Hijackthis log help needed - thanks!

Discussion in 'adware, spyware & hijack cleaning' started by moocoo, Jun 5, 2004.

Thread Status:
Not open for further replies.
  1. moocoo

    moocoo Registered Member

    Joined:
    Jun 5, 2004
    Posts:
    1
    Hello:

    I ran and removed a few things with Ad-aware as I usually do and then ran my AVG virus program which picked up something that I can't remove from my system. Says it is ' Trojan Horse PSW.Briss.G ' and because it is in ' C:\WINDOWS\SYSTEM\A.EXE ' I ran thru and am posting my hijack this log as I am not sure what I am dealing with nor how to remove it. I can't run 'Housecall virus scanner' and my scandisk won't complete itself therefore I can't defrag. So far this is all I've noticed but naturally I am concerned as I can usually deal with this stuff myself. Thanks in advance and here is my log:

    Ok - just discovered that altho I clicked the save button - it will not open on my desktop - I cannot cut and paste the log either...............I can only save as 'log file' or 'all' files - not the 'text' I was told to...........am I in big doodoo here? Just tried to include it as a file here...........feeling desperate.
     

    Attached Files:

  2. Pieter_Arntz

    Pieter_Arntz Spyware Veteran

    Joined:
    Apr 27, 2002
    Posts:
    13,330
    Location:
    Netherlands
    Hi moocoo,

    Before you start please unzip hijackthis.exe to a folder of it´s own. The program creates backups in the folder it is in. In a Temp folder they easily disappear.

    Check the following items in HijackThis.
    Close all windows except HijackThis and click Fix checked:

    O2 - BHO: (no name) - {9C691A33-7DDA-4C2F-BE4C-C176083F35CF} - C:\WINDOWS\DOWNLOADED PROGRAM FILES\BRIDGE.DLL (file missing)

    O4 - HKLM\..\Run: [systray] C:\WINDOWS\SYSTEM\A.EXE
    O4 - HKLM\..\Run: [SAHBundle] C:\WINDOWS\TEMP\bundle.exe

    O16 - DPF: {56336BCB-3D8A-11D6-A00B-0050DA18DE71} (RdxIE Class) - http://207.188.7.150/0877c77a10605dcf1c03/netzip/RdxIE601.cab

    O16 - DPF: {9C691A33-7DDA-4C2F-BE4C-C176083F35CF} (brdg Class) - http://www2.flingstone.com/cab/98ME/CDTInc/bridge.cab

    Then reboot into safe mode and delete:
    C:\WINDOWS\SYSTEM\A.EXE

    And (still in safe mode) use the DiskCleanup Tool to empty all your Temp folders.

    When you are done, run HijackThis again and post the new log, so we can see if it all worked out as planned.

    Regards,

    Pieter
     
Thread Status:
Not open for further replies.