Hi I really need your help please.

Well either CounterSpy already removed it or the location you gave before was not correct. I'm just going by where you said CounterSpy reported it, which was:

C:\windows\start menu\programs\start up\powerreg scheduler.exe

What do you see in the C:\windows\start menu\programs\start up folder

 

Then CounterSpy or something else already removed it and you don't need to worry about it.

Since CounterSpy has expired you should uninstall it now since it is no longer of any use to you.

 

Do the below processes and O4 line still show in a new HJT log (look for yourself - no need to post one).


C:\PROGRAM FILES\SUNBELT SOFTWARE\COUNTERSPY\CONSUMER\SUNSERVER.EXE
C:\PROGRAM FILES\SUNBELT SOFTWARE\COUNTERSPY\CONSUMER\SUNPROTECTIONSERVER.EXE
C:\PROGRAM FILES\SUNBELT SOFTWARE\COUNTERSPY\CONSUMER\SUNTHREATENGINE.EXE

O4 - HKLM\..\Run: [SunServer] C:\PROGRAM FILES\SUNBELT SOFTWARE\COUNTERSPY\CONSUMER\sunserver.exe

If they do not show, then it is already uninstalled.

 

No! I just said do they show in a new HJT log scan?

If they do, the program has not been uninstalled and should be in Add/Remove programs.

If they do not show, it is probably uninstalled already.

Okay! Define in laymens terms: foramen magnum

 

Because you said you knew about nursing.

Close enough but for the other people reading who wonder what the heck. The foramen magnum is the large hole at the base of the skull thru which the spinal cord passes.

 

Excuse me.....who is being sarcastic?

 

Did you ever here of joking around! Lighten up! You brought it up and I was just trying have some fun. It was not meant as a dig.

We have made it easy on you all the way along. We have been allowing you to post logs without attaching them and this is not the way we do things. By now you should be attaching your own logs like everyone else. You have been treated very nicely so I don't understand why you should react the way you have.

Are you saying you do not even have the ability to look at your HJT log for the lines I gave you and find them yourself.

 

Okay that indicates that a process is trying to load at startup? But do you see the below items running in the HijackThis process list (the top section of a log before the R0 & R1 lines is a process list).

C:\PROGRAM FILES\SUNBELT SOFTWARE\COUNTERSPY\CONSUMER\SUNSERVER.EXE
C:\PROGRAM FILES\SUNBELT SOFTWARE\COUNTERSPY\CONSUMER\SUNPROTECTIONSERVER.EXE
C:\PROGRAM FILES\SUNBELT SOFTWARE\COUNTERSPY\CONSUMER\SUNTHREATENGINE.EXE

It is important that we don't just fix things if the program is still installed. That would leave many things lying around in the registry. It is always best to use a programs uninstall capability first.

 

If you still are not sure what to do, please follow the below steps so I can determine what is installed and what is not installed.


Run HijackThis, click Open the Misc Tools section
Click "Open Uninstall Manager"
Click "Save List" (generates uninstall_list.txt)
Click Save, to save it to a file where you can find it.
Upload this file as an attachment.

From this I should be able to see if CounterSpy is still installed.

 

Well based on the last HJT log, it would appear that CounterSpy was uninstalled but left an O4 line behind.

Run HJT and select the below line and then click Fix.
O4 - HKLM\..\Run: [SunServer] C:\PROGRAM FILES\SUNBELT SOFTWARE\COUNTERSPY\CONSUMER\sunserver.exe

Then exit HJT. Then use Windows Explorer to see if the below folder exists. If it does, just delete it.
C:\PROGRAM FILES\SUNBELT SOFTWARE

Are you having any other malware problems?

 

You're welcome!