Bridge.dll Problem

Discussion in 'adware, spyware & hijack cleaning' started by Architoid, May 20, 2004.

Thread Status:
Not open for further replies.
  1. Architoid

    Architoid Registered Member

    Joined:
    May 20, 2004
    Posts:
    2
    I searched for information on Bridge.dll and was directed to your website. Having read it through I'm now posting in accordance with the very clear and concise instructions. Any help you can offer will be greatly appreciated.

    Problem(s)
    1) On booting up dual boot system to Windows XP a pop-up reports:
    'Error loading D:\Windows\System32\bridge.dll

    2) Windows Task Manager: 'Bridge' reported as Running

    3) In Network Connections following is reported:

    1394 Connection: Network Bridge - Enabled, Bridged - 1394 Net Adapter
    Local Area Connection: Network Bridge - Enabled, Bridged - 3Com Etherlink XL10/100
    Network Bridge(Network Bridge)2: Network Bridge - Enabled - MAC Bridge Miniport

    I'm not sure if 2) and 3) are connected problems but I thought I'd report them anyway.
    I'm connected to the internet by cable modem via a Dratek Vigor 2200X Router/Switch.

    I followed the instructions on your web page using Ad-Aware 6 then HijackThis, and the log is as follows:

    Logfile of HijackThis v1.97.7
    Scan saved at 18:29:10, on 20/05/2004
    Platform: Windows XP (WinNT 5.01.2600)
    MSIE: Internet Explorer v6.00 (6.00.2600.0000)

    Running processes:
    D:\WINDOWS\System32\smss.exe
    D:\WINDOWS\system32\winlogon.exe
    D:\WINDOWS\system32\services.exe
    D:\WINDOWS\system32\lsass.exe
    D:\WINDOWS\system32\svchost.exe
    D:\WINDOWS\System32\svchost.exe
    D:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
    D:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
    D:\WINDOWS\Explorer.exe
    D:\WINDOWS\system32\spoolsv.exe
    D:\WINDOWS\System32\CTsvcCDA.exe
    D:\NORTON~1\NORTON~4\GHOSTS~2.EXE
    D:\Program Files\Common Files\Microsoft Shared\VS7Debug\mdm.exe
    D:\NORTON~1\NORTON~2\NPROTECT.EXE
    D:\WINDOWS\System32\nvsvc32.exe
    D:\NORTON~1\NORTON~2\SPEEDD~1\NOPDB.EXE
    D:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
    D:\WINDOWS\system32\ZONELABS\vsmon.exe
    D:\WINDOWS\system32\svchosd.exe
    D:\WINDOWS\System32\MsPMSPSv.exe
    D:\WINDOWS\swchost.exe
    D:\WINDOWS\sachost.exe
    D:\ZONEAL~1\zlclient.exe
    D:\Program Files\Common Files\Real\Update_OB\realsched.exe
    D:\Applications\Musicmatch Jukebox\MUSICMATCH Update\MMJB\mmtask.exe
    D:\Norton SystemWorks\Norton Ghost\GhostStartTrayApp.exe
    D:\Creative\SBAudigy2\Surround Mixer\CTSysVol.exe
    D:\WINDOWS\System32\CTHELPER.EXE
    D:\Creative\SBAudigy2\DVDAudio\CTDVDDet.EXE
    D:\Program Files\Common Files\Symantec Shared\ccApp.exe
    D:\Applications\Easy CD Creator 5\DirectCD\DirectCD.exe
    D:\Norton SystemWorks\Password Manager\AcctMgr.exe
    D:\Program Files\Creative\ShareDLL\CtNotify.exe
    D:\Creative\Jukebox 3\PlayCenter2\CTNMRUN.EXE
    D:\applications\seti\SETI@home.exe
    D:\Program Files\Messenger\msmsgs.exe
    D:\Applications\Microsoft Money\System\mnyexpr.exe
    D:\WINDOWS\System32\ctfmon.exe
    D:\Program Files\Creative\ShareDLL\Mediadet.exe
    D:\Applications\Spamihilator\spamihilator.exe
    D:\Applications\Real\RealDownload\RealDownload0.exe
    D:\Microsoft Office\Office10\msoffice.exe
    D:\blueyonder IST\bin\mpbtn.exe
    D:\Applications\Hijack This\HijackThis.exe

    R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page_bak = http://broadband.blueyonder.co.uk/
    R1 - HKCU\Software\Microsoft\Internet Connection Wizard,Shellnext = http://broadband.blueyonder.co.uk/
    R3 - URLSearchHook: (no name) - _{CFBFAE00-17A6-11D0-99CB-00C04FD64497} - (no file)
    F0 - system.ini: Shell=Explorer.exe svchosd.exe
    F2 - REG:system.ini: Shell=Explorer.exe svchosd.exe
    O2 - BHO: (no name) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - D:\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx
    O2 - BHO: (no name) - {549B5CA7-4A86-11D7-A4DF-000874180BB3} - (no file)
    O2 - BHO: (no name) - {AA58ED58-01DD-4d91-8333-CF10577473F7} - d:\program files\google\googletoolbar2.dll
    O2 - BHO: NAV Helper - {BDF3E430-B101-42AD-A544-FADC6B084872} - D:\Norton SystemWorks\Norton Antivirus\NavShExt.dll
    O2 - BHO: (no name) - {EBCDDA60-2A68-11D3-8A43-0060083CFB9C} - D:\WINDOWS\System32\nzdd.dll
    O2 - BHO: (no name) - {FDD3B846-8D59-4ffb-8758-209B6AD74ACC} - (no file)
    O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - D:\Norton SystemWorks\Norton Antivirus\NavShExt.dll
    O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - d:\program files\google\googletoolbar2.dll
    O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - D:\WINDOWS\System32\msdxm.ocx
    O4 - HKLM\..\Run: [Windows report] D:\WINDOWS\swchost.exe
    O4 - HKLM\..\Run: [Systems] D:\WINDOWS\System32\scchost.exe
    O4 - HKLM\..\Run: [Onlune Sarvice] D:\WINDOWS\sachost.exe
    O4 - HKLM\..\Run: [Zone Labs Client] D:\ZONEAL~1\zlclient.exe
    O4 - HKLM\..\Run: [xynanwd] D:\WINDOWS\xynanwd.exe
    O4 - HKLM\..\Run: [UpdReg] D:\WINDOWS\UpdReg.EXE
    O4 - HKLM\..\Run: [TkBellExe] "D:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
    O4 - HKLM\..\Run: [SBDrvDet] D:\Program Files\Creative\SB Drive Det\SBDrvDet.exe /r
    O4 - HKLM\..\Run: [RunDLL] rundll32.exe "D:\WINDOWS\System32\bridge.dll",Load
    O4 - HKLM\..\Run: [PHIME2002ASync] D:\WINDOWS\System32\IME\TINTLGNT\TINTSETP.EXE /SYNC
    O4 - HKLM\..\Run: [PHIME2002A] D:\WINDOWS\System32\IME\TINTLGNT\TINTSETP.EXE /IMEName
    O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
    O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE NvQTwk,NvCplDaemon initialize
    O4 - HKLM\..\Run: [mmtask] D:\Applications\Musicmatch Jukebox\MUSICMATCH Update\MMJB\mmtask.exe
    O4 - HKLM\..\Run: [IMJPMIG8.1] D:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE /Spoil /RemAdvDef /Migration32
    O4 - HKLM\..\Run: [GhostStartTrayApp] D:\Norton SystemWorks\Norton Ghost\GhostStartTrayApp.exe
    O4 - HKLM\..\Run: [EM_EXEC] d:\APPLIC~1\Logitech\MOUSEW~1\SYSTEM\EM_EXEC.EXE
    O4 - HKLM\..\Run: [cvutoh] D:\WINDOWS\cvutoh.exe
    O4 - HKLM\..\Run: [CTSysVol] D:\Creative\SBAudigy2\Surround Mixer\CTSysVol.exe
    O4 - HKLM\..\Run: [CTHelper] CTHELPER.EXE
    O4 - HKLM\..\Run: [CTDVDDet] D:\Creative\SBAudigy2\DVDAudio\CTDVDDet.EXE
    O4 - HKLM\..\Run: [ccApp] "D:\Program Files\Common Files\Symantec Shared\ccApp.exe"
    O4 - HKLM\..\Run: [AsioReg] REGSVR32.EXE /S CTASIO.DLL
    O4 - HKLM\..\Run: [AdaptecDirectCD] "D:\Applications\Easy CD Creator 5\DirectCD\DirectCD.exe"
    O4 - HKLM\..\Run: [AcctMgr] D:\Norton SystemWorks\Password Manager\AcctMgr.exe /startup
    O4 - HKLM\..\Run: [Aplune Service] svchosd.exe
    O4 - HKLM\..\Run: [Disc Detector] D:\Program Files\Creative\ShareDLL\CtNotify.exe
    O4 - HKLM\..\Run: [CTStartup] D:\Program Files\Creative\Splash Screen\CTEaxSpl.EXE /run
    O4 - HKLM\..\Run: [NOMAD Detector] D:\Creative\Jukebox 3\PlayCenter2\CTNMRUN.EXE
    O4 - HKCU\..\Run: [seticlient] d:\applications\seti\SETI@home.exe -min
    O4 - HKCU\..\Run: [RemoteCenter] D:\Creative\MediaSource\RemoteControl\RcMan.exe
    O4 - HKCU\..\Run: [MSMSGS] "D:\Program Files\Messenger\msmsgs.exe" /background
    O4 - HKCU\..\Run: [MoneyAgent] "D:\Applications\Microsoft Money\System\mnyexpr.exe"
    O4 - HKCU\..\Run: [CTFMON.EXE] D:\WINDOWS\System32\ctfmon.exe
    O4 - HKCU\..\Run: [Spamihilator] "D:\Applications\Spamihilator\spamihilator.exe"
    O4 - HKCU\..\Run: [NOMAD Detector] "D:\Creative\Jukebox 3\PlayCenter2\CTNMRUN.EXE"
    O4 - Global Startup: RealDownload.lnk = D:\Applications\Real\RealDownload\RealDownload0.exe
    O4 - Global Startup: Microsoft Office.lnk = D:\Microsoft Office\Office10\OSA.EXE
    O4 - Global Startup: blueyonder Instant Support Tool.lnk = D:\blueyonder IST\bin\matcli.exe
    O8 - Extra context menu item: &Google Search - res://D:\Program Files\Google\GoogleToolbar2.dll/cmsearch.html
    O8 - Extra context menu item: Backward &Links - res://D:\Program Files\Google\GoogleToolbar2.dll/cmbacklinks.html
    O8 - Extra context menu item: Cac&hed Snapshot of Page - res://D:\Program Files\Google\GoogleToolbar2.dll/cmcache.html
    O8 - Extra context menu item: E&xport to Microsoft Excel - res://D:\MICROS~1\Office10\EXCEL.EXE/3000
    O8 - Extra context menu item: Si&milar Pages - res://D:\Program Files\Google\GoogleToolbar2.dll/cmsimilar.html
    O8 - Extra context menu item: Translate into English - res://D:\Program Files\Google\GoogleToolbar2.dll/cmtrans.html
    O12 - Plugin for .spop: D:\Program Files\Internet Explorer\Plugins\NPDocBox.dll
    O16 - DPF: {0A5FD7C5-A45C-49FC-ADB5-9952547D5715} (Creative Software AutoUpdate) - http://www.creative.com/SU/ocx/12119/CTSUEng.cab
    O16 - DPF: {56336BCB-3D8A-11D6-A00B-0050DA18DE71} (RdxIE Class) - http://software-dl.real.com/29d85a400f3b9a9b5b16/netzip/RdxIE601.cab
    O16 - DPF: {AD7FAFB0-16D6-40C3-AF27-585D6E6453FD} - http://dload.ipbill.com/del/loader.cab
    O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://download.macromedia.com/pub/shockwave/cabs/flash/swflash.cab
    O16 - DPF: {F6ACF75C-C32C-447B-9BEF-46B766368D29} (Creative Software AutoUpdate Support Package) - http://www.creative.com/SU/ocx/12119/CTPID.cab
     
  2. Unzy

    Unzy Registered Member

    Joined:
    Nov 2, 2003
    Posts:
    1,098
    Location:
    Belgium
    Hi Architoid,

    have only HijackThis running and fix :

    R3 - URLSearchHook: (no name) - _{CFBFAE00-17A6-11D0-99CB-00C04FD64497} - (no file)

    F0 - system.ini: Shell=Explorer.exe svchosd.exe
    F2 - REG:system.ini: Shell=Explorer.exe svchosd.exe

    O4 - HKLM\..\Run: [Windows report] D:\WINDOWS\swchost.exe
    O4 - HKLM\..\Run: [Systems] D:\WINDOWS\System32\scchost.exe
    O4 - HKLM\..\Run: [Onlune Sarvice] D:\WINDOWS\sachost.exe
    O4 - HKLM\..\Run: [xynanwd] D:\WINDOWS\xynanwd.exe
    O4 - HKLM\..\Run: [TkBellExe] "D:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
    O4 - HKLM\..\Run: [RunDLL] rundll32.exe "D:\WINDOWS\System32\bridge.dll",Load
    O4 - HKLM\..\Run: [cvutoh] D:\WINDOWS\cvutoh.exe
    O4 - HKLM\..\Run: [Aplune Service] svchosd.exe
    O4 - Global Startup: RealDownload.lnk = D:\Applications\Real\RealDownload\RealDownload0.exe

    O16 - DPF: {56336BCB-3D8A-11D6-A00B-0050DA18DE71} (RdxIE Class) - http://software-dl.real.com/29d85a4...ip/RdxIE601.cab
    O16 - DPF: {AD7FAFB0-16D6-40C3-AF27-585D6E6453FD} - http://dload.ipbill.com/del/loader.cab

    Restart PC after doing so in Safe Mode : Here's How and remove (if still present) :

    PLEASE Note that svchost in system32 folder is legit , make sure you do NOT touch that one ;) All the these need to go :

    D:\WINDOWS\system32\svchosd.exe <- this file
    D:\WINDOWS\swchost.exe <- this file
    D:\WINDOWS\System32\scchost.exe <- this file
    D:\WINDOWS\sachost.exe <- this file
    D:\WINDOWS\xynanwd.exe <- this file
    D:\WINDOWS\System32\bridge.dll <- this file
    D:\WINDOWS\cvutoh.exe <- this file

    Restart again in normal mode

    Do a free online scan here :

    http://housecall.antivirus.com/housecall/start_corp.asp

    Hope this helps

    Cheers,
     
  3. Architoid

    Architoid Registered Member

    Joined:
    May 20, 2004
    Posts:
    2
    Hi, Unzy

    My sincere thanks for your assistance. My pc now seems to be completely clear of the 'bridge' pop-up though my network connections still refer to being bridged.
    I'm reasonably experienced with computers - or so I thought - but I'm seriously impressed with the speed you responded and solved my problem.
    I have to ask - is there somewhere I can read about this stuff to try and understand it better, how do I learn more? How do you identify what to 'fix', delete, etc. - years of experience and/or in-depth technical knowledge?
    Again, many thanks. The website/forum definitely has my vote and will be promoted among any of my friends/colleagues who suffer the same or similar difficulties.

    Regards
    Architoid

    :D :D :D
     
  4. Pieter_Arntz

    Pieter_Arntz Spyware Veteran

    Joined:
    Apr 27, 2002
    Posts:
    13,331
    Location:
    Netherlands
Thread Status:
Not open for further replies.