In need of assistance

Hello,
I have followed the Read and Run this first steps twice over but still have a problem.

The task bar on the bottom right hand side of my screen has a red bubble with an exclamation mark in it which keeps saying ' Your computer is infected. click here to protect your computer.'

Additionally, I now have a new popup which says ' Notice- A change to the default user folders requires approval' Allow/ Block.

Any help to rectify these problems will be appreciated. Here is my HJT log.
Thanks
RC

 

Please attach the two logs from the online scans.

 

Bitdefender and panda logs

Here they are.
Thanks,
RC

 

Please see the below thread on how to install and run VundoFix.

• Virtumonde aka Trojan Vundo Fix w/ Tool ...

 

No infected files were found.
Thanks,
RC

 

Please see the below thread on how to install and run Ewido Anti-Malware.

• Running Ewido Anti-Malware...

 

Here it is...

 

Here is also the fresh hijackthis log. Thanks - I appreciate your time.
RC

 

Please look in Add/Remove Programs for the following and uninstall them if found:

Ewido

Please make sure the Viewing of Hidden Files & Folders is enabled per the READ ME.

Now, look in Task Manager (Ctrl-Alt-Del) for the following running processes and, if you see any of them, try to END them:

intell321.exe

Now scan with HijackThis and check the boxes for the following entries:
( Make sure ALL browser windows are closed when you click FIX )

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://g.msn.com/0SEENUS/SAOS01
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://us.rd.yahoo.com/customize/ie/defaults/sb/msgr7/*http://www.yahoo.com/ext/ search/search.html
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://red.clientapps.yahoo.com/customize/ycomp/defaults/su/*http://www.yahoo.co m

O4 - HKLM\..\Run: [intell321.exe] C:\WINDOWS\system32\intell321.exe

O14 - IERESET.INF: START_PAGE_URL=http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=EN_US&c =Q105&bd=presario&pf=laptop

Again, make sure ALL browser windows are closed when you click FIX.

Now, Please boot into Safe Mode, be sure you have the Viewing of Hidden Files & Folders Enabled per the tutorial. Now, navigate to and DELETE the following if they should remain:

C:\WINDOWS\system32\intell321.exe

Next, run CCleaner to clean up cookies and temp files.

Finally, I would like you to flush your System Restore points. Please follow the instructions in the below:

• Disable and Re-enable System Restore
  
  
• Turn OFF System Restore to flush any bad Restore Points.
  
  
• Then, follow the instructions at the bottom of the linked page to Re-enable the Restore Utility which will create a fresh restore point.

After you complete the above reboot once more and then scan with HijackThis and attach the new log.

Let me know of any problems you may have encountered with the above instructions and also let me know how things are running now.

 

Hi,
Thanks -the exclamation mark on the red bubble did disappear!

Here is the new hijackthis log.
I still have this problem...three notices show up on the right. The text on the notices is attached in the notices.txt file.
Thanks,
RC

 

Your HJT log looks good, what is giving you those notices?

 

When I click on'Click for more information about this alert', it opens up a CounterSpy Help page. Should I uninstall CounterSpy?
Thx
RC

 

It's up to you whether you uninstall or not, FYI those notices are no threat.

 

Thanks Bjgarrick. I appreciate all the time you spent solving the malware problem of a stranger.
Thanks,
RC

 

Your Welcome!

You should see this article on How to Protect yourself from malware!

Surf Safely!