Syssecuritysite - is it really gone?

Welcome to Majorgeeks!

You need to attach the smitfiles.txt log too that was part of the Removal steps for Zlob.

Which steps did you run first? The READ & RUN ME or SpywareQuake & SpyFalcon Removal Procedure ?

I also see both McAfee and Symantec Antivirus applications installed. Did you skip step 3 of the READ ME?

 

No! Just decide which one you are going to keep and then use Add/Remove programs to uninstal the other.

Then attach a new HJT log.

 

Make sure viewing of hidden files is enabled (per the tutorial).

Please run HijackThis and click on the Open the Misc Tools Section button on the open page. Then select Open process manager on the left-hand side. Look for the following process (or processes) and one at a time kill them by selecting it and then click Kill process. Then click yes.
C:\DOCUME~1\JAMESM~1\LOCALS~1\Temp\200662915310_mcinfo.exe

After killing all the above processes, click Back.
Then please click Scan and select the following lines but DO NOT CLICK FIX until you exit all browser sessions including the one you are reading in right now:
O2 - BHO: LNHelper.BarHelper - {05A34600-8920-479b-92A9-68FACF7BB8FA} - mscoree.dll (file missing)
O3 - Toolbar: LexisNexis Toolbar - {86BE1CDA-4F72-4c2f-9526-8E6A22DF46ED} - mscoree.dll (file missing)
O4 - HKLM\..\Run: [msci] C:\DOCUME~1\JAMESM~1\LOCALS~1\Temp\200662915310_mcinfo.exe /insfin
O20 - Winlogon Notify: WRNotifier - WRLogonNTF.dll (file missing)

After clicking Fix, exit HJT.
Boot into safe mode and use Windows Explorer to delete:
c:\windows\system32\sdkct32.exe
c:\windows\msbb32.exe
C:\Documents and Settings\James McGovern\Local Settings\Temp <-- delete all files and subfolders in this folder. Windows will block a cople from the current date which is normal.

If you get an error when deleting a file. Right click on the file and check to see if the read only attribute is checked. If it is, uncheck it and try again. Other wise open Task Manager and kill the process if running then delete the file.

Now if running Win XP goto c:\windows\Prefetch and delete all files in this folder.
Now run Ccleaner (installed while running the READ ME FIRST).

Now reboot in normal mode and post a new HJT log.

Make sure you tell me how things are working now.

Reminder Note: Once we have determined you are malware free you will need to disable System Restore, reboot, and re-enable system restore per step 1 of the READ & RUN ME. This only applies to if using WinXP or WinMe.

 

You're welcome!

Your log is clean. If you are not having any other malware problems, it is time to go back to step 1 of the READ & RUN ME to Disable System Restore which will flush your Restore Points. Then reboot and enable System Restore to create a new clean Restore Point.

After that, you should work thru the below link:

How to Protect yourself from malware!