Could I get some help please?

Did you run Ccleaner and let it clean temp files and also the TIF (Temporary Internet Folder)? If so, I don't understand why Panda and BitDefender show all the items in the temp folders. Did you run things in the order given?

 

Is your HJT log from normal boot mode or safe mode? Looks like safe mode and we need logs from normal boot mode.

 

First just do three steps:
1) Log in as mark and run Ccleaner. Make sure that under Internet Explore, Temporary Internet Files and also under System that Temporary Files are both selected.
2) Repeat for Victoria
3) Empty the quarantine folders for Pest Partrol and .housecall

Then run a new Panda Scan.

You did not attach the new HJT log yet.

 

After doing those cleaning steps and posting a new PandaScan log, complete the below steps.

If you are using WinXP or WinMe, make sure you have system restore disabled (per the tutorial).
For all OS types, make sure viewing of hidden files is enabled (per the tutorial).

Run HijackThis and select the following lines but DO NOT CLICK FIX until you exit all browser sessions including the one you are reading in right now:
F2 - REG:system.ini: UserInit=C:\WINDOWS\SYSTEM32\Userinit.exe,C:\WINDOWS\system32\halebvw.exe,C:\Documents and Settings\mark\Application Data\Explorer\halebvw.exe
O4 - HKCU\..\Run: [Media Protocol] C:\WINDOWS\system32\halebvw.exe
O9 - Extra button: (no name) - {85d1f590-48f4-11d9-9669-0800200c9a66} - %windir%\bdoscandel.exe (file missing)
O9 - Extra 'Tools' menuitem: Uninstall BitDefender Online Scanner v8 - {85d1f590-48f4-11d9-9669-0800200c9a66} - %windir%\bdoscandel.exe (file missing)
O21 - SSODL: Media Protocol - {9D5F097C-DAD9-4638-99D8-47D21B44E0CD} - C:\WINDOWS\system32\kbdisapi.dll (file missing)

After clicking Fix, exit HJT.
Boot into safe mode and use Windows Explorer to delete:
C:\WINDOWS\system32\halebvw.exe
C:\WINDOWS\system32\kbdisapi.dll
C:\Documents and Settings\mark\Application Data\Explorer <--- delete the whole Explorer folder

If you get an error when deleting a file. Right click on the file and check to see if the read only attribute is checked. If it is, uncheck it and try again. Other wise open Task Manager and kill the process if running then delete the file.

Now run Ccleaner (installed while running the READ ME FIRST). Now if running Win XP goto c:\windows\Prefetch and delete all files in this folder.

Now reboot in normal mode and post a new HJT log. And tell us how things are working.

 

Alright! This log is clean! You should already notice an improvement on your PC. After completing the PandaScan just post the new log so we can finish fixing any other hidden problems it may find.

When we get you all cleaned up there are some things you need to do. We will dicuss these later but it is all covered in: How to Protect yourself from malware!

 

Yes delete the above file and also delete the below:
C:\WINDOWS\satmat.ini

After that you need to start working on the How to protect link and get yourself an antivirus and firewall installed.

 

You're welcome. Enjoy the holidays malware free!