Please help me remove the remaining spyware etc

Hi

About a week ago my teenage son infected my pc very badly by downloading a codec to update windows media player as he was prompted to do so.

I have spent days running virus scans and tools to clean it.

At first I was not able to run in normal mode only safe mode due to pop ups etc.

I have removed many viruses/trojans and spyware but I have some that the tests are still detecting. I am now able to run in normal boot mode but I still have lots of lag and things open very slowly still.

I have run thru the tools in the read me first and done the scans in safe mode for both admin accounts and the main user account.

I have attached the required logs and would dealy love some help to clean the last couple of nasties out. Thanks heaps.

 

These are the other scan logs

I appreciate all help thanks heaps in advance

the scans uploaded are all run in the administrators account in safe mode.

I also have the scans for the main user account if they are needed.

I have also disabled sys restore and rebooted and then reenabled it.

 

Scan with HijackThis and check the boxes for the following entries:
( Make sure ALL browser windows are closed when you click FIX )

O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "D:\ITunes\iTunesHelper.exe"

Again, make sure ALL browser windows are closed when you click FIX.

Now, Please boot into Safe Mode, be sure you have the Viewing of Hidden Files & Folders Enabled per the tutorial. Now, navigate to and DELETE the following if they should remain:

C:\WINDOWS\system32\swsc.exe

C:\WINDOWS\system32\Process.exe

Next, run CCleaner to clean up cookies and temp files.

After you complete the above, REBOOT and proceed with the rest of this fix...

Finally, I would like you to flush your System Restore points. Please follow the instructions in the below:

• Disable and Re-enable System Restore
  
  
• Turn OFF System Restore to flush any bad Restore Points.
  
  
• Then, follow the instructions at the bottom of the linked page to Re-enable the Restore Utility which will create a fresh restore point.

After you complete the above reboot once more and then scan with HijackThis and attach the new log.

Let me know of any problems you may have encountered with the above instructions and also let me know how things are running now.

 

Thanks bjgarrick for your help

I have done as instructed in the previous post

I had no problems completing the steps although I was uncertain if the two system folders were exe's until I clicked on them

I have found and deleted both (when I clicked they were the exe's)
my system seems to be running slow to perform tasks like open in new windows etc. other than that I have not found any other probs as yet.

I have attached the new hjt log for perusal

thanks again

 

Your log looks good, I don't see any further malware in your logs.

Are you having any current problems?

 

No all seems to be running fine again
Sure is a big difference from not running at all in normal boot mode when my son first infected it.

Thank you very much for helping to remove the last bit of nastiness.
I would not have known to remove them and really appreciate your help.

You do great work and I just want to say how much I really appreciate this site and all the good volunteer work that you all do.

Thanks heaps and have a great day
Cheers mystique32

off to tackle installing and configuring a firewall.
Everytime I install one, it blocks stuff I want to have access to as well as everything else.

Any suggestions?

 

Your Welcome!

Yes, I recommend ZoneAlarm because you have to allow anything requesting internet access. This is good because you know what is going in and out.

See this thread, How to Protect yourself from malware!.