Spybot can't remove PSGuard Malware (incl. HJT log) - need help in removing

[Shaba]

"Do we need to remove the programs downloaded throughout this process--RSIT, SmitfraudFix, Kaspersky, Hijack This?"

Yes they will get removed during final instructions.

"And wondering if you might be able to tell by any of my previously posted logs why my computer doesn't go into Sleep mode automatically (even though I have it set to do so). I can put it in Sleep mode manually, though."

I can re-direct you to some windows forum for that if you like to?

"And, finally wondering what your feeling is re: using Windows Firewall or a third party firewall? I've read the Windows Firewall is more vulnerable. I currently only use the built-in Windows firewall."

I recommend using a third party firewall, will suggest some in my final instructions.

[buyerpro]

OK, Shaba, will await your final instructions as stated in your previous response. (I should note I did an Ad-Aware scan earlier today and it found Win32.backdoor.agent as a virus, which my Spybot scan did not find.) Is there something we need to do here? (I quarantined the virus in the Ad-Aware scan.) Thanks, Shaba; Here's a new HJT log, just in case you'd like to see it:

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 4:57:28 PM, on 11/22/2008
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16735)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\agrsmsvc.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\Program Files\Common Files\Microsoft Shared\VS7Debug\mdm.exe
C:\WINDOWS\system32\pctspk.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\System32\spool\drivers\w32x86\3\hpztsb05.exe
C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
C:\WINDOWS\AGRSMMSG.exe
C:\Program Files\D-Link\Wireless G WDA-1320\AirGCFG.exe
C:\Program Files\ANI\ANIWZCS2 Service\WZCSLDR2.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\RFA\rfagent.exe
C:\Program Files\Java\jre6\bin\jusched.exe
C:\Program Files\Messenger\msmsgs.exe
C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
C:\Program Files\Picasa2\PicasaMediaDetector.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Sony\VAIO Action Setup\VAServ.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\Microsoft Office\Office10\WINWORD.EXE
C:\WINDOWS\msagent\AgentSvr.exe
C:\Program Files\Common Files\Microsoft Shared\Speech\sapisvr.exe
C:\Program Files\Microsoft Office\Office10\EXCEL.EXE
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer,Search = http://103.nowfind.biz/pps.php
R1 - HKLM\Software\Microsoft\Internet Explorer,Search = http://103.nowfind.biz/pps.php
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre6\bin\ssv.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar3.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar3.dll
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE NvQTwk,NvCplDaemon initialize
O4 - HKLM\..\Run: [HPDJ Taskbar Utility] C:\WINDOWS\System32\spool\drivers\w32x86\3\hpztsb05.exe
O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKLM\..\Run: [AGRSMMSG] AGRSMMSG.exe
O4 - HKLM\..\Run: [hpinstantsupport] "C:\Program Files\Hewlett-Packard\hpis\bin\matcliwrapper.exe" "C:\Program Files\Hewlett-Packard\hpis\" -boot
O4 - HKLM\..\Run: [D-Link Wireless G WDA-1320] C:\Program Files\D-Link\Wireless G WDA-1320\AirGCFG.exe
O4 - HKLM\..\Run: [ANIWZCS2Service] C:\Program Files\ANI\ANIWZCS2 Service\WZCSLDR2.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [AppleSyncNotifier] C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleSyncNotifier.exe
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [rfagent] "C:\Program Files\RFA\rfagent.exe"
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe"
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
O4 - HKCU\..\Run: [Picasa Media Detector] C:\Program Files\Picasa2\PicasaMediaDetector.exe
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - Global Startup: Adobe Gamma Loader.exe.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
O4 - Global Startup: VAIO Action Setup (Server).lnk = ?
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre6\bin\jp2iexp.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre6\bin\jp2iexp.dll
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O10 - Unknown file in Winsock LSP: c:\windows\system32\nwprovau.dll
O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll
O14 - IERESET.INF: START_PAGE_URL=http://www.sony.com/vaiopeople
O15 - Trusted Zone: http://www.juno.com
O16 - DPF: {0742B9EF-8C83-41CA-BFBA-830A59E23533} (Microsoft Data Collection Control) - https://support.microsoft.com/OAS/ActiveX/MSDcode.cab
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (Installation Support) - C:\Program Files\Yahoo!\Common\Yinsthelper.dll
O16 - DPF: {406B5949-7190-4245-91A9-30A17DE16AD0} (Snapfish Activia) - http://www.costcophotocenter.com/CostcoActivia.cab
O16 - DPF: {474F00F5-3853-492C-AC3A-476512BBC336} (UploadListView Class) - http://picasaweb.google.com/s/v/27.38/uploader2.cab
O16 - DPF: {49232000-16E4-426C-A231-62846947304B} (SysData Class) - http://ipgweb.cce.hp.com/rdqna/downloads/sysinfo.cab
O16 - DPF: {5D637FAD-E202-48D1-8F18-5B9C459BD1E3} (Image Uploader Control) - http://www.myfamily.com/Controls/Upl...eUploader5.cab
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsof...?1162237349734
O16 - DPF: {6E5E167B-1566-4316-B27F-0DDAB3484CF7} (Image Uploader Control) - http://www.myfamily.com/Controls/Upl...eUploader4.cab
O16 - DPF: {CF40ACC5-E1BB-4AFF-AC72-04C2F616BCA7} -
O22 - SharedTaskScheduler: DDE Module - {DABB23E9-AC0D-3740-E3E5-4B37C80837E5} - (no file)
O23 - Service: Lavasoft Ad-Aware Service (aawservice) - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe
O23 - Service: Agere Modem Call Progress Audio (AgereModemAudio) - Agere Systems - C:\WINDOWS\system32\agrsmsvc.exe
O23 - Service: ANIWZCSd Service (ANIWZCSdService) - Wireless Service - C:\Program Files\ANI\ANIWZCS2 Service\ANIWZCSdS.exe
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe
O23 - Service: NVIDIA Driver Helper Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe
O23 - Service: PCTEL Speaker Phone (Pctspk) - PCtel, Inc. - C:\WINDOWS\system32\pctspk.exe
O23 - Service: Sony SPTI Service (SPTISRV) - Sony Corporation - C:\Program Files\Common Files\Sony Shared\AVLib\SPTISRV.exe

--
End of file - 9557 bytes

[Shaba]

You can post back ad-aware scan report if you like to

[buyerpro]

Hi, Shaba, I've copied the AdAware log here, though all it shows are the cookies that I deleted. It doesn't show the win32.backdoor.agent virus, though it shows that I moved it to the quarantine file (perhaps it is not showing in the log because I did not remove it, only quarantined it?)

Cleaned Infections
===========================
Browser: Internet Explorer Cookie: C:\Documents and Settings\Antonio\Cookies\index.dat msnportal.112.2o7.net s_vi /, Belonging to Tracking Cookie
Browser: Internet Explorer Cookie: C:\Documents and Settings\Antonio\Cookies\index.dat adserver.adtechus.com JEB2 /, Belonging to Tracking Cookie
Browser: Internet Explorer Cookie: C:\Documents and Settings\Antonio\Cookies\index.dat kontera.com cluid /, Belonging to Tracking Cookie
Browser: Internet Explorer Cookie: C:\Documents and Settings\Antonio\Cookies\index.dat kontera.com imprs /, Belonging to Tracking Cookie
Browser: Internet Explorer Cookie: C:\Documents and Settings\Antonio\Cookies\index.dat insightexpressai.com IXAIBanners1295 /, Belonging to Tracking Cookie
Browser: Internet Explorer Cookie: C:\Documents and Settings\Antonio\Cookies\index.dat insightexpressai.com IXAIBannerCounter38372 /, Belonging to Tracking Cookie
Browser: Internet Explorer Cookie: C:\Documents and Settings\Antonio\Cookies\index.dat insightexpressai.com IXAIFirstHit1295 /, Belonging to Tracking Cookie
Browser: Internet Explorer Cookie: C:\Documents and Settings\Antonio\Cookies\index.dat insightexpressai.com IXAILastHit1295 /, Belonging to Tracking Cookie
Browser: Internet Explorer Cookie: C:\Documents and Settings\Antonio\Cookies\index.dat insightexpressai.com IXAICampaignCounter1295 /, Belonging to Tracking Cookie
Browser: Internet Explorer Cookie: C:\Documents and Settings\Antonio\Cookies\index.dat insightexpressai.com IXAIBanners1250 /, Belonging to Tracking Cookie
Browser: Internet Explorer Cookie: C:\Documents and Settings\Antonio\Cookies\index.dat insightexpressai.com IXAIBannerCounter38175 /, Belonging to Tracking Cookie
Browser: Internet Explorer Cookie: C:\Documents and Settings\Antonio\Cookies\index.dat insightexpressai.com IXAIFirstHit1250 /, Belonging to Tracking Cookie
Browser: Internet Explorer Cookie: C:\Documents and Settings\Antonio\Cookies\index.dat insightexpressai.com IXAILastHit1250 /, Belonging to Tracking Cookie
Browser: Internet Explorer Cookie: C:\Documents and Settings\Antonio\Cookies\index.dat insightexpressai.com IXAICampaignCounter1250 /, Belonging to Tracking Cookie
Browser: Internet Explorer Cookie: C:\Documents and Settings\Antonio\Cookies\index.dat insightexpressai.com lastInviteTime /, Belonging to Tracking Cookie
Browser: Internet Explorer Cookie: C:\Documents and Settings\Antonio\Cookies\index.dat insightexpressai.com IXAIinvited1295 /, Belonging to Tracking Cookie
Browser: Internet Explorer Cookie: C:\Documents and Settings\Antonio\Cookies\index.dat insightexpressai.com IXAIBanners1140 /, Belonging to Tracking Cookie
Browser: Internet Explorer Cookie: C:\Documents and Settings\Antonio\Cookies\index.dat insightexpressai.com IXAIBannerCounter34769 /, Belonging to Tracking Cookie
Browser: Internet Explorer Cookie: C:\Documents and Settings\Antonio\Cookies\index.dat insightexpressai.com IXAIFirstHit1140 /, Belonging to Tracking Cookie
Browser: Internet Explorer Cookie: C:\Documents and Settings\Antonio\Cookies\index.dat insightexpressai.com IXAILastHit1140 /, Belonging to Tracking Cookie
Browser: Internet Explorer Cookie: C:\Documents and Settings\Antonio\Cookies\index.dat insightexpressai.com IXAICampaignCounter1140 /, Belonging to Tracking Cookie
Browser: Internet Explorer Cookie: C:\Documents and Settings\Antonio\Cookies\index.dat insightexpressai.com IXAIBanners1237 /, Belonging to Tracking Cookie
Browser: Internet Explorer Cookie: C:\Documents and Settings\Antonio\Cookies\index.dat insightexpressai.com IXAIBannerCounter36913 /, Belonging to Tracking Cookie
Browser: Internet Explorer Cookie: C:\Documents and Settings\Antonio\Cookies\index.dat insightexpressai.com IXAIFirstHit1237 /, Belonging to Tracking Cookie
Browser: Internet Explorer Cookie: C:\Documents and Settings\Antonio\Cookies\index.dat insightexpressai.com IXAILastHit1237 /, Belonging to Tracking Cookie
Browser: Internet Explorer Cookie: C:\Documents and Settings\Antonio\Cookies\index.dat insightexpressai.com IXAICampaignCounter1237 /, Belonging to Tracking Cookie
Browser: Internet Explorer Cookie: C:\Documents and Settings\Antonio\Cookies\index.dat insightexpressai.com IXAIBanners1328 /, Belonging to Tracking Cookie
Browser: Internet Explorer Cookie: C:\Documents and Settings\Antonio\Cookies\index.dat insightexpressai.com IXAIBannerCounter139283 /, Belonging to Tracking Cookie
Browser: Internet Explorer Cookie: C:\Documents and Settings\Antonio\Cookies\index.dat insightexpressai.com IXAIBannerCounter140092 /, Belonging to Tracking Cookie
Browser: Internet Explorer Cookie: C:\Documents and Settings\Antonio\Cookies\index.dat insightexpressai.com IXAIFirstHit1328 /, Belonging to Tracking Cookie
Browser: Internet Explorer Cookie: C:\Documents and Settings\Antonio\Cookies\index.dat insightexpressai.com IXAILastHit1328 /, Belonging to Tracking Cookie
Browser: Internet Explorer Cookie: C:\Documents and Settings\Antonio\Cookies\index.dat insightexpressai.com IXAICampaignCounter1328 /, Belonging to Tracking Cookie
Browser: Internet Explorer Cookie: C:\Documents and Settings\Antonio\Cookies\index.dat insightexpressai.com IXAIinvited1328 /, Belonging to Tracking Cookie
Browser: Internet Explorer Cookie: C:\Documents and Settings\Antonio\Cookies\index.dat insightexpressai.com IXAIBanners1282 /, Belonging to Tracking Cookie
Browser: Internet Explorer Cookie: C:\Documents and Settings\Antonio\Cookies\index.dat insightexpressai.com IXAIBannerCounter139319 /, Belonging to Tracking Cookie
Browser: Internet Explorer Cookie: C:\Documents and Settings\Antonio\Cookies\index.dat insightexpressai.com IXAIFirstHit1282 /, Belonging to Tracking Cookie
Browser: Internet Explorer Cookie: C:\Documents and Settings\Antonio\Cookies\index.dat insightexpressai.com IXAILastHit1282 /, Belonging to Tracking Cookie
Browser: Internet Explorer Cookie: C:\Documents and Settings\Antonio\Cookies\index.dat insightexpressai.com IXAICampaignCounter1282 /, Belonging to Tracking Cookie
Browser: Internet Explorer Cookie: C:\Documents and Settings\Antonio\Cookies\index.dat insightexpressai.com SiteExpiration43 /, Belonging to Tracking Cookie
Browser: Internet Explorer Cookie: C:\Documents and Settings\Antonio\Cookies\index.dat insightexpressai.com IXAIinvited1282 /, Belonging to Tracking Cookie
Browser: Internet Explorer Cookie: C:\Documents and Settings\Antonio\Cookies\index.dat insightexpressai.com IXAIBanners1339 /, Belonging to Tracking Cookie
Browser: Internet Explorer Cookie: C:\Documents and Settings\Antonio\Cookies\index.dat insightexpressai.com IXAIBannerCounter140026 /, Belonging to Tracking Cookie
Browser: Internet Explorer Cookie: C:\Documents and Settings\Antonio\Cookies\index.dat insightexpressai.com IXAIFirstHit1339 /, Belonging to Tracking Cookie
Browser: Internet Explorer Cookie: C:\Documents and Settings\Antonio\Cookies\index.dat insightexpressai.com IXAILastHit1339 /, Belonging to Tracking Cookie
Browser: Internet Explorer Cookie: C:\Documents and Settings\Antonio\Cookies\index.dat insightexpressai.com IXAICampaignCounter1339 /, Belonging to Tracking Cookie
Browser: Internet Explorer Cookie: C:\Documents and Settings\Antonio\Cookies\index.dat insightexpressai.com SiteExpiration213 /, Belonging to Tracking Cookie
Browser: Internet Explorer Cookie: C:\Documents and Settings\Antonio\Cookies\index.dat insightexpressai.com IXAIinvited1339 /, Belonging to Tracking Cookie
Browser: Internet Explorer Cookie: C:\Documents and Settings\Antonio\Cookies\index.dat ads.pointroll.com PRID /, Belonging to Tracking Cookie
Browser: Internet Explorer Cookie: C:\Documents and Settings\Antonio\Cookies\index.dat ads.pointroll.com PRimp /, Belonging to Tracking Cookie
Browser: Internet Explorer Cookie: C:\Documents and Settings\Antonio\Cookies\index.dat ads.pointroll.com PRca /, Belonging to Tracking Cookie
Browser: Internet Explorer Cookie: C:\Documents and Settings\Antonio\Cookies\index.dat ads.pointroll.com PRcp /, Belonging to Tracking Cookie
Browser: Internet Explorer Cookie: C:\Documents and Settings\Antonio\Cookies\index.dat ads.pointroll.com PRpl /, Belonging to Tracking Cookie
Browser: Internet Explorer Cookie: C:\Documents and Settings\Antonio\Cookies\index.dat ads.pointroll.com PRcr /, Belonging to Tracking Cookie
Browser: Internet Explorer Cookie: C:\Documents and Settings\Antonio\Cookies\index.dat ads.pointroll.com PRpc /, Belonging to Tracking Cookie
Browser: Internet Explorer Cookie: C:\Documents and Settings\Antonio\Cookies\index.dat ads.pointroll.com PRev76.24049 /, Belonging to Tracking Cookie
Browser: Internet Explorer Cookie: C:\Documents and Settings\Antonio\Cookies\index.dat ads.pointroll.com PRev667.25447 /, Belonging to Tracking Cookie
Browser: Internet Explorer Cookie: C:\Documents and Settings\Antonio\Cookies\index.dat ads.pointroll.com PRev444.23072 /, Belonging to Tracking Cookie
Browser: Internet Explorer Cookie: C:\Documents and Settings\Antonio\Cookies\index.dat tribalfusion.com ANON_ID /, Belonging to Tracking Cookie
Browser: Internet Explorer Cookie: C:\Documents and Settings\Antonio\Cookies\index.dat network.realmedia.com mm247 /, Belonging to Tracking Cookie

End of Cleaned Infections
===========================

[Shaba]

Yes that is possible.

Still some issues left?

[buyerpro]

Hi, Shaba, just waiting on your final instructions and the couple of other things you were going to lead me to, per your response #31. Thanks.

[Shaba]

Now that you are clean, please follow these simple steps in order to keep your computer clean and secure:

I recommend this place for that sleep mode issue.

Looking over your log, it seems you don't have any evidence of a third party firewall.

As the term conveys, a firewall is an extra layer of security installed onto computers, which restricts access to systems from the outside world. Firewalls protect against hackers and malicious intruders. I want you to download a free firewall NOW from one of these excellent vendors:

1) Comodo (Uncheck during installation "Install COMODO Antivirus (Recommended)"!, "Install Comodo SafeSurf..", Make Comodo my default search provider" and "Make Comodo Search my homepage")
2) Online Armor
3) PC Tools
4) Sunbelt/Kerio
5) ZoneAlarm (uncheck ZoneAlarm Spy Blocker during installation if you choose this one)

If you are using the built-in Windows XP firewall, it is not recommended as it does not block outgoing connections. This means that any malware on your computer is free to "phone home" for more instructions. Simply put, Windows XP contains a mediocre firewall. This firewall is NO replacement for a dedicated software solution. Remember to use only one firewall at the same time.

Now lets uninstall ComboFix:

• Click START then RUN
• Now type Combofix /u in the runbox and click OK

Next we remove all used tools.

Please download OTCleanIt and save it to desktop.

• Double-click OTCleanIt.exe.
• Click the CleanUp! button.
• Select Yes when the "Begin cleanup Process?" prompt appears.
• If you are prompted to Reboot during the cleanup, select Yes.
• The tool will delete itself once it finishes, if not delete it by yourself.

Note: If you receive a warning from your firewall or other security programs regarding OTCleanIt attempting to contact the internet, please allow it to do so.

• Disable and Enable System Restore. - If you are using Windows XP then you should disable and re-enable system restore to make sure there are no infected files found in a restore point.
  
  You can find instructions on how to enable and re-enable system restore here:
  
  Windows XP System Restore Guide

Re-enable system restore with instructions from tutorial above

• Make your Internet Explorer more secure - This can be done by following these simple instructions:
• From within Internet Explorer click on the Tools menu and then click on Options.
• Click once on the Security tab
• Click once on the Internet icon so it becomes highlighted.
• Click once on the Custom Level button.
• Change the Download signed ActiveX controls to Prompt
  
• Change the Download unsigned ActiveX controls to Disable
  
• Change the Initialize and script ActiveX controls not marked as safe to Disable
  
• Change the Installation of desktop items to Prompt
  
• Change the Launching programs and files in an IFRAME to Prompt
  
• Change the Navigate sub-frames across different domains to Prompt
  
• When all these settings have been made, click on the OK button.
  
• If it prompts you as to whether or not you want to save the settings, press the Yes button.
• Next press the Apply button and then the OK to exit the Internet Properties page.

• Update your AntiVirus Software and keep your other programs up-to-date Update your Antivirus programs and other security products regularly to avoid new threats that could infect your system.
  You can use one of these sites to check if any updates are needed for your pc.
  Secunia Software Inspector
  F-secure Health Check
  
• Visit Microsoft's Windows Update Site Frequently - It is important that you visit http://www.windowsupdate.com regularly. This will ensure your computer has always the latest security updates available installed on your computer. If there are new updates to install, install them immediately, reboot your computer, and revisit the site until there are no more critical updates.
  
• Install Malwarebytes' Anti-Malware - Malwarebytes' Anti-Malware is a new and powerful anti-malware tool. It is
  totally free but for real-time protection you will have to pay a small one-time fee. Tutorial on installing & using this product can be found below:
  
  Malwarebytes' Anti-Malware Setup Guide
  
  Malwarebytes' Anti-Malware Scanning Guide
  
  
• Install SpywareBlaster - SpywareBlaster will added a large list of programs and sites into your Internet Explorer settings that will protect you from running and downloading known malicious programs.
  
  A tutorial on installing & using this product can be found here:
  
  Using SpywareBlaster to protect your computer from Spyware and Malware
  
  
• Update all these programs regularly - Make sure you update all the programs I have listed regularly. Without regular updates you WILL NOT be protected when new malicious programs are released.

Follow this list and your potential for being infected again will reduce dramatically.

Here are some additional utilities that will enhance your safety

• MVPS Hosts file <= The MVPS Hosts file replaces your current HOSTS file with one containing well know ad sites etc. Basically, this prevents your computer from connecting to those sites by redirecting them to 127.0.0.1 which is your local computer. See also a hosts file tutorial here
• Winpatrol <= Download and install the free version of Winpatrol. a tutorial for this product is located here:
  Using Winpatrol to protect your computer from malicious software

Stand Up and Be Counted ---> Malware Complaints <--- where you can make difference!

The site offers people who have been (or are) victims of malware the opportunity to document their story and, in that way, launch a complaint against the malware and the makers of the malware.

Also, please read this great article by Tony Klein So How Did I Get Infected In First Place

Happy surfing and stay clean!

[Shaba]

Since this issue appears to be resolved ... this Topic has been closed. Glad I could help.

Note: If it has been five days or more since your last post, and the helper assisting you posted a response to that post to which you did not reply, your topic will not be reopened. At that point, if you still require help, please start a new topic and include a fresh HijackThis log and a link to your previous thread.

If it has been less than five days since your last response and you need the thread re-opened, please send me or your helper a private message (pm). A valid, working link to the closed topic is required.