byerington
asked on
Cannot Rid my Computer of "Bridge.dll" message at Start-up.
I recently installed Pest Patrol, ran it, and then deleted (or Quarantined) problem malware including "Bridge" Now I receive the following message whenever starting windows:
"RUNDLL
Error loading C:\windows\Downloaded Program Files\bridge.dll
The specified module could not be found"
I read the numerous references to this type of problem on Experts Exchange today and downloaded multiple tools to search for remaining malware components (and found nothing). I updated "Adaware," ran it and found nothing, and then updated Norton and did a complete virus check. Norton found a "winfavorites.exe" file that PestPatrol had placed in Quarantine so I opened PestPatrol and deleted the file. I then used Explorer to search for the following files:
Bridge.inf
Bridge.dll
Bridge.exe
Winfavorites.exe
I found none of these.
I then whent to Regedit in accordance with the instructions provided by Symantecs, PestPatrol and a message listed on Experts Exchange. The only thing I could find to delete was:
HKEY_LOCAL_MACHINE\Softwar e\Microsof t\Windows\ CurrentVer sion\unins tall\bridg e
I deleted the above message.
I rebooted and first message to pop up on my screen was:
"RUNDLL
Error loading C:\windows\Downloaded Program Files\bridge.dll
The specified module could not be found"
Why is this message still poping up and how do I fix this problem?
"RUNDLL
Error loading C:\windows\Downloaded Program Files\bridge.dll
The specified module could not be found"
I read the numerous references to this type of problem on Experts Exchange today and downloaded multiple tools to search for remaining malware components (and found nothing). I updated "Adaware," ran it and found nothing, and then updated Norton and did a complete virus check. Norton found a "winfavorites.exe" file that PestPatrol had placed in Quarantine so I opened PestPatrol and deleted the file. I then used Explorer to search for the following files:
Bridge.inf
Bridge.dll
Bridge.exe
Winfavorites.exe
I found none of these.
I then whent to Regedit in accordance with the instructions provided by Symantecs, PestPatrol and a message listed on Experts Exchange. The only thing I could find to delete was:
HKEY_LOCAL_MACHINE\Softwar
I deleted the above message.
I rebooted and first message to pop up on my screen was:
"RUNDLL
Error loading C:\windows\Downloaded Program Files\bridge.dll
The specified module could not be found"
Why is this message still poping up and how do I fix this problem?
ASKER CERTIFIED SOLUTION
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
You may also use MSCONFIG and uncheck Rundll32 references from startup.
ASKER
This answer took me in the direction I needed to go. I finally downloaded "HijackThis v1.97.7" from www.spychecker.com which helped me delete the responsible file.
I have the same problem as (byeington) and tried CWshredder & Hijackthis,
I still get the error pop up when I start my pc.
In the add/remove I cannot get rid of an area (Titled) Bridge.
When I try to remove it the message appears, cannot read from source.
Is this causing the RUNDLL Error message to pop up ?
I would really Appreciate any advice.
tictocman
Thanks
I still get the error pop up when I start my pc.
In the add/remove I cannot get rid of an area (Titled) Bridge.
When I try to remove it the message appears, cannot read from source.
Is this causing the RUNDLL Error message to pop up ?
I would really Appreciate any advice.
tictocman
Thanks
Here's my scan list....anyone any advise? Would appreciate very much. What to delete? What not to? What should I be actually doing with this the scan result? Novice here.....
Logfile of HijackThis v1.97.7
Scan saved at 10:50:15 PM, on 7/18/2004
Platform: Windows XP SP1 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)
Running processes:
C:\WINDOWS\System32\smss.e xe
C:\WINDOWS\system32\winlog on.exe
C:\WINDOWS\system32\servic es.exe
C:\WINDOWS\system32\lsass. exe
C:\WINDOWS\system32\svchos t.exe
C:\WINDOWS\System32\svchos t.exe
C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
C:\WINDOWS\system32\spools v.exe
C:\Program Files\Common Files\Symantec Shared\ccProxy.exe
C:\Program Files\Common Files\EPSON\EBAPI\SAgent2. exe
C:\PROGRA~1\NORTON~1\NORTO N~2\GHOSTS ~2.EXE
C:\Program Files\Common Files\Microsoft Shared\VS7Debug\mdm.exe
C:\Program Files\Norton Internet Security Professional\Norton AntiVirus\navapsvc.exe
C:\Program Files\Norton SystemWorks\Norton Utilities\NPROTECT.EXE
C:\Program Files\Norton Internet Security Professional\Norton AntiVirus\SAVScan.exe
C:\PROGRA~1\NORTON~1\SPEED D~1\nopdb. exe
C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.ex e
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\Mixer.exe
C:\Program Files\Norton SystemWorks\Norton Ghost\GhostStartTrayApp.ex e
C:\Program Files\Common Files\Real\Update_OB\reals ched.exe
C:\PROGRA~1\MYWEBS~1\bar\1 .bin\mwsoe mon.exe
C:\Program Files\Java\j2re1.4.2_01\bi n\jusched. exe
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\WINDOWS\System32\ctfmon .exe
C:\WINDOWS\Plaxo\1.4.0.140 \InstallSt ub.exe
C:\Program Files\Ulead Systems\Ulead Photo Express 2 SE\CalCheck.exe
C:\Acer\app\cmonitor.exe
C:\WINDOWS\system32\ntvdm. exe
C:\WINDOWS\System32\spool\ DRIVERS\W3 2X86\3\E_S 10IC2.EXE
C:\OPLIMIT\ocrawr32.exe
C:\Program Files\Messenger\msmsgs.exe
D:\Gopi\HijackThis.exe
R1 - HKCU\Software\Microsoft\In ternet Explorer\Main,Search Bar = http://www.yahoo.com/search/ie.html
R1 - HKCU\Software\Microsoft\In ternet Explorer\Main,Search Page = http://www.yahoo.com
R0 - HKCU\Software\Microsoft\In ternet Explorer\Main,Start Page = http://www.yahoo.com/
R0 - HKLM\Software\Microsoft\In ternet Explorer\Main,Start Page = http://www.microsoft.com/isapi/redir.dll?prd={SUB_PRD}&clcid={SUB_CLSID }&pver={SU B_PVER}&ar =home
R1 - HKLM\Software\Microsoft\In ternet Explorer\Main,Search Bar = http://red.clientapps.yahoo.com/customize/ie/defaults/sb/ymsgr6/*http://www.yahoo.com/ext/search/search.html
R1 - HKLM\Software\Microsoft\In ternet Explorer\Main,Default_Page _URL = http://www.microsoft.com/isapi/redir.dll?prd=ie&pver=6&ar=msnhome
R1 - HKLM\Software\Microsoft\In ternet Explorer\Main,Default_Sear ch_URL = http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
R1 - HKCU\Software\Microsoft\In ternet Explorer\SearchURL,(Defaul t) = http://search.yahoo.com/search?p=%s
R1 - HKCU\Software\Microsoft\In ternet Connection Wizard,Shellnext = iexplore
O2 - BHO: (no name) - {0000CC75-ACF3-4cac-A0A9-D D3868E0685 2} - C:\Program Files\DAP\DAPBHO.dll
O2 - BHO: (no name) - {00A6FAF1-072E-44cf-8957-5 838F569A31 D} - C:\Program Files\MyWebSearch\SrchAstt \1.bin\MWS SRCAS.DLL
O2 - BHO: (no name) - {07B18EA1-A523-4961-B6BB-1 70DE4475CC A} - C:\Program Files\MyWebSearch\bar\1.bi n\MWSBAR.D LL
O2 - BHO: (no name) - {9ECB9560-04F9-4bbc-943D-2 98DDF1699E 1} - C:\Program Files\Common Files\Symantec Shared\AdBlocking\NISShExt .dll
O2 - BHO: (no name) - {BDF3E430-B101-42AD-A544-F ADC6B08487 2} - C:\Program Files\Norton Internet Security Professional\Norton AntiVirus\NavShExt.dll
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-0 0A0C908246 7} - C:\WINDOWS\System32\msdxm. ocx
O3 - Toolbar: My &Web Search - {07B18EA9-A523-4961-B6BB-1 70DE4475CC A} - C:\Program Files\MyWebSearch\bar\1.bi n\MWSBAR.D LL
O3 - Toolbar: Web assistant - {0B53EAC3-8D69-4b9e-9B19-A 37C9A5676A 7} - C:\Program Files\Common Files\Symantec Shared\AdBlocking\NISShExt .dll
O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7 859DF00B1D 6} - C:\Program Files\Norton Internet Security Professional\Norton AntiVirus\NavShExt.dll
O4 - HKLM\..\Run: [C-Media Mixer] Mixer.exe /startup
O4 - HKLM\..\Run: [GhostStartTrayApp] C:\Program Files\Norton SystemWorks\Norton Ghost\GhostStartTrayApp.ex e
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\reals ched.exe" -osboot
O4 - HKLM\..\Run: [MyWebSearch Email Plugin] C:\PROGRA~1\MYWEBS~1\bar\1 .bin\mwsoe mon.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\j2re1.4.2_01\bi n\jusched. exe
O4 - HKLM\..\Run: [PE2CKFNT SE] C:\Program Files\Ulead Systems\Ulead Photo Express 2 SE\ChkFont.exe
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [URLLSTCK.exe] C:\Program Files\Norton Internet Security Professional\UrlLstCk.exe
O4 - HKLM\..\Run: [Advanced Tools Check] C:\PROGRA~1\NORTON~2\NORTO N~1\AdvToo ls\ADVCHK. EXE
O4 - HKLM\..\Run: [NeroCheck] C:\WINDOWS\system32\NeroCh eck.exe
O4 - HKLM\..\Run: [RunDLL] rundll32.exe "C:\WINDOWS\Downloaded Program Files\bridge.dll",Load
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\System32\ctfmon .exe
O4 - HKCU\..\Run: [PlaxoUpdate] C:\WINDOWS\Plaxo\1.4.0.140 \InstallSt ub.exe -a
O4 - Startup: DC300 Monitor.lnk = C:\Acer\app\cmonitor.exe
O4 - Startup: OCRAWARE.lnk = C:\OPLIMIT\OCRAWARE.EXE
O4 - Global Startup: EPSON Status Monitor 3 Environment Check 2.lnk = C:\WINDOWS\system32\spool\ drivers\w3 2x86\3\E_S RCV02.EXE
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
O4 - Global Startup: Photo Express Calendar Checker SE.lnk = C:\Program Files\Ulead Systems\Ulead Photo Express 2 SE\CalCheck.exe
O8 - Extra context menu item: &Download with &DAP - C:\PROGRA~1\DAP\dapextie.h tm
O8 - Extra context menu item: Download &all with DAP - C:\PROGRA~1\DAP\dapextie2. htm
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2 \Office10\ EXCEL.EXE/ 3000
O9 - Extra 'Tools' menuitem: Sun Java Console (HKLM)
O9 - Extra button: Run DAP (HKLM)
O9 - Extra button: Yahoo! Messenger (HKLM)
O9 - Extra 'Tools' menuitem: Yahoo! Messenger (HKLM)
O9 - Extra button: Messenger (HKLM)
O9 - Extra 'Tools' menuitem: Windows Messenger (HKLM)
O16 - DPF: {0246ECA8-996F-11D1-BE2F-0 0A0C9037DF E} (TDServer Control) - http://binod.com/fonts/tdserver.cab
O16 - DPF: {02BED220-FBC7-4392-93A2-3 A50B056F78 E} - http://down.plaxo.com/down/release/instub.cab
O16 - DPF: {166B1BCA-3F9C-11CF-8075-4 4455354000 0} (Shockwave ActiveX Control) - http://download.macromedia.com/pub/shockwave/cabs/director/sw.cab
O16 - DPF: {1D4DB7D2-6EC9-47A3-BD87-1 E41684E07B B} - http://imgfarm.com/images/nocache/funwebproducts/SmileyCentralInitialSetup1.0.0.6.cab
O16 - DPF: {30528230-99F7-4BB4-88D8-F A1D4F56A2A B} (YInstStarter Class) - http://download.yahoo.com/dl/installs/yinst0401.cab
O16 - DPF: {80B38492-FB56-4B0E-ABDD-8 B14EB05F9A 7} - http://www.directxtras.com/speaksforitself/download/mstts_mary.cab
O16 - DPF: {9F1C11AA-197B-4942-BA54-4 7A8489BB47 F} (Update Class) - http://v4.windowsupdate.microsoft.com/CAB/x86/unicode/iuctl.CAB?37871.254525463
O16 - DPF: {B9191F79-5613-4C76-AA2A-3 98534BB899 9} - http://us.dl1.yimg.com/download.yahoo.com/dl/installs/suite/autocomplete.cab
O16 - DPF: {BAC01377-73DD-4796-854D-2 A8997E3D68 A} - http://us.dl1.yimg.com/download.yahoo.com/dl/installs/ydropper/ydropper1_1us.cab
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-4 4455354000 0} (Shockwave Flash Object) - http://download.macromedia.com/pub/shockwave/cabs/flash/swflash.cab
O16 - DPF: {E4DFABBD-F5F6-11D3-8421-0 080C6F79C4 2} (SpeechControl Class) - http://www.directxtras.com/speaksforitself/download/speechplugin.cab
O17 - HKLM\System\CCS\Services\T cpip\..\{6 AC9015C-3F 43-4344-B8 8C-674E2BD 329BB}: NameServer = 192.228.128.20 192.228.128.18
Rgds,
karu64
Logfile of HijackThis v1.97.7
Scan saved at 10:50:15 PM, on 7/18/2004
Platform: Windows XP SP1 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)
Running processes:
C:\WINDOWS\System32\smss.e
C:\WINDOWS\system32\winlog
C:\WINDOWS\system32\servic
C:\WINDOWS\system32\lsass.
C:\WINDOWS\system32\svchos
C:\WINDOWS\System32\svchos
C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
C:\WINDOWS\system32\spools
C:\Program Files\Common Files\Symantec Shared\ccProxy.exe
C:\Program Files\Common Files\EPSON\EBAPI\SAgent2.
C:\PROGRA~1\NORTON~1\NORTO
C:\Program Files\Common Files\Microsoft Shared\VS7Debug\mdm.exe
C:\Program Files\Norton Internet Security Professional\Norton AntiVirus\navapsvc.exe
C:\Program Files\Norton SystemWorks\Norton Utilities\NPROTECT.EXE
C:\Program Files\Norton Internet Security Professional\Norton AntiVirus\SAVScan.exe
C:\PROGRA~1\NORTON~1\SPEED
C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.ex
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\Mixer.exe
C:\Program Files\Norton SystemWorks\Norton Ghost\GhostStartTrayApp.ex
C:\Program Files\Common Files\Real\Update_OB\reals
C:\PROGRA~1\MYWEBS~1\bar\1
C:\Program Files\Java\j2re1.4.2_01\bi
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\WINDOWS\System32\ctfmon
C:\WINDOWS\Plaxo\1.4.0.140
C:\Program Files\Ulead Systems\Ulead Photo Express 2 SE\CalCheck.exe
C:\Acer\app\cmonitor.exe
C:\WINDOWS\system32\ntvdm.
C:\WINDOWS\System32\spool\
C:\OPLIMIT\ocrawr32.exe
C:\Program Files\Messenger\msmsgs.exe
D:\Gopi\HijackThis.exe
R1 - HKCU\Software\Microsoft\In
R1 - HKCU\Software\Microsoft\In
R0 - HKCU\Software\Microsoft\In
R0 - HKLM\Software\Microsoft\In
R1 - HKLM\Software\Microsoft\In
R1 - HKLM\Software\Microsoft\In
R1 - HKLM\Software\Microsoft\In
R1 - HKCU\Software\Microsoft\In
R1 - HKCU\Software\Microsoft\In
O2 - BHO: (no name) - {0000CC75-ACF3-4cac-A0A9-D
O2 - BHO: (no name) - {00A6FAF1-072E-44cf-8957-5
O2 - BHO: (no name) - {07B18EA1-A523-4961-B6BB-1
O2 - BHO: (no name) - {9ECB9560-04F9-4bbc-943D-2
O2 - BHO: (no name) - {BDF3E430-B101-42AD-A544-F
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-0
O3 - Toolbar: My &Web Search - {07B18EA9-A523-4961-B6BB-1
O3 - Toolbar: Web assistant - {0B53EAC3-8D69-4b9e-9B19-A
O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7
O4 - HKLM\..\Run: [C-Media Mixer] Mixer.exe /startup
O4 - HKLM\..\Run: [GhostStartTrayApp] C:\Program Files\Norton SystemWorks\Norton Ghost\GhostStartTrayApp.ex
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\reals
O4 - HKLM\..\Run: [MyWebSearch Email Plugin] C:\PROGRA~1\MYWEBS~1\bar\1
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\j2re1.4.2_01\bi
O4 - HKLM\..\Run: [PE2CKFNT SE] C:\Program Files\Ulead Systems\Ulead Photo Express 2 SE\ChkFont.exe
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [URLLSTCK.exe] C:\Program Files\Norton Internet Security Professional\UrlLstCk.exe
O4 - HKLM\..\Run: [Advanced Tools Check] C:\PROGRA~1\NORTON~2\NORTO
O4 - HKLM\..\Run: [NeroCheck] C:\WINDOWS\system32\NeroCh
O4 - HKLM\..\Run: [RunDLL] rundll32.exe "C:\WINDOWS\Downloaded Program Files\bridge.dll",Load
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\System32\ctfmon
O4 - HKCU\..\Run: [PlaxoUpdate] C:\WINDOWS\Plaxo\1.4.0.140
O4 - Startup: DC300 Monitor.lnk = C:\Acer\app\cmonitor.exe
O4 - Startup: OCRAWARE.lnk = C:\OPLIMIT\OCRAWARE.EXE
O4 - Global Startup: EPSON Status Monitor 3 Environment Check 2.lnk = C:\WINDOWS\system32\spool\
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
O4 - Global Startup: Photo Express Calendar Checker SE.lnk = C:\Program Files\Ulead Systems\Ulead Photo Express 2 SE\CalCheck.exe
O8 - Extra context menu item: &Download with &DAP - C:\PROGRA~1\DAP\dapextie.h
O8 - Extra context menu item: Download &all with DAP - C:\PROGRA~1\DAP\dapextie2.
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2
O9 - Extra 'Tools' menuitem: Sun Java Console (HKLM)
O9 - Extra button: Run DAP (HKLM)
O9 - Extra button: Yahoo! Messenger (HKLM)
O9 - Extra 'Tools' menuitem: Yahoo! Messenger (HKLM)
O9 - Extra button: Messenger (HKLM)
O9 - Extra 'Tools' menuitem: Windows Messenger (HKLM)
O16 - DPF: {0246ECA8-996F-11D1-BE2F-0
O16 - DPF: {02BED220-FBC7-4392-93A2-3
O16 - DPF: {166B1BCA-3F9C-11CF-8075-4
O16 - DPF: {1D4DB7D2-6EC9-47A3-BD87-1
O16 - DPF: {30528230-99F7-4BB4-88D8-F
O16 - DPF: {80B38492-FB56-4B0E-ABDD-8
O16 - DPF: {9F1C11AA-197B-4942-BA54-4
O16 - DPF: {B9191F79-5613-4C76-AA2A-3
O16 - DPF: {BAC01377-73DD-4796-854D-2
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-4
O16 - DPF: {E4DFABBD-F5F6-11D3-8421-0
O17 - HKLM\System\CCS\Services\T
Rgds,
karu64
I have the exact same problem. If you look at your registry at the HKLM\..\Run: [RunDLL] rundll32.exe "C:\WINDOWS\Downloaded Program Files\bridge.dll",Load entry, you will notice that when you delete the entry it automatically reappears. You can rename the run folder and it will create a new run folder complete with the malware entries. I suspect that there is a service that is monitoring those registry entries and it is making sure you don't alter it. I can't find the answer.