Help with Panda Activescan log & bitdefender log

Please complete step 7 of the READ ME and attach your HijackThis log.

Also tell me what malware problems you are experiencing on your PC.

 

Download AproposFix by Swandog46

Save it to your desktop or to another folder of its own, but do NOT run it yet!

Now reboot your computer in Safe Mode! (You must be in safe mode or this fix will not work.)

Once in Safe Mode, double-click aproposfix.exe which will give you a chice of where to unzip/install the program to). This is called the Destination folder in the window that popsup. So either install it to the Desktop or the folder where you downloaded the aproposfix.exe file to. It will create a new folder named aproposfix. Open the aproposfix folder and double click on RunThis.bat to run the fix. Follow the prompts.

When the tool is finished, reboot back into normal mode and attach the log.txt file that has been created in the aproposfix folder.


Download HOSTER and then follow the below steps.

• Unzip Hoster to a convenient folder such as C:\Hoster
• Run Hoster.exe, click Restore Original Hosts and then click OK.
• Click the X to exit the program

Now please download DelDomains and unzip it to your desktop. Find the files from deldomains.zip on your Desktop and RightClick on the deldomains.inf file and select Install. This is going to remove all those items that you have in your Trusted Zone. They should not be necessary and it is a very bad idea to start putting things in the TZ. Especially this many. It become to easy for malware sites to hide in a long list.


(Please note you will need to "Immunize" with Spybot again because deldomains will remove all of the sites Spybot adders.)


Click on Start, then Run ... type services.msc into the box that opens up, and press 'OK'. On the page that opens, scroll down to .NET Framework Service... then right click the entry, select 'Properties' and press 'Stop Service'. When it shows that it is stopped, next please set the 'Start-up Type' to 'Disabled'. Press 'OK' until you get back to Windows.

Next, run HJT, but instead of scanning, click on the "None of the above, just start the program" button at the bottom of the choices. At the lower right, click on the 'Config" button, and then the Misc tools' button ... select 'Delete an NT Service" ... copy/paste the following into the box that opens, and press "OK":

.NET Connection Service

Now exit HJT but do not reboot when it tells you it needs to. We will do that further down after running HJT again to fix some other items.


Run HijackThis and select the following lines but DO NOT CLICK FIX until you exit all browser sessions including the one you are reading in right now:
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://hsremove.com/done.htm
O1 - Hosts: comments (such as these) may be inserted on individual
O9 - Extra button: Juegos On Line - {AF0828BC-CB46-4C8D-95B6-8A7C4988F9FF} - c:\eurogamelandia\entrar.html (file missing)


After clicking Fix, exit HJT.
Boot into safe mode and use Windows Explorer to delete:
C:\WINDOWS\SYSTEM32\MSrdk.xml
C:\WINDOWS\INF\biini.inf
C:\SaveInstCm.exe
C:\WINDOWS\adrsb.exe
C:\Documents and Settings\Rhodesian\Favorites\health
C:\Documents and Settings\Rhodesian\Application Data\Lycos

If you get an error when deleting a file. Right click on the file and check to see if the read only attribute is checked. If it is, uncheck it and try again. Other wise open Task Manager and kill the process if running then delete the file.

Now if running Win XP goto c:\windows\Prefetch and delete all files in this folder.
Now run Ccleaner (installed while running the READ ME FIRST).

Now reboot in normal mode and post a new HJT log.

Make sure you tell me how things are working now. You may have other non-malware issues that are causing you problems.

 

Well you logs are clean now!

Are you still having any problems? If you are still having problems with applications opening, your problems may not be malware related and it may be better to check for help in the Sotware Forum.

 

You're welcome. If you are not having any other malware problems, you should work thru the below link:

How to Protect yourself from malware!