error c:\windows\system32\bridge.dll

Discussion in 'adware, spyware & hijack cleaning' started by Jungledyret, Jun 20, 2004.

Thread Status:
Not open for further replies.
  1. Jungledyret

    Jungledyret Registered Member

    Joined:
    Jun 20, 2004
    Posts:
    2
    Hi.
    When I start my com. I get this message: error c:\windows\system32\bridge.dll.

    I have done the 3 steps by using ad-aware.

    Here is the log file:

    Logfile of HijackThis v1.97.7
    Scan saved at 23:49:40, on 20-06-2004
    Platform: Windows XP SP1 (WinNT 5.01.2600)
    MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

    Running processes:
    C:\WINDOWS\System32\smss.exe
    C:\WINDOWS\system32\winlogon.exe
    C:\WINDOWS\system32\services.exe
    C:\WINDOWS\system32\lsass.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\System32\svchost.exe
    C:\WINDOWS\system32\spoolsv.exe
    C:\Programmer\Norton AntiVirus\navapsvc.exe
    C:\WINDOWS\System32\nvsvc32.exe
    C:\WINDOWS\System32\svchost.exe
    C:\WINDOWS\System32\MsPMSPSv.exe
    C:\WINDOWS\Explorer.EXE
    C:\WINDOWS\Mixer.exe
    C:\PROGRA~1\NORTON~1\navapw32.exe
    C:\Programmer\HP\HP Software Update\HPWuSchd.exe
    C:\Programmer\Fælles filer\Real\Update_OB\realsched.exe
    C:\WINDOWS\System32\P2P Networking\P2P Networking.exe
    C:\Programmer\Microsoft IntelliPoint\point32.exe
    C:\Programmer\Free Surfer\fs.exe
    C:\Programmer\Java\j2re1.4.2_04\bin\jusched.exe
    C:\Programmer\Common files\updmgr\updmgr.exe
    C:\PROGRA~1\MYWEBS~1\bar\1.bin\mwsoemon.exe
    C:\Programmer\D-Tools\daemon.exe
    C:\WINDOWS\System32\ctfmon.exe
    C:\Programmer\HP\Digital Imaging\bin\hpqtra08.exe
    C:\Programmer\Ventrilo\Ventrilo.exe
    C:\Programmer\Internet Explorer\iexplore.exe
    C:\Documents and Settings\Robert Jensen\Skrivebord\HijackThis.exe

    R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Hyperlinks
    R3 - URLSearchHook: PerfectNavBHO Class - {00D6A7E7-4A97-456f-848A-3B75BF7554D7} - C:\PROGRA~1\PERFEC~1\BHO\PERFEC~1.DLL
    O2 - BHO: MyWebSearch Search Assistant BHO - {00A6FAF1-072E-44cf-8957-5838F569A31D} - C:\Programmer\MyWebSearch\SrchAstt\1.bin\MWSSRCAS.DLL
    O2 - BHO: NavErrRedir Class - {00D6A7E7-4A97-456f-848A-3B75BF7554D7} - C:\PROGRA~1\PERFEC~1\BHO\PERFEC~1.DLL
    O2 - BHO: myBar BHO - {0494D0D1-F8E0-41ad-92A3-14154ECE70AC} - C:\Programmer\MyWay\myBar\1.bin\MYBAR.DLL
    O2 - BHO: (no name) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Programmer\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll
    O2 - BHO: mwsBar BHO - {07B18EA1-A523-4961-B6BB-170DE4475CCA} - C:\Programmer\MyWebSearch\bar\1.bin\MWSBAR.DLL
    O2 - BHO: (no name) - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\programmer\google\googletoolbar_en_2.0.111-big.dll
    O2 - BHO: NAV Helper - {BDF3E430-B101-42AD-A544-FADC6B084872} - C:\Programmer\Norton AntiVirus\NavShExt.dll
    O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx
    O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - C:\Programmer\Norton AntiVirus\NavShExt.dll
    O3 - Toolbar: (no name) - {BDF6CE3D-F5C5-4462-9814-3C8EAC330CA8} - (no file)
    O3 - Toolbar: My &Search Bar - {0494D0D9-F8E0-41ad-92A3-14154ECE70AC} - C:\Programmer\MyWay\myBar\1.bin\MYBAR.DLL
    O3 - Toolbar: My &Web Search - {07B18EA9-A523-4961-B6BB-170DE4475CCA} - C:\Programmer\MyWebSearch\bar\1.bin\MWSBAR.DLL
    O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\WINDOWS\Downloaded Program Files\googlenav.dll
    O4 - HKLM\..\Run: [WebRebates] wjview /cp:p "C:\Programmer\websearch\System\Code" Main lp: "C:\Programmer\websearch
    O4 - HKLM\..\Run: [webHancer Survey Companion] "C:\Program Files\webHancer\Programs\whSurvey.exe"
    O4 - HKLM\..\Run: [WAST] C:\WINDOWS\WAST
    O4 - HKLM\..\Run: [updmgr] C:\Programmer\Common files\updmgr\updmgr.exe
    O4 - HKLM\..\Run: [TkBellExe] "C:\Programmer\Fælles filer\Real\Update_OB\realsched.exe" -osboot
    O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Programmer\Java\j2re1.4.2_04\bin\jusched.exe
    O4 - HKLM\..\Run: [RunDLL] rundll32.exe "C:\WINDOWS\System32\bridge.dll",Load
    O4 - HKLM\..\Run: [PopUpKiller] C:\Programmer\PopUp Killer\popupkiller.EXE
    O4 - HKLM\..\Run: [P2P Networking] C:\WINDOWS\System32\P2P Networking\P2P Networking.exe /AUTOSTART
    O4 - HKLM\..\Run: [OSSProxy] C:\WINDOWS\system32\ossproxy.exe -boot
    O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
    O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\System32\NvCpl.dll,NvStartup
    O4 - HKLM\..\Run: [NeroCheck] C:\WINDOWS\system32\NeroCheck.exe
    O4 - HKLM\..\Run: [NAV Agent] C:\PROGRA~1\NORTON~1\navapw32.exe
    O4 - HKLM\..\Run: [MyWebSearch Email Plugin] C:\PROGRA~1\MYWEBS~1\bar\1.bin\mwsoemon.exe
    O4 - HKLM\..\Run: [IntelliPoint] "C:\Programmer\Microsoft IntelliPoint\point32.exe"
    O4 - HKLM\..\Run: [HP Software Update] "C:\Programmer\HP\HP Software Update\HPWuSchd.exe"
    O4 - HKLM\..\Run: [HP Component Manager] "C:\Programmer\HP\hpcoretech\hpcmpmgr.exe"
    O4 - HKLM\..\Run: [freesurfer] C:\Programmer\Free Surfer\fs.exe
    O4 - HKLM\..\Run: [DAEMON Tools-1033] "C:\Programmer\D-Tools\daemon.exe" -lang 1033
    O4 - HKLM\..\Run: [C-Media Mixer] Mixer.exe /startup
    O4 - HKCU\..\Run: [Symantec NetDriver Monitor] C:\PROGRA~1\Symantec\LIVEUP~1\SNDMon.EXE
    O4 - HKCU\..\Run: [Steam] "c:\programmer\steam\steam.exe" -silent
    O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\ctfmon.exe
    O4 - HKLM\..\RunOnce: [Ad-aware] "C:\Programmer\Lavasoft\Ad-aware 6\Ad-aware.exe" "+b1"
    O4 - Startup: MyWebSearch Email Plugin.lnk = C:\Programmer\MyWebSearch\bar\1.bin\MWSOEMON.EXE
    O4 - Global Startup: MyWebSearch Email Plugin.lnk = C:\Programmer\MyWebSearch\bar\1.bin\MWSOEMON.EXE
    O4 - Global Startup: Microsoft Office.lnk = C:\Programmer\Microsoft Office\Office\OSA9.EXE
    O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Programmer\HP\Digital Imaging\bin\hpqtra08.exe
    O4 - Global Startup: GStartup.lnk = ?
    O4 - Global Startup: Date Manager.lnk = C:\Programmer\Date Manager\DateManager.exe
    O4 - Global Startup: Adobe Gamma Loader.lnk = ?
    O8 - Extra context menu item: &Google Search - res://C:\WINDOWS\Downloaded Program Files\googlenav.dll/cmsearch.html
    O8 - Extra context menu item: &Search - http://bar.mywebsearch.com/menusearch.html?p=ZSXXXXXX36
    O8 - Extra context menu item: Backward &Links - res://C:\WINDOWS\Downloaded Program Files\googlenav.dll/cmbacklinks.html
    O8 - Extra context menu item: Cac&hed Snapshot of Page - res://C:\WINDOWS\Downloaded Program Files\googlenav.dll/cmcache.html
    O8 - Extra context menu item: Si&milar Pages - res://C:\WINDOWS\Downloaded Program Files\googlenav.dll/cmsimilar.html
    O8 - Extra context menu item: Translate into English - res://c:\programmer\google\GoogleToolbar_en_2.0.111-big.dll/cmtrans.html
    O8 - Extra context menu item: Web Rebates - file://C:\Programmer\websearch\System\Temp\topr1150_script0.htm
    O9 - Extra 'Tools' menuitem: Sun Java Console (HKLM)
    O9 - Extra button: Messenger (HKLM)
    O9 - Extra 'Tools' menuitem: Messenger (HKLM)
    O10 - Broken Internet access because of LSP provider 'osmim.dll' missing
    O16 - DPF: {166B1BCA-3F9C-11CF-8075-444553540000} (Shockwave ActiveX Control) - http://download.macromedia.com/pub/shockwave/cabs/director/sw.cab
    O16 - DPF: {1D4DB7D2-6EC9-47A3-BD87-1E41684E07BB} - http://ak.imgfarm.com/images/nocache/funwebproducts/ei/SmileyCentralInitialSetup1.0.0.8.cab
    O16 - DPF: {1D6711C8-7154-40BB-8380-3DEA45B69CBF} (Web P2P Installer) -
    O16 - DPF: {6CB5E471-C305-11D3-99A8-000086395495} (Google Activate) - http://toolbar.google.com/data/da/big/1.1.62-big/GoogleNav.cab
    O16 - DPF: {78AF2F24-A9C3-11D3-BF8C-0060B0FCC122} (AcDcToday Control) - file://C:\Programmer\AutoCAD 2002\AcDcToday.ocx
    O16 - DPF: {917623D1-D8E5-11D2-BE8B-00104B06BDE3} (CamImage Class) - http://www.axis.com/products/camera_servers/AxisCamControl.ocx
    O16 - DPF: {9F1C11AA-197B-4942-BA54-47A8489BB47F} (Update Class) - http://v4.windowsupdate.microsoft.com/CAB/x86/unicode/iuctl.CAB?37650.7403356481
    O16 - DPF: {AE563720-B4F5-11D4-A415-00108302FDFD} (NOXLATE-BANR) - file://C:\Programmer\AutoCAD 2002\InstBanr.ocx
    O16 - DPF: {C6637286-300D-11D4-AE0A-0010830243BD} (InstaFred) - file://C:\Programmer\AutoCAD 2002\InstFred.ocx
    O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - https://download.macromedia.com/pub/shockwave/cabs/flash/swflash.cab
    O16 - DPF: {D8575CE3-3432-4540-88A9-85A1325D3375} (e-Safekey®) - https://netbank.danskebank.dk/html/activex/e-Safekey/DB/e-Safekey.cab
    O16 - DPF: {F281A59C-7B65-11D3-8617-0010830243BD} (AcPreview Control) - file://C:\Programmer\AutoCAD 2002\AcPreview.ocx
    O16 - DPF: {F6A56D95-A3A3-11D2-AC26-400000058481} (Danske e-Sec) - https://netbank.danskebank.dk/netbank/activex/DanskeSikker.cab

    Hope u can help me.

    Jungledyret.
     
  2. Yellowhammer

    Yellowhammer Spyware Fighter

    Joined:
    May 23, 2004
    Posts:
    53
    Location:
    Alabama, USA
    Reboot and let adware run again if you have not already done so. It is scheduled to startup after a reboot.

    Move hijackthis off the desktop (Skrivebord) and into a folder. Right click on your desktop and select New>Folder. Name the folder hijackthis. Then move hijackthis.exe from the desktop into the new folder.

    Make sure you can view hidden and system files: Instructions here.

    Go to add/remove programs and uninstall the following:
    MyWay
    MyWebSearch
    webHancer
    websearch
    P2P Networking

    Some of these may be listed under slightly different names.

    To uninstall OSSProxy click on Start -> Run and enter "windows\SYSTEM\NSCheck.exe /uninstall" followed by enter - this removes all registry entries and a box appears saying "uninstall successful. Find and delete the files nscheck.exe, ossproxy.exe.rvt & ossproxy.exe

    Boot to safe mode: Instructions here.

    Then Close all windows and have hijackthis fix the following:

    R3 - URLSearchHook: PerfectNavBHO Class - {00D6A7E7-4A97-456f-848A-3B75BF7554D7} - C:\PROGRA~1\PERFEC~1\BHO\PERFEC~1.DLL

    O2 - BHO: MyWebSearch Search Assistant BHO - {00A6FAF1-072E-44cf-8957-5838F569A31D} - C:\Programmer\MyWebSearch\SrchAstt\1.bin\MWSSRCAS.DLL
    O2 - BHO: NavErrRedir Class - {00D6A7E7-4A97-456f-848A-3B75BF7554D7} - C:\PROGRA~1\PERFEC~1\BHO\PERFEC~1.DLL
    O2 - BHO: myBar BHO - {0494D0D1-F8E0-41ad-92A3-14154ECE70AC} - C:\Programmer\MyWay\myBar\1.bin\MYBAR.DLL
    O2 - BHO: mwsBar BHO - {07B18EA1-A523-4961-B6BB-170DE4475CCA} - C:\Programmer\MyWebSearch\bar\1.bin\MWSBAR.DLL

    O3 - Toolbar: (no name) - {BDF6CE3D-F5C5-4462-9814-3C8EAC330CA8} - (no file)
    O3 - Toolbar: My &Search Bar - {0494D0D9-F8E0-41ad-92A3-14154ECE70AC} - C:\Programmer\MyWay\myBar\1.bin\MYBAR.DLL
    O3 - Toolbar: My &Web Search - {07B18EA9-A523-4961-B6BB-170DE4475CCA} - C:\Programmer\MyWebSearch\bar\1.bin\MWSBAR.DLL

    O4 - HKLM\..\Run: [WebRebates] wjview /cp:p "C:\Programmer\websearch\System\Code" Main lp: "C:\Programmer\websearch
    O4 - HKLM\..\Run: [webHancer Survey Companion] "C:\Program Files\webHancer\Programs\whSurvey.exe"
    O4 - HKLM\..\Run: [WAST] C:\WINDOWS\WAST
    O4 - HKLM\..\Run: [updmgr] C:\Programmer\Common files\updmgr\updmgr.exe
    O4 - HKLM\..\Run: [RunDLL] rundll32.exe "C:\WINDOWS\System32\bridge.dll",Load
    O4 - HKLM\..\Run: [P2P Networking] C:\WINDOWS\System32\P2P Networking\P2P Networking.exe /AUTOSTART
    O4 - HKLM\..\Run: [OSSProxy] C:\WINDOWS\system32\ossproxy.exe -boot
    O4 - HKLM\..\Run: [MyWebSearch Email Plugin] C:\PROGRA~1\MYWEBS~1\bar\1.bin\mwsoemon.exe
    O4 - Startup: MyWebSearch Email Plugin.lnk = C:\Programmer\MyWebSearch\bar\1.bin\MWSOEMON.EXE
    O4 - Global Startup: MyWebSearch Email Plugin.lnk = C:\Programmer\MyWebSearch\bar\1.bin\MWSOEMON.EXE
    O4 - Global Startup: GStartup.lnk = ?
    O4 - Global Startup: Date Manager.lnk = C:\Programmer\Date Manager\DateManager.exe
    O4 - Global Startup: Adobe Gamma Loader.lnk = ?

    O8 - Extra context menu item: &Search - http://bar.mywebsearch.com/menusearch.html?p=ZSXXXXXX36
    O8 - Extra context menu item: Web Rebates - file://C:\Programmer\websearch\System\Temp\topr1150_script0.htm

    O16 - DPF: {1D4DB7D2-6EC9-47A3-BD87-1E41684E07BB} - http://ak.imgfarm.com/images/nocach...etup1.0.0.8.cab
    O16 - DPF: {1D6711C8-7154-40BB-8380-3DEA45B69CBF} (Web P2P Installer) -

    Then while in safe mode delete the following:

    C:\Programmer\MyWay <-Folder
    C:\Programmer\MyWebSearch <-Folder
    C:\Program Files\webHancer <-Folder
    C:\WINDOWS\WAST <-File
    C:\Programmer\Common files\updmgr <-Folder
    C:\WINDOWS\System32\bridge.dll <-File
    C:\WINDOWS\System32\P2P Networking <-Folder
    C:\Programmer\Date Manager <-Folder

    Then browse to the C:\documents and settings\\Robert Jensen (repeat for all users)\local settings\temp folder and delete all files and folders in it.
    Then browse to the C:\Windows\Temp folder and delete all files in it.
    Then in internet explore click tools>internet Options>General. Click on Delete Files make sure you get all offline content as well.

    Then empty the recycle bin.

    Then reboot to normal mode.

    Then,

    Download ad-aware here -> http://fileforum.betanews.com/detail.php3?fid=965718306

    Before you scan with AdAware, check for updates of the reference file by using the "webupdate".

    Then ........

    From main window :Click "Start" then " Activate in-depth scan"

    then......

    click "Use custom scanning options>Customize" and have these options on: "Scan within archives" ,"Scan active processes","Scan registry", "Deep scan registry" ,"Scan my IE Favorites for banned URL" and "Scan my host-files"

    then.........

    Click the "Tweak" button.

    Open up the "Scanning Engine" section and tick "Unload recognized processes during scanning"

    Then........"Cleaning engine" and "Let windows remove files in use at next reboot" and "Automatically try to unregister objects prior to deletion"

    then...... click "proceed" to save your settings.

    Now to scan it´s just to click the "Next" button.

    When scan is finished, mark everything for removal and get rid of it. .(Right-click the window and choose"select all" from the drop down menu) then press next and then say yes to the prompt, do you want to remove all these entries.

    Then,

    Download SPYBOT Search and Destroy here-> http://www.safer-networking.org/index.php?page=mirrors
    Install the program and then start it. Once the program has started make sure you are in the Spybot-S&D section. Click on the "Search for Updates" button. Download all updates. In some cases the program will restart after an update. When updated, click on the "Check for Problems" button. When the Check is over All problems displayed in red are regarded as real threats and should be dealt with. Make sure they are all selected and click the "Fix selected problems" button.

    Then Disable system restore: Instructions here.

    Reboot

    Enable system restore.

    Scan and post another hijackthis log.
     
Thread Status:
Not open for further replies.