c:/windows/system32/bridge.dll

Discussion in 'adware, spyware & hijack cleaning' started by bieghler, May 18, 2004.

Thread Status:
Not open for further replies.
  1. bieghler

    bieghler Registered Member

    Joined:
    May 18, 2004
    Posts:
    1
    AVG detected a virus on my system last Sunday (5/16). I sent the virus to the virus vault and it keeps reappearing. Today, after shutting down an rebooting, I got the error message:

    c:/windows/system32/bridge.dll Specified module could not be found.

    I have followed all of the instructions posted on your forum:

    https://www.wilderssecurity.com/showthread.php?t=15913

    I have run Ad-aware and Spybot and finally Hijack This. The following is my log from hijack this:

    Logfile of HijackThis v1.97.7
    Scan saved at 6:02:34 PM, on 5/18/2004
    Platform: Windows XP (WinNT 5.01.2600)
    MSIE: Internet Explorer v6.00 (6.00.2600.0000)

    Running processes:
    C:\WINDOWS\System32\smss.exe
    C:\WINDOWS\system32\winlogon.exe
    C:\WINDOWS\system32\services.exe
    C:\WINDOWS\system32\lsass.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\System32\svchost.exe
    C:\WINDOWS\system32\spoolsv.exe
    C:\PROGRA~1\Grisoft\AVG6\avgserv.exe
    C:\WINDOWS\System32\nvsvc32.exe
    C:\WINDOWS\System32\svchost.exe
    C:\WINDOWS\Explorer.EXE
    C:\Program Files\QuickTime\qttask.exe
    C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\printray.exe
    C:\Program Files\Common Files\Microsoft Shared\Works Shared\WkUFind.exe
    C:\WINDOWS\GWMDMMSG.exe
    C:\Program Files\PhoneTools\CapFax.EXE
    C:\Program Files\Hewlett-Packard\Digital Imaging\Unload\hpqcmon.exe
    C:\Program Files\Hewlett-Packard\HP Share-to-Web\hpgs2wnd.exe
    C:\Program Files\Adaptec\Easy CD Creator 5\DirectCD\DirectCD.exe
    C:\PROGRA~1\LEXMAR~1\ACMonitor_X83.exe
    C:\PROGRA~1\LEXMAR~1\AcBtnMgr_X83.exe
    C:\PROGRA~1\Grisoft\AVG6\avgcc32.exe
    C:\Program Files\Microsoft ActiveSync\WCESCOMM.EXE
    C:\Program Files\Common Files\Microsoft Shared\Works

    Shared\wkcalrem.exe
    C:\Program Files\Hewlett-Packard\HP Share-to-Web\hpgs2wnf.exe
    C:\Program Files\Internet Explorer\IEXPLORE.EXE
    C:\Program Files\Internet Explorer\IEXPLORE.EXE
    C:\Documents and Settings\Angela Bieghler\Local Settings\Temp\Temporary

    Directory 1 for hijackthis1977[1].zip\HijackThis.exe

    R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page =

    http://red.clientapps.yahoo.com/customize/ie/defaults/sp/ymsgr/*http://

    www.yahoo.com
    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page =

    http://www.sugardog.com/
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page =

    http://red.clientapps.yahoo.com/customize/ie/defaults/sp/ymsgr/*http://

    www.yahoo.com
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL =

    http://red.clientapps.yahoo.com/customize/ie/defaults/stp/ymsgr*http://

    my.yahoo.com
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL

    =

    http://red.clientapps.yahoo.com/customize/ie/defaults/su/ymsgr/*http://

    www.yahoo.com
    R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) =

    http://red.clientapps.yahoo.com/customize/ie/defaults/su/ymsgr/*http://

    www.yahoo.com
    O2 - BHO: (no name) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} -

    C:\Program Files\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx
    O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} -

    C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
    O2 - BHO: (no name) - {FDD3B846-8D59-4ffb-8758-209B6AD74ACC} -

    C:\Program Files\Microsoft Money\System\mnyviewer.dll
    O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} -

    C:\WINDOWS\System32\msdxm.ocx
    O4 - HKLM\..\Run: [QuickTime Task] "C:\Program

    Files\QuickTime\qttask.exe" -atboottime
    O4 - HKLM\..\Run: [PrinTray]

    C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\printray.exe
    O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE NvQTwk,NvCplDaemon

    initialize
    O4 - HKLM\..\Run: [MoneyStartUp10.0] "C:\Program Files\Microsoft

    Money\System\Activation.exe"
    O4 - HKLM\..\Run: [Microsoft Works Update Detection] C:\Program

    Files\Common Files\Microsoft Shared\Works Shared\WkUFind.exe
    O4 - HKLM\..\Run: [Microsoft Works Portfolio] C:\Program

    Files\Microsoft Works\WksSb.exe /AllUsers
    O4 - HKLM\..\Run: [GWMDMMSG] GWMDMMSG.exe
    O4 - HKLM\..\Run: [CapFax] C:\Program Files\PhoneTools\CapFax.EXE
    O4 - HKLM\..\Run: [CamMonitor] C:\Program Files\Hewlett-Packard\Digital

    Imaging\Unload\hpqcmon.exe
    O4 - HKLM\..\Run: [Share-to-Web Namespace Daemon] C:\Program

    Files\Hewlett-Packard\HP Share-to-Web\hpgs2wnd.exe
    O4 - HKLM\..\Run: [AdaptecDirectCD] "C:\Program Files\Adaptec\Easy CD

    Creator 5\DirectCD\DirectCD.exe"
    O4 - HKLM\..\Run: [Lexmark X83 Button Monitor]

    C:\PROGRA~1\LEXMAR~1\ACMonitor_X83.exe
    O4 - HKLM\..\Run: [Lexmark X83 Button Manager]

    C:\PROGRA~1\LEXMAR~1\AcBtnMgr_X83.exe
    O4 - HKLM\..\Run: [AVG_CC] C:\PROGRA~1\Grisoft\AVG6\avgcc32.exe

    /STARTUP
    O4 - HKCU\..\Run: [Mail.com] C:\Program Files\mail.com\mcalert.exe

    -auto
    O4 - HKCU\..\Run: [H/PC Connection Agent] "C:\Program Files\Microsoft

    ActiveSync\WCESCOMM.EXE"
    O4 - HKCU\..\Run: [Yahoo! Pager] C:\Program

    Files\Yahoo!\Messenger\ypager.exe -quiet
    O4 - Global Startup: hp instant support.lnk = C:\Program

    Files\Hewlett-Packard\HP Instant Support DI\bin\matcli.exe
    O4 - Global Startup: Install Pending Files.LNK = C:\Program

    Files\SIFXINST\SIFXINST.EXE
    O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft

    Office\Office10\OSA.EXE
    O4 - Global Startup: Microsoft Works Calendar Reminders.lnk = ?
    O8 - Extra context menu item: E&xport to Microsoft Excel -

    res://C:\PROGRA~1\MI1933~1\Office10\EXCEL.EXE/3000
    O8 - Extra context menu item: Yahoo! Dictionary - file:///C:\Program

    Files\Yahoo!\Common/ycdict.htm
    O8 - Extra context menu item: Yahoo! Search - file:///C:\Program

    Files\Yahoo!\Common/ycsrch.htm
    O9 - Extra button: Create Mobile Favorite (HKLM)
    O9 - Extra 'Tools' menuitem: Create Mobile Favorite... (HKLM)
    O9 - Extra button: MoneySide (HKLM)
    O9 - Extra button: Messenger (HKLM)
    O9 - Extra 'Tools' menuitem: Messenger (HKLM)
    O12 - Plugin for .mp3: C:\Program Files\Internet

    Explorer\PLUGINS\npqtplugin4.dll
    O12 - Plugin for .pdf: C:\Program Files\Internet

    Explorer\PLUGINS\nppdf32.dll
    O12 - Plugin for .spop: C:\Program Files\Internet

    Explorer\Plugins\NPDocBox.dll
    O16 - DPF: Sametime Meeting Toolkit ST25 -

    file://C:\WINDOWS\Java\ControlF1\STMeeting25.cab
    O16 - DPF: {02BCC737-B171-4746-94C9-0D8A0B2C0089} (Microsoft Office

    Template and Media Control) -

    http://office.microsoft.com/templates/ieawsdc.cab
    O16 - DPF: {0878B424-1F95-4E26-B5AB-F0D349D89650} -

    http://www.net2phone.com/jump/mail/download/mcea110.cab
    O16 - DPF: {17D72920-7A15-11D4-921E-0080C8DA7A5E} (AimSp32 Class) -

    http://makeover.substance.com/save/makeover.cab
    O16 - DPF: {30528230-99F7-4BB4-88D8-FA1D4F56A2AB} (YInstStarter Class)

    - http://download.yahoo.com/dl/installs/yinst.cab
    O16 - DPF: {9522B3FB-7A2B-4646-8AF6-36E7F593073C} (cpbrkpie Control) -

    http://a19.g.akamai.net/7/19/7125/4019/ftp.coupons.com/v3123/cpbrkpie.c

    ab
    O16 - DPF: {9A57B18E-2F5D-11D5-8997-00104BD12D94} (compid Class) -

    http://support.gateway.com/support/serialharvest/gwCID.CAB
    O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash

    Object) -

    http://download.macromedia.com/pub/shockwave/cabs/flash/swflash.cab
    O16 - DPF: {DF6A0F17-0B1E-11D4-829D-00C04F6843FE} (Microsoft Office

    Tools on the Web Control) -

    http://officeupdate.microsoft.com/TemplateGallery/downloads/outc.cab
    O17 -

    HKLM\System\CCS\Services\Tcpip\..\{F1A22220-D543-4E9F-8C5C-586A2CD542D7

    }: NameServer = 206.230.181.2 206.230.178.2

    Thank you in advance for your help!
     
  2. Pieter_Arntz

    Pieter_Arntz Spyware Veteran

    Joined:
    Apr 27, 2002
    Posts:
    13,331
    Location:
    Netherlands
    Hi bieghler,

    Before you start, please unzip hijackthis to a separate folder. The program will make backups in the folder in the folder it's in.
    These easily get lost in a Temp folder.

    Check the items listed below in HijackThis, close all windows except HijackThis and click Fix checked:

    R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page =
    http://red.clientapps.yahoo.com/customize/ie/defaults/sp/ymsgr/*http://www.yahoo.com

    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page =
    http://red.clientapps.yahoo.com/customize/ie/defaults/sp/ymsgr/*http://www.yahoo.com
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL =
    http://red.clientapps.yahoo.com/cus...ze/ie/defaults/su/ymsgr/*http://www.yahoo.com
    R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) =
    http://red.clientapps.yahoo.com/customize/ie/defaults/su/ymsgr/*http://www.yahoo.com

    O16 - DPF: {9522B3FB-7A2B-4646-8AF6-36E7F593073C} (cpbrkpie Control) -
    ttp://a19.g.akamai.net/7/19/7125/4019/ftp.coupons.com/v3123/cpbrkpie.cab

    Then reboot.

    Regards,

    Pieter
     
Thread Status:
Not open for further replies.