Badly infected system

[khalilcs]

Hi guys, I am in my girlfriends computer and she has a system very infected. She has like those toolbars spywares, trojans and her security is very low. She doesnt know about computers much so its very vulnerable.

I follow all the preliminary removal instructions:

I am attaching all the neccessary logs

The panda antiroot kit came out negative


I thank you all very much for your support!

 

[kimsland]

Looks like Symantec (Norton) and AVG8 installed together
You also have YPCSER~1.EXE (Yahoo parental control) going on
And a few Toolbars and things

I'd say do this:

Remove Norton (fully)
Decide on removing Yahoo parental control (your option)

How to use Reset Internet Explorer Settings (RIES

To use RIES in Internet Explorer 7, follow these steps:

1. Click the Tools menu, and then click Internet Options.
2. On the Advanced tab, click Reset.
3. In the Reset Internet Explorer Settings dialog box, click Reset.
4. When Internet Explorer 7 finishes restoring the default settings, click Close, and then click OK two times.
5. Close Internet Explorer 7. The changes take effect the next time that you open Internet Explorer 7.

You do have IE7 on that HP?

Also run Startup Control Panel
Run CCleaner

Then at last (after a few restarts- ie the above) Then do another HJT log
If you want, you can update AVG8 definitions online too (and even run a full scan with it) then do the HJT log

That's a good start

 

[khalilcs]

Alright Kimsland I did everything you told me

here I run another HJT log

Thanks so much for helping me

How is the computer looking?

 

[slayerstuv]

not to be rude but you should get rid of avg as well and get avast

 

[Blind Dragon]

Norton isn't gone you need to run the removal tool from their site.

Then please follow these Viruses/Spyware/Malware, preliminary removal instructions and post back in this thread with the requested logs. There should be at least 3.

1)MBAM log
2)SAS log
3)Hijackthis log (last step)

 

[kimsland]

LiveUpdate for Symantec (Norton):
C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe
This can be removed from Add/Remove Programs

Here it is again:
C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe

Not sure if others can chck as well (because I cannot find anything else of any worry)

How's the computer running now?

Doh! I had my message opened too long again