Hello again
Please
subscribe to this thread to get
immediate notification of replies as soon as they are posted. To do this click
Thread Tools, then click
Subscribe to this Thread. Make sure it is set to
Instant Notification, then click
Subscribe.
========
Please follow all instructions and in which order they come, if you have any questions, please ask before proceeding. Its important that you follow this through until i give you the all clear, a lack of symptoms does not mean that it is no longer present.
Please Do Not Attach logs to your posts unless advised to do so.
===========
P2P
P2P - I see you have P2P software µTorrent) installed on your machine. We are not here to pass judgment on file-sharing as a concept. However, we will warn you that engaging in this activity and having this kind of software installed on your machine will always make you more susceptible to re-infections. It may be contributing to your current situation. This page will give you further information.
Please note: Even if you are using a "safe" P2P program, it is only the program that is safe. You will be sharing files from uncertified sources, and these are often infected. The bad guys use P2P filesharing as a major conduit to spread their wares and their infections.
References for the risk of these programs are
Here,
Here and
Here.
============
From the extra.txt:
FW: Sygate Personal Firewall v4.6 (Sygate Technologies, Inc.) Disabled
FW: Kaspersky Anti-Virus v7.0.1.321 (Kaspersky Lab) Disabled
AV: Kaspersky Anti-Virus v7.0.1.321 (Kaspersky Lab) Disabled
and
Kaspersky Anti-Virus 7.0
Kaspersky Anti-Virus 7.0
You have installed Kaspersky Anti-Virus v7.0.1.321 twice, please uninstall one of them. Also enable Kaspersky Anti-Virus v7.0.1.321 and Sygate Personal Firewall v4.6 as they are being shown as disabled.
===========
S& D Spybot's Tea Timer
While TeaTimer is an excellent tool for the prevention of spyware, it can sometimes prevent HijackThis from fixing certain things.
Please disable TeaTimer for now until you are clean. TeaTimer can be re-activated once your HijackThis log is clean.
- Open Spybot Search & Destroy.
- In the Mode menu click "Advanced mode" if not already selected.
- Choose "Yes" at the Warning prompt.
- Expand the "Tools" menu.
- Click "Resident".
- Uncheck the "Resident "TeaTimer" (Protection of overall system settings) active." box.
- In the File menu click "Exit" to exit Spybot Search & Destroy.
============
Click > Start > Control Panel > Add / Remove Programs and uninstall the following programs:
CiD Help<---Adware
Viewpoint Media Player<----Viewpoint is considered as foistware instead of malware since it is installed without users approval but doesn't spy or do anything "bad". This will change from what we know in 2006 read this article: http://www.clickz.com/news/article.php/3561546
==============
Download
ATF-Cleaner by
Atribune to your desktop.
Do not run just yet, we will shortly
===============
Please
Download NoLop to your desktop from one of the links below...
Link 1
Link 2
Link 3- First close any other programs you have running as this will require a reboot
- Double click NoLop.exe to run it
- Now click the button labelled "Search and Destroy"
<<your computer will now be scanned for infected files>>
- When scanning is finished you will be prompted to reboot only if infected, Click OK
- Now click the "REBOOT" Button.
- A Message should popup from NoLop. If not, double click the program again and it will finish Please Post the contents of C:NoLop.log along with the required logs
--If you receive an error, "mscomctl.ocx or one of its dependencies are not correctly registered," please download mscomctl.ocx to your system32 folder then rerun the program. --
==============
Double-click
ATF Cleaner.exe to open it
Under
Main choose:
Windows Temp
Current User Temp
All Users Temp
Cookies
Temporary Internet Files
Prefetch
Java Cache
*The other boxes are optional*
Then click the
Empty Selected button.
If you have Firefox installed:
Click
Firefox at the top and choose:
Select All
Click the
Empty Selected button.
NOTE: If you would like to keep your saved passwords, please click
NO at the prompt.
If you have
Opera installed:
Click
Opera at the top and choose:
Select All
Click the Empty Selected button.
NOTE: If you would like to keep your saved passwords, please click
NO at the prompt.
Click Exit on the Main menu to close the program.
==========
Perform an online scan with Internet Explorer with
Panda ActiveScan- Click on
located at the bottom of the page.
- A "pop up" window will appear. * Please ensure that your pop up blocker doesn't block it *
- Enter your e-mail address, country, and state & click "Free Online Scan" *The download of the 8 MB Panda's ActiveX control will take place*
Begin the scan by selecting
- If it finds any malware, it will offer you a report.
- Please ignore any entry it finds and the offer to buy the program to remove the entry, as we will address this later.
- Click on
then click 
* You needn't remain online while it's doing the scan but you have to re-connect after it has finished to see the report.
* Turn off the real time scanner of any existing antivirus program while performing the online scan
Paste the Panda Scan report into your next reply.
===========
Download
fl.zip
Extract the contents to a new folder on Desktop.
Within the folder, locate & double-click fl.bat.
It should produce a report at
c:\findlop.txt. Post the contents of the report in your next reply.
=============
Run Deckard System Scanner once again and post the main.txt.
=============
Logs Required
C:\NoLop.log
Panda Scan Results
c:\findlop.txt
main.txt