Virus on Computer

You may be looking at an older sticky.....please do this:
Welcome to Majorgeeks!

Please follow our standard cleaning procedures which are necessary for us to provide you support. Also there are steps included for installing, running, and posting HijackThis logs as attachments.

• Run ALL the steps in this Sticky thread READ & RUN ME FIRST Before Asking for Support
• Make sure you check version numbers and get all updates.
• Very Important: Make sure you tell us the results from running the tutorial...was anything found? Were you unable to complete any of the scans?...Were you unable to download any of the tools?...Did you do the on-line scans as suggested? etc.

• After doing ALL of the above you still have a problem make sure you have booted to normal mode and run the steps in the below link to properly use HijackThis and attach a log:

Downloading, Installing, and Running HijackThis​

Make sure you also rename HijackThis.exe as suggested in the procedures. Use analyse.exe for the new name. This is very important due to some new infections going around.​

• When you return to make your next post, make sure you attach the following logs and that you have run these scans in the following order too:
  • CounterSpy
  • AVG Antispyware log - ONLY IF NEEDED you were not able to run CounterSpy
  • Bitdefender - from step 6
  • Panda Scan - from step 6
  • runkeys.txt - the log from GetRunKey.bat
  • newfiles.txt - the log from ShowNew.bat
  • HijackThis

NOTE: You can only attach 3 files in a single message so it will require that you use two messages to attach all of these logs!

 

Please re-read the tips on the error messages on the download link pages and also make sure your EXTRACT all files from the ZIP file as instructed. If you do not follow the instructions on those pages, the tools will not work properly.

 

What folder did you extract GetRunKey.zip too? Tell me what files you see in the folder. DO NOT click on GetRunKey.zip as I do not want you to tell me what is in the ZIP archive.

What folder did you extract ShowNew.zip too? Tell me what files you see in the folder.

Are you sure that you are not getting any of the mentioned error messages in the command prompt Window that opens?

 

Are you sure you are not getting any warning from your antivirus or antispyware program about a script trying to run? If you block the .bat files from running, obviously we cannot get a log either.

Perhaps there is also a conflict due to your running multiple antispyware applications. You have at least four realtime blockers running and you only want one. Also one of them is out of date and no longer even supported and that is Microsoft Antispyware.

Uninstall the Sunbelt CounterSpy trial since we are finished with it now!

Also uninstall Microsoft Antispyware and AOL Spyware Protection!

After uninstall all of the above, reboot and then shutdown Trend Micro's Antispyware and Antivirus processes.

Now can you run GetRunKey and ShowNew?

These are the last logs we really need to see to know if you are clean! Thus far, I see no problems!


You should also do the below to remove a bunch of unnecessary NON-MALWARE which is just not necessary!

Run HijackThis and select the following lines but DO NOT CLICK FIX until you exit all browser sessions including the one you are reading in right now:
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = 127.0.0.1
R3 - URLSearchHook: (no name) - <default> - (no file)
O2 - BHO: (no name) - {5C8B2A36-3DB1-42A4-A3CB-D426709BBFEB} - (no file)
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [RealTray] C:\Program Files\Real\RealPlayer\RealPlay.exe SYSTEMBOOTHIDEPLAYER
O4 - HKCU\..\Run: [LDM] C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe
O4 - Global Startup: Logitech Desktop Messenger.lnk = C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LDMConf.exe
O9 - Extra button: (no name) - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - (no file)
O18 - Protocol: bw+0 - {19E5E45E-7A69-4F9C-854A-2076B75309A5} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw+0s - {19E5E45E-7A69-4F9C-854A-2076B75309A5} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw-0 - {19E5E45E-7A69-4F9C-854A-2076B75309A5} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw-0s - {19E5E45E-7A69-4F9C-854A-2076B75309A5} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw00 - {19E5E45E-7A69-4F9C-854A-2076B75309A5} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw00s - {19E5E45E-7A69-4F9C-854A-2076B75309A5} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw10 - {19E5E45E-7A69-4F9C-854A-2076B75309A5} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw10s - {19E5E45E-7A69-4F9C-854A-2076B75309A5} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw20 - {19E5E45E-7A69-4F9C-854A-2076B75309A5} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw20s - {19E5E45E-7A69-4F9C-854A-2076B75309A5} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw30 - {19E5E45E-7A69-4F9C-854A-2076B75309A5} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw30s - {19E5E45E-7A69-4F9C-854A-2076B75309A5} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw40 - {19E5E45E-7A69-4F9C-854A-2076B75309A5} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw40s - {19E5E45E-7A69-4F9C-854A-2076B75309A5} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw50 - {19E5E45E-7A69-4F9C-854A-2076B75309A5} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw50s - {19E5E45E-7A69-4F9C-854A-2076B75309A5} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw60 - {19E5E45E-7A69-4F9C-854A-2076B75309A5} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw60s - {19E5E45E-7A69-4F9C-854A-2076B75309A5} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw70 - {19E5E45E-7A69-4F9C-854A-2076B75309A5} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw70s - {19E5E45E-7A69-4F9C-854A-2076B75309A5} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw80 - {19E5E45E-7A69-4F9C-854A-2076B75309A5} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw80s - {19E5E45E-7A69-4F9C-854A-2076B75309A5} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw90 - {19E5E45E-7A69-4F9C-854A-2076B75309A5} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw90s - {19E5E45E-7A69-4F9C-854A-2076B75309A5} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwa0 - {19E5E45E-7A69-4F9C-854A-2076B75309A5} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwa0s - {19E5E45E-7A69-4F9C-854A-2076B75309A5} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwb0 - {19E5E45E-7A69-4F9C-854A-2076B75309A5} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwb0s - {19E5E45E-7A69-4F9C-854A-2076B75309A5} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwc0 - {19E5E45E-7A69-4F9C-854A-2076B75309A5} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwc0s - {19E5E45E-7A69-4F9C-854A-2076B75309A5} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwd0 - {19E5E45E-7A69-4F9C-854A-2076B75309A5} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwd0s - {19E5E45E-7A69-4F9C-854A-2076B75309A5} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwe0 - {19E5E45E-7A69-4F9C-854A-2076B75309A5} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
After clicking Fix, exit HJT.

Now reboot in normal mode
Now attach a new HJT log.

 

You did not fix most of the items I gave you in my last message. Please follow ALL of the directions in message # 9 again. Make sure you uninstall the duplicate antispyware programs as indicated.


You also need to do the below!

Uninstall the below old versions of software:
J2SE Runtime Environment 5.0 Update 5
Java 2 Runtime Environment, SE v1.4.2
Viewpoint Media Player <-- should have been uninstalled in step 0 of the READ ME

Okay now uninstall the Sunbelt CounterSpy trial since we are finished with it now! Then delete the below two folders left behind by the uninstall:
C:\Documents and Settings\Owner\Local Settings\Application Data\Sunbelt Software
C:\Program Files\Sunbelt Software



After doing ALL of the above attach the below new logs and tell me how the above steps went.

1. GetRunKey
2. ShowNew
3. HJT

Make sure you tell me how things are working now!

 

Are you sure that you are selecting and fixing ALL those O18 lines as specified in message # 9? They are all still there along with others I asked you to fix.. Did you shutdown TrendMicro as requested before fixing?

Let's do this again and I'll add in some other instructions too. One to remove AOL Antispyware and another to remove a left over service from Symantec Antivirus. When you use HJT you must make sure you actually SELECT all the lines specified, and then you must make sure all browser windows are closed, and that you have stopped your TrendMicro Antivirus. Then click Fix checked.

• Click on Start, then Run ... type services.msc into the box that opens up, and press 'OK'.
• On the page that opens, scroll down to SymWMI Service
• then right click the entry, select Properties and press Stop Service.
• When it shows that it is stopped, next please set the Start-up Type to 'Disabled'.
• Click OK until you get back to Windows.

• Next, run HJT, but instead of scanning, click on the None of the above, just start the program button at the bottom of the choices.
• At the lower right, click on the Config button
• Then click the Misc tools button
• Select Delete an NT Service
• Copy/pasteSymWSC into the box that opens, and press OK
• If you receive any error messages just ignore them and continue.
• Now exit HJT but do not reboot when it tells you it needs to. We will do that further down after running HJT again to fix some other items.

Run HijackThis and select the following lines but DO NOT CLICK FIX until you exit all browser sessions including the one you are reading in right now:
O4 - HKLM\..\Run: [AOL Spyware Protection] "C:\PROGRA~1\COMMON~1\AOL\AOLSPY~1\AOLSP Scheduler.exe"
O9 - Extra button: ComcastHSI - {669B269B-0D4E-41FB-A3D8-FD67CA94F646} - http://www.comcast.net/ (file missing)
O9 - Extra button: (no name) - {85d1f590-48f4-11d9-9669-0800200c9a66} - %windir%\bdoscandel.exe (file missing)
O9 - Extra button: Support - {8828075D-D097-4055-AA02-2DBFA9D85E8A} - http://www.comcastsupport.com/ (file missing)
O9 - Extra button: Help - {97809617-3937-4F84-B335-9BB05EF1A8D4} - http://online.comcast.net/help/ (file missing)
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O18 - Protocol: bwe0s - {19E5E45E-7A69-4F9C-854A-2076B75309A5} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwf0 - {19E5E45E-7A69-4F9C-854A-2076B75309A5} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwf0s - {19E5E45E-7A69-4F9C-854A-2076B75309A5} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwfile-8876480 - {9462A756-7B47-47BC-8C80-C34B9B80B32B} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\GAPlugProtocol-8876480.dll
O18 - Protocol: bwg0 - {19E5E45E-7A69-4F9C-854A-2076B75309A5} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwg0s - {19E5E45E-7A69-4F9C-854A-2076B75309A5} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwh0 - {19E5E45E-7A69-4F9C-854A-2076B75309A5} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwh0s - {19E5E45E-7A69-4F9C-854A-2076B75309A5} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwi0 - {19E5E45E-7A69-4F9C-854A-2076B75309A5} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwi0s - {19E5E45E-7A69-4F9C-854A-2076B75309A5} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwj0 - {19E5E45E-7A69-4F9C-854A-2076B75309A5} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwj0s - {19E5E45E-7A69-4F9C-854A-2076B75309A5} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwk0 - {19E5E45E-7A69-4F9C-854A-2076B75309A5} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwk0s - {19E5E45E-7A69-4F9C-854A-2076B75309A5} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwl0 - {19E5E45E-7A69-4F9C-854A-2076B75309A5} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwl0s - {19E5E45E-7A69-4F9C-854A-2076B75309A5} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwm0 - {19E5E45E-7A69-4F9C-854A-2076B75309A5} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwm0s - {19E5E45E-7A69-4F9C-854A-2076B75309A5} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwn0 - {19E5E45E-7A69-4F9C-854A-2076B75309A5} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwn0s - {19E5E45E-7A69-4F9C-854A-2076B75309A5} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwo0 - {19E5E45E-7A69-4F9C-854A-2076B75309A5} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwo0s - {19E5E45E-7A69-4F9C-854A-2076B75309A5} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwp0 - {19E5E45E-7A69-4F9C-854A-2076B75309A5} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwp0s - {19E5E45E-7A69-4F9C-854A-2076B75309A5} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwq0 - {19E5E45E-7A69-4F9C-854A-2076B75309A5} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwq0s - {19E5E45E-7A69-4F9C-854A-2076B75309A5} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwr0 - {19E5E45E-7A69-4F9C-854A-2076B75309A5} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwr0s - {19E5E45E-7A69-4F9C-854A-2076B75309A5} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bws0 - {19E5E45E-7A69-4F9C-854A-2076B75309A5} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bws0s - {19E5E45E-7A69-4F9C-854A-2076B75309A5} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwt0 - {19E5E45E-7A69-4F9C-854A-2076B75309A5} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwt0s - {19E5E45E-7A69-4F9C-854A-2076B75309A5} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwu0 - {19E5E45E-7A69-4F9C-854A-2076B75309A5} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwu0s - {19E5E45E-7A69-4F9C-854A-2076B75309A5} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwv0 - {19E5E45E-7A69-4F9C-854A-2076B75309A5} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwv0s - {19E5E45E-7A69-4F9C-854A-2076B75309A5} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bww0 - {19E5E45E-7A69-4F9C-854A-2076B75309A5} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bww0s - {19E5E45E-7A69-4F9C-854A-2076B75309A5} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwx0 - {19E5E45E-7A69-4F9C-854A-2076B75309A5} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwx0s - {19E5E45E-7A69-4F9C-854A-2076B75309A5} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwy0 - {19E5E45E-7A69-4F9C-854A-2076B75309A5} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwy0s - {19E5E45E-7A69-4F9C-854A-2076B75309A5} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwz0 - {19E5E45E-7A69-4F9C-854A-2076B75309A5} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwz0s - {19E5E45E-7A69-4F9C-854A-2076B75309A5} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: offline-8876480 - {19E5E45E-7A69-4F9C-854A-2076B75309A5} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll

After clicking Fix, exit HJT.

Now reboot in normal mode

Now delete the below two folders:
C:\Documents and Settings\Owner\Application Data\Viewpoint
C:\Documents and Settings\Owner\Local Settings\Application Data\Sunbelt Software


Now attach a new HJT log

Make sure you tell me how things are working now!

 

No! I gave it to you in the HJT fix!

No! If I did, I would have put them in the fixes. You logs look clean, but I do question what the below is:

StealthBot v2.6 Revision 3 (remove only)


And also did you knowingly install Remote Packet Capture Protocol If not, you should uninstall it.

Are you having any problems?

 

It is used for capturing packets. I doubt that would be required for any games and it it was I would question the game. It is a valid program but it could be used for malicious purposes. Look for WinPcap 3.1 in Add/Remove programs and uninstall it.

Wrong approach! Why are you running stuff that you don't need? Just uninstall them or from inside the programs themselves, tell them not to load at startup. What items are you talking about?

In safe mode the resolutions available are based on what drivers your system can load for the hardware in safe mode. You can try the below to see what resolutions you can get.

Right-click the desktop and choose Properties. Switch to the Settings tab and click Advanced, then switch to the Adapter tab. Click List All Modes and select a new resolution that’s 800 x 600 or higher. Click OK >Apply. If you’re happy with the results, click OK. You may find higher resolutions have problems such as streaking, so click List All Modes again to pick another.

Note: Some people only get a max of 640 x 480 in safe mode.

 

I'm really surprised you did not mentioned BigFix. It is a massive resource hog. I always uninstall it. However if you think you may need it some day, at least you should stop it from loading at startup. There is no reason for it to always run.

I'm also surprised you did not mention this piece of junk: Logitech Desktop Messenger I would uninstall it too.


I see the below installed. You should begin by uninstalling these (I'm including WinPcap which you did not uninstall yet). If I mention things you know you want, just keep them and tell me your decision.

I don't see anything named Media Manager Services What are you referring too? Did you mean this?
O4 - HKCU\..\Run: [PhotoShow Deluxe Media Manager] C:\PROGRA~1\Nero\data\Xtras\mssysmgr.exe

If that is what you meant, added to the HJT fix that I give below!

With regards to Yahoo Widget Engine, we will fix it but are you still using the Yahoo Toolbar? I do see it installed.

Now I'm going to suggest even more things then you mentioned to fix with HJT! They are all not necessary.

Run HijackThis and select the following lines but DO NOT CLICK FIX until you exit all browser sessions including the one you are reading in right now:
O4 - HKLM\..\Run: [Motive SmartBridge] C:\PROGRA~1\VERIZO~1\SMARTB~1\MotiveSB.exe
O4 - HKLM\..\Run: [HostManager] C:\Program Files\Common Files\AOL\1131680280\ee\AOLSoftware.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre1.6.0\bin\jusched.exe
O4 - HKCU\..\Run: [ares] "C:\Program Files\Ares\Ares.exe" -h
O4 - Startup: Yahoo! Widget Engine.lnk = C:\Program Files\Yahoo!\Yahoo! Widget Engine\YahooWidgetEngine.exe
O4 - Global Startup: Adobe Acrobat Speed Launcher.lnk = ?
O4 - Global Startup: Adobe Gamma.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office\OSA9.EXE
O4 - Global Startup: Sonic CinePlayer Quick Launch.lnk = C:\Program Files\Common Files\Sonic Shared\CineTray.exe

After clicking Fix, exit HJT.

Now reboot and attach a new log!

And tell me your status! I bet things look a lot faster (all non-malware related too! )


You still did not delete the below folder as requested much earlier:
C:\Documents and Settings\Owner\Local Settings\Application Data\Sunbelt Software

 

Yes it does! Run this Getting Uninstall Programs List From The Registry and attach the log.

Here is some info about the matcli.exe process being loaded

You decide what you want to do.

Related to Roxio_easy_CD_creater System Tray icon installed by Roxio Easy Media Creator 8 and which allows you to configure your watched folders or to turn the Watched Folders feature of Roxio ON or OFF. Note: located in C:\Program Files\Common Files\Roxio Shared\...

If you don't need this, have HJT fix that startup.

Then uninstall the Yahoo Toolbar.

Actually according to your last GetRunKey log, you did not follow the directions in step 2 of the READ ME. At least not every step. Check again and then look for the file because it was in your last log from ShowNew.

 

Okay WinPcap is now gone. Perhaps you had uninstalled after you had already attached your last log from ShowNew.
If you are not having any other malware problems, it is time to do our final steps:

1. If we used Pocket Killbox during your cleanup, do the below
   • Run Pocket Killbox and select File, Cleanup, Delete All Backups
2. If we used ComboFix you can delete the ComboFix.exe file and associated C:\combofix.txt log that was created.
3. If we user SDFix you can delete all the SDFix related files and folders from your Desktop or whereever you installed it.
4. If we used VundoFix, you can delete the VundoFix.exe file and the C:\VundoFix Backups folder and C:\vundofix.txt log that was created.
5. If we had your run FixWareOut, you can delete the Fixwareout.exe file and the C:\fixwareout folder.
6. If we had you download any registry patches like fixme.reg or fixWLK.reg (or any others), you can delete these files now.
7. You can delete the ShowNew.Zip and GetRunkey.Zip files and the files that you extracted from the ZIP files. You can also delete the C:\newfiles.txt and C:\runkeys.txt logs that were created
8. If you are running Windows XP or Windows ME, do the below:
   • go back to step 8 of the READ & RUN ME to Disable System Restore which will flush your Restore Points.
   • Then reboot and Enable System Restore to create a new clean Restore Point.
9. After doing the above, you should work thru the below link:
   • How to Protect yourself from malware!

 

You're welcome. Surf safely!