system32/bridge.dll

Discussion in 'adware, spyware & hijack cleaning' started by jimmydub11, May 14, 2004.

Thread Status:
Not open for further replies.
  1. jimmydub11

    jimmydub11 Registered Member

    Joined:
    May 14, 2004
    Posts:
    1
    This is the log infromation that i got when i ran HijackThis v1.97.7. The only problem i know of is that my widows media player wont open. Also the message error loading c:\windows\system\system32\bridge.dll appears after startup.


    Logfile of HijackThis v1.97.7
    Scan saved at 3:41:15 PM, on 5/14/2004
    Platform: Windows XP SP1 (WinNT 5.01.2600)
    MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

    Running processes:
    C:\WINDOWS\System32\smss.exe
    C:\WINDOWS\system32\winlogon.exe
    C:\WINDOWS\system32\services.exe
    C:\WINDOWS\system32\lsass.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\System32\svchost.exe
    C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
    C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
    C:\WINDOWS\Explorer.EXE
    C:\WINDOWS\system32\spoolsv.exe
    C:\Program Files\Apoint\Apoint.exe
    C:\Program Files\Dell\AccessDirect\dadapp.exe
    C:\Program Files\Real\RealPlayer\RealPlay.exe
    C:\Program Files\Dell\AccessDirect\DadTray.exe
    C:\Program Files\MUSICMATCH\MUSICMATCH Jukebox\mm_tray.exe
    C:\Program Files\Adaptec\Easy CD Creator 5\DirectCD\DirectCD.exe
    C:\Program Files\Apoint\Apntex.exe
    C:\Program Files\Dell\Support\Alert\bin\DAMon.exe
    C:\Program Files\MUSICMATCH\MUSICMATCH Jukebox\mmtask.exe
    C:\Program Files\Common Files\Symantec Shared\ccApp.exe
    C:\Program Files\QuickTime\qttask.exe
    C:\WINDOWS\System32\rundll32.exe
    C:\Program Files\Messenger\msmsgs.exe
    C:\Program Files\Microsoft ActiveSync\WCESCOMM.EXE
    C:\Program Files\Norton AntiVirus\navapsvc.exe
    C:\Program Files\Common Files\Microsoft Shared\Works Shared\wkcalrem.exe
    C:\Program Files\Norton AntiVirus\AdvTools\NPROTECT.EXE
    C:\WINDOWS\System32\OADPERFL.exe
    C:\WINDOWS\System32\nvsvc32.exe
    C:\Program Files\Norton AntiVirus\SAVScan.exe
    C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
    C:\WINDOWS\System32\MsPMSPSv.exe
    D:\RCDMENU.EXE
    C:\Program Files\Internet Explorer\iexplore.exe
    C:\Documents and Settings\Jimm\Local Settings\Temp\Temporary Directory 1 for hijackthis1977.zip\HijackThis.exe

    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://hotmail.com/
    R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://education.dellnet.com/
    O1 - Hosts: 69.56.223.196 t.rack.cc
    O1 - Hosts: 69.56.223.196 www.alfa-search.com
    O1 - Hosts: 69.56.223.196 webcoolsearch.com
    O1 - Hosts: 69.56.223.196 in.webcounter.cc
    O1 - Hosts: 69.56.223.196 i-lookup.com
    O1 - Hosts: 69.56.223.196 www.hand-book.com
    O1 - Hosts: 69.56.223.196 www.maxxxhosters.com
    O1 - Hosts: 69.56.223.196 allneedsearch.com
    O1 - Hosts: 69.56.223.196 nativehardcore.com
    O1 - Hosts: 69.56.223.196 teen-biz.com
    O1 - Hosts: 69.56.223.196 tits.hardcore4ever.net
    O1 - Hosts: 69.56.223.196 best.royalsearch.net
    O1 - Hosts: 69.56.223.196 default-homepage-network.com
    O1 - Hosts: 69.56.223.196 xwebsearch.biz
    O1 - Hosts: 69.56.223.196 www.rightfinder.net
    O1 - Hosts: 69.56.223.196 www.search-1.net
    O1 - Hosts: 69.56.223.196 www.searchv.com
    O1 - Hosts: 69.56.223.196 www.websearch.com
    O1 - Hosts: 69.56.223.196 mysearchnow.com
    O1 - Hosts: 69.56.223.196 www.therealsearch.com
    O1 - Hosts: 69.56.223.196 www.find-itnow.com
    O1 - Hosts: 69.56.223.196 find.microgirls.com
    O1 - Hosts: 69.56.223.196 super-spider.com
    O1 - Hosts: 69.56.223.196 www.searching-the-net.com
    O1 - Hosts: 69.56.223.196 www.firstbookmark.com
    O1 - Hosts: 69.56.223.196 just.find-itnow.com
    O1 - Hosts: 69.56.223.196 www.find-itnow.com
    O1 - Hosts: 69.56.223.196 qwertysearch123.biz
    O1 - Hosts: 69.56.223.196 www.search-space.com
    O1 - Hosts: 69.56.223.196 www.windowws.cc
    O1 - Hosts: 69.56.223.196 aifind.info
    O1 - Hosts: 69.56.223.196 www.find4u.net
    O1 - Hosts: 69.56.223.196 find4u.net
    O1 - Hosts: 69.56.223.196 www.lookfor.cc
    O1 - Hosts: 69.56.223.196 www.008i.com
    O1 - Hosts: 69.56.223.196 www.viewpornkey.com
    O1 - Hosts: 69.56.223.196 www.hugesearch.net
    O1 - Hosts: 69.56.223.196 www.nova****.com
    O1 - Hosts: 69.56.223.196 www.seznam.cz
    O1 - Hosts: 69.56.223.196 aifind.cc
    O1 - Hosts: 69.56.223.196 www.onet.pl
    O1 - Hosts: 69.56.223.196 teenhqpics.com
    O1 - Hosts: 69.56.223.196 www.ttjj.com
    O1 - Hosts: 69.56.223.196 www.search-dot.com
    O1 - Hosts: 69.56.223.196 www.search-and-go.com
    O1 - Hosts: 69.56.223.196 www.slotch.com
    O1 - Hosts: 69.56.223.196 www.2fastsearch.net
    O1 - Hosts: 69.56.223.196 awebfind.biz
    O1 - Hosts: 69.56.223.196 www.power-search.info
    O1 - Hosts: 69.56.223.196 www.naver.com
    O1 - Hosts: 69.56.223.196 www.daum.net
    O1 - Hosts: 69.56.223.196 www.ohcorea.com
    O1 - Hosts: 69.56.223.196 www.hao123.com
    O1 - Hosts: 69.56.223.196 58q.com
    O1 - Hosts: 69.56.223.196 www.hotwebsearch.com
    O1 - Hosts: 69.56.223.196 www.startium.com
    O1 - Hosts: 69.56.223.196 www.gajai.com
    O1 - Hosts: 69.56.223.196 www.wazzupnet.com
    O1 - Hosts: 69.56.223.196 freshvideogals.com
    O1 - Hosts: 69.56.223.196 www.xgmm.com
    O1 - Hosts: 69.56.223.196 searchmyrequest.com
    O1 - Hosts: 69.56.223.196 yourbookmarks.ws
    O1 - Hosts: 69.56.223.196 wmmse.com
    O1 - Hosts: 69.56.223.196 link.startmake.com
    O1 - Hosts: 69.56.223.196 www.boredlife.com
    O1 - Hosts: 69.56.223.196 approvedlinks.com
    O1 - Hosts: 69.56.223.196 www.nkvd.us
    O1 - Hosts: 69.56.223.196 www.8095.com
    O1 - Hosts: 69.56.223.196 www.dreamwiz.com
    O1 - Hosts: 69.56.223.196 ie-search.com
    O1 - Hosts: 69.56.223.196 auto.ie.searchforge.com
    O1 - Hosts: 69.56.223.196 search.psn.cn
    O1 - Hosts: 69.56.223.196 www.couldnotfind.com
    O1 - Hosts: 69.56.223.196 www.iquicksearch.com
    O1 - Hosts: 69.56.223.196 1-se.com
    O1 - Hosts: 69.56.223.196 www.spidersearch.com
    O1 - Hosts: 69.56.223.196 search.ieplugin.com
    O1 - Hosts: 69.56.223.196 itseasy.us
    O1 - Hosts: 69.56.223.196 searchbar.findthewebsiteyouneed.com
    O1 - Hosts: 69.56.223.196 www.searchxl.com
    O1 - Hosts: 69.56.223.196 www.hotsearchbox.com
    O1 - Hosts: 69.56.223.196 www.searchforge.com
    O1 - Hosts: 69.56.223.196 www.omega-search.com
    O1 - Hosts: 69.56.223.196 searchcentrix.com
    O2 - BHO: (no name) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx
    O2 - BHO: NAV Helper - {BDF3E430-B101-42AD-A544-FADC6B084872} - C:\Program Files\Norton AntiVirus\NavShExt.dll
    O2 - BHO: (no name) - {FDD3B846-8D59-4ffb-8758-209B6AD74ACC} - C:\Program Files\Microsoft Money\System\mnyviewer.dll
    O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx
    O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - C:\Program Files\Norton AntiVirus\NavShExt.dll
    O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\System32\NvCpl.dll,NvStartup
    O4 - HKLM\..\Run: [Apoint] C:\Program Files\Apoint\Apoint.exe
    O4 - HKLM\..\Run: [DadApp] C:\Program Files\Dell\AccessDirect\dadapp.exe
    O4 - HKLM\..\Run: [RealTray] C:\Program Files\Real\RealPlayer\RealPlay.exe SYSTEMBOOTHIDEPLAYER
    O4 - HKLM\..\Run: [MMTray] C:\Program Files\MUSICMATCH\MUSICMATCH Jukebox\mm_tray.exe
    O4 - HKLM\..\Run: [AdaptecDirectCD] "C:\Program Files\Adaptec\Easy CD Creator 5\DirectCD\DirectCD.exe"
    O4 - HKLM\..\Run: [Dell|Alert] C:\Program Files\Dell\Support\Alert\bin\DAMon.exe
    O4 - HKLM\..\Run: [mmtask] C:\Program Files\MUSICMATCH\MUSICMATCH Jukebox\mmtask.exe
    O4 - HKLM\..\Run: [nwiz] nwiz.exe /installquiet
    O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
    O4 - HKLM\..\Run: [NAV CfgWiz] C:\Program Files\Common Files\Symantec Shared\CfgWiz.exe /GUID NAV /CMDLINE "REBOOT"
    O4 - HKLM\..\Run: [Advanced Tools Check] C:\PROGRA~1\NORTON~1\AdvTools\ADVCHK.EXE
    O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
    O4 - HKLM\..\Run: [RunDLL] rundll32.exe "C:\WINDOWS\System32\bridge.dll",Load
    O4 - HKLM\..\Run: [OADPERFL] C:\WINDOWS\System32\OADPERFL.exe
    O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
    O4 - HKCU\..\Run: [H/PC Connection Agent] "C:\Program Files\Microsoft ActiveSync\WCESCOMM.EXE"
    O4 - HKCU\..\Run: [Microsoft Works Update Detection] C:\Program Files\Microsoft Works\WkDetect.exe
    O4 - Global Startup: Microsoft Works Calendar Reminders.lnk = ?
    O8 - Extra context menu item: &iSearch The Web - res://C:\WINDOWS\System32\toolbar.dll/SEARCH.HTML
    O8 - Extra context menu item: LimeShop Preferences - file://C:\Program Files\LimeShop\System\Temp\limeshop_script0.htm
    O9 - Extra button: Create Mobile Favorite (HKLM)
    O9 - Extra 'Tools' menuitem: Create Mobile Favorite... (HKLM)
    O9 - Extra button: AIM (HKLM)
    O9 - Extra button: Real.com (HKLM)
    O9 - Extra button: MoneySide (HKLM)
    O9 - Extra button: Messenger (HKLM)
    O9 - Extra 'Tools' menuitem: Windows Messenger (HKLM)
    O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll
    O16 - DPF: {0122955E-1FB0-11D2-A238-006097FAEE8B} (CscClnt Class) - http://205.159.125.199/central/02030106/cccabs/CleverContent.cab
    O16 - DPF: {02BF25D5-8C17-4B23-BC80-D3488ABDDC6B} (QuickTime Object) - http://www.apple.com/qtactivex/qtplugin.cab
    O16 - DPF: {11111111-1111-1111-1111-111208860449} - mhtml:file://C:NO_SUCH_MHT.MHT!http://www.008k.com/partner/inst/f10213.exe
    O16 - DPF: {166B1BCA-3F9C-11CF-8075-444553540000} (Shockwave ActiveX Control) - http://download.macromedia.com/pub/shockwave/cabs/director/sw.cab
    O16 - DPF: {30528230-99F7-4BB4-88D8-FA1D4F56A2AB} (YInstStarter Class) - http://download.yahoo.com/dl/installs/yinst.cab
    O16 - DPF: {41F17733-B041-4099-A042-B518BB6A408C} - http://a1540.g.akamai.net/7/1540/52...pple.com/mickey/us/win/QuickTimeInstaller.exe
    O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://www.pandasoftware.com/activescan/as5/asinst.cab
    O16 - DPF: {9EB320CE-BE1D-4304-A081-4B4665414BEF} - http://www.mt-download.com/MediaTicketsInstaller.cab
    O16 - DPF: {A031D222-B496-11D2-9CC8-00105A10AAF6} (WONWebLauncher Class) - http://www.flipside.com/cab/WONWebLauncherControl.cab
    O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://download.macromedia.com/pub/shockwave/cabs/flash/swflash.cab
    O16 - DPF: {DF780F87-FF2B-4DF8-92D0-73DB16A1543A} (PopCapLoader Object) - http://antu.popcap.com/games/popcaploader_v5.cab
     
  2. Pieter_Arntz

    Pieter_Arntz Spyware Veteran

    Joined:
    Apr 27, 2002
    Posts:
    13,440
    Location:
    Netherlands
    Hi jimmydub11,

    First find C:\WINDOWS\System32\drivers\etc\hosts and open it in Notepad.
    Use "Replace all" to change every 69.56.223.196 entry to 127.0.0.1

    Before you start using HijackThis please unzip hijackthis.exe to a folder of it´s own. The program creates backups in the folder it is in. In a Temp folder they easily disappear.

    Check the following items in HijackThis.
    Close all windows except HijackThis and click Fix checked:


    O4 - HKLM\..\Run: [RunDLL] rundll32.exe "C:\WINDOWS\System32\bridge.dll",Load
    O4 - HKLM\..\Run: [OADPERFL] C:\WINDOWS\System32\OADPERFL.exe

    O8 - Extra context menu item: &iSearch The Web - res://C:\WINDOWS\System32\toolbar.dll/SEARCH.HTML
    O8 - Extra context menu item: LimeShop Preferences - file://C:\Program Files\LimeShop\System\Temp\limeshop_script0.htm

    O16 - DPF: {11111111-1111-1111-1111-111208860449} - mhtml:file://C:NO_SUCH_MHT.MHT!http://www.008k.com/partner/inst/f10213.exe

    O16 - DPF: {9EB320CE-BE1D-4304-A081-4B4665414BEF} - http://www.mt-download.com/MediaTicketsInstaller.cab
    O16 - DPF: {A031D222-B496-11D2-9CC8-00105A10AAF6} (WONWebLauncher Class) - http://www.flipside.com/cab/WONWebLauncherControl.cab

    Then download and run CWShredder
    Use the Fix button and follow the instructions provided by the program.

    Reboot when you are don.

    Regards,

    Pieter
     
Thread Status:
Not open for further replies.
  1. This site uses cookies to help personalise content, tailor your experience and to keep you logged in if you register.
    By continuing to use this site, you are consenting to our use of cookies.