HJT log

i downloaded all the programs you suggested & they ran smoothly. i got a little confused on HJT so i'm not sure i did it correctly...but here's the log anyways

 

Download FixWareout by Lonny and save it to your Desktop.

• Please locate your download of FixWareout and INSTALL it.
• Be sure that Run fixit is checked.
• Click Finish to begin the fix.
• Follow the prompts and Reboot when asked to do so.
• Upon Reboot, follow the prompts and HijackThis should open.

 

here's the fixware report

 

Please see the below thread on how to install and run Ewido Security Suite.

Running Ewido Security Suite ...

 

here's the ewindo report & a new hjt report...i dunno if this will help but i have command antivirus software & it keeps listing the file st3.dll & the infection W32/Trojan.ARP (i've downloaded & run the programs listed under fixing virtumonde)

 

Please look in Add or Remove Programs for the following and Uninstall them if found:

Ewido

Now scan with HijackThis and Check the Boxes for the following:

O4 - HKLM\..\Run: [links] links.exe

O9 - Extra button: (no name) - {85d1f590-48f4-11d9-9669-0800200c9a66} - %windir%\bdoscandel.exe (file missing)
O9 - Extra 'Tools' menuitem: Uninstall BitDefender Online Scanner v8 - {85d1f590-48f4-11d9-9669-0800200c9a66} - %windir%\bdoscandel.exe (file missing)

Make sure All Browser Windows are Closed when you Click FIX.

NOW:
Please boot into Safe Mode with the Viewing of Hidden Files & Folders Enabled and navigate to and DELETE the following if they should remain:

links.exe ←–– Do a search for this file and delete when found!

NEXT:
Run CCleaner to clean up cookies and temp files.

Run full scans with Ad-Aware SE & Spybot S&D and have both programs fix what they find.
Note: Remember to get all updates before doing the scans.

Then, as an added precaution, Go to Start > Run and type: cleanmgr and then click OK. Make sure the boxes for these are checked:
Temporary Files
Temporary Internet Files
Recycle Bin

And Click OK.


Reboot to Normal Windows , Scan with HijackThis and attach the new log.
Let me know of any problems you may have encountered with the above instructions and also let me know how things are running now.

 

here's my new HJT log
i didn't have any problems with the scans...Ad-Ware picked up 3 W32/Trojan files but i deleted those and Spybot didn't find anything

 

Have HJT fix the below entry...

O4 - HKLM\..\Run: [MSConfig] C:\WINDOWS\PCHealth\HelpCtr\Binaries\MSConfig.exe /auto

After you complete the above, your log will be clean. To be sure your completely clean please follow the below...

First, I would like a log from the Panda Online Scan from the READ ME,

Download WinPFind

Extract it to the root folder of drive C ( C:\ ). This will create a folder called WinPFind in the C:\ folder. Inside C:\WinPFind is a file called WinPFind.exe. Double-click on this file to launch the program. Once it is launched, click on the Start Scan button and wait for it to finish. This program will scan large amounts of files on your computer for known patterns so please be patient while it works as it can take a while, upwards to 30 minutes or more.

When it is done, it will show the results of the scan. Click on the Copy to Clipboard button and then paste the contents of the log in your clipboard. Then save it to a file using notepad and upload the text file here as an attachment.

 

okay here's the panda scan & winpfind report

 

Please download HOSTER and then follow the below steps.

• Unzip HOSTER to a convenient folder such as C:\Hoster

• Run Hoster.exe, click Restore Original Hosts and then click OK.

• Click the X to exit the program.

Now, please navigate to and delete the following folder:

C:\oldHD\Program Files\Common Files\SearchUpgrader


Now please download Pocket KillBox

Locate PocketKillbox
(Procede with this step even if they do not show in blue)

Now, Copy and Paste C:\q.exe into the box – If it exists, it will show up in Blue. Check the option to Delete on Reboot and Click the Red X and Yes to the confirmation message. A message will ask if you want to reboot now – Click NO.

Now, Copy and Paste C:\WINDOWS\SYSTEM32\wbdbase.deu into the box – If it exists, it will show up in Blue. Check the option to Delete on Reboot and Click the Red X and Yes to the confirmation message. A message will ask if you want to reboot now – Click YES and allow your PC to reboot.

• If you get an error message about Pending Operations, just reboot your computer manually.

After you complete the above, reboot and let me know how things are running.

 

everything's running fine...thank you so much for your help! happy holidays!

 

Your Welcome!

You should see this article on How to Protect yourself from malware!

Surf Safely!