Hey, I have been having sometrouble as of late. (about march 8th) I have windows xp. lately when I want to shut down my pc I have to manully shut down my rundll32.exe, why? I have been reading a lot of things on this bridgedll thing and i looked it up in my msconfig and its there but i don't know what to do with it now that i found it.

I ran hijackthis and here is what i got:

Logfile of HijackThis v1.97.7
Scan saved at 2:41:07 PM, on 3/12/2004
Platform: Windows XP (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 (6.00.2600.0000)
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\System32\rundll32.exe.exe
C:\Program Files\Java\j2re1.4.2_03\bin\jusched.exe
C:\Program Files\QuickTime\qttask.exe
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\WINDOWS\System32\gearsec.exe
C:\Program Files\Norton AntiVirus\navapsvc.exe
C:\Program Files\Norton AntiVirus\AdvTools\NPROTECT.EXE
C:\WINDOWS\System32\nvsvc32.exe
C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
C:\WINDOWS\system32\ZoneLabs\vsmon.exe
C:\Program Files\Norton AntiVirus\SAVScan.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\HijackThis.exe
C:\Program Files\Messenger\msmsgs.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://msn.com/
O2 - BHO: NAV Helper - {BDF3E430-B101-42AD-A544-FADC6B084872} - C:\Program Files\Norton AntiVirus\NavShExt.dll
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx
O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - C:\Program Files\Norton AntiVirus\NavShExt.dll
O4 - HKLM\..\Run: [rundll32.exe] C:\WINDOWS\System32\rundll32.exe.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\j2re1.4.2_03\bin\jusched.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [Advanced Tools Check] C:\PROGRA~1\NORTON~1\AdvTools\ADVCHK.EXE
O4 - HKLM\..\Run: [Zone Labs Client] C:\PROGRA~1\ZONELA~1\ZONEAL~1\zlclient.exe
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [MSConfig] C:\WINDOWS\PCHealth\HelpCtr\Binaries\MSConfig.exe /auto
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE NvQTwk,NvCplDaemon initialize
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O9 - Extra 'Tools' menuitem: Sun Java Console (HKLM)
O9 - Extra button: Messenger (HKLM)
O9 - Extra 'Tools' menuitem: Windows Messenger (HKLM)
O16 - DPF: {00B71CFB-6864-4346-A978-C0A14556272C} (Checkers Class) - http://messenger.zone.msn.com/binary/msgrchkr.cab
O16 - DPF: {2917297F-F02B-4B9D-81DF-494B6333150B} (Minesweeper Flags Class) - http://messenger.zone.msn.com/binary/MineSweeper.cab
O16 - DPF: {30528230-99F7-4BB4-88D8-FA1D4F56A2AB} (YInstStarter Class) - http://download.yahoo.com/dl/installs/yinst0309.cab
O16 - DPF: {33564D57-0000-0010-8000-00AA00389B71} - http://download.microsoft.com/downlo...22/wmv9VCM.CAB
O16 - DPF: {74D05D43-3236-11D4-BDCD-00C04F9A3B61} (HouseCall Control) - http://a840.g.akamai.net/7/840/537/2...ll/xscan53.cab
O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary...tatsClient.cab
O16 - DPF: {9F1C11AA-197B-4942-BA54-47A8489BB47F} (Update Class) - http://v4.windowsupdate.microsoft.co...AB?38004.94875
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://download.macromedia.com/pub/s...sh/swflash.cab
O16 - DPF: {F04A8AE2-A59D-11D2-8792-00C04F8EF29D} (Hotmail Attachments Control) - http://by15fd.bay15.hotmail.msn.com/...x/HMAtchmt.ocx
O16 - DPF: {F58E1CEF-A068-4C15-BA5E-587CAF3EE8C6} (MSN Chat Control 4.5) - http://chat.msn.com/bin/msnchat45.cab
O16 - DPF: {F6BF0D00-0B2A-4A75-BF7B-F385591623AF} (Solitaire Showdown Class) - http://messenger.zone.msn.com/binary...reShowdown.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{A25B4830-2FC7-47F1-9152-D66BEFBB37E7}: NameServer = 142.177.1.2 142.177.129.11


What do I do with this to stop from having to manully shutdown my rundll32??? Is it a trojan or virus, spyware?? thank you for any help!!

Nevermind people I believe I fixed it myself...Thx for all your help!

but nobody helped You !

what did you do to fix it ,always nice to know

I just found the bridgedll.exe in the scan that i did with hijackthis and fixed it, and everything was fine!

Hi Moxin,

I am experiencing exactly the same problem on my laptop as you were. I am running Win2000 but assume the cause is the same. The problem has only started recently and on shutdown, it cannot close rundll32.exe automatically and requires me to click on I have checked my msconfig startup and there is a line which is as follows:

Startup Item - Bridge
Command - rundll32.exe "C:\WINNT\system32\bridge.dll",Load
Location - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run

You mention the fix involves this file, but you do not explain exactly how you fixed it. Can you provide me with some more information ?

Kind Regards

Simon

You can either navigate to the bridge.dll locations & delete them, (after backing up your registry, of course).
Or, you can download & run HijackThis & delete all instances of it with that.

Hi Crunchie, and thanks for the quick reply.

I have done a quick search of my system and the only bridge.dll file can be found in my c:\winnt\system32\bridge.dll.

What I have done is disabled the start up of this, using msconfig. This fixes the problem and does not seem to cause any adverse affects. I will leave this in safe startup mode for the time being to check it does not affect anything else.

I assume that if all is ok, my next steps will be to:

a) Use regedit to permenantly remove the row "rundll32.exe "C:\WINNT\system32\bridge.dll",Load" from the registry folder "HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run"

b) Delete bridge.dll from C:\winnt\system32\ folder?

Or should I leave the bridge.dll file where is is and just delete the registry row?

Cheers again for all your help.

Delete all instances of bridge.dll & nothing else. It is linked to a trojan virus so I wouldn't be surprised if it's on it's Pat Malone (alone).
Probably advisable to post a HJT log, up to you.

Hi Crunchie,

Thanks for you help.

One more question, if this bridge.dll is linked to a trojan virus, why has my virus checker (Sophos) not picked it up. I ran a full scan and it does not see it as a virus? Is this just a .dll file which a trojan virus uses? Very strange. Having said that, my virus checker did block a virus earlier last week. Could this file have been installed then?

Anyway, I have deleted it and the registry entry and all is ok.....so far

Cheers

Simon

A lot of AV's do not pick up all trojans, as you are probably already aware. Even when you get rid of the trojan/virus, they tend to leave behind files that they used. That would be why you get the error messages. I'm no expert though, but this is my understanding of it.