in conjunction with Active Server Pages, SQL Server provides a powerful platform for developing e-commerce and other data-driven websites.

You need XP Pro preferably using NTFS filesystem. Log on as the local computer Administrator. Uninstall any previous IIS installations.

Control Panel - Add Remove Programs -






First look in the lower right of the task bar at the bottom of the screen and check for a SQL icon. If you find one, stop it. If you don't find one, go into task manager and look for a process named sqlservr.exe. Highlight it and pick End Process or ShutDownTask (depending on your version of Windows). You may get a message that this is denied on later versions of Windows. This is okay. Go into Control Panel | Add/Remove Programs. If Microsoft SQL Server is shown (most times it will not show separately) remove it.

Restart the machine, go into task manager again and make sure that sqlservr.exe is no longer there.

So what version of SQL server do you have on that PC and how did it get there ??


this also helps.
1. Please check if all services related to SQL Server are running in Control Panel ->
Services For example: MSSQLServer, SQLServerAgent and MSSearch may be running.
2. If any of the above services are running, stop them if you get any error message , go to Task Manager and see if all services related to SQL Server are stopped. For example: you may find sqlservr.exe or sqlmangr.exe. Right click them and select End Process.
4. Try uninstalling SQL Server 7.0 again in the add/remove

When you get all that Hunter has suggested done, remove that offending Bridge entry using HJT and you log will be clean!

Check the following items in HijackThis.
O4 - HKLM\..\Run: [RunDLL] rundll32.exe "C:\WINDOWS\System32\bridge.dll",Load

Close all windows except HijackThis and click Fix checked:

Reboot. (not necessary, but recommended)

Then:
You NEED to upgrade to IE 6.0 SP1 http://www.microsoft.com/windows/ie/downlo...sp1/default.asp
(Make sure you get the correct language version for your operating system! ).

Next, go to the Windows Update site, and download and install ALL Critical Updates on offer.
That will fix innumerable bugs, update a large number of important system files, and plug many security holes.


Then post another HiJackThis log for review.

Hi guys :) I was awaya for some time.

Hunter
I found this one: Microsoft SQL Server Desktop Engine (version 8.00.194). How did it get here?don't know, it was on the pc when I bought it. I can remove it?

In the Control Panel -> Administrative Tools -> Services I found these: MSSQLSERVER and MSSQLServerADHelper. MSSearch isnn't there. There is an icon of MSSQLSERVER in the bottom right, i stopped it and now all the services are stopped. It's not running in Task manager.

I see here another service called just - Server (Supports file,print, and named-pipe sharing over the network for this computer. If this service is stopped these functions will be unavailable.If this service is disabled any services that explicitly depend on it will fail to start).It's running now (starts automatically). Should I stop it?

Not shore if I should delete Microsoft SQL Server Desktop Engine , so if you could just tipe YES or NO ;)

Thanx

LoPhat did the upgrade.thanx!

This might give you some ideas what to remove..

http://www.google.com/search?hl=en&lr=&ie=...ver&btnG=Search

I would think that you are not using any of that stuff.

This link might also be of assistance...


http://216.239.53.104/search?q=cache:BWNlk...&client=googlet

thanx again