Spyware and viruses slowing computer

orioles83 · Dec 20, 2006

I am trying to figure out why I have so much spyware and viruses on my computer. I have just installed another hard drive because my c drive is all used up. Can you help me get rid of this. I have included a highjackthis log.
Thank you!

Logfile of HijackThis v1.99.1
Scan saved at 11:59:24 AM, on 12/20/2006
Platform: Windows XP (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 (6.00.2600.0000)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\Messenger\msmsgs.exe
C:\Program Files\Logitech\MouseWare\system\em_exec.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
E:\Spyware Doctor\swdoctor.exe
E:\Spyware Doctor\sdhelp.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
C:\WINDOWS\msvbn.exe
C:\WINDOWS\System32\msasvc.exe
E:\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://msn.com/
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = C:\WINDOWS\SYSTEM\blank.htm
F2 - REG:system.ini: UserInit=C:\WINDOWS\system32\userinit.exe,C:\WINDOWS\System32\ntos.exe,
O2 - BHO: PCTools Site Guard - {5C8B2A36-3DB1-42A4-A3CB-D426709BBFEB} - E:\SPYWAR~1\tools\iesdsg.dll
O2 - BHO: PCTools Browser Monitor - {B56A7D7D-6927-48C8-A975-17DF180C71AC} - E:\SPYWAR~1\tools\iesdpb.dll
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx
O4 - HKLM\..\Run: [SystemTray] SysTray.Exe
O4 - HKLM\..\Run: [Logitech Utility] Logi_MwX.Exe
O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [Spyware Doctor] "E:\Spyware Doctor\swdoctor.exe" /Q
O4 - Global Startup: Windows Guardian.lnk = C:\WINDOWS\SYSTEM32\mspaint.exe
O4 - Global Startup: Microsoft Office.lnk = E:\Office\OSA9.EXE
O9 - Extra button: Spyware Doctor - {2D663D1A-8670-49D9-A1A5-4C56B4E14E84} - E:\SPYWAR~1\tools\iesdpb.dll
O9 - Extra button: Related - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\WINDOWS\web\related.htm
O9 - Extra 'Tools' menuitem: Show &Related Links - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\WINDOWS\web\related.htm
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - Unknown owner - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: avast! Antivirus - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe" /service (file missing)
O23 - Service: avast! Web Scanner - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe" /service (file missing)
O23 - Service: Microsoft authenticate service (MsaSvc) - Unknown owner - C:\WINDOWS\System32\msasvc.exe
O23 - Service: msvbn - Unknown owner - C:\WINDOWS\msvbn.exe (file missing)
O23 - Service: PC Tools Spyware Doctor (SDhelper) - PC Tools Research Pty Ltd - E:\Spyware Doctor\sdhelp.exe

Pancake · Dec 22, 2006

Hi..

I see you are not running any Service Packs. Please save and run the download.It will copy the results to your clipboard. Will you copy and paste them back here please.

http://go.microsoft.com/fwlink/?linkid=52012

orioles83 · Jan 3, 2007

Here is the results of the download. Thanks.

Diagnostic Report (1.5.0723.1):
-----------------------------------------
WGA Data-->
Validation Status: Validation Control not Installed
Detailed Status: N/A
Windows Product Key: *****-*****-38RW3-3XXMH-KCD7P
Windows Product Key Hash: aDxvtjYXqGR0VYKuC8zDiwt/iWI=
Windows Product ID: 55285-010-5897607-21525
Windows Product ID Type: 5
Windows License Type: Retail
Windows OS version: 5.1.2600.2.00010300.0.0.hom
ID: {278264D2-D1C8-4B5F-AF84-39162170DBB4}
Is Admin: Yes
AutoDial: No
Registry: 0x0
WGA Version: Failed to retrieve file version. - 0x80070006
Signed By: N/A, hr = 0x80070002
Product Name: N/A
Architecture: N/A
Build lab: N/A
TTS Error: N/A
Validation Diagnostic: 70AFE6BE-646-80070057_E2AD56EA-143-80070057
Resolution Status: N/A

Notifications Data-->
Cached Result: N/A
File Exists: No
Version: N/A
WgaTray.exe Signed By: N/A, hr = 0x80070002
WgaLogon.dll Signed By: N/A, hr = 0x80070002

OGA Data-->
Office Status: 109 N/A
OGA Version: Failed to retrieve file version. - 0x80070002
Signed By: N/A, hr = 0x80070002
Office Diagnostics: FCEE394C-3175-80070002

Browser Data-->
Proxy settings: N/A
User Agent: Mozilla/4.0 (compatible; MSIE 6.0; Win32)
Default Browser: C:\Program Files\Internet Explorer\iexplore.exe
Download signed ActiveX controls: Prompt
Download unsigned ActiveX controls: Disabled
Run ActiveX controls and plug-ins: Allowed
Initialize and script ActiveX controls not marked as safe: Disabled
Allow scripting of Internet Explorer Webbrowser control:
Active scripting:
Script ActiveX controls marked as safe for scripting:

File Scan Data-->

Other data-->
Office Details: <GenuineResults><MachineData><UGUID>{278264D2-D1C8-4B5F-AF84-39162170DBB4}</UGUID><Version>1.5.0723.1</Version><OS>5.1.2600.2.00010300.0.0.hom</OS><PKey>*****-*****-*****-*****-KCD7P</PKey><PID>55285-010-5897607-21525</PID><PIDType>5</PIDType><SID>S-1-5-21-343818398-789336058-854245398</SID><SYSTEM><Manufacturer>00101900 6735</Manufacturer><Model>15144100060301</Model></SYSTEM><BIOS><Manufacturer>Phoenix Technologies LTD</Manufacturer><Version>2.01</Version><SMBIOSVersion major="2" minor="0"/><Date>20000623******.******+***</Date></BIOS><HWID>B52130BF01846046</HWID><UserLCID>0409</UserLCID><SystemLCID>0409</SystemLCID><TimeZone>Eastern Standard Time(GMT-05:00)</TimeZone><iJoin>0</iJoin><SBID><stat>2</stat><msppid></msppid><name></name><model></model></SBID><OEM/></MachineData> <Software><Office><Result>109</Result><Products/></Office></Software></GenuineResults>

Diagnostic Report (1.5.0723.1):
-----------------------------------------
WGA Data-->
Validation Status: Validation Control not Installed
Detailed Status: N/A
Windows Product Key: *****-*****-38RW3-3XXMH-KCD7P
Windows Product Key Hash: aDxvtjYXqGR0VYKuC8zDiwt/iWI=
Windows Product ID: 55285-010-5897607-21525
Windows Product ID Type: 5
Windows License Type: Retail
Windows OS version: 5.1.2600.2.00010300.0.0.hom
ID: {278264D2-D1C8-4B5F-AF84-39162170DBB4}
Is Admin: Yes
AutoDial: No
Registry: 0x0
WGA Version: Failed to retrieve file version. - 0x80070006
Signed By: N/A, hr = 0x80070002
Product Name: N/A
Architecture: N/A
Build lab: N/A
TTS Error: N/A
Validation Diagnostic: 70AFE6BE-646-80070057_E2AD56EA-143-80070057
Resolution Status: N/A

Notifications Data-->
Cached Result: N/A
File Exists: No
Version: N/A
WgaTray.exe Signed By: N/A, hr = 0x80070002
WgaLogon.dll Signed By: N/A, hr = 0x80070002

OGA Data-->
Office Status: 109 N/A
OGA Version: Failed to retrieve file version. - 0x80070002
Signed By: N/A, hr = 0x80070002
Office Diagnostics: FCEE394C-3175-80070002

Browser Data-->
Proxy settings: N/A
User Agent: Mozilla/4.0 (compatible; MSIE 6.0; Win32)
Default Browser: C:\Program Files\Internet Explorer\iexplore.exe
Download signed ActiveX controls: Prompt
Download unsigned ActiveX controls: Disabled
Run ActiveX controls and plug-ins: Allowed
Initialize and script ActiveX controls not marked as safe: Disabled
Allow scripting of Internet Explorer Webbrowser control:
Active scripting:
Script ActiveX controls marked as safe for scripting:

File Scan Data-->

Other data-->
Office Details: <GenuineResults><MachineData><UGUID>{278264D2-D1C8-4B5F-AF84-39162170DBB4}</UGUID><Version>1.5.0723.1</Version><OS>5.1.2600.2.00010300.0.0.hom</OS><PKey>*****-*****-*****-*****-KCD7P</PKey><PID>55285-010-5897607-21525</PID><PIDType>5</PIDType><SID>S-1-5-21-343818398-789336058-854245398</SID><SYSTEM><Manufacturer>00101900 6735</Manufacturer><Model>15144100060301</Model></SYSTEM><BIOS><Manufacturer>Phoenix Technologies LTD</Manufacturer><Version>2.01</Version><SMBIOSVersion major="2" minor="0"/><Date>20000623******.******+***</Date></BIOS><HWID>B52130BF01846046</HWID><UserLCID>0409</UserLCID><SystemLCID>0409</SystemLCID><TimeZone>Eastern Standard Time(GMT-05:00)</TimeZone><iJoin>0</iJoin><SBID><stat>2</stat><msppid></msppid><name></name><model></model></SBID><OEM/></MachineData> <Software><Office><Result>109</Result><Products/></Office></Software></GenuineResults>

Diagnostic Report (1.5.0723.1):
-----------------------------------------
WGA Data-->
Validation Status: Validation Control not Installed
Detailed Status: N/A
Windows Product Key: *****-*****-38RW3-3XXMH-KCD7P
Windows Product Key Hash: aDxvtjYXqGR0VYKuC8zDiwt/iWI=
Windows Product ID: 55285-010-5897607-21525
Windows Product ID Type: 5
Windows License Type: Retail
Windows OS version: 5.1.2600.2.00010300.0.0.hom
ID: {278264D2-D1C8-4B5F-AF84-39162170DBB4}
Is Admin: Yes
AutoDial: No
Registry: 0x0
WGA Version: Failed to retrieve file version. - 0x80070006
Signed By: N/A, hr = 0x80070002
Product Name: N/A
Architecture: N/A
Build lab: N/A
TTS Error: N/A
Validation Diagnostic: 70AFE6BE-646-80070057_E2AD56EA-143-80070057
Resolution Status: N/A

Notifications Data-->
Cached Result: N/A
File Exists: No
Version: N/A
WgaTray.exe Signed By: N/A, hr = 0x80070002
WgaLogon.dll Signed By: N/A, hr = 0x80070002

OGA Data-->
Office Status: 109 N/A
OGA Version: Failed to retrieve file version. - 0x80070002
Signed By: N/A, hr = 0x80070002
Office Diagnostics: FCEE394C-3175-80070002

Browser Data-->
Proxy settings: N/A
User Agent: Mozilla/4.0 (compatible; MSIE 6.0; Win32)
Default Browser: C:\Program Files\Internet Explorer\iexplore.exe
Download signed ActiveX controls: Prompt
Download unsigned ActiveX controls: Disabled
Run ActiveX controls and plug-ins: Allowed
Initialize and script ActiveX controls not marked as safe: Disabled
Allow scripting of Internet Explorer Webbrowser control:
Active scripting:
Script ActiveX controls marked as safe for scripting:

File Scan Data-->

Other data-->
Office Details: <GenuineResults><MachineData><UGUID>{278264D2-D1C8-4B5F-AF84-39162170DBB4}</UGUID><Version>1.5.0723.1</Version><OS>5.1.2600.2.00010300.0.0.hom</OS><PKey>*****-*****-*****-*****-KCD7P</PKey><PID>55285-010-5897607-21525</PID><PIDType>5</PIDType><SID>S-1-5-21-343818398-789336058-854245398</SID><SYSTEM><Manufacturer>00101900 6735</Manufacturer><Model>15144100060301</Model></SYSTEM><BIOS><Manufacturer>Phoenix Technologies LTD</Manufacturer><Version>2.01</Version><SMBIOSVersion major="2" minor="0"/><Date>20000623******.******+***</Date></BIOS><HWID>B52130BF01846046</HWID><UserLCID>0409</UserLCID><SystemLCID>0409</SystemLCID><TimeZone>Eastern Standard Time(GMT-05:00)</TimeZone><iJoin>0</iJoin><SBID><stat>2</stat><msppid></msppid><name></name><model></model></SBID><OEM/></MachineData> <Software><Office><Result>109</Result><Products/></Office></Software></GenuineResults>

Diagnostic Report (1.5.0723.1):
-----------------------------------------
WGA Data-->
Validation Status: Validation Control not Installed
Detailed Status: N/A
Windows Product Key: *****-*****-38RW3-3XXMH-KCD7P
Windows Product Key Hash: aDxvtjYXqGR0VYKuC8zDiwt/iWI=
Windows Product ID: 55285-010-5897607-21525
Windows Product ID Type: 5
Windows License Type: Retail
Windows OS version: 5.1.2600.2.00010300.0.0.hom
ID: {278264D2-D1C8-4B5F-AF84-39162170DBB4}
Is Admin: Yes
AutoDial: No
Registry: 0x0
WGA Version: Failed to retrieve file version. - 0x80070006
Signed By: N/A, hr = 0x80070002
Product Name: N/A
Architecture: N/A
Build lab: N/A
TTS Error: N/A
Validation Diagnostic: 70AFE6BE-646-80070057_E2AD56EA-143-80070057
Resolution Status: N/A

Notifications Data-->
Cached Result: N/A
File Exists: No
Version: N/A
WgaTray.exe Signed By: N/A, hr = 0x80070002
WgaLogon.dll Signed By: N/A, hr = 0x80070002

OGA Data-->
Office Status: 109 N/A
OGA Version: Failed to retrieve file version. - 0x80070002
Signed By: N/A, hr = 0x80070002
Office Diagnostics: FCEE394C-3175-80070002

Browser Data-->
Proxy settings: N/A
User Agent: Mozilla/4.0 (compatible; MSIE 6.0; Win32)
Default Browser: C:\Program Files\Internet Explorer\iexplore.exe
Download signed ActiveX controls: Prompt
Download unsigned ActiveX controls: Disabled
Run ActiveX controls and plug-ins: Allowed
Initialize and script ActiveX controls not marked as safe: Disabled
Allow scripting of Internet Explorer Webbrowser control:
Active scripting:
Script ActiveX controls marked as safe for scripting:

File Scan Data-->

Other data-->
Office Details: <GenuineResults><MachineData><UGUID>{278264D2-D1C8-4B5F-AF84-39162170DBB4}</UGUID><Version>1.5.0723.1</Version><OS>5.1.2600.2.00010300.0.0.hom</OS><PKey>*****-*****-*****-*****-KCD7P</PKey><PID>55285-010-5897607-21525</PID><PIDType>5</PIDType><SID>S-1-5-21-343818398-789336058-854245398</SID><SYSTEM><Manufacturer>00101900 6735</Manufacturer><Model>15144100060301</Model></SYSTEM><BIOS><Manufacturer>Phoenix Technologies LTD</Manufacturer><Version>2.01</Version><SMBIOSVersion major="2" minor="0"/><Date>20000623******.******+***</Date></BIOS><HWID>B52130BF01846046</HWID><UserLCID>0409</UserLCID><SystemLCID>0409</SystemLCID><TimeZone>Eastern Standard Time(GMT-05:00)</TimeZone><iJoin>0</iJoin><SBID><stat>2</stat><msppid></msppid><name></name><model></model></SBID><OEM/></MachineData> <Software><Office><Result>109</Result><Products/></Office></Software></GenuineResults>

Pancake · Jan 3, 2007

Please go to http://www.microsoft.com/genuine and click "Validate Windows" - that should resync the WGA Validation files.

Then...

Please visit the Microsoft's Windows Update Page and install ALL Critical Updates for your system (except service pack 2) (SP2).. SP2 should only be installed on a fully disinfected system. At the minimum install at least SP1a for both XP and IE6. Without these updates your system is wide open to re-infection and we are both wasting our efforts to clean your system. After we have completed your clean-up, we will have you return to the Windows Update page and install SP2. We will also then advise you on how to better protect yourself online.

**Note** If your having trouble locating the service pack SP1a here is a direct link to download it from..

http://download.microsoft.com/download/5/4/f/54f8bcf8-bb4d-4613-8ee7-db69d01735ed/xpsp1a_en_x86.exe

Please apply those updates BEFORE posting your next log. It is this forum's policy to stop the disinfection process until these basic updates are done. If during the updating process you get a message that your product key is invalid ....then you may not have a legitimate copy of Windows XP. Unfortunately it’s also this forums policy that we only address users with a legal copy of Windows XP.... therefore if you cannot update Windows XP to SP1 we must stop the cleansing process here.

Thank you for your cooperation.

Spyware and viruses slowing computer

orioles83

Registered

Pancake

Security Team (ret.)

orioles83

Registered

Pancake

Security Team (ret.)