Solved: Computer infected and moving very slow. HJT log

Status
This thread has been Locked and is not open to further replies. Please start a New Thread if you're having a similar issue. View our Welcome Guide to learn how to use this site.

Chamber Girl

Thread Starter
Joined
Feb 8, 2007
Messages
59
Recently was bombarded with several viruses all at once and for several days afterwards. They are all (I think) quarantined. But since then my computer is acting very erratic and seems to get slower every day. Not sure if you need it or not but am inserting a hjt log below. Hope someone can help before the computer crashes completely..

Logfile of HijackThis v1.99.1
Scan saved at 8:42:32 AM, on 2/8/2007
Platform: Windows XP SP1 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\PROGRA~1\SYMANT~1\SYMANT~1\DefWatch.exe
C:\PROGRA~1\SYMANT~1\SYMANT~1\Rtvscan.exe
C:\Program Files\Spyware Doctor\sdhelp.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
C:\WINDOWS\System32\wdfmgr.exe
C:\WINDOWS\Explorer.EXE
C:\PROGRA~1\SYMANT~1\SYMANT~1\vptray.exe
C:\WINDOWS\SOUNDMAN.EXE
C:\Program Files\HP\hpcoretech\hpcmpmgr.exe
C:\WINDOWS\System32\adirss.exe
C:\WINDOWS\System32\lnwin.exe
C:\Program Files\Spyware Doctor\swdoctor.exe
C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
C:\WINDOWS\system32\HPZipm12.exe
C:\PROGRA~1\INCRED~1\bin\IMApp.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\PROGRA~1\WINZIP\winzip32.exe
C:\unzipped\hijackthis[1]\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://red.clientapps.yahoo.com/customize/ycomp/defaults/sb/*http://www.yahoo.com/search/ie.html
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://red.clientapps.yahoo.com/customize/ycomp/defaults/sp/*http://www.yahoo.com
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = about:blank
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://red.clientapps.yahoo.com/customize/ycomp/defaults/su/*http://www.yahoo.com
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = c:\windows\SYSTEM\blank.htm
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = localhost
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: PCTools Site Guard - {5C8B2A36-3DB1-42A4-A3CB-D426709BBFEB} - C:\PROGRA~1\SPYWAR~1\tools\iesdsg.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_10\bin\ssv.dll
O2 - BHO: PCTools Browser Monitor - {B56A7D7D-6927-48C8-A975-17DF180C71AC} - C:\PROGRA~1\SPYWAR~1\tools\iesdpb.dll
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx
O4 - HKLM\..\Run: [vptray] C:\PROGRA~1\SYMANT~1\SYMANT~1\vptray.exe
O4 - HKLM\..\Run: [SystemTray] SysTray.Exe
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [MplSetUp] C:\Program Files\RMClient\MplSetUp.exe
O4 - HKLM\..\Run: [JobHisInit] C:\Program Files\RMClient\JobHisInit.exe
O4 - HKLM\..\Run: [HP Component Manager] "C:\Program Files\HP\hpcoretech\hpcmpmgr.exe"
O4 - HKLM\..\Run: [%%DELETE_VALUE%%] CreateCD50
O4 - HKLM\..\Run: [sysinter] C:\WINDOWS\System32\adirss.exe
O4 - HKLM\..\Run: [lnwin.exe] C:\WINDOWS\System32\lnwin.exe
O4 - HKCU\..\Run: [Spyware Doctor] "C:\Program Files\Spyware Doctor\swdoctor.exe" /Q
O4 - HKCU\..\Run: [Agent] C:\WINDOWS\System32\alsys.exe
O4 - Global Startup: HP Image Zone Fast Start.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqthb08.exe
O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
O8 - Extra context menu item: &Add animation to IncrediMail Style Box - C:\PROGRA~1\INCRED~1\bin\resources\WebMenuImg.htm
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_10\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_10\bin\ssv.dll
O9 - Extra button: Spyware Doctor - {2D663D1A-8670-49D9-A1A5-4C56B4E14E84} - C:\PROGRA~1\SPYWAR~1\tools\iesdpb.dll
O16 - DPF: {DF780F87-FF2B-4DF8-92D0-73DB16A1543A} (PopCapLoader Object) - http://games.pogo.com/online2/pogo/bejeweled2/popcaploader_v6.cab
O20 - Winlogon Notify: NavLogon - C:\WINDOWS\System32\NavLogon.dll
O23 - Service: DefWatch - Symantec Corporation - C:\PROGRA~1\SYMANT~1\SYMANT~1\DefWatch.exe
O23 - Service: Symantec AntiVirus Client (Norton AntiVirus Server) - Symantec Corporation - C:\PROGRA~1\SYMANT~1\SYMANT~1\Rtvscan.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe
O23 - Service: PC Tools Spyware Doctor (SDhelper) - PC Tools Research Pty Ltd - C:\Program Files\Spyware Doctor\sdhelp.exe
O23 - Service: Symantec Core LC - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
 
Joined
Sep 7, 2004
Messages
49,014
You still have some nasties
==============
Download http://downloads.andymanchesta.com/RemovalTools/SDFix.exe and save it to your Desktop.

Double click SDFix.exe and it will extract the files to %systemdrive%
(Drive that contains the Windows Directory, typically C:\SDFix)

Please then reboot your computer in Safe Mode by doing the following :
· Restart your computer
· After hearing your computer beep once during startup, but before the Windows icon appears, tap the F8 key continually;
· Instead of Windows loading as normal, the Advanced Options Menu should appear;
· Select the first option, to run Windows in Safe Mode, then press Enter.
· Choose your usual account.
· Open the extracted SDFix folder and double click RunThis.bat to start the script.
· Type Y to begin the cleanup process.
· It will remove any Trojan Services and Registry Entries that it finds then prompt you to press any key to Reboot.
· Press any Key and it will restart the PC.
· When the PC restarts the Fixtool will run again and complete the removal process then display Finished, press any key to end the script and load your desktop icons.
· Once the desktop icons load the SDFix report will open on screen and also save into the SDFix folder as Report.txt
(Report.txt will also be copied to Clipboard ready for posting back on the forum).
· Finally paste the contents of the Report.txt back on the forum with a new HijackThis log

============
Download Superantispyware

http://www.superantispyware.com/superantispywarefreevspro.html

Install it and double-click the icon on your desktop to run it.
· It will ask if you want to update the program definitions, click Yes.
· Under Configuration and Preferences, click the Preferences button.
· Click the Scanning Control tab.
· Under Scanner Options make sure the following are checked:
o Close browsers before scanning
o Scan for tracking cookies
o Terminate memory threats before quarantining.
o Please leave the others unchecked.
o Click the Close button to leave the control center screen.
· On the main screen, under Scan for Harmful Software click Scan your computer.
· On the left check C:\Fixed Drive.
· On the right, under Complete Scan, choose Perform Complete Scan.
· Click Next to start the scan. Please be patient while it scans your computer.
· After the scan is complete a summary box will appear. Click OK.
· Make sure everything in the white box has a check next to it, then click Next.
· It will quarantine what it found and if it asks if you want to reboot, click Yes.
· To retrieve the removal information for me please do the following:
o After reboot, double-click the SUPERAntispyware icon on your desktop.
o Click Preferences. Click the Statistics/Logs tab.
o Under Scanner Logs, double-click SUPERAntiSpyware Scan Log.
o It will open in your default text editor (such as Notepad/Wordpad).
o Please highlight everything in the notepad, then right-click and choose copy.
· Click close and close again to exit the program.
· Please paste that information here for me with a new HijackThis log.
 

Chamber Girl

Thread Starter
Joined
Feb 8, 2007
Messages
59
Below is the SDFix Log and Hijackthis log. I will now be doing the second part of your reply by downloading and running suerantisyware and then will post those findings plus another hijackthis log.


SDFix: Version 1.63

Thu 02/08/2007 - 13:33:56.65

Microsoft Windows XP [Version 5.1.2600]

Running From: C:\SDFix

Safe Mode:
Checking Services:

Name:
wincom32

Path:
\??\C:\WINDOWS\System32\wincom32.sys

wincom32 Deleted

Restoring Windows Registry Entries
Restoring Default Hosts File


Rebooting...

Normal Mode:
Checking Files:

Below files will be copied to Backups folder then removed:

C:\DOCUME~1\Tonja\LOCALS~1\Temp\setup.exe - Deleted
C:\WINDOWS\system32\adirss.exe - Deleted
C:\WINDOWS\system32\game5.exe - Deleted
C:\WINDOWS\system32\lnwin.exe - Deleted
C:\WINDOWS\system32\peers.ini - Deleted
C:\WINDOWS\system32\wincom32.ini - Deleted
C:\WINDOWS\system32\zlbw.dll - Deleted



ADS Check:

C:\WINDOWS\system32
No streams found.

Final Check:

Remaining Services:
------------------



Remaining Files:
---------------

Backups Folder: - C:\SDFix\backups\backups.zip


Checking For Files with Hidden Attributes :

C:\Program Files\Uninstall Information\IE40.Comctl32\AINF0000
C:\Program Files\Free Offers from Freeze.com\Thumbs.db
C:\Program Files\Stamps.com Internet Postage\images\Thumbs.db
C:\Old Data\Program Files\Uninstall Information\IE40.Comctl32\AINF0000
C:\Documents and Settings\Tonja\NetHood\ftp.tyan.com\Desktop.ini
C:\Program Files\Uninstall Information\mshtml.DllReg\AINF0000
C:\Old Data\Program Files\Uninstall Information\mshtml.DllReg\AINF0000
C:\usb\adminchk.dll
C:\Program Files\Common Files\Adobe\ESD\DLMCleanup.exe
C:\usb\AEEnable.exe
C:\usb\RemADI.exe
C:\hiberfil.sys
C:\Old Data\logo.sys
C:\Old Data\MyFiles\~WRL0001.tmp
C:\Old Data\WIN95\Application Data\Microsoft\Word\~WRL0004.tmp
C:\Old Data\WIN95\Application Data\Microsoft\Word\~WRL0040.tmp
C:\Old Data\WIN95\Application Data\Microsoft\Word\~WRL0005.tmp
C:\Old Data\WIN95\Application Data\Microsoft\Word\~WRL1742.tmp
C:\Old Data\WIN95\Application Data\Microsoft\Word\~WRL1678.tmp
C:\Old Data\WIN95\Application Data\Microsoft\Word\~WRL0657.tmp
C:\Old Data\WIN95\Application Data\Microsoft\Word\~WRL3755.tmp
C:\Old Data\WIN95\Application Data\Microsoft\Word\~WRL2734.tmp
C:\Documents and Settings\Tonja\Local Settings\Temp\~WRD0044.tmp
C:\Documents and Settings\Tonja\Local Settings\Temp\~WRL3196.tmp
C:\Documents and Settings\Tonja\Local Settings\Temp\~WRL0740.tmp
C:\Documents and Settings\Tonja\Local Settings\Temp\~WRD1558.tmp
C:\Documents and Settings\Tonja\Local Settings\Temp\~WRD1851.tmp
C:\Documents and Settings\Tonja\Local Settings\Temp\~WRD0067.tmp
C:\Documents and Settings\Tonja\Local Settings\Temp\~WRD0497.tmp
C:\Documents and Settings\Tonja\Local Settings\Temp\~WRD3786.tmp
C:\Documents and Settings\Tonja\Local Settings\Temp\~WRD0249.tmp
C:\Documents and Settings\Tonja\Local Settings\Temp\~WRD0438.tmp
C:\Documents and Settings\Tonja\Local Settings\Temp\~WRD2122.tmp
C:\Documents and Settings\Tonja\Local Settings\Temp\~WRD2419.tmp
C:\Documents and Settings\Tonja\Local Settings\Temp\~WRD3262.tmp
C:\Documents and Settings\Tonja\Local Settings\Temp\~WRD3571.tmp
C:\Documents and Settings\Tonja\Local Settings\Temp\~WRD2520.tmp
C:\Documents and Settings\Tonja\Local Settings\Temp\~WRD2852.tmp
C:\Documents and Settings\Tonja\Local Settings\Temp\~WRD3227.tmp
C:\Documents and Settings\Tonja\Local Settings\Temp\~WRD3773.tmp
C:\Documents and Settings\Tonja\Local Settings\Temp\~WRD0834.tmp
C:\Documents and Settings\Tonja\Local Settings\Temp\~WRD3516.tmp
C:\Documents and Settings\Tonja\Local Settings\Temp\~WRD0515.tmp
C:\Documents and Settings\Tonja\Local Settings\Temp\~WRD0840.tmp
C:\Documents and Settings\Tonja\Local Settings\Temp\~WRD0463.tmp
C:\Documents and Settings\Tonja\Local Settings\Temp\~WRD1687.tmp
C:\Documents and Settings\Tonja\Local Settings\Temp\~WRD2828.tmp
C:\Documents and Settings\Tonja\Local Settings\Temp\~WRD2146.tmp
C:\Documents and Settings\Tonja\Local Settings\Temp\~WRD0057.tmp
C:\Documents and Settings\Tonja\Local Settings\Temp\~WRD0385.tmp
C:\Documents and Settings\Tonja\Local Settings\Temp\~WRD1249.tmp
C:\Documents and Settings\Tonja\Local Settings\Temp\~WRD2397.tmp
C:\Documents and Settings\Tonja\Local Settings\Temp\~WRD0862.tmp
C:\Documents and Settings\Tonja\Local Settings\Temp\~WRD1300.tmp
C:\Documents and Settings\Tonja\Local Settings\Temp\~WRD2288.tmp
C:\Documents and Settings\Tonja\Local Settings\Temp\~WRD3569.tmp
C:\Documents and Settings\Tonja\Local Settings\Temp\~WRD1448.tmp
C:\Documents and Settings\Tonja\Local Settings\Temp\~WRD1238.tmp
C:\Documents and Settings\Tonja\Local Settings\Temp\~WRD1793.tmp
C:\Documents and Settings\Tonja\Local Settings\Temp\~WRD0601.tmp
C:\Documents and Settings\Tonja\Local Settings\Temp\~WRD2914.tmp
C:\Documents and Settings\Tonja\Local Settings\Temp\~WRD3954.tmp
C:\Documents and Settings\Tonja\Local Settings\Temp\~WRD2830.tmp
C:\Documents and Settings\Tonja\Local Settings\Temp\~WRD3112.tmp
C:\Documents and Settings\Tonja\Local Settings\Temp\~WRD2536.tmp
C:\Documents and Settings\Tonja\Local Settings\Temp\~WRD0063.tmp
C:\Documents and Settings\Tonja\Local Settings\Temp\~WRD1753.tmp
C:\Documents and Settings\Tonja\Local Settings\Temp\~WRD1758.tmp
C:\Documents and Settings\Tonja\Local Settings\Temp\~WRD0286.tmp
C:\Documents and Settings\Tonja\Local Settings\Temp\~WRD2892.tmp
C:\Documents and Settings\Tonja\Local Settings\Temp\~WRD2925.tmp
C:\Documents and Settings\Tonja\Local Settings\Temp\~WRD0270.tmp
C:\Documents and Settings\Tonja\Local Settings\Temp\~WRD3238.tmp
C:\Documents and Settings\Tonja\Local Settings\Temp\~WRD3593.tmp
C:\Documents and Settings\Tonja\Local Settings\Temp\~WRD0856.tmp
C:\Documents and Settings\Tonja\Local Settings\Temp\~WRD1940.tmp
C:\Documents and Settings\Tonja\Local Settings\Temp\~WRD2713.tmp
C:\Documents and Settings\Tonja\Local Settings\Temp\~WRD0761.tmp
C:\Documents and Settings\Tonja\Local Settings\Temp\~WRD2561.tmp
C:\Documents and Settings\Tonja\Local Settings\Temp\~WRD3885.tmp
C:\Documents and Settings\Tonja\Local Settings\Temp\~WRD3105.tmp
C:\Documents and Settings\Tonja\Local Settings\Temp\~WRD3397.tmp
C:\Documents and Settings\Tonja\Local Settings\Temp\~WRD0757.tmp
C:\Documents and Settings\Tonja\Local Settings\Temp\~WRD2374.tmp
C:\Documents and Settings\Tonja\Local Settings\Temp\~WRL0791.tmp
C:\Documents and Settings\Tonja\Local Settings\Temp\~WRD0302.tmp
C:\Documents and Settings\Tonja\Local Settings\Temp\~WRD2665.tmp
C:\Documents and Settings\Tonja\Local Settings\Temp\~WRD0436.tmp
C:\Documents and Settings\Tonja\Local Settings\Temp\~WRD3859.tmp
C:\Documents and Settings\Tonja\Local Settings\Temp\~WRD1945.tmp
C:\Documents and Settings\Tonja\Local Settings\Temp\~WRD0694.tmp
C:\Documents and Settings\Tonja\Local Settings\Temp\~WRD1255.tmp
C:\Documents and Settings\Tonja\Local Settings\Temp\~WRD0514.tmp
C:\Documents and Settings\Tonja\Local Settings\Temp\~WRD0444.tmp
C:\Documents and Settings\Tonja\Local Settings\Temp\~WRD3331.tmp
C:\Documents and Settings\Tonja\Local Settings\Temp\~WRD3854.tmp
C:\Documents and Settings\Tonja\Local Settings\Temp\~WRD0084.tmp
C:\Documents and Settings\Tonja\Local Settings\Temp\~WRD3853.tmp
C:\Documents and Settings\Tonja\Local Settings\Temp\~WRD1276.tmp
C:\Documents and Settings\Tonja\My Documents\~WRL3064.tmp
C:\Documents and Settings\Tonja\My Documents\~WRL3224.tmp
C:\Documents and Settings\Tonja\My Documents\~WRL0003.tmp
C:\Documents and Settings\Tonja\My Documents\Capital Campaign\Phase II\Forms\Pledge Forms\~WRL0371.tmp
C:\Documents and Settings\Tonja\My Documents\Capital Campaign\Phase II\Forms\Pledge Forms\~WRL0113.tmp
C:\Documents and Settings\Tonja\Application Data\Microsoft\Word\~WRL0003.tmp
C:\Documents and Settings\Tonja\Application Data\Microsoft\Word\~WRL0004.tmp
C:\Documents and Settings\Tonja\Application Data\Microsoft\Word\~WRL0468.tmp
C:\Documents and Settings\Tonja\Application Data\Microsoft\Word\~WRL0005.tmp
C:\Documents and Settings\Tonja\Application Data\Microsoft\Word\~WRL1911.tmp
C:\Documents and Settings\Tonja\Application Data\Microsoft\Word\~WRL1822.tmp
C:\Documents and Settings\Tonja\Application Data\Microsoft\Word\~WRL0417.tmp
C:\Documents and Settings\Tonja\Application Data\Microsoft\Word\~WRL2974.tmp
C:\Documents and Settings\Tonja\Application Data\Microsoft\Word\~WRL1368.tmp
C:\Documents and Settings\Tonja\Application Data\Microsoft\Word\~WRL2430.tmp
C:\Documents and Settings\Tonja\Application Data\Microsoft\Word\~WRL0007.tmp
C:\Documents and Settings\Tonja\Application Data\Microsoft\Word\~WRL3374.tmp
C:\Documents and Settings\Tonja\Application Data\Microsoft\Word\~WRL0538.tmp
C:\Documents and Settings\Tonja\Application Data\Microsoft\Word\~WRL1282.tmp
C:\Documents and Settings\Tonja\Application Data\Microsoft\Word\~WRL3652.tmp
C:\Documents and Settings\Tonja\Application Data\Microsoft\Word\~WRL1832.tmp
C:\Documents and Settings\Tonja\Application Data\Microsoft\Word\~WRL3789.tmp
C:\Documents and Settings\Tonja\Application Data\Microsoft\Word\~WRL1046.tmp
C:\Documents and Settings\Tonja\Application Data\Microsoft\Word\~WRL1626.tmp
C:\Documents and Settings\Tonja\Application Data\Microsoft\Word\~WRL3235.tmp
C:\Documents and Settings\Tonja\Application Data\Microsoft\Word\~WRL0782.tmp
C:\Documents and Settings\Tonja\Application Data\Microsoft\Word\~WRL3646.tmp
C:\Documents and Settings\Tonja\Application Data\Microsoft\Word\~WRL3864.tmp
C:\Documents and Settings\Tonja\Application Data\Microsoft\Word\~WRL2469.tmp
C:\Documents and Settings\Tonja\Application Data\Microsoft\Word\~WRL3031.tmp
C:\Documents and Settings\Tonja\Application Data\Microsoft\Word\~WRL1349.tmp
C:\Documents and Settings\Tonja\Application Data\Microsoft\Word\~WRL1108.tmp
C:\Documents and Settings\Tonja\Application Data\Microsoft\Word\~WRL0006.tmp
C:\Documents and Settings\Tonja\Application Data\Microsoft\Word\~WRL0860.tmp
C:\Documents and Settings\Tonja\Application Data\Microsoft\Word\~WRL3408.tmp

Finished

Logfile of HijackThis v1.99.1
Scan saved at 1:50:37 PM, on 2/8/2007
Platform: Windows XP SP1 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\System32\alg.exe
C:\PROGRA~1\SYMANT~1\SYMANT~1\DefWatch.exe
C:\PROGRA~1\SYMANT~1\SYMANT~1\Rtvscan.exe
C:\Program Files\Spyware Doctor\sdhelp.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
C:\WINDOWS\System32\wdfmgr.exe
C:\WINDOWS\Explorer.EXE
C:\PROGRA~1\SYMANT~1\SYMANT~1\vptray.exe
C:\WINDOWS\SOUNDMAN.EXE
C:\Program Files\HP\hpcoretech\hpcmpmgr.exe
C:\Program Files\Spyware Doctor\swdoctor.exe
C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
C:\WINDOWS\system32\HPZipm12.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\PROGRA~1\WINZIP\winzip32.exe
C:\unzipped\hijackthis[2]\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://red.clientapps.yahoo.com/customize/ycomp/defaults/sb/*http://www.yahoo.com/search/ie.html
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://red.clientapps.yahoo.com/customize/ycomp/defaults/sp/*http://www.yahoo.com
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = about:blank
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://red.clientapps.yahoo.com/customize/ycomp/defaults/su/*http://www.yahoo.com
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = c:\windows\SYSTEM\blank.htm
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = localhost
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: PCTools Site Guard - {5C8B2A36-3DB1-42A4-A3CB-D426709BBFEB} - C:\PROGRA~1\SPYWAR~1\tools\iesdsg.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_10\bin\ssv.dll
O2 - BHO: PCTools Browser Monitor - {B56A7D7D-6927-48C8-A975-17DF180C71AC} - C:\PROGRA~1\SPYWAR~1\tools\iesdpb.dll
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx
O4 - HKLM\..\Run: [vptray] C:\PROGRA~1\SYMANT~1\SYMANT~1\vptray.exe
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [MplSetUp] C:\Program Files\RMClient\MplSetUp.exe
O4 - HKLM\..\Run: [JobHisInit] C:\Program Files\RMClient\JobHisInit.exe
O4 - HKLM\..\Run: [HP Component Manager] "C:\Program Files\HP\hpcoretech\hpcmpmgr.exe"
O4 - HKLM\..\Run: [%%DELETE_VALUE%%] CreateCD50
O4 - HKCU\..\Run: [Spyware Doctor] "C:\Program Files\Spyware Doctor\swdoctor.exe" /Q
O4 - Global Startup: HP Image Zone Fast Start.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqthb08.exe
O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
O8 - Extra context menu item: &Add animation to IncrediMail Style Box - C:\PROGRA~1\INCRED~1\bin\resources\WebMenuImg.htm
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_10\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_10\bin\ssv.dll
O9 - Extra button: Spyware Doctor - {2D663D1A-8670-49D9-A1A5-4C56B4E14E84} - C:\PROGRA~1\SPYWAR~1\tools\iesdpb.dll
O16 - DPF: {DF780F87-FF2B-4DF8-92D0-73DB16A1543A} (PopCapLoader Object) - http://games.pogo.com/online2/pogo/bejeweled2/popcaploader_v6.cab
O20 - Winlogon Notify: NavLogon - C:\WINDOWS\System32\NavLogon.dll
O23 - Service: DefWatch - Symantec Corporation - C:\PROGRA~1\SYMANT~1\SYMANT~1\DefWatch.exe
O23 - Service: Symantec AntiVirus Client (Norton AntiVirus Server) - Symantec Corporation - C:\PROGRA~1\SYMANT~1\SYMANT~1\Rtvscan.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe
O23 - Service: PC Tools Spyware Doctor (SDhelper) - PC Tools Research Pty Ltd - C:\Program Files\Spyware Doctor\sdhelp.exe
O23 - Service: Symantec Core LC - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
 
Joined
Sep 7, 2004
Messages
49,014
Do this also

DownLoad EasyCleaner http://www.majorgeeks.com/download414.html

Use the clear files and Unnecessary files buttons – I do not recommend
using the Duplicates files button
as many dupes are there on purpose.

Not all files will delete – that is normal.

In the unnecessary button I check the top 4 entries
 

Chamber Girl

Thread Starter
Joined
Feb 8, 2007
Messages
59
Below is new HJT log after running Superantisyware . Will now download and run per your instruction, the Easycleaner. You did not mention what to do after that, so will let you know when finishd with running cleaner.

Logfile of HijackThis v1.99.1
Scan saved at 2:42:21 PM, on 2/8/2007
Platform: Windows XP SP1 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\System32\alg.exe
C:\PROGRA~1\SYMANT~1\SYMANT~1\DefWatch.exe
C:\PROGRA~1\SYMANT~1\SYMANT~1\Rtvscan.exe
C:\Program Files\Spyware Doctor\sdhelp.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
C:\WINDOWS\System32\wdfmgr.exe
C:\WINDOWS\Explorer.EXE
C:\PROGRA~1\SYMANT~1\SYMANT~1\vptray.exe
C:\WINDOWS\SOUNDMAN.EXE
C:\Program Files\HP\hpcoretech\hpcmpmgr.exe
C:\Program Files\Spyware Doctor\swdoctor.exe
C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
C:\Program Files\HP\Digital Imaging\bin\hpqthb08.exe
C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
C:\WINDOWS\system32\HPZipm12.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\PROGRA~1\WINZIP\winzip32.exe
C:\unzipped\hijackthis[1]\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://red.clientapps.yahoo.com/customize/ycomp/defaults/sb/*http://www.yahoo.com/search/ie.html
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://red.clientapps.yahoo.com/customize/ycomp/defaults/sp/*http://www.yahoo.com
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = about:blank
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://red.clientapps.yahoo.com/customize/ycomp/defaults/su/*http://www.yahoo.com
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = c:\windows\SYSTEM\blank.htm
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = localhost
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: PCTools Site Guard - {5C8B2A36-3DB1-42A4-A3CB-D426709BBFEB} - C:\PROGRA~1\SPYWAR~1\tools\iesdsg.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_10\bin\ssv.dll
O2 - BHO: PCTools Browser Monitor - {B56A7D7D-6927-48C8-A975-17DF180C71AC} - C:\PROGRA~1\SPYWAR~1\tools\iesdpb.dll
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx
O4 - HKLM\..\Run: [vptray] C:\PROGRA~1\SYMANT~1\SYMANT~1\vptray.exe
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [MplSetUp] C:\Program Files\RMClient\MplSetUp.exe
O4 - HKLM\..\Run: [JobHisInit] C:\Program Files\RMClient\JobHisInit.exe
O4 - HKLM\..\Run: [HP Component Manager] "C:\Program Files\HP\hpcoretech\hpcmpmgr.exe"
O4 - HKLM\..\Run: [%%DELETE_VALUE%%] CreateCD50
O4 - HKCU\..\Run: [Spyware Doctor] "C:\Program Files\Spyware Doctor\swdoctor.exe" /Q
O4 - HKCU\..\Run: [SUPERAntiSpyware] C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
O4 - Global Startup: HP Image Zone Fast Start.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqthb08.exe
O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
O8 - Extra context menu item: &Add animation to IncrediMail Style Box - C:\PROGRA~1\INCRED~1\bin\resources\WebMenuImg.htm
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_10\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_10\bin\ssv.dll
O9 - Extra button: Spyware Doctor - {2D663D1A-8670-49D9-A1A5-4C56B4E14E84} - C:\PROGRA~1\SPYWAR~1\tools\iesdpb.dll
O16 - DPF: {DF780F87-FF2B-4DF8-92D0-73DB16A1543A} (PopCapLoader Object) - http://games.pogo.com/online2/pogo/bejeweled2/popcaploader_v6.cab
O20 - Winlogon Notify: !SASWinLogon - C:\Program Files\SUPERAntiSpyware\SASWINLO.dll
O20 - Winlogon Notify: NavLogon - C:\WINDOWS\System32\NavLogon.dll
O23 - Service: DefWatch - Symantec Corporation - C:\PROGRA~1\SYMANT~1\SYMANT~1\DefWatch.exe
O23 - Service: Symantec AntiVirus Client (Norton AntiVirus Server) - Symantec Corporation - C:\PROGRA~1\SYMANT~1\SYMANT~1\Rtvscan.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe
O23 - Service: PC Tools Spyware Doctor (SDhelper) - PC Tools Research Pty Ltd - C:\Program Files\Spyware Doctor\sdhelp.exe
O23 - Service: Symantec Core LC - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
 
Joined
Sep 7, 2004
Messages
49,014
You didn't post the SuperAnti log but....

Things look good how are they?
 

Chamber Girl

Thread Starter
Joined
Feb 8, 2007
Messages
59
You didn't say too, but below is new hjt log after last download and cleaning.

Logfile of HijackThis v1.99.1
Scan saved at 2:56:59 PM, on 2/8/2007
Platform: Windows XP SP1 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\System32\alg.exe
C:\PROGRA~1\SYMANT~1\SYMANT~1\DefWatch.exe
C:\PROGRA~1\SYMANT~1\SYMANT~1\Rtvscan.exe
C:\Program Files\Spyware Doctor\sdhelp.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
C:\WINDOWS\System32\wdfmgr.exe
C:\WINDOWS\Explorer.EXE
C:\PROGRA~1\SYMANT~1\SYMANT~1\vptray.exe
C:\WINDOWS\SOUNDMAN.EXE
C:\Program Files\HP\hpcoretech\hpcmpmgr.exe
C:\Program Files\Spyware Doctor\swdoctor.exe
C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
C:\Program Files\HP\Digital Imaging\bin\hpqthb08.exe
C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
C:\WINDOWS\system32\HPZipm12.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\unzipped\hijackthis[2]\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://red.clientapps.yahoo.com/customize/ycomp/defaults/sb/*http://www.yahoo.com/search/ie.html
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://red.clientapps.yahoo.com/customize/ycomp/defaults/sp/*http://www.yahoo.com
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = about:blank
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://red.clientapps.yahoo.com/customize/ycomp/defaults/su/*http://www.yahoo.com
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = c:\windows\SYSTEM\blank.htm
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = localhost
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: PCTools Site Guard - {5C8B2A36-3DB1-42A4-A3CB-D426709BBFEB} - C:\PROGRA~1\SPYWAR~1\tools\iesdsg.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_10\bin\ssv.dll
O2 - BHO: PCTools Browser Monitor - {B56A7D7D-6927-48C8-A975-17DF180C71AC} - C:\PROGRA~1\SPYWAR~1\tools\iesdpb.dll
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx
O4 - HKLM\..\Run: [vptray] C:\PROGRA~1\SYMANT~1\SYMANT~1\vptray.exe
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [MplSetUp] C:\Program Files\RMClient\MplSetUp.exe
O4 - HKLM\..\Run: [JobHisInit] C:\Program Files\RMClient\JobHisInit.exe
O4 - HKLM\..\Run: [HP Component Manager] "C:\Program Files\HP\hpcoretech\hpcmpmgr.exe"
O4 - HKLM\..\Run: [%%DELETE_VALUE%%] CreateCD50
O4 - HKCU\..\Run: [Spyware Doctor] "C:\Program Files\Spyware Doctor\swdoctor.exe" /Q
O4 - HKCU\..\Run: [SUPERAntiSpyware] C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
O4 - Global Startup: HP Image Zone Fast Start.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqthb08.exe
O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
O8 - Extra context menu item: &Add animation to IncrediMail Style Box - C:\PROGRA~1\INCRED~1\bin\resources\WebMenuImg.htm
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_10\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_10\bin\ssv.dll
O9 - Extra button: Spyware Doctor - {2D663D1A-8670-49D9-A1A5-4C56B4E14E84} - C:\PROGRA~1\SPYWAR~1\tools\iesdpb.dll
O16 - DPF: {DF780F87-FF2B-4DF8-92D0-73DB16A1543A} (PopCapLoader Object) - http://games.pogo.com/online2/pogo/bejeweled2/popcaploader_v6.cab
O20 - Winlogon Notify: !SASWinLogon - C:\Program Files\SUPERAntiSpyware\SASWINLO.dll
O20 - Winlogon Notify: NavLogon - C:\WINDOWS\System32\NavLogon.dll
O23 - Service: DefWatch - Symantec Corporation - C:\PROGRA~1\SYMANT~1\SYMANT~1\DefWatch.exe
O23 - Service: Symantec AntiVirus Client (Norton AntiVirus Server) - Symantec Corporation - C:\PROGRA~1\SYMANT~1\SYMANT~1\Rtvscan.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe
O23 - Service: PC Tools Spyware Doctor (SDhelper) - PC Tools Research Pty Ltd - C:\Program Files\Spyware Doctor\sdhelp.exe
O23 - Service: Symantec Core LC - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
 

Chamber Girl

Thread Starter
Joined
Feb 8, 2007
Messages
59
oops, sorry for not posting Superanitspyware info. I know it found over 80 items that it quarantined and/or repaired. Things seem to be running a little quicker up to this point but have not really had an opportunity to use or do anything except the things you needed.
How do things look now?
 

Chamber Girl

Thread Starter
Joined
Feb 8, 2007
Messages
59
Great! :D
Hope it continues to run smoothly.

Thanks so much for all you help and will try to figure out how to mark it as solved.
 

Chamber Girl

Thread Starter
Joined
Feb 8, 2007
Messages
59
Just finished cleaning my computer of many viruses and malware which you guys helped me with. Now am receiving these 2 error messages (see below). Message #1 pops up first and then is followed by Message #2

Message #1:

"hpqthb08.exe-strong name Validation Failed which says, (Strong name validation failed for assembly C:\Program Files\HP\digital imaging\bin\hpqthb08.exe The file may have been tampered with or it was partially signed but not fully signed with correct private key )"

Followed by Message #2:

hpqth08.exe Common Language runtime Debugging Services. Click OK to Terminate or Cancel to Debug
 
Status
This thread has been Locked and is not open to further replies. Please start a New Thread if you're having a similar issue. View our Welcome Guide to learn how to use this site.

Users Who Are Viewing This Thread (Users: 0, Guests: 1)

As Seen On
As Seen On...

Welcome to Tech Support Guy!

Are you looking for the solution to your computer problem? Join our site today to ask your question. This site is completely free -- paid for by advertisers and donations.

If you're not already familiar with forums, watch our Welcome Guide to get started.

Join over 807,865 other people just like you!

Latest posts

Staff online

Members online

Top