|
|
|||||||
| Spyware Cleaning Section Closed!! |
| Notice: The spyware cleaning (HijackThis) section is closed. Wilders Security no longer provides one on one spyware cleaning assistance. Please see this announcement for a list of websites that provide such services. |
|
|
Thread Tools | Search this Thread |
|
#1
May 20th, 2004, 04:35 PM
|
|||
|
|||
C:\WINDOWS\System32\bridge.dll
When i boot up my computer i always get the error "Error loading C:\WINDOWS\System32\bridge.dll" I have ran both SpyBot and Ad-aware as well as Hijackthis whose log i have inserted below. Any suggestions?
Logfile of HijackThis v1.97.7 Scan saved at 1:25:35 PM, on 5/20/2004 Platform: Windows XP (WinNT 5.01.2600) MSIE: Internet Explorer v6.00 (6.00.2600.0000) Running processes: C:\Windows\System32\smss.exe C:\Windows\system32\winlogon.exe C:\Windows\system32\services.exe C:\Windows\system32\lsass.exe C:\Windows\system32\svchost.exe C:\Windows\System32\svchost.exe C:\Windows\system32\spoolsv.exe C:\Altiris\AClient\AClient.exe C:\PROGRA~1\SYMANT~1\SYMANT~1\DefWatch.exe C:\Program Files\Expertcity\GoToMyPC\g2svc.exe C:\Windows\Explorer.EXE C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE C:\Program Files\Expertcity\GoToMyPC\g2comm.exe C:\PROGRA~1\SYMANT~1\SYMANT~1\Rtvscan.exe C:\Program Files\Expertcity\GoToMyPC\g2tray.exe C:\Windows\System32\nvsvc32.exe C:\Program Files\QuickTime\qttask.exe C:\windows\temp\789iMpmxA.exe C:\PROGRA~1\SYMANT~1\SYMANT~1\vptray.exe C:\Windows\System32\ctfmon.exe C:\Windows\System32\RUNDLL32.EXE C:\PROGRA~1\MICROS~2\OFFICE11\OUTLOOK.EXE C:\Program Files\Common Files\Microsoft Shared\Speech\sapisvr.exe C:\Program Files\Microsoft Office\OFFICE11\WINWORD.EXE C:\Program Files\Internet Explorer\iexplore.exe C:\Documents and Settings\Tammy\Local Settings\Temp\Temporary Directory 1 for hijackthis1977.zip\HijackThis.exe R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://red.clientapps.yahoo.com/cust.../www.yahoo.com R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.thebbb.org/ R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://red.clientapps.yahoo.com/cust.../www.yahoo.com R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://red.clientapps.yahoo.com/cust...//my.yahoo.com R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://red.clientapps.yahoo.com/cust.../www.yahoo.com R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch = R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://red.clientapps.yahoo.com/cust.../www.yahoo.com R3 - URLSearchHook: (no name) - {CFBFAE00-17A6-11D0-99CB-00C04FD64497}_ - (no file) O1 - Hosts: 12.129.205.209 search.netscape.com12.129.205.209 sitefinder.verisign.com O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\Windows\System32\msdxm.ocx O4 - HKLM\..\Run: [GoToMyPC] C:\Program Files\Expertcity\GoToMyPC\g2svc.exe -logon O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime O4 - HKLM\..\Run: [RunDLL] rundll32.exe "C:\Windows\System32\bridge.dll",Load O4 - HKLM\..\Run: [789iMpmxA] C:\windows\temp\789iMpmxA.exe O4 - HKLM\..\Run: [TV Media] C:\Program Files\TV Media\Tvm.exe O4 - HKLM\..\Run: [Dsi] C:\Windows\System32\dp-k13w13.exe O4 - HKLM\..\Run: [vptray] C:\PROGRA~1\SYMANT~1\SYMANT~1\vptray.exe O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\Windows\System32\NvCpl.dll,NvStartup O4 - HKLM\..\Run: [nwiz] nwiz.exe /install O4 - HKCU\..\Run: [Yahoo! Pager] C:\Program Files\Yahoo!\Messenger\ypager.exe -quiet O4 - HKCU\..\Run: [ctfmon.exe] C:\Windows\System32\ctfmon.exe O4 - HKCU\..\Run: [TV Media] C:\Program Files\TV Media\Tvm.exe O4 - HKCU\..\Run: [WNST] C:\Windows\System32\wnsapisv.exe O4 - HKCU\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\Windows\System32\NVMCTRAY.DLL,NvTaskbarInit O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000 O8 - Extra context menu item: Yahoo! Dictionary - file:///C:\Program Files\Yahoo!\Common/ycdict.htm O8 - Extra context menu item: Yahoo! Search - file:///C:\Program Files\Yahoo!\Common/ycsrch.htm O9 - Extra button: Research (HKLM) O9 - Extra button: Messenger (HKLM) O9 - Extra 'Tools' menuitem: Windows Messenger (HKLM) O16 - DPF: {2253F320-AB68-4A07-917D-4F12D8884A06} (ChainCast VMR Client Proxy) - http://www.streamaudio.com/download/ccpm_0237.cab O16 - DPF: {30528230-99F7-4BB4-88D8-FA1D4F56A2AB} (YInstStarter Class) - http://download.yahoo.com/dl/installs/yinst0309.cab O16 - DPF: {3E68E405-C6DE-49FF-83AE-41EE9F4C36CE} (Office Update Installation Engine) - http://office.microsoft.com/officeup...ntent/opuc.cab O16 - DPF: {41F17733-B041-4099-A042-B518BB6A408C} - http://a1540.g.akamai.net/7/1540/52/...eInstaller.exe O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://download.macromedia.com/pub/s...sh/swflash.cab O17 - HKLM\System\CCS\Services\Tcpip\Parameters: Domain = thebbb.org O17 - HKLM\Software\..\Telephony: DomainName = thebbb.org O17 - HKLM\System\CS1\Services\Tcpip\Parameters: Domain = thebbb.org O17 - HKLM\System\CS2\Services\Tcpip\Parameters: Domain = thebbb.org |
|
#2
May 23rd, 2004, 09:52 AM
|
||||
|
||||
Re: C:\WINDOWS\System32\bridge.dll
Hi Tech123,
Before you start please unzip hijackthis.exe to a folder of itīs own. The program creates backups in the folder it is in. In a Temp folder they easily disappear. Check the following items in HijackThis. Close all windows except HijackThis and click Fix checked: R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://red.clientapps.yahoo.com/cust.../www.yahoo.com R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://red.clientapps.yahoo.com/cust.../www.yahoo.com R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://red.clientapps.yahoo.com/cust...//my.yahoo.com R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://red.clientapps.yahoo.com/cust.../www.yahoo.com R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://red.clientapps.yahoo.com/cust.../www.yahoo.com R3 - URLSearchHook: (no name) - {CFBFAE00-17A6-11D0-99CB-00C04FD64497}_ - (no file) O1 - Hosts: 12.129.205.209 search.netscape.com12.129.205.209 sitefinder.verisign.com O4 - HKLM\..\Run: [RunDLL] rundll32.exe "C:\Windows\System32\bridge.dll",Load O4 - HKLM\..\Run: [789iMpmxA] C:\windows\temp\789iMpmxA.exe O4 - HKLM\..\Run: [TV Media] C:\Program Files\TV Media\Tvm.exe O4 - HKLM\..\Run: [Dsi] C:\Windows\System32\dp-k13w13.exe O4 - HKCU\..\Run: [TV Media] C:\Program Files\TV Media\Tvm.exe O4 - HKCU\..\Run: [WNST] C:\Windows\System32\wnsapisv.exe Then reboot into safe mode and delete: C:\Program Files\TV Media <= entire folder C:\Windows\System32\wnsapisv.exe Regards, Pieter
__________________
Regards, Pieter Itīs nice to be important, but itīs more important to be nice. It's human to make mistakes. It's even more so to blame the computer for it. |
| « Previous Thread | Next Thread » |
| Thread Tools | Search this Thread |
|
|
