Startup error missing system32\bridge.dll

Discussion in 'adware, spyware & hijack cleaning' started by dana3lewis, Jul 10, 2004.

Thread Status:
Not open for further replies.
  1. dana3lewis

    dana3lewis Registered Member

    Joined:
    Jul 10, 2004
    Posts:
    4
    My system has 3 startup errors one of which is the missing system32\bridge.dll file. I use Ad-aware to scan almost daily.

    Logfile of HijackThis v1.97.7
    Scan saved at 11:07:06 AM, on 7/10/2004
    Platform: Windows XP SP1 (WinNT 5.01.2600)
    MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

    Running processes:
    C:\WINDOWS\System32\smss.exe
    C:\WINDOWS\system32\winlogon.exe
    C:\WINDOWS\system32\services.exe
    C:\WINDOWS\system32\lsass.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\System32\svchost.exe
    C:\WINDOWS\system32\spoolsv.exe
    C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
    C:\Program Files\Common Files\Microsoft Shared\VS7Debug\mdm.exe
    C:\Program Files\Norton SystemWorks\Norton AntiVirus\navapsvc.exe
    C:\Program Files\Norton SystemWorks\Norton Utilities\NPROTECT.EXE
    C:\PROGRA~1\NORTON~2\SPEEDD~1\nopdb.exe
    C:\WINDOWS\system32\winlogon.exe
    C:\WINDOWS\Explorer.EXE
    C:\Program Files\Dell\Support\Alert\bin\DAMon.exe
    C:\Program Files\Common Files\Real\Update_OB\realsched.exe
    C:\PROGRA~1\MOUSEW~1\SYSTEM\EM_EXEC.EXE
    C:\Program Files\Common Files\Symantec Shared\ccApp.exe
    C:\WINDOWS\BCMSMMSG.exe
    C:\Program Files\Roxio\Easy CD Creator 5\DirectCD\DirectCD.exe
    C:\Program Files\2Wire\Gateway\2PortalMon.exe
    C:\WINDOWS\System32\ctfmon.exe
    C:\Program Files\Digital Line Detect\DLG.exe
    C:\Program Files\Intuit\QuickBooks Pro\Components\QBAgent\qbdagent2002.exe
    C:\Program Files\Yahoo!\browser\YBrowser.exe
    C:\My Downloads\HijackThis.exe
    C:\Program Files\Messenger\msmsgs.exe

    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com/
    R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.dellnet.com
    R3 - URLSearchHook: (no name) - {707E6F76-9FFB-4920-A976-EA101271BC25} - (no file)
    F1 - win.ini: load=o_O
    o_O o_O
    ?
    ?
    ? o_O?
    F1 - win.ini: run=o_O
    o_O o_O
    ?
    ?
    ? o_O?
    F2 - REG:system.ini: UserInit=C:\WINDOWS\System32\Userinit.exe
    O2 - BHO: (no name) - {5E1EEE01-5526-4404-5185-1E467A0FD483} - C:\WINDOWS\System32\wvdoqqwi.dll
    O2 - BHO: (no name) - {8C8FEC76-24F7-0DDB-37C3-9FACFCD2409A} - C:\WINDOWS\System32\zcuvrytc.dll
    O2 - BHO: (no name) - {D848A3CA-0BFB-4DE0-BA9E-A57F0CCA1C13} - (no file)
    O2 - BHO: (no name) - {DCFD69BC-A60B-4F72-B98F-98018693BD0F} - C:\WINDOWS\System32\xvfuiepj.dll
    O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx
    O3 - Toolbar: Yahoo! Companion - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Common\ycomp5,0,8,0.dll
    O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - C:\Program Files\Norton SystemWorks\Norton AntiVirus\NavShExt.dll
    O4 - HKLM\..\Run: [Dell|Alert] C:\Program Files\Dell\Support\Alert\bin\DAMon.exe
    O4 - HKLM\..\Run: [zBrowser Launcher] C:\Program Files\Logitech\iTouch\iTouch.exe
    O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
    O4 - HKLM\..\Run: [RunDLL] rundll32.exe "C:\WINDOWS\System32\bridge.dll",Load
    O4 - HKLM\..\Run: [Palm MulitUser Config] C:\Program Files\Palm\Configtool.exe
    O4 - HKLM\..\Run: [EM_EXEC] C:\PROGRA~1\MOUSEW~1\SYSTEM\EM_EXEC.EXE
    O4 - HKLM\..\Run: [ccRegVfy] "C:\Program Files\Common Files\Symantec Shared\ccRegVfy.exe"
    O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
    O4 - HKLM\..\Run: [BCMSMMSG] BCMSMMSG.exe
    O4 - HKLM\..\Run: [AdaptecDirectCD] "C:\Program Files\Roxio\Easy CD Creator 5\DirectCD\DirectCD.exe"
    O4 - HKLM\..\Run: [2wSysTray] C:\Program Files\2Wire\Gateway\2PortalMon.exe
    O4 - HKLM\..\Run: [Prein] C:\DOCUME~1\Dana\LOCALS~1\Temp\app2.tmp
    O4 - HKCU\..\Run: [VV6DLAutoDL] C:\Program Files\Microsoft Works\WkDetect.exe
    O4 - HKCU\..\Run: [Microsoft Works Update Detection] C:\Program Files\Microsoft Works\WkDetect.exe
    O4 - HKCU\..\Run: [media_manager] C:\Program Files\ebkrdr\mediaman.exe
    O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\System32\ctfmon.exe
    O4 - Global Startup: Digital Line Detect.lnk = ?
    O4 - Global Startup: QuickBooks 2002 Delivery Agent.lnk = C:\Program Files\Intuit\QuickBooks Pro\Components\QBAgent\qbdagent2002.exe
    O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~4\Office10\EXCEL.EXE/3000
    O9 - Extra button: Real.com (HKLM)
    O9 - Extra button: MoneySide (HKLM)
    O9 - Extra button: Messenger (HKLM)
    O9 - Extra 'Tools' menuitem: Messenger (HKLM)
    O16 - DPF: {41F17733-B041-4099-A042-B518BB6A408C} - http://a1540.g.akamai.net/7/1540/52...pple.com/borris/us/win/QuickTimeInstaller.exe
    O16 - DPF: {9F1C11AA-197B-4942-BA54-47A8489BB47F} (Update Class) - http://v4.windowsupdate.microsoft.com/CAB/x86/unicode/iuctl.CAB?38178.4233449074
    O16 - DPF: {AECD14A8-F662-11D1-A395-00805F535788} (Plotwon Control) - http://www.investors.com/member/ocx/plotwon.ocx
     
  2. dana3lewis

    dana3lewis Registered Member

    Joined:
    Jul 10, 2004
    Posts:
    4
    I'm down to one startup error and it is still the missing bridge.dll file.

    Any help would be great. This has turned into an obsession!!
     
  3. Marianna

    Marianna Spyware Fighter

    Joined:
    Apr 23, 2002
    Posts:
    1,215
    Location:
    B.C. Canada
    HI dana3lewis

    Check the following items in HijackThis.
    Close all windows except HijackThis and click "Fix checked":

    R3 - URLSearchHook: (no name) - {707E6F76-9FFB-4920-A976-EA101271BC25} - (no file)

    F1 - win.ini: load=

    ?
    ?
    ? ?
    F1 - win.ini: run=

    ?
    ?
    ? ?

    O2 - BHO: (no name) - {5E1EEE01-5526-4404-5185-1E467A0FD483} - C:\WINDOWS\System32\wvdoqqwi.dll
    O2 - BHO: (no name) - {8C8FEC76-24F7-0DDB-37C3-9FACFCD2409A} - C:\WINDOWS\System32\zcuvrytc.dll
    O2 - BHO: (no name) - {D848A3CA-0BFB-4DE0-BA9E-A57F0CCA1C13} - (no file)
    O2 - BHO: (no name) - {DCFD69BC-A60B-4F72-B98F-98018693BD0F} - C:\WINDOWS\System32\xvfuiepj.dll

    O4 - HKLM\..\Run: [RunDLL] rundll32.exe "C:\WINDOWS\System32\bridge.dll",Load

    O4 - HKLM\..\Run: [Prein] C:\DOCUME~1\Dana\LOCALS~1\Temp\app2.tmp


    NOTE....even in safe mode you may have to open taskmanager and end task on some of them before you can delete them.

    Make sure you can view hidden and system files: Instructions here

    Then Boot to safe mode: Instructions here

    Delete the following files\folders IF still present:

    C:\WINDOWS\System32\bridge.dll

    Then reboot and use AdAware as described :
    HERE

    Then use the Disk Cleanup Utility to empty all your Temp folders.

    Then Disable system restore: Instructions here
    Reboot

    Enable System Restore.

    Problem gone?
     
  4. dana3lewis

    dana3lewis Registered Member

    Joined:
    Jul 10, 2004
    Posts:
    4
    Thanks for responding. I've printed all the instructions and will give it a try.

    Any chance you know how I could remove DSO Exploit? It is on my laptop. The bridge.dll was a problem on my desktop.

    Thanks for the help. I hope it works.
     
  5. Marianna

    Marianna Spyware Fighter

    Joined:
    Apr 23, 2002
    Posts:
    1,215
    Location:
    B.C. Canada
    In SpybotS&D put the DSO exploit for now in "ignore" - it is a known "bug".

    HTH
     
  6. dana3lewis

    dana3lewis Registered Member

    Joined:
    Jul 10, 2004
    Posts:
    4
    Your solution worked great....No more dll error. Many thanks.

    I can do that but won't it just ignor the problem without removing it? I've searched many message boards but haven't found a workable solution yet. Seems like most are waiting for a Microsoft fix.
     
  7. Marianna

    Marianna Spyware Fighter

    Joined:
    Apr 23, 2002
    Posts:
    1,215
    Location:
    B.C. Canada
Thread Status:
Not open for further replies.