[Solved] error loading c:\windows\system32\bridge.dll in winXP

Discussion in 'adware, spyware & hijack cleaning' started by stephen_hayne, Jul 17, 2004.

Thread Status:
Not open for further replies.
  1. stephen_hayne

    stephen_hayne Registered Member

    Joined:
    Jul 17, 2004
    Posts:
    2
    I ran a fully updated new version Ad-Aware and now I get an error loading c:\windows\system32\bridge.dll in winXP. THanks. Here is the log.

    **************
    Logfile of HijackThis v1.97.7
    Scan saved at 8:17:50 PM, on 7/17/2004
    Platform: Windows XP SP1 (WinNT 5.01.2600)
    MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

    Running processes:
    C:\WINDOWS\System32\smss.exe
    C:\WINDOWS\system32\winlogon.exe
    C:\WINDOWS\system32\services.exe
    C:\WINDOWS\system32\lsass.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\System32\svchost.exe
    C:\WINDOWS\system32\spoolsv.exe
    C:\Program Files\Intel\ASF Agent\ASFAgent.exe
    C:\Program Files\McAfee\McAfee VirusScan\Avsynmgr.exe
    C:\WINDOWS\System32\CTSvcCDA.EXE
    C:\WINDOWS\System32\nvsvc32.exe
    C:\WINDOWS\System32\svchost.exe
    C:\WINDOWS\System32\MsPMSPSv.exe
    C:\Program Files\McAfee\McAfee VirusScan\VsStat.exe
    C:\Program Files\McAfee\McAfee VirusScan\Webscanx.exe
    C:\Program Files\McAfee\McAfee VirusScan\Avconsol.exe
    C:\WINDOWS\Explorer.EXE
    C:\Program Files\McAfee\McAfee VirusScan\alogserv.exe
    C:\WINDOWS\wdskctl.exe
    C:\Program Files\MSN Apps\Updater\01.02.0001.1004\en-us\msnappau.exe
    C:\WINDOWS\System32\Dyf0o5.exe
    C:\WINDOWS\System32\Icb2CRVe.exe
    C:\Program Files\Internet Explorer\iexplore.exe
    C:\Temp\HijackThis.exe

    R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Microsoft Internet Explorer provided by Sympatico
    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
    R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page =
    R1 - HKCU\Software\Microsoft\Internet Explorer\Main,HomeOldSP = http://www.ewebsearch.net/
    R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
    R3 - URLSearchHook: (no name) - {8952A998-1E7E-4716-B23D-3DBE03910972} - (no file)
    O2 - BHO: (no name) - {00000010-6F7D-442C-93E3-4A4827C2E4C8} - (no file)
    O2 - BHO: (no name) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll
    O2 - BHO: (no name) - {4E7BD74F-2B8D-469E-C0FB-EF60B19DB42E} - C:\PROGRA~1\Srng\SNHelper.dll (file missing)
    O2 - BHO: (no name) - {9394EDE7-C8B5-483E-8773-474BF36AF6E4} - C:\Program Files\MSN Apps\ST\01.02.0001.1004\en-xu\stmain.dll
    O2 - BHO: (no name) - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\MSN Apps\MSN Toolbar\01.02.0001.1004\en-us\msntb.dll
    O2 - BHO: (no name) - {C5183ABC-EB6E-4E05-B8C9-500A16B6CF94} - (no file)
    O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx
    O3 - Toolbar: (no name) - {2CDE1A7D-A478-4291-BF31-E1B4C16F92EB} - (no file)
    O3 - Toolbar: MSN - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\MSN Apps\MSN Toolbar\01.02.0001.1004\en-us\msntb.dll
    O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\System32\NvCpl.dll,NvStartup
    O4 - HKLM\..\Run: [Alogserv] C:\Program Files\McAfee\McAfee VirusScan\alogserv.exe
    O4 - HKLM\..\Run: [Synchronization Manager] %SystemRoot%\system32\mobsync.exe /logon
    O4 - HKLM\..\Run: [7udkl] C:\docume~1\penny\locals~1\temp\7udkl.exe
    O4 - HKLM\..\Run: [7udkl.exe] C:\docume~1\penny\locals~1\temp\7udkl.exe
    O4 - HKLM\..\Run: [wdskctl] C:\WINDOWS\wdskctl.exe
    O4 - HKLM\..\Run: [odkfvootp] C:\WINDOWS\System32\vvtbni.exe
    O4 - HKLM\..\Run: [msnappau] "C:\Program Files\MSN Apps\Updater\01.02.0001.1004\en-us\msnappau.exe"
    O4 - HKLM\..\Run: [2LRX2W83X2T3MQ] C:\WINDOWS\System32\Yxu5.exe
    O4 - HKLM\..\Run: [RunDLL] rundll32.exe "C:\WINDOWS\System32\bridge.dll",Load
    O4 - HKLM\..\RunOnce: [DELDIR0.EXE] "C:\DOCUME~1\PENNY\LOCALS~1\Temp\DELDIR0.EXE" "C:\Program Files\McAfee\McAfee Shared Components\Guardian\"
    O4 - Global Startup: Quicken Scheduled Updates.lnk = C:\Program Files\Quicken\bagent.exe
    O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
    O9 - Extra 'Tools' menuitem: Sun Java Console (HKLM)
    O9 - Extra button: Messenger (HKLM)
    O9 - Extra 'Tools' menuitem: Messenger (HKLM)
    O14 - IERESET.INF: START_PAGE_URL=http://www.sympatico.ca/homepage.html
    O16 - DPF: {02BF25D5-8C17-4B23-BC80-D3488ABDDC6B} (QuickTime Object) - http://www.apple.com/qtactivex/qtplugin.cab
    O16 - DPF: {05D96F71-87C6-11D3-9BE4-00902742D6E0} (QuickPlace Class) - http://nn01.nearnorth.edu.on.ca/qp2.cab
    O16 - DPF: {3BFFE033-BF43-11D5-A271-00A024A51325} (iNotes6 Class) - http://mail.nearnorth.edu.on.ca/iNotes6.cab
    O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://download.macromedia.com/pub/shockwave/cabs/flash/swflash.cab
    O17 - HKLM\System\CCS\Services\Tcpip\Parameters: Domain = Wallace.local
    O17 - HKLM\Software\..\Telephony: DomainName = Wallace.local
    O17 - HKLM\System\CCS\Services\Tcpip\..\{3DD70F21-03A8-473C-BD30-A9DE7C30C8D9}: NameServer = 206.108.253.70 209.105.192.122
    O17 - HKLM\System\CS1\Services\Tcpip\Parameters: Domain = Wallace.local
    O17 - HKLM\System\CS1\Services\Tcpip\..\{3DD70F21-03A8-473C-BD30-A9DE7C30C8D9}: NameServer = 206.108.253.70 209.105.192.122

    **************
     
  2. Marianna

    Marianna Spyware Fighter

    Joined:
    Apr 23, 2002
    Posts:
    1,215
    Location:
    B.C. Canada
    Re: error loading c:\windows\system32\bridge.dll in winXP

    HI stephen_hayne

    Pls. save your HijackThis in its OWN folder - like C:\Hijackthis !

    Download the peper fix here. Make sure you are connected to the net and run it. If asked by your firewall for permission to access the net, please grant permission. Reboot and run it a second time while connected to the net.


    Download CWShredder from this link:
    http://www.spywareinfoforum.com/downloads/tools/CWShredder.exe
    Run CWShredder.exe and click the Fix button to clean.

    Have Hijack This fix the following by placing a check in the appropriate boxes and selecting fix checked.
    Make sure all browser and all Windows Explorer windows are closed before fixing


    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
    R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page =
    R1 - HKCU\Software\Microsoft\Internet Explorer\Main,HomeOldSP = http://www.ewebsearch.net/
    R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
    R3 - URLSearchHook: (no name) - {8952A998-1E7E-4716-B23D-3DBE03910972} - (no file)
    O2 - BHO: (no name) - {00000010-6F7D-442C-93E3-4A4827C2E4C8} - (no file)

    O2 - BHO: (no name) - {4E7BD74F-2B8D-469E-C0FB-EF60B19DB42E} - C:\PROGRA~1\Srng\SNHelper.dll (file missing)

    O2 - BHO: (no name) - {C5183ABC-EB6E-4E05-B8C9-500A16B6CF94} - (no file)

    O3 - Toolbar: (no name) - {2CDE1A7D-A478-4291-BF31-E1B4C16F92EB} - (no file)

    O4 - HKLM\..\Run: [7udkl] C:\docume~1\penny\locals~1\temp\7udkl.exe
    O4 - HKLM\..\Run: [7udkl.exe] C:\docume~1\penny\locals~1\temp\7udkl.exe
    O4 - HKLM\..\Run: [wdskctl] C:\WINDOWS\wdskctl.exe
    O4 - HKLM\..\Run: [odkfvootp] C:\WINDOWS\System32\vvtbni.exe

    O4 - HKLM\..\Run: [2LRX2W83X2T3MQ] C:\WINDOWS\System32\Yxu5.exe
    O4 - HKLM\..\Run: [RunDLL] rundll32.exe "C:\WINDOWS\System32\bridge.dll",Load

    NOTE.........even in safe mode you may have to open taskmanager and end task on some of them before you can delete them.

    Make sure you can view hidden and system files: Instructions here

    Then Boot to safe mode: Instructions here

    Delete the following files\folders IF still present:

    C:\docume~1\penny\locals~1\temp\7udkl.exe
    C:\WINDOWS\wdskctl.exe
    C:\WINDOWS\System32\vvtbni.exe
    C:\WINDOWS\System32\Yxu5.exe
    C:\WINDOWS\System32\bridge.dll

    Then reboot and use AdAware as described :
    HERE


    Spybot S&D
    The download for Spybot S&D is available here: http://www.computercops.biz/downloads-file-108.html

    Install by double-clicking on the downloaded file.
    Run Spybot S&D from desktop icon or Start menu.
    Press "Search for updates" button to get list of updates available.
    Press "Download updates" button.
    Close all IE windows and close & restart Spybot S&D.
    Press "Check for problems" button.
    Have SpyBot remove all it marks in red by pressing "Fix selected problems".

    Close Spybot S&D, reboot your system .

    Then browse to the C:\documents and settings\\User Name (repeat for all users)\local settings\temp folder and delete all files and folders in it.
    Then browse to the C:\Windows\Temp folder and delete all files in it.
    Then in internet explorer click tools>internet Options>General. Click on Delete Files make sure you get all offline content as well.

    Then Disable system restore: Instructions here
    Reboot

    Enable System Restore.

    Pls. post another log.
     
  3. stephen_hayne

    stephen_hayne Registered Member

    Joined:
    Jul 17, 2004
    Posts:
    2
    Re: error loading c:\windows\system32\bridge.dll in winXP

    Here is my new log. Thank you.

    Logfile of HijackThis v1.97.7
    Scan saved at 11:27:48 AM, on 7/18/2004
    Platform: Windows XP SP1 (WinNT 5.01.2600)
    MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

    Running processes:
    C:\WINDOWS\System32\smss.exe
    C:\WINDOWS\system32\winlogon.exe
    C:\WINDOWS\system32\services.exe
    C:\WINDOWS\system32\lsass.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\System32\svchost.exe
    C:\WINDOWS\system32\spoolsv.exe
    C:\Program Files\Intel\ASF Agent\ASFAgent.exe
    C:\Program Files\McAfee\McAfee VirusScan\Avsynmgr.exe
    C:\WINDOWS\System32\CTSvcCDA.EXE
    C:\WINDOWS\System32\nvsvc32.exe
    C:\WINDOWS\System32\svchost.exe
    C:\WINDOWS\System32\MsPMSPSv.exe
    C:\Program Files\McAfee\McAfee VirusScan\VsStat.exe
    C:\Program Files\McAfee\McAfee VirusScan\Webscanx.exe
    C:\Program Files\McAfee\McAfee VirusScan\Avconsol.exe
    C:\WINDOWS\Explorer.EXE
    C:\Program Files\McAfee\McAfee VirusScan\alogserv.exe
    C:\Program Files\MSN Apps\Updater\01.02.0001.1004\en-us\msnappau.exe
    C:\WINDOWS\System32\wuauclt.exe
    C:\Temp\HijackThis\HijackThis.exe

    R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Microsoft Internet Explorer provided by Sympatico
    O2 - BHO: (no name) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll
    O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
    O2 - BHO: (no name) - {9394EDE7-C8B5-483E-8773-474BF36AF6E4} - C:\Program Files\MSN Apps\ST\01.02.0001.1004\en-xu\stmain.dll
    O2 - BHO: (no name) - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\MSN Apps\MSN Toolbar\01.02.0001.1004\en-us\msntb.dll
    O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx
    O3 - Toolbar: MSN - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\MSN Apps\MSN Toolbar\01.02.0001.1004\en-us\msntb.dll
    O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\System32\NvCpl.dll,NvStartup
    O4 - HKLM\..\Run: [Alogserv] C:\Program Files\McAfee\McAfee VirusScan\alogserv.exe
    O4 - HKLM\..\Run: [Synchronization Manager] %SystemRoot%\system32\mobsync.exe /logon
    O4 - HKLM\..\Run: [msnappau] "C:\Program Files\MSN Apps\Updater\01.02.0001.1004\en-us\msnappau.exe"
    O4 - HKLM\..\RunOnce: [DELDIR0.EXE] "C:\DOCUME~1\PENNY\LOCALS~1\Temp\DELDIR0.EXE" "C:\Program Files\McAfee\McAfee Shared Components\Guardian\"
    O4 - Global Startup: Quicken Scheduled Updates.lnk = C:\Program Files\Quicken\bagent.exe
    O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
    O9 - Extra 'Tools' menuitem: Sun Java Console (HKLM)
    O9 - Extra button: Messenger (HKLM)
    O9 - Extra 'Tools' menuitem: Messenger (HKLM)
    O14 - IERESET.INF: START_PAGE_URL=http://www.sympatico.ca/homepage.html
    O16 - DPF: {02BF25D5-8C17-4B23-BC80-D3488ABDDC6B} (QuickTime Object) - http://www.apple.com/qtactivex/qtplugin.cab
    O16 - DPF: {05D96F71-87C6-11D3-9BE4-00902742D6E0} (QuickPlace Class) - http://nn01.nearnorth.edu.on.ca/qp2.cab
    O16 - DPF: {3BFFE033-BF43-11D5-A271-00A024A51325} (iNotes6 Class) - http://mail.nearnorth.edu.on.ca/iNotes6.cab
    O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://download.macromedia.com/pub/shockwave/cabs/flash/swflash.cab
    O17 - HKLM\System\CCS\Services\Tcpip\Parameters: Domain = Wallace.local
    O17 - HKLM\Software\..\Telephony: DomainName = Wallace.local
    O17 - HKLM\System\CS1\Services\Tcpip\Parameters: Domain = Wallace.local
     
  4. Marianna

    Marianna Spyware Fighter

    Joined:
    Apr 23, 2002
    Posts:
    1,215
    Location:
    B.C. Canada
    Re: error loading c:\windows\system32\bridge.dll in winXP

    Hi stephen_hayne

    Great job - Super !

    Your log looks clean to me !

    Also here is an excellent source for tips to tighten security. Follow the advice and get the free downloads to help avoid some of these problems in the future.

    Happy Safe Computing !
     
Thread Status:
Not open for further replies.