WinAntiSpyware Alert

OK Scott, Kaspersky says they are there, so they are probably there. You may be able to delete them in normal mode, if not boot to safe mode and do it. Be careful, here is the list:

Most are files and a few are folder, I will code them in red for you.

C:\WINDOWS\$NtUninstallKB912812$\wininet.dll Infected
C:\WINDOWS\amwnmdo.exe
C:\WINDOWS\bawiabh.exe
C:\WINDOWS\sysrlb32.exe Infected: Trojan.Win32.VB.azo skipped
C:\WINDOWS\SYSTEM32\akgrheli.dll Infected: Trojan-Spy.Win32.Agent.kg skipped
C:\WINDOWS\SYSTEM32\aoihiqmt.exe Infected: Trojan.Win32.Agent.ny skipped
C:\WINDOWS\SYSTEM32\auqdytrh.dll Infected: Trojan-Spy.Win32.Agent.kg skipped
C:\WINDOWS\SYSTEM32\b10FdUe\b10FdUe1099.exe Infected: Trojan-Downloader.Win32.VB.awj skipped
C:\WINDOWS\SYSTEM32\bnsadwli.dll Infected: Trojan-Spy.Win32.Agent.kg skipped
C:\WINDOWS\SYSTEM32\bopjqxue.dll Infected: Trojan-Spy.Win32.Agent.kg skipped
C:\WINDOWS\SYSTEM32\bpwhtooe.dll Infected: Trojan-Spy.Win32.Agent.kg skipped
C:\WINDOWS\SYSTEM32\brikjfsn.dll Infected: Trojan-Spy.Win32.Agent.kg skipped
C:\WINDOWS\SYSTEM32\btyjrwql.dll Infected: Trojan-Spy.Win32.Agent.kg skipped
C:\WINDOWS\SYSTEM32\buptabwn.dll Infected: Trojan-Spy.Win32.Agent.kg skipped
C:\WINDOWS\SYSTEM32\cawlmpct.dll Infected: Trojan-Spy.Win32.Agent.kg skipped
C:\WINDOWS\SYSTEM32\ccyjucrr.dll Infected: Trojan-Spy.Win32.Agent.kg skipped
C:\WINDOWS\SYSTEM32\cgrqgnot.dll Infected: Trojan-Spy.Win32.Agent.kg skipped
C:\WINDOWS\SYSTEM32\chillwjn.dll Infected: Trojan-Spy.Win32.Agent.kg skipped
C:\WINDOWS\SYSTEM32\cktofrji.dll Infected: Trojan-Spy.Win32.Agent.kg skipped
C:\WINDOWS\SYSTEM32\coqxdpuq.dll Infected: Trojan-Spy.Win32.Agent.kg skipped
C:\WINDOWS\SYSTEM32\cxnykxtk.dll Infected: Trojan-Spy.Win32.Agent.kg skipped
C:\WINDOWS\SYSTEM32\cyykwmes.dll Infected: Trojan-Spy.Win32.Agent.kg skipped
C:\WINDOWS\SYSTEM32\dfewjtnt.dll Infected: Trojan-Spy.Win32.Agent.kg skipped
C:\WINDOWS\SYSTEM32\djajvmsg.dll Infected: Trojan-Spy.Win32.Agent.kg skipped
C:\WINDOWS\SYSTEM32\dliwswvw.dll Infected: Trojan-Spy.Win32.Agent.kg skipped
C:\WINDOWS\SYSTEM32\duwqkpoh.dll Infected: Trojan-Spy.Win32.Agent.kg skipped
C:\WINDOWS\SYSTEM32\eflnoybc.exe Infected: Trojan.Win32.Agent.ny skipped
C:\WINDOWS\SYSTEM32\eslfcnux.dll Infected: Trojan-Spy.Win32.Agent.kg skipped
C:\WINDOWS\SYSTEM32\fcyiykrc.dll Infected: Trojan-Spy.Win32.Agent.kg skipped
C:\WINDOWS\SYSTEM32\fgaaidgb.dll Infected: Trojan-Spy.Win32.Agent.kg skipped
C:\WINDOWS\SYSTEM32\fidhldsn.dll Infected: Trojan-Spy.Win32.Agent.kg skipped
C:\WINDOWS\SYSTEM32\fnostvjv.dll Infected: Trojan-Spy.Win32.Agent.kg skipped
C:\WINDOWS\SYSTEM32\fpvpefiv.dll Infected: Trojan-Spy.Win32.Agent.kg skipped
C:\WINDOWS\SYSTEM32\fyreulea.dll Infected: Trojan-Spy.Win32.Agent.kg skipped
C:\WINDOWS\SYSTEM32\gebyx.dll Infected: Trojan-Downloader.Win32.Agent.yf skipped
C:\WINDOWS\SYSTEM32\geofxaou.dll Infected: Trojan-Spy.Win32.Agent.kg skipped
C:\WINDOWS\SYSTEM32\gmciduwm.dll Infected: Trojan-Spy.Win32.Agent.kg skipped
C:\WINDOWS\SYSTEM32\gnfylqgk.dll Infected: Trojan-Spy.Win32.Agent.kg skipped
C:\WINDOWS\SYSTEM32\gpdvrlbd.dll Infected: Trojan-Spy.Win32.Agent.kg skipped
C:\WINDOWS\SYSTEM32\gwabwkog.dll Infected: Trojan-Spy.Win32.Agent.kg skipped
C:\WINDOWS\SYSTEM32\hbekrkrm.dll Infected: Trojan-Spy.Win32.Agent.kg skipped
C:\WINDOWS\SYSTEM32\hgkjamal.dll Infected: Trojan-Spy.Win32.Agent.kg skipped
C:\WINDOWS\SYSTEM32\hyibrkvy.dll Infected: Trojan-Spy.Win32.Agent.kg skipped
C:\WINDOWS\SYSTEM32\ipfncxkk.dll Infected: Trojan-Spy.Win32.Agent.kg skipped
C:\WINDOWS\SYSTEM32\ipnoihep.dll Infected: Trojan-Spy.Win32.Agent.kg skipped
C:\WINDOWS\SYSTEM32\isymtnle.dll Infected: Trojan-Spy.Win32.Agent.kg skipped
C:\WINDOWS\SYSTEM32\jfoixhwm.dll Infected: Trojan-Spy.Win32.Agent.kg skipped
C:\WINDOWS\SYSTEM32\jfutatme.dll Infected: Trojan-Spy.Win32.Agent.kg skipped
C:\WINDOWS\SYSTEM32\jlmamssm.exe Infected: Trojan.Win32.Agent.ny skipped
C:\WINDOWS\SYSTEM32\jncqaufc.dll Infected: Trojan-Spy.Win32.Agent.kg skipped
C:\WINDOWS\SYSTEM32\joeefpls.exe Infected: Trojan.Win32.Agent.ny skipped
C:\WINDOWS\SYSTEM32\jqxxddxw.dll Infected: Trojan-Spy.Win32.Agent.kg skipped
C:\WINDOWS\SYSTEM32\kapmdxnx.dll Infected: Trojan-Spy.Win32.Agent.kg skipped
C:\WINDOWS\SYSTEM32\kdvqecpy.dll Infected: Trojan-Spy.Win32.Agent.kg skipped
C:\WINDOWS\SYSTEM32\keifummk.dll Infected: Trojan-Spy.Win32.Agent.kg skipped
C:\WINDOWS\SYSTEM32\kswmuqwu.dll Infected: Trojan-Spy.Win32.Agent.kg skipped
C:\WINDOWS\SYSTEM32\lubxtbio.dll Infected: Trojan-Spy.Win32.Agent.kg skipped
C:\WINDOWS\SYSTEM32\lvonpxjs.dll Infected: Trojan-Spy.Win32.Agent.kg skipped
C:\WINDOWS\SYSTEM32\lwlfdpul.dll Infected: Trojan-Spy.Win32.Agent.kg skipped
C:\WINDOWS\SYSTEM32\mbvveqwj.dll Infected: Trojan-Spy.Win32.Agent.kg skipped
C:\WINDOWS\SYSTEM32\miqfahst.dll Infected: Trojan-Spy.Win32.Agent.kg skipped
C:\WINDOWS\SYSTEM32\msorcl32.exe Infected: not-virus:Hoax.Win32.Renos.fn skipped
C:\WINDOWS\SYSTEM32\mywkephx.dll Infected: Trojan-Spy.Win32.Agent.kg skipped
C:\WINDOWS\SYSTEM32\negojtsf.dll Infected: Trojan-Spy.Win32.Agent.kg skipped
C:\WINDOWS\SYSTEM32\nnjfkmkk.dll Infected: Trojan-Spy.Win32.Agent.kg skipped
C:\WINDOWS\SYSTEM32\nqdikcji.dll Infected: Trojan-Spy.Win32.Agent.kg skipped
C:\WINDOWS\SYSTEM32\ohktwoxn.exe Infected: Trojan.Win32.Agent.ny skipped
C:\WINDOWS\SYSTEM32\oiqexdpy.dll Infected: Trojan-Spy.Win32.Agent.kg skipped
C:\WINDOWS\SYSTEM32\omeoobnp.dll Infected: Trojan-Spy.Win32.Agent.kg skipped
C:\WINDOWS\SYSTEM32\omrkvupf.dll Infected: Trojan-Spy.Win32.Agent.kg skipped
C:\WINDOWS\SYSTEM32\oqdjudnt.dll Infected: Trojan-Spy.Win32.Agent.kg skipped
C:\WINDOWS\SYSTEM32\peggordo.dll Infected: Trojan-Spy.Win32.Agent.kg skipped
C:\WINDOWS\SYSTEM32\pjwokpdy.dll Infected: Trojan-Spy.Win32.Agent.kg skipped
C:\WINDOWS\SYSTEM32\pjxaappc.dll Infected: Trojan-Spy.Win32.Agent.kg skipped
C:\WINDOWS\SYSTEM32\qegfrkpq.dll Infected: Trojan-Spy.Win32.Agent.kg skipped
C:\WINDOWS\SYSTEM32\qmeulast.dll Infected: Trojan-Spy.Win32.Agent.kg skipped
C:\WINDOWS\SYSTEM32\qmjloadd.dll Infected: Packed.Win32.Klone.j skipped
C:\WINDOWS\SYSTEM32\qmucwpjx.dll Infected: Trojan-Spy.Win32.Agent.kg skipped
C:\WINDOWS\SYSTEM32\qvggbvxa.dll Infected: Trojan-Spy.Win32.Agent.kg skipped
C:\WINDOWS\SYSTEM32\reidwmiw.dll Infected: Trojan-Spy.Win32.Agent.kg skipped
C:\WINDOWS\SYSTEM32\rrbaoihg.dll Infected: Trojan-Spy.Win32.Agent.kg skipped
C:\WINDOWS\SYSTEM32\rrhxyjwa.dll Infected: Trojan-Spy.Win32.Agent.kg skipped
C:\WINDOWS\SYSTEM32\rutmngdp.exe Infected: Trojan.Win32.Agent.ny skipped
C:\WINDOWS\SYSTEM32\sbjvlpvo.dll Infected: Trojan-Spy.Win32.Agent.kg skipped
C:\WINDOWS\SYSTEM32\stpohvji.dll Infected: Trojan-Spy.Win32.Agent.kg skipped
C:\WINDOWS\SYSTEM32\swjoepgl.dll Infected: Trojan-Spy.Win32.Agent.kg skipped
C:\WINDOWS\SYSTEM32\syuqbyfc.dll Infected: Trojan-Spy.Win32.Agent.kg skipped
C:\WINDOWS\SYSTEM32\T1QaSQ\T1QaSQ1065.exe Infected: Trojan-Downloader.Win32.VB.awj skipped
C:\WINDOWS\SYSTEM32\T6\amwr.exe Infected: Trojan-Downloader.Win32.Agent.brf skipped
C:\WINDOWS\SYSTEM32\T9\zn531.exe Infected: Trojan-Dropper.Win32.Agent.mu skipped
C:\WINDOWS\SYSTEM32\tkdwsenn.dll Infected: Trojan-Spy.Win32.Agent.kg skipped
C:\WINDOWS\SYSTEM32\tklabfcm.dll Infected: Trojan-Spy.Win32.Agent.kg skipped
C:\WINDOWS\SYSTEM32\tkwwukqb.dll Infected: Trojan-Spy.Win32.Agent.kg skipped
C:\WINDOWS\SYSTEM32\tmrsrv32.exe Infected: Trojan-Downloader.Win32.VB.avl skipped
C:\WINDOWS\SYSTEM32\TQ0\am52.exe Infected: Trojan-Dropper.Win32.Agent.mu skipped
C:\WINDOWS\SYSTEM32\twiykbek.dll Infected: Trojan-Spy.Win32.Agent.kg skipped
C:\WINDOWS\SYSTEM32\uenlnlbp.dll Infected: Trojan-Spy.Win32.Agent.kg skipped
C:\WINDOWS\SYSTEM32\ugfgpkev.dll Infected: Trojan-Spy.Win32.Agent.kg skipped
C:\WINDOWS\SYSTEM32\unnthjlq.dll Infected: Trojan-Spy.Win32.Agent.kg skipped
C:\WINDOWS\SYSTEM32\uxrfgjyy.exe Infected: Trojan.Win32.Agent.ny skipped
C:\WINDOWS\SYSTEM32\vrjrxwsc.dll Infected: Trojan-Spy.Win32.Agent.kg skipped
C:\WINDOWS\SYSTEM32\vulwtcwu.dll Infected: Trojan-Spy.Win32.Agent.kg skipped
C:\WINDOWS\SYSTEM32\vxruhqlb.dll Infected: Trojan-Spy.Win32.Agent.kg skipped
C:\WINDOWS\SYSTEM32\wamadunj.dll Infected: Trojan-Spy.Win32.Agent.kg skipped
C:\WINDOWS\SYSTEM32\wemlwfev.dll Infected: Trojan-Spy.Win32.Agent.kg skipped
C:\WINDOWS\SYSTEM32\wllqgmet.dll Infected: Trojan-Spy.Win32.Agent.kg skipped
C:\WINDOWS\SYSTEM32\wvomxeoy.dll Infected: Trojan-Spy.Win32.Agent.kg skipped
C:\WINDOWS\SYSTEM32\xaerqedq.dll Infected: Trojan-Spy.Win32.Agent.kg skipped
C:\WINDOWS\SYSTEM32\xwaqyefs.dll Infected: Trojan-Spy.Win32.Agent.kg skipped
C:\WINDOWS\SYSTEM32\xysegugt.dll Infected: Trojan-Spy.Win32.Agent.kg skipped
C:\WINDOWS\SYSTEM32\yblimier.dll Infected: Trojan-Spy.Win32.Agent.kg skipped

Quite a mess of them, Kaspersky at least alphabetized them for you. Be careful not to delete any valid files, take your time. You should be able to highlite multiples and delete many at once, by holding down the shift key.

Restart and send a new Kaspersky report.

Thanks...Phil
 
Last edited:
Hi, I deleted the files and folders you highlighted. Here is the Kapersky. Thanks.

-------------------------------------------------------------------------------
KASPERSKY ONLINE SCANNER REPORT
Wednesday, July 18, 2007 4:49:35 PM
Operating System: Microsoft Windows XP Professional, Service Pack 2 (Build 2600)
Kaspersky Online Scanner version: 5.0.93.0
Kaspersky Anti-Virus database last update: 18/07/2007
Kaspersky Anti-Virus database records: 342405
-------------------------------------------------------------------------------

Scan Settings:
Scan using the following antivirus database: standard
Scan Archives: true
Scan Mail Bases: true

Scan Target - My Computer:
C:\
D:\

Scan Statistics:
Total number of scanned objects: 75754
Number of viruses found: 12
Number of infected objects: 116
Number of suspicious objects: 0
Duration of the scan process: 00:49:13

Infected Object Name / Virus Name / Last Action
C:\Documents and Settings\All Users\Application Data\Microsoft\Crypto\RSA\MachineKeys\3ad391678a806ec4d691e83aaa393b6f_5b150187-0f05-4c72-917c-77c8e6964ac4 Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Microsoft\Crypto\RSA\MachineKeys\a0cb2472c99f005c6126760533c20ac5_5b150187-0f05-4c72-917c-77c8e6964ac4 Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Microsoft\eHome\LOGS\ehRecvr.log Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Microsoft\Windows Defender\Support\MPLog-06032007-112645.log Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Prevx\LDB_EV-00.dat Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Prevx\LDB_EV-Index.dat Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Prevx\LDB_FP-00.dat Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Prevx\LDB_FP-01.dat Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Prevx\LDB_FP-02.dat Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Prevx\LDB_FP-03.dat Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Prevx\LDB_FP-Index.dat Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Prevx\LDB_GX-00.dat Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Prevx\LDB_GX-01.dat Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Prevx\LDB_GX-02.dat Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Prevx\LDB_GX-Index.dat Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Prevx\LDB_PX-00.dat Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Prevx\LDB_PX-01.dat Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Prevx\LDB_PX-02.dat Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Prevx\LDB_PX-03.dat Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Prevx\LDB_PX-Index.dat Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Prevx\LDB_RG-00.dat Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Prevx\LDB_RG-Index.dat Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Prevx\LDB_TG-00.dat Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Prevx\LDB_TG-Index.dat Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Prevx\LDB_VX-00.dat Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Prevx\LDB_VX-Index.dat Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Prevx\Local.dat Object is locked skipped
C:\Documents and Settings\LocalService\Cookies\index.dat Object is locked skipped
C:\Documents and Settings\LocalService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat Object is locked skipped
C:\Documents and Settings\LocalService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat.LOG Object is locked skipped
C:\Documents and Settings\LocalService\Local Settings\History\History.IE5\INDEX.DAT Object is locked skipped
C:\Documents and Settings\LocalService\Local Settings\Temporary Internet Files\Content.IE5\index.dat Object is locked skipped
C:\Documents and Settings\LocalService\NTUSER.DAT Object is locked skipped
C:\Documents and Settings\LocalService\ntuser.dat.LOG Object is locked skipped
C:\Documents and Settings\NetworkService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat Object is locked skipped
C:\Documents and Settings\NetworkService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat.LOG Object is locked skipped
C:\Documents and Settings\NetworkService\NTUSER.DAT Object is locked skipped
C:\Documents and Settings\NetworkService\ntuser.dat.LOG Object is locked skipped
C:\Documents and Settings\Scott\Application Data\Prevx\proc.cat Object is locked skipped
C:\Documents and Settings\Scott\Cookies\index.dat Object is locked skipped
C:\Documents and Settings\Scott\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat Object is locked skipped
C:\Documents and Settings\Scott\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat.LOG Object is locked skipped
C:\Documents and Settings\Scott\Local Settings\Application Data\Microsoft\Windows Defender\FileTracker\{4ED88F4D-8675-4508-876A-2208AE4ABDD5} Object is locked skipped
C:\Documents and Settings\Scott\Local Settings\Application Data\Musicmatch\Jukebox\mmjbaltlog.txt Object is locked skipped
C:\Documents and Settings\Scott\Local Settings\Application Data\Musicmatch\Jukebox\mmjblog.txt Object is locked skipped
C:\Documents and Settings\Scott\Local Settings\Application Data\Musicmatch\MIM\Database\Default.ldb Object is locked skipped
C:\Documents and Settings\Scott\Local Settings\Application Data\Musicmatch\MIM\Database\Default.mdb Object is locked skipped
C:\Documents and Settings\Scott\Local Settings\History\History.IE5\INDEX.DAT Object is locked skipped
C:\Documents and Settings\Scott\Local Settings\History\History.IE5\MSHist012007071820070719\index.dat Object is locked skipped
C:\Documents and Settings\Scott\Local Settings\Temp\JETEF3D.tmp Object is locked skipped
C:\Documents and Settings\Scott\Local Settings\Temp\Perflib_Perfdata_e20.dat Object is locked skipped
C:\Documents and Settings\Scott\Local Settings\Temporary Internet Files\Content.IE5\index.dat Object is locked skipped
C:\Documents and Settings\Scott\NTUSER.DAT Object is locked skipped
C:\Documents and Settings\Scott\ntuser.dat.LOG Object is locked skipped
C:\Program Files\NetZero\BootExceptions.log Object is locked skipped
C:\Program Files\NetZero\ExecExceptions.log Object is locked skipped
C:\Program Files\NetZero\IspDblog.txt Object is locked skipped
C:\Program Files\NetZero\MainExceptions.log Object is locked skipped
C:\Program Files\Prevx2\lclbrk.cache Object is locked skipped
C:\Program Files\Prevx2\log\px-log.txt Object is locked skipped
C:\Program Files\Prevx2\paws.cache Object is locked skipped
C:\Program Files\Prevx2\prevx.cache Object is locked skipped
C:\System Volume Information\MountPointManagerRemoteDatabase Object is locked skipped
C:\System Volume Information\_restore{3DBD88D2-9FFC-498B-A689-A4771362F918}\RP653\A0043124.dll Infected: Packed.Win32.Klone.j skipped
C:\System Volume Information\_restore{3DBD88D2-9FFC-498B-A689-A4771362F918}\RP653\A0043126.dll Infected: Trojan-Downloader.Win32.VB.apq skipped
C:\System Volume Information\_restore{3DBD88D2-9FFC-498B-A689-A4771362F918}\RP653\A0043129.dll Infected: Packed.Win32.Klone.j skipped
C:\System Volume Information\_restore{3DBD88D2-9FFC-498B-A689-A4771362F918}\RP653\A0043130.dll Infected: Packed.Win32.Klone.j skipped
C:\System Volume Information\_restore{3DBD88D2-9FFC-498B-A689-A4771362F918}\RP653\A0043131.dll Infected: Packed.Win32.Klone.j skipped
C:\System Volume Information\_restore{3DBD88D2-9FFC-498B-A689-A4771362F918}\RP654\A0043159.exe Infected: Trojan-Downloader.Win32.VB.avl skipped
C:\System Volume Information\_restore{3DBD88D2-9FFC-498B-A689-A4771362F918}\RP657\A0043218.exe Infected: Trojan-Dropper.Win32.Agent.mu skipped
C:\System Volume Information\_restore{3DBD88D2-9FFC-498B-A689-A4771362F918}\RP657\A0043219.dll Infected: Trojan-Spy.Win32.Agent.kg skipped
C:\System Volume Information\_restore{3DBD88D2-9FFC-498B-A689-A4771362F918}\RP657\A0043220.dll Infected: Trojan-Spy.Win32.Agent.kg skipped
C:\System Volume Information\_restore{3DBD88D2-9FFC-498B-A689-A4771362F918}\RP657\A0043221.dll Infected: Trojan-Spy.Win32.Agent.kg skipped
C:\System Volume Information\_restore{3DBD88D2-9FFC-498B-A689-A4771362F918}\RP657\A0043222.dll Infected: Trojan-Spy.Win32.Agent.kg skipped
C:\System Volume Information\_restore{3DBD88D2-9FFC-498B-A689-A4771362F918}\RP657\A0043223.dll Infected: Trojan-Spy.Win32.Agent.kg skipped
C:\System Volume Information\_restore{3DBD88D2-9FFC-498B-A689-A4771362F918}\RP657\A0043224.dll Infected: Trojan-Spy.Win32.Agent.kg skipped
C:\System Volume Information\_restore{3DBD88D2-9FFC-498B-A689-A4771362F918}\RP657\A0043225.dll Infected: Trojan-Spy.Win32.Agent.kg skipped
C:\System Volume Information\_restore{3DBD88D2-9FFC-498B-A689-A4771362F918}\RP657\A0043226.dll Infected: Trojan-Spy.Win32.Agent.kg skipped
C:\System Volume Information\_restore{3DBD88D2-9FFC-498B-A689-A4771362F918}\RP657\A0043227.dll Infected: Trojan-Spy.Win32.Agent.kg skipped
C:\System Volume Information\_restore{3DBD88D2-9FFC-498B-A689-A4771362F918}\RP657\A0043228.dll Infected: Trojan-Spy.Win32.Agent.kg skipped
C:\System Volume Information\_restore{3DBD88D2-9FFC-498B-A689-A4771362F918}\RP657\A0043229.dll Infected: Trojan-Spy.Win32.Agent.kg skipped
C:\System Volume Information\_restore{3DBD88D2-9FFC-498B-A689-A4771362F918}\RP657\A0043230.dll Infected: Trojan-Spy.Win32.Agent.kg skipped
C:\System Volume Information\_restore{3DBD88D2-9FFC-498B-A689-A4771362F918}\RP657\A0043231.dll Infected: Trojan-Spy.Win32.Agent.kg skipped
C:\System Volume Information\_restore{3DBD88D2-9FFC-498B-A689-A4771362F918}\RP657\A0043232.dll Infected: Trojan-Spy.Win32.Agent.kg skipped
C:\System Volume Information\_restore{3DBD88D2-9FFC-498B-A689-A4771362F918}\RP657\A0043233.dll Infected: Trojan-Spy.Win32.Agent.kg skipped
C:\System Volume Information\_restore{3DBD88D2-9FFC-498B-A689-A4771362F918}\RP657\A0043234.dll Infected: Trojan-Spy.Win32.Agent.kg skipped
C:\System Volume Information\_restore{3DBD88D2-9FFC-498B-A689-A4771362F918}\RP657\A0043235.dll Infected: Trojan-Spy.Win32.Agent.kg skipped
C:\System Volume Information\_restore{3DBD88D2-9FFC-498B-A689-A4771362F918}\RP657\A0043236.dll Infected: Trojan-Spy.Win32.Agent.kg skipped
C:\System Volume Information\_restore{3DBD88D2-9FFC-498B-A689-A4771362F918}\RP657\A0043237.dll Infected: Trojan-Spy.Win32.Agent.kg skipped
C:\System Volume Information\_restore{3DBD88D2-9FFC-498B-A689-A4771362F918}\RP657\A0043238.exe Infected: Trojan-Dropper.Win32.Agent.mu skipped
C:\System Volume Information\_restore{3DBD88D2-9FFC-498B-A689-A4771362F918}\RP657\A0043239.dll Infected: Trojan-Spy.Win32.Agent.kg skipped
C:\System Volume Information\_restore{3DBD88D2-9FFC-498B-A689-A4771362F918}\RP657\A0043240.dll Infected: Trojan-Spy.Win32.Agent.kg skipped
C:\System Volume Information\_restore{3DBD88D2-9FFC-498B-A689-A4771362F918}\RP657\A0043241.dll Infected: Trojan-Spy.Win32.Agent.kg skipped
C:\System Volume Information\_restore{3DBD88D2-9FFC-498B-A689-A4771362F918}\RP657\A0043242.dll Infected: Trojan-Spy.Win32.Agent.kg skipped
 
Here is the rest of the Kapersky. Thanks.

C:\System Volume Information\_restore{3DBD88D2-9FFC-498B-A689-A4771362F918}\RP657\A0043243.dll Infected: Trojan-Spy.Win32.Agent.kg skipped
C:\System Volume Information\_restore{3DBD88D2-9FFC-498B-A689-A4771362F918}\RP657\A0043244.dll Infected: Trojan-Spy.Win32.Agent.kg skipped
C:\System Volume Information\_restore{3DBD88D2-9FFC-498B-A689-A4771362F918}\RP657\A0043245.exe Infected: Trojan.Win32.Agent.ny skipped
C:\System Volume Information\_restore{3DBD88D2-9FFC-498B-A689-A4771362F918}\RP657\A0043246.dll Infected: Trojan-Spy.Win32.Agent.kg skipped
C:\System Volume Information\_restore{3DBD88D2-9FFC-498B-A689-A4771362F918}\RP657\A0043247.dll Infected: Trojan-Spy.Win32.Agent.kg skipped
C:\System Volume Information\_restore{3DBD88D2-9FFC-498B-A689-A4771362F918}\RP657\A0043248.dll Infected: Trojan-Spy.Win32.Agent.kg skipped
C:\System Volume Information\_restore{3DBD88D2-9FFC-498B-A689-A4771362F918}\RP657\A0043249.exe Infected: Trojan.Win32.VB.azo skipped
C:\System Volume Information\_restore{3DBD88D2-9FFC-498B-A689-A4771362F918}\RP657\A0043250.dll Infected: Trojan-Spy.Win32.Agent.kg skipped
C:\System Volume Information\_restore{3DBD88D2-9FFC-498B-A689-A4771362F918}\RP657\A0043251.dll Infected: Trojan-Spy.Win32.Agent.kg skipped
C:\System Volume Information\_restore{3DBD88D2-9FFC-498B-A689-A4771362F918}\RP657\A0043252.dll Infected: Trojan-Spy.Win32.Agent.kg skipped
C:\System Volume Information\_restore{3DBD88D2-9FFC-498B-A689-A4771362F918}\RP657\A0043253.dll Infected: Trojan-Spy.Win32.Agent.kg skipped
C:\System Volume Information\_restore{3DBD88D2-9FFC-498B-A689-A4771362F918}\RP657\A0043254.dll Infected: Trojan-Spy.Win32.Agent.kg skipped
C:\System Volume Information\_restore{3DBD88D2-9FFC-498B-A689-A4771362F918}\RP657\A0043255.dll Infected: Trojan-Spy.Win32.Agent.kg skipped
C:\System Volume Information\_restore{3DBD88D2-9FFC-498B-A689-A4771362F918}\RP657\A0043256.dll Infected: Trojan-Spy.Win32.Agent.kg skipped
C:\System Volume Information\_restore{3DBD88D2-9FFC-498B-A689-A4771362F918}\RP657\A0043257.dll Infected: Trojan-Spy.Win32.Agent.kg skipped
C:\System Volume Information\_restore{3DBD88D2-9FFC-498B-A689-A4771362F918}\RP657\A0043258.dll Infected: Trojan-Spy.Win32.Agent.kg skipped
C:\System Volume Information\_restore{3DBD88D2-9FFC-498B-A689-A4771362F918}\RP657\A0043259.dll Infected: Trojan-Spy.Win32.Agent.kg skipped
C:\System Volume Information\_restore{3DBD88D2-9FFC-498B-A689-A4771362F918}\RP657\A0043260.dll Infected: Trojan-Spy.Win32.Agent.kg skipped
C:\System Volume Information\_restore{3DBD88D2-9FFC-498B-A689-A4771362F918}\RP657\A0043261.dll Infected: Trojan-Spy.Win32.Agent.kg skipped
C:\System Volume Information\_restore{3DBD88D2-9FFC-498B-A689-A4771362F918}\RP657\A0043262.dll Infected: Trojan-Spy.Win32.Agent.kg skipped
C:\System Volume Information\_restore{3DBD88D2-9FFC-498B-A689-A4771362F918}\RP657\A0043263.dll Infected: Trojan-Spy.Win32.Agent.kg skipped
C:\System Volume Information\_restore{3DBD88D2-9FFC-498B-A689-A4771362F918}\RP657\A0043264.dll Infected: Trojan-Spy.Win32.Agent.kg skipped
C:\System Volume Information\_restore{3DBD88D2-9FFC-498B-A689-A4771362F918}\RP657\A0043265.dll Infected: Trojan-Spy.Win32.Agent.kg skipped
C:\System Volume Information\_restore{3DBD88D2-9FFC-498B-A689-A4771362F918}\RP657\A0043266.dll Infected: Trojan-Spy.Win32.Agent.kg skipped
C:\System Volume Information\_restore{3DBD88D2-9FFC-498B-A689-A4771362F918}\RP657\A0043267.dll Infected: Trojan-Spy.Win32.Agent.kg skipped
C:\System Volume Information\_restore{3DBD88D2-9FFC-498B-A689-A4771362F918}\RP657\A0043268.exe Infected: Trojan.Win32.Agent.ny skipped
C:\System Volume Information\_restore{3DBD88D2-9FFC-498B-A689-A4771362F918}\RP657\A0043269.dll Infected: Trojan-Spy.Win32.Agent.kg skipped
C:\System Volume Information\_restore{3DBD88D2-9FFC-498B-A689-A4771362F918}\RP657\A0043270.exe Infected: Trojan.Win32.Agent.ny skipped
C:\System Volume Information\_restore{3DBD88D2-9FFC-498B-A689-A4771362F918}\RP657\A0043271.exe Infected: Trojan.Win32.Agent.ny skipped
C:\System Volume Information\_restore{3DBD88D2-9FFC-498B-A689-A4771362F918}\RP657\A0043272.dll Infected: Trojan-Spy.Win32.Agent.kg skipped
C:\System Volume Information\_restore{3DBD88D2-9FFC-498B-A689-A4771362F918}\RP657\A0043273.dll Infected: Trojan-Spy.Win32.Agent.kg skipped
C:\System Volume Information\_restore{3DBD88D2-9FFC-498B-A689-A4771362F918}\RP657\A0043274.dll Infected: Trojan-Spy.Win32.Agent.kg skipped
C:\System Volume Information\_restore{3DBD88D2-9FFC-498B-A689-A4771362F918}\RP657\A0043275.dll Infected: Trojan-Spy.Win32.Agent.kg skipped
C:\System Volume Information\_restore{3DBD88D2-9FFC-498B-A689-A4771362F918}\RP657\A0043276.dll Infected: Trojan-Spy.Win32.Agent.kg skipped
C:\System Volume Information\_restore{3DBD88D2-9FFC-498B-A689-A4771362F918}\RP657\A0043277.dll Infected: Trojan-Spy.Win32.Agent.kg skipped
C:\System Volume Information\_restore{3DBD88D2-9FFC-498B-A689-A4771362F918}\RP657\A0043278.dll Infected: Trojan-Spy.Win32.Agent.kg skipped
C:\System Volume Information\_restore{3DBD88D2-9FFC-498B-A689-A4771362F918}\RP657\A0043279.dll Infected: Trojan-Spy.Win32.Agent.kg skipped
C:\System Volume Information\_restore{3DBD88D2-9FFC-498B-A689-A4771362F918}\RP657\A0043280.dll Infected: Trojan-Spy.Win32.Agent.kg skipped
C:\System Volume Information\_restore{3DBD88D2-9FFC-498B-A689-A4771362F918}\RP657\A0043281.dll Infected: Trojan-Spy.Win32.Agent.kg skipped
C:\System Volume Information\_restore{3DBD88D2-9FFC-498B-A689-A4771362F918}\RP657\A0043282.dll Infected: Trojan-Spy.Win32.Agent.kg skipped
C:\System Volume Information\_restore{3DBD88D2-9FFC-498B-A689-A4771362F918}\RP657\A0043283.exe Infected: not-virus:Hoax.Win32.Renos.fn skipped
C:\System Volume Information\_restore{3DBD88D2-9FFC-498B-A689-A4771362F918}\RP657\A0043284.dll Infected: Trojan-Spy.Win32.Agent.kg skipped
C:\System Volume Information\_restore{3DBD88D2-9FFC-498B-A689-A4771362F918}\RP657\A0043285.dll Infected: Trojan-Spy.Win32.Agent.kg skipped
C:\System Volume Information\_restore{3DBD88D2-9FFC-498B-A689-A4771362F918}\RP657\A0043286.dll Infected: Trojan-Spy.Win32.Agent.kg skipped
C:\System Volume Information\_restore{3DBD88D2-9FFC-498B-A689-A4771362F918}\RP657\A0043287.dll Infected: Trojan-Spy.Win32.Agent.kg skipped
C:\System Volume Information\_restore{3DBD88D2-9FFC-498B-A689-A4771362F918}\RP657\A0043288.exe Infected: Trojan.Win32.Agent.ny skipped
C:\System Volume Information\_restore{3DBD88D2-9FFC-498B-A689-A4771362F918}\RP657\A0043289.dll Infected: Trojan-Spy.Win32.Agent.kg skipped
C:\System Volume Information\_restore{3DBD88D2-9FFC-498B-A689-A4771362F918}\RP657\A0043290.dll Infected: Trojan-Spy.Win32.Agent.kg skipped
C:\System Volume Information\_restore{3DBD88D2-9FFC-498B-A689-A4771362F918}\RP657\A0043291.dll Infected: Trojan-Spy.Win32.Agent.kg skipped
C:\System Volume Information\_restore{3DBD88D2-9FFC-498B-A689-A4771362F918}\RP657\A0043292.dll Infected: Trojan-Spy.Win32.Agent.kg skipped
C:\System Volume Information\_restore{3DBD88D2-9FFC-498B-A689-A4771362F918}\RP657\A0043293.dll Infected: Trojan-Spy.Win32.Agent.kg skipped
C:\System Volume Information\_restore{3DBD88D2-9FFC-498B-A689-A4771362F918}\RP657\A0043294.dll Infected: Trojan-Spy.Win32.Agent.kg skipped
C:\System Volume Information\_restore{3DBD88D2-9FFC-498B-A689-A4771362F918}\RP657\A0043295.dll Infected: Trojan-Spy.Win32.Agent.kg skipped
C:\System Volume Information\_restore{3DBD88D2-9FFC-498B-A689-A4771362F918}\RP657\A0043296.dll Infected: Trojan-Spy.Win32.Agent.kg skipped
C:\System Volume Information\_restore{3DBD88D2-9FFC-498B-A689-A4771362F918}\RP657\A0043297.dll Infected: Trojan-Spy.Win32.Agent.kg skipped
C:\System Volume Information\_restore{3DBD88D2-9FFC-498B-A689-A4771362F918}\RP657\A0043298.dll Infected: Packed.Win32.Klone.j skipped
C:\System Volume Information\_restore{3DBD88D2-9FFC-498B-A689-A4771362F918}\RP657\A0043299.dll Infected: Trojan-Spy.Win32.Agent.kg skipped
C:\System Volume Information\_restore{3DBD88D2-9FFC-498B-A689-A4771362F918}\RP657\A0043300.dll Infected: Trojan-Spy.Win32.Agent.kg skipped
C:\System Volume Information\_restore{3DBD88D2-9FFC-498B-A689-A4771362F918}\RP657\A0043301.dll Infected: Trojan-Spy.Win32.Agent.kg skipped
C:\System Volume Information\_restore{3DBD88D2-9FFC-498B-A689-A4771362F918}\RP657\A0043302.dll Infected: Trojan-Spy.Win32.Agent.kg skipped
C:\System Volume Information\_restore{3DBD88D2-9FFC-498B-A689-A4771362F918}\RP657\A0043303.dll Infected: Trojan-Spy.Win32.Agent.kg skipped
C:\System Volume Information\_restore{3DBD88D2-9FFC-498B-A689-A4771362F918}\RP657\A0043304.dll Infected: Trojan-Spy.Win32.Agent.kg skipped
C:\System Volume Information\_restore{3DBD88D2-9FFC-498B-A689-A4771362F918}\RP657\A0043305.exe Infected: Trojan.Win32.Agent.ny skipped
C:\System Volume Information\_restore{3DBD88D2-9FFC-498B-A689-A4771362F918}\RP657\A0043306.dll Infected: Trojan-Spy.Win32.Agent.kg skipped
C:\System Volume Information\_restore{3DBD88D2-9FFC-498B-A689-A4771362F918}\RP657\A0043307.dll Infected: Trojan-Spy.Win32.Agent.kg skipped
C:\System Volume Information\_restore{3DBD88D2-9FFC-498B-A689-A4771362F918}\RP657\A0043308.dll Infected: Trojan-Spy.Win32.Agent.kg skipped
C:\System Volume Information\_restore{3DBD88D2-9FFC-498B-A689-A4771362F918}\RP657\A0043309.dll Infected: Trojan-Spy.Win32.Agent.kg skipped
C:\System Volume Information\_restore{3DBD88D2-9FFC-498B-A689-A4771362F918}\RP657\A0043310.dll Infected: Trojan-Spy.Win32.Agent.kg skipped
C:\System Volume Information\_restore{3DBD88D2-9FFC-498B-A689-A4771362F918}\RP657\A0043311.dll Infected: Trojan-Spy.Win32.Agent.kg skipped
C:\System Volume Information\_restore{3DBD88D2-9FFC-498B-A689-A4771362F918}\RP657\A0043312.dll Infected: Trojan-Spy.Win32.Agent.kg skipped
C:\System Volume Information\_restore{3DBD88D2-9FFC-498B-A689-A4771362F918}\RP657\A0043313.dll Infected: Trojan-Spy.Win32.Agent.kg skipped
C:\System Volume Information\_restore{3DBD88D2-9FFC-498B-A689-A4771362F918}\RP657\A0043314.dll Infected: Trojan-Spy.Win32.Agent.kg skipped
C:\System Volume Information\_restore{3DBD88D2-9FFC-498B-A689-A4771362F918}\RP657\A0043315.dll Infected: Trojan-Spy.Win32.Agent.kg skipped
C:\System Volume Information\_restore{3DBD88D2-9FFC-498B-A689-A4771362F918}\RP657\A0043316.dll Infected: Trojan-Spy.Win32.Agent.kg skipped
C:\System Volume Information\_restore{3DBD88D2-9FFC-498B-A689-A4771362F918}\RP657\A0043317.dll Infected: Trojan-Spy.Win32.Agent.kg skipped
C:\System Volume Information\_restore{3DBD88D2-9FFC-498B-A689-A4771362F918}\RP657\A0043318.exe Infected: Trojan.Win32.Agent.ny skipped
C:\System Volume Information\_restore{3DBD88D2-9FFC-498B-A689-A4771362F918}\RP657\A0043319.dll Infected: Trojan-Spy.Win32.Agent.kg skipped
C:\System Volume Information\_restore{3DBD88D2-9FFC-498B-A689-A4771362F918}\RP657\A0043320.dll Infected: Trojan-Spy.Win32.Agent.kg skipped
C:\System Volume Information\_restore{3DBD88D2-9FFC-498B-A689-A4771362F918}\RP657\A0043321.exe Infected: Trojan-Dropper.Win32.Agent.mu skipped
C:\System Volume Information\_restore{3DBD88D2-9FFC-498B-A689-A4771362F918}\RP657\A0043322.exe Infected: Trojan-Dropper.Win32.Agent.mu skipped
C:\System Volume Information\_restore{3DBD88D2-9FFC-498B-A689-A4771362F918}\RP657\A0043323.exe Infected: Trojan-Downloader.Win32.Agent.brf skipped
C:\System Volume Information\_restore{3DBD88D2-9FFC-498B-A689-A4771362F918}\RP657\A0043324.exe Infected: Trojan-Downloader.Win32.VB.awj skipped
C:\System Volume Information\_restore{3DBD88D2-9FFC-498B-A689-A4771362F918}\RP657\A0043325.exe Infected: Trojan-Downloader.Win32.VB.awj skipped
C:\System Volume Information\_restore{3DBD88D2-9FFC-498B-A689-A4771362F918}\RP657\change.log Object is locked skipped
C:\WINDOWS\$NtUninstallKB912812$\wininet.dll Infected: Virus.Win32.Nsag.b skipped
C:\WINDOWS\Debug\PASSWD.LOG Object is locked skipped
C:\WINDOWS\ModemLog_Intel(R) 537EP V9x DF PCI Modem.txt Object is locked skipped
C:\WINDOWS\Registration\{02D4B3F1-FD88-11D1-960D-00805FC79235}.{112B7533-82F6-4A51-B25F-18527239492A}.crmlog Object is locked skipped
C:\WINDOWS\SchedLgU.Txt Object is locked skipped
C:\WINDOWS\SoftwareDistribution\ReportingEvents.log Object is locked skipped
C:\WINDOWS\Sti_Trace.log Object is locked skipped
C:\WINDOWS\SYSTEM32\CatRoot2\edb.log Object is locked skipped
C:\WINDOWS\SYSTEM32\CatRoot2\tmp.edb Object is locked skipped
C:\WINDOWS\SYSTEM32\CONFIG\AppEvent.Evt Object is locked skipped
C:\WINDOWS\SYSTEM32\CONFIG\DEFAULT Object is locked skipped
C:\WINDOWS\SYSTEM32\CONFIG\DEFAULT.LOG Object is locked skipped
C:\WINDOWS\SYSTEM32\CONFIG\Media Ce.evt Object is locked skipped
C:\WINDOWS\SYSTEM32\CONFIG\SAM Object is locked skipped
C:\WINDOWS\SYSTEM32\CONFIG\SAM.LOG Object is locked skipped
C:\WINDOWS\SYSTEM32\CONFIG\SecEvent.Evt Object is locked skipped
C:\WINDOWS\SYSTEM32\CONFIG\SECURITY Object is locked skipped
C:\WINDOWS\SYSTEM32\CONFIG\SECURITY.LOG Object is locked skipped
C:\WINDOWS\SYSTEM32\CONFIG\SOFTWARE Object is locked skipped
C:\WINDOWS\SYSTEM32\CONFIG\SOFTWARE.LOG Object is locked skipped
C:\WINDOWS\SYSTEM32\CONFIG\SysEvent.Evt Object is locked skipped
C:\WINDOWS\SYSTEM32\CONFIG\SYSTEM Object is locked skipped
C:\WINDOWS\SYSTEM32\CONFIG\SYSTEM.LOG Object is locked skipped
C:\WINDOWS\SYSTEM32\gebyx.dll Infected: Trojan-Downloader.Win32.Agent.yf skipped
C:\WINDOWS\SYSTEM32\H323LOG.TXT Object is locked skipped
C:\WINDOWS\SYSTEM32\WBEM\Repository\FS\INDEX.BTR Object is locked skipped
C:\WINDOWS\SYSTEM32\WBEM\Repository\FS\INDEX.MAP Object is locked skipped
C:\WINDOWS\SYSTEM32\WBEM\Repository\FS\MAPPING.VER Object is locked skipped
C:\WINDOWS\SYSTEM32\WBEM\Repository\FS\MAPPING1.MAP Object is locked skipped
C:\WINDOWS\SYSTEM32\WBEM\Repository\FS\MAPPING2.MAP Object is locked skipped
C:\WINDOWS\SYSTEM32\WBEM\Repository\FS\OBJECTS.DATA Object is locked skipped
C:\WINDOWS\SYSTEM32\WBEM\Repository\FS\OBJECTS.MAP Object is locked skipped
C:\WINDOWS\WIADEBUG.LOG Object is locked skipped
C:\WINDOWS\WIASERVC.LOG Object is locked skipped
C:\WINDOWS\WindowsUpdate.log Object is locked skipped

Scan process completed.
 
Thanks Scott, it looks like everything is in the System Restore files now, follow these directions:
System Restore does not know the good files from the bad. In case bad stuff has gotten into your System Restore files, follow the instructions in this link to get clean System Restore files. Turn it off, reboot then turn it back on:
This is just a repeat in case these instructions help:

MANUAL INSTRUCTIONS FOR SYSTEM RESTORE
Turn off System Restore.
On the Desktop, right-click My Computer.
Click Properties.
Click the System Restore tab.
Check Turn off System Restore.
Click Apply, and then click OK.

Reboot

Turn ON System Restore,
On the Desktop, right-click My Computer.
Click Properties.
Click the System Restore tab.
UN-Check *Turn off System Restore*.
Click Apply, and then click OK.

another tutorial for System Restore
http://www.microsoft.com/windowsxp/using/helpandsupport/learnmore/tips/mcgill1.mspx

Please follow these instructions once more:
Run ATF Cleaner
Double-click ATF-Cleaner.exe to run the program.
Click Select All found at the bottom of the list.
Click the Empty Selected button.
Click Exit on the Main menu to close the program.
Be sure to choose SELECT ALL, I want to be positive Prefetch is cleaned. It might slow your computer for a boot or two until Windows repopulates the folder with needed files.

I know you must be tired of working on the computer, take the time you need, but once you clean System Restore I would appreciate it if you would restart your computer and scan then post a last Kaspersky, since we have come this far we might as well be positive you are clean. Let me know how the computer is performing also.

Thanks...Phil
 
Im running Kapersky right now. I am just glad you have been here to help. I have had to stay at home the past few days and Im psyched this much was done while I was at home. If I had been at work this would have taken a week. I really appreciate the help.

I don't think I mentioned it but I had been noticing that every time I shut down there was a box popping up just shut down that said updates were being made. It was always very fast. I tried to hit cancel every time I saw that happening but some times it happened too fast. I think it said something like "Shell con hidden." I assume that was part of the virus.

One other thing. My Windows Defender still identifies one High Alert that cannot be removed. I think I mentioned it yesterday. Not sure if that is an issue or not. I can give you the details on it if you think it would be helpful.

The Kapersky log will be done shortly.

Thanks again.

Scott
 
OK Scott, I am hoping your computer can recover from this massive infection, we shall see.
What is important is that you give me these error messages exactly as they occur, word for word. I can not research them any other way.
A box pops up,
Click to expand...
exactly what the message is.
something like "Shell con hidden
Click to expand...
will not do it, I must have the exact message. Google is used to search most, but at times the Microsoft Knowledge Base is used. Neither will provide the resaults unless we search with the exact messages.
Windows Defender may have been damaged as well as other programs, and may require that it be uninstalled and reinstalled. We will tackle the issues as they come up as soon as we are sure the computer is free of the malware.

Thanks
 
Here is the Kaspersky log.

KASPERSKY ONLINE SCANNER REPORT
Wednesday, July 18, 2007 8:15:25 PM
Operating System: Microsoft Windows XP Professional, Service Pack 2 (Build 2600)
Kaspersky Online Scanner version: 5.0.93.0
Kaspersky Anti-Virus database last update: 19/07/2007
Kaspersky Anti-Virus database records: 342428
-------------------------------------------------------------------------------

Scan Settings:
Scan using the following antivirus database: standard
Scan Archives: true
Scan Mail Bases: true

Scan Target - My Computer:
C:\
D:\

Scan Statistics:
Total number of scanned objects: 73344
Number of viruses found: 2
Number of infected objects: 2
Number of suspicious objects: 0
Duration of the scan process: 00:46:16

Infected Object Name / Virus Name / Last Action
C:\Documents and Settings\All Users\Application Data\Microsoft\Crypto\RSA\MachineKeys\3ad391678a806ec4d691e83aaa393b6f_5b150187-0f05-4c72-917c-77c8e6964ac4 Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Microsoft\Crypto\RSA\MachineKeys\a0cb2472c99f005c6126760533c20ac5_5b150187-0f05-4c72-917c-77c8e6964ac4 Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Microsoft\eHome\LOGS\ehRecvr.log Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Microsoft\Windows Defender\Support\MPLog-06032007-112645.log Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Prevx\LDB_EV-00.dat Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Prevx\LDB_EV-Index.dat Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Prevx\LDB_FP-00.dat Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Prevx\LDB_FP-01.dat Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Prevx\LDB_FP-02.dat Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Prevx\LDB_FP-03.dat Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Prevx\LDB_FP-Index.dat Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Prevx\LDB_GX-00.dat Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Prevx\LDB_GX-01.dat Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Prevx\LDB_GX-02.dat Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Prevx\LDB_GX-Index.dat Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Prevx\LDB_PX-00.dat Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Prevx\LDB_PX-01.dat Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Prevx\LDB_PX-02.dat Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Prevx\LDB_PX-03.dat Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Prevx\LDB_PX-Index.dat Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Prevx\LDB_RG-00.dat Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Prevx\LDB_RG-Index.dat Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Prevx\LDB_TG-00.dat Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Prevx\LDB_TG-Index.dat Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Prevx\LDB_VX-00.dat Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Prevx\LDB_VX-Index.dat Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Prevx\Local.dat Object is locked skipped
C:\Documents and Settings\LocalService\Cookies\index.dat Object is locked skipped
C:\Documents and Settings\LocalService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat Object is locked skipped
C:\Documents and Settings\LocalService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat.LOG Object is locked skipped
C:\Documents and Settings\LocalService\Local Settings\History\History.IE5\INDEX.DAT Object is locked skipped
C:\Documents and Settings\LocalService\Local Settings\Temporary Internet Files\Content.IE5\index.dat Object is locked skipped
C:\Documents and Settings\LocalService\NTUSER.DAT Object is locked skipped
C:\Documents and Settings\LocalService\ntuser.dat.LOG Object is locked skipped
C:\Documents and Settings\NetworkService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat Object is locked skipped
C:\Documents and Settings\NetworkService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat.LOG Object is locked skipped
C:\Documents and Settings\NetworkService\NTUSER.DAT Object is locked skipped
C:\Documents and Settings\NetworkService\ntuser.dat.LOG Object is locked skipped
C:\Documents and Settings\Scott\Application Data\Prevx\proc.cat Object is locked skipped
C:\Documents and Settings\Scott\Cookies\index.dat Object is locked skipped
C:\Documents and Settings\Scott\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat Object is locked skipped
C:\Documents and Settings\Scott\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat.LOG Object is locked skipped
C:\Documents and Settings\Scott\Local Settings\Application Data\Microsoft\Windows Defender\FileTracker\{857F20C3-1542-4F46-B340-70CB774FB823} Object is locked skipped
C:\Documents and Settings\Scott\Local Settings\Application Data\Musicmatch\Jukebox\mmjbaltlog.txt Object is locked skipped
C:\Documents and Settings\Scott\Local Settings\Application Data\Musicmatch\Jukebox\mmjblog.txt Object is locked skipped
C:\Documents and Settings\Scott\Local Settings\Application Data\Musicmatch\MIM\Database\Default.ldb Object is locked skipped
C:\Documents and Settings\Scott\Local Settings\Application Data\Musicmatch\MIM\Database\Default.mdb Object is locked skipped
C:\Documents and Settings\Scott\Local Settings\History\History.IE5\INDEX.DAT Object is locked skipped
C:\Documents and Settings\Scott\Local Settings\History\History.IE5\MSHist012007071820070719\index.dat Object is locked skipped
C:\Documents and Settings\Scott\Local Settings\Temp\JET10E3.tmp Object is locked skipped
C:\Documents and Settings\Scott\Local Settings\Temp\Perflib_Perfdata_b98.dat Object is locked skipped
C:\Documents and Settings\Scott\Local Settings\Temporary Internet Files\Content.IE5\index.dat Object is locked skipped
C:\Documents and Settings\Scott\NTUSER.DAT Object is locked skipped
C:\Documents and Settings\Scott\ntuser.dat.LOG Object is locked skipped
C:\Program Files\NetZero\BootExceptions.log Object is locked skipped
C:\Program Files\NetZero\ExecExceptions.log Object is locked skipped
C:\Program Files\NetZero\IspDblog.txt Object is locked skipped
C:\Program Files\NetZero\MainExceptions.log Object is locked skipped
C:\Program Files\Prevx2\lclbrk.cache Object is locked skipped
C:\Program Files\Prevx2\log\px-log.txt Object is locked skipped
C:\Program Files\Prevx2\paws.cache Object is locked skipped
C:\Program Files\Prevx2\prevx.cache Object is locked skipped
C:\System Volume Information\MountPointManagerRemoteDatabase Object is locked skipped
C:\System Volume Information\_restore{3DBD88D2-9FFC-498B-A689-A4771362F918}\RP2\change.log Object is locked skipped
C:\WINDOWS\$NtUninstallKB912812$\wininet.dll Infected: Virus.Win32.Nsag.b skipped
C:\WINDOWS\Debug\PASSWD.LOG Object is locked skipped
C:\WINDOWS\Registration\{02D4B3F1-FD88-11D1-960D-00805FC79235}.{43DB6126-DCAA-4CA8-AF58-8F1B736F6F55}.crmlog Object is locked skipped
C:\WINDOWS\SchedLgU.Txt Object is locked skipped
C:\WINDOWS\SoftwareDistribution\EventCache\{9ADCA5C9-BB5C-4C14-A26C-4503EA693315}.bin Object is locked skipped
C:\WINDOWS\SoftwareDistribution\ReportingEvents.log Object is locked skipped
C:\WINDOWS\Sti_Trace.log Object is locked skipped
C:\WINDOWS\SYSTEM32\CONFIG\AppEvent.Evt Object is locked skipped
C:\WINDOWS\SYSTEM32\CONFIG\DEFAULT Object is locked skipped
C:\WINDOWS\SYSTEM32\CONFIG\DEFAULT.LOG Object is locked skipped
C:\WINDOWS\SYSTEM32\CONFIG\Media Ce.evt Object is locked skipped
C:\WINDOWS\SYSTEM32\CONFIG\SAM Object is locked skipped
C:\WINDOWS\SYSTEM32\CONFIG\SAM.LOG Object is locked skipped
C:\WINDOWS\SYSTEM32\CONFIG\SecEvent.Evt Object is locked skipped
C:\WINDOWS\SYSTEM32\CONFIG\SECURITY Object is locked skipped
C:\WINDOWS\SYSTEM32\CONFIG\SECURITY.LOG Object is locked skipped
C:\WINDOWS\SYSTEM32\CONFIG\SOFTWARE Object is locked skipped
C:\WINDOWS\SYSTEM32\CONFIG\SOFTWARE.LOG Object is locked skipped
C:\WINDOWS\SYSTEM32\CONFIG\SysEvent.Evt Object is locked skipped
C:\WINDOWS\SYSTEM32\CONFIG\SYSTEM Object is locked skipped
C:\WINDOWS\SYSTEM32\CONFIG\SYSTEM.LOG Object is locked skipped
C:\WINDOWS\SYSTEM32\gebyx.dll Infected: Trojan-Downloader.Win32.Agent.yf skipped
C:\WINDOWS\SYSTEM32\H323LOG.TXT Object is locked skipped
C:\WINDOWS\SYSTEM32\WBEM\Repository\FS\INDEX.BTR Object is locked skipped
C:\WINDOWS\SYSTEM32\WBEM\Repository\FS\INDEX.MAP Object is locked skipped
C:\WINDOWS\SYSTEM32\WBEM\Repository\FS\MAPPING.VER Object is locked skipped
C:\WINDOWS\SYSTEM32\WBEM\Repository\FS\MAPPING1.MAP Object is locked skipped
C:\WINDOWS\SYSTEM32\WBEM\Repository\FS\MAPPING2.MAP Object is locked skipped
C:\WINDOWS\SYSTEM32\WBEM\Repository\FS\OBJECTS.DATA Object is locked skipped
C:\WINDOWS\SYSTEM32\WBEM\Repository\FS\OBJECTS.MAP Object is locked skipped
C:\WINDOWS\WIADEBUG.LOG Object is locked skipped
C:\WINDOWS\WIASERVC.LOG Object is locked skipped
C:\WINDOWS\WindowsUpdate.log Object is locked skipped

Scan process completed.
 
KASPERSKY ONLINE SCANNER REPORT Wednesday, July 18, 2007 8:15:25 PM
Number of viruses found: 2
Number of infected objects: 2

It going to get a little tricky now, let's get rid of this one first:
C:\WINDOWS\SYSTEM32\gebyx.dll <<< delete that file. Either I missed it or you did, get it gone.

Now comes the tricky part, what we have now is something I have not done before either. We have an infected wininet.dll

I would like you to look here: C:\I386 <<< on the C:\ drive and tell me if you have that folder.

The first thing we will try is System File Checker, it will check all Windows Files looking for missing or corrupted files. I am hoping it will find this file and replace it. If you do not have the C:\I386 on your computer, you will need to have your Windows CD ready. I am hoping at that point Windows will see the corrupt file and ask you to insert the CD so it can install the clean file from the CD.

C:\WINDOWS\$NtUninstallKB912812$\wininet.dll Infected: Virus.Win32.Nsag.b skipped
http://www.google.com/search?hl=en&q=wininet.dll&btnG=Google+Search

Here are two tutorials to show you how to use SFC
http://dwightblackburn.com/winxp/
http://www.updatexp.com/scannow-sfc.html

I would also like to know if you remember trying to delete that file?
C:\WINDOWS\$NtUninstallKB912812$\wininet.dll <<< this one?
I know it is an valid file but if it is infected it needs to be replaced.
Here are the scanners again, if you would like to scan to be sure it is infected:
http://virusscan.jotti.org/
http://www.kaspersky.com/scanforvirus
http://www.virustotal.com/flash/index_en.html

Information about the file:
http://www.liutilities.com/products/wintaskspro/dlllibrary/wininet/

You will need all files and folders enabled to see that file. If you find it is infected, let's hope System File Checker will replace the bad one.
Make sure you let me know about the C:\I386, if it is there and SFC does not work, we may be able to use another tool that replaces an infected wininet.dll from that folder when it finds an infected one during the process of running the Smitfraudfix tool.

Keep me posted.

Thanks...Phil
 
I ran the system file checker. I got a message to insert a CD. Unfortunately I do not have a CD. I tried doing some of the things mentioned in the link you provided. Those didnt seem to help. The problem I have now is I cant seem to now get a status bar. I tried running again and am hoping I get the message that mentions what I need to insert. For whatever reason the box closed on me. I think it said I need to insert CD (2).

As for those gebyx.dll file I cant find it. I did a search and it still isnt showing. I did a search of the wininet.dll file and found three entries but none in the $NtUninstallKB912812$ folder. I couldn't find them when I was manually removing files and folders earlier.

As for the C:I386 folder, it is there.

Thanks,
Scott
 
One other thing. I have more information on that box that pops up when I log out. It is titled End Program and it says ShellConHidden..... I am given the option of cancelling it and do when given enough time. It only pops up for a couple of seconds. Thanks.
 
Humm...you are positive you still have all files and folder enabled? Here is the link again if you need it:
http://www.xtra.co.nz/help/0,,4155-1916458,00.html

Where is your Windows CD? Could you have what is called a System Restore CD?
I would appreciate it if you look in that C:\I386 folder (those are backups of critical system files few folks know they have) scroll down to:
WININET.DLL and let me know that file is there, (remember if you ever use files in here always COPY the file NEVER cut it or you will move your backup) For now I just need to be assured it is there if we need it.
For whatever reason the box closed on me
Click to expand...
If the SFC finds a missing or corrupt file, it will stop until you take action, if it does not it will continue to run until finished and then close.
The problem I have now is I cant seem to now get a status bar
Click to expand...
What exactly are you talking about here? Is this the toolbar that runs across the bottom of the display which which contains the System Tray with the clock, etc. to your right?

Look for a PM from me also. I do not want to give to many instructions at once so as not to confuse both of us. I would like to know generally how the computer is running now that all of that junk was removed.

Thanks...Phil
 
I will be back at the computer tonight and let you know if the wininet.dll file is in I386 and the result of the SFC. My Dell computer didn't come with a Windows CD. I will check again to see if there was a System Restore CD.

As for the status bar, I meant the SFC status bar that lets you know how far along the scan is. It came back after I rebooted. Thanks. Scott
 
http://dwightblackburn.com/winxp/
If you are talking about the "Windows File Protection"
Here: When the scan starts, you will see a progress bar.
That will remain visable as long as the scan is running and then close. You would have to start SFC again to see that box again.
My Dell computer didn't come with a Windows CD. I will check again to see if there was a System Restore CD.
Click to expand...
That's a good thing, if we can not fix this, that will be one of your choices.
I just shut down and noticed one thing. The box is actually titled ShellconHiddenWi....
Click to expand...
There has to be more to the message than that, is there anything you can click on to get more information. Here is the Google, you are not the first to see the message:
http://www.google.com/search?hl=en&q=ShellconHiddenWi....&btnG=Google+Search

Thanks
 
Shellconhiddenwi... is all I get for the message. I think Im all set with the progress bar issue. Thanks.

As for SFC, a box titled Windows File Protection popped up that reads: "Files that are required for Windows to run properly must be copied to the DLL Cache. Insert your Windows XP Professional CD2 now."

I checked my folder again and I do not have a Windows or restore CD. I have a card from Dell with the picture of a CD on it. At the top it says "Your new Computer does not require an operating system DR or drivers CDs. Instead, if you ever need to reinstall your software, use one of the following methods:

Microsoft Windows System Restore returns your computer to an earlier operating state without affecting data files. For more information, double click the Owner's Manual icon on your desktop.

Dell PC Restore returns your computer to its original operating state. For more information, double click the Owner's Manual icon on your computer.

To learn more about creating or obtaining a copy of your operating system CD or drivers for your computer, visit support.dell.com/pcrt."

I checked the I386 folder and the wininet.dll file is there. Thanks. Scott
 
1) did you read the link I provided under the red Google? The first website offers suggestions, I just do not have the time to read those for you.

2) You realize what you can or can not do without a Windows CD or a System Restore Disk. I suggest you take this up with Dell.

3) System Restore would have done you no good, you would just have been putting the junk that was backed up in SR back on your computer. Now you may want to make sure you have a clean restore point, here is information:
http://www.microsoft.com/windowsxp/using/helpandsupport/learnmore/tips/mcgill1.mspx

I checked the I386 folder and the wininet.dll file is there.
Click to expand...

4) One area that can get infected by the Zlob trojan aka Smitfraud is the wininet.dll When Smitfraudfix finds and infected wininet.dll it is supposed to replace the infected file with a clean one if there is one on the computer, which in your case there appears to be. Let's give the fix a try, follow only the posted instructions.

http://siri.geekstogo.com/SmitfraudFix.php <<< download Smitfraudfix from here and follow ONLY these directions.

Search:
Double-click SmitfraudFix.exe
Select 1 and hit Enter to create a report of the infected files. The report can be found at the root of the system drive, usually at C:\rapport.txt

Note: process.exe is detected by some antivirus programs (AntiVir, Dr.Web, Kaspersky) as a "RiskTool". It is not a virus, but a program used to stop system processes. Antivirus programs cannot distinguish between "good" and "malicious" use of such programs, therefore they may alert the user.
http://www.beyondlogic.org/consulting/processutil/processutil.htm

Post the C:\rapport.txt so I can see that report.

Add any other comments you think will help.

Thanks
 
Yes, I read shellconnhidden link. I am trying to see if I can fix. Thanks.

Here is the log:

SmitFraudFix v2.204

Scan done at 21:33:50.90, Thu 07/19/2007
Run from C:\Documents and Settings\Scott\Desktop\SmitfraudFix
OS: Microsoft Windows XP [Version 5.1.2600] - Windows_NT
The filesystem type is NTFS
Fix run in normal mode

»»»»»»»»»»»»»»»»»»»»»»»» Process

C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Windows Defender\MsMpEng.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Java\jre1.6.0_02\bin\jusched.exe
C:\Program Files\Intel\Modem Event Monitor\IntelMEM.exe
C:\Program Files\Creative\Sound Blaster Live! 24-bit\Surround Mixer\CTSysVol.exe
C:\WINDOWS\system32\Rundll32.exe
C:\Program Files\CyberLink\PowerDVD\DVDLauncher.exe
C:\Program Files\Musicmatch\Musicmatch Jukebox\mm_tray.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\QuickTime\qttask.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Windows Defender\MSASCui.exe
C:\Program Files\Prevx2\PXConsole.exe
C:\Program Files\MSN Messenger\MsnMsgr.Exe
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\Program Files\America Online 9.0\aoltray.exe
C:\Program Files\Nikon\PictureProject\NkbMonitor.exe
C:\PROGRA~1\MUSICM~1\MUSICM~2\MMDiag.exe
C:\Program Files\MUSICMATCH\Musicmatch Jukebox\mim.exe
C:\Program Files\Adobe\Photoshop Elements 3.0\PhotoshopElementsFileAgent.exe
C:\PROGRA~1\COMMON~1\AOL\ACS\AOLacsd.exe
C:\WINDOWS\system32\CTsvcCDA.EXE
C:\WINDOWS\eHome\ehRecvr.exe
C:\WINDOWS\eHome\ehSched.exe
C:\Program Files\Adobe\Photoshop Elements 3.0\PhotoshopElementsDeviceConnect.exe
C:\Program Files\Prevx2\PXAgent.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\MsPMSPSv.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\WINDOWS\system32\dllhost.exe
C:\WINDOWS\system32\winlogon.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\internet explorer\iexplore.exe
C:\Program Files\Real\RealPlayer\RealPlay.exe
C:\Program Files\Common Files\Real\Update_OB\RealOneMessageCenter.exe
C:\WINDOWS\system32\cmd.exe
C:\WINDOWS\system32\CSCRIPT.EXE

»»»»»»»»»»»»»»»»»»»»»»»» hosts


»»»»»»»»»»»»»»»»»»»»»»»» C:\


»»»»»»»»»»»»»»»»»»»»»»»» C:\WINDOWS


»»»»»»»»»»»»»»»»»»»»»»»» C:\WINDOWS\system


»»»»»»»»»»»»»»»»»»»»»»»» C:\WINDOWS\Web


»»»»»»»»»»»»»»»»»»»»»»»» C:\WINDOWS\system32


»»»»»»»»»»»»»»»»»»»»»»»» C:\Documents and Settings\Scott


»»»»»»»»»»»»»»»»»»»»»»»» C:\Documents and Settings\Scott\Application Data


»»»»»»»»»»»»»»»»»»»»»»»» Start Menu


»»»»»»»»»»»»»»»»»»»»»»»» C:\DOCUME~1\scott\FAVORI~1


»»»»»»»»»»»»»»»»»»»»»»»» Desktop


»»»»»»»»»»»»»»»»»»»»»»»» C:\Program Files


»»»»»»»»»»»»»»»»»»»»»»»» Corrupted keys


»»»»»»»»»»»»»»»»»»»»»»»» Desktop Components

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Desktop\Components\0]
"Source"="C:\\Program Files\\Movie Maker\\rterelehdu.html"
"SubscribedURL"=""
"FriendlyName"=""

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Desktop\Components\1]
"Source"="About:Home"
"SubscribedURL"="About:Home"
"FriendlyName"="My Current Home Page"
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Desktop\Components\2]
"Source"="C:\\WINDOWS\\warnhp.html"
"SubscribedURL"=""
"FriendlyName"="Desktop Uninstall"

»»»»»»»»»»»»»»»»»»»»»»»» Sharedtaskscheduler
!!!Attention, following keys are not inevitably infected!!!

SrchSTS.exe by S!Ri
Search SharedTaskScheduler's .dll


»»»»»»»»»»»»»»»»»»»»»»»» AppInit_DLLs
!!!Attention, following keys are not inevitably infected!!!

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]
"AppInit_DLLs"=""


»»»»»»»»»»»»»»»»»»»»»»»» Winlogon.System
!!!Attention, following keys are not inevitably infected!!!

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon]
"System"=""


»»»»»»»»»»»»»»»»»»»»»»»» Rustock



»»»»»»»»»»»»»»»»»»»»»»»» DNS

Description: Intel(R) PRO/100 VE Network Connection - Packet Scheduler Miniport
DNS Server Search Order: 192.168.0.1

HKLM\SYSTEM\CCS\Services\Tcpip\..\{A53F4D88-25FD-4AAC-82D8-FEAAFC74534D}: DhcpNameServer=192.168.0.1
HKLM\SYSTEM\CS1\Services\Tcpip\..\{A53F4D88-25FD-4AAC-82D8-FEAAFC74534D}: DhcpNameServer=192.168.0.1
HKLM\SYSTEM\CS3\Services\Tcpip\..\{A53F4D88-25FD-4AAC-82D8-FEAAFC74534D}: DhcpNameServer=192.168.0.1
HKLM\SYSTEM\CCS\Services\Tcpip\Parameters: DhcpNameServer=192.168.0.1
HKLM\SYSTEM\CS1\Services\Tcpip\Parameters: DhcpNameServer=192.168.0.1
HKLM\SYSTEM\CS3\Services\Tcpip\Parameters: DhcpNameServer=192.168.0.1


»»»»»»»»»»»»»»»»»»»»»»»» Scanning for wininet.dll infection


»»»»»»»»»»»»»»»»»»»»»»»» End
 
Well...the Smitfraudfix does not show the item to be infected. I may cover some areas again.

This appears to be the only item in question, have you searched to see if it is there? Make sure all files and folders are enabled or it is probably hidden.

C:\WINDOWS\$NtUninstallKB912812$\wininet.dll

On my Windows XP Pro I have this folder: C:\WINDOWS\$NtUninstallKB912812-IE6SP1-20060322.182418$
In that folder I have this file: wininet.dll says it is an Internet Extension for Win32
It is a Microsoft Corporation file which is 562 KB.

You should have the same file in the same place (I think)
Would you check to see if is there and then scan that file to see if is infected.

http://virusscan.jotti.org/
http://www.kaspersky.com/scanforvirus
http://www.virustotal.com/flash/index_en.html

Thanks
 
You must log in or register to reply here.
Back
Top