Tom's Guide | Tom's Hardware | Tom's Games

Computing.Net > Forums > Security and Virus > Very Strange DLL?

Computer Problems? Computing.Net has over 1,000,000 posts about all things technology related! Over 90% answered within 24 hours! Click here to start participating now! Also, be sure to check out the New User Guide.

Very Strange DLL?

Reply to Message Icon

Name: harrismail
Date: February 3, 2004 at 13:38:11 Pacific
OS: XP Pro
CPU/Ram: P4 2.4
Comment:

Hi all,

Just one website I kept visiting kept redirecting me to Amazon, so I after running Spybot etc I ran "Hijack this" and found a very strange dll.

It's called syslibie.dll and I can't find any details about it.

Does anyone else think this looks a suspicious dll? or is anything else obviously dodgy!

Logfile of HijackThis v1.97.7
Scan saved at 19:57:22, on 03/02/2004
Platform: Windows XP SP1 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\Explorer.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\System32\dslagent.exe
C:\Program Files\NavNT\vptray.exe
C:\WINDOWS\System32\RunDll32.exe
C:\Program Files\Roxio\Easy CD Creator 6\DragToDisc\DrgToDsc.exe
C:\temp\FreeRAM XP Pro 1.11.exe
C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\fpdisp5a.exe
C:\WINDOWS\System32\wfxsnt40.exe
C:\program files\powerstrip\pstrip.exe
C:\Program Files\FarStone\VirtualDrive\vdtask.exe
C:\PROGRA~1\ZONELA~1\ZONEAL~1\zlclient.exe
C:\WINDOWS\System32\ctfmon.exe
C:\Program Files\cam2pc\cam2pc.exe
C:\Program Files\ClipCache\clipc.exe
C:\Program Files\Unisyn\AutoMate4\Automate.exe
C:\Program Files\Adobe\Acrobat 5.0\Distillr\AcroTray.exe
C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe
C:\Program Files\Wonderful\wonderfl.exe
C:\temp\The Button\PTFB.exe
C:\Program Files\Sony Handheld\HOTSYNC.exe
C:\Program Files\Gajits\DlgXRSizer\DlgXRSizer.exe
C:\PROGRA~1\WIDCOMM\BLUETO~1\BTSTAC~1.exe
C:\Program Files\WIDCOMM\Bluetooth Software\bin\btwdins.exe
C:\Program Files\NavNT\defwatch.exe
C:\Program Files\Common Files\EPSON\EBAPI\SAgent2.exe
C:\PROGRA~1\Symantec\NORTON~1\GHOSTS~2.exe
C:\Program Files\NavNT\rtvscan.exe
C:\WINDOWS\System32\nvsvc32.exe
C:\Program Files\Photodex\CompuPicPro\ScsiAccess.exe
C:\WINDOWS\system32\ZONELABS\vsmon.exe
C:\WINDOWS\System32\WFXSVC.exe
C:\WINDOWS\System32\MsPMSPSv.exe
C:\Program Files\Symantec\WinFax\WFXMOD32.exe
C:\WINDOWS\System32\MsgSys.exe
C:\totalcmd\TOTALCMD.exe
C:\Program Files\Internet Explorer\IEXPLORE.exe
c:\TEMP\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://news.bbc.co.uk/
O2 - BHO: (no name) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 5.0\Acrobat\ActiveX\AcroIEHelper.ocx
O2 - BHO: (no name) - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar_en_2.0.106-big.dll
O2 - BHO: (no name) - {F195A1A9-4033-4E5B-B85C-848C3E31A83A} - c:\syslibie.dll (unknown)
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar_en_2.0.106-big.dll
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.exe C:\WINDOWS\System32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [DSLAGENTEXE] dslagent.exe USB
O4 - HKLM\..\Run: [vptray] C:\Program Files\NavNT\vptray.exe
O4 - HKLM\..\Run: [Cmaudio] RunDll32 cmicnfg.cpl,CMICtrlWnd
O4 - HKLM\..\Run: [RoxioEngineUtility] "C:\Program Files\Common Files\Roxio Shared\System\EngUtil.exe"
O4 - HKLM\..\Run: [RoxioDragToDisc] "C:\Program Files\Roxio\Easy CD Creator 6\DragToDisc\DrgToDsc.exe"
O4 - HKLM\..\Run: [FreeRAM XP] "C:\temp\FreeRAM XP Pro 1.11.exe" -win
O4 - HKLM\..\Run: [FinePrint Dispatcher v5] C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\fpdisp5a.exe
O4 - HKLM\..\Run: [WinFaxAppPortStarter] wfxsnt40.exe
O4 - HKLM\..\Run: [PowerStrip] c:\program files\powerstrip\pstrip.exe
O4 - HKLM\..\Run: [VirtualDrive] C:\Program Files\FarStone\VirtualDrive\vdtask.exe /AutoRestore
O4 - HKLM\..\Run: [Zone Labs Client] C:\PROGRA~1\ZONELA~1\ZONEAL~1\zlclient.exe
O4 - HKLM\..\Run: [AtomTime] "C:\Program Files\AtomTime Pro\AtomTime.exe"
O4 - HKLM\..\Run: [CloneCDElbyCDFL] "C:\Program Files\Elaborate Bytes\CloneCD\ElbyCheck.exe" /L ElbyCDFL
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\ctfmon.exe
O4 - HKCU\..\Run: [TClockEx] C:\Program Files\TClockEx\TCLOCKEX.exe
O4 - HKCU\..\Run: [cam2pc] C:\Program Files\cam2pc\cam2pc.exe /tray
O4 - HKCU\..\Run: [ClipCache] C:\Program Files\ClipCache\clipc.exe /wait 5
O4 - HKLM\..\RunOnce: [washindex] C:\Program Files\Washer\washidx.exe "Steve"
O4 - HKCU\..\RunOnce: [washindex] C:\Program Files\Washer\washidx.exe "Steve"
O4 - Startup: The Wonderful Icon.lnk = C:\Program Files\Wonderful\wonderfl.exe
O4 - Startup: PTFB.lnk = C:\temp\The Button\PTFB.exe
O4 - Startup: HotSync Manager.lnk = C:\Program Files\Sony Handheld\HOTSYNC.exe
O4 - Startup: DlgXRSizer.lnk = C:\Program Files\Gajits\DlgXRSizer\DlgXRSizer.exe
O4 - Global Startup: AutoMate Task Service.lnk = C:\Program Files\Unisyn\AutoMate4\Automate.exe
O4 - Global Startup: Acrobat Assistant.lnk = C:\Program Files\Adobe\Acrobat 5.0\Distillr\AcroTray.exe
O4 - Global Startup: EPSON Status Monitor 3 Environment Check 2.lnk = C:\WINDOWS\system32\spool\drivers\w32x86\3\E_SRCV02.exe
O4 - Global Startup: BTTray.lnk = ?
O8 - Extra context menu item: &Google Search - res://c:\program files\google\GoogleToolbar_en_2.0.106-big.dll/cmsearch.html
O8 - Extra context menu item: Backward &Links - res://c:\program files\google\GoogleToolbar_en_2.0.106-big.dll/cmbacklinks.html
O8 - Extra context menu item: Cac&hed Snapshot of Page - res://c:\program files\google\GoogleToolbar_en_2.0.106-big.dll/cmcache.html
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
O8 - Extra context menu item: Send To &Bluetooth - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm
O8 - Extra context menu item: Si&milar Pages - res://c:\program files\google\GoogleToolbar_en_2.0.106-big.dll/cmsimilar.html
O8 - Extra context menu item: Translate into English - res://c:\program files\google\GoogleToolbar_en_2.0.106-big.dll/cmtrans.html
O9 - Extra button: Related (HKLM)
O9 - Extra 'Tools' menuitem: Show &Related Links (HKLM)
O9 - Extra button: @btrez.dll,-4015 (HKLM)
O9 - Extra 'Tools' menuitem: @btrez.dll,-4017 (HKLM)
O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll
O16 - DPF: ChatSpace Full Java Client 3.1.0.235N - http://205.177.13.60/Java/cfsn31235.cab
O16 - DPF: ConferenceRoom Java Client - http://216.152.64.213:8000/java/cr.cab
O16 - DPF: {00B71CFB-6864-4346-A978-C0A14556272C} (Checkers Class) - http://messenger.zone.msn.com/binary/msgrchkr.cab
O16 - DPF: {02BCC737-B171-4746-94C9-0D8A0B2C0089} (Microsoft Office Template and Media Control) - http://office.microsoft.com/templates/ieawsdc.cab
O16 - DPF: {166B1BCA-3F9C-11CF-8075-444553540000} (Shockwave ActiveX Control) - http://download.macromedia.com/pub/shockwave/cabs/director/sw.cab
O16 - DPF: {31B7EB4E-8B4B-11D1-A789-00A0CC6651A8} (Cult3D ActiveX Player) - http://www.cult3d.com/download/cult.cab
O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsClient.cab
O16 - DPF: {9F1C11AA-197B-4942-BA54-47A8489BB47F} (Update Class) - http://v4.windowsupdate.microsoft.com/CAB/x86/unicode/iuctl.CAB?37875.4191666667
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://download.macromedia.com/pub/shockwave/cabs/flash/swflash.cab


Any help would be greatfully appreciated.

Steve Harris
London
England
harrismail@yahoo.com



Sponsored Link
Ads by Google

Response Number 1
Name: michael2
Date: February 3, 2004 at 16:48:26 Pacific
Reply:

Unless anyone says differently....
I would right click the .dll, copy it into a spare folder on the desktop, then open it with NOTEPAD. This may show the contents of the file and give a clue as to what it is.

If you are unsure about this, you can re-name the copy from syslibie.dll to syslibie.txt
If you try this with (small) pictures and other files you can learn about it's creator etc.

I would be interested to hear what this is....


0

Response Number 2
Name: harrismail
Date: February 6, 2004 at 02:30:54 Pacific
Reply:

Hi Michael,

If you'd like I can send you the dll to have a look at.

There's a lot of info in there as it's a 500k file!

Regards

Steve Harris
harrismail@yahoo.com


0

Response Number 3
Name: feilsch_hering
Date: March 9, 2004 at 10:21:28 Pacific
Reply:

I found the syslibie.dll on my computer too, but i dont know if its a trojan or something like that. my virus-scanner and adaware doesnt seem to find it dangerous (what doesnt proove much).


0

Sponsored Link
Ads by Google
Reply to Message Icon

Related Posts

See More



Post Locked

This post is quite old and has been locked from receiving new replies. Please create a new posting instead.


Go to Security and Virus Forum Home


Sponsored links
Ads by Google


Results for: Very Strange DLL?
Very strange problem www.computing.net/answers/security/very-strange-problem/19923.html

Computer acting very strange www.computing.net/answers/security/computer-acting-very-strange/21853.html

Strange activity! www.computing.net/answers/security/strange-activity/11934.html