Error loading C:\WINDOWS\System32\bridge.dll

Discussion in 'adware, spyware & hijack cleaning' started by Annamator, Jun 16, 2004.

Thread Status:
Not open for further replies.
  1. Annamator

    Annamator Registered Member

    Joined:
    Jun 16, 2004
    Posts:
    2
    I followed instructions, scanning with Adaware.
    this is the problem I hope to fix most of all

    Error loading C:\WINDOWS\System32\bridge.dll

    I also recieve this error when I try to open a quicktime file. This has never happened before

    "QuickTimePlayer:QuickTimePlayer.exe - No Disk"
    There is no disk in drive. Please insert a disk into drive \Device\Hardisk1\DR1


    ok, after running Hijack This the log is as follows:

    Logfile of HijackThis v1.97.7
    Scan saved at 7:16:14 PM, on 6/16/2004
    Platform: Windows XP (WinNT 5.01.2600)
    MSIE: Internet Explorer v6.00 (6.00.2600.0000)

    Running processes:
    C:\WINDOWS\System32\smss.exe
    C:\WINDOWS\system32\winlogon.exe
    C:\WINDOWS\system32\services.exe
    C:\WINDOWS\system32\lsass.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\System32\svchost.exe
    C:\WINDOWS\system32\spoolsv.exe
    C:\WINDOWS\Explorer.EXE
    C:\Program Files\Hewlett-Packard\HP Share-to-Web\hpgs2wnd.exe
    C:\Program Files\Roxio\Easy CD Creator 5\DirectCD\DirectCD.exe
    C:\WINDOWS\System32\rundll32.exe
    C:\Program Files\Common Files\Real\Update_OB\realsched.exe
    C:\WINDOWS\DHUpdt.exe
    C:\WINDOWS\dhbrwsr.exe
    C:\WINDOWS\tjswthm.exe
    C:\WINDOWS\System32\ovfymy.exe
    C:\PROGRA~1\mcafee.com\vso\mcvsshld.exe
    C:\PROGRA~1\mcafee.com\agent\mcagent.exe
    c:\progra~1\mcafee.com\vso\mcvsescn.exe
    C:\documents and settings\anna gallaspy\local settings\temp\v.exe
    C:\Program Files\Panicware\Pop-Up Stopper\dpps2.exe
    C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe
    C:\WINDOWS\System32\RUNDLL32.EXE
    C:\Program Files\Hewlett-Packard\HP Share-to-Web\hpgs2wnf.exe
    C:\Program Files\Adobe\Acrobat 5.0\Distillr\AcroTray.exe
    C:\Program Files\Common Files\Microsoft Shared\Works Shared\wkcalrem.exe
    C:\WINDOWS\system32\WTablet\TabUserW.exe
    C:\Program Files\Alias\Maya6.0\docs\Wrapper.exe
    C:\WINDOWS\runservice.exe
    c:\PROGRA~1\mcafee.com\vso\mcvsrte.exe
    C:\WINDOWS\System32\nvsvc32.exe
    C:\WINDOWS\System32\svchost.exe
    C:\WINDOWS\System32\Tablet.exe
    C:\WINDOWS\system32\ZoneLabs\vsmon.exe
    C:\Program Files\Alias\Maya6.0\docs\jre\bin\java.exe
    C:\WINDOWS\system32\wacomkey.exe
    c:\PROGRA~1\mcafee.com\vso\mcshield.exe
    C:\Program Files\HijackThis.exe
    C:\Program Files\Internet Explorer\iexplore.exe

    R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,AutoConfigURL = 192.168.123.123
    R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page_bak = http://default-homepage-network.com/start.cgi?new-hkcu
    R3 - URLSearchHook: (no name) - _{707E6F76-9FFB-4920-A976-EA101271BC25} - (no file)
    O2 - BHO: (no name) - {0000607D-D204-42C7-8E46-216055BF9918} - (no file)
    O2 - BHO: (no name) - {00041A26-7033-432C-94C7-6371DE343822} - (no file)
    O2 - BHO: (no name) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 5.0\Acrobat\ActiveX\AcroIEHelper.ocx
    O2 - BHO: (no name) - {C5183ABC-EB6E-4E05-B8C9-500A16B6CF94} - C:\Program Files\SEP\sep.dll
    O2 - BHO: (no name) - {D848A3CA-0BFB-4DE0-BA9E-A57F0CCA1C13} - C:\WINDOWS\dealhlpr.dll (file missing)
    O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx
    O3 - Toolbar: Band Class - {D848A3CA-0BFB-4DE0-BA9E-A57F0CCA1C13} - C:\WINDOWS\dealhlpr.dll (file missing)
    O3 - Toolbar: McAfee VirusScan - {BA52B914-B692-46c4-B683-905236F6F655} - c:\progra~1\mcafee.com\vso\mcvsshl.dll
    O3 - Toolbar: Band Class - {C5183ABC-EB6E-4E05-B8C9-500A16B6CF94} - C:\Program Files\SEP\sep.dll
    O4 - HKLM\..\Run: [Share-to-Web Namespace Daemon] C:\Program Files\Hewlett-Packard\HP Share-to-Web\hpgs2wnd.exe
    O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\System32\NvCpl.dll,NvStartup
    O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
    O4 - HKLM\..\Run: [AdaptecDirectCD] "C:\Program Files\Roxio\Easy CD Creator 5\DirectCD\DirectCD.exe"
    O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
    O4 - HKLM\..\Run: [stcinstaller] c:\installer\id53.exe
    O4 - HKLM\..\Run: [TV Media] C:\Program Files\TV Media\Tvm.exe
    O4 - HKLM\..\Run: [DealHelperUpdate] C:\WINDOWS\DHUpdt.exe
    O4 - HKLM\..\Run: [DealHelperBrwsr] C:\WINDOWS\dhbrwsr.exe
    O4 - HKLM\..\Run: [xlmzo] C:\WINDOWS\tjswthm.exe
    O4 - HKLM\..\Run: [webHancer Survey Companion] "C:\Program Files\webHancer\Programs\whSurvey.exe"
    O4 - HKLM\..\Run: [xnbqvjoewzq] C:\WINDOWS\System32\ovfymy.exe
    O4 - HKLM\..\Run: [kfqn] C:\WINDOWS\kfqn.exe
    O4 - HKLM\..\Run: [VSOCheckTask] "c:\PROGRA~1\mcafee.com\vso\mcmnhdlr.exe" /checktask
    O4 - HKLM\..\Run: [VirusScan Online] "c:\PROGRA~1\mcafee.com\vso\mcvsshld.exe"
    O4 - HKLM\..\Run: [MCAgentExe] c:\PROGRA~1\mcafee.com\agent\mcagent.exe
    O4 - HKLM\..\Run: [MCUpdateExe] C:\PROGRA~1\mcafee.com\agent\mcupdate.exe
    O4 - HKLM\..\Run: [RunDLL] rundll32.exe "C:\WINDOWS\System32\bridge.dll",Load
    O4 - HKLM\..\Run: [v] C:\documents and settings\anna gallaspy\local settings\temp\v.exe
    O4 - HKLM\..\Run: [Pop-Up Stopper] "C:\Program Files\Panicware\Pop-Up Stopper\dpps2.exe"
    O4 - HKLM\..\Run: [Zone Labs Client] "C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe"
    O4 - HKCU\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\System32\NVMCTRAY.DLL,NvTaskbarInit
    O4 - HKCU\..\Run: [TV Media] C:\Program Files\TV Media\Tvm.exe
    O4 - Global Startup: Acrobat Assistant.lnk = C:\Program Files\Adobe\Acrobat 5.0\Distillr\AcroTray.exe
    O4 - Global Startup: Adobe Gamma Loader.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
    O4 - Global Startup: Microsoft Works Calendar Reminders.lnk = ?
    O4 - Global Startup: TabUserW.exe.lnk = C:\WINDOWS\system32\WTablet\TabUserW.exe
    O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll
    O16 - DPF: cpcScanner - http://www.crucial.com/controls/cpcScanner.cab
    O16 - DPF: {02BF25D5-8C17-4B23-BC80-D3488ABDDC6B} (QuickTime Object) - http://www.apple.com/qtactivex/qtplugin.cab
    O16 - DPF: {0E5F0222-96B9-11D3-8997-00104BD12D94} (PCPitstop Utility) - http://www.pcpitstop.com/pcpitstop/PCPitStop.CAB
    O16 - DPF: {56336BCB-3D8A-11D6-A00B-0050DA18DE71} (RdxIE Class) - http://software-dl.real.com/04b0a2852a1a50edc006/netzip/RdxIE601.cab
    O16 - DPF: {BCC0FF27-31D9-4614-A68E-C18E1ADA4389} (DwnldGroupMgr Class) - http://bin.mcafee.com/molbin/shared/mcgdmgr/en-us/1,0,0,19/mcgdmgr.cab
    O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://download.macromedia.com/pub/shockwave/cabs/flash/swflash.cab
    O17 - HKLM\System\CCS\Services\Tcpip\..\{12FAD696-C669-4276-B959-A399E349B990}: NameServer = 206.13.29.12
    O17 - HKLM\System\CS1\Services\Tcpip\..\{12FAD696-C669-4276-B959-A399E349B990}: NameServer = 206.13.29.12
    O17 - HKLM\System\CS2\Services\Tcpip\..\{12FAD696-C669-4276-B959-A399E349B990}: NameServer = 206.13.29.12


    What a great service you provide here!
    cheers!
     
  2. Taz71498

    Taz71498 Registered Member

    Joined:
    May 27, 2004
    Posts:
    674
    Location:
    USA
    Hello,

    Open Internet Explorer. Then click on TOOLS in the top toolbar. Click on "Internet Options..." from the drop-down menu.
    A new smaller window will display. Under the "General" tab, in the middle, are 3 buttons.
    Click the Delete Cookies button - then a small warning box pops up. Click OK.
    Click the Delete Files button - a small warning box pops us. Check the box for "Delete all offline content" and click OK.
    Then on the same General tab, click Clear History, then click OK.

    Run Hijackthis again with all browsers closed and check these items and then on Fix:

    R3 - URLSearchHook: (no name) - _{707E6F76-9FFB-4920-A976-EA101271BC25} - (no file)

    O2 - BHO: (no name) - {0000607D-D204-42C7-8E46-216055BF9918} - (no file)
    O2 - BHO: (no name) - {00041A26-7033-432C-94C7-6371DE343822} - (no file)
    O2 - BHO: (no name) - {D848A3CA-0BFB-4DE0-BA9E-A57F0CCA1C13} - C:\WINDOWS\dealhlpr.dll (file missing)

    O3 - Toolbar: Band Class - {D848A3CA-0BFB-4DE0-BA9E-A57F0CCA1C13} - C:\WINDOWS\dealhlpr.dll (file missing)

    O4 - HKLM\..\Run: [stcinstaller] c:\installer\id53.exe
    O4 - HKLM\..\Run: [TV Media] C:\Program Files\TV Media\Tvm.exe
    O4 - HKLM\..\Run: [DealHelperUpdate] C:\WINDOWS\DHUpdt.exe
    O4 - HKLM\..\Run: [DealHelperBrwsr] C:\WINDOWS\dhbrwsr.exe
    O4 - HKLM\..\Run: [xlmzo] C:\WINDOWS\tjswthm.exe
    O4 - HKLM\..\Run: [webHancer Survey Companion] "C:\Program Files\webHancer\Programs\whSurvey.exe"
    O4 - HKLM\..\Run: [xnbqvjoewzq] C:\WINDOWS\System32\ovfymy.exe
    O4 - HKLM\..\Run: [kfqn] C:\WINDOWS\kfqn.exe
    O4 - HKLM\..\Run: [RunDLL] rundll32.exe "C:\WINDOWS\System32\bridge.dll",Load
    O4 - HKLM\..\Run: [v] C:\documents and settings\anna gallaspy\local settings\temp\v.exe
    O4 - HKCU\..\Run: [TV Media] C:\Program Files\TV Media\Tvm.exe

    O16 - DPF: {56336BCB-3D8A-11D6-A00B-0050DA18DE71} (RdxIE Class) - http://software-dl.real.com/04b0a28...ip/RdxIE601.cab

    Reboot the computer into safe mode

    Make sure you can view all hidden files and folders

    Find and delete these files/folders:

    c:\installer\id53.exe
    C:\Program Files\TV Media ...................Folder
    C:\WINDOWS\DHUpdt.exe
    C:\WINDOWS\dhbrwsr.exe
    C:\WINDOWS\tjswthm.exe
    C:\Program Files\webHancer ...........Folder
    C:\WINDOWS\System32\ovfymy.exe
    C:\WINDOWS\kfqn.exe
    C:\documents and settings\anna gallaspy\local settings\temp\v.exe

    Reboot and post a new HJT log here.
     
  3. Annamator

    Annamator Registered Member

    Joined:
    Jun 16, 2004
    Posts:
    2
    ok, did all that. Still get one of the same pop up warning things from before. here is the second Hijack This log:

    Logfile of HijackThis v1.97.7
    Scan saved at 6:42:40 PM, on 6/24/2004
    Platform: Windows XP (WinNT 5.01.2600)
    MSIE: Internet Explorer v6.00 (6.00.2600.0000)

    Running processes:
    C:\WINDOWS\System32\smss.exe
    C:\WINDOWS\system32\winlogon.exe
    C:\WINDOWS\system32\services.exe
    C:\WINDOWS\system32\lsass.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\System32\svchost.exe
    C:\WINDOWS\system32\spoolsv.exe
    C:\WINDOWS\Explorer.EXE
    C:\Program Files\Hewlett-Packard\HP Share-to-Web\hpgs2wnd.exe
    C:\Program Files\Roxio\Easy CD Creator 5\DirectCD\DirectCD.exe
    C:\Program Files\Common Files\Real\Update_OB\realsched.exe
    C:\PROGRA~1\mcafee.com\vso\mcvsshld.exe
    C:\PROGRA~1\mcafee.com\agent\mcagent.exe
    C:\Program Files\Panicware\Pop-Up Stopper\dpps2.exe
    C:\Program Files\QuickTime\qttask.exe
    C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe
    c:\progra~1\mcafee.com\vso\mcvsescn.exe
    C:\WINDOWS\System32\rundll32.exe
    C:\WINDOWS\System32\RUNDLL32.EXE
    C:\Program Files\Adobe\Acrobat 5.0\Distillr\AcroTray.exe
    C:\Program Files\Common Files\Microsoft Shared\Works Shared\wkcalrem.exe
    C:\WINDOWS\system32\WTablet\TabUserW.exe
    C:\Program Files\Hewlett-Packard\HP Share-to-Web\hpgs2wnf.exe
    C:\Program Files\Alias\Maya6.0\docs\Wrapper.exe
    C:\WINDOWS\runservice.exe
    C:\Program Files\Alias\Maya6.0\docs\jre\bin\java.exe
    c:\PROGRA~1\mcafee.com\vso\mcvsrte.exe
    C:\WINDOWS\System32\nvsvc32.exe
    C:\WINDOWS\System32\svchost.exe
    C:\WINDOWS\System32\Tablet.exe
    C:\WINDOWS\system32\ZoneLabs\vsmon.exe
    C:\WINDOWS\system32\wacomkey.exe
    c:\PROGRA~1\mcafee.com\vso\mcshield.exe
    C:\Program Files\HijackThis.exe

    R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,AutoConfigURL = 192.168.123.123
    R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page_bak = http://default-homepage-network.com/start.cgi?new-hkcu
    O2 - BHO: (no name) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 5.0\Acrobat\ActiveX\AcroIEHelper.ocx
    O2 - BHO: (no name) - {C5183ABC-EB6E-4E05-B8C9-500A16B6CF94} - C:\Program Files\SEP\sep.dll
    O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx
    O3 - Toolbar: McAfee VirusScan - {BA52B914-B692-46c4-B683-905236F6F655} - c:\progra~1\mcafee.com\vso\mcvsshl.dll
    O3 - Toolbar: Band Class - {C5183ABC-EB6E-4E05-B8C9-500A16B6CF94} - C:\Program Files\SEP\sep.dll
    O4 - HKLM\..\Run: [Share-to-Web Namespace Daemon] C:\Program Files\Hewlett-Packard\HP Share-to-Web\hpgs2wnd.exe
    O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\System32\NvCpl.dll,NvStartup
    O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
    O4 - HKLM\..\Run: [AdaptecDirectCD] "C:\Program Files\Roxio\Easy CD Creator 5\DirectCD\DirectCD.exe"
    O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
    O4 - HKLM\..\Run: [VSOCheckTask] "c:\PROGRA~1\mcafee.com\vso\mcmnhdlr.exe" /checktask
    O4 - HKLM\..\Run: [VirusScan Online] "c:\PROGRA~1\mcafee.com\vso\mcvsshld.exe"
    O4 - HKLM\..\Run: [MCAgentExe] c:\PROGRA~1\mcafee.com\agent\mcagent.exe
    O4 - HKLM\..\Run: [MCUpdateExe] C:\PROGRA~1\mcafee.com\agent\mcupdate.exe
    O4 - HKLM\..\Run: [Pop-Up Stopper] "C:\Program Files\Panicware\Pop-Up Stopper\dpps2.exe"
    O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
    O4 - HKLM\..\Run: [Zone Labs Client] "C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe"
    O4 - HKLM\..\Run: [whimrkxvfgnz] C:\WINDOWS\System32\ovfymy.exe
    O4 - HKLM\..\Run: [MSConfig] C:\WINDOWS\PCHealth\HelpCtr\Binaries\MSConfig.exe /auto
    O4 - HKCU\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\System32\NVMCTRAY.DLL,NvTaskbarInit
    O4 - Global Startup: Acrobat Assistant.lnk = C:\Program Files\Adobe\Acrobat 5.0\Distillr\AcroTray.exe
    O4 - Global Startup: Adobe Gamma Loader.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
    O4 - Global Startup: Microsoft Works Calendar Reminders.lnk = ?
    O4 - Global Startup: TabUserW.exe.lnk = C:\WINDOWS\system32\WTablet\TabUserW.exe
    O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll
    O16 - DPF: cpcScanner - http://www.crucial.com/controls/cpcScanner.cab
    O16 - DPF: {02BF25D5-8C17-4B23-BC80-D3488ABDDC6B} (QuickTime Object) - http://www.apple.com/qtactivex/qtplugin.cab
    O16 - DPF: {0E5F0222-96B9-11D3-8997-00104BD12D94} (PCPitstop Utility) - http://www.pcpitstop.com/pcpitstop/PCPitStop.CAB
    O16 - DPF: {166B1BCA-3F9C-11CF-8075-444553540000} (Shockwave ActiveX Control) - http://fpdownload.macromedia.com/get/shockwave/cabs/director/sw.cab
    O16 - DPF: {4ED9DDF0-7479-4BBE-9335-5A1EDB1D8A21} (McAfee.com Operating System Class) - http://bin.mcafee.com/molbin/shared/mcinsctl/en-us/4,0,0,83/mcinsctl.cab
    O16 - DPF: {BCC0FF27-31D9-4614-A68E-C18E1ADA4389} (DwnldGroupMgr Class) - http://bin.mcafee.com/molbin/shared/mcgdmgr/en-us/1,0,0,20/mcgdmgr.cab
    O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://download.macromedia.com/pub/shockwave/cabs/flash/swflash.cab
    O17 - HKLM\System\CCS\Services\Tcpip\..\{12FAD696-C669-4276-B959-A399E349B990}: NameServer = 206.13.29.12
    O17 - HKLM\System\CS1\Services\Tcpip\..\{12FAD696-C669-4276-B959-A399E349B990}: NameServer = 206.13.29.12
    O17 - HKLM\System\CS2\Services\Tcpip\..\{12FAD696-C669-4276-B959-A399E349B990}: NameServer = 206.13.29.12
     
  4. Taz71498

    Taz71498 Registered Member

    Joined:
    May 27, 2004
    Posts:
    674
    Location:
    USA
    Hello,

    Run Hijackthis again with all browsers closed and check these items and then on Fix:

    R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page_bak = http://default-homepage-network.com/start.cgi?new-hkcu

    O4 - HKLM\..\Run: [whimrkxvfgnz] C:\WINDOWS\System32\ovfymy.exe

    Reboot the computer into safe mode again and see if you can find this file and delete it if you do:

    C:\WINDOWS\System32\ovfymy.exe

    Reboot and post a new log here. Tell me also, what is popping up, if it still is and tell me what it says.
     
Thread Status:
Not open for further replies.