some function are disable, please help

Welcome to Major Geeks!

You forgot to uninstall Viewpoint Media Player as requested in step 0 of the READ ME. Uninstall it now.

You also ignored step 0 of the READ ME where we specified not to use MSconfig. You need to go back and follow those instructions and then attach new logs from GetRunKey and HijackThis however run the below registry patch first:

Now Copy the bold text below to notepad. Save it as fixME.reg to your desktop. Be sure the "Save as" type is set to "all files" Once you have saved it double click it and allow it to merge with the registry.

Also you forgot to attach the log from AVG Antispyware.

Uninstall the below old versions of software:
J2SE Runtime Environment 5.0 Update 11
J2SE Runtime Environment 5.0 Update 6
J2SE Runtime Environment 5.0
Mozilla Firefox (1.5.0.4)

Then install the current version of FireFox from: Mozilla Firefox


What did Spyware Doctor fix?

You don't really show any malware in your logs that would be causing any problems. Perhaps you did something while playing around with the registry tools I see you installed. And also the kegens/cracks.

 

Run HijackThis (select Do a system scan only) and select the following lines but DO NOT CLICK FIX until you exit all browser sessions including the one you are reading in right now:

R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - (no file)
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre1.6.0_02\bin\jusched.exe
O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present

After clicking Fix, exit HJT.


Looks like you did not apply the fixME.reg patch. Either that or something like Spyware Doctor or similar is blocking it. Try again. Also tell me if you receive a success message or get an error message. If you get a success message, attach a new log from GetRunKey and HijackThis.

Also you did not answer my question about Spyware Doctor.

 

What do you mean it just opens? What opens? Do you mean the fixME.reg file just opens in notepad or Wordpad? Or do you mean the Registry Editor opens?

You need to attach your Spyware Doctor report by changing the file name to sd.txt and then uploading it. I don't have access to your PC so telling me where it is on your PC does not help.

 

Okay this sounds like you have lost your registry file associations. We will fix that down below.

No I did not say to resave it. I said to rename it. Just goto the current file and rename it from sd.htm (or whatever you called it) and right click on it and select rename. Change it to sd.txt

Then attach the sd.txt file here.


Now Copy the bold text below to notepad. Save it as RegFix.reg to your desktop. Be sure the "Save as" type is set to "all files". Then Click Start, Run, and enter regedit and click OK. This will open the Registry Editor.

In the Registry Editor click File and Import. Navigate to the RegFix.reg patch you saved on your Desktop and double click on it. Click OK at the prompt to add to the registry. Do you get a success message for this? If yes, then now try double clicking on the fixMe.reg patch and tell me what happens.

 

If you were able to successfully add fixME.reg to the registry, attach new logs from GetRunKey and HJT.

Just put the whole file into a ZIP file and attach it.

Is your copy of Spyware Doctor a paid version or trial/free version?

 

You're welcome.


Now Copy the bold text below to notepad. Save it as fixME.reg to your desktop. Be sure the "Save as" type is set to "all files" Once you have saved it double click it and allow it to merge with the registry.

Now attach a new log from GetRunKey.

Make sure you tell me how things are working now!

 

That is more than likely a hardware/driver issue which you can discuss in the Hardware Forum if necessary.

If you are not having any other malware problems, it is time to do our final steps:

1. If we used Pocket Killbox during your cleanup, do the below
   • Run Pocket Killbox and select File, Cleanup, Delete All Backups
2. If we used ComboFix, you can delete the ComboFix.exe file, C:\ComboFix folder, C:\QooBox folder, C:\WINDOWS\nircmd.exe, and the C:\combofix.txt log that was created.
3. If we user SDFix you can delete all the SDFix related files and folders from your Desktop or whereever you installed it.
4. If we used SmitFraudFix, you can delete all files and folders related to it now including the c:\rapport.txt log.
5. If we used VundoFix, you can delete the VundoFix.exe file and the C:\VundoFix Backups folder and C:\vundofix.txt log that was created.
6. If we had your run FixWareOut, you can delete the Fixwareout.exe file and the C:\fixwareout folder.
7. If we had you run Avenger, you can delete all files related to Avenger now.
8. If we had you download any registry patches like fixme.reg or fixWLK.reg (or any others), you can delete these files now.
9. You can delete the ShowNew.Zip and GetRunkey.Zip files and the files that you extracted from the ZIP files. You can also delete the C:\newfiles.txt and C:\runkeys.txt logs that were created
10. If you are running Windows XP or Windows ME, do the below:
    • go back to step 8 of the READ & RUN ME to Disable System Restore which will flush your Restore Points.
    • Then reboot and Enable System Restore to create a new clean Restore Point.
11. After doing the above, you should work thru the below link:
    • How to Protect yourself from malware!

 

BJ will continue helping when he has time. But I noticed that you did not properly follow his instructions and that is the reason for your reinfection. You did not create the file for Avenger properly based on your log. I would bet you left out the top line saying Files to delete:

Performing incomplete or wrong steps with Vundo infections will result in total and possibly a worse case of infection.