HELP with Next step (READ ME - RUN ME)

Welcome to MGs Joey!

No step 6 indicates that it is run in safe mode too if you PC allows you to connect to the net in safe mode. Otherwise run them in normal boot mode. You must save this logs as indicated too and then attach them to your next message. Also follow step 7 exactly (in normal boot mode) to attach a HijackThis log.

System Restore should not be touched until we verify that you are clean.

 

No need to apologize! Just take your time and follow the steps as best as you can. Don't be afraid to ask questions on something you don't understand or if something is not working right for you.

 

Did your Bitdefender scan complete and did you save the log? If yes, just skip Panda for now and attach the Bitdefender log followed by the HijackThis log per step 7.

 

You can try closing that other "Choose Profile" window and saving a log from Panda or you could just choose the MS Echange one and let it continue then save a log.

 

Yes that is where you must select Normal Startup. It may be in selective startup right now because you have booted in safe mode. Check again when you are in Normal boot mode (just before getting your HJT log) to make sure you are in Normalt Startup mode.

 

Hmmm! Did you forget to run CCleaner on the joey angeli account! I wonder why so many cookies still show in your Activescan log.

 

You did not save the Bitdefender log per the instructions in the READ ME. What you posted is just a summary log that does not help us at all since it only states some virus names but does not say where they were found or if they were cleaned.

 

Goto Add/Remove programs and uninstall BearShare
Did you install Hidownload? See: http://www.hidownload.com/
This next BHO line is from them:
O2 - BHO: (no name) - {02DCA195-602B-4B1F-83FF-381B7E804BDB} - C:\WINDOWS\system32\HDBHO.dll

Make sure viewing of hidden files is enabled (per the tutorial).

Run HijackThis and select the following lines but DO NOT CLICK FIX until you exit all browser sessions including the one you are reading in right now:
O2 - BHO: (no name) - {5C8B2A36-3DB1-42A4-A3CB-D426709BBFEB} - (no file)
O3 - Toolbar: (no name) - {BA52B914-B692-46c4-B683-905236F6F655} - (no file)
O4 - HKLM\..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k
O4 - HKLM\..\Run: [JadieVirus] C:\WINDOWS\winview.exe
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O16 - DPF: {34805D32-AD89-469E-8503-A5666AEE4333} - http://207.188.7.150/235b23ab8d4e6df61e21/netzip/RdxIE.cab
O16 - DPF: {56336BCB-3D8A-11D6-A00B-0050DA18DE71} - http://software-dl.real.com/09e9ed48227c6c1b7301/netzip/RdxIE601.cab

After clicking Fix, exit HJT.
Boot into safe mode and use Windows Explorer to delete:
C:\WINDOWS\winview.exe
If you get an error when deleting a file. Right click on the file and check to see if the read only attribute is checked. If it is, uncheck it and try again. Other wise open Task Manager and kill the process if running then delete the file.

Now if running Win XP goto c:\windows\Prefetch and delete all files in this folder.
Now run Ccleaner (installed while running the READ ME FIRST).

Make sure you tell me how things are working now.

Reminder Note: Once we have determined you are malware free you will need to disable System Restore, reboot, and re-enable system restore per step 1 of the READ & RUN ME. This only applies to if using WinXP or WinMe.

 

Yes! That is the correct way to save the log. Looks look Bitdefender fixed what it found.

Did you complete my previous steps? Attach the followup HJT log.

Are you having anymore malware problems?

 

But was Ccleaner run while logged into the joey angeli user accont login? Don't worry about it doing it again. I was just curious why so many cookies remained on that account. Cookies are nothing to be that concerned with even though every spyware scanner points them out. Just post the follow up log when you finish and let me know how things are working.

 

Okay add the below to the list of things to fix with HJT:

O2 - BHO: (no name) - {02DCA195-602B-4B1F-83FF-381B7E804BDB} - C:\WINDOWS\system32\HDBHO.dll
O4 - HKLM\..\Run: [BearShare] "C:\Program Files\BearShare\BearShare.exe" /pause

Then in safe mode, also delete:
C:\WINDOWS\system32\HDBHO.dll
C:\Program Files\BearShare <--- the whole folder if found

 

Your log is clean! You speed problems may just be due to all the junk you are loading and running all the time especially all the AOL stuff. You should remove all stuff you don't need to use. This however is not a malware topic. I'll give you a few tips though:

You have McAfee Antivirus but you also have AOL stuff running

If you are going to keep all the AOL junk running, you probably should uninstall Windows Defender.

You don't need any of the below to load at startup:
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [RealTray] C:\Program Files\Real\RealPlayer\RealPlay.exe SYSTEMBOOTHIDEPLAYER
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - Global Startup: Corel MEDIA FOLDERS INDEXER 8.LNK = C:\Program Files\Programs\MFIndexer.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office\OSA9.EXE

Why do you need the below to always run? Can't you just run them when needed:
O4 - HKCU\..\Run: [Eyeball Chat] "C:\PROGRA~1\Eyeball\EYEBAL~1\EyeballChat.exe" -min
O4 - HKCU\..\Run: [Yahoo! Pager] C:\Program Files\Yahoo!\Messenger\ypager.exe -quiet

 

Shutting off an AV is not the same as uninstalling. You must only use one antivirus application and UNINSTALL all others. AOL may have an option to uninstall there protection/security system. I don't know since I do not and would not use it.

The below program is useful for control startups.
Startup CPL

If you are not having any other malware problems, it is time to go back to step 1 of the READ & RUN ME to Disable System Restore which will flush your Restore Points. Then reboot and enable System Restore to create a new clean Restore Point.

After that, you should work thru the below link:

How to Protect yourself from malware!