c:/windows/system32/bridge.dll

Discussion in 'adware, spyware & hijack cleaning' started by bieghler, May 18, 2004.

Thread Status:
Not open for further replies.
  1. bieghler

    bieghler Registered Member

    Joined:
    May 18, 2004
    Posts:
    1
    AVG detected a virus on my system last Sunday (5/16). I sent the virus to the virus vault and it keeps reappearing. Today, after shutting down an rebooting, I got the error message:

    c:/windows/system32/bridge.dll Specified module could not be found.

    I have followed all of the instructions posted on your forum:

    https://www.wilderssecurity.com/showthread.php?t=15913

    I have run Ad-aware and Spybot and finally Hijack This. The following is my log from hijack this:

    Logfile of HijackThis v1.97.7
    Scan saved at 6:02:34 PM, on 5/18/2004
    Platform: Windows XP (WinNT 5.01.2600)
    MSIE: Internet Explorer v6.00 (6.00.2600.0000)

    Running processes:
    C:\WINDOWS\System32\smss.exe
    C:\WINDOWS\system32\winlogon.exe
    C:\WINDOWS\system32\services.exe
    C:\WINDOWS\system32\lsass.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\System32\svchost.exe
    C:\WINDOWS\system32\spoolsv.exe
    C:\PROGRA~1\Grisoft\AVG6\avgserv.exe
    C:\WINDOWS\System32\nvsvc32.exe
    C:\WINDOWS\System32\svchost.exe
    C:\WINDOWS\Explorer.EXE
    C:\Program Files\QuickTime\qttask.exe
    C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\printray.exe
    C:\Program Files\Common Files\Microsoft Shared\Works Shared\WkUFind.exe
    C:\WINDOWS\GWMDMMSG.exe
    C:\Program Files\PhoneTools\CapFax.EXE
    C:\Program Files\Hewlett-Packard\Digital Imaging\Unload\hpqcmon.exe
    C:\Program Files\Hewlett-Packard\HP Share-to-Web\hpgs2wnd.exe
    C:\Program Files\Adaptec\Easy CD Creator 5\DirectCD\DirectCD.exe
    C:\PROGRA~1\LEXMAR~1\ACMonitor_X83.exe
    C:\PROGRA~1\LEXMAR~1\AcBtnMgr_X83.exe
    C:\PROGRA~1\Grisoft\AVG6\avgcc32.exe
    C:\Program Files\Microsoft ActiveSync\WCESCOMM.EXE
    C:\Program Files\Common Files\Microsoft Shared\Works

    Shared\wkcalrem.exe
    C:\Program Files\Hewlett-Packard\HP Share-to-Web\hpgs2wnf.exe
    C:\Program Files\Internet Explorer\IEXPLORE.EXE
    C:\Program Files\Internet Explorer\IEXPLORE.EXE
    C:\Documents and Settings\Angela Bieghler\Local Settings\Temp\Temporary

    Directory 1 for hijackthis1977[1].zip\HijackThis.exe

    R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page =

    http://red.clientapps.yahoo.com/customize/ie/defaults/sp/ymsgr/*http://

    www.yahoo.com
    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page =

    http://www.sugardog.com/
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page =

    http://red.clientapps.yahoo.com/customize/ie/defaults/sp/ymsgr/*http://

    www.yahoo.com
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL =

    http://red.clientapps.yahoo.com/customize/ie/defaults/stp/ymsgr*http://

    my.yahoo.com
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL

    =

    http://red.clientapps.yahoo.com/customize/ie/defaults/su/ymsgr/*http://

    www.yahoo.com
    R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) =

    http://red.clientapps.yahoo.com/customize/ie/defaults/su/ymsgr/*http://

    www.yahoo.com
    O2 - BHO: (no name) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} -

    C:\Program Files\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx
    O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} -

    C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
    O2 - BHO: (no name) - {FDD3B846-8D59-4ffb-8758-209B6AD74ACC} -

    C:\Program Files\Microsoft Money\System\mnyviewer.dll
    O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} -

    C:\WINDOWS\System32\msdxm.ocx
    O4 - HKLM\..\Run: [QuickTime Task] "C:\Program

    Files\QuickTime\qttask.exe" -atboottime
    O4 - HKLM\..\Run: [PrinTray]

    C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\printray.exe
    O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE NvQTwk,NvCplDaemon

    initialize
    O4 - HKLM\..\Run: [MoneyStartUp10.0] "C:\Program Files\Microsoft

    Money\System\Activation.exe"
    O4 - HKLM\..\Run: [Microsoft Works Update Detection] C:\Program

    Files\Common Files\Microsoft Shared\Works Shared\WkUFind.exe
    O4 - HKLM\..\Run: [Microsoft Works Portfolio] C:\Program

    Files\Microsoft Works\WksSb.exe /AllUsers
    O4 - HKLM\..\Run: [GWMDMMSG] GWMDMMSG.exe
    O4 - HKLM\..\Run: [CapFax] C:\Program Files\PhoneTools\CapFax.EXE
    O4 - HKLM\..\Run: [CamMonitor] C:\Program Files\Hewlett-Packard\Digital

    Imaging\Unload\hpqcmon.exe
    O4 - HKLM\..\Run: [Share-to-Web Namespace Daemon] C:\Program

    Files\Hewlett-Packard\HP Share-to-Web\hpgs2wnd.exe
    O4 - HKLM\..\Run: [AdaptecDirectCD] "C:\Program Files\Adaptec\Easy CD

    Creator 5\DirectCD\DirectCD.exe"
    O4 - HKLM\..\Run: [Lexmark X83 Button Monitor]

    C:\PROGRA~1\LEXMAR~1\ACMonitor_X83.exe
    O4 - HKLM\..\Run: [Lexmark X83 Button Manager]

    C:\PROGRA~1\LEXMAR~1\AcBtnMgr_X83.exe
    O4 - HKLM\..\Run: [AVG_CC] C:\PROGRA~1\Grisoft\AVG6\avgcc32.exe

    /STARTUP
    O4 - HKCU\..\Run: [Mail.com] C:\Program Files\mail.com\mcalert.exe

    -auto
    O4 - HKCU\..\Run: [H/PC Connection Agent] "C:\Program Files\Microsoft

    ActiveSync\WCESCOMM.EXE"
    O4 - HKCU\..\Run: [Yahoo! Pager] C:\Program

    Files\Yahoo!\Messenger\ypager.exe -quiet
    O4 - Global Startup: hp instant support.lnk = C:\Program

    Files\Hewlett-Packard\HP Instant Support DI\bin\matcli.exe
    O4 - Global Startup: Install Pending Files.LNK = C:\Program

    Files\SIFXINST\SIFXINST.EXE
    O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft

    Office\Office10\OSA.EXE
    O4 - Global Startup: Microsoft Works Calendar Reminders.lnk = ?
    O8 - Extra context menu item: E&xport to Microsoft Excel -

    res://C:\PROGRA~1\MI1933~1\Office10\EXCEL.EXE/3000
    O8 - Extra context menu item: Yahoo! Dictionary - file:///C:\Program

    Files\Yahoo!\Common/ycdict.htm
    O8 - Extra context menu item: Yahoo! Search - file:///C:\Program

    Files\Yahoo!\Common/ycsrch.htm
    O9 - Extra button: Create Mobile Favorite (HKLM)
    O9 - Extra 'Tools' menuitem: Create Mobile Favorite... (HKLM)
    O9 - Extra button: MoneySide (HKLM)
    O9 - Extra button: Messenger (HKLM)
    O9 - Extra 'Tools' menuitem: Messenger (HKLM)
    O12 - Plugin for .mp3: C:\Program Files\Internet

    Explorer\PLUGINS\npqtplugin4.dll
    O12 - Plugin for .pdf: C:\Program Files\Internet

    Explorer\PLUGINS\nppdf32.dll
    O12 - Plugin for .spop: C:\Program Files\Internet

    Explorer\Plugins\NPDocBox.dll
    O16 - DPF: Sametime Meeting Toolkit ST25 -

    file://C:\WINDOWS\Java\ControlF1\STMeeting25.cab
    O16 - DPF: {02BCC737-B171-4746-94C9-0D8A0B2C0089} (Microsoft Office

    Template and Media Control) -

    http://office.microsoft.com/templates/ieawsdc.cab
    O16 - DPF: {0878B424-1F95-4E26-B5AB-F0D349D89650} -

    http://www.net2phone.com/jump/mail/download/mcea110.cab
    O16 - DPF: {17D72920-7A15-11D4-921E-0080C8DA7A5E} (AimSp32 Class) -

    http://makeover.substance.com/save/makeover.cab
    O16 - DPF: {30528230-99F7-4BB4-88D8-FA1D4F56A2AB} (YInstStarter Class)

    - http://download.yahoo.com/dl/installs/yinst.cab
    O16 - DPF: {9522B3FB-7A2B-4646-8AF6-36E7F593073C} (cpbrkpie Control) -

    http://a19.g.akamai.net/7/19/7125/4019/ftp.coupons.com/v3123/cpbrkpie.c

    ab
    O16 - DPF: {9A57B18E-2F5D-11D5-8997-00104BD12D94} (compid Class) -

    http://support.gateway.com/support/serialharvest/gwCID.CAB
    O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash

    Object) -

    http://download.macromedia.com/pub/shockwave/cabs/flash/swflash.cab
    O16 - DPF: {DF6A0F17-0B1E-11D4-829D-00C04F6843FE} (Microsoft Office

    Tools on the Web Control) -

    http://officeupdate.microsoft.com/TemplateGallery/downloads/outc.cab
    O17 -

    HKLM\System\CCS\Services\Tcpip\..\{F1A22220-D543-4E9F-8C5C-586A2CD542D7

    }: NameServer = 206.230.181.2 206.230.178.2

    Thank you in advance for your help!
     
    bieghler, May 18, 2004
    #1
  2. Pieter_Arntz

    Pieter_Arntz Spyware Veteran

    Joined:
    Apr 27, 2002
    Posts:
    13,491
    Location:
    Netherlands
    Hi bieghler,

    Before you start, please unzip hijackthis to a separate folder. The program will make backups in the folder in the folder it's in.
    These easily get lost in a Temp folder.

    Check the items listed below in HijackThis, close all windows except HijackThis and click Fix checked:

    R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page =
    http://red.clientapps.yahoo.com/customize/ie/defaults/sp/ymsgr/*http://www.yahoo.com

    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page =
    http://red.clientapps.yahoo.com/customize/ie/defaults/sp/ymsgr/*http://www.yahoo.com
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL =
    http://red.clientapps.yahoo.com/cus...ze/ie/defaults/su/ymsgr/*http://www.yahoo.com
    R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) =
    http://red.clientapps.yahoo.com/customize/ie/defaults/su/ymsgr/*http://www.yahoo.com

    O16 - DPF: {9522B3FB-7A2B-4646-8AF6-36E7F593073C} (cpbrkpie Control) -
    ttp://a19.g.akamai.net/7/19/7125/4019/ftp.coupons.com/v3123/cpbrkpie.cab

    Then reboot.

    Regards,

    Pieter
     
    Pieter_Arntz, May 19, 2004
    #2
Thread Status:
Not open for further replies.
  1. This site uses cookies to help personalise content, tailor your experience and to keep you logged in if you register.
    By continuing to use this site, you are consenting to our use of cookies.
    Accept Learn More...