Went through "read and run me first," still having problems.

You missed a few steps from the READ & RUN ME.

From step 0 of the READ ME, you did not uninstall the below to items that were listed. Uninstall them now.
Viewpoint Toolbar
Windows Safety Alert


Now go back and do all of step 2 properly. Make sure you observe all items to do.

Also in step 6 of the READ ME you did not uninstall your old outdate Sun Java version and install the new version. Let's do this now.

Uninstall the below old versions of software:
J2SE Runtime Environment 5.0 Update 3

Make sure you reboot after uninstalling the above!

After reboot, now install the current version of Sun Java from: Sun Java Runtime Environment

Make sure viewing of hidden files is enabled (per the tutorial).

Run HijackThis and select the following lines but DO NOT CLICK FIX until you exit all browser sessions including the one you are reading in right now:

R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - (no file)
O2 - BHO: (no name) - {549B5CA7-4A86-11D7-A4DF-000874180BB3} - (no file)
O2 - BHO: (no name) - {FDD3B846-8D59-4ffb-8758-209B6AD74ACC} - (no file)
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_01\bin\jusched.exe"
O4 - HKCU\..\Run: [Pest-Capture] C:\Program Files\PestCapture\PestCapture.exe
O4 - Startup: PowerReg Scheduler.exe
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O8 - Extra context menu item: &Search - http://edits.mywebsearch.com/toolbaredits/menusearch.jhtml?p=ZN
O9 - Extra button: (no name) - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - (no file)

After clicking Fix, exit HJT.
Boot into safe mode and use Windows Explorer to delete the below folders:
C:\Documents and Settings\Heidi\Application Data\WinAntiSpyware 2007
C:\Program Files\PestCapture
C:\Program Files\SpywareLocked 3.3
C:\Program Files\WinAntiSpyware 2007 Free
C:\Program Files\Common Files\WinAntiSpyware 2007 Free

Now run Ccleaner

Now attach the below new logs and tell me how the above steps went.

1. GetRunKey
2. ShowNew
3. HJT

Make sure you tell me how things are working now!

Reminder Note: Once we have determined you are malware free you will need to disable System Restore, reboot, and re-enable system restore per step 1 of the READ & RUN ME. This only applies to if using WinXP or WinMe.

 

Well actually you did not get any of the items asked you to fix with HijackThis fixed. Did you select each line and then click Fix Checked? Or is it possible you got your HJT log before you fixed the items? Check your log now and make sure all items are fixed. If not, then fix them and then get a new log after you have fixed them. Attach the new log.

Also I still see Viewpoint Toolbar installed. Did you forget to uninstall it or did it come back or not uninstall in the first place. Run this ViewpointKiller to remove Viewpoint Media software.

Then attach a new log from ShowNew.

Do you use Microsoft Money?
Do you use Yahoo Pager?
Do you use MSN Messenger?
Do you use AIM?

 

It is still there. Are you sure you ran ShowNew after using ViewPointKiller? Make sure you are not stopping ViewPointKiller from running properly. You antivirus porgram could popup a message about a script or a similar message while trying to remove Viewpoint. If you do not allow the script to run, the removal will fail. Run ViewpointKiller again and attach a log from it this time.

Okay! I will add them to the below list of things to fix/stop from loading at startup.

What you may be experiencing here could be the delays that running all of the Norton/Symantec software is doing to you. It is a well known resource hog. However, let's remove a few more non-malware items from your startup that are unnecessary and see if it helps a little more.

Did you purchase SpeedUpMyPC? I doubt it really helps that much and running it all the time at every startup seems unnecessary to me. You may want to stop loading it a startup as an experiment to see how it is affecting your startup time.



Run HijackThis and select the following lines but DO NOT CLICK FIX until you exit all browser sessions including the one you are reading in right now:

O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_01\bin\jusched.exe"
O4 - HKCU\..\Run: [MoneyAgent] "C:\Program Files\Microsoft Money\System\mnyexpr.exe"
O4 - HKCU\..\Run: [Yahoo! Pager] C:\Program Files\Yahoo!\Messenger\ypager.exe -quiet
O4 - Global Startup: Instant Update Reminder.lnk = ?
After clicking Fix, exit HJT.
Now reboot in normal mode

Now attach the below new logs and tell me how the above steps went.

1. ViewpointKiller log
2. ShowNew
3. HJT

Make sure you tell me how things are working now!

 

Okay it is uninstall now, but you need to delete two remaining folders from it. Delete the below:
C:\Documents and Settings\Heidi\Local Settings\Application Data\Viewpoint
C:\Program Files\Common Files\Viewpoint

There are many reasons why we don't like it:

• price especially since it does not work that well
• it is a massive resource hog and every week we have to explain to people that their PCs are not slow due to malware but due to Norton.
• it does not find many major infections that we see all the time
• it does not remove many things that it finds
• it can be more difficult to get uninstalled then malware
• there are free alternatives that work at least as well if not better and they don't slow PCs down as much

Your log is clean. If you are not having any other malware problems, it is time to do our final steps:

1. If we used Pocket Killbox during your cleanup, do the below
   • Run Pocket Killbox and select File, Cleanup, Delete All Backups
2. If we used ComboFix you can delete the ComboFix.exe file and associated C:\combofix.txt log that was created.
3. If we user SDFix you can delete all the SDFix related files and folders from your Desktop or whereever you installed it.
4. If we used VundoFix, you can delete the VundoFix.exe file and the C:\VundoFix Backups folder and C:\vundofix.txt log that was created.
5. If we had your run FixWareOut, you can delete the Fixwareout.exe file and the C:\fixwareout folder.
6. If we had you run Avenger, you can delete all files related to Avenger now.
7. If we had you download any registry patches like fixme.reg or fixWLK.reg (or any others), you can delete these files now.
8. You can delete the ShowNew.Zip and GetRunkey.Zip files and the files that you extracted from the ZIP files. You can also delete the C:\newfiles.txt and C:\runkeys.txt logs that were created
9. If you are running Windows XP or Windows ME, do the below:
   • go back to step 8 of the READ & RUN ME to Disable System Restore which will flush your Restore Points.
   • Then reboot and Enable System Restore to create a new clean Restore Point.
10. After doing the above, you should work thru the below link:
    • How to Protect yourself from malware!