Having serious problems.

You must complete ALL steps in the READ & RUN ME. Do not skip any and you must follow the directions EXACTLY as they are written. You did not post a useful BitDefender log. All you posted was a summary. You must follow the steps they way they are given or you will not get the correct log. Please attach the correct log.

You also must attach the Panda log from step 6 and then you must follow step 7 to properly install and run HijackThis. Then attach a HijackThis log too.

 

Please follow directions!

I need a properly obtained and created Bitdefender log and also a PandaActive scan log. This is all discussed in step 6.

And you have not installed HijackThis as required in step 7. You installed it exactly where we request that it not be installed.

One of your problems is a LOP infection that you got when you installed Messenger Plus. Bad idea. Look for any version of Messenger Plus in Add/Remove programs and uninstall it.

 

Which means HijackThis should have been the last thing to attach!

 

Good! We need a few more scans now due to the nature of your problems. They often have multiple other hidden files making cleanup more difficult. We need to locate these other files before we can fix he problems.

Let's get an installed programs list from HijackThis!

• Run HijackThis, click Open the Misc Tools section
• Click Open Uninstall Manager
• Click Save List (generates uninstall_list.txt)
• Click Save, to save it to a file where you can find it.
• Attach the uninstall_list.txt file to your next message.

Now run the steps in this link and attach the three requested logs: Qoologic/Winsync/Kavsvc

 

Use this one instead.

FindQool by LonnyRJones

• Extract the files and place the FindQool folder into root folder of your hard disk. This is usually C:\
• Open the folder and run Qlocate.bat
• Post the contents of the txt.log which will open when the scan is finished.

 

Also goto Add/Remove programs and uninstall the below (which were mentioned in step 0 of the READ & RUN ME):
Messenger Plus! 3
Viewpoint Media Player

I would also suggest uninstalling Blackjack Ballroom Casino but this one is optional. However I do not trust any of these online poker and casino games.

Note, LimeWire 4.9.37 is old and many versions of Limewire contain malware. Supposedly the newer ones do not.

The below two versions of Sun Java are out of date. You need to install the latest version and then uninstall these two:
Java 2 Runtime Environment, SE v1.4.2_03
Java 2 Runtime Environment, SE v1.4.2_04

 

Please complete the instructions in messages # 13 and # 14 before continuing with this message.

Download Pocket KillBox

And extract it to its own folder (somewhere that you will be able to locate it later.) Do not run Killbox.exe yet.

You should print or save this info in a local text file so you can refer to it while offline and while NO BROWSERS are running. You will need to do this because at a point in the steps I will be telling you to disconnect from the internet and to close all browsers. Leave then closed and stay disconnected (by unplugging your cable) until told otherwise.

Before continuing, shut down MS Windows Defender or it may block some of our fixes.

Copy the bold text below to notepad. Save it as fixme.reg to your desktop. Be sure the "Save as" type is set to "all files" Once you have saved it double click it and allow it to merge with the registry.

OK! Exit all browsers now and disconnect (unplug cable) now!!!

Make sure viewing of hidden files is enabled (per the tutorial).

Please run HijackThis and click on the Open the Misc Tools Section button on the open page. Then select Open process manager on the left-hand side. Look for the following process (or processes) and one at a time kill them by selecting it and then click Kill process. Then click yes.
C:\PROGRA~1\COMMON~1\mffq\mffqm.exe

After killing all the above processes, click Back.
Then please click Scan and select the following lines but DO NOT CLICK FIX until you exit all browser sessions including the one you are reading in right now:

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://www.zpmkyyufjchtsyndk.com/Wp79GWahSfVMijAYfcXudDqsi6H/nV0AF3btsWpClG0I_oFm1SZofEoizsmQWZA2.htm
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://search.ieplugin.com/search.htm
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://search.ieplugin.com/search.htm
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://search.ieplugin.com/search.htm
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = about:blank
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch = about:blank
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = about:blank
R3 - URLSearchHook: (no name) - _{9368D063-44BE-49B9-BD14-BB9663FD38FC} - (no file)
R3 - URLSearchHook: (no name) - _{965A592F-8EFA-4250-8630-7960230792F1} - (no file)
O2 - BHO: (no name) - {7AA2B4AB-7CBB-7E16-EA84-5F67DCD9DFB2} - C:\DOCUME~1\Faviola\APPLIC~1\AXISBO~1\Idol Atom.exe
O4 - HKLM\..\Run: [Bags Byte Cash Save] C:\Documents and Settings\All Users\Application Data\Soft Dale Bags Byte\BallTool.exe
O4 - HKLM\..\Run: [winsync] C:\WINDOWS\system32\wqoirr.exe reg_run
O4 - HKCU\..\Run: [mffq] C:\PROGRA~1\COMMON~1\mffq\mffqm.exe
O4 - HKCU\..\Run: [memo live] C:\DOCUME~1\Faviola\APPLIC~1\BENDNO~1\more eq data.exe
O20 - AppInit_DLLs: MsgPlusLoader.dll

After clicking Fix, exit HJT.

Now run Pocket Killbox:
Choose Tools > Delete Temp Files and click OK.

Run Killbox.exe. Paste the below filenames into KILL BOX one at a time. Check mark the box that says "Delete on Reboot" and checkmark the box "Unregister DLL" (If available) Click the RED X and it will ask you to confirm the file for deletion…say YES and when the next box opens prompting you to reboot now...click NO...and proceed with the next file. Once you get to the last one click YES and it will reboot. Note some of the files listed below may not exist but we need to check for them anyway.
C:\WINDOWS\Tasks\AE5AD7A091A54C80.job
C:\WINDOWS\system32\MsgPlusLoader.dll
C:\WINDOWS\system32\fqker.dll
C:\WINDOWS\System32\l48o19rl.exe
C:\WINDOWS\system32\wqoirr.exe
C:\WINDOWS\SYSTEM32\FVBSDDD.EXE
C:\WINDOWS\SYSTEM32\ESUOPPN.DLL
C:\WINDOWS\SYSTEM32\FQKER.DLL
C:\WINDOWS\SYSTEM32\PGYAB.DAT
C:\Documents and Settings\All Users\Start Menu\Programs\Startup\xwqh.exe

If Killbox does not reboot or you get a Pending Operations type error message just reboot your PC yourself. But either way when you do reboot, boot into Safe Mode.

After booting in Safe Mode don't run anything but what I give you below.

Locate the below with Windows Explorer and delete them (some of them should already be gone but we need to double check anyway)
C:\Program Files\Internet Optimizer <--- the whole folder
C:\Program Files\ISTsvc <--- the whole folder
C:\Program Files\Unizpu <--- the whole folder
C:\Program Files\SurfAccuracy <--- the whole folder
c:\program files\180searchassistant <--- the whole folder
C:\Program Files\MessengerPlus! 3 <--- the whole folder
C:\Program Files\Common Files\mffq <--- the whole folder
C:\Documents and Settings\Faviola\Application Data\BENDNO~1\more eq data.exe <--- locate the BENDNO~1 folder and delete it
C:\Documents and Settings\Faviola\Application Data\AXISBO~1\Idol Atom.exe <--- locate the AXISBO~1 folder and delete it
C:\Documents and Settings\All Users\Application Data\Soft Dale Bags Byte <--- the whole folder
C:\Documents and Settings\All Users\Start Menu\Programs\Startup\xwqh.exe
C:\WINDOWS\Tasks\AE5AD7A091A54C80.job
C:\WINDOWS\system32\MsgPlusLoader.dll
C:\WINDOWS\system32\fqker.dll
C:\WINDOWS\System32\l48o19rl.exe
C:\WINDOWS\system32\wqoirr.exe
C:\WINDOWS\SYSTEM32\FVBSDDD.EXE
C:\WINDOWS\SYSTEM32\ESUOPPN.DLL
C:\WINDOWS\SYSTEM32\FQKER.DLL
C:\WINDOWS\SYSTEM32\PGYAB.DAT

Now if running Win XP goto c:\windows\Prefetch and delete all files in this folder.
Now run Ccleaner (installed while running the READ ME FIRST).

Now we need to Reset Web Settings:

1. If you have an Internet Explorer icon on your Desktop, goto step 2. If not, skip to step 3.
2. Now right click on your desktop Internet Explorer icon and select Properties. Then click the Programs tab and then click "Reset Web Settings". Now go back to the General tab and set your home page address to something useful like www.majorgeeks.com. Click Apply. Click Delete Cookies, Click Delete Files and select Delete all Offline content too, Click OK. When it finishes Click OK. Then skip step 3.
3. If you do not have an Internet Explorer icon on your Desktop, click Start, Control Panel (for some systems it may be Start, Settings, Control Panel), Internet Options, Programs tab and then click "Reset Web Settings". Now go back to the General tab and set your home page address to something useful like www.majorgeeks.com. Click Apply. Click Delete Cookies, Click Delete Files and select Delete all Offline content too, Click OK. When it finishes Click OK.

Now reboot in normal mode and post a new HJT log.

Make sure you tell me how things are working now.

Reminder Note: Once we have determined you are malware free you will need to disable System Restore, reboot, and re-enable system restore per step 1 of the READ & RUN ME. This only applies to if using WinXP or WinMe.

 

Just ignore it and complete the rest of the instructions! Malware can rename itself on the fly and change symptoms at each reboot. It is important that you finish all the remaining steps, they should have been completed before going back on line and opening browsers. Stopping in the middle may have negated any fixes that were being performed. Start over again and work all the way thru this time. If something seems to be missing, note it, and continue.

BUT NOTE: In you last HJT log just posted you had a new bad process to kill and a new O4 line to fix. They could rename at your next reboot so if you have shutdown or rebooted since last posting, you may not see these either. Add these to the previous instructions.

Process to kill
C:\PROGRA~1\WALGRE~1\WALGRE~1\data\Xtras\mssysmgr.exe

O4 line to fix
O4 - HKCU\..\Run: [PhotoShow Deluxe Media Manager] C:\PROGRA~1\WALGRE~1\WALGRE~1\data\Xtras\mssysmgr.exe

Also note that I added some items to the procedure based on your FindQool Log. So make sure you use the NEW edited procedure.

 

Looks clean! How are things working now?

 

Still clean. Your log is clean. If you are not having any other malware problems, it is time to go back to step 1 of the READ & RUN ME to Disable System Restore which will flush your Restore Points. Then reboot and enable System Restore to create a new clean Restore Point.

After that, you should work thru the below link:

How to Protect yourself from malware!

You really need to do this quickly since you have no antivirus or firewall applications installed. You must get them install ASAP!

 

You're welcome but did you install the antivirus and firewall yet. If you do not do this immediately your odds are in the vicinity of a 95% chance that you will soon be reinfected.

 

All of those question are answered in the below link I will attach. SpywareGuard is just a antispyware application. It is not an antivirus and it is not a firewall. In today's world you need more than it and you need layered protection.

If you are not having any other malware problems, it is time to go back to step 1 of the READ & RUN ME to Disable System Restore which will flush your Restore Points. Then reboot and enable System Restore to create a new clean Restore Point.

After that, you should work thru the below link:

How to Protect yourself from malware!