Very slow computer HJTL

TheChef

TheChef

New Member
I've run the things in Basic Malware Removal and Panda's Scan returned 7 viruses and a lot of spyware, after running adaware and SpybotSD. Heres a HJTL:

Logfile of HijackThis v1.99.1
Scan saved at 2:55:59 PM, on 2/19/2006
Platform: Windows 2000 SP4 (WinNT 5.00.2195)
MSIE: Internet Explorer v6.00 SP4 (6.00.2800.1106)

Running processes:
C:\WINNT\System32\smss.exe
C:\WINNT\system32\csrss.exe
C:\WINNT\system32\winlogon.exe
C:\WINNT\system32\services.exe
C:\WINNT\system32\lsass.exe
C:\WINNT\system32\svchost.exe
C:\WINNT\system32\spoolsv.exe
C:\Norman\bin\ZANDA.EXE
C:\WINNT\system32\regsvc.exe
C:\WINNT\system32\MSTask.exe
C:\WINNT\System32\WBEM\WinMgmt.exe
C:\WINNT\system32\mspmspsv.exe
C:\WINNT\system32\svchost.exe
C:\WINNT\Explorer.EXE
C:\WINNT\SOUNDMAN.EXE
C:\WINNT\System32\igfxtray.exe
C:\WINNT\System32\hkcmd.exe
C:\WINNT\system32\ezSP_Px.exe
C:\PROGRA~1\Sony\SONICS~1\SsAAD.exe
C:\Norman\bin\ZLH.EXE
C:\Norman\Nvc\BIN\NIP.EXE
C:\Norman\Nvc\BIN\NVCSCHED.EXE
C:\Norman\Nvc\bin\nvcoas.exe
C:\Norman\Nvc\BIN\nipsvc.exe
C:\WINNT\System32\svchost.exe
C:\Norman\bin\NJEEVES.EXE
C:\Program Files\Common Files\Sony Shared\AVLib\SSScsiSV.exe
C:\Norman\Nvc\bin\cclaw.exe
C:\WINNT\system32\wuauclt.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\PROGRA~1\WINZIP\winzip32.exe
C:\Documents and Settings\Lizzie\Local Settings\Temp\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com/
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
R3 - URLSearchHook: AOLTBSearch Class - {EA756889-2338-43DB-8F07-D1CA6FB9C90D} - C:\Program Files\AOL\AOL Toolbar 2.0\aoltb.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot\SDHelper.dll
O2 - BHO: AOL Toolbar Launcher - {7C554162-8CB7-45A4-B8F4-8EA1C75885F9} - C:\Program Files\AOL\AOL Toolbar 2.0\aoltb.dll
O3 - Toolbar: AOL Toolbar - {DE9C389F-3316-41A7-809B-AA305ED9D922} - C:\Program Files\AOL\AOL Toolbar 2.0\aoltb.dll
O4 - HKLM\..\Run: [Synchronization Manager] mobsync.exe /logon
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [IgfxTray] C:\WINNT\System32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\WINNT\System32\hkcmd.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [HPDJ Taskbar Utility] C:\WINNT\system32\spool\drivers\w32x86\3\hpztsb04.exe
O4 - HKLM\..\Run: [ezShieldProtector for Px] C:\WINNT\system32\ezSP_Px.exe
O4 - HKLM\..\Run: [SsAAD.exe] C:\PROGRA~1\Sony\SONICS~1\SsAAD.exe
O4 - HKLM\..\Run: [Norman ZANDA] C:\Norman\bin\ZLH.EXE /LOAD /SPLASH
O4 - HKLM\..\Run: [Microsoft Windows DLL Services Configuration] windir32.exe
O4 - HKLM\..\Run: [Microsoft Service] msupdate.exe
O4 - HKLM\..\RunServices: [Microsoft Windows DLL Services Configuration] windir32.exe
O4 - HKLM\..\RunServices: [Microsoft Service] msupdate.exe
O4 - HKCU\..\Run: [AIM] C:\Program Files\aim\aim.exe -cnetwait.odl
O4 - HKCU\..\Run: [PPMemCheck] C:\PROGRA~1\PESTPA~1\PPMemCheck.exe
O4 - HKCU\..\Run: [PestPatrol Control Center] C:\PROGRA~1\PESTPA~1\PPControl.exe
O4 - HKCU\..\Run: [CookiePatrol] C:\PROGRA~1\PESTPA~1\CookiePatrol.exe
O4 - HKCU\..\Run: [Weather] C:\Program Files\AWS\WeatherBug\Weather.exe 1
O4 - HKCU\..\Run: [Microsoft Windows DLL Services Configuration] windir32.exe
O4 - HKCU\..\Run: [Microsoft Service] msupdate.exe
O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot\TeaTimer.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office\OSA9.EXE
O8 - Extra context menu item: &AOL Toolbar Search - c:\program files\aol\aol toolbar 2.0\resources\en-US\local\search.html
O9 - Extra button: AOL Toolbar - {3369AF0D-62E9-4bda-8103-B4C75499B578} - C:\Program Files\AOL\AOL Toolbar 2.0\aoltb.dll
O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\Program Files\aim\aim.exe
O12 - Plugin for .pdf: C:\Program Files\Internet Explorer\PLUGINS\nppdf32.dll
O16 - DPF: Yahoo! Blackjack - http://download.games.yahoo.com/games/clients/y/jt0_x.cab
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage) - http://go.microsoft.com/fwlink/?linkid=34738&clcid=0x409
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1136416750531
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://acs.pandasoftware.com/activescan/as5free/asinst.cab
O16 - DPF: {D719897A-B07A-4C0C-AEA9-9B663A28DFCB} (iTunesDetector Class) - http://ax.phobos.apple.com.edgesuite.net/detection/ITDetector.cab
O20 - Winlogon Notify: igfxcui - C:\WINNT\SYSTEM32\igfxsrvc.dll
O23 - Service: Logical Disk Manager Administrative Service (dmadmin) - VERITAS Software Corp. - C:\WINNT\System32\dmadmin.exe
O23 - Service: MSCSPTISRV - Sony Corporation - C:\Program Files\Common Files\Sony Shared\AVLib\MSCSPTISRV.exe
O23 - Service: Norman API-hooking helper (NipSvc) - Unknown owner - C:\Norman\Nvc\BIN\nipsvc.exe
O23 - Service: Norman NJeeves - Unknown owner - C:\Norman\bin\NJEEVES.EXE
O23 - Service: Norman ZANDA - Unknown owner - C:\Norman\bin\ZANDA.EXE
O23 - Service: Norman Virus Control on-access component (nvcoas) - Norman ASA - C:\Norman\Nvc\bin\nvcoas.exe
O23 - Service: Norman Virus Control Scheduler (NVCScheduler) - Norman Data Defense Systems - C:\Norman\Nvc\BIN\NVCSCHED.EXE
O23 - Service: PACSPTISVR - Sony Corporation - C:\Program Files\Common Files\Sony Shared\AVLib\PACSPTISVR.exe
O23 - Service: Sony SPTI Service (SPTISRV) - Sony Corporation - C:\Program Files\Common Files\Sony Shared\AVLib\SPTISRV.exe
O23 - Service: SonicStage SCSI Service (SSScsiSV) - Sony Corporation - C:\Program Files\Common Files\Sony Shared\AVLib\SSScsiSV.exe
 
Last edited:
This is a bit of a mess. Run a couple of scans in safemode first.

Download the trial version of Spy Sweeper from Here

Install it using the Standard Install option. (You will be asked for your e-mail address, it is safe to give it. If you receive alerts from your firewall, allow all activities for Spy Sweeper)

You will be prompted to check for updated definitions, please do so.
(This may take several minutes)

Please download, install, update and scan your system with the free version of Ewido Security Suite:
1. When installing, under "Additional Options" uncheck "Install background guard" and "Install scan via context menu".
2. When you run ewido for the first time, you will get a warning "Database could not be found!". Click OK. We will fix this in a moment.
3. From the main ewido screen, click on update in the left menu, then click the Start update button.
4. After the update finishes (the status bar at the bottom will display "Update successful"), exit Ewido and boot into safe mode:

Restart your computer, and begin tapping the F8 key on your keyboard. Continue to do so until the Windows Advanced Options menu appears. If you begin tapping the F8 key too soon, some computers display a "keyboard error" message. To resolve this, restart the computer and try again.
Using the arrow keys on the keyboard, scroll to and select the Safe mode menu item, and then press Enter.


Now open Ewido, click on the Scanner button in the left menu, then click on the Start button. This scan can take quite a while to run, so time to go get a drink and a snack....
If ewido finds anything, it will pop up a notification. You can select "clean" and check the boxes "Perform action with all infections" and "Create encrypted backup" before clicking on OK.

Once the Ewido scan finishes, run Spy Sweeper.

Click on Options > Sweep Options and check Sweep all Folders on Selected drives. Check Local Disc C. Under What to Sweep, check every box.

Click on Sweep and allow it to fully scan your system.

When the sweep has finished, click Remove. Click Select All and then Next

From 'Results', select the Session Log tab. Click Save to File and save the log somewhere convenient.

Exit Spy Sweeper.

Then reboot to normal mode, and post a new Hijackthis log.
 
Logfile of HijackThis v1.99.1
Scan saved at 11:25:15 PM, on 2/19/2006
Platform: Windows 2000 SP4 (WinNT 5.00.2195)
MSIE: Internet Explorer v6.00 SP4 (6.00.2800.1106)

Running processes:
C:\WINNT\System32\smss.exe
C:\WINNT\system32\csrss.exe
C:\WINNT\system32\winlogon.exe
C:\WINNT\system32\services.exe
C:\WINNT\system32\lsass.exe
C:\WINNT\system32\svchost.exe
C:\WINNT\system32\spoolsv.exe
C:\Program Files\ewido anti-malware\ewidoctrl.exe
C:\Norman\bin\ZANDA.EXE
C:\WINNT\system32\regsvc.exe
C:\WINNT\system32\MSTask.exe
C:\Program Files\Webroot\Spy Sweeper\WRSSSDK.exe
C:\WINNT\System32\WBEM\WinMgmt.exe
C:\WINNT\system32\mspmspsv.exe
C:\WINNT\system32\svchost.exe
C:\Norman\Nvc\BIN\NVCSCHED.EXE
C:\Norman\Nvc\BIN\nipsvc.exe
C:\Norman\Nvc\bin\nvcoas.exe
C:\WINNT\System32\svchost.exe
C:\Norman\bin\NJEEVES.EXE
C:\WINNT\Explorer.EXE
C:\WINNT\SOUNDMAN.EXE
C:\WINNT\System32\igfxtray.exe
C:\WINNT\System32\hkcmd.exe
C:\WINNT\system32\spool\drivers\w32x86\3\hpztsb04.exe
C:\WINNT\system32\ezSP_Px.exe
C:\PROGRA~1\Sony\SONICS~1\SsAAD.exe
C:\Norman\bin\ZLH.EXE
C:\Program Files\Webroot\Spy Sweeper\SpySweeper.exe
C:\Program Files\aim\aim.exe
C:\Program Files\Spybot\TeaTimer.exe
C:\Norman\Nvc\BIN\NIP.EXE
C:\Norman\Nvc\bin\cclaw.exe
C:\Program Files\Common Files\Sony Shared\AVLib\SSScsiSV.exe
C:\WINNT\system32\wuauclt.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Documents and Settings\Lizzie\Desktop\HijackThis.exe

R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
R3 - URLSearchHook: AOLTBSearch Class - {EA756889-2338-43DB-8F07-D1CA6FB9C90D} - C:\Program Files\AOL\AOL Toolbar 2.0\aoltb.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot\SDHelper.dll
O2 - BHO: AOL Toolbar Launcher - {7C554162-8CB7-45A4-B8F4-8EA1C75885F9} - C:\Program Files\AOL\AOL Toolbar 2.0\aoltb.dll
O3 - Toolbar: AOL Toolbar - {DE9C389F-3316-41A7-809B-AA305ED9D922} - C:\Program Files\AOL\AOL Toolbar 2.0\aoltb.dll
O4 - HKLM\..\Run: [Synchronization Manager] mobsync.exe /logon
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [IgfxTray] C:\WINNT\System32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\WINNT\System32\hkcmd.exe
O4 - HKLM\..\Run: [HPDJ Taskbar Utility] C:\WINNT\system32\spool\drivers\w32x86\3\hpztsb04.exe
O4 - HKLM\..\Run: [ezShieldProtector for Px] C:\WINNT\system32\ezSP_Px.exe
O4 - HKLM\..\Run: [SsAAD.exe] C:\PROGRA~1\Sony\SONICS~1\SsAAD.exe
O4 - HKLM\..\Run: [Norman ZANDA] C:\Norman\bin\ZLH.EXE /LOAD /SPLASH
O4 - HKLM\..\Run: [Microsoft Windows DLL Services Configuration] windir32.exe
O4 - HKLM\..\Run: [Microsoft Service] msupdate.exe
O4 - HKLM\..\Run: [SpySweeper] "C:\Program Files\Webroot\Spy Sweeper\SpySweeper.exe" /startintray
O4 - HKLM\..\RunServices: [Microsoft Windows DLL Services Configuration] windir32.exe
O4 - HKLM\..\RunServices: [Microsoft Service] msupdate.exe
O4 - HKCU\..\Run: [AIM] C:\Program Files\aim\aim.exe -cnetwait.odl
O4 - HKCU\..\Run: [PPMemCheck] C:\PROGRA~1\PESTPA~1\PPMemCheck.exe
O4 - HKCU\..\Run: [PestPatrol Control Center] C:\PROGRA~1\PESTPA~1\PPControl.exe
O4 - HKCU\..\Run: [Weather] C:\Program Files\AWS\WeatherBug\Weather.exe 1
O4 - HKCU\..\Run: [Microsoft Windows DLL Services Configuration] windir32.exe
O4 - HKCU\..\Run: [Microsoft Service] msupdate.exe
O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot\TeaTimer.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office\OSA9.EXE
O8 - Extra context menu item: &AOL Toolbar Search - c:\program files\aol\aol toolbar 2.0\resources\en-US\local\search.html
O9 - Extra button: AOL Toolbar - {3369AF0D-62E9-4bda-8103-B4C75499B578} - C:\Program Files\AOL\AOL Toolbar 2.0\aoltb.dll
O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\Program Files\aim\aim.exe
O12 - Plugin for .pdf: C:\Program Files\Internet Explorer\PLUGINS\nppdf32.dll
O16 - DPF: Yahoo! Blackjack - http://download.games.yahoo.com/games/clients/y/jt0_x.cab
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage) - http://go.microsoft.com/fwlink/?linkid=34738&clcid=0x409
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1136416750531
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://acs.pandasoftware.com/activescan/as5free/asinst.cab
O16 - DPF: {D719897A-B07A-4C0C-AEA9-9B663A28DFCB} (iTunesDetector Class) - http://ax.phobos.apple.com.edgesuite.net/detection/ITDetector.cab
O20 - Winlogon Notify: igfxcui - C:\WINNT\SYSTEM32\igfxsrvc.dll
O20 - Winlogon Notify: WRNotifier - C:\WINNT\SYSTEM32\WRLogonNTF.dll
O23 - Service: Logical Disk Manager Administrative Service (dmadmin) - VERITAS Software Corp. - C:\WINNT\System32\dmadmin.exe
O23 - Service: ewido security suite control - ewido networks - C:\Program Files\ewido anti-malware\ewidoctrl.exe
O23 - Service: MSCSPTISRV - Sony Corporation - C:\Program Files\Common Files\Sony Shared\AVLib\MSCSPTISRV.exe
O23 - Service: Norman API-hooking helper (NipSvc) - Unknown owner - C:\Norman\Nvc\BIN\nipsvc.exe
O23 - Service: Norman NJeeves - Unknown owner - C:\Norman\bin\NJEEVES.EXE
O23 - Service: Norman ZANDA - Unknown owner - C:\Norman\bin\ZANDA.EXE
O23 - Service: Norman Virus Control on-access component (nvcoas) - Norman ASA - C:\Norman\Nvc\bin\nvcoas.exe
O23 - Service: Norman Virus Control Scheduler (NVCScheduler) - Norman Data Defense Systems - C:\Norman\Nvc\BIN\NVCSCHED.EXE
O23 - Service: PACSPTISVR - Sony Corporation - C:\Program Files\Common Files\Sony Shared\AVLib\PACSPTISVR.exe
O23 - Service: Sony SPTI Service (SPTISRV) - Sony Corporation - C:\Program Files\Common Files\Sony Shared\AVLib\SPTISRV.exe
O23 - Service: SonicStage SCSI Service (SSScsiSV) - Sony Corporation - C:\Program Files\Common Files\Sony Shared\AVLib\SSScsiSV.exe
O23 - Service: Webroot Spy Sweeper Engine (svcWRSSSDK) - Webroot Software, Inc. - C:\Program Files\Webroot\Spy Sweeper\WRSSSDK.exe
 
Uninstall Weatherbug and Spy Sweeper, then restart the computer.

Run Hijackthis and select "Do a system scan only", place a check by the following entries.

R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
O4 - HKLM\..\Run: [Microsoft Windows DLL Services Configuration] windir32.exe
O4 - HKLM\..\Run: [Microsoft Service] msupdate.exe
O4 - HKLM\..\RunServices: [Microsoft Windows DLL Services Configuration] windir32.exe
O4 - HKLM\..\RunServices: [Microsoft Service] msupdate.exe
O4 - HKCU\..\Run: [Weather] C:\Program Files\AWS\WeatherBug\Weather.exe 1
O4 - HKCU\..\Run: [Microsoft Windows DLL Services Configuration] windir32.exe
O4 - HKCU\..\Run: [Microsoft Service] msupdate.exe

Close all open windows and browsers, and hit "Fix Checked".

Find and delete these files.

windir32.exe
msupdate.exe

Then restart again and run the Pandascan and save the report.
Post the report here, along with a new Hijackthis log, and say how things are now.
 
Incident Status Location

Virus:Eicar.Mod Not disinfected C:\Documents and Settings\Bob\Desktop\PestPatrol\Help.chm[HowCanITestDetection.html]
Adware:Adware/WinTools Not disinfected C:\Documents and Settings\Bob\Desktop\PestPatrol\Quarantine\20040524233737811.zip[toolbar.dll]
Adware:Adware/HuntBar Not disinfected C:\Documents and Settings\Bob\Desktop\PestPatrol\Quarantine\20040524233737811.zip[btlink.dll]
Adware:Adware/WinTools Not disinfected C:\Documents and Settings\Bob\Desktop\PestPatrol\Quarantine\20040524233737811.zip[wintools.exe]
Adware:Adware/MSView Not disinfected C:\Documents and Settings\Bob\Desktop\PestPatrol\Quarantine\20040524233737811.zip[msvprep.exe]
Spyware:Cookie/Adserver Not disinfected C:\Documents and Settings\Bob\Desktop\PestPatrol\Quarantine\20040524233737811.zip[[email protected][2].txt]
Spyware:Cookie/Valueclick Not disinfected C:\Documents and Settings\Bob\Desktop\PestPatrol\Quarantine\20040524233737811.zip[owner@valueclick[2].txt]
Spyware:Cookie/Traffic Marketplace Not disinfected C:\Documents and Settings\Bob\Desktop\PestPatrol\Quarantine\20040524233737811.zip[owner@trafficmp[1].txt]
Spyware:Cookie/Advertising Not disinfected C:\Documents and Settings\Bob\Desktop\PestPatrol\Quarantine\20040524233737811.zip[[email protected][1].txt]
Spyware:Cookie/QkSrv Not disinfected C:\Documents and Settings\Bob\Desktop\PestPatrol\Quarantine\20040524233737811.zip[owner@qksrv[2].txt]
Spyware:Cookie/AspinallsOnlineCasino Not disinfected C:\Documents and Settings\Bob\Desktop\PestPatrol\Quarantine\20040524233737811.zip[owner@pacificpoker[2].txt]
Spyware:Cookie/Mediaplex Not disinfected C:\Documents and Settings\Bob\Desktop\PestPatrol\Quarantine\20040524233737811.zip[owner@mediaplex[1].txt]
Spyware:Cookie/Hitbox Not disinfected C:\Documents and Settings\Bob\Desktop\PestPatrol\Quarantine\20040524233737811.zip[owner@hitbox[2].txt]
Spyware:Cookie/FastClick Not disinfected C:\Documents and Settings\Bob\Desktop\PestPatrol\Quarantine\20040524233737811.zip[owner@fastclick[1].txt]
Spyware:Cookie/Euniverseads Not disinfected C:\Documents and Settings\Bob\Desktop\PestPatrol\Quarantine\20040524233737811.zip[owner@euniverseads[2].txt]
Spyware:Cookie/Doubleclick Not disinfected C:\Documents and Settings\Bob\Desktop\PestPatrol\Quarantine\20040524233737811.zip[owner@doubleclick[2].txt]
Spyware:Cookie/Bfast Not disinfected C:\Documents and Settings\Bob\Desktop\PestPatrol\Quarantine\20040524233737811.zip[owner@bfast[2].txt]
Spyware:Cookie/Atlas DMT Not disinfected C:\Documents and Settings\Bob\Desktop\PestPatrol\Quarantine\20040524233737811.zip[owner@atdmt[2].txt]
Spyware:Cookie/Advertising Not disinfected C:\Documents and Settings\Bob\Desktop\PestPatrol\Quarantine\20040524233737811.zip[owner@advertising[1].txt]
Spyware:Cookie/Gorillanation Not disinfected C:\Documents and Settings\Bob\Desktop\PestPatrol\Quarantine\20040524233737811.zip[[email protected][1].txt]
Spyware:Cookie/2o7.net Not disinfected C:\Documents and Settings\Bob\Desktop\PestPatrol\Quarantine\20040524233737811.zip[owner@2o7[2].txt]
Spyware:Cookie/Zedo Not disinfected C:\Documents and Settings\Bob\Desktop\PestPatrol\Quarantine\20040524235238734.zip[elizabeth@zedo[2].txt]
Spyware:Cookie/Adserver Not disinfected C:\Documents and Settings\Bob\Desktop\PestPatrol\Quarantine\20040524235238734.zip[[email protected][2].txt]
Spyware:Cookie/XXXtoolbar Not disinfected C:\Documents and Settings\Bob\Desktop\PestPatrol\Quarantine\20040524235238734.zip[elizabeth@xxxtoolbar[1].txt]
Spyware:Cookie/Valueclick Not disinfected C:\Documents and Settings\Bob\Desktop\PestPatrol\Quarantine\20040524235238734.zip[elizabeth@valueclick[1].txt]
Spyware:Cookie/Tribalfusion Not disinfected C:\Documents and Settings\Bob\Desktop\PestPatrol\Quarantine\20040524235238734.zip[elizabeth@tribalfusion[2].txt]
Spyware:Cookie/Traffic Marketplace Not disinfected C:\Documents and Settings\Bob\Desktop\PestPatrol\Quarantine\20040524235238734.zip[elizabeth@trafficmp[1].txt]
Spyware:Cookie/Mammamediasolutions Not disinfected C:\Documents and Settings\Bob\Desktop\PestPatrol\Quarantine\20040524235238734.zip[elizabeth@targetnet[2].txt]
Spyware:Cookie/Clicktracks Not disinfected C:\Documents and Settings\Bob\Desktop\PestPatrol\Quarantine\20040524235238734.zip[[email protected][1].txt]
Spyware:Cookie/onestat.com Not disinfected C:\Documents and Settings\Bob\Desktop\PestPatrol\Quarantine\20040524235238734.zip[[email protected][2].txt]
Spyware:Cookie/SpyLog Not disinfected C:\Documents and Settings\Bob\Desktop\PestPatrol\Quarantine\20040524235238734.zip[elizabeth@spylog[2].txt]
Spyware:Cookie/Santa Monica networks inc Not disinfected C:\Documents and Settings\Bob\Desktop\PestPatrol\Quarantine\20040524235238734.zip[elizabeth@smni[2].txt]
Spyware:Cookie/Server.iad.Liveperson Not disinfected C:\Documents and Settings\Bob\Desktop\PestPatrol\Quarantine\20040524235238734.zip[[email protected][1].txt]
Spyware:Cookie/Advertising Not disinfected C:\Documents and Settings\Bob\Desktop\PestPatrol\Quarantine\20040524235238734.zip[[email protected][1].txt]
Spyware:Cookie/WUpd Not disinfected C:\Documents and Settings\Bob\Desktop\PestPatrol\Quarantine\20040524235238734.zip[elizabeth@revenue[1].txt]
Spyware:Cookie/RealMedia Not disinfected C:\Documents and Settings\Bob\Desktop\PestPatrol\Quarantine\20040524235238734.zip[elizabeth@realmedia[2].txt]
Spyware:Cookie/QuestionMarket Not disinfected C:\Documents and Settings\Bob\Desktop\PestPatrol\Quarantine\20040524235238734.zip[elizabeth@questionmarket[2].txt]
Spyware:Cookie/QkSrv Not disinfected C:\Documents and Settings\Bob\Desktop\PestPatrol\Quarantine\20040524235238734.zip[elizabeth@qksrv[1].txt]
Spyware:Cookie/Peel Not disinfected C:\Documents and Settings\Bob\Desktop\PestPatrol\Quarantine\20040524235238734.zip[elizabeth@peel[2].txt]
Spyware:Cookie/Mediaplex Not disinfected C:\Documents and Settings\Bob\Desktop\PestPatrol\Quarantine\20040524235238734.zip[elizabeth@mediaplex[2].txt]
Spyware:Cookie/Maxserving Not disinfected C:\Documents and Settings\Bob\Desktop\PestPatrol\Quarantine\20040524235238734.zip[elizabeth@maxserving[1].txt]
Spyware:Cookie/Linksynergy Not disinfected C:\Documents and Settings\Bob\Desktop\PestPatrol\Quarantine\20040524235238734.zip[elizabeth@linksynergy[1].txt]
Spyware:Cookie/Inet-Traffic Not disinfected C:\Documents and Settings\Bob\Desktop\PestPatrol\Quarantine\20040524235238734.zip[elizabeth@inet-traffic[1].txt]
Spyware:Cookie/HotLog Not disinfected C:\Documents and Settings\Bob\Desktop\PestPatrol\Quarantine\20040524235238734.zip[elizabeth@hotlog[1].txt]
Spyware:Cookie/Hitbox Not disinfected C:\Documents and Settings\Bob\Desktop\PestPatrol\Quarantine\20040524235238734.zip[elizabeth@hitbox[1].txt]
Spyware:Cookie/Hitbox Not disinfected C:\Documents and Settings\Bob\Desktop\PestPatrol\Quarantine\20040524235238734.zip[[email protected][1].txt]
Spyware:Cookie/Humanclick Not disinfected C:\Documents and Settings\Bob\Desktop\PestPatrol\Quarantine\20040524235238734.zip[[email protected][2].txt]
 
Spyware:Cookie/Gator Not disinfected C:\Documents and Settings\Bob\Desktop\PestPatrol\Quarantine\20040524235238734.zip[elizabeth@gator[1].txt]
Spyware:Cookie/Findwhat Not disinfected C:\Documents and Settings\Bob\Desktop\PestPatrol\Quarantine\20040524235238734.zip[elizabeth@findwhat[1].txt]
Spyware:Cookie/FastClick Not disinfected C:\Documents and Settings\Bob\Desktop\PestPatrol\Quarantine\20040524235238734.zip[elizabeth@fastclick[1].txt]
Spyware:Cookie/Euniverseads Not disinfected C:\Documents and Settings\Bob\Desktop\PestPatrol\Quarantine\20040524235238734.zip[elizabeth@euniverseads[1].txt]
Adware:Adware/WinTools Not disinfected C:\Documents and Settings\Bob\Desktop\PestPatrol\Quarantine\20040527193803451.zip[WToolsA.exe]
Adware:Adware/WinTools Not disinfected C:\Documents and Settings\Bob\Desktop\PestPatrol\Quarantine\20040527193803451.zip[WToolsB.dll]
Adware:Adware/WinTools Not disinfected C:\Documents and Settings\Bob\Desktop\PestPatrol\Quarantine\20040527193803451.zip[WToolsA.exe]
Adware:Adware/WinTools Not disinfected C:\Documents and Settings\Bob\Desktop\PestPatrol\Quarantine\20040527235458528.zip[WToolsA.exe]
Adware:Adware/WinTools Not disinfected C:\Documents and Settings\Bob\Desktop\PestPatrol\Quarantine\20040528004006467.zip[WToolsA.exe]
Adware:Adware/WinTools Not disinfected C:\Documents and Settings\Bob\Desktop\PestPatrol\Quarantine\20040528004006467.zip[WSup.exe]
Adware:Adware/WinTools Not disinfected C:\Documents and Settings\Bob\Desktop\PestPatrol\Quarantine\20040529010405544.zip[WToolsB.dll]
Adware:Adware/WinTools Not disinfected C:\Documents and Settings\Bob\Desktop\PestPatrol\Quarantine\20040529010405544.zip[WToolsA.exe]
Adware:Adware/WinTools Not disinfected C:\Documents and Settings\Bob\Desktop\PestPatrol\Quarantine\20040529010405544.zip[WSup.exe]
Adware:Adware/WinTools Not disinfected C:\Documents and Settings\Bob\Desktop\PestPatrol\Quarantine\20040530014039060.zip[WToolsB.dll]
Adware:Adware/WinTools Not disinfected C:\Documents and Settings\Bob\Desktop\PestPatrol\Quarantine\20040530014039060.zip[WToolsA.exe]
Adware:Adware/WinTools Not disinfected C:\Documents and Settings\Bob\Desktop\PestPatrol\Quarantine\20040530014039060.zip[WSup.exe]
Adware:Adware/WinTools Not disinfected C:\Documents and Settings\Bob\Desktop\PestPatrol\Quarantine\20040531004328249.zip[WToolsB.dll]
Adware:Adware/WinTools Not disinfected C:\Documents and Settings\Bob\Desktop\PestPatrol\Quarantine\20040531004328249.zip[WToolsA.exe]
Adware:Adware/WinTools Not disinfected C:\Documents and Settings\Bob\Desktop\PestPatrol\Quarantine\20040531004328249.zip[WSup.exe]
Adware:Adware/WinTools Not disinfected C:\Documents and Settings\Bob\Desktop\PestPatrol\Quarantine\20040531004328249.zip[WToolsB.dll]
Spyware:Cookie/888 Not disinfected C:\Documents and Settings\Elizabeth\Cookies\elizabeth@888[2].txt
Spyware:Cookie/Ask Not disinfected C:\Documents and Settings\Elizabeth\Cookies\elizabeth@ask[2].txt
Spyware:Cookie/Azjmp Not disinfected C:\Documents and Settings\Elizabeth\Cookies\elizabeth@azjmp[2].txt
Spyware:Cookie/Banner Not disinfected C:\Documents and Settings\Elizabeth\Cookies\elizabeth@banner[1].txt
Spyware:Cookie/GoStats Not disinfected C:\Documents and Settings\Elizabeth\Cookies\[email protected][2].txt
Spyware:Cookie/go Not disinfected C:\Documents and Settings\Elizabeth\Cookies\elizabeth@go[2].txt
Spyware:Cookie/Mircx Not disinfected C:\Documents and Settings\Elizabeth\Cookies\[email protected][1].txt
Spyware:Cookie/Target Not disinfected C:\Documents and Settings\Elizabeth\Cookies\elizabeth@target[2].txt
Spyware:Cookie/MyWay Not disinfected C:\Documents and Settings\Elizabeth\Cookies\[email protected][2].txt
Spyware:Cookie/MyGeek Not disinfected C:\Documents and Settings\Elizabeth\Local Settings\Temp\Cookies\[email protected][1].txt
Spyware:Cookie/Rightmedia Not disinfected C:\Documents and Settings\Elizabeth\Local Settings\Temp\Cookies\elizabeth@rightmedia[2].txt
Spyware:Cookie/2o7.net Not disinfected C:\Documents and Settings\Lizzie\Cookies\lizzie@2o7[1].txt
Spyware:Cookie/Advertising Not disinfected C:\Documents and Settings\Lizzie\Cookies\lizzie@advertising[1].txt
Spyware:Cookie/Atlas DMT Not disinfected C:\Documents and Settings\Lizzie\Cookies\lizzie@atdmt[2].txt
Spyware:Cookie/Doubleclick Not disinfected C:\Documents and Settings\Lizzie\Cookies\lizzie@doubleclick[1].txt
Spyware:Cookie/Media-motor Not disinfected C:\Documents and Settings\Lizzie\Cookies\[email protected][1].txt
Spyware:Cookie/RealMedia Not disinfected C:\Documents and Settings\Lizzie\Cookies\lizzie@realmedia[1].txt
Spyware:Cookie/Searchportal Not disinfected C:\Documents and Settings\Lizzie\Cookies\[email protected][1].txt
Spyware:Cookie/Target Not disinfected C:\Documents and Settings\Lizzie\Cookies\lizzie@target[1].txt
Spyware:Cookie/Tribalfusion Not disinfected C:\Documents and Settings\Lizzie\Cookies\lizzie@tribalfusion[2].txt
Spyware:Cookie/myaffiliateprogram Not disinfected C:\Documents and Settings\Lizzie\Cookies\[email protected][1].txt
Spyware:Spyware/SurfSideKick Not disinfected C:\Documents and Settings\Lizzie\Local Settings\Temp\temp.fr49FF\SskCore.dll
Adware:Adware/WinTools Not disinfected C:\Documents and Settings\Lizzie\Local Settings\Temp\temp.fr704C\common.dll
Virus:W32/Blah.A Not disinfected C:\WINDOWS\Config\Setup\Microsoft\dcom.bat
Adware:adware/ieplugin Not disinfected C:\WINNT\kwv2.dat
Spyware:Spyware/Omi Not disinfected C:\WINNT\system32\msfdje.gif
Spyware:Spyware/ClientMan Not disinfected C:\WINNT\system32\mshfan.dll
Adware:Adware/Hotoffers Not disinfected C:\WINNT\system32\msodae.dll
Adware:adware/hotoffers Not disinfected C:\WINNT\system32\Party Poker.ico
Adware:adware/ncase Not disinfected C:\WINNT\system32\saieau.dat
Adware:adware/powersearch Not disinfected C:\WINNT\system32\stlb2.xml
 
HJTL

Logfile of HijackThis v1.99.1
Scan saved at 3:46:28 PM, on 2/20/2006
Platform: Windows 2000 SP4 (WinNT 5.00.2195)
MSIE: Internet Explorer v6.00 SP4 (6.00.2800.1106)

Running processes:
C:\WINNT\System32\smss.exe
C:\WINNT\system32\csrss.exe
C:\WINNT\system32\winlogon.exe
C:\WINNT\system32\services.exe
C:\WINNT\system32\lsass.exe
C:\WINNT\system32\svchost.exe
C:\WINNT\system32\spoolsv.exe
C:\Program Files\ewido anti-malware\ewidoctrl.exe
C:\Norman\bin\ZANDA.EXE
C:\WINNT\system32\regsvc.exe
C:\WINNT\system32\MSTask.exe
C:\WINNT\System32\WBEM\WinMgmt.exe
C:\WINNT\system32\mspmspsv.exe
C:\WINNT\system32\svchost.exe
C:\Norman\bin\NJEEVES.EXE
C:\WINNT\System32\svchost.exe
C:\Norman\Nvc\bin\nvcoas.exe
C:\Norman\Nvc\BIN\NVCSCHED.EXE
C:\Norman\Nvc\BIN\nipsvc.exe
C:\WINNT\Explorer.EXE
C:\WINNT\system32\wuauclt.exe
C:\WINNT\System32\igfxtray.exe
C:\WINNT\System32\hkcmd.exe
C:\WINNT\system32\ezSP_Px.exe
C:\PROGRA~1\Sony\SONICS~1\SsAAD.exe
C:\Norman\bin\ZLH.EXE
C:\Norman\Nvc\BIN\NIP.EXE
C:\Program Files\Common Files\Sony Shared\AVLib\SSScsiSV.exe
C:\Norman\Nvc\bin\cclaw.exe
C:\WINNT\System32\cisvc.exe
C:\WINNT\System32\cidaemon.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Documents and Settings\Lizzie\Desktop\HijackThis.exe

R3 - URLSearchHook: AOLTBSearch Class - {EA756889-2338-43DB-8F07-D1CA6FB9C90D} - C:\Program Files\AOL\AOL Toolbar 2.0\aoltb.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot\SDHelper.dll
O2 - BHO: AOL Toolbar Launcher - {7C554162-8CB7-45A4-B8F4-8EA1C75885F9} - C:\Program Files\AOL\AOL Toolbar 2.0\aoltb.dll
O3 - Toolbar: AOL Toolbar - {DE9C389F-3316-41A7-809B-AA305ED9D922} - C:\Program Files\AOL\AOL Toolbar 2.0\aoltb.dll
O4 - HKLM\..\Run: [Synchronization Manager] mobsync.exe /logon
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [IgfxTray] C:\WINNT\System32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\WINNT\System32\hkcmd.exe
O4 - HKLM\..\Run: [HPDJ Taskbar Utility] C:\WINNT\system32\spool\drivers\w32x86\3\hpztsb04.exe
O4 - HKLM\..\Run: [ezShieldProtector for Px] C:\WINNT\system32\ezSP_Px.exe
O4 - HKLM\..\Run: [SsAAD.exe] C:\PROGRA~1\Sony\SONICS~1\SsAAD.exe
O4 - HKLM\..\Run: [Norman ZANDA] C:\Norman\bin\ZLH.EXE /LOAD /SPLASH
O4 - HKLM\..\Run: [SpySweeper] "C:\Program Files\Webroot\Spy Sweeper\SpySweeper.exe" /startintray
O4 - HKCU\..\Run: [AIM] C:\Program Files\aim\aim.exe -cnetwait.odl
O4 - HKCU\..\Run: [PPMemCheck] C:\PROGRA~1\PESTPA~1\PPMemCheck.exe
O4 - HKCU\..\Run: [PestPatrol Control Center] C:\PROGRA~1\PESTPA~1\PPControl.exe
O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot\TeaTimer.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office\OSA9.EXE
O8 - Extra context menu item: &AOL Toolbar Search - c:\program files\aol\aol toolbar 2.0\resources\en-US\local\search.html
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\npjpi150_06.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\npjpi150_06.dll
O9 - Extra button: AOL Toolbar - {3369AF0D-62E9-4bda-8103-B4C75499B578} - C:\Program Files\AOL\AOL Toolbar 2.0\aoltb.dll
O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\Program Files\aim\aim.exe
O12 - Plugin for .pdf: C:\Program Files\Internet Explorer\PLUGINS\nppdf32.dll
O16 - DPF: Yahoo! Blackjack - http://download.games.yahoo.com/games/clients/y/jt0_x.cab
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage) - http://go.microsoft.com/fwlink/?linkid=34738&clcid=0x409
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1136416750531
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://acs.pandasoftware.com/activescan/as5free/asinst.cab
O16 - DPF: {D719897A-B07A-4C0C-AEA9-9B663A28DFCB} (iTunesDetector Class) - http://ax.phobos.apple.com.edgesuite.net/detection/ITDetector.cab
O20 - Winlogon Notify: igfxcui - C:\WINNT\SYSTEM32\igfxsrvc.dll
O20 - Winlogon Notify: WRNotifier - C:\WINNT\SYSTEM32\WRLogonNTF.dll
O23 - Service: Logical Disk Manager Administrative Service (dmadmin) - VERITAS Software Corp. - C:\WINNT\System32\dmadmin.exe
O23 - Service: ewido security suite control - ewido networks - C:\Program Files\ewido anti-malware\ewidoctrl.exe
O23 - Service: MSCSPTISRV - Sony Corporation - C:\Program Files\Common Files\Sony Shared\AVLib\MSCSPTISRV.exe
O23 - Service: Norman API-hooking helper (NipSvc) - Unknown owner - C:\Norman\Nvc\BIN\nipsvc.exe
O23 - Service: Norman NJeeves - Unknown owner - C:\Norman\bin\NJEEVES.EXE
O23 - Service: Norman ZANDA - Unknown owner - C:\Norman\bin\ZANDA.EXE
O23 - Service: Norman Virus Control on-access component (nvcoas) - Norman ASA - C:\Norman\Nvc\bin\nvcoas.exe
O23 - Service: Norman Virus Control Scheduler (NVCScheduler) - Norman Data Defense Systems - C:\Norman\Nvc\BIN\NVCSCHED.EXE
O23 - Service: PACSPTISVR - Sony Corporation - C:\Program Files\Common Files\Sony Shared\AVLib\PACSPTISVR.exe
O23 - Service: Sony SPTI Service (SPTISRV) - Sony Corporation - C:\Program Files\Common Files\Sony Shared\AVLib\SPTISRV.exe
O23 - Service: SonicStage SCSI Service (SSScsiSV) - Sony Corporation - C:\Program Files\Common Files\Sony Shared\AVLib\SSScsiSV.exe
 
Download: CCleaner (freeware)
http://www.majorgeeks.com/download4191.html

Open Notepad and copy the following to a new document. Save it where you know where to find it.

1) Please download the
Killbox.
Unzip it to the desktop but do NOT run it yet.

2) Then please reboot into Safe Mode by restarting your computer and pressing F8 as your computer is booting up. Then select the Safe Mode option.

3) Once in Safe Mode, please run Killbox.

4) Select "Delete on Reboot".

5) Open the text file with these instructions in it, and copy the file names below to the clipboard by highlighting them and pressing Control-C:

C:\WINDOWS\Config\Setup\Microsoft\dcom.bat
C:\WINNT\kwv2.dat
C:\WINNT\system32\msfdje.gif
C:\WINNT\system32\mshfan.dll
C:\WINNT\system32\msodae.dll
C:\WINNT\system32\Party Poker.ico
C:\WINNT\system32\saieau.dat
C:\WINNT\system32\stlb2.xml

6) Return to Killbox, go to the File menu, and choose "Paste from Clipboard".

7) Click the red-and-white "Delete File" button. Click "Yes" at the Delete on Reboot prompt. Click "No" at the Pending Operations prompt.

Run CCleaner click the Windows [tab]
Select the following:
cleaner.gif

Next: click Options click the Advancedtab.
Uncheck: "Only delete files older than 48 hrs.", click Ok
Then click Run Cleaner (bottom right) then Exit

Then boot back to normal mode, and say how things are now.
 
Ok, it's left a few things behind.

Run Hijackthis and select "Do a system scan only", place a check by the following entries.

O4 - HKLM\..\Run: [SpySweeper] "C:\Program Files\Webroot\Spy Sweeper\SpySweeper.exe" /startintray
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office\OSA9.EXE
O20 - Winlogon Notify: WRNotifier - C:\WINNT\SYSTEM32\WRLogonNTF.dll

Close all open windows and browsers, and hit "Fix Checked".

Reboot and post a new log.
 
Logfile of HijackThis v1.99.1
Scan saved at 5:56:49 PM, on 2/20/2006
Platform: Windows 2000 SP4 (WinNT 5.00.2195)
MSIE: Internet Explorer v6.00 SP4 (6.00.2800.1106)

Running processes:
C:\WINNT\System32\smss.exe
C:\WINNT\system32\csrss.exe
C:\WINNT\system32\winlogon.exe
C:\WINNT\system32\services.exe
C:\WINNT\system32\lsass.exe
C:\WINNT\system32\svchost.exe
C:\WINNT\system32\spoolsv.exe
C:\WINNT\System32\cisvc.exe
C:\Program Files\ewido anti-malware\ewidoctrl.exe
C:\Norman\bin\ZANDA.EXE
C:\WINNT\system32\regsvc.exe
C:\WINNT\system32\MSTask.exe
C:\WINNT\System32\WBEM\WinMgmt.exe
C:\WINNT\system32\mspmspsv.exe
C:\WINNT\system32\svchost.exe
C:\WINNT\Explorer.EXE
C:\WINNT\System32\igfxtray.exe
C:\WINNT\System32\hkcmd.exe
C:\WINNT\system32\ezSP_Px.exe
C:\PROGRA~1\Sony\SONICS~1\SsAAD.exe
C:\Norman\bin\ZLH.EXE
C:\Norman\Nvc\BIN\NIP.EXE
C:\Norman\Nvc\BIN\NVCSCHED.EXE
C:\Norman\bin\NJEEVES.EXE
C:\Norman\Nvc\bin\nvcoas.exe
C:\WINNT\System32\svchost.exe
C:\Program Files\Common Files\Sony Shared\AVLib\SSScsiSV.exe
C:\Norman\Nvc\BIN\nipsvc.exe
C:\Norman\Nvc\bin\cclaw.exe
C:\Documents and Settings\Lizzie\Desktop\HijackThis.exe
C:\Program Files\Internet Explorer\iexplore.exe

R3 - URLSearchHook: AOLTBSearch Class - {EA756889-2338-43DB-8F07-D1CA6FB9C90D} - C:\Program Files\AOL\AOL Toolbar 2.0\aoltb.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot\SDHelper.dll
O2 - BHO: AOL Toolbar Launcher - {7C554162-8CB7-45A4-B8F4-8EA1C75885F9} - C:\Program Files\AOL\AOL Toolbar 2.0\aoltb.dll
O3 - Toolbar: AOL Toolbar - {DE9C389F-3316-41A7-809B-AA305ED9D922} - C:\Program Files\AOL\AOL Toolbar 2.0\aoltb.dll
O4 - HKLM\..\Run: [Synchronization Manager] mobsync.exe /logon
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [IgfxTray] C:\WINNT\System32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\WINNT\System32\hkcmd.exe
O4 - HKLM\..\Run: [HPDJ Taskbar Utility] C:\WINNT\system32\spool\drivers\w32x86\3\hpztsb04.exe
O4 - HKLM\..\Run: [ezShieldProtector for Px] C:\WINNT\system32\ezSP_Px.exe
O4 - HKLM\..\Run: [SsAAD.exe] C:\PROGRA~1\Sony\SONICS~1\SsAAD.exe
O4 - HKLM\..\Run: [Norman ZANDA] C:\Norman\bin\ZLH.EXE /LOAD /SPLASH
O4 - HKCU\..\Run: [AIM] C:\Program Files\aim\aim.exe -cnetwait.odl
O4 - HKCU\..\Run: [PPMemCheck] C:\PROGRA~1\PESTPA~1\PPMemCheck.exe
O4 - HKCU\..\Run: [PestPatrol Control Center] C:\PROGRA~1\PESTPA~1\PPControl.exe
O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot\TeaTimer.exe
O8 - Extra context menu item: &AOL Toolbar Search - c:\program files\aol\aol toolbar 2.0\resources\en-US\local\search.html
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\npjpi150_06.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\npjpi150_06.dll
O9 - Extra button: AOL Toolbar - {3369AF0D-62E9-4bda-8103-B4C75499B578} - C:\Program Files\AOL\AOL Toolbar 2.0\aoltb.dll
O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\Program Files\aim\aim.exe
O12 - Plugin for .pdf: C:\Program Files\Internet Explorer\PLUGINS\nppdf32.dll
O16 - DPF: Yahoo! Blackjack - http://download.games.yahoo.com/games/clients/y/jt0_x.cab
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage) - http://go.microsoft.com/fwlink/?linkid=34738&clcid=0x409
O16 - DPF: {2BC66F54-93A8-11D3-BEB6-00105AA9B6AE} (Symantec AntiVirus scanner) - http://security.symantec.com/sscv6/SharedContent/vc/bin/AvSniff.cab
O16 - DPF: {644E432F-49D3-41A1-8DD5-E099162EEEC5} (Symantec RuFSI Utility Class) - http://security.symantec.com/sscv6/SharedContent/common/bin/cabsa.cab
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1136416750531
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://acs.pandasoftware.com/activescan/as5free/asinst.cab
O16 - DPF: {D719897A-B07A-4C0C-AEA9-9B663A28DFCB} (iTunesDetector Class) - http://ax.phobos.apple.com.edgesuite.net/detection/ITDetector.cab
O20 - Winlogon Notify: igfxcui - C:\WINNT\SYSTEM32\igfxsrvc.dll
O23 - Service: Logical Disk Manager Administrative Service (dmadmin) - VERITAS Software Corp. - C:\WINNT\System32\dmadmin.exe
O23 - Service: ewido security suite control - ewido networks - C:\Program Files\ewido anti-malware\ewidoctrl.exe
O23 - Service: MSCSPTISRV - Sony Corporation - C:\Program Files\Common Files\Sony Shared\AVLib\MSCSPTISRV.exe
O23 - Service: Norman API-hooking helper (NipSvc) - Unknown owner - C:\Norman\Nvc\BIN\nipsvc.exe
O23 - Service: Norman NJeeves - Unknown owner - C:\Norman\bin\NJEEVES.EXE
O23 - Service: Norman ZANDA - Unknown owner - C:\Norman\bin\ZANDA.EXE
O23 - Service: Norman Virus Control on-access component (nvcoas) - Norman ASA - C:\Norman\Nvc\bin\nvcoas.exe
O23 - Service: Norman Virus Control Scheduler (NVCScheduler) - Norman Data Defense Systems - C:\Norman\Nvc\BIN\NVCSCHED.EXE
O23 - Service: PACSPTISVR - Sony Corporation - C:\Program Files\Common Files\Sony Shared\AVLib\PACSPTISVR.exe
O23 - Service: Sony SPTI Service (SPTISRV) - Sony Corporation - C:\Program Files\Common Files\Sony Shared\AVLib\SPTISRV.exe
O23 - Service: SonicStage SCSI Service (SSScsiSV) - Sony Corporation - C:\Program Files\Common Files\Sony Shared\AVLib\SSScsiSV.exe

Also, running Norton's Virus detector online told me that I have a virus in C:\aohell.exe, and the virus is named W32.Allim. Should I look into removing this?
 
Last edited:
Also, running Norton's Virus detector online told me that I have a virus in C:\aohell.exe, and the virus is named W32.Allim. Should I look into removing this?
Click to expand...
Yes, delete that file. Run a registry cleaner and defrag, should speed things up a bit.
 
There is also aohell35.exe, aohelll37.exe, aohelll39.exe, aohelll41.exe, and aohelll43.exe. Are they also viruses?
 
You must log in or register to reply here.
Back
Top