libupd~1.exe

[Guest ellas]

if you right click on the ones you are not sure about in regcleaner it will give you a advanced info tab,open that to get more details about reg entries.

[mark2]

These 2 are a result of virus infection

Systray = c:\windows\system32\kernel32.exe

netcode = C:\WINDOWS\System32\kernel32.dlI, tkBell is a nag screen for realplayer and can be disabled on start up possibly a few more in there that you can start from programs rather than have them running in the background all the time

[mark2]

Wait for the scan to finish then run Spybot S& D (updated 1st) followed by Hijackthis and then we can have another look at the start up list log from hijack this.

Be aware tho that anything that needs the spyware will not run after running Spybot but there are freeware versions of most

[mark2]

The 2 viruses should be gone after a full A/V scan and clean

[Guest ellas]

info here at symantec http://securityresponse.symantec.com/avcen...r.optix.04.html

[Guest ellas]

looks like it.

[Guest ellas]

you will have to type regedit in run and delete the entries yourself.

[Guest ellas]

it is xp you are using is'nt it,you dont need dos commands,if you click on the start button and put regedit in RUN you can then follow the symantec instuctions,if you want to start in safe mode type msconfig in run and click on BOOT INI then chose safe mode.

[Guest ellas]

if you get stuck theres always remote assistance but you need messanger.

[Guest ellas]

maybe regcleaner deleted it,try this click on edit at the top of regedit then scroll down to find,click on that and put EES in ,see what it finds.

[Guest ellas]

mark2 fancy doing a remote assistance :D

[mark2]

I don't have XP Pro which I think you need for remote assistance

[Guest ellas]

no you can do remote on home edition also.

[mark2]

Have you done this stage 1st

Windows NT/2000/XP

To stop the Trojan process:

1. Press Ctrl+Alt+Delete one time.

2. Click Task Manager.

3. Click the Processes tab.

4. Double-click the Image Name column header to sort the processes alphabetically.

5. The Task Manager truncates the process name so that only 15 characters are displayed. Therefore, look for Yahoo updater.c by scrolling through the list.

6. If you find the file, click it, and then click End Process.

7. Exit the Task Manager.

[Guest Gladiator]

You have more backdoors on your PC i guess.

And some of the Backdoors can shut down AV Software.

Download GAV and make a Default System Scan.

There is no Backdoor (yet) which shut down GAV.

download it here:

http://www.gladiator-antivirus.com/downloa...up/download.php

[mark2]

That perhaps suggests that it is no longer active,

Run regedit then just double check for

HKEY_LOCAL_MACHINE\SOFTWARE\EES once more if it isn't there do the next step

go to

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\User Shell Folders

Windows NT/2000/XP: In the right pane, update the value

Common Startup

with the following data:

%ALLUSERSPROFILE%\Start Menu\Programs\Startup

Thanks for popping in gladiator need a lot of help here :o

[Guest Gladiator]

Ahyes... and post her here the scan report --> AND THE PACKER INFO (tabulator runtime packed) AND the warnings.

Means all 4 pages from the scan report - You can do that with Copy + Paste

[Guest ellas]

does it not say in the symantec results that its in you system restore files,if so delete all of them.

[mark2]

you will also have to delete all your system restore points to clear it out completely.

[Guest CalamityJane]

Looking at the screen shot p2ccolo posted a page or two back, you need to disable system restore in Win XP while trying to get rid of the infected files. Did you do that?

I am glad to see Gladiator in here helping :D

[Guest Gladiator]

And please delete the Backdoor "Netdevil.15" too - i see him without a AV Software :)

Because i am just including him in GAV - it's the File kernel32.dlI <--- I instand of L

[mark2]

One step at a time, but the virus will also be stored in your restore points , if you ever had to restore it would come back,

[Guest CalamityJane]

Looking at your screen shot after the Symantec scan - looks like it is located in your System Restore.

[mark2]

I'll let gladiator take over here he's LOTS better at this than me, so I can't get in the way and confuse the issue

[Guest ellas]

turn it off in system properties,delete old restores by running disc clean,pick the more options tab and the option is there to delete s/restore files.