Hi

I've followed the 8 steps but am still getting the annoying pop ups every 60 secs. Everything went as you instructed exept for the Malwarebytes scan. I disabled all real time monitoring programmes but the 'Quick Scan' went on for over 2.5 hrs and I aborted.
I have Norton AV and Norton System Works. I dont think I have any file sharing programmes.
Your step by step instructions were excellent but I'm still struggling.

Please help

Ian

Attached Files

	hijackthis.log (16.8 KB, 1 views)
	mbam-log-2009-11-21 (19-57-36).txt (1.9 KB, 1 views)
	SUPERAntiSpyware Scan Log - 11-21-2009 - 20-59-06.log (455 Bytes, 1 views)
	SUPERAntiSpyware Scan Log - 11-21-2009 - 22-51-24.log (14.7 KB, 1 views)

You are still infected:
"O4 - HKLM\..\Policies\Explorer\Run: [kcien32] kncer30.exe"

This file is associated with serious malware along with a trojan virus

"O16 - DPF: {EC5A4E7B-02EB-451D-B310-D5F2E0A4D8C3} (webhelper Class) - https://register.btinternet.com/templates/btwebcontrol028.cab"
"O9 - Extra button: BitComet - {D18A0B52-D63C-4ed0-AFC6-C1E3DC1AF43A} - res://C:\Program Files\BitComet\tools\BitCometBHO_1.2.6.26.dll/206 (file missing)"

If you know what sky.com is, leave this line. If not, fix it
"O9 - Extra button: Sky - {08E730A4-FB02-45BD-A900-01E4AD8016F6} - http://www.sky.com (file missing)"

"O2 - BHO: (no name) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - (no file)"
"R3 - URLSearchHook: (no name) - {0579B4B6-0293-4d73-B02D-5EBB0BA0F0A2} - C:\Program Files\AskSBar\SrchAstt\1.bin\A2SRCHAS.DLL"
"O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - (no file)"
"O2 - BHO: BitComet ClickCapture - {39F7E362-828A-4B5A-BCAF-5B79BFDFEA60} - (no file)"
Fix or delete these in the hijackthis log. You will probably need a more extensive cleaning, but first go to Kaspersky's On line Scan

Be sure to disable your antivirus program before running the scan. Tell us what it finds. You have to learn to take care of your computer and scan for malware and viruses regularly. Norton is not doing a very good job, to no one's surprize

Hi

Thanks for your help, it is really appreciated although I am a bit taken a back with the technicalities of this.

What am I supposed to do now?

1. the 04 hklm file? What do I do with this?
2. Sky.com is my ISP - Can I leave it - but leave it where?
3. How do i fix the files or delete them in the Hijackthis log and what do I do then

Thanks

ian

Hi
I've ran the Kaspersky prog, I've attached the results.

Can you please help with my other post above please.

Thanks

Ian

Attached Files

KASPERSKY ONLINE SCANNER 7_0 scan report.txt (1.0 KB, 1 views)