After a Week

Hello,

After a week of running scans from the "run this first" sticky, I've finally gotten the attached logs.

It's pretty clear I need to run the sticky for spywarequake, which I will do next, but I was wanting to ask a question. The PC I'm using has 5 accounts on it. Will I need to clean them all, or will one do the trick?

Thanks for any advice, and I'll post again after I complete the spyware quake procedure.

 

Hi again,

I finished the spyquake instructions, found none of the files to delete listed, and have attached the log file.

I hope it's gone. My first noticed problem was a strange popup saying i needed to download some antimalware program to remove an infection (not there any more), then a ie hijack to syssecuritysite.com page (now gone), and constant popups from Norton antivirus indicated it had been turned off. I've since removed norton entirely from my machine, to my knowledge.

My cable provider has a deal with free McAfee, so I installed that. The only think I notice now is that the virus scan is disabled (not a good sign?).

I know I still need to do the system restore, but is there anything else you see in any of the scans I need to act on?

Thanks for the help!

 

Your HijackThis log is fron Safe Mode; I need one from Normal Mode.

 

Thanks for looking! Sorry about the safe mode scan, it was late and I was getting frustrated. I'm at work now, but I'll post another scan from normal mode late this afternoon or tonight when I get home.

 

No problem, I'll be here.
​

 

OK, here is a new HJT log, from normal mode.

 

Download
- Pocket Killbox

Now run Pocket Killbox:

Choose Tools -> Delete Temp Files and click the RED X.

Run Killbox.exe. Paste the below filenames into KILL BOX one at a time. Check mark the box that says "Delete on Reboot" and checkmark the box "Unregister DLL" (If available) Click the RED X and it will ask you to confirm the file for deletion say YES and when the next box opens prompting you to reboot now...click NO...and proceed with the next file. Once you get to the last one click YES and it will reboot. Note many of the file list below may not exist but we need to check for them anyway.

If Killbox does not reboot or you get a Pending Operations type error message just reboot your PC yourself.

Now boot into SAFE MODE

Open Windows Explorer navigate to and DELETE the following: (Some of these may have already been deleted by Pocket Killbox)

Now run CCleaner. If you have Windows XP delete the contents of C:\WINDOWS\Prefetch.

Then, as an added precaution, Go to Start -> Run and type: cleanmgr and then click OK. Make sure the boxes for these are checked:
Temporary Files
Temporary Internet Files
Recycle Bin

And Click OK.

REBOOT to Normal Mode.

Your HijackThis log is clean.

Lets flush all your restore points and create a new clean one for your system.

Disable And Enable System Restore
How to Protect yourself from malware!

Safe surfing.

 

Thanks SO MUCH!

I still have an issue with startup. It takes about 8 min. to "start" windows, most of which is after I log on. I may have an issue with windows defender and McAfee? Once it starts, it runs fine, unless I try to enable McAfee's virus protection, which takes another 5 min. and immediately disables again.

I'd also like to know for sure if I need to do anything to the other user profiles on this pc, or if this should take care of all of them.

Since I've switched from Norton to McAfee, can I delete the lines showing Symantec from the HJT log?

I really do appreciate all the help. I'm feeling much better, but will probably me more leary in the future. I didn't mention that when I started this, some other (I don't even rember which) place had suggested a process for eliminating my problems that led to me deleting something from my registry that rendered my PC unbootable. Took a phone call to microsoft to get around that, since my "maximum activations" had been exceeed for Windows XP.

At this point, I think I've just got to follow the recomendations in your "how to protect" sticky, but I'm not having any luck uninstalling windows defender or eliminating the conflict I think it has with McAfee. Any suggestions are greatly appreciated!

 

Fix the Symantec Lines with HJT, if they are Services (O23) then you must first Stop the Services with services.msc and kill any running processes. After you have fixed the lines delete all Norton/Symantec Folders.

Windows Defender is Beta software and as such will occasionally conflict with other protection programs. I'm really not a fan of McAfee, but if you have a current subscription then a full uninstall and fresh install may be needed.

Yes you should run the scans in our Read Me on all profiles. If anything is found you can post back in this thread.