This is a follow-up to this closed thread: http://forums.spybot.info/showthread.php?t=21890

Sorry for not posting the HJT log the first time around, I know the sticky "Before you post..." said to do so, but I also thought a couple of posts said otherwise. My mistake.

What I am trying to find out, is wether or not SpyBot S&D managed to resolve my Smitfraud problem. Here is the HJT log, and I'm standing by with the Kaspersky log as well.

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 02:17:27, on 29.12.2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Programfiler\Fellesfiler\Symantec Shared\ccProxy.exe
C:\Programfiler\Fellesfiler\Symantec Shared\ccSetMgr.exe
C:\Programfiler\Norton Internet Security\ISSVC.exe
C:\Programfiler\Fellesfiler\Symantec Shared\SNDSrvc.exe
C:\Programfiler\Fellesfiler\Symantec Shared\ccEvtMgr.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Programfiler\Fellesfiler\Acronis\Schedule2\schedul2.exe
C:\Programfiler\Symantec\LiveUpdate\ALUSchedulerSvc.exe
C:\WINDOWS\system32\CTsvcCDA.EXE
C:\Programfiler\DriveCrypt\DcrServ.exe
C:\Programfiler\Fellesfiler\Microsoft Shared\VS7Debug\mdm.exe
C:\Programfiler\Norton Internet Security\Norton AntiVirus\navapsvc.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\System32\svchost.exe
C:\Programfiler\Fellesfiler\Symantec Shared\CCPD-LC\symlcsvc.exe
C:\WINDOWS\Explorer.EXE
C:\Programfiler\Roxio\Easy CD Creator 5\DirectCD\DirectCD.exe
C:\Programfiler\Fellesfiler\Real\Update_OB\realsched.exe
C:\Programfiler\QuickTime\qttask.exe
C:\Programfiler\Acronis\TrueImage\TrueImageMonitor.exe
C:\Programfiler\Fellesfiler\Acronis\Schedule2\schedhlp.exe
C:\Programfiler\Microsoft IntelliPoint\point32.exe
C:\PROGRA~1\Maxtor\OneTouch\Utils\OneTouch.exe
C:\Programfiler\Telenor\ecc\ecc.exe
C:\Programfiler\Nokia\Nokia PC Suite 6\Launch Application 2.exe
C:\PROGRA~1\FELLES~1\PCSuite\DATALA~1\DATALA~1.EXE
C:\Programfiler\SlySoft\CloneCD\CloneCDTray.exe
C:\Programfiler\Fellesfiler\Symantec Shared\ccApp.exe
C:\WINDOWS\system32\RUNDLL32.EXE
C:\WINDOWS\CTHELPER.EXE
C:\WINDOWS\system32\ctfmon.exe
C:\PROGRA~1\FELLES~1\PCSuite\Services\SERVIC~1.EXE
C:\Programfiler\MSN Messenger\MsnMsgr.Exe
C:\Programfiler\Nokia\Nokia PC Suite 6\PcSync2.exe
C:\Programfiler\Copernic Desktop Search\CopernicDesktopSearch.exe
C:\Programfiler\FinePixViewer\QuickDCF.exe
C:\Programfiler\BOINC\boincmgr.exe
C:\PROGRA~1\FELLES~1\Nokia\MPAPI\MPAPI3s.exe
C:\Programfiler\BOINC\boinc.exe
C:\Programfiler\BOINC\projects\climateprediction.net\hadcm3trans_5.40_windows_intelx86.exe
C:\Programfiler\BOINC\projects\climateprediction.net\hadcm3transum_5.40_windows_intelx86.exe
C:\Programfiler\Messenger\msmsgs.exe
C:\Programfiler\Trend Micro\HijackThis\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.euro.dell.com/countries/no/nor/gen/default.htm
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.euro.dell.com/countries/no/nor/gen/default.htm
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://securityresponse.symantec.com/avcenter/fix_homepage
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Koblinger
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Programfiler\Fellesfiler\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: IEWatchObj Class - {9527D42F-D666-11D3-B8DD-00600838CD5F} - C:\WINDOWS\System32\IETie.dll
O2 - BHO: Norton Internet Security - {9ECB9560-04F9-4bbc-943D-298DDF1699E1} - C:\Programfiler\Fellesfiler\Symantec Shared\AdBlocking\NISShExt.dll
O2 - BHO: NAV Helper - {BDF3E430-B101-42AD-A544-FADC6B084872} - C:\Programfiler\Norton Internet Security\Norton AntiVirus\NavShExt.dll
O3 - Toolbar: Norton Internet Security - {0B53EAC3-8D69-4b9e-9B19-A37C9A5676A7} - C:\Programfiler\Fellesfiler\Symantec Shared\AdBlocking\NISShExt.dll
O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - C:\Programfiler\Norton Internet Security\Norton AntiVirus\NavShExt.dll
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [AdaptecDirectCD] "C:\Programfiler\Roxio\Easy CD Creator 5\DirectCD\DirectCD.exe"
O4 - HKLM\..\Run: [TkBellExe] C:\Programfiler\Fellesfiler\Real\Update_OB\realsched.exe -osboot
O4 - HKLM\..\Run: [QuickTime Task] "C:\Programfiler\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [VOBRegCheck] C:\WINDOWS\System32\VOBREGCheck.exe -CheckReg
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [Acronis*True*Image Monitor] C:\Programfiler\Acronis\TrueImage\TrueImageMonitor.exe
O4 - HKLM\..\Run: [Acronis Scheduler2 Service] C:\Programfiler\Fellesfiler\Acronis\Schedule2\schedhlp.exe
O4 - HKLM\..\Run: [PinnacleDriverCheck] C:\WINDOWS\System32\PSDrvCheck.exe -CheckReg
O4 - HKLM\..\Run: [REGSHAVE] C:\Programfiler\REGSHAVE\REGSHAVE.EXE /AUTORUN
O4 - HKLM\..\Run: [IntelliPoint] "C:\Programfiler\Microsoft IntelliPoint\point32.exe"
O4 - HKLM\..\Run: [MaxtorOneTouch] C:\PROGRA~1\Maxtor\OneTouch\Utils\OneTouch.exe
O4 - HKLM\..\Run: [ecc] C:\Programfiler\Telenor\ecc\ecc.exe
O4 - HKLM\..\Run: [PCSuiteTrayApplication] C:\Programfiler\Nokia\Nokia PC Suite 6\Launch Application 2.exe -onlytray
O4 - HKLM\..\Run: [DataLayer] C:\PROGRA~1\FELLES~1\PCSuite\DATALA~1\DATALA~1.EXE
O4 - HKLM\..\Run: [CloneCDTray] "C:\Programfiler\SlySoft\CloneCD\CloneCDTray.exe" /s
O4 - HKLM\..\Run: [ccApp] "C:\Programfiler\Fellesfiler\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [Symantec NetDriver Monitor] C:\PROGRA~1\SYMNET~1\SNDMon.exe /Consumer
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [CTHelper] CTHELPER.EXE
O4 - HKLM\..\Run: [CTxfiHlp] CTXFIHLP.EXE
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Programfiler\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [DriveCrypt Startup] C:\Programfiler\DriveCrypt\DriveCrypt.exe /WS
O4 - HKCU\..\Run: [MsnMsgr] "C:\Programfiler\MSN Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [PcSync] C:\Programfiler\Nokia\Nokia PC Suite 6\PcSync2.exe /NoDialog
O4 - HKCU\..\Run: [Copernic Desktop Search] "C:\Programfiler\Copernic Desktop Search\CopernicDesktopSearch.exe" /tray
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'LOKAL TJENESTE')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'NETTVERKSTJENESTE')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'Default user')
O4 - Startup: BOINC Manager.lnk = C:\Programfiler\BOINC\boincmgr.exe
O4 - Startup: Matrix.lnk = C:\Programfiler\Matrix Screen Locker\matrix.exe
O4 - Global Startup: Adobe Gamma Loader.exe.lnk = C:\Programfiler\Fellesfiler\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Global Startup: Digital Line Detect.lnk = ?
O4 - Global Startup: Exif Launcher.lnk = ?
O4 - Global Startup: GetRight - Tray Icon.lnk = ?
O4 - Global Startup: Microsoft Office.lnk = C:\Programfiler\Microsoft Office\Office10\OSA.EXE
O8 - Extra context menu item: Download with GetRight - C:\Programfiler\GetRight\GRdownload.htm
O8 - Extra context menu item: E&ksporter til Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
O8 - Extra context menu item: Open with GetRight Browser - C:\Programfiler\GetRight\GRbrowse.htm
O8 - Extra context menu item: Save with Download Manager... - file://C:\Programfiler\J River\Media Center\DMDownload.htm
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programfiler\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programfiler\Messenger\msmsgs.exe
O16 - DPF: {0EB0E74A-2A76-4AB3-A7FB-9BD8C29F7F75} (CKAVWebScan Object) - http://www.kaspersky.com/kos/english/kavwebscan_unicode.cab
O16 - DPF: {2917297F-F02B-4B9D-81DF-494B6333150B} (Minesweeper Flags Class) - http://messenger.zone.msn.com/binary/MineSweeper.cab31267.cab
O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsClient.cab28578.cab
O23 - Service: Acronis Scheduler2 Service (AcrSch2Svc) - Acronis - C:\Programfiler\Fellesfiler\Acronis\Schedule2\schedul2.exe
O23 - Service: Automatisk LiveUpdate-planlegging - Symantec Corporation - C:\Programfiler\Symantec\LiveUpdate\ALUSchedulerSvc.exe
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Programfiler\Fellesfiler\Symantec Shared\ccEvtMgr.exe
O23 - Service: Symantec Network Proxy (ccProxy) - Symantec Corporation - C:\Programfiler\Fellesfiler\Symantec Shared\ccProxy.exe
O23 - Service: Symantec Password Validation (ccPwdSvc) - Symantec Corporation - C:\Programfiler\Fellesfiler\Symantec Shared\ccPwdSvc.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Programfiler\Fellesfiler\Symantec Shared\ccSetMgr.exe
O23 - Service: Creative Service for CDROM Access - Creative Technology Ltd - C:\WINDOWS\system32\CTsvcCDA.EXE
O23 - Service: DriveCrypt Service (DriveCryptService) - Unknown owner - C:\Programfiler\DriveCrypt\DcrServ.exe
O23 - Service: IMAPI CD-Burning COM Service (ImapiService) - Unknown owner - C:\WINDOWS\System32\ImapiRox.exe (file missing)
O23 - Service: ISSvc (ISSVC) - Symantec Corporation - C:\Programfiler\Norton Internet Security\ISSVC.exe
O23 - Service: LiveUpdate - Symantec Corporation - C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE
O23 - Service: Macromedia Licensing Service - Unknown owner - C:\Programfiler\Fellesfiler\Macromedia Shared\Service\Macromedia Licensing.exe
O23 - Service: Norton AntiVirus Auto-Protect-tjeneste (navapsvc) - Symantec Corporation - C:\Programfiler\Norton Internet Security\Norton AntiVirus\navapsvc.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: SAVScan - Symantec Corporation - C:\Programfiler\Norton Internet Security\Norton AntiVirus\SAVScan.exe
O23 - Service: ScriptBlocking Service (SBService) - Symantec Corporation - C:\PROGRA~1\FELLES~1\SYMANT~1\SCRIPT~1\SBServ.exe
O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Programfiler\Fellesfiler\Symantec Shared\SNDSrvc.exe
O23 - Service: Symantec SPBBCSvc (SPBBCSvc) - Symantec Corporation - C:\Programfiler\Fellesfiler\Symantec Shared\SPBBC\SPBBCSvc.exe
O23 - Service: Symantec Core LC - Symantec Corporation - C:\Programfiler\Fellesfiler\Symantec Shared\CCPD-LC\symlcsvc.exe
O23 - Service: SymWMI Service (SymWSC) - Symantec Corporation - C:\Programfiler\Fellesfiler\Symantec Shared\Security Center\SymWSC.exe

--
End of file - 10888 bytes

Hi PepMan

Please post kaspersky report next :)

Hi Shaba,
Here it is:

-------------------------------------------------------------------------------
KASPERSKY ONLINE SCANNER REPORT
Friday, December 28, 2007 10:45:48 PM
Operating System: Microsoft Windows XP Professional, Service Pack 2 (Build 2600)
Kaspersky Online Scanner version: 5.0.98.0
Kaspersky Anti-Virus database last update: 28/12/2007
Kaspersky Anti-Virus database records: 499066
-------------------------------------------------------------------------------

Scan Settings:
Scan using the following antivirus database: extended
Scan Archives: true
Scan Mail Bases: true

Scan Target - My Computer:
A:\
C:\
D:\
E:\
F:\
H:\

Scan Statistics:
Total number of scanned objects: 125330
Number of viruses found: 1
Number of infected objects: 2
Number of suspicious objects: 0
Duration of the scan process: 02:39:31

Infected Object Name / Virus Name / Last Action
C:\Diverse programmer\tightvnc-1.3.9-setup.exe/data0006 Infected: not-a-virus:RemoteAdmin.Win32.WinVNC.1370 skipped
C:\Diverse programmer\tightvnc-1.3.9-setup.exe Inno: infected - 1 skipped
C:\Documents and Settings\All Users\Programdata\Microsoft\Dr Watson\user.dmp Object is locked skipped
C:\Documents and Settings\All Users\Programdata\Symantec\Common Client\Confid.log Object is locked skipped
C:\Documents and Settings\All Users\Programdata\Symantec\Common Client\Content.log Object is locked skipped
C:\Documents and Settings\All Users\Programdata\Symantec\Common Client\Privacy.log Object is locked skipped
C:\Documents and Settings\All Users\Programdata\Symantec\Common Client\Restrict.log Object is locked skipped
C:\Documents and Settings\All Users\Programdata\Symantec\Common Client\settings.dat Object is locked skipped
C:\Documents and Settings\All Users\Programdata\Symantec\Common Client\WebHist.log Object is locked skipped
C:\Documents and Settings\All Users\Programdata\Symantec\LiveUpdate\2007-12-28_Log.ALUSchedulerSvc.LiveUpdate Object is locked skipped
C:\Documents and Settings\pep\Cookies\INDEX.DAT Object is locked skipped
C:\Documents and Settings\pep\Lokale innstillinger\Logg\History.IE5\INDEX.DAT Object is locked skipped
C:\Documents and Settings\pep\Lokale innstillinger\Programdata\Copernic\DesktopSearch\Index\MainChunk\Documents.dfd Object is locked skipped
C:\Documents and Settings\pep\Lokale innstillinger\Programdata\Copernic\DesktopSearch\Index\MainChunk\Documents.did Object is locked skipped
C:\Documents and Settings\pep\Lokale innstillinger\Programdata\Copernic\DesktopSearch\Index\MainChunk\Documents.dsd Object is locked skipped
C:\Documents and Settings\pep\Lokale innstillinger\Programdata\Copernic\DesktopSearch\Index\MainChunk\Keywords.kdb Object is locked skipped
C:\Documents and Settings\pep\Lokale innstillinger\Programdata\Copernic\DesktopSearch\Index\MainChunk\Keywords.kdl Object is locked skipped
C:\Documents and Settings\pep\Lokale innstillinger\Programdata\Copernic\DesktopSearch\Index\MainChunk\Keywords.kib Object is locked skipped
C:\Documents and Settings\pep\Lokale innstillinger\Programdata\Copernic\DesktopSearch\Index\MainChunk\Keywords.kpf Object is locked skipped
C:\Documents and Settings\pep\Lokale innstillinger\Programdata\Copernic\DesktopSearch\Index\MainChunk\Keywords.ksb Object is locked skipped
C:\Documents and Settings\pep\Lokale innstillinger\Programdata\Microsoft\Windows\UsrClass.dat Object is locked skipped
C:\Documents and Settings\pep\Lokale innstillinger\Programdata\Microsoft\Windows\UsrClass.dat.LOG Object is locked skipped
C:\Documents and Settings\pep\Lokale innstillinger\Temp\Perflib_Perfdata_d04.dat Object is locked skipped
C:\Documents and Settings\pep\Lokale innstillinger\Temporary Internet Files\Content.IE5\index.dat Object is locked skipped
C:\Documents and Settings\pep\NTUSER.DAT Object is locked skipped
C:\Documents and Settings\pep\ntuser.dat.LOG Object is locked skipped
C:\Documents and Settings\LocalService\Cookies\INDEX.DAT Object is locked skipped
C:\Documents and Settings\LocalService\Lokale innstillinger\Logg\History.IE5\INDEX.DAT Object is locked skipped
C:\Documents and Settings\LocalService\Lokale innstillinger\Programdata\Microsoft\Windows\UsrClass.dat Object is locked skipped
C:\Documents and Settings\LocalService\Lokale innstillinger\Programdata\Microsoft\Windows\UsrClass.dat.LOG Object is locked skipped
C:\Documents and Settings\LocalService\Lokale innstillinger\Temp\Cookies\index.dat Object is locked skipped
C:\Documents and Settings\LocalService\Lokale innstillinger\Temp\Logg\History.IE5\index.dat Object is locked skipped
C:\Documents and Settings\LocalService\Lokale innstillinger\Temp\Temporary Internet Files\Content.IE5\index.dat Object is locked skipped
C:\Documents and Settings\LocalService\Lokale innstillinger\Temporary Internet Files\Content.IE5\INDEX.DAT Object is locked skipped
C:\Documents and Settings\LocalService\NTUSER.DAT Object is locked skipped
C:\Documents and Settings\LocalService\ntuser.dat.LOG Object is locked skipped
C:\Documents and Settings\NetworkService\Lokale innstillinger\Programdata\Microsoft\Windows\UsrClass.dat Object is locked skipped
C:\Documents and Settings\NetworkService\Lokale innstillinger\Programdata\Microsoft\Windows\UsrClass.dat.LOG Object is locked skipped
C:\Documents and Settings\NetworkService\NTUSER.DAT Object is locked skipped
C:\Documents and Settings\NetworkService\ntuser.dat.LOG Object is locked skipped
C:\Programfiler\BOINC\projects\climateprediction.net\hadcm3inct_cmcx_1920_160_35869181\datain\ancil\basin.index Object is locked skipped
C:\Programfiler\BOINC\projects\climateprediction.net\hadcm3inct_cmcx_1920_160_35869181\jobs\yafbg.PRESM_O Object is locked skipped
C:\Programfiler\BOINC\projects\climateprediction.net\hadcm3inct_cmcx_1920_160_35869181\stdout_um.txt Object is locked skipped
C:\Programfiler\BOINC\projects\climateprediction.net\hadcm3inct_cmcx_1920_160_35869181\stdout_um2.txt Object is locked skipped
C:\Programfiler\BOINC\projects\climateprediction.net\hadcm3inct_cmcx_1920_160_35869181\stdout_um4.txt Object is locked skipped
C:\Programfiler\BOINC\projects\climateprediction.net\hadcm3inct_cmcx_1920_160_35869181\tmp\pipe_dummy Object is locked skipped
C:\Programfiler\BOINC\slots\0\boinc_lockfile Object is locked skipped
C:\Programfiler\BOINC\slots\0\stderr.txt Object is locked skipped
C:\Programfiler\BOINC\stderrdae.txt Object is locked skipped
C:\Programfiler\BOINC\stderrgui.txt Object is locked skipped
C:\Programfiler\BOINC\stdoutdae.txt Object is locked skipped
C:\Programfiler\BOINC\stdoutgui.txt Object is locked skipped
C:\Programfiler\Fellesfiler\Symantec Shared\AntiSpam\Log\Spam.log Object is locked skipped
C:\Programfiler\Fellesfiler\Symantec Shared\CCPD-LC\symlcrst.dll Object is locked skipped
C:\Programfiler\Fellesfiler\Symantec Shared\SNDALRT.log Object is locked skipped
C:\Programfiler\Fellesfiler\Symantec Shared\SNDCON.log Object is locked skipped
C:\Programfiler\Fellesfiler\Symantec Shared\SNDDBG.log Object is locked skipped
C:\Programfiler\Fellesfiler\Symantec Shared\SNDFW.log Object is locked skipped
C:\Programfiler\Fellesfiler\Symantec Shared\SNDIDS.log Object is locked skipped
C:\Programfiler\Fellesfiler\Symantec Shared\SNDSYS.log Object is locked skipped
C:\Programfiler\Fellesfiler\Symantec Shared\SPBBC\LOGS\BBConfig.log Object is locked skipped
C:\Programfiler\Fellesfiler\Symantec Shared\SPBBC\LOGS\BBDebug.log Object is locked skipped
C:\Programfiler\Fellesfiler\Symantec Shared\SPBBC\LOGS\BBDetect.log Object is locked skipped
C:\Programfiler\Fellesfiler\Symantec Shared\SPBBC\LOGS\BBNotify.log Object is locked skipped
C:\Programfiler\Fellesfiler\Symantec Shared\SPBBC\LOGS\BBRefr.log Object is locked skipped
C:\Programfiler\Fellesfiler\Symantec Shared\SPBBC\LOGS\BBSetCfg.log Object is locked skipped
C:\Programfiler\Fellesfiler\Symantec Shared\SPBBC\LOGS\BBSetDev.log Object is locked skipped
C:\Programfiler\Fellesfiler\Symantec Shared\SPBBC\LOGS\BBSetLoc.log Object is locked skipped
C:\Programfiler\Fellesfiler\Symantec Shared\SPBBC\LOGS\BBSetUsr.log Object is locked skipped
C:\Programfiler\Fellesfiler\Symantec Shared\SPBBC\LOGS\BBStHash.log Object is locked skipped
C:\Programfiler\Fellesfiler\Symantec Shared\SPBBC\LOGS\BBStMSI.log Object is locked skipped
C:\Programfiler\Fellesfiler\Symantec Shared\SPBBC\LOGS\BBValid.log Object is locked skipped
C:\Programfiler\Fellesfiler\Symantec Shared\SPBBC\LOGS\SPPolicy.log Object is locked skipped
C:\Programfiler\Fellesfiler\Symantec Shared\SPBBC\LOGS\SPStart.log Object is locked skipped
C:\Programfiler\Fellesfiler\Symantec Shared\SPBBC\LOGS\SPStop.log Object is locked skipped
C:\Programfiler\Norton Internet Security\Norton AntiVirus\AVApp.log Object is locked skipped
C:\Programfiler\Norton Internet Security\Norton AntiVirus\AVError.log Object is locked skipped
C:\Programfiler\Norton Internet Security\Norton AntiVirus\AVVirus.log Object is locked skipped
C:\Programfiler\Norton Internet Security\Norton AntiVirus\Savrt\0505NAV~.TMP Object is locked skipped
C:\Programfiler\Norton Internet Security\Norton AntiVirus\Savrt\0990NAV~.TMP Object is locked skipped
C:\System Volume Information\_restore{AF232103-DF38-448F-AB80-E4FDD9904450}\RP1796\change.log Object is locked skipped
C:\WINDOWS\CSC\00000001 Object is locked skipped
C:\WINDOWS\Debug\PASSWD.LOG Object is locked skipped
C:\WINDOWS\SchedLgU.Txt Object is locked skipped
C:\WINDOWS\SoftwareDistribution\EventCache\{350DCFA2-B87A-4864-B432-41181F0A2B7B}.bin Object is locked skipped
C:\WINDOWS\SoftwareDistribution\ReportingEvents.log Object is locked skipped
C:\WINDOWS\Sti_Trace.log Object is locked skipped
C:\WINDOWS\SYSTEM32\CatRoot2\edb.log Object is locked skipped
C:\WINDOWS\SYSTEM32\CatRoot2\tmp.edb Object is locked skipped
C:\WINDOWS\SYSTEM32\CONFIG\AppEvent.Evt Object is locked skipped
C:\WINDOWS\SYSTEM32\CONFIG\DEFAULT Object is locked skipped
C:\WINDOWS\SYSTEM32\CONFIG\DEFAULT.LOG Object is locked skipped
C:\WINDOWS\SYSTEM32\CONFIG\SAM Object is locked skipped
C:\WINDOWS\SYSTEM32\CONFIG\SAM.LOG Object is locked skipped
C:\WINDOWS\SYSTEM32\CONFIG\SecEvent.Evt Object is locked skipped
C:\WINDOWS\SYSTEM32\CONFIG\SECURITY Object is locked skipped
C:\WINDOWS\SYSTEM32\CONFIG\SECURITY.LOG Object is locked skipped
C:\WINDOWS\SYSTEM32\CONFIG\SOFTWARE Object is locked skipped
C:\WINDOWS\SYSTEM32\CONFIG\SOFTWARE.LOG Object is locked skipped
C:\WINDOWS\SYSTEM32\CONFIG\SysEvent.Evt Object is locked skipped
C:\WINDOWS\SYSTEM32\CONFIG\SYSTEM Object is locked skipped
C:\WINDOWS\SYSTEM32\CONFIG\SYSTEM.LOG Object is locked skipped
C:\WINDOWS\SYSTEM32\H323LOG.TXT Object is locked skipped
C:\WINDOWS\SYSTEM32\WBEM\Repository\FS\INDEX.BTR Object is locked skipped
C:\WINDOWS\SYSTEM32\WBEM\Repository\FS\INDEX.MAP Object is locked skipped
C:\WINDOWS\SYSTEM32\WBEM\Repository\FS\MAPPING.VER Object is locked skipped
C:\WINDOWS\SYSTEM32\WBEM\Repository\FS\MAPPING1.MAP Object is locked skipped
C:\WINDOWS\SYSTEM32\WBEM\Repository\FS\MAPPING2.MAP Object is locked skipped
C:\WINDOWS\SYSTEM32\WBEM\Repository\FS\OBJECTS.DATA Object is locked skipped
C:\WINDOWS\SYSTEM32\WBEM\Repository\FS\OBJECTS.MAP Object is locked skipped
C:\WINDOWS\WIADEBUG.LOG Object is locked skipped
C:\WINDOWS\WIASERVC.LOG Object is locked skipped
C:\WINDOWS\WindowsUpdate.log Object is locked skipped
F:\System Volume Information\MountPointManagerRemoteDatabase Object is locked skipped
H:\System Volume Information\MountPointManagerRemoteDatabase Object is locked skipped

Scan process completed.

Hi

Nothing bad there.

Please re-scan with spybot and post back if it finds something :)

That's great news. A new scan with Spybot found nothing except for three tracking cookies: DoubleClick, Tradedoubler and WebTrends live. I guess these are not serious threats? I just fix tracking cookies like these whenever I run a Spybot scan.

May I just ask what the item identified by Kaspersky as a virus actually is? Thanks.

Hi

" That's great news. A new scan with Spybot found nothing except for three tracking cookies: DoubleClick, Tradedoubler and WebTrends live. I guess these are not serious threats? I just fix tracking cookies like these whenever I run a Spybot scan."

No they are not.

See here (http://www.spybot.info/en/faq/37.html)

"May I just ask what the item identified by Kaspersky as a virus actually is?"

It's VNC program, link (http://www.tightvnc.com/)

Malware can used them too but that one is just a setup, not even installed program :)

Any other issues?

Thanks Shaba, that should do it. No further questions. :)

Thank you so much for your help.

Hi

Then here comes tips for the future:

Now that you are clean, please follow these simple steps in order to keep your computer clean and secure:

Make your Internet Explorer more secure - This can be done by following these simple instructions:
From within Internet Explorer click on the Tools menu and then click on Options.
Click once on the Security tab
Click once on the Internet icon so it becomes highlighted.
Click once on the Custom Level button.
Change the Download signed ActiveX controls to Prompt

Change the Download unsigned ActiveX controls to Disable

Change the Initialize and script ActiveX controls not marked as safe to Disable

Change the Installation of desktop items to Prompt

Change the Launching programs and files in an IFRAME to Prompt

Change the Navigate sub-frames across different domains to Prompt

When all these settings have been made, click on the OK button.

If it prompts you as to whether or not you want to save the settings, press the Yes button.
Next press the Apply button and then the OK to exit the Internet Properties page.

Update your AntiVirus Software - It is imperitive that you update your Antivirus software at least once a week (Even more if you wish). If you do not update your antivirus software then it will not be able to catch any of the new variants that may come out.


Visit Microsoft's Windows Update Site Frequently - It is important that you visit http://www.windowsupdate.com (http://www.windowsupdate.com) regularly. This will ensure your computer has always the latest security updates available installed on your computer. If there are new updates to install, install them immediately, reboot your computer, and revisit the site until there are no more critical updates.


Install Ad-Aware - Install and download Ad-Aware. You should also scan your computer with program on a regular basis just as you would an antivirus software in conjunction with Spybot.

A tutorial on installing & using this product can be found here:

Using Ad-aware 2007 to remove Spyware, Malware, & Hijackers from Your Computer (http://www.bleepingcomputer.com/forums/?showtutorial=48)

Install SpywareBlaster - SpywareBlaster will added a large list of programs and sites into your Internet Explorer settings that will protect you from running and downloading known malicious programs.

A tutorial on installing & using this product can be found here:

Using SpywareBlaster to protect your computer from Spyware and Malware (http://www.bleepingcomputer.com/tutorials/tutorial49.html)


Update all these programs regularly - Make sure you update all the programs I have listed regularly. Without regular updates you WILL NOT be protected when new malicious programs are released.
Follow this list and your potential for being infected again will reduce dramatically.

Here are some additional utilities that will enhance your safety

MVPS Hosts file (http://mvps.org/winhelp2002/hosts.htm) <= The MVPS Hosts file replaces your current HOSTS file with one containing well know ad sites etc. Basically, this prevents your computer from connecting to those sites by redirecting them to 127.0.0.1 which is your local computer
Google Toolbar (http://toolbar.google.com/) <= Get the free google toolbar to help stop pop up windows.
Comodo BOCLEAN (http://www.comodo.com/boclean/boclean.html) <= Stop identity thieves from getting personal information. Instantly detects well over 1,000,000 unique, variant and repack malware in total. And it's free.
Winpatrol (http://www.winpatrol.com/) <= Download and install the free version of Winpatrol. a tutorial for this product is located here:
Using Winpatrol to protect your computer from malicious software (http://www.winpatrol.com/features.html)

Stand Up and Be Counted ---> Malware Complaints (http://www.malwarecomplaints.info/index.php) <--- where you can make difference!

The site offers people who have been (or are) victims of malware the opportunity to document their story and, in that way, launch a complaint against the malware and the makers of the malware.

Also, please read this great article by Tony Klein So How Did I Get Infected In First Place (http://castlecops.com/postlite7736-.html)

Happy surfing and stay clean! :bigthumb:

Since this issue appears resolved ... this Topic is closed. Glad I could help.

If you need this topic reopened, please request this by sending the moderating team
a PM with the address of the thread. This applies only to the original topic starter.

Everyone else please begin a New Topic.