CW Search Homepage

If you have run ALL the steps as indicated in < READ ME FIRST BEFORE ASKING FOR SUPPORT: Basic Spyware, Trojan And Virus Removal > ,

then you should read the tutorial in this Sticky thread NO HIJACK THIS LOG FILES BEFORE READING THIS: HJT Tutorial & LOG File Posting

Now post a HijackThis as a .txt file attachment to your message. All running programs should be closed, including your web browser, e-mail. Close before running Hijack This!

Do NOT run Hijack This from the Desktop, a temp folder, or from a sub-folder of C:\Documents and Settings, or choose run it directly from the downloaded ZIP file. Place it in its own folder, for example C:\Program Files\HJT

 

In message # 2 I said:

Do NOT run Hijack This from the Desktop, a temp folder, or from a sub-folder of C:\Documents and Settings, or choose run it directly from the downloaded ZIP file. Place it in its own folder, for example C:\Program Files\HJT

Here is where you put it:
C:\Documents and Settings\LaShell\Local Settings\Temp\HijackThis.exe

Thats not only a sub-folder of C:\Documents and Settings but also a temp folder. Please move it to a folder like I indicated.

Also these should not be running when using HijackThis:
C:\Program Files\Browser Hijack Blaster\bhblaster.exe <--- this is a discontinued product. Stick with SpywareGuard
C:\PROGRA~1\WINZIP\winzip32.exe

You also did not run the TrendMicro online scan. Is there a reason why?

Why do you have so many processes running? You have way too many scanner type programs running. Does this PC run okay? Or does it always seem slow?

You have all these running (Note: I'm not saying fix this lines with HJT. I'm just remarking on how much stuff you have running. And I wonder why you think all of this is needed.)
C:\Program Files\Browser Hijack Blaster\bhblaster.exe
O4 - HKLM\..\Run: [vptray] C:\PROGRA~1\SYMANT~1\SYMANT~1\vptray.exe
O4 - HKLM\..\Run: [REGSHAVE] C:\Program Files\REGSHAVE\REGSHAVE.EXE /AUTORUN
O4 - HKLM\..\Run: [MCAgentExe] c:\PROGRA~1\mcafee.com\agent\mcagent.exe files\mcafee.com\agent\mcagent.exe
O4 - HKLM\..\Run: [MCUpdateExe] C:\PROGRA~1\McAfee.com\Agent\McUpdate.exe
O4 - HKLM\..\Run: [VirusScan Online] c:\PROGRA~1\mcafee.com\vso\mcvsshld.exe
O4 - HKLM\..\Run: [zSPGuard] c:\program files\pjw\spguard\spguard.exe /s /r
O4 - HKLM\..\Run: [SmcService] C:\PROGRA~1\Sygate\SPF\smc.exe -startgui
O4 - HKLM\..\Run: [RegistryMechanic] C:\Program Files\Registry Mechanic\RegMech.exe /QS
O4 - HKLM\..\Run: [NAV CfgWiz] C:\Program Files\Common Files\Symantec Shared\CfgWiz.exe /GUID NAV /CMDLINE "REBOOT"
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [TrojanScanner] C:\Program Files\Trojan Remover\Trjscan.exe
O4 - HKLM\..\Run: [MPFExe] C:\PROGRA~1\McAfee.com\PERSON~1\MpfTray.exe
O4 - HKLM\..\Run: [CleanUp] C:\PROGRA~1\McAfee.com\Shared\mcappins.exe /v=3 /cleanup
O4 - HKCU\..\Run: [Spyware Doctor] "C:\Program Files\Spyware Doctor\spydoctor.exe" /Q
O4 - HKCU\..\Run: [SpySweeper] "C:\Program Files\Webroot\Spy Sweeper\SpySweeper.exe" /0
O4 - HKCU\..\Run: [ccleaner] "C:\Program Files\CCleaner\ccleaner.exe" /AUTO
O4 - HKCU\..\Run: [Spyware-Cop] "C:\PROGRA~1\SPYWAR~4\Spyware-Cop.exe" /s

How many of the above are registered (you paid for) applications?

You must not have multiple virus protection applications installed. You have both McAfee and Norton running. Please uninstall one of them (it would even be better to uninstall both of them and use a free scanner like Avast! Home Edition).

Spyware COP should be uninstalled or fixed using HijackThis. It is on a list of rogue/suspect spyware removers. See this: http://www.spywarewarrior.com/rogue_anti-spyware.htm

 

Okay have said all that stuff in my previous post let's fix some things.

Make sure you have system restore disabled and viewing of hidden files enabled (per the tutorial).

Please bring up Task Manager by hitting CTRL-ALT-DEL and click the Processes tab. Find the below processes and End them:
C:\Documents and Settings\LaShell\Application Data\amee.exe
C:\WINDOWS\System32\systime.exe
C:\Documents and Settings\LaShell\LOCAL SETTIGS\Temp\UIUCU.EXE

Run HijackThis and select the following lines but DO NOT CLICK FIX until you exit all browser sessions including the one you are reading in right now:
O2 - BHO: (no name) - {FDD3B846-8D59-4ffb-8758-209B6AD74ACC} - (no file)
O4 - HKLM\..\Run: [SysTime] C:\WINDOWS\System32\systime.exe
O4 - HKLM\..\Run: [UIUCU] C:\DOCUME~1\LaShell\LOCALS~1\Temp\UIUCU.EXE -CLEAN_UP -S
O4 - HKCU\..\Run: [Aaou] C:\Documents and Settings\LaShell\Application Data\amee.exe
O4 - HKCU\..\Run: [SysTime] C:\WINDOWS\System32\systime.exe


Boot into safe mode and use Windows Explorer to delete:
C:\WINDOWS\System32\systime.exe
C:\Documents and Settings\LaShell\Application Data\amee.exe
C:\Documents and Settings\LaShell\LOCAL SETTIGS\Temp\UIUCU.EXE

Now reboot in normal mode and post a new HJT log. And tell us how things are working. And let's talk about all this stuff you have running.

Do you know what this vsnpt513.exe files is for? Is that part of Sygate's firewall?
Do not fix this, I'm trying to determine what it is).
C:\WINDOWS\vsnpt513.exe
O4 - Global Startup: VSNPT513.lnk = C:\WINDOWS\vsnpt513.exe

 

You already have Sygate's Firewall running.
Also, you have McAfee Virusscan installed. Are you thinking about changing to Avast?

You did not answer one of my questions from my previous message:
Do you know what this vsnpt513.exe files is for? Is that part of Sygate's firewall?
Do not fix this, I'm trying to determine what it is).
C:\WINDOWS\vsnpt513.exe
O4 - Global Startup: VSNPT513.lnk = C:\WINDOWS\vsnpt513.exe

Use Windows Explorer to locate it and right click on it and select Properties and then the Version tab. Go thru the list of Item names and determine who this belongs to.


Note one more things you need to fix. I specifically said:

Do NOT run Hijack This from the Desktop, a temp folder, or from a sub-folder of C:\Documents and Settings, or choose run it directly from the downloaded ZIP file. Place it in its own folder, for example C:\Program Files\HJT

You put it here: C:\Documents and Settings\LaShell\HijackThis.exe
That's a sub-folder of C:\Documents and Settings.

Also, you still need to uninstall Spyware-Cop from Add/Remove programs.
O4 - HKCU\..\Run: [Spyware-Cop] "C:\PROGRA~1\SPYWAR~4\Spyware-Cop.exe" /s

We have more work to do but let's do the above first.

As far as other my recommendations, they are documented here: How to Protect yourself from malware!

 

Okay! SnapShot Viewer is an application to take snapshots of screens or windows. It's okay. Leave those lines alone.

You must remove McAfee if you want to use Avast. Sometimes this can be troublesome to do completely. You may have to go to their website to review some uninstall tips.

You do not need to uninstall Sygate's firewall. You want to have a firewall.

I'm not sure what you mean by the following.

"Still trying to find literature to show how to save hijack this the way you mentioned in previous messages. Should have that figured out NLT the end of the day."

You already posted a log as a text file attachment once before. Backups are automatically created by HijackThis (when install properly) anytime you have it fix anything.