Spybot can't remove PSGuard Malware (incl. HJT log) - need help in removing

"Also, am curious what I should make of Limewire being listed as Clean in the "Clean/Infected P2P programs" link provided in response #3?"

Program itself can be clean but forum P2P policy doesn't allow usage of any P2P program.

We will run one online scan to be sure that there is nothing left.

Please go to Kaspersky website and perform an online antivirus scan.

Note: If you are using Windows Vista, open your browser by right-clicking on its icon and select 'Run as administrator' to perform this scan.

  1. Read through the requirements and privacy statement and click on Accept button.
  2. It will start downloading and installing the scanner and virus definitions. You will be prompted to install an application from Kaspersky. Click Run.
  3. When the downloads have finished, click on Settings.
  4. Make sure these boxes are checked (ticked). If they are not, please tick them and click on the Save button:
    • Spyware, Adware, Dialers, and other potentially dangerous programs
      Archives
  5. Click on My Computer under Scan.
  6. Once the scan is complete, it will display the results. Click on View Scan Report.
  7. You will see a list of infected items there. Click on Save Report As....
  8. Save this report to a convenient place. Change the Files of type to Text file (.txt) before clicking on the Save button.
  9. Please post this log in your next reply along with a fresh HijackThis log.

If you need a tutorial, see here
 
RE: installing Kaspersky anti-virus

Hi, Shaba, I already have Avast Anti-virus on my computer, and understand that having more than one anti-virus program installed on a computer can cause it to be unstable. The Kaspersky site says I should "turn off" any anti-virus program in order for the Kaspersky to run successfully, however, in looking at the Avast anti-virus 4.8 Home ed. program, I don't see any way to "turn it off" or disable it temporarily. I hate to uninstall it. What is your thought?
 
Try this, please:

In the bottom, right-hand corner of your Desktop is the System Tray and, within it, the avast! Antivirus icon.

Right click the avast! Antivirus icon and select Stop On-Access Protection from the menu.

avast! Antivirus is now disabled.
 
Disabling Avast in order to run Kaspersky

OK, Shaba, I'll try that, but wanted to ask first...once I disable Avast and am thus online running the scan for Kaspersky, won't my computer be open to viruses getting in with the Avast protection off? Is there something Kaspersky scan does that you'd rather I install/run Kaspersky as opposed to a virus scan by Avast? Pls. let me know and I'll proceed.
 
There is always a small risk.

Disabling avast! real-time protection will shorten kaspersky scan time.

So it is not 100% necessary :)
 
Here's the Kaspersky log and new HJT log

Hi, Shaba, here's the results of the Kaspersky scan (the HJT log follows this) I notice the only 2 items indicated as "threats" are the two programs you asked I download for this process, RSIT.exe and SmitfraudFix. What does this mean?
--------------------------------------------------------------------------------
KASPERSKY ONLINE SCANNER 7 REPORT
Monday, November 17, 2008
Operating System: Microsoft Windows XP Home Edition Service Pack 3 (build 2600)
Kaspersky Online Scanner 7 version: 7.0.25.0
Program database last update: Monday, November 17, 2008 18:04:10
Records in database: 1390145
--------------------------------------------------------------------------------

Scan settings:
Scan using the following database: extended
Scan archives: yes
Scan mail databases: no

Scan area - My Computer:
A:\
C:\
D:\
E:\
F:\
G:\

Scan statistics:
Files scanned: 69355
Threat name: 2
Infected objects: 2
Suspicious objects: 0
Duration of the scan: 01:53:00


File name / Threat name / Threats count
C:\Documents and Settings\Antonio\Desktop\RSIT.exe Infected: Trojan.Win32.Autoit.gs 1
C:\Documents and Settings\Antonio\Desktop\SmitfraudFix\Reboot.exe Infected: not-a-virus:RiskTool.Win32.Reboot.f 1

The selected area was scanned.

And here is the latest HJT log:
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 8:15:47 PM, on 11/17/2008
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16735)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\agrsmsvc.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\Program Files\Common Files\Microsoft Shared\VS7Debug\mdm.exe
C:\WINDOWS\system32\pctspk.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\System32\spool\drivers\w32x86\3\hpztsb05.exe
C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
C:\WINDOWS\AGRSMMSG.exe
C:\Program Files\D-Link\Wireless G WDA-1320\AirGCFG.exe
C:\Program Files\ANI\ANIWZCS2 Service\WZCSLDR2.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\RFA\rfagent.exe
C:\Program Files\Java\jre6\bin\jusched.exe
C:\Program Files\Messenger\msmsgs.exe
C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
C:\Program Files\Picasa2\PicasaMediaDetector.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Sony\VAIO Action Setup\VAServ.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer,Search = http://103.nowfind.biz/pps.php
R1 - HKLM\Software\Microsoft\Internet Explorer,Search = http://103.nowfind.biz/pps.php
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre6\bin\ssv.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar3.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar3.dll
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE NvQTwk,NvCplDaemon initialize
O4 - HKLM\..\Run: [HPDJ Taskbar Utility] C:\WINDOWS\System32\spool\drivers\w32x86\3\hpztsb05.exe
O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKLM\..\Run: [AGRSMMSG] AGRSMMSG.exe
O4 - HKLM\..\Run: [hpinstantsupport] "C:\Program Files\Hewlett-Packard\hpis\bin\matcliwrapper.exe" "C:\Program Files\Hewlett-Packard\hpis\" -boot
O4 - HKLM\..\Run: [D-Link Wireless G WDA-1320] C:\Program Files\D-Link\Wireless G WDA-1320\AirGCFG.exe
O4 - HKLM\..\Run: [ANIWZCS2Service] C:\Program Files\ANI\ANIWZCS2 Service\WZCSLDR2.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [AppleSyncNotifier] C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleSyncNotifier.exe
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [rfagent] "C:\Program Files\RFA\rfagent.exe"
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe"
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
O4 - HKCU\..\Run: [Picasa Media Detector] C:\Program Files\Picasa2\PicasaMediaDetector.exe
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - Global Startup: Adobe Gamma Loader.exe.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
O4 - Global Startup: VAIO Action Setup (Server).lnk = ?
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre6\bin\jp2iexp.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre6\bin\jp2iexp.dll
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O10 - Unknown file in Winsock LSP: c:\windows\system32\nwprovau.dll
O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll
O14 - IERESET.INF: START_PAGE_URL=http://www.sony.com/vaiopeople
O15 - Trusted Zone: http://www.juno.com
O16 - DPF: {0742B9EF-8C83-41CA-BFBA-830A59E23533} (Microsoft Data Collection Control) - https://support.microsoft.com/OAS/ActiveX/MSDcode.cab
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (Installation Support) - C:\Program Files\Yahoo!\Common\Yinsthelper.dll
O16 - DPF: {406B5949-7190-4245-91A9-30A17DE16AD0} (Snapfish Activia) - http://www.costcophotocenter.com/CostcoActivia.cab
O16 - DPF: {474F00F5-3853-492C-AC3A-476512BBC336} (UploadListView Class) - http://picasaweb.google.com/s/v/27.38/uploader2.cab
O16 - DPF: {49232000-16E4-426C-A231-62846947304B} (SysData Class) - http://ipgweb.cce.hp.com/rdqna/downloads/sysinfo.cab
O16 - DPF: {5D637FAD-E202-48D1-8F18-5B9C459BD1E3} (Image Uploader Control) - http://www.myfamily.com/Controls/Upload/ImageUploader5.cab
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1162237349734
O16 - DPF: {6E5E167B-1566-4316-B27F-0DDAB3484CF7} (Image Uploader Control) - http://www.myfamily.com/Controls/Upload/ImageUploader4.cab
O16 - DPF: {CF40ACC5-E1BB-4AFF-AC72-04C2F616BCA7} -
O22 - SharedTaskScheduler: DDE Module - {DABB23E9-AC0D-3740-E3E5-4B37C80837E5} - (no file)
O23 - Service: Lavasoft Ad-Aware Service (aawservice) - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe
O23 - Service: Agere Modem Call Progress Audio (AgereModemAudio) - Agere Systems - C:\WINDOWS\system32\agrsmsvc.exe
O23 - Service: ANIWZCSd Service (ANIWZCSdService) - Wireless Service - C:\Program Files\ANI\ANIWZCS2 Service\ANIWZCSdS.exe
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe
O23 - Service: NVIDIA Driver Helper Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe
O23 - Service: PCTEL Speaker Phone (Pctspk) - PCtel, Inc. - C:\WINDOWS\system32\pctspk.exe
O23 - Service: Sony SPTI Service (SPTISRV) - Sony Corporation - C:\Program Files\Common Files\Sony Shared\AVLib\SPTISRV.exe

--
End of file - 9380 bytes
 
This means that RSIT has made by AutoIt programming language and kaspersky thinks that it is malware though it isn't:

C:\Documents and Settings\Antonio\Desktop\RSIT.exe Infected: Trojan.Win32.Autoit.gs 1

This means that smitfraudfix has a tool which reboots system if needed.

C:\Documents and Settings\Antonio\Desktop\SmitfraudFix\Reboot.exe Infected: not-a-virus:RiskTool.Win32.Reboot.f 1

Both are no threats. We will remove both during final cleanup.

Any issues left?
 
Final clean up, scan first?

Hi, Shaba, I am not aware of any other issues, though I haven't run a new Spybot scan since we started this process (which was to get rid of the PSGuard malware indicated by my last Spybot scan, which is what initiated my first contact with the forum). Hopefully, a new scan, as you direct, will show my system clear of all threats, malware, etc (the PSGuard was the only thing showing in my last Spybot scan).
Am curious, as I noted the Smitfraud utility you had me run a few days ago indicated it was "cleaning the registry." Is the Smitfraud.exe something I can use on occasion to clean my registry, then? Or do you recommend one purchase a registry cleaning program? Is it necessary to clean one's registry.
Thanks, again, for your attention. I appreciate it.
 
Yes please do a new spybot scan and post back its report if it finds something :)

"Am curious, as I noted the Smitfraud utility you had me run a few days ago indicated it was "cleaning the registry." Is the Smitfraud.exe something I can use on occasion to clean my registry, then? Or do you recommend one purchase a registry cleaning program? Is it necessary to clean one's registry."

No, that tool cleans smitfraud related registry entries and shouldn't be used without supervision. Here is some good information about registry cleaners.
 
Spybot scan clear, do we remove RSIT, SmitfraudFix?

Hi, Shaba, all looked good with the Spybot Scan this afternoon, PSGuard is no longer showing up as present and no threats detected. I also did an immunize, and noted that in the Windows category, it showed "2" unprotected at Global Hosts (I don't know what this may mean).
Do we need to remove the programs downloaded throughout this process--RSIT, SmitfraudFix, Kaspersky, Hijack This?
And wondering if you might be able to tell by any of my previously posted logs why my computer doesn't go into Sleep mode automatically (even though I have it set to do so). I can put it in Sleep mode manually, though.
And, finally wondering what your feeling is re: using Windows Firewall or a third party firewall? I've read the Windows Firewall is more vulnerable. I currently only use the built-in Windows firewall.
Shaba, thank you again for your expert help.
 
"Do we need to remove the programs downloaded throughout this process--RSIT, SmitfraudFix, Kaspersky, Hijack This?"

Yes they will get removed during final instructions.

"And wondering if you might be able to tell by any of my previously posted logs why my computer doesn't go into Sleep mode automatically (even though I have it set to do so). I can put it in Sleep mode manually, though."

I can re-direct you to some windows forum for that if you like to?

"And, finally wondering what your feeling is re: using Windows Firewall or a third party firewall? I've read the Windows Firewall is more vulnerable. I currently only use the built-in Windows firewall."

I recommend using a third party firewall, will suggest some in my final instructions.
 
Awaiting final instructions

OK, Shaba, will await your final instructions as stated in your previous response. (I should note I did an Ad-Aware scan earlier today and it found Win32.backdoor.agent as a virus, which my Spybot scan did not find.) Is there something we need to do here? (I quarantined the virus in the Ad-Aware scan.) Thanks, Shaba; Here's a new HJT log, just in case you'd like to see it:

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 4:57:28 PM, on 11/22/2008
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16735)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\agrsmsvc.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\Program Files\Common Files\Microsoft Shared\VS7Debug\mdm.exe
C:\WINDOWS\system32\pctspk.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\System32\spool\drivers\w32x86\3\hpztsb05.exe
C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
C:\WINDOWS\AGRSMMSG.exe
C:\Program Files\D-Link\Wireless G WDA-1320\AirGCFG.exe
C:\Program Files\ANI\ANIWZCS2 Service\WZCSLDR2.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\RFA\rfagent.exe
C:\Program Files\Java\jre6\bin\jusched.exe
C:\Program Files\Messenger\msmsgs.exe
C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
C:\Program Files\Picasa2\PicasaMediaDetector.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Sony\VAIO Action Setup\VAServ.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\Microsoft Office\Office10\WINWORD.EXE
C:\WINDOWS\msagent\AgentSvr.exe
C:\Program Files\Common Files\Microsoft Shared\Speech\sapisvr.exe
C:\Program Files\Microsoft Office\Office10\EXCEL.EXE
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer,Search = http://103.nowfind.biz/pps.php
R1 - HKLM\Software\Microsoft\Internet Explorer,Search = http://103.nowfind.biz/pps.php
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre6\bin\ssv.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar3.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar3.dll
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE NvQTwk,NvCplDaemon initialize
O4 - HKLM\..\Run: [HPDJ Taskbar Utility] C:\WINDOWS\System32\spool\drivers\w32x86\3\hpztsb05.exe
O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKLM\..\Run: [AGRSMMSG] AGRSMMSG.exe
O4 - HKLM\..\Run: [hpinstantsupport] "C:\Program Files\Hewlett-Packard\hpis\bin\matcliwrapper.exe" "C:\Program Files\Hewlett-Packard\hpis\" -boot
O4 - HKLM\..\Run: [D-Link Wireless G WDA-1320] C:\Program Files\D-Link\Wireless G WDA-1320\AirGCFG.exe
O4 - HKLM\..\Run: [ANIWZCS2Service] C:\Program Files\ANI\ANIWZCS2 Service\WZCSLDR2.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [AppleSyncNotifier] C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleSyncNotifier.exe
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [rfagent] "C:\Program Files\RFA\rfagent.exe"
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe"
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
O4 - HKCU\..\Run: [Picasa Media Detector] C:\Program Files\Picasa2\PicasaMediaDetector.exe
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - Global Startup: Adobe Gamma Loader.exe.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
O4 - Global Startup: VAIO Action Setup (Server).lnk = ?
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre6\bin\jp2iexp.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre6\bin\jp2iexp.dll
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O10 - Unknown file in Winsock LSP: c:\windows\system32\nwprovau.dll
O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll
O14 - IERESET.INF: START_PAGE_URL=http://www.sony.com/vaiopeople
O15 - Trusted Zone: http://www.juno.com
O16 - DPF: {0742B9EF-8C83-41CA-BFBA-830A59E23533} (Microsoft Data Collection Control) - https://support.microsoft.com/OAS/ActiveX/MSDcode.cab
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (Installation Support) - C:\Program Files\Yahoo!\Common\Yinsthelper.dll
O16 - DPF: {406B5949-7190-4245-91A9-30A17DE16AD0} (Snapfish Activia) - http://www.costcophotocenter.com/CostcoActivia.cab
O16 - DPF: {474F00F5-3853-492C-AC3A-476512BBC336} (UploadListView Class) - http://picasaweb.google.com/s/v/27.38/uploader2.cab
O16 - DPF: {49232000-16E4-426C-A231-62846947304B} (SysData Class) - http://ipgweb.cce.hp.com/rdqna/downloads/sysinfo.cab
O16 - DPF: {5D637FAD-E202-48D1-8F18-5B9C459BD1E3} (Image Uploader Control) - http://www.myfamily.com/Controls/Upload/ImageUploader5.cab
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1162237349734
O16 - DPF: {6E5E167B-1566-4316-B27F-0DDAB3484CF7} (Image Uploader Control) - http://www.myfamily.com/Controls/Upload/ImageUploader4.cab
O16 - DPF: {CF40ACC5-E1BB-4AFF-AC72-04C2F616BCA7} -
O22 - SharedTaskScheduler: DDE Module - {DABB23E9-AC0D-3740-E3E5-4B37C80837E5} - (no file)
O23 - Service: Lavasoft Ad-Aware Service (aawservice) - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe
O23 - Service: Agere Modem Call Progress Audio (AgereModemAudio) - Agere Systems - C:\WINDOWS\system32\agrsmsvc.exe
O23 - Service: ANIWZCSd Service (ANIWZCSdService) - Wireless Service - C:\Program Files\ANI\ANIWZCS2 Service\ANIWZCSdS.exe
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe
O23 - Service: NVIDIA Driver Helper Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe
O23 - Service: PCTEL Speaker Phone (Pctspk) - PCtel, Inc. - C:\WINDOWS\system32\pctspk.exe
O23 - Service: Sony SPTI Service (SPTISRV) - Sony Corporation - C:\Program Files\Common Files\Sony Shared\AVLib\SPTISRV.exe

--
End of file - 9557 bytes
 
Heres the Ad-Aware log

Hi, Shaba, I've copied the AdAware log here, though all it shows are the cookies that I deleted. It doesn't show the win32.backdoor.agent virus, though it shows that I moved it to the quarantine file (perhaps it is not showing in the log because I did not remove it, only quarantined it?)

Cleaned Infections
===========================
Browser: Internet Explorer Cookie: C:\Documents and Settings\Antonio\Cookies\index.dat msnportal.112.2o7.net s_vi /, Belonging to Tracking Cookie
Browser: Internet Explorer Cookie: C:\Documents and Settings\Antonio\Cookies\index.dat adserver.adtechus.com JEB2 /, Belonging to Tracking Cookie
Browser: Internet Explorer Cookie: C:\Documents and Settings\Antonio\Cookies\index.dat kontera.com cluid /, Belonging to Tracking Cookie
Browser: Internet Explorer Cookie: C:\Documents and Settings\Antonio\Cookies\index.dat kontera.com imprs /, Belonging to Tracking Cookie
Browser: Internet Explorer Cookie: C:\Documents and Settings\Antonio\Cookies\index.dat insightexpressai.com IXAIBanners1295 /, Belonging to Tracking Cookie
Browser: Internet Explorer Cookie: C:\Documents and Settings\Antonio\Cookies\index.dat insightexpressai.com IXAIBannerCounter38372 /, Belonging to Tracking Cookie
Browser: Internet Explorer Cookie: C:\Documents and Settings\Antonio\Cookies\index.dat insightexpressai.com IXAIFirstHit1295 /, Belonging to Tracking Cookie
Browser: Internet Explorer Cookie: C:\Documents and Settings\Antonio\Cookies\index.dat insightexpressai.com IXAILastHit1295 /, Belonging to Tracking Cookie
Browser: Internet Explorer Cookie: C:\Documents and Settings\Antonio\Cookies\index.dat insightexpressai.com IXAICampaignCounter1295 /, Belonging to Tracking Cookie
Browser: Internet Explorer Cookie: C:\Documents and Settings\Antonio\Cookies\index.dat insightexpressai.com IXAIBanners1250 /, Belonging to Tracking Cookie
Browser: Internet Explorer Cookie: C:\Documents and Settings\Antonio\Cookies\index.dat insightexpressai.com IXAIBannerCounter38175 /, Belonging to Tracking Cookie
Browser: Internet Explorer Cookie: C:\Documents and Settings\Antonio\Cookies\index.dat insightexpressai.com IXAIFirstHit1250 /, Belonging to Tracking Cookie
Browser: Internet Explorer Cookie: C:\Documents and Settings\Antonio\Cookies\index.dat insightexpressai.com IXAILastHit1250 /, Belonging to Tracking Cookie
Browser: Internet Explorer Cookie: C:\Documents and Settings\Antonio\Cookies\index.dat insightexpressai.com IXAICampaignCounter1250 /, Belonging to Tracking Cookie
Browser: Internet Explorer Cookie: C:\Documents and Settings\Antonio\Cookies\index.dat insightexpressai.com lastInviteTime /, Belonging to Tracking Cookie
Browser: Internet Explorer Cookie: C:\Documents and Settings\Antonio\Cookies\index.dat insightexpressai.com IXAIinvited1295 /, Belonging to Tracking Cookie
Browser: Internet Explorer Cookie: C:\Documents and Settings\Antonio\Cookies\index.dat insightexpressai.com IXAIBanners1140 /, Belonging to Tracking Cookie
Browser: Internet Explorer Cookie: C:\Documents and Settings\Antonio\Cookies\index.dat insightexpressai.com IXAIBannerCounter34769 /, Belonging to Tracking Cookie
Browser: Internet Explorer Cookie: C:\Documents and Settings\Antonio\Cookies\index.dat insightexpressai.com IXAIFirstHit1140 /, Belonging to Tracking Cookie
Browser: Internet Explorer Cookie: C:\Documents and Settings\Antonio\Cookies\index.dat insightexpressai.com IXAILastHit1140 /, Belonging to Tracking Cookie
Browser: Internet Explorer Cookie: C:\Documents and Settings\Antonio\Cookies\index.dat insightexpressai.com IXAICampaignCounter1140 /, Belonging to Tracking Cookie
Browser: Internet Explorer Cookie: C:\Documents and Settings\Antonio\Cookies\index.dat insightexpressai.com IXAIBanners1237 /, Belonging to Tracking Cookie
Browser: Internet Explorer Cookie: C:\Documents and Settings\Antonio\Cookies\index.dat insightexpressai.com IXAIBannerCounter36913 /, Belonging to Tracking Cookie
Browser: Internet Explorer Cookie: C:\Documents and Settings\Antonio\Cookies\index.dat insightexpressai.com IXAIFirstHit1237 /, Belonging to Tracking Cookie
Browser: Internet Explorer Cookie: C:\Documents and Settings\Antonio\Cookies\index.dat insightexpressai.com IXAILastHit1237 /, Belonging to Tracking Cookie
Browser: Internet Explorer Cookie: C:\Documents and Settings\Antonio\Cookies\index.dat insightexpressai.com IXAICampaignCounter1237 /, Belonging to Tracking Cookie
Browser: Internet Explorer Cookie: C:\Documents and Settings\Antonio\Cookies\index.dat insightexpressai.com IXAIBanners1328 /, Belonging to Tracking Cookie
Browser: Internet Explorer Cookie: C:\Documents and Settings\Antonio\Cookies\index.dat insightexpressai.com IXAIBannerCounter139283 /, Belonging to Tracking Cookie
Browser: Internet Explorer Cookie: C:\Documents and Settings\Antonio\Cookies\index.dat insightexpressai.com IXAIBannerCounter140092 /, Belonging to Tracking Cookie
Browser: Internet Explorer Cookie: C:\Documents and Settings\Antonio\Cookies\index.dat insightexpressai.com IXAIFirstHit1328 /, Belonging to Tracking Cookie
Browser: Internet Explorer Cookie: C:\Documents and Settings\Antonio\Cookies\index.dat insightexpressai.com IXAILastHit1328 /, Belonging to Tracking Cookie
Browser: Internet Explorer Cookie: C:\Documents and Settings\Antonio\Cookies\index.dat insightexpressai.com IXAICampaignCounter1328 /, Belonging to Tracking Cookie
Browser: Internet Explorer Cookie: C:\Documents and Settings\Antonio\Cookies\index.dat insightexpressai.com IXAIinvited1328 /, Belonging to Tracking Cookie
Browser: Internet Explorer Cookie: C:\Documents and Settings\Antonio\Cookies\index.dat insightexpressai.com IXAIBanners1282 /, Belonging to Tracking Cookie
Browser: Internet Explorer Cookie: C:\Documents and Settings\Antonio\Cookies\index.dat insightexpressai.com IXAIBannerCounter139319 /, Belonging to Tracking Cookie
Browser: Internet Explorer Cookie: C:\Documents and Settings\Antonio\Cookies\index.dat insightexpressai.com IXAIFirstHit1282 /, Belonging to Tracking Cookie
Browser: Internet Explorer Cookie: C:\Documents and Settings\Antonio\Cookies\index.dat insightexpressai.com IXAILastHit1282 /, Belonging to Tracking Cookie
Browser: Internet Explorer Cookie: C:\Documents and Settings\Antonio\Cookies\index.dat insightexpressai.com IXAICampaignCounter1282 /, Belonging to Tracking Cookie
Browser: Internet Explorer Cookie: C:\Documents and Settings\Antonio\Cookies\index.dat insightexpressai.com SiteExpiration43 /, Belonging to Tracking Cookie
Browser: Internet Explorer Cookie: C:\Documents and Settings\Antonio\Cookies\index.dat insightexpressai.com IXAIinvited1282 /, Belonging to Tracking Cookie
Browser: Internet Explorer Cookie: C:\Documents and Settings\Antonio\Cookies\index.dat insightexpressai.com IXAIBanners1339 /, Belonging to Tracking Cookie
Browser: Internet Explorer Cookie: C:\Documents and Settings\Antonio\Cookies\index.dat insightexpressai.com IXAIBannerCounter140026 /, Belonging to Tracking Cookie
Browser: Internet Explorer Cookie: C:\Documents and Settings\Antonio\Cookies\index.dat insightexpressai.com IXAIFirstHit1339 /, Belonging to Tracking Cookie
Browser: Internet Explorer Cookie: C:\Documents and Settings\Antonio\Cookies\index.dat insightexpressai.com IXAILastHit1339 /, Belonging to Tracking Cookie
Browser: Internet Explorer Cookie: C:\Documents and Settings\Antonio\Cookies\index.dat insightexpressai.com IXAICampaignCounter1339 /, Belonging to Tracking Cookie
Browser: Internet Explorer Cookie: C:\Documents and Settings\Antonio\Cookies\index.dat insightexpressai.com SiteExpiration213 /, Belonging to Tracking Cookie
Browser: Internet Explorer Cookie: C:\Documents and Settings\Antonio\Cookies\index.dat insightexpressai.com IXAIinvited1339 /, Belonging to Tracking Cookie
Browser: Internet Explorer Cookie: C:\Documents and Settings\Antonio\Cookies\index.dat ads.pointroll.com PRID /, Belonging to Tracking Cookie
Browser: Internet Explorer Cookie: C:\Documents and Settings\Antonio\Cookies\index.dat ads.pointroll.com PRimp /, Belonging to Tracking Cookie
Browser: Internet Explorer Cookie: C:\Documents and Settings\Antonio\Cookies\index.dat ads.pointroll.com PRca /, Belonging to Tracking Cookie
Browser: Internet Explorer Cookie: C:\Documents and Settings\Antonio\Cookies\index.dat ads.pointroll.com PRcp /, Belonging to Tracking Cookie
Browser: Internet Explorer Cookie: C:\Documents and Settings\Antonio\Cookies\index.dat ads.pointroll.com PRpl /, Belonging to Tracking Cookie
Browser: Internet Explorer Cookie: C:\Documents and Settings\Antonio\Cookies\index.dat ads.pointroll.com PRcr /, Belonging to Tracking Cookie
Browser: Internet Explorer Cookie: C:\Documents and Settings\Antonio\Cookies\index.dat ads.pointroll.com PRpc /, Belonging to Tracking Cookie
Browser: Internet Explorer Cookie: C:\Documents and Settings\Antonio\Cookies\index.dat ads.pointroll.com PRev76.24049 /, Belonging to Tracking Cookie
Browser: Internet Explorer Cookie: C:\Documents and Settings\Antonio\Cookies\index.dat ads.pointroll.com PRev667.25447 /, Belonging to Tracking Cookie
Browser: Internet Explorer Cookie: C:\Documents and Settings\Antonio\Cookies\index.dat ads.pointroll.com PRev444.23072 /, Belonging to Tracking Cookie
Browser: Internet Explorer Cookie: C:\Documents and Settings\Antonio\Cookies\index.dat tribalfusion.com ANON_ID /, Belonging to Tracking Cookie
Browser: Internet Explorer Cookie: C:\Documents and Settings\Antonio\Cookies\index.dat network.realmedia.com mm247 /, Belonging to Tracking Cookie

End of Cleaned Infections
===========================
 
Just waiting on Final Instructions

Hi, Shaba, just waiting on your final instructions and the couple of other things you were going to lead me to, per your response #31. Thanks.
 
Now that you are clean, please follow these simple steps in order to keep your computer clean and secure:

I recommend this place for that sleep mode issue.

Looking over your log, it seems you don't have any evidence of a third party firewall.

As the term conveys, a firewall is an extra layer of security installed onto computers, which restricts access to systems from the outside world. Firewalls protect against hackers and malicious intruders. I want you to download a free firewall NOW from one of these excellent vendors:

1) Comodo (Uncheck during installation "Install COMODO Antivirus (Recommended)"!, "Install Comodo SafeSurf..", Make Comodo my default search provider" and "Make Comodo Search my homepage")
2) Online Armor
3) PC Tools
4) Sunbelt/Kerio
5) ZoneAlarm (uncheck ZoneAlarm Spy Blocker during installation if you choose this one)

If you are using the built-in Windows XP firewall, it is not recommended as it does not block outgoing connections. This means that any malware on your computer is free to "phone home" for more instructions. Simply put, Windows XP contains a mediocre firewall. This firewall is NO replacement for a dedicated software solution. Remember to use only one firewall at the same time.

Now lets uninstall ComboFix:

  • Click START then RUN
  • Now type Combofix /u in the runbox and click OK

Next we remove all used tools.

Please download OTCleanIt and save it to desktop.
  • Double-click OTCleanIt.exe.
  • Click the CleanUp! button.
  • Select Yes when the "Begin cleanup Process?" prompt appears.
  • If you are prompted to Reboot during the cleanup, select Yes.
  • The tool will delete itself once it finishes, if not delete it by yourself.

Note: If you receive a warning from your firewall or other security programs regarding OTCleanIt attempting to contact the internet, please allow it to do so.

  • Disable and Enable System Restore. - If you are using Windows XP then you should disable and re-enable system restore to make sure there are no infected files found in a restore point.

    You can find instructions on how to enable and re-enable system restore here:

    Windows XP System Restore Guide

Re-enable system restore with instructions from tutorial above

  • Make your Internet Explorer more secure - This can be done by following these simple instructions:
  • From within Internet Explorer click on the Tools menu and then click on Options.
  • Click once on the Security tab
  • Click once on the Internet icon so it becomes highlighted.
  • Click once on the Custom Level button.
  • Change the Download signed ActiveX controls to Prompt
  • Change the Download unsigned ActiveX controls to Disable
  • Change the Initialize and script ActiveX controls not marked as safe to Disable
  • Change the Installation of desktop items to Prompt
  • Change the Launching programs and files in an IFRAME to Prompt
  • Change the Navigate sub-frames across different domains to Prompt
  • When all these settings have been made, click on the OK button.
  • If it prompts you as to whether or not you want to save the settings, press the Yes button.
  • Next press the Apply button and then the OK to exit the Internet Properties page.

  • Update your AntiVirus Software and keep your other programs up-to-date Update your Antivirus programs and other security products regularly to avoid new threats that could infect your system.
    You can use one of these sites to check if any updates are needed for your pc.
    Secunia Software Inspector
    F-secure Health Check
  • Visit Microsoft's Windows Update Site Frequently - It is important that you visit http://www.windowsupdate.com regularly. This will ensure your computer has always the latest security updates available installed on your computer. If there are new updates to install, install them immediately, reboot your computer, and revisit the site until there are no more critical updates.
  • Install Malwarebytes' Anti-Malware - Malwarebytes' Anti-Malware is a new and powerful anti-malware tool. It is
    totally free but for real-time protection you will have to pay a small one-time fee. Tutorial on installing & using this product can be found below:

    Malwarebytes' Anti-Malware Setup Guide

    Malwarebytes' Anti-Malware Scanning Guide

  • Install SpywareBlaster - SpywareBlaster will added a large list of programs and sites into your Internet Explorer settings that will protect you from running and downloading known malicious programs.

    A tutorial on installing & using this product can be found here:

    Using SpywareBlaster to protect your computer from Spyware and Malware

  • Update all these programs regularly - Make sure you update all the programs I have listed regularly. Without regular updates you WILL NOT be protected when new malicious programs are released.
Follow this list and your potential for being infected again will reduce dramatically.

Here are some additional utilities that will enhance your safety


Stand Up and Be Counted ---> Malware Complaints <--- where you can make difference!

The site offers people who have been (or are) victims of malware the opportunity to document their story and, in that way, launch a complaint against the malware and the makers of the malware.

Also, please read this great article by Tony Klein So How Did I Get Infected In First Place

Happy surfing and stay clean! :bigthumb:
 
Since this issue appears to be resolved ... this Topic has been closed. Glad I could help.

Note: If it has been five days or more since your last post, and the helper assisting you posted a response to that post to which you did not reply, your topic will not be reopened. At that point, if you still require help, please start a new topic and include a fresh HijackThis log and a link to your previous thread.

If it has been less than five days since your last response and you need the thread re-opened, please send me or your helper a private message (pm). A valid, working link to the closed topic is required.
 
You must log in or register to reply here.
Back
Top