Various Items Removed???

You don't really have any major malware problems. We just have some minor cleaning to do. Also you need to get some updates and uninstall a couple programs. But first you need to go back and follow the directions in step 2 of the READ ME. You did not do all of the steps exactly as specified.

Uninstall the Sunbelt CounterSpy trial since we are finished with it now! Then delete the below two folders left behind by the uninstall:
C:\Documents and Settings\All Users\Application Data\Sunbelt Software
C:\Program Files\Sunbelt Software


While we are deleting, here are a few other folders to delete:
C:\Documents and Settings\Lloyd Bergstedt\Application Data\PersonalAntiSpy
C:\Program Files\Common Files\PersonalAntiSpy
C:\Program Files\Common Files\SystemDoctor 2006

Also delete the below file:
C:\WINDOWS\system32\SystemDoctorSetup.exe


Uninstall the below old versions of software:
Java 2 Runtime Environment Standard Edition v1.3.1
Java 2 Runtime Environment Standard Edition v1.3.1_02
Viewpoint Media Player (Remove Only) <-- should have been uninstalled in step 0 of the READ ME

Make sure you reboot after uninstalling the above!

After reboot, now install the current version of Sun Java from: Sun Java Runtime Environment


Did you set the below search pages to about:blank?
R1 - HKCU\Software\Microsoft\Internet Explorer\Search,(Default) = about:blank
R1 - HKLM\Software\Microsoft\Internet Explorer\Search,(Default) = about:blank
R1 - HKLM\Software\Microsoft\Internet Explorer\SearchURL,(Default) = about:blank


Now attach a new log from ShowNew

How are things running now?

I would also like you to tell me if you know what the below files are for?
C:\WINDOWS\system32\SBBD.exe
C:\WINDOWS\system32\SBFC.dat
C:\WINDOWS\system32\SBRC.dat
C:\WINDOWS\system32\drivers\sbhr.sys

If you don't know, please put them into a ZIP file and attach the ZIP file here.

 

Let's see which is the bigger problem. First uninstall Comodo! And see how things are working. Other free firewalls are listed here: How to Protect yourself from malware! see step 3.

At first I thought is may be due to READ ME step 2 not being completed but your ShowNew log does not have these files in there anymore. I'm not sure what removed them because I don't think anything we did was related to them. Unless SB in SBBD stands for SunBelt????? But I never noticed that before. I'll have to reasearch this.

The other two .dat file in the ZIP were truly empty file and did not reveal anything.

 

Not sure about the what is really required for your Verizon connection to work. You would have to check with them what the bare minimum is. Most ISPs are guilty of installing tons of junk you don't need and in most cases do not want since it will affect performance.

My suggestion is to uninstall ALL of your Norton software then reboot and check your HJT log to make sure everything is really uninstalled. Norton can be as difficult to remove as malware. Then reinstall Comodo and also install the below as a replacement for Norton AV.

AVG Free Edition


I also recommend taking either of the below actions (your choice on which one):

1. Uninstall BigFix is you don't use it. It is a massive resource hog
2. Or if you want to keep it around, at least have HJT fix the below line to stop BigFix from loading at startup. You can run it when needed which may be never. I uninstall it from all PCs.
   • O4 - Global Startup: BigFix.lnk = C:\Program Files\BigFix\BigFix.exe

Then tell me how things are working!

 

Please use another color other than red for normal messages! Red is harder to read and should be for emphasis only. If you put quote boxes on only my parts of messages, it makes things easier. See how I did it in message number 6 for example.


Let's see what else is loading but I don't believe any issues you are seeing now are due to malware. Please attach the below new logs and tell me how the above steps went.

1. GetRunKey - please download the new version first.
2. ShowNew
3. HJT

 

Do you use Microsoft Money? If not, uninstall it! If you use it, then run it only when needed and not at startup by fixing the associated line in HJT. Reference line:
O4 - HKCU\..\Run: [MoneyAgent] "C:\Program Files\Microsoft Money\System\mnyexpr.exe"

Also have HJT fix the below two unnecessary startups:
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0\bin\jusched.exe"
O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\HP\HP Software Update\HPWuSchd2.exe

Do you use Microsoft Office and if so, do you need the following feature explained here? http://support.microsoft.com/kb/282599 If not, follow those steps to remove it.

You have stuff left over from Norton. Do you see Norton WMI Update in Add/Remove programs? If yes, uninstall it. If not, run this Getting Uninstall Programs List From The Registry and attach the log.


Now Copy the bold text below to notepad. Save it as fixME.reg to your desktop. Be sure the "Save as" type is set to "all files" Once you have saved it double click it and allow it to merge with the registry.

Delete the below folder if it exists!
C:\Program Files\Symantec


After doing all of the above, how is your startup speed now?

 

Are you saying Antivir is disabled. Try uninstalling it. Reboot (don't skip) and then reinstall. Did that help? What version do you have?

Attach new logs from ShowNew and HJT!

Perhaps you have some other things running at startup which may also be doing auto updates or scanning. You should check. However note that for any normal startup with an antivirus, antispyware, and firewall, it does take a while for them to get all hooked in. Time can be dependent upon you PC's speed, how much RAM you have, and how many and what other startups are all loading at the same time. You could try this program StartRight to prioritize what runs at startup and to have them run in a controlled fashion. Read the info on the download page.

 

You did not say whether uninstalling, rebooting, and reinstalling resolved your problem?

If not, uninstall again, reboot, and delete all folders related to Antivir. Also make sure you delete the below two files if they are still present:
C:\WINDOWS\system32\drivers\avgntdd.sys
C:\WINDOWS\system32\drivers\avgntmgr.sys


Then reininstall Antivir. Does that help! If not, try uninstalling Comodo. Reboot, does AntiVir come up enabled? If so, perhaps you blocked something with Comodo or there is an incompatibility.

 

You're welcome.

If you are not having any other malware problems, it is time to do our final steps:

1. If we used Pocket Killbox during your cleanup, do the below
   • Run Pocket Killbox and select File, Cleanup, Delete All Backups
2. If we used ComboFix you can delete the ComboFix.exe file and associated C:\combofix.txt log that was created.
3. If we user SDFix you can delete all the SDFix related files and folders from your Desktop or whereever you installed it.
4. If we used VundoFix, you can delete the VundoFix.exe file and the C:\VundoFix Backups folder and C:\vundofix.txt log that was created.
5. If we had your run FixWareOut, you can delete the Fixwareout.exe file and the C:\fixwareout folder.
6. If we had you download any registry patches like fixme.reg or fixWLK.reg (or any others), you can delete these files now.
7. You can delete the ShowNew.Zip and GetRunkey.Zip files and the files that you extracted from the ZIP files. You can also delete the C:\newfiles.txt and C:\runkeys.txt logs that were created
8. If you are running Windows XP or Windows ME, do the below:
   • go back to step 8 of the READ & RUN ME to Disable System Restore which will flush your Restore Points.
   • Then reboot and Enable System Restore to create a new clean Restore Point.
9. After doing the above, you should work thru the below link:
   • How to Protect yourself from malware!