1. Computer problem? Tech Support Guy is completely free -- paid for by advertisers and donations. Click here to join today! If you're new to Tech Support Guy, we highly recommend that you visit our Guide for New Members.

System 32 error message

Discussion in 'Windows XP' started by sailingmom, Feb 12, 2004.

Thread Status:
Not open for further replies.
Advertisement
  1. sailingmom

    sailingmom Thread Starter

    Joined:
    Feb 12, 2004
    Messages:
    1
    When I boot up my computer I receive the following error message, how do I get rid of it.

    C:\Windows\System32\msiefr40.dll
     
  2. cybertech

    cybertech Retired Moderator

    Joined:
    Apr 16, 2002
    Messages:
    72,116
    That is from a browser helper pest. You should post a HJT log for us.

    Download Hijackthis.
    Save it to a folder on your hard drive.
    Unzip the file.
    Scan your machine, then click on Save Log.

    Post a copy back here and someone will be happy to review it.

    Don't make any changes until instructed to do so.
     
  3. garyk59

    garyk59

    Joined:
    Mar 10, 2004
    Messages:
    1
    i deleted a Rundll32 program that had something to do with bridge, i restarted my CPU and things seemed back to normal, but then ONLINE CASINO, ENTERTAINMENT, and MP3 Downloads Poped up on my DESKTOP, what else should i delete, please respond

    Logfile of HijackThis v1.97.7
    Scan saved at 9:43:32 PM, on 3/10/2004
    Platform: Windows XP SP1 (WinNT 5.01.2600)
    MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

    Running processes:
    C:\WINDOWS\System32\smss.exe
    C:\WINDOWS\system32\winlogon.exe
    C:\WINDOWS\system32\services.exe
    C:\WINDOWS\system32\lsass.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\System32\svchost.exe
    C:\WINDOWS\system32\spoolsv.exe
    C:\WINDOWS\system32\cisvc.exe
    c:\PROGRA~1\mcafee.com\vso\mcvsrte.exe
    C:\Program Files\Common Files\Microsoft Shared\VS7Debug\mdm.exe
    C:\PROGRA~1\McAfee.com\PERSON~1\MPFSERVICE.exe
    C:\WINDOWS\wanmpsvc.exe
    C:\WINDOWS\System32\drivers\svchost.exe
    c:\PROGRA~1\mcafee.com\vso\mcshield.exe
    C:\WINDOWS\Explorer.EXE
    C:\WINDOWS\System32\hkcmd.exe
    C:\Program Files\MUSICMATCH\MUSICMATCH Jukebox\mm_tray.exe
    C:\PROGRA~1\mcafee.com\agent\mcagent.exe
    C:\PROGRA~1\mcafee.com\vso\mcvsshld.exe
    C:\Program Files\Common Files\Dell\EUSW\Support.exe
    C:\Program Files\Roxio\Easy CD Creator 5\DirectCD\DirectCD.exe
    C:\Program Files\EarthLink 5.0\ConMgr.exe
    C:\WINDOWS\rtwjyrsr.exe
    C:\Program Files\Common Files\Microsoft Shared\Works Shared\WkUFind.exe
    C:\WINDOWS\msbb.exe
    C:\Program Files\Bargain Buddy\bin\bargains.exe
    C:\Program Files\DownloadWare\dw.exe
    C:\Program Files\Internet Optimizer\optimize.exe
    C:\WINDOWS\System32\zrpwbqqs.exe
    C:\WINDOWS\System32\rundll32.exe
    C:\PROGRA~1\MyWay\bar\1.bin\mwsoemon.exe
    C:\WINDOWS\System32\SahAgent.exe
    C:\PROGRA~1\McAfee.com\PERSON~1\MpfTray.exe
    C:\Program Files\Messenger\msmsgs.exe
    C:\WINDOWS\System32\ctfmon.exe
    C:\PROGRA~1\McAfee.com\PERSON~1\MpfAgent.exe
    C:\Program Files\Internet Optimizer\actalert.exe
    C:\Program Files\MUSICMATCH\MUSICMATCH Jukebox\mmjb.exe
    C:\Program Files\EarthLink 5.0\Browser.exe
    C:\Program Files\EarthLink 5.0\Earthlink.EXE
    C:\Program Files\EarthLink 5.0\FastLane\ARUpld32.exe
    C:\Program Files\AIM95\aim.exe
    C:\WINDOWS\System32\taskmgr.exe
    C:\Program Files\Dell\Support\Alert\bin\NotifyAlert.exe
    C:\WINDOWS\System32\wbem\wmiapsrv.exe
    C:\WINDOWS\system32\cidaemon.exe
    C:\WINDOWS\system32\cidaemon.exe
    C:\Documents and Settings\Gary\Local Settings\Temporary Internet Files\Content.IE5\8HIJ8LI3\HijackThis[1].exe

    R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://search.ieplugin.com/search.htm
    R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://search.ieplugin.com/search.htm
    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.zestyfind.com/
    R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://start.earthlink.net/
    R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://www.earthlink.net/partner/more/msie/button/search.html
    R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://default-homepage-network.com/start.cgi?hklm
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://search.ieplugin.com/search.htm
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://search.ieplugin.com/search.htm
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.riconnect.com
    R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch = http://search.ieplugin.com/search.htm
    R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://search.ieplugin.com/search.htm
    R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = RIconneCT Internet Services
    R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://search.ieplugin.com/q.cgi?q=%s
    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page = C:\WINDOWS\SYSTEM\blank.htm
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,SearchAssistant = http://www.websearch.com/ie.aspx?tb_id=%tb_id
    R3 - URLSearchHook: (no name) - _{D6DFF6D8-B94B-4720-B730-1C38C7065C3B} - (no file)
    F2 - REG:system.ini: UserInit=C:\WINDOWS\System32\Userinit.exe
    O1 - Hosts: 207.36.196.189 auto.search.msn.com
    O1 - Hosts: 207.36.196.189 search.netscape.com
    O1 - Hosts: 207.36.196.189 ieautosearch
    O2 - BHO: (no name) - {000020DD-C72E-4113-AF77-DD56626C6C42} - C:\WINDOWS\twaintec.dll
    O2 - BHO: Recommended Hotfix - {0421701D-CF13-4E70-ADF0-45A953E7CB8B} - C:\Program Files\Recommended Hotfix - 421701D\v15\RH.DLL
    O2 - BHO: (no name) - {69135BDE-5FDC-4B61-98AA-82AD2091BCCC} - C:\WINDOWS\systb.dll
    O2 - BHO: (no name) - {F7F808F0-6F7D-442C-93E3-4A4827C2E4C8} - C:\WINDOWS\nem214.dll
    O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx
    O3 - Toolbar: Intelligent Explorer - {69135BDE-5FDC-4B61-98AA-82AD2091BCCC} - C:\WINDOWS\systb.dll
    O3 - Toolbar: My &Web Search - {07B18EA9-A523-4961-B6BB-170DE4475CCA} - C:\Program Files\MyWay\bar\1.bin\MWSBAR.DLL
    O4 - HKLM\..\Run: [IgfxTray] C:\WINDOWS\System32\igfxtray.exe
    O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\System32\hkcmd.exe
    O4 - HKLM\..\Run: [MMTray] C:\Program Files\MUSICMATCH\MUSICMATCH Jukebox\mm_tray.exe
    O4 - HKLM\..\Run: [MCAgentExe] c:\PROGRA~1\mcafee.com\agent\mcagent.exe
    O4 - HKLM\..\Run: [MCUpdateExe] C:\PROGRA~1\mcafee.com\agent\McUpdate.exe
    O4 - HKLM\..\Run: [VirusScan Online] "c:\PROGRA~1\mcafee.com\vso\mcvsshld.exe"
    O4 - HKLM\..\Run: [DwlClient] C:\Program Files\Common Files\Dell\EUSW\Support.exe
    O4 - HKLM\..\Run: [AdaptecDirectCD] "C:\Program Files\Roxio\Easy CD Creator 5\DirectCD\DirectCD.exe"
    O4 - HKLM\..\Run: [ConMgr.exe] "C:\Program Files\EarthLink 5.0\ConMgr.exe"
    O4 - HKLM\..\Run: [VSOCheckTask] "c:\PROGRA~1\mcafee.com\vso\mcmnhdlr.exe" /checktask
    O4 - HKLM\..\Run: [gaxqjtqb] C:\WINDOWS\rtwjyrsr.exe
    O4 - HKLM\..\Run: [Microsoft Works Update Detection] C:\Program Files\Common Files\Microsoft Shared\Works Shared\WkUFind.exe
    O4 - HKLM\..\Run: [] c:\WINDOWS\System32\
    O4 - HKLM\..\Run: [msbb] C:\WINDOWS\msbb.exe
    O4 - HKLM\..\Run: [Bargains] C:\Program Files\Bargain Buddy\bin\bargains.exe
    O4 - HKLM\..\Run: [WAGN] C:\WINDOWS\WAGN.exe
    O4 - HKLM\..\Run: [Win Server Updt] C:\WINDOWS\wupdt.exe
    O4 - HKLM\..\Run: [DownloadWare] "C:\Program Files\DownloadWare\dw.exe" /H
    O4 - HKLM\..\Run: [Internet Optimizer] "C:\Program Files\Internet Optimizer\optimize.exe"
    O4 - HKLM\..\Run: [mzizptmi] C:\WINDOWS\System32\zrpwbqqs.exe
    O4 - HKLM\..\Run: [RunDLL] rundll32.exe "C:\WINDOWS\Downloaded Program Files\bridge.dll",Load
    O4 - HKLM\..\Run: [MyWebSearch Email Plugin] C:\PROGRA~1\MyWay\bar\1.bin\mwsoemon.exe
    O4 - HKLM\..\Run: [SAHAgent] C:\WINDOWS\System32\SahAgent.exe
    O4 - HKLM\..\Run: [MPFExe] C:\PROGRA~1\McAfee.com\PERSON~1\MpfTray.exe
    O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
    O4 - HKCU\..\Run: [MoneyAgent] "C:\Program Files\Microsoft Money\System\mnyexpr.exe"
    O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\System32\ctfmon.exe
    O4 - HKCU\..\Run: [] c:\WINDOWS\System32\
    O4 - Global Startup: America Online 8.0 Tray Icon.lnk = C:\Program Files\America Online 8.0\aoltray.exe
    O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
    O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
    O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~4\Office10\EXCEL.EXE/3000
    O9 - Extra 'Tools' menuitem: IMI (HKLM)
    O9 - Extra button: AIM (HKLM)
    O9 - Extra button: MoneySide (HKLM)
    O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll
    O14 - IERESET.INF: START_PAGE_URL=http://www.eznsearch.com/index.htm
    O16 - DPF: {1D4DB7D2-6EC9-47A3-BD87-1E41684E07BB} - http://imgfarm.com/images/nocache/funwebproducts/SmileyCentralInitialSetup1.0.0.5.cab
    O16 - DPF: {26E8361F-BCE7-4F75-A347-98C88B418322} - http://dst.trafficsyndicate.com/Dnl/T_50047/QDow.cab
    O16 - DPF: {4ED9DDF0-7479-4BBE-9335-5A1EDB1D8A21} (McAfee.com Operating System Class) - http://bin.mcafee.com/molbin/shared/mcinsctl/en-us/4,0,0,76/mcinsctl.cab
    O16 - DPF: {8FABFC3E-691B-FD4F-2FDC-BBBF3F5AAACA} (DownloadUL Class) - http://public.searchbarcash.com/cab/032/zlsjrvdi.cab
    O16 - DPF: {9C691A33-7DDA-4C2F-BE4C-C176083F35CF} (brdg Class) - http://www2.flingstone.com/cab/2000XP/bridge.cab
    O16 - DPF: {9CCE3B43-4DE0-4236-A84E-108CA848EE6A} (WebCam Control) - http://webcamnow.com/broadcast/ActiveXWebCam.cab
    O16 - DPF: {AB29A544-D6B4-4E36-A1F8-D3E34FC7B00A} (WTHoster Class) - http://install.wildtangent.com/bgn/partners/nike/nikegridiron/install.cab
    O16 - DPF: {AE1C01E3-0283-11D3-9B3F-00C04F8EF466} (HeartbeatCtl Class) - http://fdl.msn.com/zone/datafiles/heartbeat.cab
    O16 - DPF: {BCC0FF27-31D9-4614-A68E-C18E1ADA4389} (DwnldGroupMgr Class) - http://bin.mcafee.com/molbin/shared/mcgdmgr/en-us/1,0,0,16/mcgdmgr.cab
    O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload.macromedia.com/pub/shockwave/cabs/flash/swflash.cab
    O17 - HKLM\System\CCS\Services\Tcpip\..\{8A3402BC-96B4-4E56-91DE-6B7987EAD674}: NameServer = 207.69.188.186 207.69.188.187
     
  4. mjack547

    mjack547 Malware Specialist

    Joined:
    Sep 1, 2003
    Messages:
    3,181
    Download and unzip or install these programs/applications if you haven't already got them. If you have them, then make sure they are updated and configured as described

    CWshredder from http://www.thespykiller.co.uk/

    Spybot - Search & Destroy from http://security.kolla.de

    AdAware 6 from http://www.lavasoft.de/software/adaware/

    then
    Run CWSHREDDER,

    Close all browser windows, click on the cwshredder.exe then click "FIX" (Not "Scan only") and let it do it's thing.
    and make sure you follow the advice about the security updates listed at the bottom of the page, in order to prevent re-infection, otherwise you will be continually reinfected
    the patches are :

    http://www.microsoft.com/technet/security/bulletin/MS03-011.mspx

    http://www.microsoft.com/technet/security/bulletin/MS00-075.mspx

    then reboot &

    Run Sybot S&D

    After installing, first press Online, press search for updates, then tick the updates it finds, then press download updates. Beside the download button is a little down pointed arrow, select one of the servers listed. If it doesn't work or you get an error message then try a different server

    Next, close all Internet Explorer and OE windows, press 'Check for Problems', and have SpyBot remove all it finds that is marked in RED.

    then reboot &

    Run ADAWARE

    Before you scan with AdAware, check for updates of the reference file by using the "webupdate".

    Then ........

    Make sure the following settings are made and on -------"ON=GREEN"
    From main window :Click "Start" then " Activate in-depth scan"

    then......

    click "Use custom scanning options>Customize" and have these options on: "Scan within archives" ,"Scan active processes","Scan registry", "Deep scan registry" ,"Scan my IE Favorites for banned URL" and "Scan my host-files"

    then.........

    Now to scan it´s just to click the "Scan" button.

    When scan is finished, mark everything for removal and get rid of it. .(Right-click the window and choose"select all" from the drop down menu) then press next and then say yes to the prompt, do you want to remove all these entries.

    reboot again

    then post a new hijackthis log to check what is left
     
  5. cybertech

    cybertech Retired Moderator

    Joined:
    Apr 16, 2002
    Messages:
    72,116
    Move HJT to a folder, create a folder named hijackthis and move hijackthis.exe into that folder or you may loose the ability to fix things you remove with it.

    Run HJT again and put a check against these:

    R3 - URLSearchHook: (no name) - _{D6DFF6D8-B94B-4720-B730-1C38C7065C3B} - (no file)
    F2 - REG:system.ini: UserInit=C:\WINDOWS\System32\Userinit.exe
    O1 - Hosts: 207.36.196.189 auto.search.msn.com
    O1 - Hosts: 207.36.196.189 search.netscape.com
    O1 - Hosts: 207.36.196.189 ieautosearch
    O2 - BHO: (no name) - {000020DD-C72E-4113-AF77-DD56626C6C42} - C:\WINDOWS\twaintec.dll
    O2 - BHO: Recommended Hotfix - {0421701D-CF13-4E70-ADF0-45A953E7CB8B} - C:\Program Files\Recommended Hotfix - 421701D\v15\RH.DLL
    O2 - BHO: (no name) - {69135BDE-5FDC-4B61-98AA-82AD2091BCCC} - C:\WINDOWS\systb.dll
    O2 - BHO: (no name) - {F7F808F0-6F7D-442C-93E3-4A4827C2E4C8} - C:\WINDOWS\nem214.dll
    O4 - HKLM\..\Run: [gaxqjtqb] C:\WINDOWS\rtwjyrsr.exe
    O4 - HKLM\..\Run: [] c:\WINDOWS\System32\
    O4 - HKLM\..\Run: [msbb] C:\WINDOWS\msbb.exe
    O4 - HKLM\..\Run: [Bargains] C:\Program Files\Bargain Buddy\bin\bargains.exe
    O4 - HKLM\..\Run: [mzizptmi] C:\WINDOWS\System32\zrpwbqqs.exe
    O4 - HKLM\..\Run: [RunDLL] rundll32.exe "C:\WINDOWS\Downloaded Program Files\bridge.dll",Load
    O4 - HKLM\..\Run: [MyWebSearch Email Plugin] C:\PROGRA~1\MyWay\bar\1.bin\mwsoemon.exe
    O4 - HKLM\..\Run: [SAHAgent] C:\WINDOWS\System32\SahAgent.exe
    O4 - HKCU\..\Run: [] c:\WINDOWS\System32\
    O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
    O16 - DPF: {8FABFC3E-691B-FD4F-2FDC-BBBF3F5AAACA} (DownloadUL Class) - http://public.searchbarcash.com/cab/032/zlsjrvdi.cab
    O16 - DPF: {9C691A33-7DDA-4C2F-BE4C-C176083F35CF} (brdg Class) - http://www2.flingstone.com/cab/2000XP/bridge.cab
    O16 - DPF: {AB29A544-D6B4-4E36-A1F8-D3E34FC7B00A} (WTHoster Class) - http://install.wildtangent.com/bgn/...ron/install.cab

    Close all browser windows and applications before clicking "fix checked".

    Now see if you can complete mjack547's instructions.
     
  6. Sponsor

As Seen On
As Seen On...

Welcome to Tech Support Guy!

Are you looking for the solution to your computer problem? Join our site today to ask your question. This site is completely free -- paid for by advertisers and donations.

If you're not already familiar with forums, watch our Welcome Guide to get started.

Join over 733,556 other people just like you!

Loading...
Thread Status:
Not open for further replies.

Short URL to this thread: https://techguy.org/211840

  1. This site uses cookies to help personalise content, tailor your experience and to keep you logged in if you register.
    By continuing to use this site, you are consenting to our use of cookies.
    Dismiss Notice