n-case? internet optimizer? please help.

[fanteja]

I have posted this at boards.cexx.org so sorry if this is a problem posting again here.

Ok here is the deal:

Every once in a while, I keep getting some error that says that "A 3rd part application has uninstalled N-Case. Would you like it to uninstall it or keep it the same or remind you later?"

Well I'm getting annoyed by this. Judging from my hijacthis log, it looks like some internet optimizer is installed. and some bargain buddy installed.

And also, Recently a bunch of stuff have been getting installed when I haven't even been using that computer! What is wrong with this computer? What can I do about this? My brother has stopped using this computer aswell. And none of family members that I know of use the computer that often?

And can I remove anything that is unneccessary? Something that I can remove, but wont harm anything? Anythingl like that? What about that spysweeper thing?

Quote:

Logfile of HijackThis v1.97.7
Scan saved at 2:17:59 PM, on 5/9/2004
Platform: Windows XP SP1 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:
G:\WINNT\system32\Ati2evxx.exe
G:\WINNT\Explorer.EXE
G:\Program Files\Panicware\Pop-Up Stopper\dpps2.exe
G:\Program Files\Adaptec\Easy CD Creator 5\DirectCD\DirectCD.exe
G:\Program Files\Logitech\iTouch\iTouch.exe
G:\Program Files\QuickTime\qttask.exe
G:\Program Files\Bargain Buddy\bin2\bargains.exe
G:\Program Files\Internet Optimizer\optimize.exe
G:\Program Files\Internet Optimizer\actalert.exe
G:\Program Files\Hijack This\HijackThis.exe

R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://yahoo.sbc.com/dsl
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://red.clientapps.yahoo.com/cust...search/ie.html
R3 - URLSearchHook: (no name) - _{CFBFAE00-17A6-11D0-99CB-00C04FD64497} - (no file)
N3 - Netscape 7: # Mozilla User Preferences

/* Do not edit this file.
*
* If you make changes to this file while the browser is running,
* the changes will be overwritten when the browser exits.
*
* To make a manual change to preferences, you can visit the URL about:config
* For more information, see http://www.mozilla.org/unix/customizing.html#prefs
*/

user_pref("browser.activation.checkedNNFlag", true);
user_pref("browser.bookmarks.added_static_root", true);
user_pref("browser.download.dir", "G:\\Documents and Settings\\manu\\My Documents");
user_pref("browser.search.defaultengine", "engine://G%3A%5CProgram%20Files%5CNetscape%5CNetscape%5Csearchplugins%5CSBWeb_01.src");
user_pref("browser.startup.homepage", "http://home.netscape.com/bookmark/7_1/home.html");
user_pref("browser.startup.homepage_override.mstone", "rv:1.4");
user_pref("dom.disable_open_during_load", true);
user_pref("intl.charsetmenu.browser.cache", "windows-1252, x-user-defined, UTF-8, ISO-8859-1");
user_pref("prefs.converted-to-utf8
N3 - Netscape 7: # Mozilla User Preferences

/* Do not edit this file.
*
* If you make changes to this file while the browser is running,
* the changes will be overwritten when the browser exits.
*
* To make a manual change to preferences, you can visit the URL about:config
* For more information, see http://www.mozilla.org/unix/customizing.html#prefs
*/

user_pref("browser.activation.checkedNNFlag", true);
user_pref("browser.bookmarks.added_static_root", true);
user_pref("browser.download.dir", "G:\\Documents and Settings\\manu\\My Documents");
user_pref("browser.search.defaultengine", "engine://G%3A%5CProgram%20Files%5CNetscape%5CNetscape%5Csearchplugins%5CSBWeb_01.src");
user_pref("browser.startup.homepage", "http://home.netscape.com/bookmark/7_1/home.html");
user_pref("browser.startup.homepage_override.mstone", "rv:1.4");
user_pref("dom.disable_open_during_load", true);
user_pref("intl.charsetmenu.browser.cache", "windows-1252, x-user-defined, UTF-8, ISO-8859-1");
user_pref("prefs.converted-to-utf8
O2 - BHO: (no name) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - G:\Program Files\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {9C691A33-7DDA-4C2F-BE4C-C176083F35CF} - G:\WINNT\Downloaded Program Files\bridge.dll
O2 - BHO: Url Catcher - {CE31A1F7-3D90-4874-8FBE-A5D97F8BC8F1} - G:\Program Files\Bargain Buddy\bin2\apuc.dll
O2 - BHO: (no name) - {F7F808F0-6F7D-442C-93E3-4A4827C2E4C8} - G:\WINNT\nem216.dll
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - G:\WINNT\System32\msdxm.ocx
O4 - HKLM\..\Run: [Pop-Up Stopper] "G:\Program Files\Panicware\Pop-Up Stopper\dpps2.exe"
O4 - HKLM\..\Run: [AdaptecDirectCD] G:\Program Files\Adaptec\Easy CD Creator 5\DirectCD\DirectCD.exe
O4 - HKLM\..\Run: [WinVNC] "G:\Program Files\RealVNC\WinVNC\WinVNC.exe" -servicehelper
O4 - HKLM\..\Run: [zBrowser Launcher] G:\Program Files\Logitech\iTouch\iTouch.exe
O4 - HKLM\..\Run: [QuickTime Task] "G:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [SunJavaUpdateSched] G:\Program Files\Java\j2re1.4.2_04\bin\jusched.exe
O4 - HKLM\..\Run: [RunDLL] rundll32.exe "G:\WINNT\Downloaded Program Files\bridge.dll",Load
O4 - HKLM\..\Run: [Bargains] G:\Program Files\Bargain Buddy\bin2\bargains.exe
O4 - HKLM\..\Run: [Internet Optimizer] "G:\Program Files\Internet Optimizer\optimize.exe"
O4 - HKLM\..\Run: [msbb] g:\docume~1\admini~1\locals~1\temp\msbb.exe
O4 - HKLM\..\Run: [urgxah] G:\WINNT\urgxah.exe
O4 - HKCU\..\Run: [Spyware-Cop] "G:\PROGRA~1\SPYWAR~1\Spyware-Cop.exe" /s
O4 - HKLM\..\RunOnce: [ClrSchUninstall] G:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\ClrSchUninstall_78_86.exe -b
O4 - Global Startup: Adobe Gamma Loader.lnk = G:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Global Startup: Microsoft Office.lnk = G:\Program Files\Microsoft Office\Office\OSA9.EXE
O9 - Extra 'Tools' menuitem: Sun Java Console (HKLM)
O9 - Extra button: ATI TV (HKLM)
O16 - DPF: {0246ECA8-996F-11D1-BE2F-00A0C9037DFE} (TDServer Control) - http://www.andhrajyothy.com/wfplayer/tdserver.cab
O16 - DPF: {0E5F0222-96B9-11D3-8997-00104BD12D94} (PCPitstop Utility) - http://www.pcpitstop.com/pcpitstop/PCPitStop.CAB
O16 - DPF: {166B1BCA-3F9C-11CF-8075-444553540000} (Shockwave ActiveX Control) - http://download.macromedia.com/pub/s...ctor/swdir.cab
O16 - DPF: {1842B0EE-B597-11D4-8997-00104BD12D94} (iCC Class) - http://www.pcpitstop.com/internet/pcpConnCheck.cab
O16 - DPF: {2BC66F54-93A8-11D3-BEB6-00105AA9B6AE} (Symantec AntiVirus scanner) - http://security.symantec.com/SSC/Sha...in/AvSniff.cab
O16 - DPF: {54B52E52-8000-4413-BD67-FC7FE24B59F2} (EARTPatchX Class) - http://files.ea.com/downloads/rtpatch/v2/EARTPX.cab
O16 - DPF: {5D8844F9-1CB8-11D2-A0A0-00600859EB9F} (PatchCtl Class) - file://G:\Program Files\EA SPORTS\FIFA 2004\update.1.1\patchx2.cab
O16 - DPF: {62475759-9E84-458E-A1AB-5D2C442ADFDE} - http://a1540.g.akamai.net/7/1540/52/...eInstaller.exe
O16 - DPF: {70BA88C8-DAE8-4CE9-92BB-979C4A75F53B} (GSDACtl Class) - http://launch.gamespyarcade.com/soft...ch/alaunch.cab
O16 - DPF: {74D05D43-3236-11D4-BDCD-00C04F9A3B61} (HouseCall Control) - http://a840.g.akamai.net/7/840/537/2...ll/xscan53.cab
O16 - DPF: {77E32299-629F-43C6-AB77-6A1E6D7663F6} (Groove Control) - http://www.nick.com/common/groove/gx/GrooveAX27.cab
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://www.pandasoftware.com/activescan/as5/asinst.cab
O16 - DPF: {9C691A33-7DDA-4C2F-BE4C-C176083F35CF} (brdg Class) - http://www2.flingstone.com/cab/2000X...bridge-c17.cab
O16 - DPF: {9F1C11AA-197B-4942-BA54-47A8489BB47F} (Update Class) - http://v4.windowsupdate.microsoft.co...856.8131828704
O16 - DPF: {A7E84D65-E121-4855-8EF0-C96195925F82} (Retriever Class) - http://www.adsvr.net/PowerStrip/PSI.cab
O16 - DPF: {A8658086-E6AC-4957-BC8E-7D54A7E8A78E} (SassCln Object) - http://www.microsoft.com/security/controls/SassCln.CAB
O16 - DPF: {B9191F79-5613-4C76-AA2A-398534BB8999} - http://download.yahoo.com/dl/installs/yab_af.cab
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://download.macromedia.com/pub/s...sh/swflash.cab
O16 - DPF: {E4DFABBD-F5F6-11D3-8421-0080C6F79C42} (SpeechControl Class) - http://www.directxtras.com/speaksfor...eechplugin.cab
O16 - DPF: {FE5D6722-826F-11D5-A24E-0060B0F1A5AE} (Tukati Launcher) - http://www.tukati.com/software/4/1.7.20.20/tukati.cab

[Unzy]

Hi fanteja,

Have only Hijackthis running and fix :

O2 - BHO: (no name) - {9C691A33-7DDA-4C2F-BE4C-C176083F35CF} - G:\WINNT\Downloaded Program Files\bridge.dll
O2 - BHO: Url Catcher - {CE31A1F7-3D90-4874-8FBE-A5D97F8BC8F1} - G:\Program Files\Bargain Buddy\bin2\apuc.dll
O2 - BHO: (no name) - {F7F808F0-6F7D-442C-93E3-4A4827C2E4C8} - G:\WINNT\nem216.dll

O4 - HKLM\..\Run: [RunDLL] rundll32.exe "G:\WINNT\Downloaded Program Files\bridge.dll",Load
O4 - HKLM\..\Run: [Bargains] G:\Program Files\Bargain Buddy\bin2\bargains.exe
O4 - HKLM\..\Run: [Internet Optimizer] "G:\Program Files\Internet Optimizer\optimize.exe"
O4 - HKLM\..\Run: [msbb] g:\docume~1\admini~1\locals~1\temp\msbb.exe
O4 - HKLM\..\Run: [urgxah] G:\WINNT\urgxah.exe
O4 - HKLM\..\RunOnce: [ClrSchUninstall] G:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\ClrSchUninstall_78_86.exe -b

O16 - DPF: {9C691A33-7DDA-4C2F-BE4C-C176083F35CF} (brdg Class) - http://www2.flingstone.com/cab/2000.../bridge-c17.cab

Make sure you have hidden files/folders set to show : Here's How

Restart PC after doing so in Safe Mode : here's How and remove :

G:\WINNT\Downloaded Program Files\bridge.dll <- this file
G:\Program Files\Bargain Buddy\ <- this folder
G:\Program Files\Internet Optimizer\ <- this folder
g:\docume~1\admini~1\locals~1\temp\msbb.exe <- this file
G:\WINNT\urgxah.exe <- this file
G:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\ClrSchUninstall_78_86.exe <- this file

Clean temp internet files

Restart again in normal mode

Hope this helps

Cheers,