hi , found this forum while trying to rid myself of this bridge.dll file , and read the posts before mine on the subject , you seem very knowledgeable about this sort of thing so im hoping you can help me , i ran an housecall scan and had 3 trojans and 2 backdoors ,on a hard drive not even a week old :(
so i think i have ridded myself of all of them with the exception of this bridge.dll but i would appreciate very much if you could look at my log and read it for me ?
im running a different online scan (panda) as i ran the hjt and hope it didnt interfere :)
Thanks N advance Michelle

Logfile of HijackThis v1.97.7
Scan saved at 2:32:33 AM, on 5/28/04
Platform: Windows 98 SE (Win9x 4.10.2222A)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:
C:\WINDOWS\SYSTEM\KERNEL32.DLL
C:\WINDOWS\SYSTEM\MSGSRV32.EXE
C:\WINDOWS\SYSTEM\SPOOL32.EXE
C:\WINDOWS\SYSTEM\MPREXE.EXE
C:\PROGRAM FILES\COMMON FILES\AOL\ACS\ACSD.EXE
C:\WINDOWS\SYSTEM\mmtask.tsk
C:\WINDOWS\EXPLORER.EXE
C:\WINDOWS\SYSTEM\DDHELP.EXE
C:\PROGRAM FILES\INTERNET EXPLORER\IEXPLORE.EXE
C:\WINDOWS\SYSTEM\PSTORES.EXE
C:\WINDOWS\SYSTEM\RNAAPP.EXE
C:\WINDOWS\SYSTEM\TAPISRV.EXE
C:\PROGRAM FILES\WINZIP\WINZIP32.EXE
C:\WINDOWS\TEMP\HIJACKTHIS.EXE

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Microsoft Internet Explorer provided by America Online
O2 - BHO: (no name) - {A5366673-E8CA-11D3-9CD9-0090271D075B} - E:\PROGRAM FILES\FLASHGET\JCCATCH.DLL
O2 - BHO: (no name) - {9C691A33-7DDA-4C2F-BE4C-C176083F35CF} - C:\WINDOWS\SYSTEM\BRIDGE.DLL (file missing)
O2 - BHO: (no name) - {000020DD-C72E-4113-AF77-DD56626C6C42} - (no file)
O2 - BHO: (no name) - {83DE62E0-5805-11D8-9B25-00E04C60FAF2} - C:\WINDOWS\2_0_1browserhelper2.dll
O2 - BHO: (no name) - {00000762-3965-4A1A-98CE-3D4BF457D4C8} - C:\PROGRAM FILES\LYCOS\SIDESEARCH\SIDESEARCH1400.DLL (file missing)
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\SYSTEM\MSDXM.OCX
O3 - Toolbar: FlashGet Bar - {E0E899AB-F487-11D5-8D29-0050BA6940E3} - E:\PROGRAM FILES\FLASHGET\FGIEBAR.DLL
O4 - HKLM\..\RunServices: [AolAcsDaemon1] "C:\PROGRAM FILES\COMMON FILES\AOL\ACS\ACSD.EXE"
O4 - Startup: America Online 9.0 Tray Icon.lnk = C:\Program Files\America Online 9.0\aoltray.exe
O8 - Extra context menu item: Download using FlashGet - E:\PROGRAM FILES\FLASHGET\jc_link.htm
O8 - Extra context menu item: Download All by FlashGet - E:\PROGRAM FILES\FLASHGET\jc_all.htm
O9 - Extra button: Related (HKLM)
O9 - Extra 'Tools' menuitem: Show &Related Links (HKLM)
O9 - Extra button: Real.com (HKLM)
O9 - Extra button: FlashGet (HKLM)
O9 - Extra 'Tools' menuitem: &FlashGet (HKLM)
O9 - Extra button: Messenger (HKLM)
O9 - Extra 'Tools' menuitem: Yahoo! Messenger (HKLM)
O9 - Extra button: Sidesearch (HKLM)
O14 - IERESET.INF: START_PAGE_URL=http://www.aol.com
O16 - DPF: {4A3CF76B-EC7A-405D-A67D-8DC6B52AB35B} (QDiagAOLCCUpdateObj Class) - http://aolcc.aol.com/computercheckup/qdiagcc.cab
O16 - DPF: {2C8EEB84-6D60-11D4-BD64-0050048A82BF} (eshare communications NetAgent Customer ActiveX Control version 2) - http://billing-b.mhi.aol.com/netagent/objects/custappx2.CAB
O16 - DPF: Yahoo! Dominoes - http://download.games.yahoo.com/games/clients/y/dot7_x.cab
O16 - DPF: {4F5E4276-C120-11D6-A1FD-00508B9D48EA} (dldisplay Class) - http://www.gamehouse.com/ghdlctl.cab
O16 - DPF: {166B1BCA-3F9C-11CF-8075-444553540000} (Shockwave ActiveX Control) - http://download.macromedia.com/pub/shockwave/cabs/director/sw.cab
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload.macromedia.com/pub/shockwave/cabs/flash/swflash.cab
O16 - DPF: {74D05D43-3236-11D4-BDCD-00C04F9A3B61} (HouseCall Control) - http://a840.g.akamai.net/7/840/537/148119a2571ca3/housecall.antivirus.com/housecall/xscan53.cab
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://www.pandasoftware.com/activescan/as5/asinst.cab

Hello & Welcome!

I heard a friend mention this "bridge.dll" last night, but I am not aware of it.

Someone more experienced will surley help you out with this. ;)

I Recommend a FULL Security Scan.

1) Download, install and update Spybot. (http://download.com.com/3000-2144-10122137.html?part=104443&subj=dlpage&tag=button)

2) Download, install and update Adaware. (http://download.com.com/3000-8022-10214379.html?tag=lst-0-2)

3) Create a folder called HJT.

4) Download and install HijackThis (http://download.com.com/3000-8022-10227352.html?tag=lst-0-4) in the HJT folder.

5) Run Spybot and fix everything it finds

6) Shutdown your computer. Full shutdown DO NOT re-start.

7) Run Adaware and fix everything it finds.

8) Shutdown your computer. Full Shutdown DO NOT re-start.

9) Run an on line scan from Trend Micro (http://housecall.trendmicro.com/) and or Bitdefender. (http://www.bitdefender.com/scan/licence.php)

10) Run HijackThis from HJT folder. Do not run it from the TEMP Folder as you are going now or Temporary Internet Files folder as you may be unable to restore the backups created by HJT. After the scan is complete create a log file. DO NOT fix anything unless instructed to by an expert here.

11) Post the contents of the log and the results from the previous scans back here for evaluation.

ok all done , good idea running spybot and adaware , i had ran spybot last night and thought i was all good, but adaware found yet more spyware on here :(
anyhows i followed the steps listed above and here is the new log :)
Thanks , Michelle


Logfile of HijackThis v1.97.7
Scan saved at 10:00:58 AM, on 5/28/04
Platform: Windows 98 SE (Win9x 4.10.2222A)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:
C:\WINDOWS\SYSTEM\KERNEL32.DLL
C:\WINDOWS\SYSTEM\MSGSRV32.EXE
C:\WINDOWS\SYSTEM\SPOOL32.EXE
C:\WINDOWS\SYSTEM\MPREXE.EXE
C:\PROGRAM FILES\COMMON FILES\AOL\ACS\ACSD.EXE
C:\WINDOWS\SYSTEM\mmtask.tsk
C:\WINDOWS\EXPLORER.EXE
C:\WINDOWS\NOTEPAD.EXE
E:\PROGRAM FILES\HJT\HIJACKTHIS.EXE

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Microsoft Internet Explorer provided by America Online
R3 - Default URLSearchHook is missing
O2 - BHO: (no name) - {A5366673-E8CA-11D3-9CD9-0090271D075B} - E:\PROGRAM FILES\FLASHGET\JCCATCH.DLL
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\SYSTEM\MSDXM.OCX
O3 - Toolbar: FlashGet Bar - {E0E899AB-F487-11D5-8D29-0050BA6940E3} - E:\PROGRAM FILES\FLASHGET\FGIEBAR.DLL
O4 - HKLM\..\RunServices: [AolAcsDaemon1] "C:\PROGRAM FILES\COMMON FILES\AOL\ACS\ACSD.EXE"
O4 - Startup: America Online 9.0 Tray Icon.lnk = C:\Program Files\America Online 9.0\aoltray.exe
O8 - Extra context menu item: Download using FlashGet - E:\PROGRAM FILES\FLASHGET\jc_link.htm
O8 - Extra context menu item: Download All by FlashGet - E:\PROGRAM FILES\FLASHGET\jc_all.htm
O9 - Extra button: Real.com (HKLM)
O9 - Extra button: FlashGet (HKLM)
O9 - Extra 'Tools' menuitem: &FlashGet (HKLM)
O9 - Extra button: Messenger (HKLM)
O9 - Extra 'Tools' menuitem: Yahoo! Messenger (HKLM)
O14 - IERESET.INF: START_PAGE_URL=http://www.aol.com
O16 - DPF: {4A3CF76B-EC7A-405D-A67D-8DC6B52AB35B} (QDiagAOLCCUpdateObj Class) - http://aolcc.aol.com/computercheckup/qdiagcc.cab
O16 - DPF: {2C8EEB84-6D60-11D4-BD64-0050048A82BF} (eshare communications NetAgent Customer ActiveX Control version 2) - http://billing-b.mhi.aol.com/netagent/objects/custappx2.CAB
O16 - DPF: Yahoo! Dominoes - http://download.games.yahoo.com/games/clients/y/dot7_x.cab
O16 - DPF: {166B1BCA-3F9C-11CF-8075-444553540000} (Shockwave ActiveX Control) - http://download.macromedia.com/pub/shockwave/cabs/director/sw.cab
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload.macromedia.com/pub/shockwave/cabs/flash/swflash.cab
O16 - DPF: {74D05D43-3236-11D4-BDCD-00C04F9A3B61} (HouseCall Control) - http://a840.g.akamai.net/7/840/537/148119a2571ca3/housecall.antivirus.com/housecall/xscan53.cab
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://www.pandasoftware.com/activescan/as5/asinst.cab
O17 - HKLM\System\CCS\Services\VxD\MSTCP: Domain = aoldsl.net

It looks clean now except that you can use HJT to fix this:

R3 - Default URLSearchHook is missing

And it is a good idea to have NOTHING else running when you run HJT to get the best results. If you have anything in the HJT ignore list or anything disabled in msconfig, you may want to enabled everything and run a new log for review... Otherwise, you seem to be okay, so here is my prevention speech....

This is a good time to set up protection against further attacks. You need an antivirus that is updated, a good firewall and a spyware blocker like SpywareBlaster and also IE-Spyads. All of these have good free versions available... be very cautious about any security software that advertises in popups or other intrusive ways, they are not only usually useless, but also often have malware in them....

Thank You very much for the Reply , i definitely realize now is the time to protect my computer ,i do have a question , with a firewall in my router do i need an additional firewall ?
im going to install nortons 2004 , and one of the above mentioned spyware programs (i have 2 on here allready)and wondering if that would be enough ?
once again , thanks for the help , youve been most helpful :)
Michelle

The firewall in the router offers good, but limited protection. Programs that infest your system will try to connect to the Internet to deliver the information they stole from you and the software firewall gives you some defense against that.

I recommend SpywareBlaster and IE-Spyads since they do different things. SpywareBlaster sets up protection against spyware being installed on your system while IE-Spyads warns you about bad sites and provides other protections if you use IE. They are both free programs....

If you get Norton 2004 be prepared for problems. It is huge and bloated. Many people have reported problems with it. I recommend either going with a free program like AVG or Avast and combining that with other free programs or go with NOD32 which is reported to be the best pay antivirus and combine that with good free programs.

thanks again , that was my reason for not installing nortons when i installed my hard drive , it slows down my computer tremendously , i think i will go with the avg since you said the keyword "free" LOL
and i suppose the more spyware detectors the better since it seems like everywhere i go they want me to install an "optimizer" or "plug-in"
yah right !
i still have a file in my temp folder that i cant delete but im not particularly worried about it , (~df4c09.tmp)if you know what or why it cant be deleted let me know , but once again , i really appreciate your help , my brother is a pretty bright guy when it comes to computers but i surely hate to tell him i had trojans ( my pride and all :p )
thanks and have a great Memorial Day Weekend !
Michelle

If that temp file is in your Temporary Internet Files folder, you can probably remove it by using IE, Tools, Internet Options and choose to clear cookies and cache along with offline files.... If not, try booting into Safe Mode and removing it. I don't recognize the name you gave, but is could be bad. If you still can't delete it, we may need to have you submit it for analysis....

OTOH, I have found that "unable to delete" is because an innocent file is currently in use by some active task. Such a file is usually available for delete later, or at least after a reboot.