Hi 3weeks ago I was playing my simcity4 game then it frozed I then restarted my computer and when I got back to the desktop the color setting change and also the screen size, my internet stop working and my anti-virus detected a virus that boot's in the start up, I try to change the settings of the colors in display properties but it changes back to the lowest color which is 16 colors. when I change the settings of the colors and the size of the screen it then switches back to the lowest size and colors, I ran my anti-virus programs it found virus files but could not delete it, So I did it manualy, and I still have the problem, I check the boot regisry and the loading files their was 2 more files added, I deleted the line of code and restarted my computer, I still have the same problem. I later found out this is a malware file and so I went to run then type in sysedit and press enter, I look at system.ini and found new boot commands then I delete it and restart the computer and nothing happens, this has been going on 3 weeks and still is not fix oe cleared.
Any suggestions on what I should do or any other ways to find out if their is a another file to delete? Thanks for your time.

Hi i DID A STARTUP SCAN ON THE FILES THAT BOOT'S IN THE STARTUP OF THE COMPUTER.
HERE IS THE LOG THING.

----------------
StartupList report, 6/22/05, 4:39:41 PM
StartupList version: 1.52
Started from : A:\STARTUPLIST.EXE
Detected: Windows 98 SE (Win9x 4.10.2222A)
Detected: Internet Explorer v6.00 SP1 (6.00.2800.1106)
* Using default options
==================================================

Running processes:

C:\WINDOWS\SYSTEM\KERNEL32.DLL
C:\WINDOWS\SYSTEM\MSGSRV32.EXE
C:\WINDOWS\SYSTEM\MPREXE.EXE
C:\WINDOWS\SYSTEM\mmtask.tsk
C:\PROGRAM FILES\COMMON FILES\AOL\ACS\ACSD.EXE
C:\WINDOWS\SYSTEM\MSTASK.EXE
C:\WINDOWS\EXPLORER.EXE
C:\WINDOWS\TASKMON.EXE
C:\WINDOWS\SYSTEM\SYSTRAY.EXE
C:\PROGRAM FILES\CREATIVE\SHAREDLL\CTNOTIFY.EXE
C:\WINDOWS\SYSTEM\QTTASK.EXE
C:\WINDOWS\SYSTEM\WMIEXE.EXE
A:\STARTUPLIST.EXE

---------------------

Listing of startup folders:

Shell folders Startup:
[C:\WINDOWS\Start Menu\Programs\StartUp]
WinZip Quick Pick.lnk = C:\Program Files\WinZip\WZQKPICK.EXE

---------------------

Autorun entries from Registry:
HKLM\Software\Microsoft\Windows\CurrentVersion\Run

ScanRegistry = C:\WINDOWS\scanregw.exe /autorun
TaskMonitor = C:\WINDOWS\taskmon.exe
SystemTray = SysTray.Exe
Disc Detector = C:\Program Files\Creative\ShareDLL\CtNotify.exe
RealTray = C:\Program Files\Real\RealPlayer\RealPlay.exe SYSTEMBOOTHIDEPLAYER
QuickTime Task = "C:\WINDOWS\SYSTEM\QTTASK.EXE" -atboottime
LoadQM = loadqm.exe
LWBMOUSE = C:\Program Files\Belkin Mouse 1.0\MOUSE32A.EXE
AVGCtrl = C:\PROGRAM FILES\AVPERSONAL\AVGCTRL.EXE /min
Welcome = C:\WINDOWS\Welcome.exe /R
NAV DefAlert = C:\PROGRA~1\NORTON~1\DEFALERT.EXE
SpyStopper = C:\PROGRAM FILES\SPYSTOPPER\spystopper.exe
LoadPowerProfile = Rundll32.exe powrprof.dll,LoadCurrentPwrScheme
Norton Auto-Protect = C:\PROGRA~1\NORTON~1\NAVAPW32.EXE /LOADQUIET

---------------------

Autorun entries from Registry:
HKLM\Software\Microsoft\Windows\CurrentVersion\RunServices

AolAcsDaemon1 = "C:\PROGRAM FILES\COMMON FILES\AOL\ACS\ACSD.EXE"
LoadPowerProfile = Rundll32.exe powrprof.dll,LoadCurrentPwrScheme
SchedulingAgent = C:\WINDOWS\SYSTEM\mstask.exe
CSINJECT.EXE = C:\Program Files\Norton CleanSweep\CSINJECT.EXE

---------------------

Autorun entries from Registry:
HKCU\Software\Microsoft\Windows\CurrentVersion\Run

Yahoo! Pager = C:\Program Files\Yahoo!\Messenger\ypager.exe -quiet
MsnMsgr = "C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background
AIM = C:\PROGRAM FILES\AIM\aim.exe -cnetwait.odl
SpySweeper = C:\Program Files\Webroot\Spy Sweeper\SpySweeper.exe /0

---------------------

Shell & screensaver key from C:\WINDOWS\SYSTEM.INI:

Shell=Explorer.exe
SCRNSAVE.EXE=
drivers=mmsystem.dll power.drv

---------------------

C:\WINDOWS\WININIT.BAK listing:
(Created 20/6/2005, 20:53:12)

[Rename]
NUL=C:\WINDOWS\TEMP\PFT227~1\VCSETUP.EXE
NUL=C:\WINDOWS\TEMP\_ISTMP9.DIR\CORECOMP.INI
NUL=C:\WINDOWS\TEMP\_ISTMP9.DIR\CTL3D32.DLL
NUL=C:\WINDOWS\TEMP\_ISTMP9.DIR\114C3E.DLL
NUL=C:\WINDOWS\TEMP\_ISTMP9.DIR\ISUNINST.EXE
NUL=C:\WINDOWS\TEMP\_ISTMP9.DIR\_REGTLB.DLL
NUL=C:\WINDOWS\TEMP\_ISTMP9.DIR\BBRD1.BMP
NUL=C:\WINDOWS\TEMP\_ISTMP9.DIR\BBRD2.BMP
NUL=C:\WINDOWS\TEMP\_ISTMP9.DIR\BBRD3.BMP
NUL=C:\WINDOWS\TEMP\_ISTMP9.DIR\LICENSE.TXT
NUL=C:\WINDOWS\TEMP\_ISTMP9.DIR\SUPPORTS.DLL
NUL=C:\WINDOWS\TEMP\_ISTMP9.DIR\UNINST.DLL
NUL=C:\WINDOWS\TEMP\_ISTMP9.DIR\WALL256.BMP
NUL=C:\WINDOWS\TEMP\_ISTMP9.DIR\WIZ_BE~1.BMP
NUL=C:\WINDOWS\TEMP\_ISTMP9.DIR\WIZ_CO~1.BMP
NUL=C:\WINDOWS\TEMP\_ISTMP9.DIR\WIZ_DE~1.BMP
NUL=C:\WINDOWS\TEMP\_ISTMP9.DIR\WIZ_DI~1.BMP
NUL=C:\WINDOWS\TEMP\_ISTMP9.DIR\WIZ_SE~1.BMP
NUL=C:\WINDOWS\TEMP\_ISTMP9.DIR\WIZ_SE~2.BMP
NUL=C:\WINDOWS\TEMP\_ISTMP9.DIR\WIZ_SE~3.BMP
NUL=C:\WINDOWS\TEMP\_ISTMP9.DIR\WIZ_SE~4.BMP
NUL=C:\WINDOWS\TEMP\_ISTMP9.DIR\WIZ_US~1.BMP
NUL=C:\WINDOWS\TEMP\_ISTMP9.DIR\WIZ_WE~1.BMP
NUL=C:\WINDOWS\TEMP\_ISTMP9.DIR\VALUE.SHL
NUL=C:\WINDOWS\TEMP\_ISTMP9.DIR\114BFD.DLL
NUL=C:\WINDOWS\TEMP\_ISTMP9.DIR\SAVE0.REG
NUL=C:\WINDOWS\TEMP\_INS5176._MP
NUL=C:\WINDOWS\TEMP\ZDATAI51.DLL
NUL=C:\WINDOWS\TEMP\_WUTL951.DLL

---------------------

C:\AUTOEXEC.BAT listing:

C:\PROGRA~1\GRISOFT\AVGFRE~1\BOOTUP.EXE
SET GMAXLOC=C:\gmax\
Set tvdumpflags=10
PATH C:\BITWARE\

---------------------

Enumerating Browser Helper Objects:

(no name) - C:\PROGRA~1\SPYBOT~1\SDHELPER.DLL - {53707962-6F74-2D53-2644-206D7942484F}

---------------------

Enumerating Task Scheduler jobs:

Tune-up Application Start.job
Symantec NetDetect.job
EastTecEraser.job
EB125A5C6E7B0D13.job
Maintenance-Defragment programs.job
Maintenance-ScanDisk.job
Maintenance-Disk cleanup.job
XoftSpy.job
Scan for Viruses.job

---------------------

Enumerating Download Program Files:

[YInstStarter Class]
CODEBASE = http://download.yahoo.com/dl/installs/yinst0309.cab

[Web P2P Installer]
InProcServer32 = C:\WINDOWS\DOWNLOADED PROGRAM FILES\WEBP2PINSTALLER.DLL

[QuickTime Object]
InProcServer32 = C:\WINDOWS\SYSTEM\QTPLUGIN.OCX
CODEBASE = http://www.apple.com/qtactivex/qtplugin.cab

[Zoom Class]
CODEBASE = http://www.zoomify.com/download/zoomify306.cab

[Shockwave ActiveX Control]
InProcServer32 = C:\WINDOWS\SYSTEM\MACROMED\DIRECTOR\SWDIR.DLL
CODEBASE = http://download.macromedia.com/pub/shockwave/cabs/director/sw.cab

[Update Class]
InProcServer32 = C:\WINDOWS\SYSTEM\IUCTL.DLL
CODEBASE = http://v4.windowsupdate.microsoft.com/CAB/x86/ansi/iuctl.CAB?38516.4147222222

---------------------

Enumerating ShellServiceObjectDelayLoad items:

WebCheck: C:\WINDOWS\SYSTEM\WEBCHECK.DLL

---------------------
End of report, 6,578 bytes
Report generated in 0.111 seconds

Command line options:
/verbose - to add additional info on each section
/complete - to include empty sections and unsuspicious data
/full - to include several rarely-important sections
/force9x - to include Win9x-only startups even if running on WinNT
/forcent - to include WinNT-only startups even if running on Win9x
/forceall - to include all Win9x and WinNT startups, regardless of platform
/history - to list version history only

IF YOU CAN POINT OUT ANY FILE THAT YOU KNOW IS A MALWARE TYPE FILES OR VIRUS TYPE PLEASE LET ME KNOW.I used the startup.exe to give me this log. Thanks for your time.