system32/bridge.dll

Discussion in 'adware, spyware & hijack cleaning' started by jimmydub11, May 14, 2004.

Thread Status:
Not open for further replies.
  1. jimmydub11

    jimmydub11 Registered Member

    Joined:
    May 14, 2004
    Posts:
    1
    This is the log infromation that i got when i ran HijackThis v1.97.7. The only problem i know of is that my widows media player wont open. Also the message error loading c:\windows\system\system32\bridge.dll appears after startup.


    Logfile of HijackThis v1.97.7
    Scan saved at 3:41:15 PM, on 5/14/2004
    Platform: Windows XP SP1 (WinNT 5.01.2600)
    MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

    Running processes:
    C:\WINDOWS\System32\smss.exe
    C:\WINDOWS\system32\winlogon.exe
    C:\WINDOWS\system32\services.exe
    C:\WINDOWS\system32\lsass.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\System32\svchost.exe
    C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
    C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
    C:\WINDOWS\Explorer.EXE
    C:\WINDOWS\system32\spoolsv.exe
    C:\Program Files\Apoint\Apoint.exe
    C:\Program Files\Dell\AccessDirect\dadapp.exe
    C:\Program Files\Real\RealPlayer\RealPlay.exe
    C:\Program Files\Dell\AccessDirect\DadTray.exe
    C:\Program Files\MUSICMATCH\MUSICMATCH Jukebox\mm_tray.exe
    C:\Program Files\Adaptec\Easy CD Creator 5\DirectCD\DirectCD.exe
    C:\Program Files\Apoint\Apntex.exe
    C:\Program Files\Dell\Support\Alert\bin\DAMon.exe
    C:\Program Files\MUSICMATCH\MUSICMATCH Jukebox\mmtask.exe
    C:\Program Files\Common Files\Symantec Shared\ccApp.exe
    C:\Program Files\QuickTime\qttask.exe
    C:\WINDOWS\System32\rundll32.exe
    C:\Program Files\Messenger\msmsgs.exe
    C:\Program Files\Microsoft ActiveSync\WCESCOMM.EXE
    C:\Program Files\Norton AntiVirus\navapsvc.exe
    C:\Program Files\Common Files\Microsoft Shared\Works Shared\wkcalrem.exe
    C:\Program Files\Norton AntiVirus\AdvTools\NPROTECT.EXE
    C:\WINDOWS\System32\OADPERFL.exe
    C:\WINDOWS\System32\nvsvc32.exe
    C:\Program Files\Norton AntiVirus\SAVScan.exe
    C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
    C:\WINDOWS\System32\MsPMSPSv.exe
    D:\RCDMENU.EXE
    C:\Program Files\Internet Explorer\iexplore.exe
    C:\Documents and Settings\Jimm\Local Settings\Temp\Temporary Directory 1 for hijackthis1977.zip\HijackThis.exe

    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://hotmail.com/
    R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://education.dellnet.com/
    O1 - Hosts: 69.56.223.196 t.rack.cc
    O1 - Hosts: 69.56.223.196 www.alfa-search.com
    O1 - Hosts: 69.56.223.196 webcoolsearch.com
    O1 - Hosts: 69.56.223.196 in.webcounter.cc
    O1 - Hosts: 69.56.223.196 i-lookup.com
    O1 - Hosts: 69.56.223.196 www.hand-book.com
    O1 - Hosts: 69.56.223.196 www.maxxxhosters.com
    O1 - Hosts: 69.56.223.196 allneedsearch.com
    O1 - Hosts: 69.56.223.196 nativehardcore.com
    O1 - Hosts: 69.56.223.196 teen-biz.com
    O1 - Hosts: 69.56.223.196 tits.hardcore4ever.net
    O1 - Hosts: 69.56.223.196 best.royalsearch.net
    O1 - Hosts: 69.56.223.196 default-homepage-network.com
    O1 - Hosts: 69.56.223.196 xwebsearch.biz
    O1 - Hosts: 69.56.223.196 www.rightfinder.net
    O1 - Hosts: 69.56.223.196 www.search-1.net
    O1 - Hosts: 69.56.223.196 www.searchv.com
    O1 - Hosts: 69.56.223.196 www.websearch.com
    O1 - Hosts: 69.56.223.196 mysearchnow.com
    O1 - Hosts: 69.56.223.196 www.therealsearch.com
    O1 - Hosts: 69.56.223.196 www.find-itnow.com
    O1 - Hosts: 69.56.223.196 find.microgirls.com
    O1 - Hosts: 69.56.223.196 super-spider.com
    O1 - Hosts: 69.56.223.196 www.searching-the-net.com
    O1 - Hosts: 69.56.223.196 www.firstbookmark.com
    O1 - Hosts: 69.56.223.196 just.find-itnow.com
    O1 - Hosts: 69.56.223.196 www.find-itnow.com
    O1 - Hosts: 69.56.223.196 qwertysearch123.biz
    O1 - Hosts: 69.56.223.196 www.search-space.com
    O1 - Hosts: 69.56.223.196 www.windowws.cc
    O1 - Hosts: 69.56.223.196 aifind.info
    O1 - Hosts: 69.56.223.196 www.find4u.net
    O1 - Hosts: 69.56.223.196 find4u.net
    O1 - Hosts: 69.56.223.196 www.lookfor.cc
    O1 - Hosts: 69.56.223.196 www.008i.com
    O1 - Hosts: 69.56.223.196 www.viewpornkey.com
    O1 - Hosts: 69.56.223.196 www.hugesearch.net
    O1 - Hosts: 69.56.223.196 www.nova****.com
    O1 - Hosts: 69.56.223.196 www.seznam.cz
    O1 - Hosts: 69.56.223.196 aifind.cc
    O1 - Hosts: 69.56.223.196 www.onet.pl
    O1 - Hosts: 69.56.223.196 teenhqpics.com
    O1 - Hosts: 69.56.223.196 www.ttjj.com
    O1 - Hosts: 69.56.223.196 www.search-dot.com
    O1 - Hosts: 69.56.223.196 www.search-and-go.com
    O1 - Hosts: 69.56.223.196 www.slotch.com
    O1 - Hosts: 69.56.223.196 www.2fastsearch.net
    O1 - Hosts: 69.56.223.196 awebfind.biz
    O1 - Hosts: 69.56.223.196 www.power-search.info
    O1 - Hosts: 69.56.223.196 www.naver.com
    O1 - Hosts: 69.56.223.196 www.daum.net
    O1 - Hosts: 69.56.223.196 www.ohcorea.com
    O1 - Hosts: 69.56.223.196 www.hao123.com
    O1 - Hosts: 69.56.223.196 58q.com
    O1 - Hosts: 69.56.223.196 www.hotwebsearch.com
    O1 - Hosts: 69.56.223.196 www.startium.com
    O1 - Hosts: 69.56.223.196 www.gajai.com
    O1 - Hosts: 69.56.223.196 www.wazzupnet.com
    O1 - Hosts: 69.56.223.196 freshvideogals.com
    O1 - Hosts: 69.56.223.196 www.xgmm.com
    O1 - Hosts: 69.56.223.196 searchmyrequest.com
    O1 - Hosts: 69.56.223.196 yourbookmarks.ws
    O1 - Hosts: 69.56.223.196 wmmse.com
    O1 - Hosts: 69.56.223.196 link.startmake.com
    O1 - Hosts: 69.56.223.196 www.boredlife.com
    O1 - Hosts: 69.56.223.196 approvedlinks.com
    O1 - Hosts: 69.56.223.196 www.nkvd.us
    O1 - Hosts: 69.56.223.196 www.8095.com
    O1 - Hosts: 69.56.223.196 www.dreamwiz.com
    O1 - Hosts: 69.56.223.196 ie-search.com
    O1 - Hosts: 69.56.223.196 auto.ie.searchforge.com
    O1 - Hosts: 69.56.223.196 search.psn.cn
    O1 - Hosts: 69.56.223.196 www.couldnotfind.com
    O1 - Hosts: 69.56.223.196 www.iquicksearch.com
    O1 - Hosts: 69.56.223.196 1-se.com
    O1 - Hosts: 69.56.223.196 www.spidersearch.com
    O1 - Hosts: 69.56.223.196 search.ieplugin.com
    O1 - Hosts: 69.56.223.196 itseasy.us
    O1 - Hosts: 69.56.223.196 searchbar.findthewebsiteyouneed.com
    O1 - Hosts: 69.56.223.196 www.searchxl.com
    O1 - Hosts: 69.56.223.196 www.hotsearchbox.com
    O1 - Hosts: 69.56.223.196 www.searchforge.com
    O1 - Hosts: 69.56.223.196 www.omega-search.com
    O1 - Hosts: 69.56.223.196 searchcentrix.com
    O2 - BHO: (no name) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx
    O2 - BHO: NAV Helper - {BDF3E430-B101-42AD-A544-FADC6B084872} - C:\Program Files\Norton AntiVirus\NavShExt.dll
    O2 - BHO: (no name) - {FDD3B846-8D59-4ffb-8758-209B6AD74ACC} - C:\Program Files\Microsoft Money\System\mnyviewer.dll
    O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx
    O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - C:\Program Files\Norton AntiVirus\NavShExt.dll
    O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\System32\NvCpl.dll,NvStartup
    O4 - HKLM\..\Run: [Apoint] C:\Program Files\Apoint\Apoint.exe
    O4 - HKLM\..\Run: [DadApp] C:\Program Files\Dell\AccessDirect\dadapp.exe
    O4 - HKLM\..\Run: [RealTray] C:\Program Files\Real\RealPlayer\RealPlay.exe SYSTEMBOOTHIDEPLAYER
    O4 - HKLM\..\Run: [MMTray] C:\Program Files\MUSICMATCH\MUSICMATCH Jukebox\mm_tray.exe
    O4 - HKLM\..\Run: [AdaptecDirectCD] "C:\Program Files\Adaptec\Easy CD Creator 5\DirectCD\DirectCD.exe"
    O4 - HKLM\..\Run: [Dell|Alert] C:\Program Files\Dell\Support\Alert\bin\DAMon.exe
    O4 - HKLM\..\Run: [mmtask] C:\Program Files\MUSICMATCH\MUSICMATCH Jukebox\mmtask.exe
    O4 - HKLM\..\Run: [nwiz] nwiz.exe /installquiet
    O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
    O4 - HKLM\..\Run: [NAV CfgWiz] C:\Program Files\Common Files\Symantec Shared\CfgWiz.exe /GUID NAV /CMDLINE "REBOOT"
    O4 - HKLM\..\Run: [Advanced Tools Check] C:\PROGRA~1\NORTON~1\AdvTools\ADVCHK.EXE
    O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
    O4 - HKLM\..\Run: [RunDLL] rundll32.exe "C:\WINDOWS\System32\bridge.dll",Load
    O4 - HKLM\..\Run: [OADPERFL] C:\WINDOWS\System32\OADPERFL.exe
    O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
    O4 - HKCU\..\Run: [H/PC Connection Agent] "C:\Program Files\Microsoft ActiveSync\WCESCOMM.EXE"
    O4 - HKCU\..\Run: [Microsoft Works Update Detection] C:\Program Files\Microsoft Works\WkDetect.exe
    O4 - Global Startup: Microsoft Works Calendar Reminders.lnk = ?
    O8 - Extra context menu item: &iSearch The Web - res://C:\WINDOWS\System32\toolbar.dll/SEARCH.HTML
    O8 - Extra context menu item: LimeShop Preferences - file://C:\Program Files\LimeShop\System\Temp\limeshop_script0.htm
    O9 - Extra button: Create Mobile Favorite (HKLM)
    O9 - Extra 'Tools' menuitem: Create Mobile Favorite... (HKLM)
    O9 - Extra button: AIM (HKLM)
    O9 - Extra button: Real.com (HKLM)
    O9 - Extra button: MoneySide (HKLM)
    O9 - Extra button: Messenger (HKLM)
    O9 - Extra 'Tools' menuitem: Windows Messenger (HKLM)
    O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll
    O16 - DPF: {0122955E-1FB0-11D2-A238-006097FAEE8B} (CscClnt Class) - http://205.159.125.199/central/02030106/cccabs/CleverContent.cab
    O16 - DPF: {02BF25D5-8C17-4B23-BC80-D3488ABDDC6B} (QuickTime Object) - http://www.apple.com/qtactivex/qtplugin.cab
    O16 - DPF: {11111111-1111-1111-1111-111208860449} - mhtml:file://C:NO_SUCH_MHT.MHT!http://www.008k.com/partner/inst/f10213.exe
    O16 - DPF: {166B1BCA-3F9C-11CF-8075-444553540000} (Shockwave ActiveX Control) - http://download.macromedia.com/pub/shockwave/cabs/director/sw.cab
    O16 - DPF: {30528230-99F7-4BB4-88D8-FA1D4F56A2AB} (YInstStarter Class) - http://download.yahoo.com/dl/installs/yinst.cab
    O16 - DPF: {41F17733-B041-4099-A042-B518BB6A408C} - http://a1540.g.akamai.net/7/1540/52...pple.com/mickey/us/win/QuickTimeInstaller.exe
    O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://www.pandasoftware.com/activescan/as5/asinst.cab
    O16 - DPF: {9EB320CE-BE1D-4304-A081-4B4665414BEF} - http://www.mt-download.com/MediaTicketsInstaller.cab
    O16 - DPF: {A031D222-B496-11D2-9CC8-00105A10AAF6} (WONWebLauncher Class) - http://www.flipside.com/cab/WONWebLauncherControl.cab
    O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://download.macromedia.com/pub/shockwave/cabs/flash/swflash.cab
    O16 - DPF: {DF780F87-FF2B-4DF8-92D0-73DB16A1543A} (PopCapLoader Object) - http://antu.popcap.com/games/popcaploader_v5.cab
     
  2. Pieter_Arntz

    Pieter_Arntz Spyware Veteran

    Joined:
    Apr 27, 2002
    Posts:
    13,332
    Location:
    Netherlands
    Hi jimmydub11,

    First find C:\WINDOWS\System32\drivers\etc\hosts and open it in Notepad.
    Use "Replace all" to change every 69.56.223.196 entry to 127.0.0.1

    Before you start using HijackThis please unzip hijackthis.exe to a folder of it´s own. The program creates backups in the folder it is in. In a Temp folder they easily disappear.

    Check the following items in HijackThis.
    Close all windows except HijackThis and click Fix checked:


    O4 - HKLM\..\Run: [RunDLL] rundll32.exe "C:\WINDOWS\System32\bridge.dll",Load
    O4 - HKLM\..\Run: [OADPERFL] C:\WINDOWS\System32\OADPERFL.exe

    O8 - Extra context menu item: &iSearch The Web - res://C:\WINDOWS\System32\toolbar.dll/SEARCH.HTML
    O8 - Extra context menu item: LimeShop Preferences - file://C:\Program Files\LimeShop\System\Temp\limeshop_script0.htm

    O16 - DPF: {11111111-1111-1111-1111-111208860449} - mhtml:file://C:NO_SUCH_MHT.MHT!http://www.008k.com/partner/inst/f10213.exe

    O16 - DPF: {9EB320CE-BE1D-4304-A081-4B4665414BEF} - http://www.mt-download.com/MediaTicketsInstaller.cab
    O16 - DPF: {A031D222-B496-11D2-9CC8-00105A10AAF6} (WONWebLauncher Class) - http://www.flipside.com/cab/WONWebLauncherControl.cab

    Then download and run CWShredder
    Use the Fix button and follow the instructions provided by the program.

    Reboot when you are don.

    Regards,

    Pieter
     
Thread Status:
Not open for further replies.