plz check my logs

Welcome to Major Geeks!

You forgot to attach the log from BitDefender and also it appears that you did not do step 2 of the READ ME exactly as written. If you are sure you did (double check) then it is possible that malware is blocking the settings.

However, even more importantly, you did not tell us what problems you are referring to. I assume one of them is SpyLocked and popups about being infected???

 

Please remember, no inline logs!

I closed your other thread. Attach the 2 logs requested in that thread here.

 

That's good! Now let's finish with the remainder of your cleanup!


Uninstall the below old versions of software:
J2SE Runtime Environment 5.0 Update 10
J2SE Runtime Environment 5.0 Update 6
Viewpoint Manager (Remove Only) <-- should have been uninstalled in step 0 of the READ ME
Viewpoint Media Player <-- should have been uninstalled in step 0 of the READ ME

Make sure you reboot after uninstalling the above!

After reboot, now install the current version of Sun Java from: Sun Java Runtime Environment


Run HijackThis and select the following lines but DO NOT CLICK FIX until you exit all browser sessions including the one you are reading in right now:

R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - (no file)
O4 - HKLM\..\Run: [My Web Search Bar Search Scope Monitor] "C:\PROGRA~1\MYWEBS~1\bar\2.bin\m3SrchMn.exe" /m=0
O4 - HKLM\..\Run: [MyWebSearch Email Plugin] C:\PROGRA~1\MYWEBS~1\bar\2.bin\mwsoemon.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime

After clicking Fix, exit HJT.

Boot into safe mode and use Windows Explorer to delete the below if found:
C:\Program Files\MyWebSearch <--- the whole folder or any similarly named My Web folder
C:\Program Files\SpywareLocked 3.4 <--- the whole folder

Now run Ccleaner

Now we need to Reset Web Settings:

1. If you have an Internet Explorer icon on your Desktop, goto step 2. If not, skip to step 3.
2. Now right click on your desktop Internet Explorer icon and select Properties. Then click the Programs tab and then click "Reset Web Settings". Now go back to the General tab and set your home page address to something useful like www.majorgeeks.com. Click Apply. Click Delete Cookies, Click Delete Files and select Delete all Offline content too, Click OK. When it finishes Click OK. Then skip step 3.
3. If you do not have an Internet Explorer icon on your Desktop, click Start, Control Panel (for some systems it may be Start, Settings, Control Panel), Internet Options, Programs tab and then click "Reset Web Settings". Now go back to the General tab and set your home page address to something useful like www.majorgeeks.com. Click Apply. Click Delete Cookies, Click Delete Files and select Delete all Offline content too, Click OK. When it finishes Click OK.

Note for IE 7 users: You need to select Internet Options then the Advanced tab and then Reset Internet Explorer Settings!

Now reboot in normal mode

Now Copy the bold text below to notepad. Save it as fixME.reg to your desktop. Be sure the "Save as" type is set to "all files" Once you have saved it double click it and allow it to merge with the registry.

Now attach the below new logs and tell me how the above steps went.

1. GetRunKey
2. ShowNew
3. HJT

Make sure you tell me how things are working now!

 

It appears that you did not create and run the fixME.registry patch properly as requested. You must include all lines in bold print. That includes the first line which says REGEDIT4

It looks to me like you created a folder named fixme.reg on your Desktop instead of just creating the file.

Try again. After double clicking on it and answer OK or Yes to the prompt to add it to the registry, Do you receive a success message?


In addition and even worse is the fact that your PC is not in Normal Startup mode anymore. As stated in the READ & RUN ME in step 0, you must not use MSconfig to control startups. Get in normal startup mode and attach new logs from GetRunKey and HJT. Remain in Normal Startup mode.

 

I repeat!!!!

 

Run this Disable/Remove Windows Messenger to remove Windows Messenger.


Now run HijackThis and select the following lines but DO NOT CLICK FIX until you exit all browser sessions including the one you are reading in right now:
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.5.0_10\bin\jusched.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [MyWebSearch Email Plugin] C:\PROGRA~1\MYWEBS~1\bar\2.bin\mwsoemon.exe
O4 - HKLM\..\Run: [My Web Search Bar Search Scope Monitor] "C:\PROGRA~1\MYWEBS~1\bar\2.bin\m3SrchMn.exe" /m=0
After clicking Fix, exit HJT.

Now reboot your PC and attach new logs from GetRunKey and HJT.

Are you having any other malware problems?

 

I don't know what you mean! The bottom left of what! And what programs exactly are you referring to? Give names? For things you don't need or use? Uninstall them?

 

Again I say bottom right of what? Are you talking about the icons on the bottom right of your window? The items in your system tray loading at startup?

Be specific! What is it that you do not recognize? Also which one do you recognize and do you use them?

 

None of those are malware. They are things you installed and are not topics for the malware forum.


If you had expanded the columns in MSconfig you would have seen more details for the 8 items you showed checked.

1. "PD0630 STISvc"="RunDLL32.exe P0630Pin.dll,RunDLL32EP 513"
2. "IPHSend"="C:\\Program Files\\Common Files\\AOL\\IPHSend\\IPHSend.exe"
3. "Dell Photo AIO Printer 922"="\"C:\\Program Files\\Dell Photo AIO Printer 922\\dlbtbmgr.exe\""
4. "ATICCC"="\"C:\\Program Files\\ATI Technologies\\ATI.ACE\\CLIStart.exe\""
5. "ctfmon.exe"="C:\\WINDOWS\\system32\\ctfmon.exe"
6. "OM2_Monitor"="\"C:\\Program Files\\OLYMPUS\\OLYMPUS Master 2\\MMonitor.exe\" -NoStart"
7. "igndlm.exe"="C:\\Program Files\\IGN\\Download Manager\\DLM.exe /windowsstart /startifwork"
8. "EA Core"="\"C:\\Program Files\\Electronic Arts\\EA Link\\Core.exe\" -silent"

Here is some more specific info on each.

1. p0630pin.dll is a Installation Plug-In from Creative Technology Ltd. Probably something for your Creative Photo Manager or Creative WebCam .
2. IPHSend.exe is related to your AOL Software.
3. dlbtbmgr.exe is for your Dell Printer, Is addss an icon to the system tray for a Dell printer solution center.
4. Clistart.exe is related your ATI Technologies graphics card
5. ctfmon.exe is part of Microsoft Office. See: http://support.microsoft.com/kb/282599
6. MMonitor.exe probably came with software for your digital camera. See: http://www.olympusamerica.com/cpg_section/oima_softwareMaster.asp
7. igndlm.exe is IGN Download Manager 2.2.2 that you installed.
8. core.exe is from your Electronic Arts games.

If you are not having any other malware problems, it is time to do our final steps:

1. If we used Pocket Killbox during your cleanup, do the below
   • Run Pocket Killbox and select File, Cleanup, Delete All Backups
2. If we used ComboFix you can delete the ComboFix.exe file and associated C:\combofix.txt log that was created.
3. If we user SDFix you can delete all the SDFix related files and folders from your Desktop or whereever you installed it.
4. If we used VundoFix, you can delete the VundoFix.exe file and the C:\VundoFix Backups folder and C:\vundofix.txt log that was created.
5. If we had your run FixWareOut, you can delete the Fixwareout.exe file and the C:\fixwareout folder.
6. If we had you run Avenger, you can delete all files related to Avenger now.
7. If we had you download any registry patches like fixme.reg or fixWLK.reg (or any others), you can delete these files now.
8. You can delete the ShowNew.Zip and GetRunkey.Zip files and the files that you extracted from the ZIP files. You can also delete the C:\newfiles.txt and C:\runkeys.txt logs that were created
9. If you are running Windows XP or Windows ME, do the below:
   • go back to step 8 of the READ & RUN ME to Disable System Restore which will flush your Restore Points.
   • Then reboot and Enable System Restore to create a new clean Restore Point.
10. After doing the above, you should work thru the below link:
    • How to Protect yourself from malware!

 

You're welcome. Surf safely!

 

This is not a topic for the malware forum. Click the link they gave you and follow directions. If that does not help, make sure your antivirus or firewall are not blocking something you need!