Virus or Trjan removal

Welcome to Majorgeeks!

Please remember that HijackThis logs must be obtained from normal boot mode not safe mode.

Is your copy of SpywareDoctor a trial version or a paid version? If trial, I would recommend uninstalling since you now have Windows Defender installed.

Also if CounterSpy is a trial, uninstall it too. Did you save a log from it?

You did not tell us what your specific problem is. I see nothing major. Just some minor things to cleanup.

Click on Start, then Run ... type services.msc into the box that opens up, and press 'OK'. On the page that opens, scroll down to SymWMI Service ... then right click the entry, select 'Properties' and press 'Stop Service'. When it shows that it is stopped, next please set the 'Start-up Type' to 'Disabled'. Press 'OK' until you get back to Windows.

Next, run HJT, but instead of scanning, click on the "None of the above, just start the program" button at the bottom of the choices. At the lower right, click on the 'Config" button, and then the Misc tools' button ... select 'Delete an NT Service" ... copy/paste the following into the box that opens, and press "OK":

SymWSC

If you receive any error messages just ignore them and continue.

Now exit HJT but do not reboot when it tells you it needs to. We will do that further down after running HJT again to fix some other items.

Make sure viewing of hidden files is enabled (per the tutorial).

Run HijackThis and select the following lines but DO NOT CLICK FIX until you exit all browser sessions including the one you are reading in right now:
O2 - BHO: (no name) - {549B5CA7-4A86-11D7-A4DF-000874180BB3} - (no file)
O2 - BHO: (no name) - {FDD3B846-8D59-4ffb-8758-209B6AD74ACC} - (no file)
O4 - HKLM\..\Run: [UserFaultCheck] %systemroot%\system32\dumprep 0 -u

After clicking Fix, exit HJT.
Boot into safe mode and use Windows Explorer to delete:
C:\Documents and Settings\DAVE\Local Settings\Temp <--- delete all files in this folder (windows will block a couple from the current date)
C:\Documents and Settings\DIANE\Local Settings\Temp <--- delete all files in this folder (windows will block a couple from the current date)

Now if running Win XP goto c:\windows\Prefetch and delete all files in this folder.
Now run Ccleaner (installed while running the READ ME FIRST).

Now we need to Reset Web Settings:

1. If you have an Internet Explorer icon on your Desktop, goto step 2. If not, skip to step 3.
2. Now right click on your desktop Internet Explorer icon and select Properties. Then click the Programs tab and then click "Reset Web Settings". Now go back to the General tab and set your home page address to something useful like www.majorgeeks.com. Click Apply. Click Delete Cookies, Click Delete Files and select Delete all Offline content too, Click OK. When it finishes Click OK. Then skip step 3.
3. If you do not have an Internet Explorer icon on your Desktop, click Start, Control Panel (for some systems it may be Start, Settings, Control Panel), Internet Options, Programs tab and then click "Reset Web Settings". Now go back to the General tab and set your home page address to something useful like www.majorgeeks.com. Click Apply. Click Delete Cookies, Click Delete Files and select Delete all Offline content too, Click OK. When it finishes Click OK.

If Windows Defender gives you any messages about start page changes etc when you do the above or after reboot, make sure you allow/accept the changes or the Reset will not work.

Now reboot in normal mode and post a new HJT log.

Make sure you tell me how things are working now.

Reminder Note: Once we have determined you are malware free you will need to disable System Restore, reboot, and re-enable system restore per step 1 of the READ & RUN ME. This only applies to if using WinXP or WinMe.

 

I'm not clear on what you are saying here. First you seem to say your account is slow! And then you seem to say the other user accounts are slow but your are not. Please explain which accounts are slow and which are not.

You have mutliple antivirus applications installed and you MUST only use one. You have McAfee and PC Tools Antivirus. Decide which you prefer and uninstall the other. Running two antivirus applications will slow your PC down a bunch.

I also see CounterSpy, Spyware Doctor and Windows Defender all running. Are CounterSpy and Spyware Doctor paid version or trial versions? Yes we do ask you to run Windows Defender in the READ ME, but for long term, we do not want to see multiple full blocking antispyware programs like these three all running. So after you answer my question, I will make a suggestion on what you should do with these.

You have both Yahoo and Google Toolbars. Do you really need/use them?

Do you know what the below are related to? Did you configure these this way?
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.savewealth.com
O14 - IERESET.INF: START_PAGE_URL=http://www.savewealth.com

Whose account are the logs from?

 

Questions:

1. Which antivirus are you going to remove?
2. Yes uninstall CounterSpy and WindowsDefender!
3. How old is this PC? When is the last time a defrag was run?
4. How large is the hard disk and how much free disk space is there?
5. What is the process type and speed and how much RAM do you have?
6. If you boot in safe mode is it still very slow?

 

Okay! But which antivirus program are you removing? You must use only one and you have both PC Tools AntiVirus and McAfee.

Check how much RAM by right clicking on MyComputer and selecting Properties. Read the info from there.

Now right click on Start and select Explore. Then locate your C drive and right click on it in the Explorer windows. Then select Properties and then Tools. Then click Defragment Now. In the next window select Defragment and allow it to deframent the disk. This will take a while. Just let it run and don't do anything else while defragmenting.

 

Had you done this in step 3 of the READ ME as requested, your problems would have been resolved earlier. See how important that step is?

If you are not having any other malware problems, you should work thru the below link:

How to Protect yourself from malware!