Bridge.dll Problem

I searched for information on Bridge.dll and was directed to your website. Having read it through I'm now posting in accordance with the very clear and concise instructions. Any help you can offer will be greatly appreciated.

Problem(s)
1) On booting up dual boot system to Windows XP a pop-up reports:
'Error loading D:\Windows\System32\bridge.dll

2) Windows Task Manager: 'Bridge' reported as Running

3) In Network Connections following is reported:

1394 Connection: Network Bridge - Enabled, Bridged - 1394 Net Adapter
Local Area Connection: Network Bridge - Enabled, Bridged - 3Com Etherlink XL10/100
Network Bridge(Network Bridge)2: Network Bridge - Enabled - MAC Bridge Miniport

I'm not sure if 2) and 3) are connected problems but I thought I'd report them anyway.
I'm connected to the internet by cable modem via a Dratek Vigor 2200X Router/Switch.

I followed the instructions on your web page using Ad-Aware 6 then HijackThis, and the log is as follows:

Logfile of HijackThis v1.97.7
Scan saved at 18:29:10, on 20/05/2004
Platform: Windows XP (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 (6.00.2600.0000)

Running processes:
D:\WINDOWS\System32\smss.exe
D:\WINDOWS\system32\winlogon.exe
D:\WINDOWS\system32\services.exe
D:\WINDOWS\system32\lsass.exe
D:\WINDOWS\system32\svchost.exe
D:\WINDOWS\System32\svchost.exe
D:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
D:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
D:\WINDOWS\Explorer.exe
D:\WINDOWS\system32\spoolsv.exe
D:\WINDOWS\System32\CTsvcCDA.exe
D:\NORTON~1\NORTON~4\GHOSTS~2.EXE
D:\Program Files\Common Files\Microsoft Shared\VS7Debug\mdm.exe
D:\NORTON~1\NORTON~2\NPROTECT.EXE
D:\WINDOWS\System32\nvsvc32.exe
D:\NORTON~1\NORTON~2\SPEEDD~1\NOPDB.EXE
D:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
D:\WINDOWS\system32\ZONELABS\vsmon.exe
D:\WINDOWS\system32\svchosd.exe
D:\WINDOWS\System32\MsPMSPSv.exe
D:\WINDOWS\swchost.exe
D:\WINDOWS\sachost.exe
D:\ZONEAL~1\zlclient.exe
D:\Program Files\Common Files\Real\Update_OB\realsched.exe
D:\Applications\Musicmatch Jukebox\MUSICMATCH Update\MMJB\mmtask.exe
D:\Norton SystemWorks\Norton Ghost\GhostStartTrayApp.exe
D:\Creative\SBAudigy2\Surround Mixer\CTSysVol.exe
D:\WINDOWS\System32\CTHELPER.EXE
D:\Creative\SBAudigy2\DVDAudio\CTDVDDet.EXE
D:\Program Files\Common Files\Symantec Shared\ccApp.exe
D:\Applications\Easy CD Creator 5\DirectCD\DirectCD.exe
D:\Norton SystemWorks\Password Manager\AcctMgr.exe
D:\Program Files\Creative\ShareDLL\CtNotify.exe
D:\Creative\Jukebox 3\PlayCenter2\CTNMRUN.EXE
D:\applications\seti\SETI@home.exe
D:\Program Files\Messenger\msmsgs.exe
D:\Applications\Microsoft Money\System\mnyexpr.exe
D:\WINDOWS\System32\ctfmon.exe
D:\Program Files\Creative\ShareDLL\Mediadet.exe
D:\Applications\Spamihilator\spamihilator.exe
D:\Applications\Real\RealDownload\RealDownload0.exe
D:\Microsoft Office\Office10\msoffice.exe
D:\blueyonder IST\bin\mpbtn.exe
D:\Applications\Hijack This\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page_bak = http://broadband.blueyonder.co.uk/
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,Shellnext = http://broadband.blueyonder.co.uk/
R3 - URLSearchHook: (no name) - _{CFBFAE00-17A6-11D0-99CB-00C04FD64497} - (no file)
F0 - system.ini: Shell=Explorer.exe svchosd.exe
F2 - REG:system.ini: Shell=Explorer.exe svchosd.exe
O2 - BHO: (no name) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - D:\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx
O2 - BHO: (no name) - {549B5CA7-4A86-11D7-A4DF-000874180BB3} - (no file)
O2 - BHO: (no name) - {AA58ED58-01DD-4d91-8333-CF10577473F7} - d:\program files\google\googletoolbar2.dll
O2 - BHO: NAV Helper - {BDF3E430-B101-42AD-A544-FADC6B084872} - D:\Norton SystemWorks\Norton Antivirus\NavShExt.dll
O2 - BHO: (no name) - {EBCDDA60-2A68-11D3-8A43-0060083CFB9C} - D:\WINDOWS\System32\nzdd.dll
O2 - BHO: (no name) - {FDD3B846-8D59-4ffb-8758-209B6AD74ACC} - (no file)
O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - D:\Norton SystemWorks\Norton Antivirus\NavShExt.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - d:\program files\google\googletoolbar2.dll
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - D:\WINDOWS\System32\msdxm.ocx
O4 - HKLM\..\Run: [Windows report] D:\WINDOWS\swchost.exe
O4 - HKLM\..\Run: [Systems] D:\WINDOWS\System32\scchost.exe
O4 - HKLM\..\Run: [Onlune Sarvice] D:\WINDOWS\sachost.exe
O4 - HKLM\..\Run: [Zone Labs Client] D:\ZONEAL~1\zlclient.exe
O4 - HKLM\..\Run: [xynanwd] D:\WINDOWS\xynanwd.exe
O4 - HKLM\..\Run: [UpdReg] D:\WINDOWS\UpdReg.EXE
O4 - HKLM\..\Run: [TkBellExe] "D:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [SBDrvDet] D:\Program Files\Creative\SB Drive Det\SBDrvDet.exe /r
O4 - HKLM\..\Run: [RunDLL] rundll32.exe "D:\WINDOWS\System32\bridge.dll",Load
O4 - HKLM\..\Run: [PHIME2002ASync] D:\WINDOWS\System32\IME\TINTLGNT\TINTSETP.EXE /SYNC
O4 - HKLM\..\Run: [PHIME2002A] D:\WINDOWS\System32\IME\TINTLGNT\TINTSETP.EXE /IMEName
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE NvQTwk,NvCplDaemon initialize
O4 - HKLM\..\Run: [mmtask] D:\Applications\Musicmatch Jukebox\MUSICMATCH Update\MMJB\mmtask.exe
O4 - HKLM\..\Run: [IMJPMIG8.1] D:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE /Spoil /RemAdvDef /Migration32
O4 - HKLM\..\Run: [GhostStartTrayApp] D:\Norton SystemWorks\Norton Ghost\GhostStartTrayApp.exe
O4 - HKLM\..\Run: [EM_EXEC] d:\APPLIC~1\Logitech\MOUSEW~1\SYSTEM\EM_EXEC.EXE
O4 - HKLM\..\Run: [cvutoh] D:\WINDOWS\cvutoh.exe
O4 - HKLM\..\Run: [CTSysVol] D:\Creative\SBAudigy2\Surround Mixer\CTSysVol.exe
O4 - HKLM\..\Run: [CTHelper] CTHELPER.EXE
O4 - HKLM\..\Run: [CTDVDDet] D:\Creative\SBAudigy2\DVDAudio\CTDVDDet.EXE
O4 - HKLM\..\Run: [ccApp] "D:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [AsioReg] REGSVR32.EXE /S CTASIO.DLL
O4 - HKLM\..\Run: [AdaptecDirectCD] "D:\Applications\Easy CD Creator 5\DirectCD\DirectCD.exe"
O4 - HKLM\..\Run: [AcctMgr] D:\Norton SystemWorks\Password Manager\AcctMgr.exe /startup
O4 - HKLM\..\Run: [Aplune Service] svchosd.exe
O4 - HKLM\..\Run: [Disc Detector] D:\Program Files\Creative\ShareDLL\CtNotify.exe
O4 - HKLM\..\Run: [CTStartup] D:\Program Files\Creative\Splash Screen\CTEaxSpl.EXE /run
O4 - HKLM\..\Run: [NOMAD Detector] D:\Creative\Jukebox 3\PlayCenter2\CTNMRUN.EXE
O4 - HKCU\..\Run: [seticlient] d:\applications\seti\SETI@home.exe -min
O4 - HKCU\..\Run: [RemoteCenter] D:\Creative\MediaSource\RemoteControl\RcMan.exe
O4 - HKCU\..\Run: [MSMSGS] "D:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [MoneyAgent] "D:\Applications\Microsoft Money\System\mnyexpr.exe"
O4 - HKCU\..\Run: [CTFMON.EXE] D:\WINDOWS\System32\ctfmon.exe
O4 - HKCU\..\Run: [Spamihilator] "D:\Applications\Spamihilator\spamihilator.exe"
O4 - HKCU\..\Run: [NOMAD Detector] "D:\Creative\Jukebox 3\PlayCenter2\CTNMRUN.EXE"
O4 - Global Startup: RealDownload.lnk = D:\Applications\Real\RealDownload\RealDownload0.exe
O4 - Global Startup: Microsoft Office.lnk = D:\Microsoft Office\Office10\OSA.EXE
O4 - Global Startup: blueyonder Instant Support Tool.lnk = D:\blueyonder IST\bin\matcli.exe
O8 - Extra context menu item: &Google Search - res://D:\Program Files\Google\GoogleToolbar2.dll/cmsearch.html
O8 - Extra context menu item: Backward &Links - res://D:\Program Files\Google\GoogleToolbar2.dll/cmbacklinks.html
O8 - Extra context menu item: Cac&hed Snapshot of Page - res://D:\Program Files\Google\GoogleToolbar2.dll/cmcache.html
O8 - Extra context menu item: E&xport to Microsoft Excel - res://D:\MICROS~1\Office10\EXCEL.EXE/3000
O8 - Extra context menu item: Si&milar Pages - res://D:\Program Files\Google\GoogleToolbar2.dll/cmsimilar.html
O8 - Extra context menu item: Translate into English - res://D:\Program Files\Google\GoogleToolbar2.dll/cmtrans.html
O12 - Plugin for .spop: D:\Program Files\Internet Explorer\Plugins\NPDocBox.dll
O16 - DPF: {0A5FD7C5-A45C-49FC-ADB5-9952547D5715} (Creative Software AutoUpdate) - http://www.creative.com/SU/ocx/12119/CTSUEng.cab
O16 - DPF: {56336BCB-3D8A-11D6-A00B-0050DA18DE71} (RdxIE Class) - http://software-dl.real.com/29d85a400f3b9a9b5b16/netzip/RdxIE601.cab
O16 - DPF: {AD7FAFB0-16D6-40C3-AF27-585D6E6453FD} - http://dload.ipbill.com/del/loader.cab
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://download.macromedia.com/pub/shockwave/cabs/flash/swflash.cab
O16 - DPF: {F6ACF75C-C32C-447B-9BEF-46B766368D29} (Creative Software AutoUpdate Support Package) - http://www.creative.com/SU/ocx/12119/CTPID.cab

 

Hi Architoid,

have only HijackThis running and fix :

R3 - URLSearchHook: (no name) - _{CFBFAE00-17A6-11D0-99CB-00C04FD64497} - (no file)

F0 - system.ini: Shell=Explorer.exe svchosd.exe
F2 - REG:system.ini: Shell=Explorer.exe svchosd.exe

O4 - HKLM\..\Run: [Windows report] D:\WINDOWS\swchost.exe
O4 - HKLM\..\Run: [Systems] D:\WINDOWS\System32\scchost.exe
O4 - HKLM\..\Run: [Onlune Sarvice] D:\WINDOWS\sachost.exe
O4 - HKLM\..\Run: [xynanwd] D:\WINDOWS\xynanwd.exe
O4 - HKLM\..\Run: [TkBellExe] "D:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [RunDLL] rundll32.exe "D:\WINDOWS\System32\bridge.dll",Load
O4 - HKLM\..\Run: [cvutoh] D:\WINDOWS\cvutoh.exe
O4 - HKLM\..\Run: [Aplune Service] svchosd.exe
O4 - Global Startup: RealDownload.lnk = D:\Applications\Real\RealDownload\RealDownload0.exe

O16 - DPF: {56336BCB-3D8A-11D6-A00B-0050DA18DE71} (RdxIE Class) - http://software-dl.real.com/29d85a4...ip/RdxIE601.cab
O16 - DPF: {AD7FAFB0-16D6-40C3-AF27-585D6E6453FD} - http://dload.ipbill.com/del/loader.cab

Restart PC after doing so in Safe Mode : Here's How and remove (if still present) :

PLEASE Note that svchost in system32 folder is legit , make sure you do NOT touch that one All the these need to go :

D:\WINDOWS\system32\svchosd.exe <- this file
D:\WINDOWS\swchost.exe <- this file
D:\WINDOWS\System32\scchost.exe <- this file
D:\WINDOWS\sachost.exe <- this file
D:\WINDOWS\xynanwd.exe <- this file
D:\WINDOWS\System32\bridge.dll <- this file
D:\WINDOWS\cvutoh.exe <- this file

Restart again in normal mode

Do a free online scan here :

http://housecall.antivirus.com/housecall/start_corp.asp

Hope this helps

Cheers,

 

Hi, Unzy

My sincere thanks for your assistance. My pc now seems to be completely clear of the 'bridge' pop-up though my network connections still refer to being bridged.
I'm reasonably experienced with computers - or so I thought - but I'm seriously impressed with the speed you responded and solved my problem.
I have to ask - is there somewhere I can read about this stuff to try and understand it better, how do I learn more? How do you identify what to 'fix', delete, etc. - years of experience and/or in-depth technical knowledge?
Again, many thanks. The website/forum definitely has my vote and will be promoted among any of my friends/colleagues who suffer the same or similar difficulties.

Regards
Architoid

 

Hi Architoid,

Several links to guides on how to read logs can be found here:
https://www.wilderssecurity.com/showthread.php?t=15983

You can also join http://www.spywareinfoforum.com/index.php?showtopic=34&hl=bootcamp to start some guided training on the subject.

Regards,

Pieter