ANOYING!! C:\WINDOWS\System32\bridge.dll

Discussion in 'adware, spyware & hijack cleaning' started by yuki-pilas, May 6, 2004.

Thread Status:
Not open for further replies.
  1. yuki-pilas

    yuki-pilas Registered Member

    Joined:
    May 6, 2004
    Posts:
    1
    i have this problem , i used all ur steps i used ad-aware 6.0 and then S&d then hijack and i still have this error C:\WINDOWS\System32\bridge.dll

    heres my log





    Logfile of HijackThis v1.97.7
    Scan saved at 06:45:53 p.m., on 06/05/2004
    Platform: Windows XP SP1 (WinNT 5.01.2600)
    MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

    Running processes:
    C:\WINDOWS\System32\smss.exe
    C:\WINDOWS\system32\winlogon.exe
    C:\WINDOWS\system32\services.exe
    C:\WINDOWS\system32\lsass.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\System32\svchost.exe
    C:\Program Files\TGTSoft\StyleXP\StyleXPService.exe
    C:\WINDOWS\system32\spoolsv.exe
    C:\WINDOWS\Explorer.EXE
    C:\WINDOWS\System32\CTsvcCDA.EXE
    C:\Program Files\Common Files\Microsoft Shared\VS7Debug\mdm.exe
    C:\WINDOWS\System32\nvsvc32.exe
    C:\Program Files\Panda Software\Panda Antivirus Platinum\Firewall\PavFires.exe
    C:\Program Files\Panda Software\Panda Antivirus Platinum\pavsrv51.exe
    C:\WINDOWS\System32\svchost.exe
    C:\WINDOWS\System32\MsPMSPSv.exe
    C:\Program Files\Panda Software\Panda Antivirus Platinum\AVENGINE.EXE
    C:\Program Files\Panda Software\Panda Antivirus Platinum\apvxdwin.exe
    C:\Program Files\Panda Software\Panda Antivirus Platinum\pavProxy.exe
    C:\WINDOWS\System32\CTHELPER.EXE
    C:\Program Files\MSN Messenger\MsnMsgr.Exe
    C:\WINDOWS\System32\RUNDLL32.EXE
    C:\Program Files\TGTSoft\StyleXP\StyleXP.exe
    C:\Program Files\Internet Explorer\iexplore.exe
    D:\dap\DAP.EXE
    C:\Program Files\Blue Haven Media\KaZooM\KaZooM.Exe
    C:\Program Files\Kazaa Lite K++\KazaaLite.kpp
    C:\DOCUME~2\Yuki\LOCALS~1\Temp\Rar$EX00.360\HijackThis.exe

    R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://g.msn.com/0SEESLA/SAOS01
    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://latam.msn.com/
    R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page_bak = http://latam.msn.com/
    O1 - Hosts: 216.93.168.167 sitefinder.verisign.com
    O2 - BHO: (no name) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - D:\adobo\Reader\ActiveX\AcroIEHelper.ocx
    O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx
    O4 - HKLM\..\Run: [UpdReg] C:\WINDOWS\Updreg.exe
    O4 - HKLM\..\Run: [CTStartup] C:\Program Files\Creative\SBAudigy\Program\CTEaxSpl.EXE /run
    O4 - HKLM\..\Run: [CTHelper] CTHELPER.EXE
    O4 - HKLM\..\Run: [SCANINICIO] "C:\Program Files\Panda Software\Panda Antivirus Platinum\Inicio.exe"
    O4 - HKLM\..\Run: [APVXDWIN] "C:\Program Files\Panda Software\Panda Antivirus Platinum\APVXDWIN.EXE" /s
    O4 - HKLM\..\Run: [Open Site] C:\Program Files\Open Site\opnste.exe
    O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\System32\NvCpl.dll,NvStartup
    O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
    O4 - HKLM\..\Run: [RunDLL] rundll32.exe "C:\WINDOWS\System32\bridge.dll",Load
    O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background
    O4 - HKCU\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\System32\NVMCTRAY.DLL,NvTaskbarInit
    O4 - HKCU\..\Run: [STYLEXP] C:\Program Files\TGTSoft\StyleXP\StyleXP.exe -Hide
    O4 - Global Startup: Adobe Gamma Loader.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
    O4 - Global Startup: Microsoft Office.lnk = D:\Office10\OSA.EXE
    O8 - Extra context menu item: &Download with &DAP - D:\dap\dapextie.htm
    O8 - Extra context menu item: Download &all with DAP - D:\dap\dapextie2.htm
    O8 - Extra context menu item: E&xportar a Microsoft Excel - res://D:\Office10\EXCEL.EXE/3000
    O9 - Extra button: Investigador (HKLM)
    O9 - Extra button: Downloads (HKLM)
    O9 - Extra button: Messenger (HKLM)
    O9 - Extra 'Tools' menuitem: Messenger (HKLM)
    O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll
    O16 - DPF: {00B71CFB-6864-4346-A978-C0A14556272C} (Checkers Class) - http://messenger.zone.msn.com/binary/msgrchkr.cab
    O16 - DPF: {54B52E52-8000-4413-BD67-FC7FE24B59F2} (EARTPatchX Class) - http://files.ea.com/downloads/rtpatch/v2/EARTPX.cab
    O16 - DPF: {5F426A93-0821-47D2-A126-5A48A874B289} (DialerWeb Class) - http://212.145.159.194/251065/dialercab/WebRecomendada.cab
    O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsClient.cab
    O16 - DPF: {9F1C11AA-197B-4942-BA54-47A8489BB47F} (Update Class) - http://v4.windowsupdate.microsoft.com/CAB/x86/unicode/iuctl.CAB?38053.6862731481
    O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://download.macromedia.com/pub/shockwave/cabs/flash/swflash.cab

    thx u very much
     
  2. Pieter_Arntz

    Pieter_Arntz Spyware Veteran

    Joined:
    Apr 27, 2002
    Posts:
    13,332
    Location:
    Netherlands
    Hi yuki-pilas,

    Before you start, please unzip hijackthis to a separate folder. The program will make backups in the folder in the folder it's in.
    These easily get lost in a Temp folder.

    Check the items listed below in HijackThis, close all windows except HijackThis and click Fix checked:

    O1 - Hosts: 216.93.168.167 sitefinder.verisign.com

    O4 - HKLM\..\Run: [UpdReg] C:\WINDOWS\Updreg.exe

    O4 - HKLM\..\Run: [Open Site] C:\Program Files\Open Site\opnste.exe

    O4 - HKLM\..\Run: [RunDLL] rundll32.exe "C:\WINDOWS\System32\bridge.dll",Load

    O16 - DPF: {5F426A93-0821-47D2-A126-5A48A874B289} (DialerWeb Class) - http://212.145.159.194/251065/dialercab/WebRecomendada.cab

    Then reboot and delete:
    C:\Program Files\Open Site <= entire folder

    Regards,

    Pieter
     
Thread Status:
Not open for further replies.