Restart your PC, and after it starts, but before you see the Windows Splash screen Begin tapping the F8 key twice a second untill you reach another menu screen (black background with white menu choices) Use your arrow keys and select Safe Mode and then Enter
2. Go to Add/Remove Programs (Click Start->>Control Panel->>Add/Remove Programs)
And Uninstall
888Bar Outerinfo Outerinfo Security Toolbar
Close Add/Remove Programs->>Reboot your PC into Normal Windows
Here's my fresh hijack this log. I am already noticing a difference in far fewer popups and faster connection on my ancient dial-up! :-)
Logfile of HijackThis v1.99.1
Scan saved at 8:56:06 PM, on 1/29/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Glad to hear it, we still have some things to do here.
1. Copy and paste the following into NotePad (Not Wordpad)
sc stop Network Monitor sc delete Network Monitor
Click
File ->>
Save as ->>type in
cmd.bat
Under "Save as type" Select " all files" ->>Save it to your Desktop Close Notepad The cmd.bat file should now appear on your Desktop Double Click that file (It will appear that nothing has happened, but that's o.k.)
2. Open TaskManager (Rt Click a blank space on your lower toolbar->>Taskmanager)
Under the processes tab, Locate
Update.exe csrss.exe
Hilight one at a time and Select
End Process and Close Taskmanager
3. Rerun Hijackthis (scan only) and place checks beside the follwoing entries
Close all other open windows except Hijackthis and Select "
Fix checked" and close Hijackthis
4. Using Windows Explorer
(Right click on "Start," select "Explore," and you will see the "tree' of file folders in the left side of the window. Click on the "+" next to any folder name to expand its contents)
Ok, I followed all of your directions that you last posted except for one thing. I could not find the file c:\Windows\csrss.exe. Anything I did find with "csrss" in it, it wouldn't let me delete it so I am assuming it was a legit file? As for the one that is not legit, I didn't see it. Any suggestions? I tried to look at everything in the Windows folder but had no luck. As for the rest, here's my latest HJT log.
Logfile of HijackThis v1.99.1
Scan saved at 8:38:47 PM, on 1/30/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot into Safe Mode (without networking) by rebooting and when you see the maker's logo start tapping the F8 key until it gives you the Safe Mode menu. Choose the top option and login as your usual login.
Run HJT (scan only) and check the following then Fix Checked.
O4 - HKCU\..\Run: [Shell explorer driver] C:\WINDOWS\csrss.exe
Close HJT. Run Killbox.
In the box under "Full path of File to Delete," type the following:
C:\WINDOWS\csrss.exe
Then press the red button to delete the file.
Does it say it was able to delete the file?
Reboot and make a new HJT log and post it as a reply.
I am sorry to hear about the death in Jim's family. Thank you so much for taking over this stuff for him. You have no idea how much I appreciate your help as well as what he's done for me so far. As for that file I tried to "kill" off, it didn't indicate that it was done. I clicked the red button to delete it and a box popped up. It asked me to answer yes or no to this question: delete and make a backup file? I answered no and nothing happened. So I clicked the red button again and got the same box with the same question. I clicked no and again, nothing happened. Tried it again and just to see what would happen, I clicked yes. My computer screen changed to a blue screen with a lot of white text. It mentioned something about an error. At the very bottom it said something about physical memory being dumped and then numbers counting upward. So I just turned my computer off. I got scared! lol So now what? Here's my latest HJT file, though.
Logfile of HijackThis v1.99.1
Scan saved at 9:16:27 PM, on 1/31/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
OK. It has a dll file hiding somewhere that has to go at the same time. Let's try this:
1. Download this file -
combofix.exe 2. Double click combofix.exe & follow the prompts.
3. When finished, it shall produce a log for you.
Note: Do not mouseclick combofix's window while it's running. That may cause it to stall
This thing generates a giant log but for now all I want in your next reply is the first part of it from where it starts with
((((((((((((((((((((((((((((((( Files Created from 2006-12-20 to 2007-01-20 ))))))))))))))))))))))))))))))))))
It didn't show the date you told me to start from in this log. The date below was the only date that showed up. Hopefully this will still work for you.
((((((((((((((((((((((((((((((( Files Created from 2007-01-01 to 2007-02-01 ))))))))))))))))))))))))))))))))))
Here ya go. As for when things started to go bad....they began to go slightly bad way before Jan. 7th but things were still pretty usable on my computer. Nothing was very crippled yet. But as for when things started to get really bad, Jan. 7th does sound about right.
Haven't forgotten you but have to do some research on the problem. The dll file we found that was hiding does not appear anywhere else in the part of the combofix log that you did not post?
I went back to the combofix log and tried to locate that file you are asking for. I combed through there 3 more times but never did see that file located anywhere else in there. I am sorry!
In the box under "Full path of File to Delete," type the following:
C:\WINDOWS\v2odt77re.dll
Then press the red button to delete the file.
Does it say it was able to delete the file? If not then check the Delete on Reboot button and let it try again.
No matter how the above goes:
Start, Run,
cmd, OK to bring up a new black CMD window. Type (with an Enter after each
bold line):
cd \
(Prompt should change to C: \ > )
dir /a /s crsss.exe > junk.txt
(will take a few minutes to finish and give you back your prompt)
notepad junk.txt
(Notepad should open with the results of the dir command. Copy that (Edit, Select All, then Edit, Copy) and paste it (Edit, Paste) in your next post. I want to see if we still have a good csrss.exe file on the system. We used to at the beginning but somehow it disappeared leaving only the bad one running. Windows needs one running otherwise you get the blue screen that you saw when we tried to kill the bad one. We need to get the good one running again before we have any chance of killing off the bad one.)
bamajim
10.4K Posts
0
January 29th, 2007 13:00
Welcome to DCF
That's quite an infection you have there.
Re Run Hijackthis
- At the Main window select " Open the misc tool section"
Copy and paste that list as a reply to this threadThen select " Open uninstall manager"
Then " save list" and save it to your desktop
twinzz4me
14 Posts
0
January 29th, 2007 23:00
Adobe Flash Player 9 ActiveX
Adobe Reader 7.0.5
AOL Coach Version 1.0(Build:20020131.1)
AOL Coach Version 1.0(Build:20040229.1 uk)
AOL Coach Version 2.0(Build:20041026.5 en)
AOL Toolbar
AOL UK (Choose which version to remove)
AOL Uninstaller (Choose which Products to Remove)
AOL You've Got Pictures Screensaver
Dell Photo AIO Printer 962
Google Desktop Search
Hijackthis 1.99.1
HijackThis 1.99.1
Intel(R) 537EP V9x DF PCI Modem
Intel(R) Extreme Graphics 2 Driver
Intel(R) PRO Network Adapters and Drivers
IrfanView (remove only)
J2SE Runtime Environment 5.0 Update 3
Jasc Paint Shop Photo Album
Jasc Paint Shop Pro 8 Dell Edition
Learn2 Player (Uninstall Only)
Microsoft .NET Framework 1.1
Microsoft Web Publishing Wizard 1.52
MySpaceIM
Nero OEM
OpenOffice.org 2.0
Outerinfo
Outerinfo
PowerDVD
Print to Fax
RealPlayer Basic
S3 S3Display
S3 S3Gamma2
S3 S3Info2
S3 S3Overlay
S3 S3TrayPlus
Security Toolbar
Shockwave
SoundMAX
The Print Shop 20
Ultimate Sudoku - The Emperor's Challenge
UniChrome Pro IGP Display Driver and Utilities
VIA Platform Device Manager
VIA Vinyl Audio Codecs Driver Setup Program
Viewpoint Media Player
Winamp (remove only)
Windows Media Format Runtime
bamajim
10.4K Posts
0
January 30th, 2007 00:00
1. Reboot into Safe Mode
This can be done by
Begin tapping the F8 key twice a second untill you reach another menu screen (black background with white menu choices)
Use your arrow keys and select Safe Mode and then Enter
2. Go to Add/Remove Programs (Click Start->>Control Panel->>Add/Remove Programs)
And Uninstall
Outerinfo
Outerinfo
Security Toolbar
Close Add/Remove Programs->>Reboot your PC into Normal Windows
3. Go here and download Purity Scan Uninstaller
4. Please run the Purity scan Uninstaller
If you have any problems a Tutorial can be found here
5. Reboot your PC->>Rerun Hijackthis and post a fresh Hijackthis log
twinzz4me
14 Posts
0
January 30th, 2007 01:00
Scan saved at 8:56:06 PM, on 1/29/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\NeroCheck.exe
C:\WINDOWS\system32\VTTimer.exe
C:\Program Files\Common Files\AOL\1142033861\ee\AOLSoftware.exe
C:\Program Files\Real\RealPlayer\RealPlay.exe
C:\Program Files\Common Files\{74D83C19-0AE9-1033-1108-040416200001}\Update.exe
C:\WINDOWS\csrss.exe
C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
C:\Program Files\AOL 9.0\aoltray.exe
c:\program files\common files\aol\1142033861\ee\services\antiSpywareApp\ver2_0_27_1\AOLSP Scheduler.exe
c:\program files\common files\aol\1142033861\ee\aolsoftware.exe
C:\Program Files\AOL Companion\companion.exe
C:\Program Files\Hijackthis\HijackThis.exe
O2 - BHO: (no name) - {057AC367-28D4-7E09-A1E9-05D58D21B699} - C:\WINDOWS\system32\npiepp.dll (file missing)
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {B1AF6EE2-8D05-F28A-7603-F81A06CE0890} - C:\WINDOWS\system32\aiflqges.dll (file missing)
O3 - Toolbar: (no name) - {736b5468-bdad-41be-92d0-22ae2ddf7bcb} - (no file)
O3 - Toolbar: AOL Toolbar - {4982D40A-C53B-4615-B15B-B5B5E98D167C} - C:\Program Files\AOL Toolbar\toolbar.dll
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [VTTrayp] VTtrayp.exe
O4 - HKLM\..\Run: [VTTimer] VTTimer.exe
O4 - HKLM\..\Run: [AudioDeck] C:\Program Files\VIAudioi\SBADeck\ADeck.exe 1
O4 - HKLM\..\Run: [SoundMAXPnP] C:\Program Files\Analog Devices\Core\smax4pnp.exe
O4 - HKLM\..\Run: [IgfxTray] C:\WINDOWS\system32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\system32\hkcmd.exe
O4 - HKLM\..\Run: [RemoteControl] "C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe"
O4 - HKLM\..\Run: [HostManager] C:\Program Files\Common Files\AOL\1142033861\ee\AOLSoftware.exe
O4 - HKLM\..\Run: [AOLDialer] C:\Program Files\Common Files\AOL\ACS\AOLDial.exe
O4 - HKLM\..\Run: [DLBXCATS] rundll32 C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\DLBXtime.dll,_RunDLLEntry@16
O4 - HKLM\..\Run: [dlbxmon.exe] "C:\Program Files\Dell Photo AIO Printer 962\dlbxmon.exe"
O4 - HKLM\..\Run: [IPHSend] C:\Program Files\Common Files\AOL\IPHSend\IPHSend.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre1.5.0_03\bin\jusched.exe
O4 - HKLM\..\Run: [RealTray] C:\Program Files\Real\RealPlayer\RealPlay.exe SYSTEMBOOTHIDEPLAYER
O4 - HKCU\..\Run: [AOL Fast Start] "C:\Program Files\America Online 9.0\AOL.EXE" -b
O4 - HKCU\..\Run: [Google Desktop Search] "C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe" /startup
O4 - HKCU\..\Run: [updateMgr] C:\Program Files\Adobe\Acrobat 7.0\Reader\AdobeUpdateManager.exe AcRdB7_0_0
O4 - HKCU\..\Run: [MySpaceIM] C:\Program Files\MySpace\IM\MySpaceIM.exe
O4 - HKCU\..\Run: [zrwm] C:\PROGRA~1\COMMON~1\zrwm\zrwmm.exe
O4 - HKCU\..\Run: [Kernel Fault Safe] C:\WINDOWS\smss.exe
O4 - HKCU\..\Run: [Shell explorer driver] C:\WINDOWS\csrss.exe
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: AOL 9.0 Tray Icon.lnk = C:\Program Files\AOL 9.0\aoltray.exe
O4 - Global Startup: AOL Companion.lnk = C:\Program Files\AOL Companion\companion.exe
O8 - Extra context menu item: &AOL Toolbar search - res://C:\Program Files\AOL Toolbar\toolbar.dll/SEARCH.HTML
O9 - Extra button: AOL Toolbar - {4982D40A-C53B-4615-B15B-B5B5E98D167C} - C:\Program Files\AOL Toolbar\toolbar.dll
O9 - Extra 'Tools' menuitem: AOL Toolbar - {4982D40A-C53B-4615-B15B-B5B5E98D167C} - C:\Program Files\AOL Toolbar\toolbar.dll
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\system32\Shdocvw.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {1D4DB7D2-6EC9-47A3-BD87-1E41684E07BB} - http://ak.exe.imgfarm.com/images/nocache/funwebproducts/ei/ZwinkyInitialSetup1.0.0.15.cab
O20 - Winlogon Notify: igfxcui - C:\WINDOWS\SYSTEM32\igfxsrvc.dll
O23 - Service: AOL Connectivity Service (AOL ACS) - America Online - C:\PROGRA~1\COMMON~1\AOL\ACS\AOLacsd.exe
O23 - Service: AOL TopSpeed Monitor (AOL TopSpeedMonitor) - America Online, Inc - C:\Program Files\Common Files\AOL\TopSpeed\2.0\aoltsmon.exe
O23 - Service: dlbx_device - Dell - C:\WINDOWS\system32\dlbxcoms.exe
O23 - Service: (Network Monitor) - Unknown owner - C:\WINDOWS\.exe (file missing)
O23 - Service: Virtual NIC Service (PackethSvc) - America Online, Inc. - C:\WINDOWS\system32\PackethSvc.exe
O23 - Service: WAN Miniport (ATW) Service (WANMiniportService) - America Online, Inc. - C:\WINDOWS\wanmpsvc.exe
bamajim
10.4K Posts
0
January 30th, 2007 02:00
Glad to hear it, we still have some things to do here.
1. Copy and paste the following into NotePad (Not Wordpad)
sc delete Network Monitor
Click File ->> Save as ->>type in cmd.bat
Close Notepad
The cmd.bat file should now appear on your Desktop
Double Click that file (It will appear that nothing has happened, but that's o.k.)
2. Open TaskManager (Rt Click a blank space on your lower toolbar->>Taskmanager)
Under the processes tab, Locate
csrss.exe
Hilight one at a time and Select End Process and Close Taskmanager
3. Rerun Hijackthis (scan only) and place checks beside the follwoing entries
O2 - BHO: (no name) - {B1AF6EE2-8D05-F28A-7603-F81A06CE0890} - C:\WINDOWS\system32\aiflqges.dll (file missing)
O3 - Toolbar: (no name) - {736b5468-bdad-41be-92d0-22ae2ddf7bcb} - (no file)
O4 - HKCU\..\Run: [zrwm] C:\PROGRA~1\COMMON~1\zrwm\zrwmm.exe
O4 - HKCU\..\Run: [Kernel Fault Safe] C:\WINDOWS\smss.exe
O4 - HKCU\..\Run: [Shell explorer driver] C:\WINDOWS\csrss.exe
O16 - DPF: {1D4DB7D2-6EC9-47A3-BD87-1E41684E07BB} - http://ak.exe.imgfarm.com/images/nocache/funwebproducts/ei/ZwinkyInitialSetup1.0.0.15.cab
4. Using Windows Explorer
Locate and Delete the following folders
C:\PROGRA~1\COMMON~1\zrwm <<-Should Translate C:\Program Files\Common Files\zrwm->>
twinzz4me
14 Posts
0
January 31st, 2007 00:00
Scan saved at 8:38:47 PM, on 1/30/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\NeroCheck.exe
C:\Program Files\Common Files\AOL\1142033861\ee\AOLSoftware.exe
C:\Program Files\Real\RealPlayer\RealPlay.exe
C:\WINDOWS\csrss.exe
C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
C:\Program Files\AOL 9.0\aoltray.exe
c:\program files\common files\aol\1142033861\ee\services\antiSpywareApp\ver2_0_27_1\AOLSP Scheduler.exe
C:\Program Files\AOL Companion\companion.exe
C:\America Online 6.0\waol.exe
C:\Program Files\Common Files\AOL\TopSpeed\2.0\aoltsmon.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\wanmpsvc.exe
C:\WINDOWS\system32\wuauclt.exe
C:\WINDOWS\system32\PackethSvc.exe
C:\Program Files\Hijackthis\HijackThis.exe
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O3 - Toolbar: AOL Toolbar - {4982D40A-C53B-4615-B15B-B5B5E98D167C} - C:\Program Files\AOL Toolbar\toolbar.dll
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [VTTrayp] VTtrayp.exe
O4 - HKLM\..\Run: [VTTimer] VTTimer.exe
O4 - HKLM\..\Run: [AudioDeck] C:\Program Files\VIAudioi\SBADeck\ADeck.exe 1
O4 - HKLM\..\Run: [SoundMAXPnP] C:\Program Files\Analog Devices\Core\smax4pnp.exe
O4 - HKLM\..\Run: [IgfxTray] C:\WINDOWS\system32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\system32\hkcmd.exe
O4 - HKLM\..\Run: [RemoteControl] "C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe"
O4 - HKLM\..\Run: [HostManager] C:\Program Files\Common Files\AOL\1142033861\ee\AOLSoftware.exe
O4 - HKLM\..\Run: [AOLDialer] C:\Program Files\Common Files\AOL\ACS\AOLDial.exe
O4 - HKLM\..\Run: [DLBXCATS] rundll32 C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\DLBXtime.dll,_RunDLLEntry@16
O4 - HKLM\..\Run: [dlbxmon.exe] "C:\Program Files\Dell Photo AIO Printer 962\dlbxmon.exe"
O4 - HKLM\..\Run: [IPHSend] C:\Program Files\Common Files\AOL\IPHSend\IPHSend.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre1.5.0_03\bin\jusched.exe
O4 - HKLM\..\Run: [RealTray] C:\Program Files\Real\RealPlayer\RealPlay.exe SYSTEMBOOTHIDEPLAYER
O4 - HKCU\..\Run: [AOL Fast Start] "C:\Program Files\America Online 9.0\AOL.EXE" -b
O4 - HKCU\..\Run: [Google Desktop Search] "C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe" /startup
O4 - HKCU\..\Run: [updateMgr] C:\Program Files\Adobe\Acrobat 7.0\Reader\AdobeUpdateManager.exe AcRdB7_0_0
O4 - HKCU\..\Run: [MySpaceIM] C:\Program Files\MySpace\IM\MySpaceIM.exe
O4 - HKCU\..\Run: [Shell explorer driver] C:\WINDOWS\csrss.exe
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: AOL 9.0 Tray Icon.lnk = C:\Program Files\AOL 9.0\aoltray.exe
O4 - Global Startup: AOL Companion.lnk = C:\Program Files\AOL Companion\companion.exe
O8 - Extra context menu item: &AOL Toolbar search - res://C:\Program Files\AOL Toolbar\toolbar.dll/SEARCH.HTML
O9 - Extra button: AOL Toolbar - {4982D40A-C53B-4615-B15B-B5B5E98D167C} - C:\Program Files\AOL Toolbar\toolbar.dll
O9 - Extra 'Tools' menuitem: AOL Toolbar - {4982D40A-C53B-4615-B15B-B5B5E98D167C} - C:\Program Files\AOL Toolbar\toolbar.dll
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\system32\Shdocvw.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O17 - HKLM\System\CCS\Services\Tcpip\..\{C6248388-3CC1-4967-A3CD-3E14C2C4603A}: NameServer = 205.188.146.145
O20 - Winlogon Notify: igfxcui - C:\WINDOWS\SYSTEM32\igfxsrvc.dll
O23 - Service: AOL Connectivity Service (AOL ACS) - America Online - C:\PROGRA~1\COMMON~1\AOL\ACS\AOLacsd.exe
O23 - Service: AOL TopSpeed Monitor (AOL TopSpeedMonitor) - America Online, Inc - C:\Program Files\Common Files\AOL\TopSpeed\2.0\aoltsmon.exe
O23 - Service: dlbx_device - Dell - C:\WINDOWS\system32\dlbxcoms.exe
O23 - Service: (Network Monitor) - Unknown owner - C:\WINDOWS\.exe (file missing)
O23 - Service: Virtual NIC Service (PackethSvc) - America Online, Inc. - C:\WINDOWS\system32\PackethSvc.exe
O23 - Service: WAN Miniport (ATW) Service (WANMiniportService) - America Online, Inc. - C:\WINDOWS\wanmpsvc.exe
RKinner
2 Intern
•
5.9K Posts
0
January 31st, 2007 18:00
http://207.210.72.89/KillBox.exe
Boot into Safe Mode (without networking) by rebooting and when you see the maker's logo start tapping the F8 key until it gives you the Safe Mode menu. Choose the top option and login as your usual login.
O4 - HKCU\..\Run: [Shell explorer driver] C:\WINDOWS\csrss.exe
Then press the red button to delete the file.
twinzz4me
14 Posts
0
February 1st, 2007 01:00
Scan saved at 9:16:27 PM, on 1/31/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\NeroCheck.exe
C:\WINDOWS\system32\VTTimer.exe
C:\Program Files\Common Files\AOL\1142033861\ee\AOLSoftware.exe
C:\Program Files\Real\RealPlayer\RealPlay.exe
C:\WINDOWS\csrss.exe
C:\Program Files\AOL 9.0\aoltray.exe
c:\program files\common files\aol\1142033861\ee\services\antiSpywareApp\ver2_0_27_1\AOLSP Scheduler.exe
c:\program files\common files\aol\1142033861\ee\aolsoftware.exe
C:\Program Files\AOL Companion\companion.exe
C:\WINDOWS\system32\PackethSvc.exe
C:\Program Files\Common Files\AOL\TopSpeed\2.0\aoltsmon.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\wanmpsvc.exe
C:\WINDOWS\system32\wuauclt.exe
c:\program files\internet explorer\iexplore.exe
C:\America Online 6.0\waol.exe
C:\DOCUME~1\User\LOCALS~1\Temp\services.exe
C:\Program Files\Hijackthis\HijackThis.exe
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O3 - Toolbar: AOL Toolbar - {4982D40A-C53B-4615-B15B-B5B5E98D167C} - C:\Program Files\AOL Toolbar\toolbar.dll
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [VTTrayp] VTtrayp.exe
O4 - HKLM\..\Run: [VTTimer] VTTimer.exe
O4 - HKLM\..\Run: [AudioDeck] C:\Program Files\VIAudioi\SBADeck\ADeck.exe 1
O4 - HKLM\..\Run: [SoundMAXPnP] C:\Program Files\Analog Devices\Core\smax4pnp.exe
O4 - HKLM\..\Run: [IgfxTray] C:\WINDOWS\system32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\system32\hkcmd.exe
O4 - HKLM\..\Run: [RemoteControl] "C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe"
O4 - HKLM\..\Run: [HostManager] C:\Program Files\Common Files\AOL\1142033861\ee\AOLSoftware.exe
O4 - HKLM\..\Run: [AOLDialer] C:\Program Files\Common Files\AOL\ACS\AOLDial.exe
O4 - HKLM\..\Run: [DLBXCATS] rundll32 C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\DLBXtime.dll,_RunDLLEntry@16
O4 - HKLM\..\Run: [dlbxmon.exe] "C:\Program Files\Dell Photo AIO Printer 962\dlbxmon.exe"
O4 - HKLM\..\Run: [IPHSend] C:\Program Files\Common Files\AOL\IPHSend\IPHSend.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre1.5.0_03\bin\jusched.exe
O4 - HKLM\..\Run: [RealTray] C:\Program Files\Real\RealPlayer\RealPlay.exe SYSTEMBOOTHIDEPLAYER
O4 - HKLM\..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k
O4 - HKCU\..\Run: [AOL Fast Start] "C:\Program Files\America Online 9.0\AOL.EXE" -b
O4 - HKCU\..\Run: [Google Desktop Search] "C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe" /startup
O4 - HKCU\..\Run: [updateMgr] C:\Program Files\Adobe\Acrobat 7.0\Reader\AdobeUpdateManager.exe AcRdB7_0_0
O4 - HKCU\..\Run: [MySpaceIM] C:\Program Files\MySpace\IM\MySpaceIM.exe
O4 - HKCU\..\Run: [Shell explorer driver] C:\WINDOWS\csrss.exe
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: AOL 9.0 Tray Icon.lnk = C:\Program Files\AOL 9.0\aoltray.exe
O4 - Global Startup: AOL Companion.lnk = C:\Program Files\AOL Companion\companion.exe
O8 - Extra context menu item: &AOL Toolbar search - res://C:\Program Files\AOL Toolbar\toolbar.dll/SEARCH.HTML
O9 - Extra button: AOL Toolbar - {4982D40A-C53B-4615-B15B-B5B5E98D167C} - C:\Program Files\AOL Toolbar\toolbar.dll
O9 - Extra 'Tools' menuitem: AOL Toolbar - {4982D40A-C53B-4615-B15B-B5B5E98D167C} - C:\Program Files\AOL Toolbar\toolbar.dll
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\system32\Shdocvw.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O17 - HKLM\System\CCS\Services\Tcpip\..\{C6248388-3CC1-4967-A3CD-3E14C2C4603A}: NameServer = 205.188.146.145
O20 - Winlogon Notify: igfxcui - C:\WINDOWS\SYSTEM32\igfxsrvc.dll
O23 - Service: AOL Connectivity Service (AOL ACS) - America Online - C:\PROGRA~1\COMMON~1\AOL\ACS\AOLacsd.exe
O23 - Service: AOL TopSpeed Monitor (AOL TopSpeedMonitor) - America Online, Inc - C:\Program Files\Common Files\AOL\TopSpeed\2.0\aoltsmon.exe
O23 - Service: dlbx_device - Dell - C:\WINDOWS\system32\dlbxcoms.exe
O23 - Service: (Network Monitor) - Unknown owner - C:\WINDOWS\.exe (file missing)
O23 - Service: Virtual NIC Service (PackethSvc) - America Online, Inc. - C:\WINDOWS\system32\PackethSvc.exe
O23 - Service: WAN Miniport (ATW) Service (WANMiniportService) - America Online, Inc. - C:\WINDOWS\wanmpsvc.exe
RKinner
2 Intern
•
5.9K Posts
0
February 1st, 2007 11:00
2. Double click combofix.exe & follow the prompts.
3. When finished, it shall produce a log for you.
Note: Do not mouseclick combofix's window while it's running. That may cause it to stall
This thing generates a giant log but for now all I want in your next reply is the first part of it from where it starts with
twinzz4me
14 Posts
0
February 2nd, 2007 01:00
2007-01-31 21:09
2007-01-30 20:36
2007-01-28 23:08
2007-01-07 21:43 68 --a------ C:\WINDOWS\v2odt77re.dll
(((((((((((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))))
2007-01-31 21:05 -------- d-------- C:\Program Files\dl_cats
2007-01-26 20:05 -------- d-------- C:\DOCUME~1\User\Application Data\openoffice.org2
2006-12-20 22:00 -------- d-------- C:\Program Files\ultimate sudoku - the emperor's challenge
2006-12-20 21:59 -------- d--h----- C:\Program Files\installshield installation information
2006-12-17 23:31 -------- d-------- C:\Program Files\Common Files\aolshare
2006-12-14 23:01 -------- d-------- C:\Program Files\quicktime
2006-12-14 19:03 8552 --a------ C:\WINDOWS\system32\drivers\asctrm.sys
2006-12-14 19:03 -------- d-------- C:\Program Files\learn2.com
2006-12-14 19:03 -------- d-------- C:\Program Files\Common Files\real
2006-12-14 19:03 -------- d-------- C:\Program Files\aol toolbar
2006-12-14 19:03 -------- d-------- C:\Program Files\aol companion
2006-12-14 19:03 -------- d-------- C:\Program Files\aol 9.0
2006-12-14 19:02 -------- d-------- C:\Program Files\Common Files\aol
2006-12-13 21:57 30613864 --a------ C:\WINDOWS\aolback.exe
2006-12-12 21:52 -------- d-------- C:\Program Files\dell photo aio printer 962
2006-12-12 21:52 -------- d-------- C:\Program Files\america online 9.0
2006-12-12 21:50 69632 --a------ C:\WINDOWS\system32\nerocheck.exe
2006-12-12 21:50 69632 --a------ C:\WINDOWS\system32\igfxtray.exe
2006-12-12 21:50 69632 --a------ C:\WINDOWS\system32\hkcmd.exe
2006-12-06 21:02 -------- d-------- C:\DOCUME~1\User\Application Data\adobeum
2006-12-03 22:06 129 --a-s---- C:\WINDOWS\test.bat
(((((((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))
RKinner
2 Intern
•
5.9K Posts
0
February 2nd, 2007 15:00
twinzz4me
14 Posts
0
February 4th, 2007 19:00
2007-01-07 21:43 68 --a------ C:\WINDOWS\v2odt77re.dll
RKinner
2 Intern
•
5.9K Posts
0
February 5th, 2007 13:00
twinzz4me
14 Posts
0
February 6th, 2007 01:00
RKinner
2 Intern
•
5.9K Posts
0
February 6th, 2007 08:00
Then press the red button to delete the file.