No Regedit after spybot worm

<Hi,

I am trying to solve a problem for a friend. She was infected with the W32.spybot.worm detected and removed (in safe mode with system restore deactivated) by Norton's antivirus. She has a German operating system (XP Home). The file removed was called ihost.exe.

With a normal log in regedit, her antiviral program and a number of other programs do not work. In safe mode I can open all the programs but she cannot connect to the internet (I guess her ADSL configuration is not set up).

I downloaded the instructions for removing the effects of spybot worm from Symantec but at least in safe mode ther don't appear to be any changes to the registry.

I am lost as to what to do next. I am suspicious of two files in the root directory which have a time stamp from the 13 Feb called ir7l.exe and zdns1.exe.

Thanks a lot for your help.

Richard

Enclosed is the HijackThis log for her computer in normal mode.

 

Welcome to MajorGeeks.com, please follow the steps below:

http://www.majorgeeks.com/images/grenade.gif Run ALL the steps in this Sticky thread READ & RUN ME FIRST Before Asking for Support

• Make sure you check version numbers and get all updates.

http://www.majorgeeks.com/images/grenade.gif Very Important: Make sure you tell us the results from running the tutorial...was anything found? Were you unable to complete any of the scans?...Were you unable to download any of the tools?...Did you do the on-line scans as suggested? etc.

http://www.majorgeeks.com/images/grenade.gifAfter doing ALL of the above and you still have a problem, make sure you have booted to normal mode and run the steps in the below thread to properly use HijackThis and attach the log:

http://www.majorgeeks.com/images/grenade.gif Downloading, Installing, and Running HijackThis