byerington
asked on
Cannot Rid my Computer of "Bridge.dll" message at Start-up.
I recently installed Pest Patrol, ran it, and then deleted (or Quarantined) problem malware including "Bridge" Now I receive the following message whenever starting windows:
"RUNDLL
Error loading C:\windows\Downloaded Program Files\bridge.dll
The specified module could not be found"
I read the numerous references to this type of problem on Experts Exchange today and downloaded multiple tools to search for remaining malware components (and found nothing). I updated "Adaware," ran it and found nothing, and then updated Norton and did a complete virus check. Norton found a "winfavorites.exe" file that PestPatrol had placed in Quarantine so I opened PestPatrol and deleted the file. I then used Explorer to search for the following files:
Bridge.inf
Bridge.dll
Bridge.exe
Winfavorites.exe
I found none of these.
I then whent to Regedit in accordance with the instructions provided by Symantecs, PestPatrol and a message listed on Experts Exchange. The only thing I could find to delete was:
HKEY_LOCAL_MACHINE\Softwar
I deleted the above message.
I rebooted and first message to pop up on my screen was:
"RUNDLL
Error loading C:\windows\Downloaded Program Files\bridge.dll
The specified module could not be found"
Why is this message still poping up and how do I fix this problem?
"RUNDLL
Error loading C:\windows\Downloaded Program Files\bridge.dll
The specified module could not be found"
I read the numerous references to this type of problem on Experts Exchange today and downloaded multiple tools to search for remaining malware components (and found nothing). I updated "Adaware," ran it and found nothing, and then updated Norton and did a complete virus check. Norton found a "winfavorites.exe" file that PestPatrol had placed in Quarantine so I opened PestPatrol and deleted the file. I then used Explorer to search for the following files:
Bridge.inf
Bridge.dll
Bridge.exe
Winfavorites.exe
I found none of these.
I then whent to Regedit in accordance with the instructions provided by Symantecs, PestPatrol and a message listed on Experts Exchange. The only thing I could find to delete was:
HKEY_LOCAL_MACHINE\Softwar
I deleted the above message.
I rebooted and first message to pop up on my screen was:
"RUNDLL
Error loading C:\windows\Downloaded Program Files\bridge.dll
The specified module could not be found"
Why is this message still poping up and how do I fix this problem?
ASKER CERTIFIED SOLUTION
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
sramesh2k
You may also use MSCONFIG and uncheck Rundll32 references from startup.
ASKER
This answer took me in the direction I needed to go. I finally downloaded "HijackThis v1.97.7" from www.spychecker.com which helped me delete the responsible file.
I have the same problem as (byeington) and tried CWshredder & Hijackthis,
I still get the error pop up when I start my pc.
In the add/remove I cannot get rid of an area (Titled) Bridge.
When I try to remove it the message appears, cannot read from source.
Is this causing the RUNDLL Error message to pop up ?
I would really Appreciate any advice.
tictocman
Thanks
I still get the error pop up when I start my pc.
In the add/remove I cannot get rid of an area (Titled) Bridge.
When I try to remove it the message appears, cannot read from source.
Is this causing the RUNDLL Error message to pop up ?
I would really Appreciate any advice.
tictocman
Thanks
Here's my scan list....anyone any advise? Would appreciate very much. What to delete? What not to? What should I be actually doing with this the scan result? Novice here.....
Logfile of HijackThis v1.97.7
Scan saved at 10:50:15 PM, on 7/18/2004
Platform: Windows XP SP1 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)
Running processes:
C:\WINDOWS\System32\smss.e
C:\WINDOWS\system32\winlog
C:\WINDOWS\system32\servic
C:\WINDOWS\system32\lsass.
C:\WINDOWS\system32\svchos
C:\WINDOWS\System32\svchos
C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
C:\WINDOWS\system32\spools
C:\Program Files\Common Files\Symantec Shared\ccProxy.exe
C:\Program Files\Common Files\EPSON\EBAPI\SAgent2.
C:\PROGRA~1\NORTON~1\NORTO
C:\Program Files\Common Files\Microsoft Shared\VS7Debug\mdm.exe
C:\Program Files\Norton Internet Security Professional\Norton AntiVirus\navapsvc.exe
C:\Program Files\Norton SystemWorks\Norton Utilities\NPROTECT.EXE
C:\Program Files\Norton Internet Security Professional\Norton AntiVirus\SAVScan.exe
C:\PROGRA~1\NORTON~1\SPEED
C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.ex
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\Mixer.exe
C:\Program Files\Norton SystemWorks\Norton Ghost\GhostStartTrayApp.ex
C:\Program Files\Common Files\Real\Update_OB\reals
C:\PROGRA~1\MYWEBS~1\bar\1
C:\Program Files\Java\j2re1.4.2_01\bi
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\WINDOWS\System32\ctfmon
C:\WINDOWS\Plaxo\1.4.0.140
C:\Program Files\Ulead Systems\Ulead Photo Express 2 SE\CalCheck.exe
C:\Acer\app\cmonitor.exe
C:\WINDOWS\system32\ntvdm.
C:\WINDOWS\System32\spool\
C:\OPLIMIT\ocrawr32.exe
C:\Program Files\Messenger\msmsgs.exe
D:\Gopi\HijackThis.exe
R1 - HKCU\Software\Microsoft\In
R1 - HKCU\Software\Microsoft\In
R0 - HKCU\Software\Microsoft\In
R0 - HKLM\Software\Microsoft\In
R1 - HKLM\Software\Microsoft\In
R1 - HKLM\Software\Microsoft\In
R1 - HKLM\Software\Microsoft\In
R1 - HKCU\Software\Microsoft\In
R1 - HKCU\Software\Microsoft\In
O2 - BHO: (no name) - {0000CC75-ACF3-4cac-A0A9-D
O2 - BHO: (no name) - {00A6FAF1-072E-44cf-8957-5
O2 - BHO: (no name) - {07B18EA1-A523-4961-B6BB-1
O2 - BHO: (no name) - {9ECB9560-04F9-4bbc-943D-2
O2 - BHO: (no name) - {BDF3E430-B101-42AD-A544-F
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-0
O3 - Toolbar: My &Web Search - {07B18EA9-A523-4961-B6BB-1
O3 - Toolbar: Web assistant - {0B53EAC3-8D69-4b9e-9B19-A
O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7
O4 - HKLM\..\Run: [C-Media Mixer] Mixer.exe /startup
O4 - HKLM\..\Run: [GhostStartTrayApp] C:\Program Files\Norton SystemWorks\Norton Ghost\GhostStartTrayApp.ex
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\reals
O4 - HKLM\..\Run: [MyWebSearch Email Plugin] C:\PROGRA~1\MYWEBS~1\bar\1
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\j2re1.4.2_01\bi
O4 - HKLM\..\Run: [PE2CKFNT SE] C:\Program Files\Ulead Systems\Ulead Photo Express 2 SE\ChkFont.exe
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [URLLSTCK.exe] C:\Program Files\Norton Internet Security Professional\UrlLstCk.exe
O4 - HKLM\..\Run: [Advanced Tools Check] C:\PROGRA~1\NORTON~2\NORTO
O4 - HKLM\..\Run: [NeroCheck] C:\WINDOWS\system32\NeroCh
O4 - HKLM\..\Run: [RunDLL] rundll32.exe "C:\WINDOWS\Downloaded Program Files\bridge.dll",Load
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\System32\ctfmon
O4 - HKCU\..\Run: [PlaxoUpdate] C:\WINDOWS\Plaxo\1.4.0.140
O4 - Startup: DC300 Monitor.lnk = C:\Acer\app\cmonitor.exe
O4 - Startup: OCRAWARE.lnk = C:\OPLIMIT\OCRAWARE.EXE
O4 - Global Startup: EPSON Status Monitor 3 Environment Check 2.lnk = C:\WINDOWS\system32\spool\
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
O4 - Global Startup: Photo Express Calendar Checker SE.lnk = C:\Program Files\Ulead Systems\Ulead Photo Express 2 SE\CalCheck.exe
O8 - Extra context menu item: &Download with &DAP - C:\PROGRA~1\DAP\dapextie.h
O8 - Extra context menu item: Download &all with DAP - C:\PROGRA~1\DAP\dapextie2.
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2
O9 - Extra 'Tools' menuitem: Sun Java Console (HKLM)
O9 - Extra button: Run DAP (HKLM)
O9 - Extra button: Yahoo! Messenger (HKLM)
O9 - Extra 'Tools' menuitem: Yahoo! Messenger (HKLM)
O9 - Extra button: Messenger (HKLM)
O9 - Extra 'Tools' menuitem: Windows Messenger (HKLM)
O16 - DPF: {0246ECA8-996F-11D1-BE2F-0
O16 - DPF: {02BED220-FBC7-4392-93A2-3
O16 - DPF: {166B1BCA-3F9C-11CF-8075-4
O16 - DPF: {1D4DB7D2-6EC9-47A3-BD87-1
O16 - DPF: {30528230-99F7-4BB4-88D8-F
O16 - DPF: {80B38492-FB56-4B0E-ABDD-8
O16 - DPF: {9F1C11AA-197B-4942-BA54-4
O16 - DPF: {B9191F79-5613-4C76-AA2A-3
O16 - DPF: {BAC01377-73DD-4796-854D-2
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-4
O16 - DPF: {E4DFABBD-F5F6-11D3-8421-0
O17 - HKLM\System\CCS\Services\T
Rgds,
karu64
Logfile of HijackThis v1.97.7
Scan saved at 10:50:15 PM, on 7/18/2004
Platform: Windows XP SP1 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)
Running processes:
C:\WINDOWS\System32\smss.e
C:\WINDOWS\system32\winlog
C:\WINDOWS\system32\servic
C:\WINDOWS\system32\lsass.
C:\WINDOWS\system32\svchos
C:\WINDOWS\System32\svchos
C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
C:\WINDOWS\system32\spools
C:\Program Files\Common Files\Symantec Shared\ccProxy.exe
C:\Program Files\Common Files\EPSON\EBAPI\SAgent2.
C:\PROGRA~1\NORTON~1\NORTO
C:\Program Files\Common Files\Microsoft Shared\VS7Debug\mdm.exe
C:\Program Files\Norton Internet Security Professional\Norton AntiVirus\navapsvc.exe
C:\Program Files\Norton SystemWorks\Norton Utilities\NPROTECT.EXE
C:\Program Files\Norton Internet Security Professional\Norton AntiVirus\SAVScan.exe
C:\PROGRA~1\NORTON~1\SPEED
C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.ex
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\Mixer.exe
C:\Program Files\Norton SystemWorks\Norton Ghost\GhostStartTrayApp.ex
C:\Program Files\Common Files\Real\Update_OB\reals
C:\PROGRA~1\MYWEBS~1\bar\1
C:\Program Files\Java\j2re1.4.2_01\bi
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\WINDOWS\System32\ctfmon
C:\WINDOWS\Plaxo\1.4.0.140
C:\Program Files\Ulead Systems\Ulead Photo Express 2 SE\CalCheck.exe
C:\Acer\app\cmonitor.exe
C:\WINDOWS\system32\ntvdm.
C:\WINDOWS\System32\spool\
C:\OPLIMIT\ocrawr32.exe
C:\Program Files\Messenger\msmsgs.exe
D:\Gopi\HijackThis.exe
R1 - HKCU\Software\Microsoft\In
R1 - HKCU\Software\Microsoft\In
R0 - HKCU\Software\Microsoft\In
R0 - HKLM\Software\Microsoft\In
R1 - HKLM\Software\Microsoft\In
R1 - HKLM\Software\Microsoft\In
R1 - HKLM\Software\Microsoft\In
R1 - HKCU\Software\Microsoft\In
R1 - HKCU\Software\Microsoft\In
O2 - BHO: (no name) - {0000CC75-ACF3-4cac-A0A9-D
O2 - BHO: (no name) - {00A6FAF1-072E-44cf-8957-5
O2 - BHO: (no name) - {07B18EA1-A523-4961-B6BB-1
O2 - BHO: (no name) - {9ECB9560-04F9-4bbc-943D-2
O2 - BHO: (no name) - {BDF3E430-B101-42AD-A544-F
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-0
O3 - Toolbar: My &Web Search - {07B18EA9-A523-4961-B6BB-1
O3 - Toolbar: Web assistant - {0B53EAC3-8D69-4b9e-9B19-A
O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7
O4 - HKLM\..\Run: [C-Media Mixer] Mixer.exe /startup
O4 - HKLM\..\Run: [GhostStartTrayApp] C:\Program Files\Norton SystemWorks\Norton Ghost\GhostStartTrayApp.ex
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\reals
O4 - HKLM\..\Run: [MyWebSearch Email Plugin] C:\PROGRA~1\MYWEBS~1\bar\1
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\j2re1.4.2_01\bi
O4 - HKLM\..\Run: [PE2CKFNT SE] C:\Program Files\Ulead Systems\Ulead Photo Express 2 SE\ChkFont.exe
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [URLLSTCK.exe] C:\Program Files\Norton Internet Security Professional\UrlLstCk.exe
O4 - HKLM\..\Run: [Advanced Tools Check] C:\PROGRA~1\NORTON~2\NORTO
O4 - HKLM\..\Run: [NeroCheck] C:\WINDOWS\system32\NeroCh
O4 - HKLM\..\Run: [RunDLL] rundll32.exe "C:\WINDOWS\Downloaded Program Files\bridge.dll",Load
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\System32\ctfmon
O4 - HKCU\..\Run: [PlaxoUpdate] C:\WINDOWS\Plaxo\1.4.0.140
O4 - Startup: DC300 Monitor.lnk = C:\Acer\app\cmonitor.exe
O4 - Startup: OCRAWARE.lnk = C:\OPLIMIT\OCRAWARE.EXE
O4 - Global Startup: EPSON Status Monitor 3 Environment Check 2.lnk = C:\WINDOWS\system32\spool\
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
O4 - Global Startup: Photo Express Calendar Checker SE.lnk = C:\Program Files\Ulead Systems\Ulead Photo Express 2 SE\CalCheck.exe
O8 - Extra context menu item: &Download with &DAP - C:\PROGRA~1\DAP\dapextie.h
O8 - Extra context menu item: Download &all with DAP - C:\PROGRA~1\DAP\dapextie2.
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2
O9 - Extra 'Tools' menuitem: Sun Java Console (HKLM)
O9 - Extra button: Run DAP (HKLM)
O9 - Extra button: Yahoo! Messenger (HKLM)
O9 - Extra 'Tools' menuitem: Yahoo! Messenger (HKLM)
O9 - Extra button: Messenger (HKLM)
O9 - Extra 'Tools' menuitem: Windows Messenger (HKLM)
O16 - DPF: {0246ECA8-996F-11D1-BE2F-0
O16 - DPF: {02BED220-FBC7-4392-93A2-3
O16 - DPF: {166B1BCA-3F9C-11CF-8075-4
O16 - DPF: {1D4DB7D2-6EC9-47A3-BD87-1
O16 - DPF: {30528230-99F7-4BB4-88D8-F
O16 - DPF: {80B38492-FB56-4B0E-ABDD-8
O16 - DPF: {9F1C11AA-197B-4942-BA54-4
O16 - DPF: {B9191F79-5613-4C76-AA2A-3
O16 - DPF: {BAC01377-73DD-4796-854D-2
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-4
O16 - DPF: {E4DFABBD-F5F6-11D3-8421-0
O17 - HKLM\System\CCS\Services\T
Rgds,
karu64
I have the exact same problem. If you look at your registry at the HKLM\..\Run: [RunDLL] rundll32.exe "C:\WINDOWS\Downloaded Program Files\bridge.dll",Load entry, you will notice that when you delete the entry it automatically reappears. You can rename the run folder and it will create a new run folder complete with the malware entries. I suspect that there is a service that is monitoring those registry entries and it is making sure you don't alter it. I can't find the answer.