# rundll error on startup



## techogeek (Jul 3, 2004)

hii everybody...umm..wen i start my computer...i get two msgs sayin

1) RUNDLL ERROR

error loading C:\WINDOWS\download program files\bridge.dll
error loading specified module

2)RUNDLL ERROR

error loading C:\Program files\wildtangent\Apps\CDA\CDAengine0400.dll
error loading specified module

umm plz help an 1 more think i hav ALOT of stuf on startup an im ok wit some stuf but i cant get yahoo messenger off startup,bascially i jus want tat off....tnk u in advance for all ur help


----------



## ketsueki13 (Jun 13, 2004)

both dlls are spyware related... run spybot S&D or Ad-Aware to fix it...


----------



## techogeek (Jul 3, 2004)

well i think they both came up wen i ran ad-aware cuz i mite hav deleted a nessecary file....should i jus try spybot an c the results??


----------



## ketsueki13 (Jun 13, 2004)

that could work... if not post a HJT log and well see if we cant fix it...


----------



## techogeek (Jul 3, 2004)

well spybot removed the first popup but the 2nd 1 stil remains and im having a surprisngly hard time getting HJT...cuz on the site the dl button is broken and download.com doesnt give the popu sayin open, save..etc. witout my popup blocker enabled...helllllllllllllllllllllllp


----------



## techogeek (Jul 3, 2004)

heres the log...

Logfile of HijackThis v1.97.7
Scan saved at 6:41:41 PM, on 7/6/2004
Platform: Windows XP SP1 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\TGTSoft\StyleXP\StyleXPService.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\David.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\System32\CTsvcCDA.exe
C:\WINDOWS\System32\nvsvc32.exe
C:\WINDOWS\System32\MsPMSPSv.exe
C:\Program Files\Common Files\Microsoft Shared\Works Shared\WkUFind.exe
C:\WINDOWS\System32\ecwsdj.exe
C:\Program Files\Common files\WinTools\WToolsA.exe
C:\Program Files\MSN Messenger\msnmsgr.exe
C:\PROGRA~1\PANICW~1\POP-UP~1\PSFree.exe
C:\Program Files\Common files\WinTools\WSup.exe
C:\Program Files\AIM\aim.exe
C:\Documents and Settings\Gaurav -_-\My Documents\stuff.exe
C:\WINDOWS\system32\winlogon.exe
C:\Program Files\Common files\WinTools\WToolsA.exe
C:\Program Files\Common files\WinTools\WSup.exe
C:\Program Files\Common files\WinTools\WToolsS.exe
C:\Documents and Settings\Gaurav -_-\Desktop\HijackThis.exe

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://red.clientapps.yahoo.com/cus.../*http://www.yahoo.com/ext/search/search.html
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://red.clientapps.yahoo.com/customize/ie/defaults/sp/ymsgr6/*http://www.yahoo.com
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://red.clientapps.yahoo.com/customize/ie/defaults/su/ymsgr6/*http://www.yahoo.com
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = 
R3 - URLSearchHook: (no name) - {87766247-311C-43B4-8499-3D5FEC94A183} - C:\PROGRA~1\COMMON~1\WinTools\WToolsB.dll
O1 - Hosts: 12.129.205.209 search.netscape.com12.129.205.209 sitefinder.verisign.com
O2 - BHO: (no name) - {0000607D-D204-42C7-8E46-216055BF9918} - (no file)
O2 - BHO: (no name) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: (no name) - {87766247-311C-43B4-8499-3D5FEC94A183} - C:\PROGRA~1\COMMON~1\WinTools\WToolsB.dll
O2 - BHO: Core Library - {F281FFC7-6C63-4bf9-83F2-AB7A6157B109} - C:\WINDOWS\System32\KDP0c74.dll
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\System32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [David] C:\WINDOWS\System32\David.exe
O4 - HKLM\..\Run: [Kazaa Download Accelerator Updater] regsvr32 /s C:\WINDOWS\System32\kdpupd.dll
O4 - HKLM\..\Run: [DeadAIM] rundll32.exe "C:\Program Files\AIM\\DeadAIM.ocm",ExportedCheckODLs
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [Microsoft Works Update Detection] C:\Program Files\Common Files\Microsoft Shared\Works Shared\WkUFind.exe
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [AIMWDInstallFilename] C:\PROGRA~1\AIM\AIMWDI~1.EXE
O4 - HKLM\..\Run: [kdx] C:\WINDOWS\kdx\KHost.exe
O4 - HKLM\..\Run: [Password Manager] "C:\Program Files\PManager\PManager.exe" /start
O4 - HKLM\..\Run: [vizbtvvyxa] C:\WINDOWS\System32\ecwsdj.exe
O4 - HKLM\..\Run: [Kazaa Download Accelerator Updater (required)] regsvr32 /s C:\WINDOWS\System32\KDP0c74.dll
O4 - HKLM\..\Run: [WildTangent CDA] RUNDLL32.exe "C:\Program Files\WildTangent\Apps\CDA\cdaEngine0400.dll",cdaEngineMain
O4 - HKLM\..\Run: [WinTools] C:\Program Files\Common files\WinTools\WToolsA.exe
O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\MSN Messenger\msnmsgr.exe" /background
O4 - HKCU\..\Run: [STYLEXP] C:\Program Files\TGTSoft\StyleXP\StyleXP.exe -Hide
O4 - HKCU\..\Run: [PopUpStopperFreeEdition] "C:\PROGRA~1\PANICW~1\POP-UP~1\PSFree.exe"
O8 - Extra context menu item: Generate Password By Password Manager - C:\Program Files\PManager\PMGen.htm
O8 - Extra context menu item: Get Password From Password Manager - C:\Program Files\PManager\PMGet.htm
O8 - Extra context menu item: Save Password To Password Manager - C:\Program Files\PManager\PMSave.htm
O9 - Extra button: Messenger (HKLM)
O9 - Extra 'Tools' menuitem: Yahoo! Messenger (HKLM)
O9 - Extra button: AIM (HKLM)
O9 - Extra button: Messenger (HKLM)
O9 - Extra 'Tools' menuitem: Messenger (HKLM)
O10 - Broken Internet access because of LSP provider 'osmim.dll' missing
O16 - DPF: {1D4DB7D2-6EC9-47A3-BD87-1E41684E07BB} - http://ak.imgfarm.com/images/nocache/funwebproducts/ei/PopSwatterInitialSetup1.0.0.8.cab
O16 - DPF: {30528230-99F7-4BB4-88D8-FA1D4F56A2AB} (YInstStarter Class) - http://us.dl1.yimg.com/download.yahoo.com/dl/installs/yinst0401.cab
O16 - DPF: {B9191F79-5613-4C76-AA2A-398534BB8999} (YAddBook Class) - http://us.dl1.yimg.com/download.yahoo.com/dl/installs/suite/autocomplete.cab
O16 - DPF: {CA034DCC-A580-4333-B52F-15F98C42E04C} (Downloader Class) - http://www.stopzilla.com/_download/Auto_Installer/dwnldr.cab
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://download.macromedia.com/pub/shockwave/cabs/flash/swflash.cab


----------



## Flrman1 (Jul 26, 2002)

I highly recommend you get rid of Kazaa if you still have it. It is full of spyware and the source of many problems. A lot of the problems you have now are from the garbage that comes bundled with Kazaa and is installed on your PC without your knowledge.

Go here and get KazaaBegone and run it to get rid of Kazaa.

Also go to Add/Remove programs and uninstall P2P Networking and Altnet Points Manager.

Run Hijack This again and put a check by these. Close *ALL* windows except HijackThis and click "Fix checked"

*R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =

R3 - URLSearchHook: (no name) - {87766247-311C-43B4-8499-3D5FEC94A183} - C:\PROGRA~1\COMMON~1\WinTools\WToolsB.dll

O1 - Hosts: 12.129.205.209 search.netscape.com12.129.205.209 sitefinder.verisign.com

O2 - BHO: (no name) - {0000607D-D204-42C7-8E46-216055BF9918} - (no file)

O2 - BHO: (no name) - {87766247-311C-43B4-8499-3D5FEC94A183} - C:\PROGRA~1\COMMON~1\WinTools\WToolsB.dll

O2 - BHO: Core Library - {F281FFC7-6C63-4bf9-83F2-AB7A6157B109} - C:\WINDOWS\System32\KDP0c74.dll

O4 - HKLM\..\Run: [David] C:\WINDOWS\System32\David.exe

O4 - HKLM\..\Run: [vizbtvvyxa] C:\WINDOWS\System32\ecwsdj.exe

O4 - HKLM\..\Run: [WildTangent CDA] RUNDLL32.exe "C:\Program Files\WildTangent\Apps\CDA\cdaEngine0400.dll",cdaEngineMain

O4 - HKLM\..\Run: [WinTools] C:\Program Files\Common files\WinTools\WToolsA.exe

O16 - DPF: {1D4DB7D2-6EC9-47A3-BD87-1E41684E07BB} - http://ak.imgfarm.com/images/nocach...etup1.0.0.8.cab*

Restart to safe mode.

How to start your computer in safe mode

Because XP will not always show you hidden files and folders by default, Go to Start > Search and under "More advanced search options". 
Make sure there is a check by "Search System Folders" and "Search hidden files and folders" and "Search system subfolders"

Next click on My Computer. Go to Tools > Folder Options. Click on the View tab and make sure that "Show hidden files and folders" is checked. Also uncheck "Hide protected operating system files" and "Hide extensions for known file types" . Now click "Apply to all folders"
Click "Apply" then "OK"

Now find and delete these files:

C:\WINDOWS\System32\*David.exe*
C:\WINDOWS\System32\*ecwsdj.exe*

And this folder:

C:\Program Files\Common files\*WinTools*

Empty the Recycle Bin.

Go here and do an online virus scan.

Be sure and put a check in the box by "Auto Clean" before you do the scan. If it finds anything that it cannot clean have it delete it or make a note of the file location so you can delete it yourself.


----------



## Flrman1 (Jul 26, 2002)

I am moving this to the Security forum.

Also I notice that you do not have an antivirus running or a firewall. If I may so this without being rude, with the net as it is these days it is quite foolish to be without an antivirus and a firewall. By all means get both ASAP! See this thread for some good free ones:

http://forums.techguy.org/t110854/s.html


----------



## Couriant (Mar 26, 2002)

Flrman1, you forgot to mention this little bug:

O10 - Broken Internet access because of LSP provider 'osmim.dll' missing


----------



## Flrman1 (Jul 26, 2002)

Ty Tidas! :up:

To fix that do this:

Click here to download LspFix

Launch the application, and click the "I know what I'm doing" checkbox. (Don't do anything else)

Then click Finish.


----------



## Couriant (Mar 26, 2002)

welcome  I didn't have time to type that out.
Hold on.. you forgot this:

Launch the application, and click the "I know what I'm doing" checkbox. (Don't do anything else)

*Highlight all instances of 'osmim.dll' and click the >>> button to the remove section*

Then click Finish.


----------



## Flrman1 (Jul 26, 2002)

Tidus4Yuna said:


> welcome *Highlight all instances of 'osmim.dll' and click the >>> button to the remove section*


The 'osmim.dll' will not be there in the LspFix window. Anytime it says " Broken Internet access because of LSP provider 'osmim.dll' missing", it means exactly that and the file will not be there to move to the remove payne. It's already missing.


----------



## Couriant (Mar 26, 2002)

really? I have seen it say that and it was there... hmm


----------

