Could someone check my log files please?

Welcome to Majorgeeks!

Start by emptying your Norton AntiVirus Corporate Edition\7.5\Quarantine folder.

Click on Start, then Run ... type services.msc into the box that opens up, and press 'OK'. On the page that opens, scroll down to Local Security Authority Subsystem Service(or if not found look for lsass) ... then right click the entry, select 'Properties' and press 'Stop Service'. When it shows that it is stopped, next please set the 'Start-up Type' to 'Disabled'. Press 'OK' until you get back to Windows.

Next, run HJT, but instead of scanning, click on the "None of the above, just start the program" button at the bottom of the choices. At the lower right, click on the 'Config" button, and then the Misc tools' button ... select 'Delete an NT Service" ... copy/paste the following into the box that opens, and press "OK":

lsass

Now exit HJT but do not reboot when it tells you it needs to. We will do that further down after running HJT again to fix some other items.

Make sure viewing of hidden files is enabled (per the tutorial).

Run HijackThis and select the following lines but DO NOT CLICK FIX until you exit all browser sessions including the one you are reading in right now:
O2 - BHO: (no name) - {FDD3B846-8D59-4ffb-8758-209B6AD74ACC} - (no file)
O23 - Service: Local Security Authority Subsystem Service (lsass) - Unknown owner - C:\WINDOWS\scvhost.exe (file missing) <--- this should already be gone due to above steps.

After clicking Fix, exit HJT.
Boot into safe mode and use Windows Explorer to delete:
C:\Documents and Settings\LocalService\Local Settings\Temporary Internet Files\Content.IE5\JHG70DPF\installer[1].exe
C:\WINDOWS\timessquare1.dat
C:\WINDOWS\scvhost.exe <--- only delete this one if found. DO NOT delete svchost.exe from the system32 folder.
If you get an error when deleting a file. Right click on the file and check to see if the read only attribute is checked. If it is, uncheck it and try again. Other wise open Task Manager and kill the process if running then delete the file.

Now if running Win XP goto c:\windows\Prefetch and delete all files in this folder.
Now run Ccleaner (installed while running the READ ME FIRST).

Now reboot in normal mode and post a new HJT log.

Make sure you tell me how things are working now.

Reminder Note: Once we have determined you are malware free you will need to disable System Restore, reboot, and re-enable system restore per step 1 of the READ & RUN ME. This only applies to if using WinXP or WinMe.

 

You're HJT log is now clean. Does the above statement mean that you would like to dig deeper (want to run a couple other scans) to make sure nothing else is hiding in there? We do have other tools that we could run. They may or may not find anything. But just because a HijackThis log is clean does not mean that there is no malware on your PC.

 

It never hurts to did deeper. It is just a matter of taking the time and normally your security should be worth it.

Run the below two procedures and then attach the two logs:

Running Spy Sweeper

Running Ewido Anti-Malware


After running these tools and I look at the logs, we will more than likely immediately uninstalling them to avoid the resource drain on your system. But wait until I comment on the logs!

 

That's a new one to me. Does the C:\WINDOWS\system32\wshom.ocx file exist? This is a Windows system files and should be there.


SpySweeper cleaned a few more things for you! You can uninstall it now.

Why did you install SpywareDoctor? If it is not the paid version, it will not fix anything! If this is the free version, I would uninstall it. It will slow your PC down having to many of these kind (full protection tools) of tools installed. You already have Windows Defender which is free. If you plan to buy something, but Spy Sweeper.

 

Well a few more things were fixed. I think your in good shape now! Just a few things to do:

1) Uninstall Ewido now to avoid the overuse of system resources
2) Have HijackThis fix the below remnant of Spy Sweeper:
O20 - Winlogon Notify: WRNotifier - WRLogonNTF.dll (file missing)

If you are not having any other malware problems, it is time to go back to step 1 of the READ & RUN ME to Disable System Restore which will flush your Restore Points. Then reboot and enable System Restore to create a new clean Restore Point.

After that, you should work thru the below link:

How to Protect yourself from malware!