I have viruses, i dont know how to remove

Is this a second PC that you are working on? Or is it part of the problem in your other thread?

I think this looks like another PC but I want to be sure. It is not a good idea to work on two PCs at the same time like this. Especially in the threads. It can get very confusing. It is always better to work one PC thru to the end and then start the second.

In your other message thread, you installed HijackThis properly. Why is this one installed incorrectly? Please install it as per the instructions in the READ ME.

Also you seem to have skipped step 0 of the READ ME. I see Viewpoint Manager installed.

Also I see Spybot's Teatimer running which we specifically request not to be used in step 4 & 5.

Are the below items you installed?
C:\Program Files\lycos\Lyc_SysTray.exe
C:\Program Files\Hitware Popup Killer Lite 3\HitwarePKLite.exe

 

No! HJT is not installed correctly. It is installed on your Desktop.

Please fix this now.

Also uninstall Viewpoint Manager! And Viewpoint Toolbar

Also you must disable Teatimer.

To disable TeaTimer, run Spybot and click Mode and select Advanced Mode. Then click Tools and select Resident. Now in the right window pane, uncheck TeaTimer.
Also while this is open, in the left column now select IE Tweaks and then in the right pane make sure all the Miscellaneous locks are unchecked.
Now quit Spybot!

Is the below ProxyServer setting required?
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = 195.188.152.6:8080

 

Click on Start, then Run ... type services.msc into the box that opens up, and press 'OK'. On the page that opens, scroll down to NTBOOTMGR (if that is not found, look for the short name: NTBOOT)... then right click the entry, select 'Properties' and press 'Stop Service'. When it shows that it is stopped, next please set the 'Start-up Type' to 'Disabled'. Press 'OK' until you get back to Windows.

Now repeat the above stop and disable for the following services:
NTLOAD
NTSVCMGR
Windows Overlay Components

Next, run HJT, but instead of scanning, click on the "None of the above, just start the program" button at the bottom of the choices. At the lower right, click on the 'Config" button, and then the Misc tools' button ... select 'Delete an NT Service" ... copy/paste the following into the box that opens, and press "OK":

NTBOOT

Now repeat the Delete NT Service steps for:
NTLOAD
NTSVCMGR
Windows Overlay Components
If you receive any error messages, just ignore them and continue.

Now exit HJT but do not reboot when it tells you it needs to. We will do that further down after running HJT again to fix some other items.

Make sure viewing of hidden files is enabled (per the tutorial).

Run HijackThis and select the following lines but DO NOT CLICK FIX until you exit all browser sessions including the one you are reading in right now:
O2 - BHO: (no name) - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - (no file)
O2 - BHO: (no name) - {944864A5-3916-46E2-96A9-A2E84F3F1208} - (no file)
O2 - BHO: (no name) - {A0533E6E-B672-405F-9BD2-431C686FA857} - (no file)
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - (no file)
O18 - Protocol: bt2 - {1730B77B-F429-498F-9B15-4514D83C8294} - (no file)
O18 - Filter: application/x-bt2 - {6E1DDCE8-76BC-4390-9488-806E8FB1AD77} - (no file)
The below should already be gone but we are double checking. Fix if found.
O23 - Service: NTBOOTMGR (NTBOOT) - Unknown owner - C:\WINDOWS\SYSTEM\DRIVER\ntuser.exe (file missing)
O23 - Service: NTLOAD - Unknown owner - C:\WINDOWS\SYSTEM\DRIVER\ntsrv.exe (file missing)
O23 - Service: NTSVCMGR - Unknown owner - C:\WINDOWS\SYSTEM\DRIVER\ntsrv.exe (file missing)
O23 - Service: Windows Overlay Components - Unknown owner - C:\WINDOWS\cypdjnf.exe (file missing)

After clicking Fix, exit HJT.
Boot into safe mode and use Windows Explorer to delete:
C:\WINDOWS\SYSTEM\DRIVER\ntuser.exe
C:\WINDOWS\SYSTEM\DRIVER\ntsrv.exe
C:\WINDOWS\SYSTEM\DRIVER\ntsrv.exe
C:\WINDOWS\cypdjnf.exe

If you get an error when deleting a file. Right click on the file and check to see if the read only attribute is checked. If it is, uncheck it and try again. Other wise open Task Manager and kill the process if running then delete the file.

Now if running Win XP goto c:\windows\Prefetch and delete all files in this folder.
Now run Ccleaner (installed while running the READ ME FIRST).

Now reboot in normal mode and post a new HJT log.

Make sure you tell me how things are working now.

Reminder Note: Once we have determined you are malware free you will need to disable System Restore, reboot, and re-enable system restore per step 1 of the READ & RUN ME. This only applies to if using WinXP or WinMe.

 

That's okay! They are gone! HJT may have deleted them.

This is not malware. You are loading Microworld Antivirus at startup. Have HJT fix the below line:
O4 - HKLM\..\Run: [mwavscan] "C:\Kaspersky\mwavscan.com" /s

You don't need to always run this anyway.

Your log is clean. Are you having any other malware problems?

 

I don't think that is for a router! Could be your Video card. See: http://www.whatsrunning.net/whatsrunning/QueryProcessID.aspx?Process=201

Also I see references to things relating to a Sony-Ericcsson phone or other Symbian type phone. See: http://www.what-process.com/process-info.aspx?p=MROUTE~2.exe

But I have no idea what the process is for!

 

If you are not having any other malware problems, it is time to go back to step 1 of the READ & RUN ME to Disable System Restore which will flush your Restore Points. Then reboot and enable System Restore to create a new clean Restore Point.

After that, you should work thru the below link:

How to Protect yourself from malware!