954,184 Members — Technology Publication meets Social Media
Username:
Password:
Lost login information?
Have something to say? Contribute New Article Reply to this Article
8 Years Ago
0

Bridge.dll again (Error message when starting WIN 2000)

Bridge.dll again

Now I am in the “missing bridge.dll club too, please help me to get rid of the start up message.


Logfile of HijackThis v1.97.7
Scan saved at 14:06:37, on 12-05-2004
Platform: Windows 2000 SP2 (WinNT 5.00.2195)
MSIE: Internet Explorer v6.00 (6.00.2600.0000)

Running processes:
C:\WINNT\System32\smss.exe
C:\WINNT\system32\winlogon.exe
C:\WINNT\system32\services.exe
C:\WINNT\system32\lsass.exe
C:\WINNT\system32\svchost.exe
C:\WINNT\System32\svchost.exe
C:\WINNT\system32\spoolsv.exe
C:\WINNT\System32\ati2evxx.exe
C:\Programmer\NavNT\defwatch.exe
C:\PROGRA~1\Compaq\COMPAQ~3\hibserv.exe
C:\WINNT\system32\hidserv.exe
C:\WINNT\System32\hpb2ksrv.exe
C:\WINNT\System32\hpbhksrv.exe
C:\Programmer\Danware Data\NetOp Remote Control\HOST\NHOSTSVC.EXE
C:\Programmer\NavNT\rtvscan.exe
C:\WINNT\system32\regsvc.exe
C:\WINNT\system32\MSTask.exe
C:\WINNT\System32\snmp.exe
C:\WINNT\system32\stisvc.exe
C:\WINNT\System32\WBEM\WinMgmt.exe
C:\WINNT\System32\wm.exe
C:\WINNT\System32\inetsrv\inetinfo.exe
\sis080\sys\public\clntrust.exe
C:\WINNT\Explorer.EXE
C:\WINNT\System32\NALNTSRV.EXE
C:\WINNT\System32\NALDESK.EXE
C:\WINNT\System32\Atiptaxx.exe
C:\Programmer\Compaq\HotKey Software\hkss.exe
C:\WINNT\System32\dpmw32.exe
C:\WINNT\System32\NWTRAY.EXE
C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Programmer\Fælles filer\Real\Update_OB\evntsvc.exe
C:\Programmer\Hewlett-Packard\HP Share-to-Web\hpgs2wnd.exe
C:\Programmer\Nokia\Card Phone 2.0\Setup\CardPhoneUIStarter.exe
C:\Programmer\QuickTime\qttask.exe
C:\PROGRA~1\HEWLET~1\HPSHAR~1\hpgs2wnf.exe
C:\WINNT\System32\hpnra.exe
C:\Programmer\Fælles filer\Nokia\MPAPI\MPAPI3d.exe
C:\WINNT\System32\hpstatus.exe
C:\Programmer\JavaSoft\JRE\1.3.1\bin\javaw.exe
C:\Programmer\NavNT\vptray.exe
C:\WINNT\LOGI_MWX.EXE
C:\Programmer\Intuwave\Shared\mRouterRunTime\mRouterConfig.exe
C:\Programmer\DU Meter\DUMeter.exe
C:\PROGRA~1\Adaptec\EASYCD~1\CreateCD\CreateCD.exe
C:\Programmer\Intuwave\Shared\mRouterRunTime\mRouterRuntime.exe
C:\WINNT\System32\HPBSPSVR.EXE
C:\WINNT\System32\HPBJDSNT.EXE
C:\PROGRA~1\WinZip\winzip32.exe
C:\hijackthis\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer,SearchURL = http://www.ewebsearch.net/sp.htm
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://www.ewebsearch.net/sp.htm
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.ewebsearch.net/sp.htm
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = file:///C:/data/web/start%20side.htm
R1 - HKCU\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://www.ewebsearch.net/sp.htm
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://jump.altavista.com/avie5/searchpane
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.altavista.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://www.altavista.com/
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = gopher=10.66.60.8:8080;http=10.66.60.8:8080;https=10.66.60.8:8080
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Hyperlinks
O2 - BHO: (no name) - {00000000-0007-5041-4354-0020e48020af} - C:\Programmer\12Ghosts\12popup.dll
O2 - BHO: (no name) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Programmer\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINNT\System32\msdxm.ocx
O3 - Toolbar: 12-Popup - {00000000-0008-5041-4354-0020e48020af} - C:\Programmer\12Ghosts\12popup.dll
O4 - HKLM\..\Run: [Synchronization Manager] mobsync.exe /logon
O4 - HKLM\..\Run: [AtiPTA] Atiptaxx.exe
O4 - HKLM\..\Run: [hkss] C:\Programmer\Compaq\HotKey Software\hkss.exe
O4 - HKLM\..\Run: [NDPS] C:\WINNT\System32\dpmw32.exe
O4 - HKLM\..\Run: [NWTRAY] NWTRAY.EXE
O4 - HKLM\..\Run: [SynTPLpr] C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [TkBellExe] C:\Programmer\Fælles filer\Real\Update_OB\evntsvc.exe -osboot
O4 - HKLM\..\Run: [WebCam Autolaunch] webc3lch
O4 - HKLM\..\Run: [DXM6Patch_981116] C:\WINNT\p_981116.exe /Q:A
O4 - HKLM\..\Run: [Share-to-Web Namespace Daemon] C:\Programmer\Hewlett-Packard\HP Share-to-Web\hpgs2wnd.exe
O4 - HKLM\..\Run: [UIStarter] "C:\Programmer\Nokia\Card Phone 2.0\Setup\CardPhoneUIStarter.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Programmer\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [HP Network Registry Agent] C:\WINNT\System32\hpnra.exe
O4 - HKLM\..\Run: [HP Status] C:\WINNT\System32\hpstatus.exe
O4 - HKLM\..\Run: [HP Proxy Server] C:\Programmer\Hewlett-Packard\ProxyService\ProxyService.lnk
O4 - HKLM\..\Run: [vptray] C:\Programmer\NavNT\vptray.exe
O4 - HKLM\..\Run: [Logitech Utility] LOGI_MWX.EXE
O4 - HKLM\..\Run: [mRouterConfig for Siemens Data Suite SX1] C:\Programmer\Intuwave\Shared\mRouterRunTime\mRouterConfig.exe
O4 - HKLM\..\Run: [DU Meter] C:\Programmer\DU Meter\DUMeter.exe
O4 - HKLM\..\Run: [RunDLL] rundll32.exe "C:\WINNT\System32\bridge.dll",Load
O4 - HKLM\..\Run: [CreateCD] C:\PROGRA~1\Adaptec\EASYCD~1\CreateCD\CreateCD.exe -r
O4 - HKCU\..\Run: [Data-Control Autostart] C:\PROGRA~1\DATA-C~1.2\dc4run.exe
O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O15 - Trusted Zone: http://*.zonelabs.com
O16 - DPF: {02466323-75ED-11CF-A267-0020AF2546EA} (VivoActive Control) - http://www.real.com/vivo/index.html
O16 - DPF: {02BF25D5-8C17-4B23-BC80-D3488ABDDC6B} (QuickTime Object) - http://www.apple.com/qtactivex/qtplugin.cab
O16 - DPF: {166B1BCA-3F9C-11CF-8075-444553540000} (Shockwave ActiveX Control) - http://download.macromedia.com/pub/shockwave/cabs/director/sw.cab
O16 - DPF: {34805D32-AD89-469E-8503-A5666AEE4333} - http://207.188.7.150/259d6fbd94e6308f8c20/netzip/RdxIE.cab
O16 - DPF: {80DD2229-B8E4-4C77-B72F-F22972D723EA} (AvxScanOnline Control) - http://www.bitdefender.com/scan/Msie/bitdefender.cab
O16 - DPF: {9F1C11AA-197B-4942-BA54-47A8489BB47F} (Update Class) - http://v4.windowsupdate.microsoft.com/CAB/x86/unicode/iuctl.CAB?38079.5812847222
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://download.macromedia.com/pub/shockwave/cabs/flash/swflash.cab
O16 - DPF: {EF99BD32-C1FB-11D2-892F-0090271D4F88} - http://us.dl1.yimg.com/download.yahoo.com/dl/toolbar/my/yiebio5_0_2_7.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{240A6582-C8B2-4D38-B148-339F69CDB793}: Domain = nukissiorfiit.gl
O17 - HKLM\System\CS1\Services\Tcpip\..\{240A6582-C8B2-4D38-B148-339F69CDB793}: Domain = nukissiorfiit.gl
O17 - HKLM\System\CS2\Services\Tcpip\..\{240A6582-C8B2-4D38-B148-339F69CDB793}: Domain = nukissiorfiit.gl

green_mand
Newbie Poster
2 posts since May 2004
Reputation Points: 10
Solved Threads: 0
 
8 Years Ago
0

Ok. Please do the following & we will see if we can get it sorted for you.
Download CWShredder from here & run it. Select the fix button & it will get rid of everything related to CoolWebSearch in it's database. Close ALL windows, including IE, before running CWShredder. REBOOT.

To help prevent this from happening again, install the patches for the vulnerabilities that this hijacker exploits by going here for your critical updates.

Close all (browser) windows & rescan with hijackthis. When the scan is finished place a check in the box to the left of the following entries & click 'fix checked' :

O4 - HKLM\..\Run: [RunDLL] rundll32.exe "C:\WINNT\System32\bridge.dll",Load

O16 - DPF: {34805D32-AD89-469E-8503-A5666AEE4333} - http://207.188.7.150/259d6fbd94e630...etzip/RdxIE.cab

Go here for an on-line scan & set it to autoclean for you.
This is just a precaution. Please report back what the scan finds, if anything.

You also need SP4 for W2K. & SP1 for IE6. They are a must.


Reboot after doing this & post another log please.

crunchie
Most Valuable Poster
Moderator
20,095 posts since Feb 2004
Reputation Points: 1,142
Solved Threads: 985
 
8 Years Ago
0

Hi Crunchie

You fix the bridge.dll problem thanks.
Updates done.
No virus found, (Norton AntiVirus, deff. file 09/05/2004 rev. 17)
SP4 for W2K. & SP1 for IE6 done.

Logfile of HijackThis v1.97.7
=============================
Scan saved at 18:17:22, on 12-05-2004
Platform: Windows 2000 SP4 (WinNT 5.00.2195)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:
C:\WINNT\System32\smss.exe
C:\WINNT\system32\winlogon.exe
C:\WINNT\system32\services.exe
C:\WINNT\system32\lsass.exe
C:\WINNT\system32\svchost.exe
C:\WINNT\System32\svchost.exe
C:\WINNT\system32\spoolsv.exe
C:\WINNT\System32\ati2evxx.exe
C:\Programmer\NavNT\defwatch.exe
C:\PROGRA~1\Compaq\COMPAQ~3\hibserv.exe
C:\WINNT\system32\hidserv.exe
C:\WINNT\System32\hpb2ksrv.exe
C:\WINNT\System32\hpbhksrv.exe
C:\WINNT\System32\inetsrv\inetinfo.exe
C:\Programmer\Danware Data\NetOp Remote Control\HOST\NHOSTSVC.EXE
C:\Programmer\NavNT\rtvscan.exe
C:\WINNT\system32\regsvc.exe
C:\WINNT\system32\MSTask.exe
C:\WINNT\System32\snmp.exe
C:\WINNT\system32\stisvc.exe
C:\WINNT\System32\WBEM\WinMgmt.exe
C:\WINNT\System32\wm.exe
C:\WINNT\system32\svchost.exe
\sis080\sys\public\clntrust.exe
C:\WINNT\Explorer.EXE
C:\WINNT\system32\NALNTSRV.EXE
C:\WINNT\system32\NALDESK.EXE
C:\WINNT\system32\Atiptaxx.exe
C:\Programmer\Compaq\HotKey Software\hkss.exe
C:\WINNT\System32\dpmw32.exe
C:\WINNT\system32\NWTRAY.EXE
C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Programmer\Fælles filer\Real\Update_OB\evntsvc.exe
C:\Programmer\Hewlett-Packard\HP Share-to-Web\hpgs2wnd.exe
C:\Programmer\Nokia\Card Phone 2.0\Setup\CardPhoneUIStarter.exe
C:\Programmer\QuickTime\qttask.exe
C:\WINNT\System32\hpnra.exe
C:\PROGRA~1\HEWLET~1\HPSHAR~1\hpgs2wnf.exe
C:\Programmer\Fælles filer\Nokia\MPAPI\MPAPI3d.exe
C:\WINNT\System32\hpstatus.exe
C:\Programmer\JavaSoft\JRE\1.3.1\bin\javaw.exe
C:\Programmer\NavNT\vptray.exe
C:\WINNT\LOGI_MWX.EXE
C:\Programmer\Intuwave\Shared\mRouterRunTime\mRouterConfig.exe
C:\Programmer\DU Meter\DUMeter.exe
C:\PROGRA~1\Adaptec\EASYCD~1\CreateCD\CreateCD.exe
C:\Programmer\Intuwave\Shared\mRouterRunTime\mRouterRuntime.exe
C:\WINNT\System32\HPBSPSVR.EXE
C:\WINNT\System32\HPBJDSNT.EXE
C:\Programmer\Internet Explorer\iexplore.exe
C:\hijackthis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = file:///C:/data/web/start%20side.htm
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://jump.altavista.com/avie5/searchpane
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.altavista.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://www.altavista.com/
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = gopher=10.66.60.8:8080;http=10.66.60.8:8080;https=10.66.60.8:8080
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Hyperlinks
O2 - BHO: (no name) - {00000000-0007-5041-4354-0020e48020af} - C:\Programmer\12Ghosts\12popup.dll
O2 - BHO: (no name) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Programmer\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINNT\System32\msdxm.ocx
O3 - Toolbar: 12-Popup - {00000000-0008-5041-4354-0020e48020af} - C:\Programmer\12Ghosts\12popup.dll
O4 - HKLM\..\Run: [Synchronization Manager] mobsync.exe /logon
O4 - HKLM\..\Run: [AtiPTA] Atiptaxx.exe
O4 - HKLM\..\Run: [hkss] C:\Programmer\Compaq\HotKey Software\hkss.exe
O4 - HKLM\..\Run: [NDPS] C:\WINNT\System32\dpmw32.exe
O4 - HKLM\..\Run: [NWTRAY] NWTRAY.EXE
O4 - HKLM\..\Run: [SynTPLpr] C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [TkBellExe] C:\Programmer\Fælles filer\Real\Update_OB\evntsvc.exe -osboot
O4 - HKLM\..\Run: [WebCam Autolaunch] webc3lch
O4 - HKLM\..\Run: [DXM6Patch_981116] C:\WINNT\p_981116.exe /Q:A
O4 - HKLM\..\Run: [Share-to-Web Namespace Daemon] C:\Programmer\Hewlett-Packard\HP Share-to-Web\hpgs2wnd.exe
O4 - HKLM\..\Run: [UIStarter] "C:\Programmer\Nokia\Card Phone 2.0\Setup\CardPhoneUIStarter.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Programmer\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [HP Network Registry Agent] C:\WINNT\System32\hpnra.exe
O4 - HKLM\..\Run: [HP Status] C:\WINNT\System32\hpstatus.exe
O4 - HKLM\..\Run: [HP Proxy Server] C:\Programmer\Hewlett-Packard\ProxyService\ProxyService.lnk
O4 - HKLM\..\Run: [vptray] C:\Programmer\NavNT\vptray.exe
O4 - HKLM\..\Run: [Logitech Utility] LOGI_MWX.EXE
O4 - HKLM\..\Run: [mRouterConfig for Siemens Data Suite SX1] C:\Programmer\Intuwave\Shared\mRouterRunTime\mRouterConfig.exe
O4 - HKLM\..\Run: [DU Meter] C:\Programmer\DU Meter\DUMeter.exe
O4 - HKLM\..\Run: [CreateCD] C:\PROGRA~1\Adaptec\EASYCD~1\CreateCD\CreateCD.exe -r
O4 - HKCU\..\Run: [Data-Control Autostart] C:\PROGRA~1\DATA-C~1.2\dc4run.exe
O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O9 - Extra button: Related (HKLM)
O9 - Extra 'Tools' menuitem: Show &Related Links (HKLM)
O15 - Trusted Zone: http://*.zonelabs.com
O16 - DPF: {02466323-75ED-11CF-A267-0020AF2546EA} (VivoActive Control) - http://www.real.com/vivo/index.html
O16 - DPF: {02BF25D5-8C17-4B23-BC80-D3488ABDDC6B} (QuickTime Object) - http://www.apple.com/qtactivex/qtplugin.cab
O16 - DPF: {166B1BCA-3F9C-11CF-8075-444553540000} (Shockwave ActiveX Control) - http://download.macromedia.com/pub/shockwave/cabs/director/sw.cab
O16 - DPF: {80DD2229-B8E4-4C77-B72F-F22972D723EA} (AvxScanOnline Control) - http://www.bitdefender.com/scan/Msie/bitdefender.cab
O16 - DPF: {9F1C11AA-197B-4942-BA54-47A8489BB47F} (Update Class) - http://v4.windowsupdate.microsoft.com/CAB/x86/unicode/iuctl.CAB?38079.5812847222
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://download.macromedia.com/pub/shockwave/cabs/flash/swflash.cab
O16 - DPF: {EF99BD32-C1FB-11D2-892F-0090271D4F88} - http://us.dl1.yimg.com/download.yahoo.com/dl/toolbar/my/yiebio5_0_2_7.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{240A6582-C8B2-4D38-B148-339F69CDB793}: Domain = nukissiorfiit.gl
O17 - HKLM\System\CS1\Services\Tcpip\..\{240A6582-C8B2-4D38-B148-339F69CDB793}: Domain = nukissiorfiit.gl
O17 - HKLM\System\CS2\Services\Tcpip\..\{240A6582-C8B2-4D38-B148-339F69CDB793}: Domain = nukissiorfiit.gl
========================================

Am I clean now?

Jan Z

green_mand
Newbie Poster
2 posts since May 2004
Reputation Points: 10
Solved Threads: 0
 
8 Years Ago
0

Just fix this one & you're right to go.

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = file:///C:/data/web/start%20side.htm

crunchie
Most Valuable Poster
Moderator
20,095 posts since Feb 2004
Reputation Points: 1,142
Solved Threads: 985
 

This question has already been solved

Post: Markdown Syntax: Formatting Help
You
 
© 2012 DaniWeb® LLC
Home | About Us | Contact Us | Terms of Service | Advertising Opportunities
RSS Feed RSS Feed