Problem with C:\Windows\System32\bridge.dll

Discussion in 'adware, spyware & hijack cleaning' started by Imre, Jun 1, 2004.

Thread Status:
Not open for further replies.
  1. Imre

    Imre Registered Member

    Joined:
    Jun 1, 2004
    Posts:
    1
    I've had a problem with a pop-up declaring that a file named C:\Windows\System32\bridge.dll is missing whenever I boot my computer. I searched the Internet and found a thread with the same problem. He was guided to this forum so I'll follow the same procedure. I would be very grateful if anyone could check my HijackThis log to see if there is something I should delete.

    I cleaned my computer with Spybot and then searched with HijackThis. The log I got:

    Logfile of HijackThis v1.97.7
    Scan saved at 08:57:52, on 01.06.2004
    Platform: Windows XP SP1 (WinNT 5.01.2600)
    MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

    Running processes:
    C:\WINDOWS\System32\smss.exe
    C:\WINDOWS\system32\winlogon.exe
    C:\WINDOWS\system32\services.exe
    C:\WINDOWS\system32\lsass.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\System32\svchost.exe
    C:\Programfiler\Fellesfiler\Symantec Shared\ccSetMgr.exe
    C:\Programfiler\Fellesfiler\Symantec Shared\ccEvtMgr.exe
    C:\WINDOWS\system32\spoolsv.exe
    C:\Programfiler\Fellesfiler\Symantec Shared\ccProxy.exe
    C:\Programfiler\Norton Internet Security\Norton AntiVirus\navapsvc.exe
    C:\WINDOWS\System32\nvsvc32.exe
    C:\Programfiler\Norton Internet Security\Norton AntiVirus\SAVScan.exe
    C:\PROGRA~1\Aston\aston.exe
    C:\PROGRA~1\Aston\XP\internat.exe
    C:\WINDOWS\System32\Rundll32.exe
    C:\Programfiler\Java\j2re1.4.2_03\bin\jusched.exe
    C:\Programfiler\MUSICMATCH\MUSICMATCH Jukebox\mmtask.exe
    C:\Programfiler\TRUST\AMI MOUSE 150T OPTICAL WEB SCROLL\LWBWHEEL.exe
    C:\WINDOWS\System32\rundll32.exe
    C:\Programfiler\Fellesfiler\Symantec Shared\ccApp.exe
    C:\Programfiler\D-Tools\daemon.exe
    C:\Programfiler\Messenger Plus! 3\MsgPlus.exe
    C:\WINDOWS\System32\RUNDLL32.EXE
    C:\Programfiler\Fellesfiler\Symantec Shared\SNDSrvc.exe
    C:\Programfiler\Internet Explorer\IEXPLORE.EXE
    C:\WINDOWS\explorer.exe
    C:\Programfiler\HijackThis\HijackThis.exe
    C:\Programfiler\Messenger\msmsgs.exe

    R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://www.blazefind.com/search.php?search=%s
    R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.blazefind.com
    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.startsiden.no/
    R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://www.blazefind.com/search_page.php
    R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://www.blazefind.com
    R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Koblinger
    F0 - system.ini: Shell=C:\PROGRA~1\Aston\aston.exe ,svchost.exe
    F2 - REG:system.ini: Shell=explorer.exe ,svchost.exe
    O2 - BHO: MyWay Search Assistant BHO - {04079851-5845-4dea-848C-3ECD647AA554} - C:\Programfiler\MyWay\SrchAstt\1.bin\MYSRCHAS.DLL (file missing)
    O2 - BHO: (no name) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Programfiler\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll
    O2 - BHO: (no name) - {71ED4FBA-4024-4bbe-91DC-9704C93F453E} - c:\progra~1\iesearchbar\iesearchbar.dll
    O2 - BHO: (no name) - {83DE62E0-5805-11D8-9B25-00E04C60FAF2} - C:\WINDOWS\2_0_1browserhelper2.dll (file missing)
    O2 - BHO: (no name) - {9C691A33-7DDA-4C2F-BE4C-C176083F35CF} - C:\WINDOWS\System32\bridge.dll (file missing)
    O2 - BHO: Web assistant - {9ECB9560-04F9-4bbc-943D-298DDF1699E1} - C:\Programfiler\Fellesfiler\Symantec Shared\AdBlocking\NISShExt.dll
    O2 - BHO: NAV Helper - {BDF3E430-B101-42AD-A544-FADC6B084872} - C:\Programfiler\Norton Internet Security\Norton AntiVirus\NavShExt.dll
    O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx
    O3 - Toolbar: IE Search Bar - {71ED4FBA-4024-4bbe-91DC-9704C93F453E} - c:\progra~1\iesearchbar\iesearchbar.dll
    O4 - HKLM\..\Run: [NVCLOCK] Rundll32 nvclock.dll,fnNvclock
    O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\System32\NvCpl.dll,NvStartup
    O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
    O4 - HKLM\..\Run: [QuickTime Task] "C:\Programfiler\QuickTime\qttask.exe" -atboottime
    O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Programfiler\Java\j2re1.4.2_03\bin\jusched.exe
    O4 - HKLM\..\Run: [WebSavingsfromEbates] javaw -cp "C:\Programfiler\WebSavingsfromEbates\System\Code" Main lp: "C:\Programfiler\WebSavingsfromEbates"
    O4 - HKLM\..\Run: [Openwares LiveUpdate] C:\Program Files\LiveUpdate\LiveUpdate.exe
    O4 - HKLM\..\Run: [mmtask] C:\Programfiler\MUSICMATCH\MUSICMATCH Jukebox\mmtask.exe
    O4 - HKLM\..\Run: [LWBMOUSE] C:\Programfiler\TRUST\AMI MOUSE 150T OPTICAL WEB SCROLL\LWBWHEEL.exe
    O4 - HKLM\..\Run: [RunDLL] rundll32.exe "C:\WINDOWS\System32\bridge.dll",Load
    O4 - HKLM\..\Run: [systray] C:\WINDOWS\System32\a.exe
    O4 - HKLM\..\Run: [tqrqhwn] C:\WINDOWS\tqrqhwn.exe
    O4 - HKLM\..\Run: [izavch] C:\WINDOWS\izavch.exe
    O4 - HKLM\..\Run: [AceGain LiveUpdate] C:\Programfiler\AceGain\LiveUpdate\LiveUpdate.exe
    O4 - HKLM\..\Run: [ccApp] "C:\Programfiler\Fellesfiler\Symantec Shared\ccApp.exe"
    O4 - HKLM\..\Run: [URLLSTCK.exe] C:\Programfiler\Norton Internet Security\UrlLstCk.exe
    O4 - HKLM\..\Run: [DAEMON Tools-1033] "C:\Programfiler\D-Tools\daemon.exe" -lang 1033
    O4 - HKLM\..\Run: [MessengerPlus3] "C:\Programfiler\Messenger Plus! 3\MsgPlus.exe"
    O4 - HKCU\..\Run: [STYLEXP] C:\Programfiler\TGTSoft\StyleXP\StyleXP.exe -Hide
    O4 - HKCU\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\System32\NVMCTRAY.DLL,NvTaskbarInit
    O4 - HKLM\..\RunOnce: [SpyBotSnD] "C:\Programfiler\Spybot - Search & Destroy\SpybotSD.exe" /autocheck
    O4 - Global Startup: Adobe Gamma Loader.lnk = C:\Programfiler\Fellesfiler\Adobe\Calibration\Adobe Gamma Loader.exe
    O4 - Global Startup: Microsoft Office.lnk = C:\Programfiler\Microsoft Office\Office10\OSA.EXE
    O8 - Extra context menu item: E&ksporter til Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
    O8 - Extra context menu item: Web Savings - file://C:\Programfiler\WebSavingsfromEbates\System\Temp\ebateswebsavings_script0.htm
    O9 - Extra 'Tools' menuitem: Sun Java Console (HKLM)
    O9 - Extra button: Messenger (HKLM)
    O9 - Extra 'Tools' menuitem: Windows Messenger (HKLM)
    O16 - DPF: {02BF25D5-8C17-4B23-BC80-D3488ABDDC6B} (QuickTime Object) - http://www.apple.com/qtactivex/qtplugin.cab
    O16 - DPF: {166B1BCA-3F9C-11CF-8075-444553540000} (Shockwave ActiveX Control) - http://download.macromedia.com/pub/shockwave/cabs/director/sw.cab
    O16 - DPF: {2917297F-F02B-4B9D-81DF-494B6333150B} (Minesweeper Flags Class) - http://messenger.zone.msn.com/binary/MineSweeper.cab
    O16 - DPF: {70BA88C8-DAE8-4CE9-92BB-979C4A75F53B} (GSDACtl Class) - http://launch.gamespyarcade.com/software/launch/alaunch.cab
    O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsClient.cab
    O16 - DPF: {9F1C11AA-197B-4942-BA54-47A8489BB47F} (Update Class) - http://v4.windowsupdate.microsoft.com/CAB/x86/unicode/iuctl.CAB?37870.1546990741
    O16 - DPF: {C2FCEF52-ACE9-11D3-BEBD-00105AA9B6AE} (Symantec RuFSI Registry Information Class) - http://security.symantec.com/sscv6/SharedContent/common/bin/cabsa.cab
    O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload.macromedia.com/pub/shockwave/cabs/flash/swflash.cab
    O16 - DPF: {F6BF0D00-0B2A-4A75-BF7B-F385591623AF} (Solitaire Showdown Class) - http://messenger.zone.msn.com/binary/SolitaireShowdown.cab
    O16 - DPF: {F9700DB5-3F1C-46F1-90E5-238585CB3520} (FileSharingCtrl Class) - http://appdirectory.messenger.msn.com/AppDirectory/P4Apps/FileSharing/no/filesharingctrl.cab
     
    Imre, Jun 1, 2004
    #1
  2. Gavin - DiamondCS

    Gavin - DiamondCS Former DCS Moderator

    Joined:
    Feb 10, 2002
    Posts:
    2,080
    Location:
    Perth, Western Australia
    Hi,

    NOTE that these 2 items below may not be fixed automatically. You should edit these manually if possible, or leave them for now and tick the others. I recommend you leave these, and we will look at this problem after you get rid of the other problems.

    F0 - system.ini: Shell=C:\PROGRA~1\Aston\aston.exe ,svchost.exe
    F2 - REG:system.ini: Shell=explorer.exe ,svchost.exe

    What you do need to do, is make both entries above the same but REMOVE the svchost.exe entry I notice aston.exe is a shell replacement for explorer, so this is normal to have this entry. However SVCHOST.exe may be a trojan, can you check your computer for ALL copies of this filename. If one exists in the Windows folder please send it to me - address at the bottom. There should be a real SVCHOST.exe, the real file exists in Windows\System32 - this is normal


    Definite problems :
    Close all browser windows, run Hijack This, and tick these items.
    Then choose Fix Selected, and reboot your machine.

    R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://www.blazefind.com/search.php?search=%s
    R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.blazefind.com
    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.startsiden.no/
    R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://www.blazefind.com/search_page.php
    R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://www.blazefind.com

    O2 - BHO: MyWay Search Assistant BHO - {04079851-5845-4dea-848C-3ECD647AA554} - C:\Programfiler\MyWay\SrchAstt\1.bin\MYSRCHAS.DLL (file missing)

    O2 - BHO: (no name) - {71ED4FBA-4024-4bbe-91DC-9704C93F453E} - c:\progra~1\iesearchbar\iesearchbar.dll
    O2 - BHO: (no name) - {83DE62E0-5805-11D8-9B25-00E04C60FAF2} - C:\WINDOWS\2_0_1browserhelper2.dll (file missing)
    O2 - BHO: (no name) - {9C691A33-7DDA-4C2F-BE4C-C176083F35CF} - C:\WINDOWS\System32\bridge.dll (file missing)

    O3 - Toolbar: IE Search Bar - {71ED4FBA-4024-4bbe-91DC-9704C93F453E} - c:\progra~1\iesearchbar\iesearchbar.dll

    O4 - HKLM\..\Run: [RunDLL] rundll32.exe "C:\WINDOWS\System32\bridge.dll",Load
    O4 - HKLM\..\Run: [systray] C:\WINDOWS\System32\a.exe
    O4 - HKLM\..\Run: [tqrqhwn] C:\WINDOWS\tqrqhwn.exe
    O4 - HKLM\..\Run: [izavch] C:\WINDOWS\izavch.exe


    Please send these files to submit@diamondcs.com.au just in case they are new malware, then delete them

    C:\WINDOWS\tqrqhwn.exe
    C:\WINDOWS\izavch.exe
     
    Gavin - DiamondCS, Jun 1, 2004
    #2
Thread Status:
Not open for further replies.
  1. This site uses cookies to help personalise content, tailor your experience and to keep you logged in if you register.
    By continuing to use this site, you are consenting to our use of cookies.
    Accept Learn More...