Various Computer Issues, Logs Attached

The link in step 0 of the READ ME to the Uninstall List actually was not broken at the time. It probably was missing completely which is the reason for the below sticky having been put into the forum:

Missing Posts, Missing Messages, Missing Accounts

And the above was also the reason why my post in this thread of yours disappeared. The restore of the forum deleted all posts that were made after the restore time. (I had about 50 fixes I posted that were all lost but that was less work to recover from than all the missing procedures we have for fixing problems.)

Spy Sweeper and/or Windows Defender may have blocked the removal of the PCSecurityShield item from your HJT log. We will try to correct that this time. Complete all steps in the order given.

First uninstall Windows Defender since you have a paid version of Spy Sweeper.

Now shutdown Spy Sweeper by right clicking on the tray icon and select Exit (or similar).

Run HijackThis and select the following lines but DO NOT CLICK FIX until you exit all browser sessions including the one you are reading in right now:
O4 - HKLM\..\Run: [MyRegistryCleaner] C:\Program Files\PCSecurityShield\MyRegistryCleaner\MyRegistryCleaner.exe
O16 - DPF: {01010E00-5E80-11D8-9E86-0007E96C65AE} -
O16 - DPF: {01012101-5E80-11D8-9E86-0007E96C65AE} -

After clicking Fix, exit HJT.
Now Copy the bold text below to notepad. Save it as fixWLK.reg to your desktop. Be sure the "Save as" type is set to "all files" Once you have saved it double click it and allow it to merge with the registry.

Now reboot your PC.

After rebboot, attach the below new logs and tell me how the above steps went.

1. ShowNew
2. HJT

Make sure you tell me how things are working now!

Reminder Note: Once we have determined you are malware free you will need to disable System Restore, reboot, and re-enable system restore per step 1 of the READ & RUN ME. This only applies to if using WinXP or WinMe.

 

Goto Add/Remove programs and uninstall the below:
MarketResearch
Windows Defender Signatures

How are things running now?

 

Copy the bold text below to notepad. Save it as fixme.reg to your desktop. Be sure the "Save as" type is set to "all files" Once you have saved it double click it and allow it to merge with the registry.

It is not malware. It is due to what you are running. The most likely culprits are McAfee and Spy Sweeper.

 

You're welcome.

Let's try to cleanup some stuff left over from Symantec Internet Security Suite.

• Click on Start, then Run ... type services.msc into the box that opens up, and press 'OK'.
• On the page that opens, scroll down to Symantec Core LC
• then right click the entry, select Properties and press Stop Service.
• When it shows that it is stopped, next please set the Start-up Type to 'Disabled'.
• Click OK until you get back to Windows.

• Next, run HJT, but instead of scanning, click on the None of the above, just start the program button at the bottom of the choices.
• At the lower right, click on the Config button
• Then click the Misc tools button
• Select Delete an NT Service
• Copy/pasteSymantec Core LC into the box that opens, and press OK
• If you receive any error messages just ignore them and continue.
• Now exit HJT but do not reboot when it tells you it needs to. We will do that further down after running HJT again to fix some other items.

Now shut down Spy Sweeper before doing the below!

Run HijackThis and select the following lines (if they still exist) but DO NOT CLICK FIX until you exit all browser sessions including the one you are reading in right now:

O16 - DPF: {3451DEDE-631F-421C-8127-FD793AFC6CC8} (ActiveDataInfo Class) - http://www.symantec.com/techsupp/asa/ctrl/SymAData.cab
O16 - DPF: {44990200-3C9D-426D-81DF-AAB636FA4345} (Symantec SmartIssue) - http://www.symantec.com/techsupp/asa/ctrl/tgctlsi.cab
O16 - DPF: {44990301-3C9D-426D-81DF-AAB636FA4345} (Symantec Script Runner Class) - http://www.symantec.com/techsupp/asa/ctrl/tgctlsr.cab
O16 - DPF: {CE28D5D2-60CF-4C7D-9FE8-0F47A3308078} (ActiveDataInfo Class) - http://www.symantec.com/techsupp/asa/ctrl/SymAData.cab
O23 - Service: Symantec Core LC - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe

After clicking Fix, exit HJT.

Now reboot your PC.

After reboot attach a new HJT log and tell me how things are working.

 

I don't see it in your HJT log! Are you saying you still see it in the service list shown using services.msc?

 

Tell me what it says exactly for the below items when you double click on the service in the services window:

Service Name:
Display Name:
Path to executable:
Startup type:
Service status:

 

Okay then try the below again and tell me exactly what happens! If you get any error messages, tell me what they are later but continue with the steps anyway.

• Run HJT, but instead of scanning, click on the None of the above, just start the program button at the bottom of the choices.
• At the lower right, click on the Config button
• Then click the Misc tools button
• Select Delete an NT Service
• Copy/pasteSymantec Core LC into the box that opens, and press OK
• If you receive any error messages just ignore them and continue.
• Now exit HJT and reboot when it tells you it needs to.

Question: Does the below folder exist?

C:\Program Files\Common Files\Symantec Shared

 

Yes but that is not true and it is the reason why I have the statement about ignoring error messages from HJT. But thanks for answering my question. I just wanted to make sure that you were not getting some other kind of error message.

Please give me the exact names of all files in this folder.

Also let's try something. Run this: Norton Removal Tool (SymNRT)

Is the service gone now? What about the Symantec Shared folder?

 

I don't know! Based on file searches they relate to the security products but who knows how dumb Symantec may be on naming their files and where they save them.

The only to know if they are need is one of the below:

1. Call Symantec and ask them
2. delete the using Pocket Killbox and see if Partition Magic still work afterwards
3. Uninstall Partition Magic and see if the files go away. But this may not be a very good indicator since Symantec software and files can be more difficult to remove than malware.