Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Unknown File In Winsock Lsp: C:\windows\system32\idmmbc.dll


  • This topic is locked This topic is locked
2 replies to this topic

#1 MysticoDk

MysticoDk

  • Members
  • 2 posts
  • OFFLINE
  •  
  • Local time:08:40 PM

Posted 30 August 2006 - 06:11 PM

Looks Suspicious.. :thumbsup:

Logfile of HijackThis v1.99.1
Scan saved at 00:48:08, on 31-08-2006
Platform: Windows XP (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 (6.00.2600.0000)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Programmer\ISS\BlackICE\blackd.exe
C:\WINDOWS\TXlzdGljb0Rr\command.exe
C:\Programmer\LogMeIn\RaMaint.exe
C:\Programmer\LogMeIn\LogMeIn.exe
C:\WINDOWS\System32\nvsvc32.exe
C:\Programmer\CyberLink\Shared files\RichVideo.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\wdfmgr.exe
C:\Programmer\Java\jre1.5.0_06\bin\jusched.exe
C:\WINDOWS\SOUNDMAN.EXE
C:\WINDOWS\System32\ctfmon.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\wuauclt.exe
C:\Programmer\Winamp\winamp.exe
C:\Programmer\Internet Download Manager\IDMan.exe
C:\WINDOWS\explorer.exe
C:\PROGRA~1\MOZILL~1\FIREFOX.EXE
C:\Documents and Settings\Daniel.MYSTICODK\Skrivebord\Lort\HijackThis.exe

O2 - BHO: IDM Helper - {0055C089-8582-441B-A0BF-17B458C2A3A8} - C:\Programmer\Internet Download Manager\IDMIECC.dll
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\System32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\System32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [DAEMON Tools] "C:\Programmer\DAEMON Tools\daemon.exe" -lang 1033
O4 - HKLM\..\Run: [NVMixerTray] "C:\Programmer\NVIDIA Corporation\NvMixer\NVMixerTray.exe"
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Programmer\Java\jre1.5.0_06\bin\jusched.exe
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [] C:\Programmer\BT Helper\BT_Helper.exe -nosplash
O4 - HKLM\..\Run: [RemoteControl] C:\Programmer\CyberLink\PowerDVD\PDVDServ.exe
O4 - HKLM\..\Run: [LanguageShortcut] C:\Programmer\CyberLink\PowerDVD\Language\Language.exe
O4 - HKLM\..\Run: [LogMeIn GUI] "C:\Programmer\LogMeIn\LogMeInSystray.exe"
O4 - HKLM\..\Run: [nvnsc32] C:\WINDOWS\System32\nvnsc32.exe
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\ctfmon.exe
O4 - HKCU\..\Run: [MsnMsgr] "C:\Programmer\MSN Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [Steam] "c:\programmer\steam\steam.exe" -silent
O4 - HKCU\..\Run: [IDMan] C:\Programmer\Internet Download Manager\IDMan.exe /onboot
O4 - HKCU\..\Run: [ArtoNotifier] C:\Programmer\Arto\Notifier\ArtoNotifier.exe
O4 - HKCU\..\Run: [nvnsc32] C:\WINDOWS\System32\nvnsc32.exe
O8 - Extra context menu item: Display Toolbar and Menubar - C:\Programmer\IEDOMInspector\cmd_display.html
O8 - Extra context menu item: Download All Links with IDM - C:\Programmer\Internet Download Manager\IEGetAll.htm
O8 - Extra context menu item: Download with IDM - C:\Programmer\Internet Download Manager\IEExt.htm
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programmer\Java\jre1.5.0_06\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} -

C:\Programmer\Java\jre1.5.0_06\bin\ssv.dll
O9 - Extra button: Related - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\WINDOWS\web\related.htm
O9 - Extra 'Tools' menuitem: Show &Related Links - {c95fe080-8f5d-11d2-a20b-00aa003c157a} -

C:\WINDOWS\web\related.htm
O9 - Extra button: IE DOM Inspector - {F49F0575-88CE-4C6B-8C93-BCF153653A37} -

C:\Programmer\IEDOMInspector\IEDOMInspector.dll
O9 - Extra 'Tools' menuitem: IE DOM Inspector - {F49F0575-88CE-4C6B-8C93-BCF153653A37} -

C:\Programmer\IEDOMInspector\IEDOMInspector.dll

--------------------------------------------------------------------------------

O10 - Unknown file in Winsock LSP: c:\windows\system32\idmmbc.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\idmmbc.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\idmmbc.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\idmmbc.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\idmmbc.dll

--------------------------------------------------------------------------------

O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O23 - Service: Adobe LM Service - Adobe Systems - C:\Programmer\Fælles filer\Adobe Systems

Shared\Service\Adobelmsvc.exe
O23 - Service: BlackICE - Internet Security Systems, Inc. - C:\Programmer\ISS\BlackICE\blackd.exe
O23 - Service: Command Service (cmdService) - Unknown owner - C:\WINDOWS\TXlzdGljb0Rr\command.exe
O23 - Service: LogMeIn Maintenance Service (LMIMaint) - LogMeIn, Inc. - C:\Programmer\LogMeIn\RaMaint.exe
O23 - Service: LogMeIn - LogMeIn, Inc. - C:\Programmer\LogMeIn\LogMeIn.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe
O23 - Service: RapApp - Internet Security Systems, Inc. - C:\Programmer\ISS\BlackICE\rapapp.exe
O23 - Service: Cyberlink RichVideo Service(CRVS) (RichVideo) - Unknown owner - C:\Programmer\CyberLink\Shared

files\RichVideo.exe
O23 - Service: Win2k3NodeDisabler - Unknown owner - C:\Documents and

Settings\Daniel.MYSTICODK\Dokumenter\Downloads\Compressed\starforce\Win2k3NodeDisabler.exe (file missing)

Edited by MysticoDk, 30 August 2006 - 06:12 PM.


BC AdBot (Login to Remove)

 


#2 ken545

ken545

    Malware Response Team


  • Malware Response Team
  • 1,685 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:The Space Coast of Florida
  • Local time:02:40 PM

Posted 06 September 2006 - 06:27 PM

MysticoDk :thumbsup:

Welcome to Bleeping Computer.

O10 - Unknown file in Winsock LSP: c:\windows\system32\idmmbc.dll <-- This is legit, leave it alone, its related to Internet Download Manager.

Your HJT log is hard to read, run it this way and post a new log please.


Open HJT Scan and Save a Log File, it will open in Notepad, go to Format and make sure WordWrap is checked, then to Edit> Select All.....Edit > Copy and Paste the new log into this thread.

mvp_host.pngConsumer Security 2007-2008-2009-2010-2011-2012-2013-2014



donate.gif Please consider a donation to help me keep up my fight against malware.

 

Just a reminder that threads will be closed if no response in 3 days


#3 ken545

ken545

    Malware Response Team


  • Malware Response Team
  • 1,685 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:The Space Coast of Florida
  • Local time:02:40 PM

Posted 05 October 2006 - 07:37 PM

This topic is closed due to lack of response, if you need it reopened, PM a moderator.

mvp_host.pngConsumer Security 2007-2008-2009-2010-2011-2012-2013-2014



donate.gif Please consider a donation to help me keep up my fight against malware.

 

Just a reminder that threads will be closed if no response in 3 days





0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users