Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Browser Modifier Win32


  • Please log in to reply
1 reply to this topic

#1 sdunn061987

sdunn061987

  • Members
  • 1 posts
  • OFFLINE
  •  
  • Local time:05:00 AM

Posted 09 February 2008 - 04:32 PM

:thumbsup: I started having issues with my computer recently after trying to install software that I had downloaded off of limewire. Every since then my Windowers Defender is constantly detecting "Browser Modifier Win32" But I don't think this program is the only thing causing the problem. I am also prompted every time I turn on my computer that windows has blocked some programs from automatically starting when windows start. Also, whenever I try to go to control panel, my computer, or even my recycle bin, I loose my windows; sometimes it comes back after a few minutes but sometime it does not. I also loose my windows when I am using the internet and a pop-under tries to come up. I used spydoctor and that removed much of the spyware that was starting every time I started my windows. It also removed whatever was causing the pop-unders. However, I still loose my windows and cannot access my control panel and my computer. I ran Combofix and here is the log I was given:


ComboFix 08-02.05.3 - Auntie Pooh 2008-02-09 15:36:04.1 - NTFSx86
Microsoft® Windows Vista™ Home Basic 6.0.6000.0.1252.1.1033.18.282 [GMT -5:00]
Running from: C:\Users\Auntie Pooh\Desktop\ComboFix.exe
* Created a new restore point
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

C:\temp\tn3
C:\Windows\system32\opnmkkl.dll

.
((((((((((((((((((((((((( Files Created from 2008-01-09 to 2008-02-09 )))))))))))))))))))))))))))))))
.

2008-02-07 23:32 . 2008-02-07 23:34 <DIR> d-------- C:\Program Files\Common Files\Corel
2008-02-05 16:31 . 2008-02-05 16:31 <DIR> d-------- C:\Users\Auntie Pooh\AppData\Roaming\PC Tools
2008-02-05 16:31 . 2008-02-06 18:12 <DIR> d-------- C:\Program Files\Spyware Doctor
2008-02-05 16:31 . 2007-12-10 14:53 81,288 --a------ C:\Windows\System32\drivers\iksyssec.sys
2008-02-05 16:31 . 2007-12-10 14:53 66,952 --a------ C:\Windows\System32\drivers\iksysflt.sys
2008-02-05 16:31 . 2007-12-10 14:53 41,864 --a------ C:\Windows\System32\drivers\ikfilesec.sys
2008-02-05 16:31 . 2007-12-10 14:53 29,576 --a------ C:\Windows\System32\drivers\kcom.sys
2008-02-03 01:14 . 2008-02-03 01:14 <DIR> d-------- C:\Windows\PCHEALTH
2008-01-30 00:46 . 2008-01-30 00:46 74 --a------ C:\Users\Auntie Pooh\n.bat
2008-01-27 23:51 . 2008-01-27 23:51 35 --a------ C:\Windows\vbaddin.ini
2008-01-27 23:45 . 2008-01-27 23:45 <DIR> d-------- C:\Windows\ShellNew
2008-01-27 23:45 . 2008-01-27 23:45 <DIR> d-------- C:\Program Files\Microsoft FrontPage
2008-01-27 23:42 . 2008-01-27 23:42 <DIR> d-------- C:\Users\Auntie Pooh\AppData\Roaming\Microsoft Web Folders
2008-01-25 11:26 . 2008-01-25 11:27 <DIR> d-------- C:\Program Files\BlueVoda Website Builder
2008-01-25 00:22 . 2008-01-25 01:19 <DIR> d-------- C:\Users\All Users\Microsoft Help
2008-01-25 00:22 . 2008-01-25 01:19 <DIR> d-------- C:\ProgramData\Microsoft Help
2008-01-24 18:48 . 2008-02-05 18:37 <DIR> d-------- C:\Windows\System32\wnzs6
2008-01-24 18:48 . 2008-02-05 18:37 <DIR> d-------- C:\Windows\System32\ni4
2008-01-24 18:48 . 2008-02-05 18:38 <DIR> d-------- C:\Windows\System32\nGpxx07
2008-01-24 18:48 . 2008-01-24 18:48 <DIR> d-------- C:\Windows\System32\etz1
2008-01-24 18:48 . 2008-01-24 18:48 <DIR> d-------- C:\Windows\System32\db3
2008-01-24 18:48 . 2008-01-24 22:30 <DIR> d-------- C:\Windows\System32\comg7
2008-01-24 18:48 . 2008-02-05 18:37 <DIR> d--hs---- C:\Windows\QXVudGllIFBvb2g
2008-01-24 18:48 . 2008-02-09 15:37 <DIR> d-------- C:\Temp
2008-01-24 18:47 . 2008-01-24 18:47 147,456 --a------ C:\Windows\System32\vbzip10.dll
2008-01-21 17:56 . 2008-01-21 17:56 <DIR> dr------- C:\Windows\System32\config\systemprofile\Music
2008-01-15 01:06 . 2008-02-03 23:06 172,032 --a------ C:\Users\Auntie Pooh\services.exe
2008-01-15 00:57 . 2008-01-15 00:58 <DIR> d-------- C:\Program Files\UltimateZip 2007
2008-01-14 14:40 . 2008-01-15 00:30 <DIR> d-------- C:\Users\Auntie Pooh\AppData\Roaming\com.zipeg
2008-01-13 00:11 . 2008-02-03 01:30 <DIR> d-------- C:\Program Files\Zune
2008-01-11 17:54 . 2008-01-11 17:54 245,664 --a------ C:\Windows\System32\ZuneWlanCfgSvc.exe
2008-01-11 17:39 . 2008-01-11 17:39 145,408 --a------ C:\Windows\System32\ZuneMTPZ.dll
2008-01-11 17:39 . 2008-01-11 17:39 70,656 --a------ C:\Windows\System32\ZuneIpTransport.dll
2008-01-11 17:39 . 2008-01-11 17:39 62,464 --a------ C:\Windows\System32\ZuneUsbTransport.dll
2008-01-11 17:39 . 2008-01-11 17:39 35,840 --a------ C:\Windows\System32\ZuneUsbCOnnection.dll
2008-01-09 13:29 . 2008-01-09 13:29 802,816 --a------ C:\Windows\System32\drivers\tcpip.sys
2008-01-09 13:29 . 2008-01-09 13:29 216,760 --a------ C:\Windows\System32\drivers\netio.sys
2008-01-09 13:29 . 2008-01-09 13:29 167,424 --a------ C:\Windows\System32\tcpipcfg.dll
2008-01-09 13:29 . 2008-01-09 13:29 24,064 --a------ C:\Windows\System32\netcfg.exe
2008-01-09 13:29 . 2008-01-09 13:29 22,016 --a------ C:\Windows\System32\netiougc.exe
2008-01-09 13:29 . 2008-01-09 13:29 129 --a------ C:\Windows\System32\MRT.INI
2008-01-09 13:27 . 2008-01-09 13:27 4,247,552 --a------ C:\Windows\System32\GameUXLegacyGDFs.dll
2008-01-09 13:27 . 2008-01-09 13:27 1,686,016 --a------ C:\Windows\System32\gameux.dll
2008-01-09 13:26 . 2008-01-09 13:26 1,060,920 --a------ C:\Windows\System32\drivers\ntfs.sys
2008-01-09 13:26 . 2008-01-09 13:26 211,000 --a------ C:\Windows\System32\drivers\volsnap.sys
2008-01-09 13:26 . 2008-01-09 13:26 154,624 --a------ C:\Windows\System32\drivers\nwifi.sys
2008-01-09 13:26 . 2008-01-09 13:26 110,136 --a------ C:\Windows\System32\drivers\ataport.sys
2008-01-09 13:26 . 2008-01-09 13:26 45,112 --a------ C:\Windows\System32\drivers\pciidex.sys
2008-01-09 13:26 . 2008-01-09 13:26 21,560 --a------ C:\Windows\System32\drivers\atapi.sys
2008-01-09 13:26 . 2008-01-09 13:26 15,928 --a------ C:\Windows\System32\drivers\pciide.sys
2008-01-09 13:26 . 2008-01-09 13:26 11,776 --a------ C:\Windows\System32\sbunattend.exe

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-02-09 20:21 --------- d---a-w C:\ProgramData\TEMP
2008-02-08 04:43 --------- d-----w C:\Users\Auntie Pooh\AppData\Roaming\Corel
2008-02-08 04:15 --------- d-----w C:\Users\Auntie Pooh\AppData\Roaming\LimeWire
2008-02-07 06:06 --------- d-----w C:\ProgramData\Dell
2008-02-07 05:09 --------- d-----w C:\Program Files\LimeWire
2008-02-05 19:16 637,928 ----a-w C:\Users\Auntie Pooh\a.zip
2008-02-05 19:16 147,456 ----a-w C:\Users\Auntie Pooh\vbzip10.dll
2008-01-25 06:18 --------- d-----w C:\Program Files\MSBuild
2008-01-25 05:36 --------- d-----w C:\Program Files\Microsoft Works
2008-01-24 23:48 --------- d-----w C:\Program Files\Windows Mail
2008-01-15 05:38 --------- d-----w C:\ProgramData\YAHOO
2008-01-15 05:34 --------- d-----w C:\Program Files\Common Files\SureThing Shared
2008-01-15 05:13 --------- d-----w C:\Program Files\Common Files\Adobe
2008-01-14 22:24 --------- d-----w C:\ProgramData\Roxio
2008-01-14 22:07 --------- d--h--w C:\Program Files\InstallShield Installation Information
2008-01-09 18:27 537,600 ----a-w C:\Windows\AppPatch\AcLayers.dll
2008-01-09 18:27 449,024 ----a-w C:\Windows\AppPatch\AcSpecfc.dll
2008-01-09 18:27 2,143,744 ----a-w C:\Windows\AppPatch\AcGenral.dll
2008-01-09 18:27 173,056 ----a-w C:\Windows\AppPatch\AcXtrnal.dll
2008-01-09 18:26 --------- d-----w C:\Program Files\Windows Sidebar
2008-01-07 04:39 --------- d-----w C:\Program Files\Common Files\Symantec Shared
2008-01-07 04:36 --------- d-----w C:\ProgramData\Symantec
2008-01-06 06:27 --------- d-----w C:\ProgramData\Corel
2008-01-03 22:18 --------- d-----w C:\Program Files\Corel
2008-01-03 22:05 --------- d-----w C:\Users\Auntie Pooh\AppData\Roaming\InstallShield
2007-12-29 07:55 --------- d-----w C:\ProgramData\WinZip
2007-12-28 04:39 --------- d-----w C:\Users\Auntie Pooh\AppData\Roaming\CyberLink
2007-12-28 04:39 --------- d-----w C:\ProgramData\CyberLink
2007-12-13 08:09 9,728 ----a-w C:\Windows\System32\LAPRXY.DLL
2007-12-13 08:09 223,232 ----a-w C:\Windows\System32\WMASF.DLL
2007-12-13 08:09 1,327,104 ----a-w C:\Windows\System32\quartz.dll
2007-12-13 08:07 824,832 ----a-w C:\Windows\System32\wininet.dll
2007-12-13 08:07 56,320 ----a-w C:\Windows\System32\iesetup.dll
2007-12-13 08:07 52,736 ----a-w C:\Windows\AppPatch\iebrshim.dll
2007-12-13 08:07 26,624 ----a-w C:\Windows\System32\ieUnatt.exe
2007-12-13 08:06 84,992 ----a-w C:\Windows\system32\drivers\srvnet.sys
2007-12-13 08:06 58,368 ----a-w C:\Windows\system32\drivers\mrxsmb20.sys
2007-12-13 08:06 130,048 ----a-w C:\Windows\system32\drivers\srv2.sys
2007-12-13 08:06 101,888 ----a-w C:\Windows\system32\drivers\mrxsmb.sys
2007-12-13 08:03 3,504,824 ----a-w C:\Windows\System32\ntkrnlpa.exe
2007-12-13 08:03 3,470,520 ----a-w C:\Windows\System32\ntoskrnl.exe
2007-11-14 14:04 704,000 ----a-w C:\Windows\System32\PhotoScreensaver.scr
2007-11-14 14:04 67,584 ----a-w C:\Windows\System32\wlanhlp.dll
2007-11-14 14:04 542,720 ----a-w C:\Windows\System32\sysmain.dll
2007-11-14 14:04 502,784 ----a-w C:\Windows\System32\wlansvc.dll
2007-11-14 14:04 47,104 ----a-w C:\Windows\System32\wlanapi.dll
2007-11-14 14:04 297,984 ----a-w C:\Windows\System32\wlansec.dll
2007-11-14 14:04 290,816 ----a-w C:\Windows\System32\wlanmsm.dll
2007-11-14 14:04 24,064 ----a-w C:\Windows\System32\wtsapi32.dll
2007-11-14 14:04 2,923,520 ----a-w C:\Windows\explorer.exe
2007-11-14 14:04 2,027,008 ----a-w C:\Windows\System32\win32k.sys
2007-11-14 14:01 8,704 ----a-w C:\Windows\System32\hcrstco.dll
2007-11-14 14:01 8,704 ----a-w C:\Windows\System32\hccoin.dll
2007-08-31 00:24 174 --sha-w C:\Program Files\desktop.ini
2007-07-28 09:06 135 ----a-w C:\Program Files\Common Files\vikoz.html
.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"DellSupport"="C:\Program Files\DellSupport\DSAgnt.exe" [2007-03-15 12:09 460784]
"cmds"="C:\Users\AUNTIE~1\AppData\Local\Temp\geebx.dll" [2008-01-24 18:52 321024]
"MSServer"="C:\Users\AUNTIE~1\AppData\Local\Temp\awvvv.dll" [2008-01-24 18:47 38400]
"WMPNSCFG"="C:\Program Files\Windows Media Player\WMPNSCFG.exe" [2006-11-02 07:34 201728]
"MS Juan"="C:\Users\AUNTIE~1\AppData\Local\Temp\vamilyyr.dll" [2008-02-08 00:33 95808]
"0c009f77"="C:\Users\AUNTIE~1\AppData\Local\Temp\bwymgbko.dll" [2008-02-08 00:33 87616]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Windows Defender"="C:\Program Files\Windows Defender\MSASCui.exe" [2007-07-17 17:54 1006264]
"SynTPEnh"="C:\Program Files\Synaptics\SynTP\SynTPEnh.exe" [2006-11-20 12:51 815104]
"ATICCC"="C:\Program Files\ATI Technologies\ATI.ACE\CLIStart.exe" [2006-07-11 17:12 90112]
"SigmatelSysTrayApp"="sttray.exe" [2007-02-08 00:11 303104 C:\Windows\sttray.exe]
"Broadcom Wireless Manager UI"="C:\Windows\system32\WLTRAY.exe" [2006-11-21 19:52 1540096]
"ISUSScheduler"="C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" [2006-10-03 11:37 81920]
"@"="" []
"PDVDDXSrv"="C:\Program Files\CyberLink\PowerDVD DX\PDVDDXSrv.exe" [2006-10-20 17:23 118784]
"ECenter"="c:\dell\E-Center\EULALauncher.exe" [2007-03-16 05:20 17920]
"ISUSPM Startup"="C:\PROGRA~1\COMMON~1\INSTAL~1\UPDATE~1\ISUSPM.exe" [2006-10-03 11:35 221184]
"QuickTime Task"="C:\Program Files\QuickTime\QTTask.exe" [2007-06-29 05:24 286720]
"lxdcmon.exe"="C:\Program Files\Lexmark 1300 Series\lxdcmon.exe" [ ]
"lxdcamon"="C:\Program Files\Lexmark 1300 Series\lxdcamon.exe" [2007-02-05 18:32 20480]
"LXDCCATS"="C:\Windows\system32\spool\DRIVERS\W32X86\3\LXDCtime.dll" [2007-01-22 17:05 102400]
"Symantec PIF AlertEng"="C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe" [2007-11-28 19:51 583048]
"MSServer"="C:\Windows\system32\opnmkkl.dll" [ ]
"Zune Launcher"="c:\Program Files\Zune\ZuneLauncher.exe" [2008-01-11 17:54 166304]
"ISTray"="C:\Program Files\Spyware Doctor\pctsTray.exe" [2007-12-10 14:53 1103752]
"Corel Photo Downloader"="C:\Program Files\Common Files\Corel\Corel PhotoDownloader\Corel Photo Downloader.exe" [2007-08-16 12:00 531272]

C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\
Adobe Reader Speed Launch.lnk - C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe [2005-09-23 21:05:26 29696]
Digital Line Detect.lnk - C:\Program Files\Digital Line Detect\DLG.exe [2007-08-16 00:00:11 50688]
Microsoft Office.lnk - C:\Program Files\Microsoft Office\Office\OSA9.EXE [1999-02-17 14:05:56 65588]
QuickSet.lnk - C:\Windows\Installer\{7F0C4457-8E64-491B-8D7B-991504365D1E}\NewShortcut2_53A01CC614B04512A2E710D39BF83DC4.exe [2007-08-15 23:56:30 45056]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]
"LoadAppInit_DLLs"=1 (0x1)

R2 lxbc_device;lxbc_device;C:\Windows\system32\lxbccoms.exe [2007-03-16 00:24]
R2 lxdc_device;lxdc_device;C:\Windows\system32\lxdccoms.exe [2007-02-12 18:56]
R2 XAudio;XAudio;C:\Windows\system32\DRIVERS\xaudio.sys [2006-11-11 18:10]
R3 R300;R300;C:\Windows\system32\DRIVERS\atikmdag.sys [2006-11-25 00:46]
S3 GameConsoleService;GameConsoleService;"C:\Program Files\WildGames\Game Console []
S3 ZuneWlanCfgSvc;Zune Wireless Configuration Service;c:\Windows\system32\ZuneWlanCfgSvc.exe [2008-01-11 17:54]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
LocalServiceNoNetwork REG_MULTI_SZ PLA DPS BFE mpssvc

.
**************************************************************************

catchme 0.3.1344 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-02-09 15:55:51
Windows 6.0.6000 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

HKLM\Software\Microsoft\Windows\CurrentVersion\Run
LXDCCATS = rundll32 C:\Windows\system32\spool\DRIVERS\W32X86\3\LXDCtime.dll,_RunDLLEntry@16???????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
Completion time: 2008-02-09 16:00:44
ComboFix-quarantined-files.txt 2008-02-09 21:00:41
.
2008-02-08 01:56:29 --- E O F ---




I'm not sure if I fixed everything or not. If there is still anything I need to remove or anything else you believe would be of help, please let me know.

BC AdBot (Login to Remove)

 


m

#2 boopme

boopme

    To Insanity and Beyond


  • Global Moderator
  • 72,146 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:NJ USA
  • Local time:05:00 AM

Posted 10 February 2008 - 12:53 AM

Hello and welcome to Bleeping Computer
Please download VundoFix.exe to your desktop
  • Double-click VundoFix.exe to run it.
  • Click the Scan for Vundo button.
  • Once it's done scanning, click the Remove Vundo button.
  • You will receive a prompt asking if you want to remove the files, click YES
  • Once you click yes, your desktop will go blank as it starts removing Vundo.
  • When completed, it will prompt that it will reboot your computer, click OK.
  • Please post the contents of C:\vundofix.txt and a new HiJackThis log in a reply to this thread.
Note: It is possible that VundoFix encountered a file it could not remove. In this case, VundoFix will run on reboot, simply follow the above instructions starting from "Click the Scan for Vundo button" when VundoFix appears upon rebooting.
How do I get help? Who is helping me?For the time will come when men will not put up with sound doctrine. Instead, to suit their own desires, they will gather around them a great number of teachers to say what their itching ears want to hear....Become a BleepingComputer fan: Facebook




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users