Some traces of psguard?

Hello all!
Im having a problem with some traces of psguard.
I have completed all the steps and done the psguard removal.
And the system works fine rigth now, but i still find some traces of psguard when i scan with for ex. adaware or ewid. I can remove it with adaware but it always come back after a reboot (wtih system restore turned off).
Its 1 reg.file.

Im running an Amd Athlon 1500++, 512 ram, win Xp.

Heres a copy of my Htj log and adaware log.

Anyone know what to do?

 

Uninstall Messenger Plu! 2 this is a major piece of Sypware.

Scan with HijackThis and fix the following:

You have not completed our standard cleaning procedures.

Please follow the steps below:

- Run ALL the steps in this Sticky thread READ & RUN ME FIRST Before Asking for Support

• Make sure you check version numbers and get all updates.

After doing ALL of the above you still have a problem make sure you have booted to normal mode and run the steps in the below link to properly use HijackThis:

Downloading, Installing, and Running HijackThis

 

Thx mate!
Ill run the "standrad stuff" again and tell U thge results!

 

Ok now i have done the standard cleaning again, i checked for all the updates and version numbers. And i removed the traces of the messenger plus (which my brother DL ages ago and i removed they day after, thx for noticing me of the traces).
Also did the psguard remover once again.
And now its looks like im clean, cause those last reg-entries is gone!
Thx for the help!

But i found one strange thing with the pandascan. some adaware file???
(And my avast on-Access scanner were alerting of some malware in the activeX file from panda. So i had to turn of Avast to complete the download.
It was some traces of win32:ctx Anything strange? )
Im adding the log so u can see.

Im also ataching:
-a HJT log just for checking if i look clean.

-a copy of the Microsoft AntiSpy Scan History Details so u can see what it did detect.

-And a copy of the SmitRem log.

-(And adAware only found the same as the first time, so im not attaching the log).

Thx again!

 

Pleae run Smitfraud, SpySheriff, SpyAxe & PSGuard Removal.

Post the Smitfruad.txt and a fresh HijackThis log when done.

 

Im sorry forgot to tell that the scans from: bitDefender, online Trojan Scan, Spybot and the Microsoft Windows Malicious Software Removal Tool were clean

 

Ok heres a fresh HJT log and the smitRem log.
( i hope you mean smitfiles.txt not smitfraud.txt. It was only a smitfiles.txt that was created)
Im also adding a fresh pandascan and the old smitfiles.txt (which is smitfiles2.txt.)

 

Yes that is what I meant. PSGuard was found and removed in the first run of SmitRem. Your HijackThis log is clean. The PandaScan log didn't post.

 

Thank you for the help!
I cant attach the panda log, it says that i have already attached it in this thread.
It found the same thing as the last time, and that log is posted a little higher in the thread.

 

Just add a couple of balcn lines to the log, save it. Then attach the log.

 

Thx, here it is.

 

That says you have something in the registry but didn't give the registry key.

Please follow the directions for Running Ewido Security Suite.

Post the Ewido log when the scan has finished.

 

I didnt find any of the 2 reg-keys and none of the file listed in the "Lop-info".
Ewido found nothing except some cookie, but ill post the log.

 

Your system appears to be clean,

How is your computer running?

 

Its running pretty good, alittle slow on start up.
But nothing serious!
Thank you for taking your time and helping me out!
Its really really appreciated!!!

 

I have found a problem and wonders if its realted to my old problem.
Im getting quite alot of portscans. Maybe one or two every hour or so.
Its from different ip's, but one or 2 is more frequent.
They are mostly scanning 1028, 1029, 1030, 1032, 1033, 4257. (Other ports are scanned aswell but these were the most frequent).
I have a dynamic ip.

 

Portscans are just that scans, not intrusions.

A portscan is looking for an open or closed port on a computer that is connected to the Internet. Port states are open, closed and stealthed. Open and closed ports respond to random scans telling the scanner there is a computer at IP whatever when it responds. Most commercial firewalls stealth all ports by default.

Scans are not normally followed by attacks. However all intrusions are proceeded by a port scan, to ensure that the port is open to attack.

The frequency with which you are seeing port scans in not unusual.

 

Thank you alot for the info!