Viruses, Spyware and other Nasties RSS Viruses, Spyware and other Nasties RSS

Bridge.dll again (Error message when starting WIN 2000)

Thread Solved

Join Date: May 2004
Posts: 2
Reputation: green_mand is an unknown quantity at this point 
Solved Threads: 0
green_mand green_mand is offline Offline
Newbie Poster

Bridge.dll again (Error message when starting WIN 2000)

 
0
  #1
May 12th, 2004
Bridge.dll again

Now I am in the “missing bridge.dll� club too, please help me to get rid of the start up message.


Logfile of HijackThis v1.97.7
Scan saved at 14:06:37, on 12-05-2004
Platform: Windows 2000 SP2 (WinNT 5.00.2195)
MSIE: Internet Explorer v6.00 (6.00.2600.0000)

Running processes:
C:\WINNT\System32\smss.exe
C:\WINNT\system32\winlogon.exe
C:\WINNT\system32\services.exe
C:\WINNT\system32\lsass.exe
C:\WINNT\system32\svchost.exe
C:\WINNT\System32\svchost.exe
C:\WINNT\system32\spoolsv.exe
C:\WINNT\System32\ati2evxx.exe
C:\Programmer\NavNT\defwatch.exe
C:\PROGRA~1\Compaq\COMPAQ~3\hibserv.exe
C:\WINNT\system32\hidserv.exe
C:\WINNT\System32\hpb2ksrv.exe
C:\WINNT\System32\hpbhksrv.exe
C:\Programmer\Danware Data\NetOp Remote Control\HOST\NHOSTSVC.EXE
C:\Programmer\NavNT\rtvscan.exe
C:\WINNT\system32\regsvc.exe
C:\WINNT\system32\MSTask.exe
C:\WINNT\System32\snmp.exe
C:\WINNT\system32\stisvc.exe
C:\WINNT\System32\WBEM\WinMgmt.exe
C:\WINNT\System32\wm.exe
C:\WINNT\System32\inetsrv\inetinfo.exe
\sis080\sys\public\clntrust.exe
C:\WINNT\Explorer.EXE
C:\WINNT\System32\NALNTSRV.EXE
C:\WINNT\System32\NALDESK.EXE
C:\WINNT\System32\Atiptaxx.exe
C:\Programmer\Compaq\HotKey Software\hkss.exe
C:\WINNT\System32\dpmw32.exe
C:\WINNT\System32\NWTRAY.EXE
C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Programmer\Fælles filer\Real\Update_OB\evntsvc.exe
C:\Programmer\Hewlett-Packard\HP Share-to-Web\hpgs2wnd.exe
C:\Programmer\Nokia\Card Phone 2.0\Setup\CardPhoneUIStarter.exe
C:\Programmer\QuickTime\qttask.exe
C:\PROGRA~1\HEWLET~1\HPSHAR~1\hpgs2wnf.exe
C:\WINNT\System32\hpnra.exe
C:\Programmer\Fælles filer\Nokia\MPAPI\MPAPI3d.exe
C:\WINNT\System32\hpstatus.exe
C:\Programmer\JavaSoft\JRE\1.3.1\bin\javaw.exe
C:\Programmer\NavNT\vptray.exe
C:\WINNT\LOGI_MWX.EXE
C:\Programmer\Intuwave\Shared\mRouterRunTime\mRouterConfig.exe
C:\Programmer\DU Meter\DUMeter.exe
C:\PROGRA~1\Adaptec\EASYCD~1\CreateCD\CreateCD.exe
C:\Programmer\Intuwave\Shared\mRouterRunTime\mRouterRuntime.exe
C:\WINNT\System32\HPBSPSVR.EXE
C:\WINNT\System32\HPBJDSNT.EXE
C:\PROGRA~1\WinZip\winzip32.exe
C:\hijackthis\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer,SearchURL = http://www.ewebsearch.net/sp.htm
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://www.ewebsearch.net/sp.htm
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.ewebsearch.net/sp.htm
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = file:///C:/data/web/start%20side.htm
R1 - HKCU\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://www.ewebsearch.net/sp.htm
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://jump.altavista.com/avie5/searchpane
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.altavista.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://www.altavista.com/
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = gopher=10.66.60.8:8080;http=10.66.60.8:8080;https=10.66.60.8:8080
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Hyperlinks
O2 - BHO: (no name) - {00000000-0007-5041-4354-0020e48020af} - C:\Programmer\12Ghosts\12popup.dll
O2 - BHO: (no name) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Programmer\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINNT\System32\msdxm.ocx
O3 - Toolbar: 12-Popup - {00000000-0008-5041-4354-0020e48020af} - C:\Programmer\12Ghosts\12popup.dll
O4 - HKLM\..\Run: [Synchronization Manager] mobsync.exe /logon
O4 - HKLM\..\Run: [AtiPTA] Atiptaxx.exe
O4 - HKLM\..\Run: [hkss] C:\Programmer\Compaq\HotKey Software\hkss.exe
O4 - HKLM\..\Run: [NDPS] C:\WINNT\System32\dpmw32.exe
O4 - HKLM\..\Run: [NWTRAY] NWTRAY.EXE
O4 - HKLM\..\Run: [SynTPLpr] C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [TkBellExe] C:\Programmer\Fælles filer\Real\Update_OB\evntsvc.exe -osboot
O4 - HKLM\..\Run: [WebCam Autolaunch] webc3lch
O4 - HKLM\..\Run: [DXM6Patch_981116] C:\WINNT\p_981116.exe /Q:A
O4 - HKLM\..\Run: [Share-to-Web Namespace Daemon] C:\Programmer\Hewlett-Packard\HP Share-to-Web\hpgs2wnd.exe
O4 - HKLM\..\Run: [UIStarter] "C:\Programmer\Nokia\Card Phone 2.0\Setup\CardPhoneUIStarter.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Programmer\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [HP Network Registry Agent] C:\WINNT\System32\hpnra.exe
O4 - HKLM\..\Run: [HP Status] C:\WINNT\System32\hpstatus.exe
O4 - HKLM\..\Run: [HP Proxy Server] C:\Programmer\Hewlett-Packard\ProxyService\ProxyService.lnk
O4 - HKLM\..\Run: [vptray] C:\Programmer\NavNT\vptray.exe
O4 - HKLM\..\Run: [Logitech Utility] LOGI_MWX.EXE
O4 - HKLM\..\Run: [mRouterConfig for Siemens Data Suite SX1] C:\Programmer\Intuwave\Shared\mRouterRunTime\mRouterConfig.exe
O4 - HKLM\..\Run: [DU Meter] C:\Programmer\DU Meter\DUMeter.exe
O4 - HKLM\..\Run: [RunDLL] rundll32.exe "C:\WINNT\System32\bridge.dll",Load
O4 - HKLM\..\Run: [CreateCD] C:\PROGRA~1\Adaptec\EASYCD~1\CreateCD\CreateCD.exe -r
O4 - HKCU\..\Run: [Data-Control Autostart] C:\PROGRA~1\DATA-C~1.2\dc4run.exe
O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O15 - Trusted Zone: http://*.zonelabs.com
O16 - DPF: {02466323-75ED-11CF-A267-0020AF2546EA} (VivoActive Control) - http://www.real.com/vivo/index.html
O16 - DPF: {02BF25D5-8C17-4B23-BC80-D3488ABDDC6B} (QuickTime Object) - http://www.apple.com/qtactivex/qtplugin.cab
O16 - DPF: {166B1BCA-3F9C-11CF-8075-444553540000} (Shockwave ActiveX Control) - http://download.macromedia.com/pub/s...irector/sw.cab
O16 - DPF: {34805D32-AD89-469E-8503-A5666AEE4333} - http://207.188.7.150/259d6fbd94e6308...tzip/RdxIE.cab
O16 - DPF: {80DD2229-B8E4-4C77-B72F-F22972D723EA} (AvxScanOnline Control) - http://www.bitdefender.com/scan/Msie/bitdefender.cab
O16 - DPF: {9F1C11AA-197B-4942-BA54-47A8489BB47F} (Update Class) - http://v4.windowsupdate.microsoft.co...079.5812847222
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://download.macromedia.com/pub/s...sh/swflash.cab
O16 - DPF: {EF99BD32-C1FB-11D2-892F-0090271D4F88} - http://us.dl1.yimg.com/download.yaho...bio5_0_2_7.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{240A6582-C8B2-4D38-B148-339F69CDB793}: Domain = nukissiorfiit.gl
O17 - HKLM\System\CS1\Services\Tcpip\..\{240A6582-C8B2-4D38-B148-339F69CDB793}: Domain = nukissiorfiit.gl
O17 - HKLM\System\CS2\Services\Tcpip\..\{240A6582-C8B2-4D38-B148-339F69CDB793}: Domain = nukissiorfiit.gl
Reply With Quote Quick reply to this message  
Join Date: Feb 2004
Posts: 10,001
Reputation: crunchie is a splendid one to behold crunchie is a splendid one to behold crunchie is a splendid one to behold crunchie is a splendid one to behold crunchie is a splendid one to behold crunchie is a splendid one to behold crunchie is a splendid one to behold 
Solved Threads: 757
Moderator
Featured Poster
crunchie's Avatar
crunchie crunchie is offline Offline
Spyware Killer

Re: Bridge.dll again (Error message when starting WIN 2000)

 
0
  #2
May 12th, 2004
Ok. Please do the following & we will see if we can get it sorted for you.
Download CWShredder from here & run it. Select the fix button & it will get rid of everything related to CoolWebSearch in it's database. Close ALL windows, including IE, before running CWShredder. REBOOT.

To help prevent this from happening again, install the patches for the vulnerabilities that this hijacker exploits by going here for your critical updates.

Close all (browser) windows & rescan with hijackthis. When the scan is finished place a check in the box to the left of the following entries & click 'fix checked' :

O4 - HKLM\..\Run: [RunDLL] rundll32.exe "C:\WINNT\System32\bridge.dll",Load

O16 - DPF: {34805D32-AD89-469E-8503-A5666AEE4333} - http://207.188.7.150/259d6fbd94e630...etzip/RdxIE.cab

Go here for an on-line scan & set it to autoclean for you.
This is just a precaution. Please report back what the scan finds, if anything.

You also need SP4 for W2K. & SP1 for IE6. They are a must.


Reboot after doing this & post another log please.
Proud member of ASAP (Alliance of Security analysis Professionals).
Opera AVAST anti-virus Comodo Firewall Spywareblaster
Reply With Quote Quick reply to this message  
Join Date: May 2004
Posts: 2
Reputation: green_mand is an unknown quantity at this point 
Solved Threads: 0
green_mand green_mand is offline Offline
Newbie Poster

Re: Bridge.dll again (Error message when starting WIN 2000)

 
0
  #3
May 12th, 2004
Hi Crunchie

You fix the bridge.dll problem thanks.
Updates done.
No virus found, (Norton AntiVirus, deff. file 09/05/2004 rev. 17)
SP4 for W2K. & SP1 for IE6 done.

Logfile of HijackThis v1.97.7
=============================
Scan saved at 18:17:22, on 12-05-2004
Platform: Windows 2000 SP4 (WinNT 5.00.2195)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:
C:\WINNT\System32\smss.exe
C:\WINNT\system32\winlogon.exe
C:\WINNT\system32\services.exe
C:\WINNT\system32\lsass.exe
C:\WINNT\system32\svchost.exe
C:\WINNT\System32\svchost.exe
C:\WINNT\system32\spoolsv.exe
C:\WINNT\System32\ati2evxx.exe
C:\Programmer\NavNT\defwatch.exe
C:\PROGRA~1\Compaq\COMPAQ~3\hibserv.exe
C:\WINNT\system32\hidserv.exe
C:\WINNT\System32\hpb2ksrv.exe
C:\WINNT\System32\hpbhksrv.exe
C:\WINNT\System32\inetsrv\inetinfo.exe
C:\Programmer\Danware Data\NetOp Remote Control\HOST\NHOSTSVC.EXE
C:\Programmer\NavNT\rtvscan.exe
C:\WINNT\system32\regsvc.exe
C:\WINNT\system32\MSTask.exe
C:\WINNT\System32\snmp.exe
C:\WINNT\system32\stisvc.exe
C:\WINNT\System32\WBEM\WinMgmt.exe
C:\WINNT\System32\wm.exe
C:\WINNT\system32\svchost.exe
\sis080\sys\public\clntrust.exe
C:\WINNT\Explorer.EXE
C:\WINNT\system32\NALNTSRV.EXE
C:\WINNT\system32\NALDESK.EXE
C:\WINNT\system32\Atiptaxx.exe
C:\Programmer\Compaq\HotKey Software\hkss.exe
C:\WINNT\System32\dpmw32.exe
C:\WINNT\system32\NWTRAY.EXE
C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Programmer\Fælles filer\Real\Update_OB\evntsvc.exe
C:\Programmer\Hewlett-Packard\HP Share-to-Web\hpgs2wnd.exe
C:\Programmer\Nokia\Card Phone 2.0\Setup\CardPhoneUIStarter.exe
C:\Programmer\QuickTime\qttask.exe
C:\WINNT\System32\hpnra.exe
C:\PROGRA~1\HEWLET~1\HPSHAR~1\hpgs2wnf.exe
C:\Programmer\Fælles filer\Nokia\MPAPI\MPAPI3d.exe
C:\WINNT\System32\hpstatus.exe
C:\Programmer\JavaSoft\JRE\1.3.1\bin\javaw.exe
C:\Programmer\NavNT\vptray.exe
C:\WINNT\LOGI_MWX.EXE
C:\Programmer\Intuwave\Shared\mRouterRunTime\mRouterConfig.exe
C:\Programmer\DU Meter\DUMeter.exe
C:\PROGRA~1\Adaptec\EASYCD~1\CreateCD\CreateCD.exe
C:\Programmer\Intuwave\Shared\mRouterRunTime\mRouterRuntime.exe
C:\WINNT\System32\HPBSPSVR.EXE
C:\WINNT\System32\HPBJDSNT.EXE
C:\Programmer\Internet Explorer\iexplore.exe
C:\hijackthis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = file:///C:/data/web/start%20side.htm
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://jump.altavista.com/avie5/searchpane
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.altavista.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://www.altavista.com/
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = gopher=10.66.60.8:8080;http=10.66.60.8:8080;https=10.66.60.8:8080
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Hyperlinks
O2 - BHO: (no name) - {00000000-0007-5041-4354-0020e48020af} - C:\Programmer\12Ghosts\12popup.dll
O2 - BHO: (no name) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Programmer\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINNT\System32\msdxm.ocx
O3 - Toolbar: 12-Popup - {00000000-0008-5041-4354-0020e48020af} - C:\Programmer\12Ghosts\12popup.dll
O4 - HKLM\..\Run: [Synchronization Manager] mobsync.exe /logon
O4 - HKLM\..\Run: [AtiPTA] Atiptaxx.exe
O4 - HKLM\..\Run: [hkss] C:\Programmer\Compaq\HotKey Software\hkss.exe
O4 - HKLM\..\Run: [NDPS] C:\WINNT\System32\dpmw32.exe
O4 - HKLM\..\Run: [NWTRAY] NWTRAY.EXE
O4 - HKLM\..\Run: [SynTPLpr] C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [TkBellExe] C:\Programmer\Fælles filer\Real\Update_OB\evntsvc.exe -osboot
O4 - HKLM\..\Run: [WebCam Autolaunch] webc3lch
O4 - HKLM\..\Run: [DXM6Patch_981116] C:\WINNT\p_981116.exe /Q:A
O4 - HKLM\..\Run: [Share-to-Web Namespace Daemon] C:\Programmer\Hewlett-Packard\HP Share-to-Web\hpgs2wnd.exe
O4 - HKLM\..\Run: [UIStarter] "C:\Programmer\Nokia\Card Phone 2.0\Setup\CardPhoneUIStarter.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Programmer\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [HP Network Registry Agent] C:\WINNT\System32\hpnra.exe
O4 - HKLM\..\Run: [HP Status] C:\WINNT\System32\hpstatus.exe
O4 - HKLM\..\Run: [HP Proxy Server] C:\Programmer\Hewlett-Packard\ProxyService\ProxyService.lnk
O4 - HKLM\..\Run: [vptray] C:\Programmer\NavNT\vptray.exe
O4 - HKLM\..\Run: [Logitech Utility] LOGI_MWX.EXE
O4 - HKLM\..\Run: [mRouterConfig for Siemens Data Suite SX1] C:\Programmer\Intuwave\Shared\mRouterRunTime\mRouterConfig.exe
O4 - HKLM\..\Run: [DU Meter] C:\Programmer\DU Meter\DUMeter.exe
O4 - HKLM\..\Run: [CreateCD] C:\PROGRA~1\Adaptec\EASYCD~1\CreateCD\CreateCD.exe -r
O4 - HKCU\..\Run: [Data-Control Autostart] C:\PROGRA~1\DATA-C~1.2\dc4run.exe
O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O9 - Extra button: Related (HKLM)
O9 - Extra 'Tools' menuitem: Show &Related Links (HKLM)
O15 - Trusted Zone: http://*.zonelabs.com
O16 - DPF: {02466323-75ED-11CF-A267-0020AF2546EA} (VivoActive Control) - http://www.real.com/vivo/index.html
O16 - DPF: {02BF25D5-8C17-4B23-BC80-D3488ABDDC6B} (QuickTime Object) - http://www.apple.com/qtactivex/qtplugin.cab
O16 - DPF: {166B1BCA-3F9C-11CF-8075-444553540000} (Shockwave ActiveX Control) - http://download.macromedia.com/pub/s...irector/sw.cab
O16 - DPF: {80DD2229-B8E4-4C77-B72F-F22972D723EA} (AvxScanOnline Control) - http://www.bitdefender.com/scan/Msie/bitdefender.cab
O16 - DPF: {9F1C11AA-197B-4942-BA54-47A8489BB47F} (Update Class) - http://v4.windowsupdate.microsoft.co...079.5812847222
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://download.macromedia.com/pub/s...sh/swflash.cab
O16 - DPF: {EF99BD32-C1FB-11D2-892F-0090271D4F88} - http://us.dl1.yimg.com/download.yaho...bio5_0_2_7.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{240A6582-C8B2-4D38-B148-339F69CDB793}: Domain = nukissiorfiit.gl
O17 - HKLM\System\CS1\Services\Tcpip\..\{240A6582-C8B2-4D38-B148-339F69CDB793}: Domain = nukissiorfiit.gl
O17 - HKLM\System\CS2\Services\Tcpip\..\{240A6582-C8B2-4D38-B148-339F69CDB793}: Domain = nukissiorfiit.gl
========================================

Am I clean now?

Jan Z
Reply With Quote Quick reply to this message  
Join Date: Feb 2004
Posts: 10,001
Reputation: crunchie is a splendid one to behold crunchie is a splendid one to behold crunchie is a splendid one to behold crunchie is a splendid one to behold crunchie is a splendid one to behold crunchie is a splendid one to behold crunchie is a splendid one to behold 
Solved Threads: 757
Moderator
Featured Poster
crunchie's Avatar
crunchie crunchie is offline Offline
Spyware Killer

Re: Bridge.dll again (Error message when starting WIN 2000)

 
0
  #4
May 13th, 2004
Just fix this one & you're right to go.

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = file:///C:/data/web/start%20side.htm
Proud member of ASAP (Alliance of Security analysis Professionals).
Opera AVAST anti-virus Comodo Firewall Spywareblaster
Reply With Quote Quick reply to this message  
Reply

Quick Reply to Thread
This thread has been marked solved.
Perhaps start a new thread instead?
Message:



Similar Threads
Other Threads in the Viruses, Spyware and other Nasties Forum
Thread Tools Search this Thread



adware anti-malware anti-virussitesaccessissue antivirus attack audio avg backtoschoolspeech bar blackhat botnet botnets censorship china commercial commercials conficker connect control crosssitescripting cyber cybercrime cyberwarfare ddos domains e-mafia education email europe exam exploit facebook fake fancheckvirus gaming gumblar halloween herss.exe hijack hosting internet iphone kaspersky legal logfiles mail malware mcafee mega-d messagelabs microsoft mobile nazi news obama onlinethreats paedophile panel parents patch phishing police policeprovirusmba-mblockedinternetaccess president privacy pro problem redirect redirecting reliability report research risk rogueantivirus samhain sans scareware school search security seopoisoning software spam spyware spywareexternalwindows7adminstratortrojans sqlinjection symantec trojan unwanted update usa virus viruses vista war warning windows worm yahoo zeroday
About Us | Contact Us | Advertise | DaniWeb | Acceptable Use Policy | RSS Feed

©2003 - 2009 DaniWeb® LLC