Jump to content


Photo

error message on System32\bridge.dll


  • Please log in to reply
1 reply to this topic

#1 APH

APH

    Member

  • New Member
  • Pip
  • 1 posts

Posted 15 July 2004 - 01:40 PM

I have an error message on my computer whenever I turn it on -

C:WINDOWS\System32\bridge.dll the system module could not be found, can you tell me which files I need to delete below.

thanks Logfile of HijackThis v1.97.7
Scan saved at 19:23:02, on 15/07/2004
Platform: Windows XP SP1 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\LEXBCES.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\LEXPPS.EXE
C:\WINDOWS\System32\DRIVERS\CDANTSRV.EXE
C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus Personal\avpm.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\System32\smsc.exe
C:\Program Files\Creative\WebCam Control\CAMTRAY.EXE
C:\Program Files\Lexmark X1100 Series\lxbkbmgr.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\Lexmark X1100 Series\lxbkbmon.exe
C:\WINDOWS\System32\winsys32.exe
C:\WINDOWS\System32\wuamgrd32.exe
C:\WINDOWS\System32\izwggeb.exe
C:\Program Files\Messenger\msmsgs.exe
C:\Program Files\Common Files\Microsoft Shared\Works Shared\wkcalrem.exe
C:\WINDOWS\system32\cmd.exe
C:\WINDOWS\system32\tftp.exe
C:\Documents and Settings\Local Settings\Temporary Internet Files\Content.IE5\85H3LKY9\HijackThis[1].exe
C:\Program Files\Internet Explorer\iexplore.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,SearchURL = http://www.enjoysear...nfo/search.html
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://www.wanadoo.c...rch/default.htm
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = res://C:\WINDOWS\mrhop.dll/sp.html (obfuscated)
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.co.uk/
R1 - HKCU\Software\Microsoft\Internet Explorer\Search,SearchAssistant = res://C:\WINDOWS\mrhop.dll/sp.html (obfuscated)
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,SearchURL = http://www.enjoysear...nfo/search.html
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = res://C:\WINDOWS\mrhop.dll/sp.html (obfuscated)
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = res://C:\WINDOWS\mrhop.dll/sp.html (obfuscated)
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.wanadoo.co.uk/
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = res://C:\WINDOWS\mrhop.dll/sp.html (obfuscated)
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Microsoft Internet Explorer provided by Wanadoo
O2 - BHO: (no name) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Messenger\ycomp.dll
O2 - BHO: (no name) - {4E7BD74F-2B8D-469E-C0FF-FD60B590A87D} - C:\PROGRA~1\COMMON~1\Real\Toolbar\realbar.dll
O2 - BHO: (no name) - {8A35B919-62BF-48C9-8FEA-DD591EFC2FA4} - C:\WINDOWS\mrhop.dll (file missing)
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx
O3 - Toolbar: REALBAR - {4E7BD74F-2B8D-469E-C0FF-FD60B590A87D} - C:\PROGRA~1\COMMON~1\Real\Toolbar\realbar.dll
O3 - Toolbar: &Yahoo! Companion - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Messenger\ycomp.dll
O3 - Toolbar: (no name) - {0E1230F8-EA50-42A9-983C-D22ABC2EED3B} - (no file)
O4 - HKLM\..\Run: [SUPASTATUS] C:\Program Files\Internet Explorer\Connection Wizard\status.exe
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\System32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [Creative WebCam Tray] C:\Program Files\Creative\WebCam Control\CAMTRAY.EXE
O4 - HKLM\..\Run: [Lexmark X1100 Series] "C:\Program Files\Lexmark X1100 Series\lxbkbmgr.exe"
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [xxxvid] C:\WINDOWS\system32\xxxvideo.hta
O4 - HKLM\..\Run: [RunDLL] rundll32.exe "C:\WINDOWS\System32\bridge.dll",Load
O4 - HKLM\..\Run: [CDEBA493] C:\WINDOWS\System32\xfwvd.exe
O4 - HKLM\..\Run: [Win32 USB2 Driver] smsc.exe
O4 - HKLM\..\Run: [AVPCC] "C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus Personal\avpcc.exe" /wait
O4 - HKLM\..\Run: [Microsoft Update] winsys32.exe
O4 - HKLM\..\Run: [Microsoft Update32] wuamgrd32.exe
O4 - HKLM\..\Run: [MSN Messenger] izwggeb.exe
O4 - HKLM\..\Run: [restrictanonymous] 
O4 - HKLM\..\RunServices: [Win32 USB2 Driver] smsc.exe
O4 - HKLM\..\RunServices: [F7AF3AFB] C:\WINDOWS\System32\xfwvd.exe
O4 - HKLM\..\RunServices: [Microsoft Update] winsys32.exe
O4 - HKLM\..\RunServices: [Microsoft Update32] wuamgrd32.exe
O4 - HKLM\..\RunServices: [MSN Messenger] izwggeb.exe
O4 - HKLM\..\RunServices: [EnableDCOM] N
O4 - HKCU\..\Run: [xxxvid] C:\Documents and Settings\My Documents\xxxvideo.hta
O4 - HKCU\..\Run: [olehelp] C:\WINDOWS\System32\olehelp.exe
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [Win32 USB2 Driver] smsc.exe
O4 - HKCU\..\Run: [Microsoft Update] winsys32.exe
O4 - HKCU\..\Run: [Microsoft Update32] wuamgrd32.exe
O4 - HKCU\..\Run: [MSN Messenger] izwggeb.exe
O4 - HKCU\..\RunServices: [MSN Messenger] izwggeb.exe
O4 - HKLM\..\RunOnce: [Win32 USB2 Driver] smsc.exe
O4 - HKCU\..\RunOnce: [Win32 USB2 Driver] smsc.exe
O4 - Global Startup: Microsoft Works Calendar Reminders.lnk = ?
O9 - Extra button: Yahoo! Messenger (HKLM)
O9 - Extra 'Tools' menuitem: Yahoo! Messenger (HKLM)
O14 - IERESET.INF: START_PAGE_URL=http://www.wanadoo.co.uk/
O16 - DPF: Yahoo! Chat - http://us.chat1.yimg...t/c381/chat.cab
O16 - DPF: {161A7465-FEEE-4B40-8A85-ED752B93F73E} - file://E:\IntraLaunch.CAB
O16 - DPF: {19E28AFC-EAE3-4CE5-AC83-2407B42F57C9} (MSSecurityAdvisor Class) - http://download.micr...b?1076555773562
O16 - DPF: {2B323CD9-50E3-11D3-9466-00A0C9700498} (Yahoo! Audio Conferencing) - http://us.chat1.yimg...v45/yacscom.cab
O16 - DPF: {33564D57-0000-0010-8000-00AA00389B71} - http://download.micr...922/wmv9VCM.CAB
O16 - DPF: {56336BCB-3D8A-11D6-A00B-0050DA18DE71} (RdxIE Class) - http://207.188.7.150...ip/RdxIE601.cab
O16 - DPF: {917623D1-D8E5-11D2-BE8B-00104B06BDE3} (CamImage Class) - http://activex.webca...sCamControl.cab
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://download.macr...ash/swflash.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{34BC7D2B-F1C1-4564-98FE-85387484FB2C}: NameServer = 212.67.96.129 212.67.120.148
O17 - HKLM\System\CS1\Services\Tcpip\..\{34BC7D2B-F1C1-4564-98FE-85387484FB2C}: NameServer = 212.67.96.129 212.67.120.148

s.

#2 Racktracker

Racktracker

    Hunter of Malware

  • Retired Staff
  • PipPipPipPipPip
  • 1,306 posts

Posted 15 July 2004 - 08:46 PM

You have a coolweb infection. Download coolweb shredder, unzip and click fix.

Move Hijackthis out of the temp directory (extract from zip)into a permanent folder. Example:
c:\program files\hijackthis\hijackthis.exe

This will allow backups to be made and saved By hijackthis in case something goes wrong.

Place a check next to the following entries, then close all open windows except hijackthis and click fix.

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,SearchURL = http://www.enjoysear...nfo/search.html
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://www.wanadoo.c...rch/default.htm
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = res://C:\WINDOWS\mrhop.dll/sp.html (obfuscated)
R1 - HKCU\Software\Microsoft\Internet Explorer\Search,SearchAssistant = res://C:\WINDOWS\mrhop.dll/sp.html (obfuscated)
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,SearchURL = http://www.enjoysear...nfo/search.html
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = res://C:\WINDOWS\mrhop.dll/sp.html (obfuscated)
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = res://C:\WINDOWS\mrhop.dll/sp.html (obfuscated)
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = res://C:\WINDOWS\mrhop.dll/sp.html (obfuscated)
O2 - BHO: (no name) - {8A35B919-62BF-48C9-8FEA-DD591EFC2FA4} - C:\WINDOWS\mrhop.dll (file missing)
O3 - Toolbar: (no name) - {0E1230F8-EA50-42A9-983C-D22ABC2EED3B} - (no file)
O4 - HKLM\..\Run: [xxxvid] C:\WINDOWS\system32\xxxvideo.hta
O4 - HKLM\..\Run: [RunDLL] rundll32.exe "C:\WINDOWS\System32\bridge.dll",Load
O4 - HKLM\..\Run: [CDEBA493] C:\WINDOWS\System32\xfwvd.exe
O4 - HKLM\..\Run: [Win32 USB2 Driver] smsc.exe
O4 - HKLM\..\Run: [Microsoft Update] winsys32.exe
O4 - HKLM\..\Run: [Microsoft Update32] wuamgrd32.exe
O4 - HKLM\..\Run: [MSN Messenger] izwggeb.exe
O4 - HKLM\..\RunServices: [Win32 USB2 Driver] smsc.exe
O4 - HKLM\..\RunServices: [F7AF3AFB] C:\WINDOWS\System32\xfwvd.exe
O4 - HKLM\..\RunServices: [Microsoft Update] winsys32.exe
O4 - HKLM\..\RunServices: [Microsoft Update32] wuamgrd32.exe
O4 - HKLM\..\RunServices: [MSN Messenger] izwggeb.exe
O4 - HKCU\..\Run: [xxxvid] C:\Documents and Settings\My Documents\xxxvideo.hta
O4 - HKCU\..\Run: [olehelp] C:\WINDOWS\System32\olehelp.exe
O4 - HKCU\..\Run: [Win32 USB2 Driver] smsc.exe
O4 - HKCU\..\Run: [Microsoft Update] winsys32.exe
O4 - HKCU\..\Run: [Microsoft Update32] wuamgrd32.exe
O4 - HKCU\..\Run: [MSN Messenger] izwggeb.exe
O4 - HKCU\..\RunServices: [MSN Messenger] izwggeb.exe
O4 - HKLM\..\RunOnce: [Win32 USB2 Driver] smsc.exe
O4 - HKCU\..\RunOnce: [Win32 USB2 Driver] smsc.exe
O16 - DPF: {56336BCB-3D8A-11D6-A00B-0050DA18DE71} (RdxIE Class) - http://207.188.7.150...ip/RdxIE601.cab


Then reboot into safe mode and delete these files.
C:\WINDOWS\mrhop.dll
C:\WINDOWS\system32\xxxvideo.hta
C:\WINDOWS\System32\bridge.dll
C:\WINDOWS\System32\xfwvd.exe
C:\WINDOWS\System32\smsc.exe
C:\WINDOWS\System32\winsys32.exe
C:\WINDOWS\System32\wuamgrd32.exe
C:\WINDOWS\System32\izwggeb.exe
C:\WINDOWS\System32\xfwvd.exe
C:\WINDOWS\System32\olehelp.exe

You may have to enable hidden files to find all the files.

Then reboot into formal mode.

Run these free online virus scans.
http://housecall.trendmicro.com/
http://www.pandasoft...n_principal.htm

Then reboot and run another hijackthis scan and post your new log here.
Posted Image




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

Member of ASAP and UNITE
Support SpywareInfo Forum - click the button