View Full Version : ipwins.exe or smitfraud help
I get the saem message as other with reargd to ipwins.exe saying something is missing. Along with this I keep getting a page that load with some anitvirus site opening up. i can't recall the name now, but I think it is "system doctor 2006"
I run avg, I have run spybot search and destroy, but this little bugger persists
I have downloaded hijact this and bleow is my log
Help!
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\PROGRA~1\COMMON~1\AOL\ACS\AOLacsd.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
C:\WINDOWS\system32\cisvc.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\wanmpsvc.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\stsystra.exe
C:\Program Files\Dell\Media Experience\DMXLauncher.exe
C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe
C:\WINDOWS\System32\DLA\DLACTRLW.EXE
C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe
C:\WINDOWS\ProDsl.exe
C:\Program Files\Musicmatch\Musicmatch Jukebox\mm_tray.exe
C:\Program Files\Google\Google Desktop Search\GoogleDesktopIndex.exe
C:\Program Files\QuickTime\qttask.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Adobe\Photoshop Album Starter Edition\3.0\Apps\apdproxy.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe
C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
C:\Program Files\Common Files\AOL\1172667301\ee\AOLSoftware.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\DellSupport\DSAgnt.exe
C:\Program Files\Digital Line Detect\DLG.exe
C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
C:\QUICKENW\QWDLLS.EXE
C:\Documents and Settings\All Users\Application Data\U3\U3Launcher\LaunchU3.exe
C:\Program Files\HP\Digital Imaging\bin\hpqimzone.exe
C:\WINDOWS\system32\cidaemon.exe
c:\program files\common files\installshield\updateservice\isuspm.exe
C:\Program Files\Common Files\InstallShield\UpdateService\agent.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\PROGRA~1\MOZILL~1\FIREFOX.EXE
C:\Program Files\Microsoft Office\OFFICE11\WINWORD.EXE
C:\Documents and Settings\Marlin\My Documents\Downloaded applications\HiJackThis_v2.exe
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = www.google.com/ig/dell?hl=en&client=dell-usuk&channel=us
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.dell.com
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.dell.com
R1 - HKLM\Software\Microsoft\Internet Explorer\Search,Default_Page_URL = www.google.com/ig/dell?hl=en&client=dell-usuk&channel=us
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {3F9D0C61-737D-44D1-BD80-91AF857061CC} - C:\WINDOWS\system32\xxyaywt.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: DriveLetterAccess - {5CA3D70E-1895-11CF-8E15-001234567890} - C:\WINDOWS\System32\DLA\DLASHX_W.DLL
O2 - BHO: (no name) - {9E71D043-E019-412D-A6D2-100BBDF8E9FC} - C:\WINDOWS\system32\mljjg.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar1.dll
O2 - BHO: CBrowserHelperObject Object - {CA6319C0-31B7-401E-A518-A07C3DB8F777} - C:\Program Files\BAE\BAE.dll
O2 - BHO: (no name) - {D651AFF4-9590-424d-BD1E-8E33E090DFB3} - C:\WINDOWS\system32\lhljimjt.dll
O2 - BHO: (no name) - {F82A8B54-CEFA-4EC4-B20D-BB9B0ED37641} - C:\WINDOWS\system32\mljjg.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O4 - HKLM\..\Run: [SigmatelSysTrayApp] stsystra.exe
O4 - HKLM\..\Run: [ATIPTA] "C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe"
O4 - HKLM\..\Run: [DMXLauncher] C:\Program Files\Dell\Media Experience\DMXLauncher.exe
O4 - HKLM\..\Run: [ISUSPM Startup] "c:\Program Files\Common Files\InstallShield\UpdateService\isuspm.exe" -startup
O4 - HKLM\..\Run: [ISUSScheduler] "C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" -start
O4 - HKLM\..\Run: [DLA] C:\WINDOWS\System32\DLA\DLACTRLW.EXE
O4 - HKLM\..\Run: [Google Desktop Search] "C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe" /startup
O4 - HKLM\..\Run: [ProDsl.exe] ProDsl.exe
O4 - HKLM\..\Run: [MMTray] "C:\Program Files\Musicmatch\Musicmatch Jukebox\mm_tray.exe"
O4 - HKLM\..\Run: [Windows Defender] "C:\Program Files\Windows Defender\MSASCui.exe" -hide
O4 - HKLM\..\Run: [igfxtray] C:\WINDOWS\system32\igfxtray.exe
O4 - HKLM\..\Run: [igfxhkcmd] C:\WINDOWS\system32\hkcmd.exe
O4 - HKLM\..\Run: [igfxpers] C:\WINDOWS\system32\igfxpers.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [Adobe Photo Downloader] "C:\Program Files\Adobe\Photoshop Album Starter Edition\3.0\Apps\apdproxy.exe"
O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe /STARTUP
O4 - HKLM\..\Run: [MSKDetectorExe] C:\Program Files\McAfee\SpamKiller\MSKDetct.exe /uninstall
O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
O4 - HKLM\..\Run: [AOLDialer] C:\Program Files\Common Files\AOL\ACS\AOLDial.exe
O4 - HKLM\..\Run: [HostManager] C:\Program Files\Common Files\AOL\1172667301\ee\AOLSoftware.exe
O4 - HKLM\..\Run: [InfoData] rundll32.exe "C:\WINDOWS\system32\lbdnvpif.dll",realset
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [updateMgr] "C:\Program Files\Adobe\Acrobat 7.0\Reader\AdobeUpdateManager.exe" AcRdB7_0_8 -reboot 1
O4 - HKCU\..\Run: [DellSupport] "C:\Program Files\DellSupport\DSAgnt.exe" /startup
O4 - HKCU\..\Run: [Uniblue Registry Booster2] C:\Program Files\Uniblue\RegistryBooster2\RegistryBooster.exe /S
O4 - HKUS\S-1-5-19\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVGFRE~1\avgw.exe /RUNONCE (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVGFRE~1\avgw.exe /RUNONCE (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-18\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVGFRE~1\avgw.exe /RUNONCE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVGFRE~1\avgw.exe /RUNONCE (User 'Default user')
O4 - Startup: LaunchU3.exe.lnk = ?
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: Billminder.lnk = C:\QUICKENW\BILLMIND.EXE
O4 - Global Startup: Digital Line Detect.lnk = ?
O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
O4 - Global Startup: HP Photosmart Premier Fast Start.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqthb08.exe
O4 - Global Startup: Quicken Startup.lnk = C:\QUICKENW\QWDLLS.EXE
O8 - Extra context menu item: &Google Search - res://C:\Program Files\Google\GoogleToolbar1.dll/cmsearch.html
O8 - Extra context menu item: &Translate English Word - res://C:\Program Files\Google\GoogleToolbar1.dll/cmwordtrans.html
O8 - Extra context menu item: Backward Links - res://C:\Program Files\Google\GoogleToolbar1.dll/cmbacklinks.html
O8 - Extra context menu item: Cached Snapshot of Page - res://C:\Program Files\Google\GoogleToolbar1.dll/cmcache.html
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MI1933~1\OFFICE11\EXCEL.EXE/3000
O8 - Extra context menu item: Similar Pages - res://C:\Program Files\Google\GoogleToolbar1.dll/cmsimilar.html
O8 - Extra context menu item: Translate Page into English - res://C:\Program Files\Google\GoogleToolbar1.dll/cmtrans.html
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINDOWS\system32\msjava.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINDOWS\system32\msjava.dll
O9 - Extra button: Create Mobile Favorite - {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MICROS~4\INetRepl.dll
O9 - Extra button: (no name) - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MICROS~4\INetRepl.dll
O9 - Extra 'Tools' menuitem: Create Mobile Favorite... - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MICROS~4\INetRepl.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MI1933~1\OFFICE11\REFIEBAR.DLL
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\system32\Shdocvw.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {512FC5A1-7DE1-43F1-BC0C-371622FCB409} (Installer Class) - http://www.nanoscan.com/as/v1/cabs/ascinstie.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{564C98AF-A43F-4871-A211-6DCFB8C4BA63}: NameServer = 205.208.227.13 205.208.227.14
O20 - AppInit_DLLs: C:\PROGRA~1\Google\GOOGLE~1\GOEC62~1.DLL
O20 - Winlogon Notify: mljjg - C:\WINDOWS\system32\mljjg.dll
O20 - Winlogon Notify: xxyaywt - C:\WINDOWS\SYSTEM32\xxyaywt.dll
O22 - SharedTaskScheduler: Browseui preloader - {438755C2-A8BA-11D1-B96B-00A0C90312E1} - C:\WINDOWS\system32\browseui.dll
O22 - SharedTaskScheduler: Component Categories cache daemon - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\WINDOWS\system32\browseui.dll
O23 - Service: AOL Connectivity Service (AOL ACS) - AOL LLC - C:\PROGRA~1\COMMON~1\AOL\ACS\AOLacsd.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
O23 - Service: DSBrokerService - Unknown owner - C:\Program Files\DellSupport\brkrsvc.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe
O23 - Service: iPod Service - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Intel NCS NetService (NetSvc) - Intel(R) Corporation - C:\Program Files\Intel\PROSetWired\NCS\Sync\NetSvc.exe
O23 - Service: WAN Miniport (ATW) Service (WANMiniportService) - America Online, Inc. - C:\WINDOWS\wanmpsvc.exe
Should I use the other version of hijackthis?
Logfile of HijackThis v1.99.1
Scan saved at 11:20:12 AM, on 04/29/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\PROGRA~1\COMMON~1\AOL\ACS\AOLacsd.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
C:\WINDOWS\system32\cisvc.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\wanmpsvc.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\stsystra.exe
C:\Program Files\Dell\Media Experience\DMXLauncher.exe
C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe
C:\WINDOWS\System32\DLA\DLACTRLW.EXE
C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe
C:\WINDOWS\ProDsl.exe
C:\Program Files\Musicmatch\Musicmatch Jukebox\mm_tray.exe
C:\Program Files\Google\Google Desktop Search\GoogleDesktopIndex.exe
C:\Program Files\QuickTime\qttask.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Adobe\Photoshop Album Starter Edition\3.0\Apps\apdproxy.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe
C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
C:\Program Files\Common Files\AOL\1172667301\ee\AOLSoftware.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\DellSupport\DSAgnt.exe
C:\Program Files\Digital Line Detect\DLG.exe
C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
C:\QUICKENW\QWDLLS.EXE
C:\Documents and Settings\All Users\Application Data\U3\U3Launcher\LaunchU3.exe
C:\Program Files\HP\Digital Imaging\bin\hpqimzone.exe
C:\WINDOWS\system32\cidaemon.exe
c:\program files\common files\installshield\updateservice\isuspm.exe
C:\Program Files\Common Files\InstallShield\UpdateService\agent.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Uniblue\RegistryBooster2\RegistryBooster.exe
C:\WINDOWS\system32\igfxsrvc.exe
C:\PROGRA~1\MOZILL~1\FIREFOX.EXE
C:\Documents and Settings\Marlin\My Documents\Downloaded applications\HijackThis.exe
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = www.google.com/ig/dell?hl=en&client=dell-usuk&channel=us
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.dell.com
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.dell.com
R1 - HKLM\Software\Microsoft\Internet Explorer\Search,Default_Page_URL = www.google.com/ig/dell?hl=en&client=dell-usuk&channel=us
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O4 - HKLM\..\Run: [SigmatelSysTrayApp] stsystra.exe
O4 - HKLM\..\Run: [ATIPTA] "C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe"
O4 - HKLM\..\Run: [DMXLauncher] C:\Program Files\Dell\Media Experience\DMXLauncher.exe
O4 - HKLM\..\Run: [ISUSPM Startup] "c:\Program Files\Common Files\InstallShield\UpdateService\isuspm.exe" -startup
O4 - HKLM\..\Run: [ISUSScheduler] "C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" -start
O4 - HKLM\..\Run: [DLA] C:\WINDOWS\System32\DLA\DLACTRLW.EXE
O4 - HKLM\..\Run: [Google Desktop Search] "C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe" /startup
O4 - HKLM\..\Run: [ProDsl.exe] ProDsl.exe
O4 - HKLM\..\Run: [MMTray] "C:\Program Files\Musicmatch\Musicmatch Jukebox\mm_tray.exe"
O4 - HKLM\..\Run: [Windows Defender] "C:\Program Files\Windows Defender\MSASCui.exe" -hide
O4 - HKLM\..\Run: [igfxtray] C:\WINDOWS\system32\igfxtray.exe
O4 - HKLM\..\Run: [igfxhkcmd] C:\WINDOWS\system32\hkcmd.exe
O4 - HKLM\..\Run: [igfxpers] C:\WINDOWS\system32\igfxpers.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [Adobe Photo Downloader] "C:\Program Files\Adobe\Photoshop Album Starter Edition\3.0\Apps\apdproxy.exe"
O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe /STARTUP
O4 - HKLM\..\Run: [MSKDetectorExe] C:\Program Files\McAfee\SpamKiller\MSKDetct.exe /uninstall
O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
O4 - HKLM\..\Run: [AOLDialer] C:\Program Files\Common Files\AOL\ACS\AOLDial.exe
O4 - HKLM\..\Run: [HostManager] C:\Program Files\Common Files\AOL\1172667301\ee\AOLSoftware.exe
O4 - HKLM\..\Run: [InfoData] rundll32.exe "C:\WINDOWS\system32\lbdnvpif.dll",realset
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [updateMgr] "C:\Program Files\Adobe\Acrobat 7.0\Reader\AdobeUpdateManager.exe" AcRdB7_0_8 -reboot 1
O4 - HKCU\..\Run: [DellSupport] "C:\Program Files\DellSupport\DSAgnt.exe" /startup
O4 - Startup: LaunchU3.exe.lnk = ?
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: Billminder.lnk = C:\QUICKENW\BILLMIND.EXE
O4 - Global Startup: Digital Line Detect.lnk = ?
O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
O4 - Global Startup: HP Photosmart Premier Fast Start.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqthb08.exe
O4 - Global Startup: Quicken Startup.lnk = C:\QUICKENW\QWDLLS.EXE
O8 - Extra context menu item: &Google Search - res://C:\Program Files\Google\GoogleToolbar1.dll/cmsearch.html
O8 - Extra context menu item: &Translate English Word - res://C:\Program Files\Google\GoogleToolbar1.dll/cmwordtrans.html
O8 - Extra context menu item: Backward Links - res://C:\Program Files\Google\GoogleToolbar1.dll/cmbacklinks.html
O8 - Extra context menu item: Cached Snapshot of Page - res://C:\Program Files\Google\GoogleToolbar1.dll/cmcache.html
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MI1933~1\OFFICE11\EXCEL.EXE/3000
O8 - Extra context menu item: Similar Pages - res://C:\Program Files\Google\GoogleToolbar1.dll/cmsimilar.html
O8 - Extra context menu item: Translate Page into English - res://C:\Program Files\Google\GoogleToolbar1.dll/cmtrans.html
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINDOWS\system32\msjava.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINDOWS\system32\msjava.dll
O9 - Extra button: Create Mobile Favorite - {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MICROS~4\INetRepl.dll
O9 - Extra button: (no name) - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MICROS~4\INetRepl.dll
O9 - Extra 'Tools' menuitem: Create Mobile Favorite... - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MICROS~4\INetRepl.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MI1933~1\OFFICE11\REFIEBAR.DLL
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\system32\Shdocvw.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {512FC5A1-7DE1-43F1-BC0C-371622FCB409} (Installer Class) - http://www.nanoscan.com/as/v1/cabs/ascinstie.cab
O20 - AppInit_DLLs: C:\PROGRA~1\Google\GOOGLE~1\GOEC62~1.DLL
O21 - SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll
O23 - Service: AOL Connectivity Service (AOL ACS) - AOL LLC - C:\PROGRA~1\COMMON~1\AOL\ACS\AOLacsd.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
O23 - Service: DSBrokerService - Unknown owner - C:\Program Files\DellSupport\brkrsvc.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe
O23 - Service: iPod Service - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Intel NCS NetService (NetSvc) - Intel(R) Corporation - C:\Program Files\Intel\PROSetWired\NCS\Sync\NetSvc.exe
O23 - Service: WAN Miniport (ATW) Service (WANMiniportService) - America Online, Inc. - C:\WINDOWS\wanmpsvc.exe
Hello mstruhs and welcome to the Forums :)
1.99.1 is the version you should use.
1. Download this file - combofix.exe (http://download.bleepingcomputer.com/sUBs/ComboFix.exe)
2. Double click combofix.exe & follow the prompts.
3. When finished, it shall produce a log for you. Post that log in your next reply
Note:
Do not mouseclick combofix's window whilst it's running. That may cause it to stall
"Marlin" - 07-05-02 5:11:26 Service Pack 2
ComboFix 07-04-25.4V - Running from: "C:\Program Files\Mozilla Firefox\"
(((((((((((((((((((((((((((((((((((((((((((((((((( V Log )))))))))))))))))))))))))))))))))))))))))))))))))))))))
C:\WINDOWS\system32\lhljimjt.dll
C:\WINDOWS\system32\gjjlm.bak1
C:\WINDOWS\system32\gjjlm.bak2
C:\WINDOWS\system32\gjjlm.ini
C:\WINDOWS\system32\gjjlm.ini2
C:\WINDOWS\system32\gjjlm.tmp
C:\WINDOWS\system32\mljjg.dll
* * * POST RUN FILES/FOLDERS * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * *
(((((((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
C:\Program Files\ipwindows\UnInstall.exe
C:\Program Files\install.log
C:\Program Files\ipwindows
~ ~ ~ ~ ~ ~ ~ ~ ~ ~ ~ ~ ~ ~ Purity ~ ~ ~ ~ ~ ~ ~ ~~ ~ ~ ~ ~ ~ ~ ~ ~ ~ ~ ~
Folders Quarantined:
C:\qoobox\purity\C\Program Files\RACLE~1
((((((((((((((((((((((((((((((( Files Created from 2007-04-02 to 2007-05-02 ))))))))))))))))))))))))))))))))))
2007-04-30 11:09 53,248 --a------ C:\WINDOWS\system32\Process.exe
2007-04-30 11:09 51,200 --a------ C:\WINDOWS\system32\dumphive.exe
2007-04-30 11:09 4,344 --a------ C:\WINDOWS\system32\tmp.reg
2007-04-30 11:09 288,417 --a------ C:\WINDOWS\system32\SrchSTS.exe
2007-04-29 18:01 <DIR> d-------- C:\DOCUME~1\Marlin\APPLIC~1\Leadertech
2007-04-29 14:32 <DIR> d-------- C:\Program Files\Enigma Software Group
2007-04-29 07:37 <DIR> d-------- C:\WINDOWS\system32\Panda Software
2007-04-29 07:16 <DIR> d-------- C:\DOCUME~1\Marlin\APPLIC~1\Uniblue
2007-04-26 16:35 132,660 --a------ C:\WINDOWS\system32\lbdnvpif.dll
2007-04-23 17:57 <DIR> d-------- C:\DOCUME~1\Rachel\APPLIC~1\Google
2007-04-22 18:39 <DIR> d-------- C:\DOCUME~1\Marlin\APPLIC~1\Google
2007-04-16 13:40 98,304 --a------ C:\WINDOWS\system32\ccrpUCW6.dll
2007-04-16 13:40 69,632 --a------ C:\WINDOWS\system32\brgstc32.dll
2007-04-16 13:40 680,224 --a------ C:\WINDOWS\system32\wodHttp.dll
2007-04-16 13:40 581,872 --a------ C:\WINDOWS\system32\wodCertificate.dll
2007-04-16 13:40 44,544 --a------ C:\WINDOWS\system32\msxml4a.dll
2007-04-16 13:40 368,640 --a------ C:\WINDOWS\system32\ImgMan81.dll
2007-04-16 13:40 2,551,952 --a------ C:\WINDOWS\system32\brgXerces25.dll
2007-04-16 13:40 121,856 --a------ C:\WINDOWS\system32\PBBalloon2.dll
2007-04-16 09:03 <DIR> d-------- C:\Program Files\ItsDeductible2006
2007-04-16 09:01 <DIR> d-------- C:\DOCUME~1\Marlin\APPLIC~1\InstallShield
2007-04-09 14:27 <DIR> d-------- C:\DOCUME~1\Marlin\APPLIC~1\My The Lord of the Rings, The Rise of the Witch-king Files
2007-04-09 09:51 <DIR> d-------- C:\Program Files\DellSupport
2007-04-06 07:35 <DIR> d-------- C:\DOCUME~1\LOCALS~1\APPLIC~1\Help
2007-04-02 19:47 <DIR> d-------- C:\DOCUME~1\Rachel\APPLIC~1\Diploma
(((((((((((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))))
2007-04-27 20:00 -------- d-------- C:\Program Files\morpheus
2007-04-26 17:38 -------- d-------- C:\Program Files\testgen
2007-04-24 10:22 -------- d-------- C:\Program Files\warez p2p client
2007-04-24 10:21 -------- d-------- C:\Program Files\errorkiller
2007-04-22 18:38 -------- d--h----- C:\Program Files\installshield installation information
2007-04-22 18:38 -------- d-------- C:\Program Files\google
2007-04-22 13:26 -------- d-------- C:\DOCUME~1\Marlin\APPLIC~1\u3
2007-04-16 13:40 -------- d-------- C:\Program Files\diploma 6
2007-04-16 09:01 -------- d-------- C:\Program Files\turbotax
2007-04-09 14:22 -------- d-------- C:\Program Files\electronic arts
2007-03-20 11:30 2757600 --a------ C:\WINDOWS\system32\brgdipio.dll
2007-03-18 14:19 -------- d-------- C:\DOCUME~1\Marlin\APPLIC~1\my battle for middle-earth(tm) ii files
2007-03-17 07:43 292864 --a------ C:\WINDOWS\system32\winsrv.dll
2007-03-15 12:23 497496 --a------ C:\WINDOWS\system32\xceedzip.dll
2007-03-15 12:19 526184 --a------ C:\WINDOWS\system32\xceedcry.dll
2007-03-10 13:01 88 -r-hs---- C:\WINDOWS\system32\91f50a737a.sys
2007-03-10 13:01 4184 --ahs---- C:\WINDOWS\system32\kgygaavl.sys
2007-03-09 12:45 226328 --a------ C:\WINDOWS\system32\brgmte.dll
2007-03-08 09:36 577536 --a------ C:\WINDOWS\system32\user32.dll
2007-03-08 09:36 40960 --a------ C:\WINDOWS\system32\mf3216.dll
2007-03-08 09:36 281600 --a------ C:\WINDOWS\system32\gdi32.dll
2007-03-08 07:47 1843584 --a------ C:\WINDOWS\system32\win32k.sys
2007-02-27 11:49 631768 --a------ C:\WINDOWS\system32\brgrt.dll
2007-02-12 15:24 209888 --a------ C:\WINDOWS\system32\brgdlg32.dll
2007-02-05 14:17 185344 --a------ C:\WINDOWS\system32\upnphost.dll
(((((((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))
*Note* empty entries & legit default entries are not shown
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects]
{06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
{53707962-6F74-2D53-2644-206D7942484F} C:\PROGRA~1\SPYBOT~1\SDHelper.dll
{5CA3D70E-1895-11CF-8E15-001234567890} C:\WINDOWS\System32\DLA\DLASHX_W.DLL
{AA58ED58-01DD-4d91-8333-CF10577473F7} c:\program files\google\googletoolbar1.dll
{CA6319C0-31B7-401E-A518-A07C3DB8F777} C:\Program Files\BAE\BAE.dll
{D651AFF4-9590-424d-BD1E-8E33E090DFB3} C:\WINDOWS\system32\lhljimjt.dll [x]
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run]
"SigmatelSysTrayApp"="stsystra.exe"
"ATIPTA"="\"C:\\Program Files\\ATI Technologies\\ATI Control Panel\\atiptaxx.exe\""
"DMXLauncher"="C:\\Program Files\\Dell\\Media Experience\\DMXLauncher.exe"
"ISUSPM Startup"="\"C:\\Program Files\\Common Files\\InstallShield\\UpdateService\\isuspm.exe\" -startup"
"ISUSScheduler"="\"C:\\Program Files\\Common Files\\InstallShield\\UpdateService\\issch.exe\" -start"
@=""
"DLA"="C:\\WINDOWS\\System32\\DLA\\DLACTRLW.EXE"
"Google Desktop Search"="\"C:\\Program Files\\Google\\Google Desktop Search\\GoogleDesktop.exe\" /startup"
"ProDsl.exe"="ProDsl.exe"
"MMTray"="\"C:\\Program Files\\Musicmatch\\Musicmatch Jukebox\\mm_tray.exe\""
"Windows Defender"="\"C:\\Program Files\\Windows Defender\\MSASCui.exe\" -hide"
"igfxtray"="C:\\WINDOWS\\system32\\igfxtray.exe"
"igfxhkcmd"="C:\\WINDOWS\\system32\\hkcmd.exe"
"igfxpers"="C:\\WINDOWS\\system32\\igfxpers.exe"
"QuickTime Task"="\"C:\\Program Files\\QuickTime\\qttask.exe\" -atboottime"
"iTunesHelper"="\"C:\\Program Files\\iTunes\\iTunesHelper.exe\""
"Adobe Photo Downloader"="\"C:\\Program Files\\Adobe\\Photoshop Album Starter Edition\\3.0\\Apps\\apdproxy.exe\""
"AVG7_CC"="C:\\PROGRA~1\\Grisoft\\AVGFRE~1\\avgcc.exe /STARTUP"
"MSKDetectorExe"="C:\\Program Files\\McAfee\\SpamKiller\\MSKDetct.exe /uninstall"
"HP Software Update"="C:\\Program Files\\HP\\HP Software Update\\HPWuSchd2.exe"
"AOLDialer"="C:\\Program Files\\Common Files\\AOL\\ACS\\AOLDial.exe"
"HostManager"="C:\\Program Files\\Common Files\\AOL\\1172667301\\ee\\AOLSoftware.exe"
"InfoData"="rundll32.exe \"C:\\WINDOWS\\system32\\lbdnvpif.dll\",realset"
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\run]
"MSMSGS"="\"C:\\Program Files\\Messenger\\msmsgs.exe\" /background"
"updateMgr"="\"C:\\Program Files\\Adobe\\Acrobat 7.0\\Reader\\AdobeUpdateManager.exe\" AcRdB7_0_8 -reboot 1"
"DellSupport"="\"C:\\Program Files\\DellSupport\\DSAgnt.exe\" /startup"
[HKEY_USERS\.default\software\microsoft\windows\currentversion\run]
"AVG7_Run"="C:\\PROGRA~1\\Grisoft\\AVGFRE~1\\avgw.exe /RUNONCE"
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\explorer]
"NoCDBurning"=dword:00000000
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\explorer\run]
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\xxyaywt
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]
"appinit_dlls"="C:\PROGRA~1\Google\GOOGLE~1\GOEC62~1.DLL"
HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa
Authentication Packages REG_MULTI_SZ msv1_0\0\0
Security Packages REG_MULTI_SZ kerberos\0msv1_0\0schannel\0wdigest\0\0
Notification Packages REG_MULTI_SZ scecli\0\0
[HKEY_LOCAL_MACHINE\software\Microsoft\Windows NT\CurrentVersion\Svchost]
HTTPFilter REG_MULTI_SZ HTTPFilter\0\0
LocalService REG_MULTI_SZ Alerter\0WebClient\0LmHosts\0RemoteRegistry\0upnphost\0SSDPSRV\0\0
NetworkService REG_MULTI_SZ DnsCache\0\0
DcomLaunch REG_MULTI_SZ DcomLaunch\0TermService\0\0
rpcss REG_MULTI_SZ RpcSs\0\0
imgsvc REG_MULTI_SZ StiSvc\0\0
termsvcs REG_MULTI_SZ TermService\0\0
WudfServiceGroup REG_MULTI_SZ WUDFSvc\0\0
Contents of the 'Scheduled Tasks' folder
C:\WINDOWS\tasks\AppleSoftwareUpdate.job
C:\WINDOWS\tasks\MP Scheduled Scan.job
********************************************************************
catchme 0.3.660 W2K/XP/Vista - userland rootkit detector by Gmer, http://www.gmer.net
Rootkit scan 2007-05-02 05:20:04
Windows 5.1.2600 Service Pack 2 NTFS
scanning hidden processes ...
scanning hidden services ...
scanning hidden autostart entries ...
scanning hidden files ...
scan completed successfully
hidden processes: 0
hidden services: 0
hidden files: 0
********************************************************************
Completion time: 07-05-02 5:22:06 - machine was rebooted
C:\ComboFix-quarantined-files.txt ... 07-05-02 05:22
Hi again and sorry for the delay...
We'll continue :)
Go to virustotal.com (http://www.virustotal.com)
Copy the following to the box next to "Browse" button:
C:\WINDOWS\system32\lbdnvpif.dll
Click on Send
Wait for the scan to end.
Scan these too:
C:\WINDOWS\system32\brgstc32.dll
C:\WINDOWS\system32\PBBalloon2.dll
C:\WINDOWS\system32\brgdipio.dll
C:\WINDOWS\system32\brgdlg32.dll
Copy & Paste the scan results to here.
:bigthumb:
Antivirus Version Update Result
AhnLab-V3 2007.5.4.0 05.03.2007 no virus found
AntiVir 7.4.0.15 05.03.2007 ADSPY/Virtumonde.HB.6
Authentium 4.93.8 05.03.2007 no virus found
Avast 4.7.997.0 05.03.2007 no virus found
AVG 7.5.0.467 05.03.2007 Adware Generic2.RA
BitDefender 7.2 05.04.2007 Adware.Virtumonde.GEP
CAT-QuickHeal 9.00 05.03.2007 AdWare.Virtumonde.hb (Not a Virus)
ClamAV devel-20070416 05.03.2007 Trojan.Packed-7
DrWeb 4.33 05.03.2007 Trojan.Virtumod
eSafe 7.0.15.0 05.03.2007 no virus found
eTrust-Vet 30.7.3612 05.03.2007 no virus found
Ewido 4.0 05.03.2007 no virus found
FileAdvisor 1 05.04.2007 no virus found
Fortinet 2.85.0.0 05.03.2007 Adware/Virtumundo
F-Prot 4.3.2.48 05.03.2007 W32/Adware.JFE
F-Secure 6.70.13030.0 05.04.2007 no virus found
Ikarus T3.1.1.7 05.03.2007 not-a-virus:AdWare.Win32.Virtumonde.hb
Kaspersky 4.0.2.24 05.04.2007 not-a-virus:AdWare.Win32.Virtumonde.hb
McAfee 5023 05.03.2007 no virus found
Microsoft 1.2503 05.03.2007 no virus found
NOD32v2 2238 05.03.2007 Win32/Adware.Virtumonde
Norman 5.80.02 05.03.2007 W32/Virtumonde.GIT
Panda 9.0.0.4 05.04.2007 Spyware/Virtumonde
Prevx1 V2 05.04.2007 no virus found
Sophos 4.17.0 05.03.2007 no virus found
Sunbelt 2.2.907.0 05.03.2007 VIPRE.Suspicious
Symantec 10 05.04.2007 Trojan.Vundo
TheHacker 6.1.6.104 04.15.2007 Adware/Virtumonde.hb
VBA32 3.11.4 05.03.2007 AdWare.Win32.Virtumonde.hb
VirusBuster 4.3.7:9 05.03.2007 no virus found
Webwasher-Gateway 6.0.1 05.03.2007 Ad-Spyware.Virtumonde.HB.6
Aditional Information
File size: 132660 bytes
MD5: 7239ba01811a5f71ba9cf01aad3b57bc
SHA1: 238e06b691b3a5ebaea62acf7e4a1298d75fc99f
Sunbelt info: VIPRE.Suspicious is a generic detection for potential threats that are deemed suspicious through heuristics.
Complete scanning result of "brgstc32.dll", received in VirusTotal at 05.04.2007, 01:50:24 (CET).
Antivirus Version Update Result
AhnLab-V3 2007.5.4.0 05.03.2007 no virus found
AntiVir 7.4.0.15 05.03.2007 no virus found
Authentium 4.93.8 05.03.2007 no virus found
Avast 4.7.997.0 05.03.2007 no virus found
AVG 7.5.0.467 05.03.2007 no virus found
BitDefender 7.2 05.04.2007 no virus found
CAT-QuickHeal 9.00 05.03.2007 no virus found
ClamAV devel-20070416 05.03.2007 no virus found
DrWeb 4.33 05.03.2007 no virus found
eSafe 7.0.15.0 05.03.2007 no virus found
eTrust-Vet 30.7.3612 05.03.2007 no virus found
Ewido 4.0 05.03.2007 no virus found
FileAdvisor 1 05.04.2007 no virus found
Fortinet 2.85.0.0 05.03.2007 no virus found
F-Prot 4.3.2.48 05.03.2007 no virus found
F-Secure 6.70.13030.0 05.04.2007 no virus found
Ikarus T3.1.1.7 05.03.2007 no virus found
Kaspersky 4.0.2.24 05.04.2007 no virus found
McAfee 5023 05.03.2007 no virus found
Microsoft 1.2503 05.03.2007 no virus found
NOD32v2 2238 05.03.2007 no virus found
Norman 5.80.02 05.03.2007 no virus found
Panda 9.0.0.4 05.04.2007 no virus found
Prevx1 V2 05.04.2007 no virus found
Sophos 4.17.0 05.03.2007 no virus found
Sunbelt 2.2.907.0 05.03.2007 no virus found
Symantec 10 05.04.2007 no virus found
TheHacker 6.1.6.104 04.15.2007 no virus found
VBA32 3.11.4 05.03.2007 no virus found
VirusBuster 4.3.7:9 05.03.2007 no virus found
Webwasher-Gateway 6.0.1 05.03.2007 no virus found
Aditional Information
File size: 69632 bytes
MD5: 1797c161e3d1468b81d8f154e722e115
SHA1: 8221b099e698d443e5eb338f6f39e2061a6a86f8
File "PBBalloon2.dll" received on 05.04.2007 at 01:58:48 (CET) is being scanned by VirusTotal in this moment. Results will be shown as they're generated.
Antivirus Version Update Result
AhnLab-V3 2007.5.4.0 05.03.2007 no virus found
AntiVir 7.4.0.15 05.03.2007 no virus found
Authentium 4.93.8 05.03.2007 no virus found
Avast 4.7.997.0 05.03.2007 no virus found
AVG 7.5.0.467 05.03.2007 no virus found
BitDefender 7.2 05.04.2007 no virus found
CAT-QuickHeal 9.00 05.03.2007 no virus found
ClamAV devel-20070416 05.03.2007 no virus found
DrWeb 4.33 05.03.2007 no virus found
eSafe 7.0.15.0 05.03.2007 Suspicious Trojan/Worm
eTrust-Vet 30.7.3612 05.03.2007 no virus found
Ewido 4.0 05.03.2007 no virus found
FileAdvisor 1 05.04.2007 no virus found
Fortinet 2.85.0.0 05.03.2007 no virus found
F-Prot 4.3.2.48 05.03.2007 no virus found
F-Secure 6.70.13030.0 05.04.2007 no virus found
Ikarus T3.1.1.7 05.03.2007 no virus found
Kaspersky 4.0.2.24 05.04.2007 no virus found
McAfee 5023 05.03.2007 no virus found
Microsoft 1.2503 05.03.2007 no virus found
NOD32v2 2238 05.03.2007 no virus found
Norman 5.80.02 05.03.2007 no virus found
Panda 9.0.0.4 05.04.2007 no virus found
Prevx1 V2 05.04.2007 no virus found
Sophos 4.17.0 05.03.2007 no virus found
Sunbelt 2.2.907.0 05.03.2007 VIPRE.Suspicious
Symantec 10 05.04.2007 no virus found
TheHacker 6.1.6.104 04.15.2007 no virus found
Aditional Information
File size: 121856 bytes
MD5: 287c15637e500be3e5f9c5e74823fd6f
SHA1: f4ee712c6b84dadd5260482c24c08ead261fd6ca
packers: PECOMPACT
packers: PecBundle, PECompact
Sunbelt info: VIPRE.Suspicious is a generic detection for potential threats that are deemed suspicious through heuristics.
Complete scanning result of "brgdipio.dll", received in VirusTotal at 05.04.2007, 02:07:32 (CET).
Antivirus Version Update Result
AhnLab-V3 2007.5.4.0 05.03.2007 no virus found
AntiVir 7.4.0.15 05.03.2007 no virus found
Authentium 4.93.8 05.03.2007 no virus found
Avast 4.7.997.0 05.03.2007 no virus found
AVG 7.5.0.467 05.03.2007 no virus found
BitDefender 7.2 05.04.2007 no virus found
CAT-QuickHeal 9.00 05.03.2007 no virus found
ClamAV devel-20070416 05.03.2007 no virus found
DrWeb 4.33 05.03.2007 no virus found
eSafe 7.0.15.0 05.03.2007 no virus found
eTrust-Vet 30.7.3612 05.03.2007 no virus found
Ewido 4.0 05.03.2007 no virus found
FileAdvisor 1 05.04.2007 no virus found
Fortinet 2.85.0.0 05.03.2007 no virus found
F-Prot 4.3.2.48 05.03.2007 no virus found
F-Secure 6.70.13030.0 05.04.2007 no virus found
Ikarus T3.1.1.7 05.03.2007 no virus found
Kaspersky 4.0.2.24 05.04.2007 no virus found
McAfee 5023 05.03.2007 no virus found
Microsoft 1.2503 05.03.2007 no virus found
NOD32v2 2238 05.03.2007 no virus found
Norman 5.80.02 05.03.2007 no virus found
Panda 9.0.0.4 05.04.2007 no virus found
Prevx1 V2 05.04.2007 no virus found
Sophos 4.17.0 05.03.2007 no virus found
Sunbelt 2.2.907.0 05.03.2007 no virus found
Symantec 10 05.04.2007 no virus found
TheHacker 6.1.6.104 04.15.2007 no virus found
VBA32 3.11.4 05.03.2007 suspected of Backdoor.Hupigon.36 (paranoid heuristics)
VirusBuster 4.3.7:9 05.03.2007 no virus found
Webwasher-Gateway 6.0.1 05.03.2007 no virus found
Aditional Information
File size: 2757600 bytes
MD5: 49b999baa42687702e4aafe357bf35e4
SHA1: fcdaea5684f913cab25b221aa3be3bca51edee4a
Complete scanning result of "brgdlg32.dll", received in VirusTotal at 05.04.2007, 02:13:39 (CET).
Antivirus Version Update Result
AhnLab-V3 2007.5.4.0 05.03.2007 no virus found
AntiVir 7.4.0.15 05.03.2007 no virus found
Authentium 4.93.8 05.03.2007 no virus found
Avast 4.7.997.0 05.03.2007 no virus found
AVG 7.5.0.467 05.03.2007 no virus found
BitDefender 7.2 05.04.2007 no virus found
CAT-QuickHeal 9.00 05.03.2007 no virus found
ClamAV devel-20070416 05.03.2007 no virus found
DrWeb 4.33 05.03.2007 no virus found
eSafe 7.0.15.0 05.03.2007 no virus found
eTrust-Vet 30.7.3612 05.03.2007 no virus found
Ewido 4.0 05.03.2007 no virus found
FileAdvisor 1 05.04.2007 no virus found
Fortinet 2.85.0.0 05.03.2007 no virus found
F-Prot 4.3.2.48 05.03.2007 no virus found
F-Secure 6.70.13030.0 05.04.2007 no virus found
Ikarus T3.1.1.7 05.03.2007 no virus found
Kaspersky 4.0.2.24 05.04.2007 no virus found
McAfee 5023 05.03.2007 no virus found
Microsoft 1.2503 05.03.2007 no virus found
NOD32v2 2238 05.03.2007 no virus found
Norman 5.80.02 05.03.2007 no virus found
Panda 9.0.0.4 05.04.2007 no virus found
Prevx1 V2 05.04.2007 no virus found
Sophos 4.17.0 05.03.2007 no virus found
Sunbelt 2.2.907.0 05.03.2007 no virus found
Symantec 10 05.04.2007 no virus found
TheHacker 6.1.6.104 04.15.2007 no virus found
VBA32 3.11.4 05.03.2007 no virus found
VirusBuster 4.3.7:9 05.03.2007 no virus found
Webwasher-Gateway 6.0.1 05.03.2007 no virus found
Aditional Information
File size: 209888 bytes
MD5: b172e865a60c8d850091bf700651f813
SHA1: 44168311187f030cc42e774390ed9ee60bb85e0a
Ok a few hits...I need to take a closer look...
Then we'll upload a few files for further inspection.
Please download the Suspicious file Packer (http://www.safer-networking.org/files/sfp.zip) from Safer-Networking.Org and unzip it to your desktop.
Run SFP.exe.
Please copy the following lines into the Step 1: Paste Text window:
C:\WINDOWS\system32\ImgMan81.dll
C:\WINDOWS\system32\brgXerces25.dll
C:\WINDOWS\system32\PBBalloon2.dll
C:\WINDOWS\system32\lbdnvpif.dll
C:\WINDOWS\system32\brgdipio.dll
C:\WINDOWS\system32\brgmte.dll
C:\WINDOWS\system32\brgrt.dll
C:\WINDOWS\system32\brgdlg32.dll
C:\WINDOWS\system32\brgstc32.dll
then click "Continue".
This will create a .cab file on your desktop named requested-files[Date/Time].cab
Please go to this (http://www.thespykiller.co.uk/index.php?board=1.0) forum
There's no need to register. Just start a new topic, titled "Request by Mr_Jak3".
Add the link of this topic to the message.
Use the Attachment box to upload the cab file from your desktop.
NOTE: You will not see the files that have been uploaded (including the ones you upload yourself) as they only show to the authorised users who can download them
Run a new scan with GMER but don't use your computer during the scan.
When the scan has finished please copy/upload the results to me
:bigthumb:
I did the suspicious file packer thing.
What is GMER that you wnat me to run?:oops:
Hello and sorry for the long delay...
Oops I didn't ment to post the GMER part....:red:
You should print these instructions or save these to a text file. Follow these instructions carefully.
Please download AVG Anti-Spyware to your Desktop or to your usual Download Folder.
http://www.ewido.net/en/download/
Install AVG Anti-Spyware by double clicking the installer.
Follow the prompts. Make sure that Launch AVG Anti-Spyware is checked.
On the main screen under Your Computer's security.
Click on Change state next to Resident shield. It should now change to inactive.
Click on Change state next to Automatic updates. It should now change to inactive.
Next to Last Update, click on Update now. (You will need an active internet connection to perform this)
Wait until you see the Update succesfull message.
Right-click the AVG Anti-Spyware Tray Icon and uncheck Start with Windows.
Right-click the AVG Anti-Spyware Tray Icon and select Exit. Confirm by clicking Yes.
If you are having problems with the updater, you can use this link to manually update ewido.
AVG Anti-Spyware manual updates (http://www.ewido.net/en/download/updates/).
Download the Full database to your Desktop or to your usual Download Folder and install it by double clicking the file. Make sure that AVG Anti-Spyware is closed before installing the update.
Download ATF Cleaner (http://www.atribune.org/ccount/click.php?id=1) by Atribune to your desktop.
Do NOT run yet.
Make your hidden files visible:
Go to My Computer
Select the Tools menu and click Folder Options
Click the View tab.
Checkmark the "Display the contents of system folders"
Under the Hidden files and folders select "Show hidden files and folders"
Uncheck "Hide protected operating system files"
Click Apply and then the OK and close My Computer.
==================
Run HijackThis, click Do a system scan only, and check the box next to each of these entries if still present. Close all other windows and press Fix checked. If something isn't there, please continue with the next entry in the list.
O4 - HKLM\..\Run: [InfoData] rundll32.exe "C:\WINDOWS\system32\lbdnvpif.dll",realset
Restart your computer to the safe mode:
Restart your computer
Start tapping the F8 key when the computer restarts.
When the start menu opens, choose Safe mode
Press Enter. The computer then begins to start in Safe mode.
Go to the My Computer and delete the following files (if present):
C:\WINDOWS\system32\lbdnvpif.dll
Run ATF Cleaner Under Main choose: Select All
Click the Empty Selected button.
If you use Firefox browserClick Firefox at the top and choose: Select All
Click the Empty Selected button.
NOTE: If you would like to keep your saved passwords, please click No at the prompt.
If you use Opera browserClick Opera at the top and choose: Select All
Click the Empty Selected button.
NOTE: If you would like to keep your saved passwords, please click No at the prompt.
Click Exit on the Main menu to close the program.
Close ALL open Windows / Programs / Folders. Please start AVG Anti-Spyware and run a full scan.
Click on Scanner on the toolbar.
Click on the Settings tab.
Under How to act?
Click on Recommended Action and choose Quarantine from the popup menu.
Under How to scan?
All checkboxes should be ticked.
Under Possibly unwanted software:
All checkboxes should be ticked.
Under Reports:
Select Automatically generate report after every scan and uncheck Only if threats were found.
Under What to scan?
Select Scan every file.
Click on the Scan tab.
Click on Complete System Scan to start the scan process.
Let the program scan the machine.
When the scan has finished, follow the instructions below.
IMPORTANT : Don't click on the "Save Scan Report" button before you did hit the "Apply all Actions" button.
Make sure that Set all elements to: shows Quarantine (1), if not click on the link and choose Quarantine from the popup menu. (2)
At the bottom of the window click on the Apply all Actions button. (3)
http://img509.imageshack.us/img509/4851/scanavgjk2.jpg
When done, click the Save Scan Report button. (4)
Click the Save Report as button.
Save the report to your Desktop.
Right-click the AVG Anti-Spyware Tray Icon and select Exit. Confirm by clicking Yes.
Reboot in Normal Mode.
================
When you're ready, please post the following logs to here:
- AVG's report
- a fresh HijackThis log
This topic has been archived.
If you need it re-opened and will be posting the information requested, please send me a private message (pm) and provide a link to the thread. Applies only to the original poster, anyone else with similar problems please start a new topic.