Something has my PC good, My Hi-Jack This log

Compress the file by putting it into a ZIP file. Then upload the ZIP file. Also note that each time you run a scan with SpySweeper I believe they default to appending to the log file. This will make it larger each time you scan unless you rename (or delete but rename is better to keep the info around) the previous scans first.

 

I would now save the current spysweeper log to a new name or delete it. Then I would run a new scan. You had some linger items getting fixed each time. You must delete the old log first to avoid it being too big to upload again. Then you will be ready for BJ when he gets back on later.

 

You did not delete the previous SpySweeper data. The log you attached still has all scans.

You are running multiple antivirus applications (F-Secure and Symantec). See step 3 of the READ ME. You should uninstall one of them.

If you are using WinXP or WinMe, make sure you have system restore disabled (per the tutorial).
For all OS types, make sure viewing of hidden files is enabled (per the tutorial).
Run HijackThis and select the following lines but DO NOT CLICK FIX until you exit all browser sessions including the one you are reading in right now:
O4 - HKLM\..\Run: [NTCommLib3] C:\WINDOWS\System32\NTCommLib3.exe
O4 - HKCU\..\Run: [wkqk] C:\PROGRA~1\COMMON~1\wkqk\wkqkm.exe

After clicking Fix, exit HJT.
Boot into safe mode and use Windows Explorer to delete:
C:\WINDOWS\System32\NTCommLib3.exe
C:\Program Files\Common Files\wkqk <--- the whole folder

If you get an error when deleting a file. Right click on the file and check to see if the read only attribute is checked. If it is, uncheck it and try again. Other wise open Task Manager and kill the process if running then delete the file.

Now run Ccleaner (installed while running the READ ME FIRST). Now if running Win XP goto c:\windows\Prefetch and delete all files in this folder.

Now reboot in normal mode and post a new HJT log. And tell us how things are working.

 

I'm sorry....I meant to say AVG (not even close to the spelling of Symantec ) You need to decide whether you want AVG or F-Secure. Looks like you have AVG scanning emails too.

 

Complete the steps I gave you but you will have to get F-Secure completely removed. Manual steps will be needed if it is not in Add/Remove programs. The below show in your log:


C:\Program Files\F-Secure Internet Security\backweb\4476822\program\fsbwsys.exe

O23 - Service: F-Secure 2006 (BackWeb Plug-in - 4476822) - F-Secure Internet Security 2005 - C:\PROGRA~1\F-SECU~1\backweb\4476822\Program\SERVIC~1.EXE
O23 - Service: fsbwsys - F-Secure Corp. - C:\Program Files\F-Secure Internet Security\backweb\4476822\program\fsbwsys.exe

The services will have to be stopped and disabled. Then you will be able to delete the files.
Anyone here can help you with that. I have to run out for a bit. If BJ gets back in he can continue with you.

 

Here is how we will remove the F-Secure services.

1) Deleting F-Secure 2006

• Click on Start, then Run ... type services.msc into the box that opens up, and press 'OK'. On the page that opens, scroll down to F-Secure 2006 (or if not found look for BackWeb Plug-in - 4476822) ... then right click the entry, select 'Properties' and press 'Stop Service'. When it shows that it is stopped, next please set the 'Start-up Type' to 'Disabled'. Press 'OK' until you get back to Windows.
• Next, run HJT, but instead of scanning, click on the "None of the above, just start the program" button at the bottom of the choices. At the lower right, click on the 'Config" button, and then the Misc tools' button ... select 'Delete an NT Service" ... copy/paste F-Secure 2006 into the box that opens, and press "OK". If that does not work try entering the short name: BackWeb Plug-in - 4476822

2) Deleting fsbwsys - F-Secure Corp.

• Click on Start, then Run ... type services.msc into the box that opens up, and press 'OK'. On the page that opens, scroll down to any one of the below that you find:
  • fsbwsys
  • fsbwsys - F-Secure Corp.
  • F-Secure Corp.
• then right click the entry, select 'Properties' and press 'Stop Service'. When it shows that it is stopped, next please set the 'Start-up Type' to 'Disabled'. Press 'OK' until you get back to Windows.
• Next, run HJT, but instead of scanning, click on the "None of the above, just start the program" button at the bottom of the choices. At the lower right, click on the 'Config" button, and then the Misc tools' button ... select 'Delete an NT Service" ... copy/paste one of the below into the box (one of them should work:
  • fsbwsys
  • fsbwsys - F-Secure Corp.
  • F-Secure Corp.
• and then press "OK".

Now exit HJT and then reboot. After reboot post a new HJT log so we can verify that they are gone..

Also delete the below folder if found:
C:\Program Files\F-Secure Internet Security

 

Looks good! How is everything working now? Are you having any additional problems?

 

You're welcome! If you run into problems with that, you may be better off seeing if you can get help on it in the Software Forum.

 

You're welcome! Surf safely!