1. Computer problem? Tech Support Guy is completely free -- paid for by advertisers and donations. Click here to join today! If you're new to Tech Support Guy, we highly recommend that you visit our Guide for New Members.

how do i get rid of this ??

Discussion in 'Windows XP' started by Affiliate, Apr 11, 2004.

Thread Status:
Not open for further replies.
Advertisement
  1. Affiliate

    Affiliate Thread Starter

    Joined:
    Jan 7, 2004
    Messages:
    100
    the message in the pic attached..?? i never played bridge i dont know how i got it...
     

    Attached Files:

  2. Pancake

    Pancake

    Joined:
    Jan 9, 2004
    Messages:
    313
    Its part of a Trojan.Run "Sybot S&D" and fix what it finds the then get "Hijack This",run it, and post the log here.
     
  3. Affiliate

    Affiliate Thread Starter

    Joined:
    Jan 7, 2004
    Messages:
    100
    that first part you said didnt work, but here's the info...


    Logfile of HijackThis v1.97.7
    Scan saved at 12:53:06 AM, on 11/04/2004
    Platform: Windows XP SP1 (WinNT 5.01.2600)
    MSIE: Unable to get Internet Explorer version!

    Running processes:
    C:\WINDOWS\System32\smss.exe
    C:\WINDOWS\system32\winlogon.exe
    C:\WINDOWS\system32\services.exe
    C:\WINDOWS\system32\lsass.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\System32\svchost.exe
    C:\WINDOWS\system32\LEXBCES.EXE
    C:\WINDOWS\system32\spoolsv.exe
    C:\WINDOWS\system32\LEXPPS.EXE
    C:\WINDOWS\Explorer.EXE
    C:\windows\system\hpsysdrv.exe
    C:\Program Files\Hewlett-Packard\Digital Imaging\Unload\hpqcmon.exe
    C:\HP\KBD\KBD.EXE
    C:\PROGRA~1\ZONELA~1\ZONEAL~1\zlclient.exe
    C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
    C:\PROGRA~1\ALWILS~1\Avast4\ashmaisv.exe
    C:\Program Files\QuickTime\qttask.exe
    C:\Program Files\MSN Messenger\MsnMsgr.Exe
    C:\WINDOWS\NCLAUNCH.EXe
    C:\PROGRA~1\Ashampoo\ASHAMP~1\PopUpKiller.exe
    C:\Program Files\AIM\aim.exe
    C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
    C:\Program Files\Alwil Software\Avast4\ashServ.exe
    C:\WINDOWS\System32\svchost.exe
    C:\Program Files\WordWeb\wweb32.exe
    C:\WINDOWS\system32\ZoneLabs\vsmon.exe
    C:\WINDOWS\System32\MsPMSPSv.exe
    C:\Program Files\Opera7\opera.exe
    C:\Program Files\KaZaA Lite\KazaaLite.kpp
    C:\Documents and Settings\Owner\Desktop\HijackThis.exe

    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.canada.com/vancouver/
    R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://us6.hpwis.com/
    R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://srch-us6.hpwis.com/
    R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://us6.hpwis.com/
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = about:blank
    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
    O2 - BHO: (no name) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx
    O2 - BHO: (no name) - {49E0E0F0-5C30-11D4-945D-000000000003} - C:\PROGRA~1\Ashampoo\ASHAMP~1\PopUp.dll
    O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
    O3 - Toolbar: hp toolkit - {B2847E28-5D7D-4DEB-8B67-05D28BCF79F5} - C:\HP\EXPLOREBAR\HPTOOLKT.DLL
    O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx
    O4 - HKLM\..\Run: [hpsysdrv] c:\windows\system\hpsysdrv.exe
    O4 - HKLM\..\Run: [CamMonitor] C:\Program Files\Hewlett-Packard\Digital Imaging\Unload\hpqcmon.exe
    O4 - HKLM\..\Run: [KBD] C:\HP\KBD\KBD.EXE
    O4 - HKLM\..\Run: [checktime] c:\program files\HPSelect\Frontend\ct.exe
    O4 - HKLM\..\Run: [Zone Labs Client] C:\PROGRA~1\ZONELA~1\ZONEAL~1\zlclient.exe
    O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
    O4 - HKLM\..\Run: [ashMaiSv] C:\PROGRA~1\ALWILS~1\Avast4\ashmaisv.exe
    O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
    O4 - HKLM\..\Run: [DeadAIM] rundll32.exe "C:\PROGRA~1\AIM\\DeadAIM.ocm",ExportedCheckODLs
    O4 - HKLM\..\Run: [Mirabilis ICQ] C:\Program Files\ICQ\NDetect.exe
    O4 - HKLM\..\Run: [RunDLL] rundll32.exe "C:\WINDOWS\Downloaded Program Files\bridge.dll",Load
    O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background
    O4 - HKCU\..\Run: [Yahoo! Pager] C:\Program Files\Yahoo!\Messenger\ypager.exe -quiet
    O4 - HKCU\..\Run: [NCLaunch] C:\WINDOWS\NCLAUNCH.EXe
    O4 - HKCU\..\Run: [Ashampoo PopUpBlocker] C:\PROGRA~1\Ashampoo\ASHAMP~1\PopUpKiller.exe
    O4 - HKCU\..\Run: [AIM] C:\Program Files\AIM\aim.exe -cnetwait.odl
    O4 - Startup: Gangsters2Setup.lnk = ?
    O4 - Startup: WordWeb.lnk = C:\Program Files\WordWeb\wweb32.exe
    O4 - Global Startup: Adobe Gamma Loader.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
    O4 - Global Startup: hp center UI.lnk = C:\Program Files\hp center\137903\Shadow\ShadowBar.exe
    O8 - Extra context menu item: Download with NetPumper - C:\Program Files\NetPumper\AddUrl.htm
    O8 - Extra context menu item: LimeShop Preferences - file://C:\Program Files\LimeShop\System\Temp\limeshop_script.htm
    O9 - Extra button: Messenger (HKLM)
    O9 - Extra 'Tools' menuitem: Yahoo! Messenger (HKLM)
    O9 - Extra button: AIM (HKLM)
    O9 - Extra button: AdsGone (HKLM)
    O9 - Extra 'Tools' menuitem: &AdsGone Settings (HKLM)
    O9 - Extra button: Messenger (HKLM)
    O9 - Extra 'Tools' menuitem: Messenger (HKLM)
    O12 - Plugin for .pdf: C:\Program Files\Internet Explorer\PLUGINS\nppdf32.dll
    O17 - HKLM\System\CCS\Services\Tcpip\Parameters: Domain = A
    O17 - HKLM\Software\..\Telephony: DomainName = A
    O17 - HKLM\System\CS1\Services\Tcpip\Parameters: Domain = A
     
  4. Pancake

    Pancake

    Joined:
    Jan 9, 2004
    Messages:
    313
    Run HJT again and remove these.Did nothing turn up from the SpyBot scan ?


    R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://us6.hpwis.com/
    R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://srch-us6.hpwis.com/
    R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://us6.hpwis.com/
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = about:blank
    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
    O4 - HKLM\..\Run: [RunDLL] rundll32.exe "C:\WINDOWS\Downloaded Program Files\bridge.dll",Load
    O17 - HKLM\System\CCS\Services\Tcpip\Parameters: Domain = A
    O17 - HKLM\Software\..\Telephony: DomainName = A
    O17 - HKLM\System\CS1\Services\Tcpip\Parameters: Domain = A
     
  5. Elvandil

    Elvandil

    Joined:
    Aug 1, 2003
    Messages:
    51,988
    I recently had the good luck to have gotten this piece of junk into my system. AdAware did a very good job of eliminating most of it. But there was still a startup for it with a peculier name I can't remember (something like "loaddll.exe"). After AdAware had completed, I was still able to find bridge.dll in a search, but it was invisible in Downloaded Program Files. Its size was not even reflected in the total folder size.

    The only way I found to delete it was to enter the Recovery Console and delete it from there.
     
  6. Affiliate

    Affiliate Thread Starter

    Joined:
    Jan 7, 2004
    Messages:
    100
    Thanks pancake... and elvandil, how do you enter the recovery console ??
     
  7. Elvandil

    Elvandil

    Joined:
    Aug 1, 2003
    Messages:
    51,988
    If you have the XP CD, boot from the CD and press "R" when requested.
     
  8. Affiliate

    Affiliate Thread Starter

    Joined:
    Jan 7, 2004
    Messages:
    100
    i dont have the xp cd :confused:
     
  9. Elvandil

    Elvandil

    Joined:
    Aug 1, 2003
    Messages:
    51,988
    Then I don't know. If you have setup files on your hard drive, you may be able to install it from there. Do you have an i386 folder or a recovery partition containing the setup files for XP?

    Or, you may be able to delete it from a command prompt.

    Go to Start > Run and type:
    cmd

    At the prompt, type:
    del C:\Windows\Downloaded Program Files\bridge.dll
    (adjusting for your drive letter and installation directory).

    If you don't get a file "not found error", you got rid of it.

    Out of curiosity, do you have the same thing I had, that you can find it in search but not see it in the folder?
     
  10. Elvandil

    Elvandil

    Joined:
    Aug 1, 2003
    Messages:
    51,988
    The obvious had eluded me. From the title of your error box, I rmember now that the startup for that bridge.dll malware was rundll.exe. Use Startup Control Panel to delete the startup and then try to delete bridge.dll. The dll didn't cause any problems after the startup was disabled, but it bothered me that it was there. :D

    http://www.mlin.net/StartupCPL.shtml
     
  11. spoiled_brat109

    spoiled_brat109

    Joined:
    Nov 28, 2001
    Messages:
    154
    I was getting a error message when I would boot up. It said:
    Error loading C/windows/downloaded program file/bridge.dll
    also got this message:
    The specified module could not be found. could not find the main class progam
    arm will exit.
    I had run Norton, AdAware, and Spybot. Just kept getting it.
    I did a restore, now I get this:
    Could not find the main class
    also:
    could not find th main class, program will exit.
    I have no idea what could be going on....
    I run spybot, but have no idea what the hijack this is....
    thanks for any help.
    Pat
     
  12. Sponsor

As Seen On
As Seen On...

Welcome to Tech Support Guy!

Are you looking for the solution to your computer problem? Join our site today to ask your question. This site is completely free -- paid for by advertisers and donations.

If you're not already familiar with forums, watch our Welcome Guide to get started.

Join over 733,556 other people just like you!

Thread Status:
Not open for further replies.

Short URL to this thread: https://techguy.org/219235

  1. This site uses cookies to help personalise content, tailor your experience and to keep you logged in if you register.
    By continuing to use this site, you are consenting to our use of cookies.
    Dismiss Notice