Registry Values Infected:
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\DisallowCpl\1 (Malware.Trace) -> Quarantined and deleted successfully.
Registry Data Items Infected:
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\ForceActiveDesktopOn (Hijack.Desktop) -> Bad: (1) Good: (0) -> Quarantined and deleted successfully.
I rebooted, downloaded and installed SP2 and rebooted again. I still cannot get to any of the Microsoft or antivirus websites. So I thought, Maybe a rootkit? Downloaded and ran Trend micro's rootkit Buster, it came back with nothing found. I then ran Hijackthis and have a log that I need help deciphering. I am still only able to get these programs on the server by downloading to my computer and then copying to the server over the VPN tunnel. I also checked the event logs and found no errors relating to this. Can anyone shed some light?
Edited by hamluis, 17 October 2010 - 06:39 PM.
Moved from NT forum to Malware Removal Logs ~ Hamluis.