I've searched and I've noticed a lot of people have had this nasty virus... I've been messing around trying to get rid of it, googling things, etc. You guys are my last hope I've had the virus for about a week, or almost. I have Panda Antivirus and use Zone Alarm as a firewall. I've tried to get rid of it with Spybot Search and Destroy, Ad-Aware SE Personal, XoftSpySE, AVG Anti-Spyware, and nothing has helped. Any help would be great. I really appreciate all of your help in advance, thanks.

My HijackThis log is below my ComboFix Log.

My ComboFix Log:

ComboFix 07-10-22.1 - Ryan 2007-10-21 18:48:25.1 - NTFSx86
Microsoft Windows XP Home Edition 5.1.2600.1.1252.1.1033.18.277 [GMT -5:00]
Running from: C:\Documents and Settings\Ryan\Desktop\ComboFix.exe
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

C:\WINDOWS\regedit.com
C:\WINDOWS\system32\_002723_.tmp.dll
C:\WINDOWS\system32\_002739_.tmp.dll
C:\WINDOWS\system32\_002771_.tmp.dll
C:\WINDOWS\system32\_002779_.tmp.dll
C:\WINDOWS\system32\_002879_.tmp.dll
C:\WINDOWS\system32\_002880_.tmp.dll
C:\WINDOWS\system32\_002881_.tmp.dll
C:\WINDOWS\system32\_002882_.tmp.dll
C:\WINDOWS\system32\_002886_.tmp.dll
C:\WINDOWS\system32\_002887_.tmp.dll
C:\WINDOWS\system32\_002888_.tmp.dll
C:\WINDOWS\system32\_002889_.tmp.dll
C:\WINDOWS\system32\_002894_.tmp.dll
C:\WINDOWS\system32\_002895_.tmp.dll
C:\WINDOWS\system32\_002896_.tmp.dll
C:\WINDOWS\system32\_002897_.tmp.dll
C:\WINDOWS\system32\_002901_.tmp.dll
C:\WINDOWS\system32\_002902_.tmp.dll
C:\WINDOWS\system32\_002903_.tmp.dll
C:\WINDOWS\system32\_002904_.tmp.dll
C:\WINDOWS\system32\_002909_.tmp.dll
C:\WINDOWS\system32\_002910_.tmp.dll
C:\WINDOWS\system32\_002911_.tmp.dll
C:\WINDOWS\system32\_002912_.tmp.dll
C:\WINDOWS\system32\_002917_.tmp.dll
C:\WINDOWS\system32\_002918_.tmp.dll
C:\WINDOWS\system32\_002919_.tmp.dll
C:\WINDOWS\system32\_002920_.tmp.dll
C:\WINDOWS\system32\_002923_.tmp.dll
C:\WINDOWS\system32\_002925_.tmp.dll
C:\WINDOWS\system32\_002926_.tmp.dll
C:\WINDOWS\system32\_002927_.tmp.dll
C:\WINDOWS\system32\_002928_.tmp.dll
C:\WINDOWS\system32\_002934_.tmp.dll
C:\WINDOWS\system32\_002936_.tmp.dll
C:\WINDOWS\system32\_002942_.tmp.dll
C:\WINDOWS\system32\_002944_.tmp.dll
C:\WINDOWS\system32\_002949_.tmp.dll
C:\WINDOWS\system32\_002950_.tmp.dll
C:\WINDOWS\system32\_002951_.tmp.dll
C:\WINDOWS\system32\_002952_.tmp.dll
C:\WINDOWS\system32\_002957_.tmp.dll
C:\WINDOWS\system32\_002958_.tmp.dll
C:\WINDOWS\system32\_002959_.tmp.dll
C:\WINDOWS\system32\_002960_.tmp.dll
C:\WINDOWS\system32\_002967_.tmp.dll
C:\WINDOWS\system32\_002968_.tmp.dll
C:\WINDOWS\system32\_002969_.tmp.dll
C:\WINDOWS\system32\_002970_.tmp.dll
C:\WINDOWS\system32\_002971_.tmp.dll
C:\WINDOWS\system32\_002972_.tmp.dll
C:\WINDOWS\system32\_002973_.tmp.dll
C:\WINDOWS\system32\_002980_.tmp.dll
C:\WINDOWS\system32\_002981_.tmp.dll
C:\WINDOWS\system32\_002982_.tmp.dll
C:\WINDOWS\system32\_002984_.tmp.dll
C:\WINDOWS\system32\_002985_.tmp.dll
C:\WINDOWS\system32\_002988_.tmp.dll
C:\WINDOWS\system32\_002989_.tmp.dll
C:\WINDOWS\system32\_002991_.tmp.dll
C:\WINDOWS\system32\_002992_.tmp.dll
C:\WINDOWS\system32\_002993_.tmp.dll
C:\WINDOWS\system32\_002995_.tmp.dll
C:\WINDOWS\system32\_002996_.tmp.dll
C:\WINDOWS\system32\_002998_.tmp.dll
C:\WINDOWS\system32\_003002_.tmp.dll
C:\WINDOWS\system32\_003003_.tmp.dll
C:\WINDOWS\system32\_003005_.tmp.dll
C:\WINDOWS\system32\_003008_.tmp.dll
C:\WINDOWS\system32\_003009_.tmp.dll
C:\WINDOWS\system32\_003010_.tmp.dll
C:\WINDOWS\system32\_003011_.tmp.dll
C:\WINDOWS\system32\_003012_.tmp.dll
C:\WINDOWS\system32\_003015_.tmp.dll
C:\WINDOWS\system32\_003017_.tmp.dll
C:\WINDOWS\system32\_003018_.tmp.dll
C:\WINDOWS\system32\_003019_.tmp.dll
C:\WINDOWS\system32\_003023_.tmp.dll
C:\WINDOWS\system32\_003025_.tmp.dll
C:\WINDOWS\system32\drivers\fad.sys
C:\WINDOWS\system32\taskmgr.com

.
((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))

.
-------\LEGACY_NM
-------\LEGACY_NPF
-------\nm


((((((((((((((((((((((((( Files Created from 2007-09-22 to 2007-10-22 )))))))))))))))))))))))))))))))
.

2007-10-22 18:56 92,544 --a------ C:\WINDOWS\SYSTEM32\DRIVERS\av5flt.sys
2007-10-21 16:57 51,200 C:\WINDOWS\NirCmd.exe
2007-10-19 20:04 <DIR> d-------- C:\Documents and Settings\Ryan\Application Data\Grisoft
2007-10-19 20:03 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Grisoft
2007-10-19 20:03 10,872 --a------ C:\WINDOWS\SYSTEM32\DRIVERS\AvgAsCln.sys
2007-10-18 21:44 <DIR> d-------- C:\Program Files\XoftSpySE
2007-10-16 15:08 <DIR> d-------- C:\WINDOWS\.jagex_cache_32
2007-10-16 14:48 <DIR> d-------- C:\Program Files\Enigma Software Group
2007-10-16 10:32 1,152 --a------ C:\WINDOWS\SYSTEM32\windrv.sys
2007-10-16 10:31 <DIR> d-------- C:\Program Files\Common Files\Download Manager
2007-10-15 22:07 <DIR> d-------- C:\Program Files\Video Add-on
2007-10-15 22:07 <DIR> d-a------ C:\Documents and Settings\All Users\Application Data\TEMP
2007-10-14 19:02 <DIR> d-------- C:\Documents and Settings\Ryan\Application Data\NCH Swift Sound
2007-10-14 19:02 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\NCH Swift Sound
2007-09-23 14:32 <DIR> d-------- C:\WINDOWS\SHELLNEW
2007-09-23 14:32 <DIR> d-------- C:\Program Files\Microsoft ActiveSync
2007-09-23 13:42 <DIR> d-------- C:\o12adminst

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2007-10-20 23:21 --------- d-----w C:\Program Files\AIM
2007-10-20 18:18 31,538 ----a-w C:\Documents and Settings\Ryan\Application Data\wklnhst.dat
2007-10-20 17:48 --------- d-----w C:\Program Files\Microsoft Works
2007-10-16 15:57 --------- d-----w C:\Program Files\Lexmark X1100 Series
2007-08-26 17:54 --------- d-----w C:\Program Files\Common Files\Adobe
2006-10-30 22:21 4,394 ----a-w C:\Documents and Settings\Ryan\Application Data\SAS7_000.DAT
2006-07-07 05:37 560 ----a-w C:\Documents and Settings\Ryan\Application Data\ViewerApp.dat
2006-07-05 02:14 332 ----a-w C:\Documents and Settings\Ryan\restore.reg
2006-06-03 18:58 59,664 ----a-w C:\Documents and Settings\Ryan\Application Data\GDIPFONTCACHEV1.DAT
2006-04-12 19:02 33 ----a-w C:\Program Files\purl.txt
2006-01-14 20:53 6,512 ----a-w C:\Documents and Settings\Ryan\Device.dat
2001-06-04 22:24 1,012,224 -c--a-w C:\Program Files\Common Files\Staredit.dll
2006-07-12 21:47:21 152 --sh--r C:\WINDOWS\SYSTEM32\BBACA0DEC3.dll
.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
"{23ED2206-856D-461A-BBCF-1C2466AC5AE3}"= C:\Program Files\Video Add-on\ictmdl.dll [2007-10-15 22:07 80896]

[HKEY_CLASSES_ROOT\CLSID\{23ED2206-856D-461A-BBCF-1C2466AC5AE3}]

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser]
"{23ED2206-856D-461A-BBCF-1C2466AC5AE3}"= C:\Program Files\Video Add-on\ictmdl.dll [2007-10-15 22:07 80896]

[HKEY_CLASSES_ROOT\CLSID\{23ED2206-856D-461A-BBCF-1C2466AC5AE3}]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Zone Labs Client"="C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe" [2005-04-19 18:06]
"Logitech Hardware Abstraction Layer"="KHALMNPR.EXE" [2006-07-19 12:03 C:\WINDOWS\KHALMNPR.Exe]
"Kernel and Hardware Abstraction Layer"="KHALMNPR.EXE" [2006-07-19 12:03 C:\WINDOWS\KHALMNPR.Exe]
"iTunesHelper"="F:\Documents And Settings\Program Files\iTunes\iTunesHelper.exe" [2006-06-14 16:24]
"APVXDWIN"="F:\Documents And Settings\Program Files\PandaAntiVirus\APVXDWIN.exe" [2006-09-13 07:59]
"SNM"="F:\Documents And Settings\Program Files\SpyNoMore\SNM.exe" []
"!AVG Anti-Spyware"="C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" [2007-10-19 20:05]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"@"="" []
"ctfmon.exe"="C:\WINDOWS\System32\ctfmon.exe" [2002-08-29 05:00]

[HKEY_USERS\.default\software\microsoft\windows\currentversion\run]
"Wincmd16"=F:\Documents And Settings\Program Files\Active Key Logger\Active Key Logger.exe

C:\Documents and Settings\All Users\Start Menu\Programs\Startup\
Logitech SetPoint.lnk - F:\Documents And Settings\Program Files\SetPoint\SetPoint\SetPoint.exe [2006-12-03 20:02:00]
WG111v2 Smart Wizard Wireless Setting.lnk - C:\Program Files\NETGEAR\WG111v2 Configuration Utility\RtlWake.exe [2007-04-08 19:07:18]

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\system]
"Ghp`amfUbrhLds"=0 (0x0)

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\explorer]
"AllowLegacyWebView"=1 (0x1)
"AllowUnhashedWebView"=1 (0x1)

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer]
"Mn@iboddPubswLfov"=0 (0x0)
"Mn@mlrf"=0 (0x0)
"MnOndNeg"=0 (0x0)
"MnQtm"=0 (0x0)
"NoLogOff"=0 (0x0)

[HKEY_CURRENT_USER\software\microsoft\internet explorer\desktop\components\1]
Source= F:\Documents And Settings\Program Files\AnfyTeam\Applet\ANPANORAMA\preview.html
FriendlyName= Anfy ANPANORAMA

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\avldr]
avldr.dll 2005-09-27 12:13 45056 C:\WINDOWS\SYSTEM32\avldr.dll

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
"Notification Packages"= scecli scecli scecli scecli scecli scecli scecli scecli scecli scecli scecli scecli scecli scecli

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^America Online 8.0 Tray Icon.lnk]
path=C:\Documents and Settings\All Users\Start Menu\Programs\Startup\America Online 8.0 Tray Icon.lnk
backup=C:\WINDOWS\pss\America Online 8.0 Tray Icon.lnkCommon Startup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AIM]
C:\Program Files\AIM\aim.exe -cnetwait.odl

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\FRISK FP-Scheduler]
C:\Program Files\FSI\F-Prot\F-Sched.exe STARTUP

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MPFExe]
C:\PROGRA~1\McAfee.com\PERSON~1\MpfTray.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MsnMsgr]
"C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\snipe]
C:\WINDOWS\system32\explorer.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Weather]
C:\Program Files\AWS\WeatherBug\Weather.exe 1

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\run-]
"Aim6"="C:\Program Files\AIM6\aim6.exe" /d locale=en-US ee://aol/imApp
"Skype"="C:\Program Files\Skype\Phone\Skype.exe" /nosplash /minimized
"swg"=C:\Program Files\Google\GoogleToolbarNotifier\1.2.908.5008\GoogleToolbarNotifier.exe

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run-]
"ISUSScheduler"="C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" -start
"REGSHAVE"=C:\Program Files\REGSHAVE\REGSHAVE.EXE /AUTORUN
"SunJavaUpdateSched"=C:\Program Files\Java\jre1.5.0_07\bin\jusched.exe
"QuickTime Task"="C:\Program Files\QuickTime\qttask.exe" -atboottime

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\runservices-]
"Generic Host Process"=C:\WINDOWS\System32\scvhost.exe

R0 netflt;Panda Net Driver.;C:\WINDOWS\System32\Drivers\netflt.sys
R0 PzWDM;PzWDM;C:\WINDOWS\System32\Drivers\PzWDM.sys
R1 ShldDrv;Panda File Shield Driver;C:\WINDOWS\System32\drivers\ShldDrv.sys
R2 cpoint;Panda CPoint Driver;C:\WINDOWS\System32\Drivers\cpoint.sys
R2 F-Secure Filter;F-Secure File System Filter;\??\F:\Documents And Settings\Program Files\Anti-Virus\Win2K\FSfilter.sys
R2 F-Secure Gatekeeper;F-Secure Gatekeeper;\??\F:\Documents And Settings\Program Files\Anti-Virus\Win2K\FSgk.sys
R2 F-Secure Recognizer;F-Secure File System Recognizer;\??\F:\Documents And Settings\Program Files\Anti-Virus\Win2K\FSrec.sys
R2 LBeepKE;LBeepKE;C:\WINDOWS\System32\Drivers\LBeepKE.sys
R2 PavProc;Panda Process Protection Driver;\??\C:\WINDOWS\System32\DRIVERS\PavProc.sys
R2 Vcs;Vcs support;\??\C:\WINDOWS\System32\Drivers\Vcs.sys
R3 AvFlt;Antivirus Filter Driver;C:\WINDOWS\System32\drivers\av5flt.sys
R3 PavSRK.sys;PavSRK.sys;\??\C:\WINDOWS\System32\PavSRK.sys
R3 PavTPK.sys;PavTPK.sys;\??\C:\WINDOWS\System32\PavTPK.sys
R3 RTLWUSB;NETGEAR WG111v2 54Mbps Wireless USB 2.0 Adapter NT Driver;C:\WINDOWS\System32\DRIVERS\wg111v2.sys
S0 FVDSCSI;FVDSCSI;C:\WINDOWS\System32\DRIVERS\fvdscsi.sys
S2 BulkUsb;Plustek USB Scanner;C:\WINDOWS\System32\DRIVERS\usbscan.sys
S2 Ca536av;DV 4500(Video);C:\WINDOWS\System32\Drivers\Ca536av.sys
S3 SilverLink;Texas Instruments SilverLink (USB GraphLink) Cable;C:\WINDOWS\System32\Drivers\SilvrLnk.sys
S3 SjyPkt;SjyPkt;\??\C:\WINDOWS\System32\Drivers\SjyPkt.sys
S3 sonypvs1;Sony Digital Imaging Video2;C:\WINDOWS\System32\DRIVERS\sonypvs1.sys
S3 USBCamera;DV 4500(Still);C:\WINDOWS\System32\Drivers\Bulk536.sys
S3 USBFVNETR;NETGEAR MA101 USB Adapter;C:\WINDOWS\System32\DRIVERS\ma101rnd.sys

.
Contents of the 'Scheduled Tasks' folder
"2007-10-19 22:15:00 C:\WINDOWS\Tasks\1-Click Maintenance.job"
- F:\Documents And Settings\Program Files\TuneUp04\SystemOptimizer.exe
"2003-07-13 00:29:18 C:\WINDOWS\Tasks\ISP signup reminder 1.job"
- C:\WINDOWS\System32\OOBE\OOBEBALN.EXE
"2007-10-22 23:56:59 C:\WINDOWS\Tasks\XoftSpySE 2.job"
"2007-10-19 02:44:36 C:\WINDOWS\Tasks\XoftSpySE.job"
- C:\Program Files\XoftSpySE\XoftSpy.exe
.
**************************************************************************

catchme 0.3.1232 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2007-10-22 18:59:06
Windows 5.1.2600 Service Pack 1 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

**************************************************************************
.
Completion time: 2007-10-22 19:06:06 - machine was rebooted
.
--- E O F ---


HijackThis Log File:

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 7:43:04 PM, on 10/22/2007
Platform: Windows XP SP1 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
F:\Documents And Settings\Program Files\PandaAntiVirus\pavsrv51.exe
F:\Documents And Settings\Program Files\PandaAntiVirus\AVENGINE.EXE
C:\WINDOWS\system32\svchost.exe
F:\Documents And Settings\Program Files\PandaAntiVirus\TPSrv.exe
C:\WINDOWS\system32\LEXBCES.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\LEXPPS.EXE
C:\WINDOWS\Explorer.EXE
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
F:\Documents And Settings\Program Files\Anti-Virus\fsgk32st.exe
F:\Documents And Settings\Program Files\Anti-Virus\FSGK32.EXE
F:\Documents And Settings\Program Files\Anti-Virus\fssm32.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
F:\Documents And Settings\Program Files\PandaAntiVirus\PavFnSvr.exe
C:\Program Files\Common Files\Panda Software\PavShld\pavprsrv.exe
F:\Documents And Settings\Program Files\PandaAntiVirus\PsImSvc.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Common Files\Ulead Systems\DVD\ULCDRSvr.exe
C:\WINDOWS\system32\fxssvc.exe
C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe
F:\Documents And Settings\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe
C:\WINDOWS\System32\ctfmon.exe
C:\WINDOWS\System32\wuauclt.exe
F:\Documents And Settings\Program Files\SetPoint\SetPoint\SetPoint.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\NETGEAR\WG111v2 Configuration Utility\RtlWake.exe
C:\WINDOWS\SYSTEM32\ZoneLabs\vsmon.exe
C:\Program Files\Common Files\Logitech\khalshared\KHALMNPR.EXE
F:\Documents And Settings\Program Files\Mozilla\firefox.exe
F:\Documents And Settings\Program Files\HijackThis.exe

R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.dellnet.com
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_02\bin\ssv.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar5.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\2.0.301.7164\swg.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar5.dll
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\system32\msdxm.ocx
O3 - Toolbar: IE Custom Tools - {23ED2206-856D-461A-BBCF-1C2466AC5AE3} - C:\Program Files\Video Add-on\ictmdl.dll
O4 - HKLM\..\Run: [Zone Labs Client] C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe
O4 - HKLM\..\Run: [Logitech Hardware Abstraction Layer] KHALMNPR.EXE
O4 - HKLM\..\Run: [Kernel and Hardware Abstraction Layer] KHALMNPR.EXE
O4 - HKLM\..\Run: [iTunesHelper] "F:\Documents And Settings\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [APVXDWIN] "F:\Documents And Settings\Program Files\PandaAntiVirus\APVXDWIN.EXE" /s
O4 - HKLM\..\Run: [SNM] F:\Documents And Settings\Program Files\SpyNoMore\SNM.exe /startup
O4 - HKLM\..\Run: [!AVG Anti-Spyware] "C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" /minimized
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\System32\ctfmon.exe
O4 - HKLM\..\Policies\Explorer\Run: [Generic Host Process] C:\WINDOWS\System32\scvhost.exe
O4 - HKUS\S-1-5-18\..\Run: [Wincmd16] F:\Documents And Settings\Program Files\Active Key Logger\Active Key Logger.exe (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [Wincmd16] F:\Documents And Settings\Program Files\Active Key Logger\Active Key Logger.exe (User 'Default user')
O4 - Global Startup: Logitech SetPoint.lnk = ?
O4 - Global Startup: WG111v2 Smart Wizard Wireless Setting.lnk = ?
O8 - Extra context menu item: &Block this popup - F:\Documents And Settings\Program Files\Anti-Spyware\blockpopups.htm
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_02\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_02\bin\ssv.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~3\OFFICE11\REFIEBAR.DLL
O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\Program Files\AIM\aim.exe
O16 - DPF: {01A88BB1-1174-41EC-ACCB-963509EAE56B} (SysProWmi Class) - https://support.dell.com/systemprofiler/SysPro.CAB
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsoftupdat...b?1166061753307
O16 - DPF: {BE1BDC4F-2AAC-494E-88B1-86B2EE4F2D6D} - http://download.copysafe.net/Plugin/Download/Copysafe.cab
O16 - DPF: {CFCB7308-782F-11D4-BE27-000102598CE4} (NPX Control) - http://kr.pristontale.com/nprotect/nprotect/npx.cab
O16 - DPF: {FA3662C3-B8E8-11D6-A667-0010B556D978} (IWinAmpActiveX Class) - http://cdn.digitalcity.com/_media/dalaillama/ampx.cab
O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: AVG Anti-Spyware Guard - GRISOFT s.r.o. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
O23 - Service: FSGKHS (F-Secure Gatekeeper Handler Starter) - F-Secure Corporation - F:\Documents And Settings\Program Files\Anti-Virus\fsgk32st.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPodService - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: LexBce Server (LexBceS) - Lexmark International, Inc. - C:\WINDOWS\system32\LEXBCES.EXE
O23 - Service: LiveUpdate - Symantec Corporation - C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE
O23 - Service: Panda Function Service (PAVFNSVR) - Panda Software International - F:\Documents And Settings\Program Files\PandaAntiVirus\PavFnSvr.exe
O23 - Service: Panda Process Protection Service (PavPrSrv) - Panda Software - C:\Program Files\Common Files\Panda Software\PavShld\pavprsrv.exe
O23 - Service: Panda anti-virus service (PAVSRV) - Panda Software International - F:\Documents And Settings\Program Files\PandaAntiVirus\pavsrv51.exe
O23 - Service: Panda IManager Service (PSIMSVC) - Panda Software - F:\Documents And Settings\Program Files\PandaAntiVirus\PsImSvc.exe
O23 - Service: Remote Procedure Call (RPC) Locator (RpcLocator) - Unknown owner - C:\WINDOWS\System32\locator.exe (file missing)
O23 - Service: Panda TPSrv (TPSrv) - Panda Software - F:\Documents And Settings\Program Files\PandaAntiVirus\TPSrv.exe
O23 - Service: Ulead Burning Helper (UleadBurningHelper) - Ulead Systems, Inc. - C:\Program Files\Common Files\Ulead Systems\DVD\ULCDRSvr.exe
O23 - Service: TrueVector Internet Monitor (vsmon) - Zone Labs, LLC - C:\WINDOWS\SYSTEM32\ZoneLabs\vsmon.exe
O24 - Desktop Component 1: Anfy ANPANORAMA - F:\Documents And Settings\Program Files\AnfyTeam\Applet\ANPANORAMA\preview.html

--
End of file - 7599 bytes

Welcome to GTG.

F-Secure or Panda....decide which one to keep and uninstall the other to avoid any conflicts.

Print out or copy this page to Notepad. Make sure to work through the fixes in the exact order it is mentioned below. If there's anything that you don't understand, ask your question(s) before proceeding with the fixes. You should NOT have any open browsers when you are following the procedures below.

Download AVG Anti-Spyware at http://www.ewido.net/en/download/ and install it.
- Locate the icon on the desktop and double-click it to launch the set up program.
- Once the setup is complete you will need run AVG Anti-Spyware and update the definition files.
- On the main screen select the Update icon, then select the Update now link.
- Next select the Start Update button. The update will start and a progress bar will show the updates being installed.
- Once the update has completed select the Scanner icon at the top of the screen, then select the Settings tab.
- Once in the Settings screen click on Recommended actions and then select Quarantine.
- Under Reports, select Automatically generate report after every scan.
- Unselect Only if threats were found.

Close AVG Anti-Spyware. Do not run a scan just yet.

Download ATF Cleaner at http://www.atribune.org/ccount/click.php?id=1. Don't run it yet.

Download SmitfraudFix at http://siri.urz.free.fr/Fix/SmitfraudFix.zip and extract the content (a folder named SmitfraudFix) to your desktop. Do not run it yet.

Restart your computer and boot into Safe Mode. If you don't know how, go to http://www.bleepingcomputer.com/tutorials/tutorial61.html

Once in Safe Mode, open the SmitfraudFix folder. Double-click on smitfraudfix.cmd and select option #2 - Clean by typing 2 and press Enter to delete infected files. You will be prompted Registry cleaning - Do you want to clean the registry? Answer Yes by typing Y and press Enter in order to remove the desktop background and clean registry keys associated with the infection. The tool will now check if wininet.dll is infected. You may be prompted to replace the infected file (if found). Answer Yes by typing Y and press Enter.

The tool may need to restart your computer to finish the cleaning process. If it doesn't, please restart it manually to get back to Normal Mode. A text file will appear onscreen, with results from the cleaning process. Copy and paste the content of that report into your next reply. The report can also be found at the root of the system drive, usually at C:\rapport.txt

WARNING: Running option #2 on a non infected computer will remove your desktop background.

Double-click ATF-Cleaner.exe to run the program. Under Main choose Select All
Click the Empty Selected button.

If you use Firefox browser click Firefox at the top and choose Select All
Click the Empty Selected button.
NOTE: If you would like to keep your saved passwords, please click No at the prompt.

If you use Opera browser click Opera at the top and choose Select All
Click the Empty Selected button.
NOTE: If you would like to keep your saved passwords, please click No at the prompt.

Click Exit on the Main menu to close the program.

Go to Start->Run and type in regedit and hit OK. Go to File->Export and save the registry somewhere as a backup. Close the Registry Editor now. Go to Start->Run and type in notepad and hit OK. Then copy and paste the following into Notepad:

REGEDIT4
[-HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\snipe]
[HKEY_USERS\.default\software\microsoft\windows\currentversion\run]
"Wincmd16"=-

Save the file as "delete.reg". Make sure to save it with the quotes. Close Notepad. Double click on the delete.reg file and choose Yes to merge/add it to the registry. You may delete the file afterwards.

Run a scan in HijackThis. Check each of the following if they still exist and hit Fix checked when ready:

O3 - Toolbar: IE Custom Tools - {23ED2206-856D-461A-BBCF-1C2466AC5AE3} - C:\Program Files\Video Add-on\ictmdl.dll
O4 - HKLM\..\Run: [SNM] F:\Documents And Settings\Program Files\SpyNoMore\SNM.exe /startup
O4 - HKLM\..\Policies\Explorer\Run: [Generic Host Process] C:\WINDOWS\System32\scvhost.exe

Uninstall SpyNoMore, Active Key Logger and Video Add-on via the Add/Remove Programs panel if found.

Delete if found:

C:\Program Files\Video Add-on\
F:\Documents And Settings\Program Files\Active Key Logger\
C:\WINDOWS\system32\explorer.exe - delete it in the system32 folder only if found...don't delete it anywhere else
C:\WINDOWS\System32\scvhost.exe - careful on the spelling
C:\WINDOWS\SYSTEM32\BBACA0DEC3.dll
F:\Documents And Settings\Program Files\SpyNoMore\

Run AVG Anti-Spyware.
- Select the Scanner icon at the top and then the Scan tab then click on Complete System Scan.
- AVG Anti-Spyware will now begin the scanning process. Be patient as this may take a little time.

Once the scan is complete do the following:
- If you have any infections you will prompted on what action to take. Select Apply all actions.
- Next select the Reports icon at the top.
- Select the Save report as button in the lower left hand of the screen and save it to a text file on your system (make sure to remember where you saved that file, this is important).

Post the rapport.txt, AVG Anti-Spyware report and a new HijackThis log here.

I forgot to mention that I no longer have internet on the infected computer. I have to flash drive everything over from a different computer and then run the program on the infected computer. I won't be able to update any virus definitions.. Any suggestions?

Thanks for the reply.

Proceed anyway without the definition updates. Just make sure you get the latest version on the website and install it. See if you can get back online after doing the fixes above. If so, then run the update and new scan for hte antivirus.

I appreciate all the help.

My log's are below, but once the AVG scan was done, it came up with 3 problems that it quarintined, but didn't create a log for it. I know the settings are correct so I don't know why none are listed under "Reports". If I click "Infections" there is a list of the virus location, risk level, etc. When I go under "Reports" it says "No reports available". I will keep the scan open on my computer so I won't lose any of the information that it found. The HiJackThis and Rapport below.

Thanks again.

SmitFraudFix v2.253

Scan done at 13:17:25.70, Sat 11/24/2007
Run from C:\Documents and Settings\Ryan\Desktop\SmitfraudFix
OS: Microsoft Windows XP [Version 5.1.2600] - Windows_NT
The filesystem type is NTFS
Fix run in safe mode

»»»»»»»»»»»»»»»»»»»»»»»» SharedTaskScheduler Before SmitFraudFix
!!!Attention, following keys are not inevitably infected!!!

SrchSTS.exe by S!Ri
Search SharedTaskScheduler's .dll

»»»»»»»»»»»»»»»»»»»»»»»» Killing process


»»»»»»»»»»»»»»»»»»»»»»»» hosts

127.0.0.1 localhost

»»»»»»»»»»»»»»»»»»»»»»»» Winsock2 Fix

S!Ri's WS2Fix: LSP not Found.
»»»»»»»»»»»»»»»»»»»»»»»» Generic Renos Fix

GenericRenosFix by S!Ri


»»»»»»»»»»»»»»»»»»»»»»»» Deleting infected files

C:\Program Files\Video Add-on\ Deleted

»»»»»»»»»»»»»»»»»»»»»»»» DNS

HKLM\SYSTEM\CS1\Services\Tcpip\..\{719C85C6-DCB5-4AC4-B2A0-5E494F7FE92B}: DhcpNameServer=192.168.1.1
HKLM\SYSTEM\CS1\Services\Tcpip\Parameters: DhcpNameServer=192.168.1.1


»»»»»»»»»»»»»»»»»»»»»»»» Deleting Temp Files


»»»»»»»»»»»»»»»»»»»»»»»» Winlogon.System
!!!Attention, following keys are not inevitably infected!!!

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon]
"System"=""


»»»»»»»»»»»»»»»»»»»»»»»» Registry Cleaning

Registry Cleaning done.

»»»»»»»»»»»»»»»»»»»»»»»» SharedTaskScheduler After SmitFraudFix
!!!Attention, following keys are not inevitably infected!!!

SrchSTS.exe by S!Ri
Search SharedTaskScheduler's .dll


»»»»»»»»»»»»»»»»»»»»»»»» End

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 9:14:04 AM, on 11/25/2007
Platform: Windows XP SP1 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
F:\Documents And Settings\Program Files\PandaAntiVirus\pavsrv51.exe
F:\Documents And Settings\Program Files\PandaAntiVirus\AVENGINE.EXE
C:\WINDOWS\system32\svchost.exe
F:\Documents And Settings\Program Files\PandaAntiVirus\TPSrv.exe
C:\WINDOWS\system32\LEXBCES.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\LEXPPS.EXE
F:\Documents And Settings\Program Files\AVG Anti-Spyware 7.5\guard.exe
F:\Documents And Settings\Program Files\Anti-Virus\fsgk32st.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
F:\Documents And Settings\Program Files\Anti-Virus\FSGK32.EXE
F:\Documents And Settings\Program Files\PandaAntiVirus\PavFnSvr.exe
C:\Program Files\Common Files\Panda Software\PavShld\pavprsrv.exe
F:\Documents And Settings\Program Files\PandaAntiVirus\PsImSvc.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Common Files\Ulead Systems\DVD\ULCDRSvr.exe
F:\Documents And Settings\Program Files\Anti-Virus\fssm32.exe
C:\WINDOWS\SYSTEM32\ZoneLabs\vsmon.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe
F:\Documents And Settings\Program Files\iTunes\iTunesHelper.exe
F:\Documents And Settings\Program Files\PandaAntiVirus\APVXDWIN.EXE
F:\Documents And Settings\Program Files\AVG Anti-Spyware 7.5\avgas.exe
C:\WINDOWS\System32\ctfmon.exe
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\Program Files\iPod\bin\iPodService.exe
F:\Documents And Settings\Program Files\SetPoint\SetPoint\SetPoint.exe
C:\Program Files\NETGEAR\WG111v2 Configuration Utility\RtlWake.exe
C:\Program Files\Common Files\Logitech\khalshared\KHALMNPR.EXE
f:\documents and settings\program files\pandaantivirus\WebProxy.exe
C:\WINDOWS\System32\wuauclt.exe
C:\WINDOWS\system32\NOTEPAD.EXE
C:\WINDOWS\SYSTEM32\notepad.exe
C:\WINDOWS\system32\NOTEPAD.EXE
F:\Documents And Settings\Program Files\HijackThis.exe

O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_02\bin\ssv.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar5.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\2.0.301.7164\swg.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar5.dll
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\system32\msdxm.ocx
O4 - HKLM\..\Run: [Zone Labs Client] C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe
O4 - HKLM\..\Run: [Logitech Hardware Abstraction Layer] KHALMNPR.EXE
O4 - HKLM\..\Run: [Kernel and Hardware Abstraction Layer] KHALMNPR.EXE
O4 - HKLM\..\Run: [iTunesHelper] "F:\Documents And Settings\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [APVXDWIN] "F:\Documents And Settings\Program Files\PandaAntiVirus\APVXDWIN.EXE" /s
O4 - HKLM\..\Run: [!AVG Anti-Spyware] "F:\Documents And Settings\Program Files\AVG Anti-Spyware 7.5\avgas.exe" /minimized
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\System32\ctfmon.exe
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
O4 - Global Startup: Logitech SetPoint.lnk = ?
O4 - Global Startup: WG111v2 Smart Wizard Wireless Setting.lnk = ?
O8 - Extra context menu item: &Block this popup - F:\Documents And Settings\Program Files\Anti-Spyware\blockpopups.htm
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_02\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_02\bin\ssv.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~3\OFFICE11\REFIEBAR.DLL
O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\Program Files\AIM\aim.exe
O16 - DPF: {01A88BB1-1174-41EC-ACCB-963509EAE56B} (SysProWmi Class) - https://support.dell.com/systemprofiler/SysPro.CAB
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsoftupdat...b?1166061753307
O16 - DPF: {BE1BDC4F-2AAC-494E-88B1-86B2EE4F2D6D} - http://download.copysafe.net/Plugin/Download/Copysafe.cab
O16 - DPF: {CFCB7308-782F-11D4-BE27-000102598CE4} (NPX Control) - http://kr.pristontale.com/nprotect/nprotect/npx.cab
O16 - DPF: {FA3662C3-B8E8-11D6-A667-0010B556D978} (IWinAmpActiveX Class) - http://cdn.digitalcity.com/_media/dalaillama/ampx.cab
O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: AVG Anti-Spyware Guard - GRISOFT s.r.o. - F:\Documents And Settings\Program Files\AVG Anti-Spyware 7.5\guard.exe
O23 - Service: FSGKHS (F-Secure Gatekeeper Handler Starter) - F-Secure Corporation - F:\Documents And Settings\Program Files\Anti-Virus\fsgk32st.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPodService - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: LexBce Server (LexBceS) - Lexmark International, Inc. - C:\WINDOWS\system32\LEXBCES.EXE
O23 - Service: LiveUpdate - Symantec Corporation - C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE
O23 - Service: Panda Function Service (PAVFNSVR) - Panda Software International - F:\Documents And Settings\Program Files\PandaAntiVirus\PavFnSvr.exe
O23 - Service: Panda Process Protection Service (PavPrSrv) - Panda Software - C:\Program Files\Common Files\Panda Software\PavShld\pavprsrv.exe
O23 - Service: Panda anti-virus service (PAVSRV) - Panda Software International - F:\Documents And Settings\Program Files\PandaAntiVirus\pavsrv51.exe
O23 - Service: Panda IManager Service (PSIMSVC) - Panda Software - F:\Documents And Settings\Program Files\PandaAntiVirus\PsImSvc.exe
O23 - Service: Remote Procedure Call (RPC) Locator (RpcLocator) - Unknown owner - C:\WINDOWS\System32\locator.exe (file missing)
O23 - Service: Panda TPSrv (TPSrv) - Panda Software - F:\Documents And Settings\Program Files\PandaAntiVirus\TPSrv.exe
O23 - Service: Ulead Burning Helper (UleadBurningHelper) - Ulead Systems, Inc. - C:\Program Files\Common Files\Ulead Systems\DVD\ULCDRSvr.exe
O23 - Service: TrueVector Internet Monitor (vsmon) - Zone Labs, LLC - C:\WINDOWS\SYSTEM32\ZoneLabs\vsmon.exe

--
End of file - 7183 bytes

What 3 infections did AVG catch? Are you able to go online now and get all the latest updates?

Run combofix and post that log here along with the AVG one if you can get it.

Combofix is freezing when it runs... I'll try it again tomorrow but I ran it 3 times and it kept freezing. It looks like this:


AVG found the following:


Thanks again for the help.

Disable all your security programs (antivirus, antispyware, firewall, etc.) and disconnect from the internet. Then try running combofix again.

Did AVG quarantine all 3 files found?

Yes it quarantined everything it found. Thanks for the tip, the combofix log is below:

ComboFix 07-11-19.4 - Ryan 2007-11-27 20:19:00.2 - NTFSx86
Microsoft Windows XP Home Edition 5.1.2600.1.1252.1.1033.18.434 [GMT -5:00]
Running from: C:\Documents and Settings\Ryan\Desktop\ComboFix.exe
* Created a new restore point
.

((((((((((((((((((((((((( Files Created from 2007-10-28 to 2007-11-28 )))))))))))))))))))))))))))))))
.

2007-11-27 15:00 <DIR> d-------- C:\WINDOWS\LastGood
2007-11-27 15:00 <DIR> d-------- C:\Garmin
2007-11-27 15:00 17,536 --a------ C:\WINDOWS\SYSTEM32\DRIVERS\grmn0200.sys
2007-11-27 15:00 17,024 --a------ C:\WINDOWS\SYSTEM32\DRIVERS\grmngen.sys
2007-11-27 15:00 16,512 --a------ C:\WINDOWS\SYSTEM32\DRIVERS\grmn0400.sys
2007-11-27 15:00 11,776 --a------ C:\WINDOWS\SYSTEM32\DRIVERS\grmn1200.sys
2007-11-27 15:00 7,296 --a------ C:\WINDOWS\SYSTEM32\DRIVERS\grmnusb.sys
2007-11-24 13:17 289,144 --a------ C:\WINDOWS\SYSTEM32\VCCLSID.exe
2007-11-24 13:17 288,417 --a------ C:\WINDOWS\SYSTEM32\SrchSTS.exe
2007-11-24 13:17 53,248 --a------ C:\WINDOWS\SYSTEM32\Process.exe
2007-11-24 13:17 51,200 --a------ C:\WINDOWS\SYSTEM32\dumphive.exe
2007-11-24 13:17 25,600 --a------ C:\WINDOWS\SYSTEM32\WS2Fix.exe
2007-11-24 13:17 2,216 --a------ C:\WINDOWS\SYSTEM32\tmp.reg
2007-10-29 19:21 <DIR> d-------- C:\My Recordings

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2007-11-27 22:00 --------- d-----w C:\Program Files\XoftSpySE
2007-11-25 14:47 --------- d-----w C:\Program Files\AIM
2007-11-03 23:43 32,128 ----a-w C:\Documents and Settings\Ryan\Application Data\wklnhst.dat
2007-11-02 01:51 --------- d-----w C:\Program Files\Microsoft Works
2007-10-20 01:04 --------- d-----w C:\Documents and Settings\Ryan\Application Data\Grisoft
2007-10-20 01:03 --------- d-----w C:\Documents and Settings\All Users\Application Data\Grisoft
2007-10-19 02:09 --------- d-----w C:\Program Files\Enigma Software Group
2007-10-16 15:57 --------- d-----w C:\Program Files\Lexmark X1100 Series
2007-10-16 15:31 --------- d-----w C:\Program Files\Common Files\Download Manager
2007-10-16 03:13 --------- d---a-w C:\Documents and Settings\All Users\Application Data\TEMP
2007-10-15 00:02 --------- d-----w C:\Documents and Settings\Ryan\Application Data\NCH Swift Sound
2007-10-15 00:02 --------- d-----w C:\Documents and Settings\All Users\Application Data\NCH Swift Sound
2006-10-30 22:21 4,394 ----a-w C:\Documents and Settings\Ryan\Application Data\SAS7_000.DAT
2006-07-07 05:37 560 ----a-w C:\Documents and Settings\Ryan\Application Data\ViewerApp.dat
2006-07-05 02:14 332 ----a-w C:\Documents and Settings\Ryan\restore.reg
2006-06-03 18:58 59,664 ----a-w C:\Documents and Settings\Ryan\Application Data\GDIPFONTCACHEV1.DAT
2006-04-12 19:02 33 ----a-w C:\Program Files\purl.txt
2006-01-14 20:53 6,512 ----a-w C:\Documents and Settings\Ryan\Device.dat
2001-06-04 22:24 1,012,224 -c--a-w C:\Program Files\Common Files\Staredit.dll
2006-07-12 21:47 152 --sh--r C:\WINDOWS\SYSTEM32\BBACA0DEC3.dll
.

((((((((((((((((((((((((((((( snapshot@2007-10-22_19.01.53.20 )))))))))))))))))))))))))))))))))))))))))
.
- 2007-10-20 11:03:30 136,192 ----a-w C:\WINDOWS\catchme.exe
+ 2007-11-08 21:59:01 136,704 ----a-w C:\WINDOWS\catchme.exe
+ 2003-09-23 14:42:34 17,024 ----a-w C:\WINDOWS\LastGood\System32\Drivers\grmngen.sys
+ 2003-09-23 14:42:34 7,296 ----a-w C:\WINDOWS\LastGood\System32\Drivers\grmnusb.sys
- 2007-10-20 12:47:49 16,384 -c--a-w C:\WINDOWS\SYSTEM32\CONFIG\systemprofile\Cookies\index.dat
+ 2007-11-24 18:37:43 16,384 -c--a-w C:\WINDOWS\SYSTEM32\CONFIG\systemprofile\Cookies\index.dat
- 2007-10-20 12:47:49 16,384 -c--a-w C:\WINDOWS\SYSTEM32\CONFIG\systemprofile\Local Settings\History\History.IE5\index.dat
+ 2007-11-24 18:37:43 16,384 -c--a-w C:\WINDOWS\SYSTEM32\CONFIG\systemprofile\Local Settings\History\History.IE5\index.dat
- 2007-10-20 12:47:49 32,768 -c--a-w C:\WINDOWS\SYSTEM32\CONFIG\systemprofile\Local Settings\Temporary Internet Files\Content.IE5\index.dat
+ 2007-11-24 18:37:43 32,768 ----a-w C:\WINDOWS\SYSTEM32\CONFIG\systemprofile\Local Settings\Temporary Internet Files\Content.IE5\index.dat
- 2007-10-05 15:07:31 279,552 ----a-w C:\WINDOWS\SYSTEM32\swreg.exe
+ 2007-07-22 23:39:27 279,552 ----a-w C:\WINDOWS\SYSTEM32\swreg.exe
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ctfmon.exe"="C:\WINDOWS\System32\ctfmon.exe" [2002-08-29 05:00]
"swg"="C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2007-07-23 07:42]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Zone Labs Client"="C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe" [2005-04-19 18:06]
"Logitech Hardware Abstraction Layer"="KHALMNPR.EXE" [2006-07-19 12:03 C:\WINDOWS\KHALMNPR.Exe]
"Kernel and Hardware Abstraction Layer"="KHALMNPR.EXE" [2006-07-19 12:03 C:\WINDOWS\KHALMNPR.Exe]
"iTunesHelper"="F:\Documents And Settings\Program Files\iTunes\iTunesHelper.exe" [2006-06-14 16:24]
"APVXDWIN"="F:\Documents And Settings\Program Files\PandaAntiVirus\APVXDWIN.exe" [2006-09-13 07:59]
"!AVG Anti-Spyware"="F:\Documents And Settings\Program Files\AVG Anti-Spyware 7.5\avgas.exe" [2007-06-11 04:25]

C:\Documents and Settings\All Users\Start Menu\Programs\Startup\
Logitech SetPoint.lnk - F:\Documents And Settings\Program Files\SetPoint\SetPoint\SetPoint.exe [2006-12-03 20:02:00]
WG111v2 Smart Wizard Wireless Setting.lnk - C:\Program Files\NETGEAR\WG111v2 Configuration Utility\RtlWake.exe [2007-04-08 19:07:18]

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\system]
"Ghp`amfUbrhLds"= 0 (0x0)

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\explorer]
"AllowLegacyWebView"= 1 (0x1)
"AllowUnhashedWebView"= 1 (0x1)

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer]
"Mn@iboddPubswLfov"= 0 (0x0)
"Mn@mlrf"= 0 (0x0)
"MnOndNeg"= 0 (0x0)
"MnQtm"= 0 (0x0)
"NoLogOff"= 0 (0x0)

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\avldr]
avldr.dll 2005-09-27 12:13 45056 C:\WINDOWS\SYSTEM32\avldr.dll

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
"Notification Packages"= scecli scecli scecli scecli scecli scecli scecli scecli scecli scecli scecli scecli scecli scecli

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^America Online 8.0 Tray Icon.lnk]
path=C:\Documents and Settings\All Users\Start Menu\Programs\Startup\America Online 8.0 Tray Icon.lnk
backup=C:\WINDOWS\pss\America Online 8.0 Tray Icon.lnkCommon Startup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AIM]
C:\Program Files\AIM\aim.exe -cnetwait.odl

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\FRISK FP-Scheduler]
C:\Program Files\FSI\F-Prot\F-Sched.exe STARTUP

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MPFExe]
C:\PROGRA~1\McAfee.com\PERSON~1\MpfTray.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MsnMsgr]
C:\Program Files\MSN Messenger\MsnMsgr.Exe /background

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Weather]
C:\Program Files\AWS\WeatherBug\Weather.exe 1

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\run-]
"Aim6"="C:\Program Files\AIM6\aim6.exe" /d locale=en-US ee://aol/imApp
"Skype"="C:\Program Files\Skype\Phone\Skype.exe" /nosplash /minimized
"swg"=C:\Program Files\Google\GoogleToolbarNotifier\1.2.908.5008\GoogleToolbarNotifier.exe

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run-]
"ISUSScheduler"="C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" -start
"REGSHAVE"=C:\Program Files\REGSHAVE\REGSHAVE.EXE /AUTORUN
"SunJavaUpdateSched"=C:\Program Files\Java\jre1.5.0_07\bin\jusched.exe
"QuickTime Task"="C:\Program Files\QuickTime\qttask.exe" -atboottime

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\runservices-]
"Generic Host Process"=C:\WINDOWS\System32\scvhost.exe

R0 netflt;Panda Net Driver.;C:\WINDOWS\System32\Drivers\netflt.sys
R0 PzWDM;PzWDM;C:\WINDOWS\System32\Drivers\PzWDM.sys
R1 ShldDrv;Panda File Shield Driver;C:\WINDOWS\System32\drivers\ShldDrv.sys
R2 cpoint;Panda CPoint Driver;C:\WINDOWS\System32\Drivers\cpoint.sys
R2 F-Secure Filter;F-Secure File System Filter;\??\F:\Documents And Settings\Program Files\Anti-Virus\Win2K\FSfilter.sys
R2 F-Secure Gatekeeper;F-Secure Gatekeeper;\??\F:\Documents And Settings\Program Files\Anti-Virus\Win2K\FSgk.sys
R2 F-Secure Recognizer;F-Secure File System Recognizer;\??\F:\Documents And Settings\Program Files\Anti-Virus\Win2K\FSrec.sys
R2 LBeepKE;LBeepKE;C:\WINDOWS\System32\Drivers\LBeepKE.sys
R2 PavProc;Panda Process Protection Driver;\??\C:\WINDOWS\System32\DRIVERS\PavProc.sys
R2 Vcs;Vcs support;\??\C:\WINDOWS\System32\Drivers\Vcs.sys
R3 AvFlt;Antivirus Filter Driver;C:\WINDOWS\System32\drivers\av5flt.sys
R3 PavSRK.sys;PavSRK.sys;\??\C:\WINDOWS\System32\PavSRK.sys
S0 FVDSCSI;FVDSCSI;C:\WINDOWS\System32\DRIVERS\fvdscsi.sys
S2 BulkUsb;Plustek USB Scanner;C:\WINDOWS\System32\DRIVERS\usbscan.sys
S2 Ca536av;DV 4500(Video);C:\WINDOWS\System32\Drivers\Ca536av.sys
S3 PavTPK.sys;PavTPK.sys;\??\C:\WINDOWS\System32\PavTPK.sys
S3 RTLWUSB;NETGEAR WG111v2 54Mbps Wireless USB 2.0 Adapter NT Driver;C:\WINDOWS\System32\DRIVERS\wg111v2.sys
S3 SilverLink;Texas Instruments SilverLink (USB GraphLink) Cable;C:\WINDOWS\System32\Drivers\SilvrLnk.sys
S3 SjyPkt;SjyPkt;\??\C:\WINDOWS\System32\Drivers\SjyPkt.sys
S3 sonypvs1;Sony Digital Imaging Video2;C:\WINDOWS\System32\DRIVERS\sonypvs1.sys
S3 USBCamera;DV 4500(Still);C:\WINDOWS\System32\Drivers\Bulk536.sys
S3 USBFVNETR;NETGEAR MA101 USB Adapter;C:\WINDOWS\System32\DRIVERS\ma101rnd.sys

.
Contents of the 'Scheduled Tasks' folder
"2007-11-23 22:15:00 C:\WINDOWS\Tasks\1-Click Maintenance.job"
- F:\Documents And Settings\Program Files\TuneUp04\SystemOptimizer.exe
"2003-07-13 00:29:18 C:\WINDOWS\Tasks\ISP signup reminder 1.job"
- C:\WINDOWS\System32\OOBE\OOBEBALN.EXE
"2007-11-27 22:00:01 C:\WINDOWS\Tasks\XoftSpySE 2.job"
- C:\Program Files\XoftSpySE\XoftSpy.exe
"2007-11-27 19:59:05 C:\WINDOWS\Tasks\XoftSpySE.job"
- C:\Program Files\XoftSpySE\XoftSpy.exe
.
**************************************************************************

catchme 0.3.1262 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2007-11-27 20:22:19
Windows 5.1.2600 Service Pack 1 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

**************************************************************************
.
Completion time: 2007-11-27 20:23:41
C:\ComboFix2.txt ... 2007-10-22 19:06
.
--- E O F ---

I guess that did the trick with combofix

For Panda and F-Secure, decide which one of those antivirus programs you want to keep and uninstall one of them now.

Go to Start->Run and type in regedit and hit OK. Go to File->Export and save the registry somewhere as a backup. Close the Registry Editor now. Go to Start->Run and type in notepad and hit OK. Then copy and paste the following into Notepad:

REGEDIT4
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\runservices]
"Generic Host Process"=-

Save the file as "delete.reg". Make sure to save it with the quotes. Close Notepad. Double click on the delete.reg file and choose Yes to merge/add it to the registry. You may delete the file afterwards.

Download KillBox at http://www.greyknight17.com/spy/KillBox.exe Run KillBox and check the box that says End Explorer Shell While Killing File. Next click on Delete on Reboot. Select the below lines. Right click on them once all are selected and choose Copy:

C:\WINDOWS\System32\scvhost.exe

Go back to KillBox. Go to File->Paste from Clipboard and then hit the button with a red circle and white X. Confirm to delete and when asked if you want to reboot, say Yes. If you get a PendingOperations message, just close it and restart your computer manually.

Run combofix again and post the log here along with a new HijackThis log.

How is the computer running now?

This post has been edited by greyknight17: Nov 28 2007, 09:19 PM

There is no folder for Panda or F-Secure and it doesn't appear on my Add/Remove list, which is probably why they are both still installed. I posted my HiJackThis uninstall_list log and then the HJT and Combo log below it. Also I was unable to merge the registry entry. This is the error I get:



100 Proof Cocktail Planner 6.09
1-More Watermarker
6000 Sound Effects
Active WebCam
Ad-Aware SE Personal
Adobe Flash Player Plugin
Adobe Reader 6.0.1
Adobe Shockwave Player
Anfy
AOL Instant Messenger
ASCII Art Generator 3.2.2
AVG Anti-Spyware 7.5
Babarosa Gif Animator 3.6 (Remove only)
BCM V.92 56K Modem
Bias Sound Soap 2 DX RTAS VST v2.01
Broadcom Advanced Control Suite
DAO
Dell Solution Center
Dell Support 5.0.0 (766)
Diablo II
DV 4500
Easy Video Splitter 1.28
ExpressDigital Darkroom Web Edition V8.7
EzGenerator 2.5
FinePixViewer Resource
FinePixViewer Ver.5.1
First Step Guide
FL Studio 6
Flashation Menu Builder
Flash-Creator 1
FlashFXP v3
FREE Hi-Q Recorder 1.92
FUJIFILM USB Driver
GameWiz32
Google Earth
Google Earth Pro version 3.0.XXXX (beta) Patch Files
Google Talk (remove only)
Google Toolbar for Internet Explorer
HijackThis 2.0.2
Image Resizer Powertoy for Windows XP
ImageMixer VCD2
ImageMixer VCD2 LE for FinePix
ImageShack QuickLoad
IncrediMail Xe
Intel® Extreme Graphics Driver
iPod Media Studio 1.0
iTunes
J2SE Runtime Environment 5.0 Update 7
JaSFtp7
Java DB 10.2.2.0
Java™ 6 Update 2
Java™ SE Development Kit 6 Update 2
KhalSetup
Lame ACM MP3 Codec
Lexmark X1100 Series
LimeWire PRO 4.9.28
LiveUpdate 3.1 (Symantec Corporation)
Logitech SetPoint
Macromedia Dreamweaver 8
Macromedia Extension Manager
Macromedia Flash 8
Macromedia Flash 8 Video Encoder
Macromedia Flash Player
Macromedia Flash Player 8
Macromedia Flash Player 8
Magic DVD Ripper V3.6
MediaLife
Microsoft .NET Framework (English)
Microsoft .NET Framework (English) v1.0.3705
Microsoft .NET Framework 1.1
Microsoft .NET Framework 1.1
Microsoft .NET Framework 1.1 Hotfix (KB886903)
Microsoft Data Access Components KB870669
Microsoft Office FrontPage 2003
Microsoft Office Professional Edition 2003
Microsoft Office XP Media Content
Microsoft Text-to-Speech Engine 4.0 (English)
Microsoft Visual Basic 6.0 Enterprise Edition
Microsoft Visual Basic 6.0 Professional Edition
Microsoft Visual C++ 2005 Redistributable
Microsoft Works
Modem Helper
Mozilla Firefox (1.5.0.11)
MP3 To Ringtone Gold 3.20
MSXML 4.0 SP2 (KB925672)
MUSICMATCH® Jukebox
Nature Illusion Studio
Nero 7 Demo
ONES (E)
Paintball Field Builder
Paintball2 Alpha build 016
Picture Package
PicturesToExe
Plextor ConvertX AV100U A/V Capture Device Driver
PowerDVD
QuickTime
RAW FILE CONVERTER LE
Right Click Image Converter
RTC Client API v1.2
Security Update for CAPICOM (KB931906)
Security Update for CAPICOM (KB931906)
Security Update for Step By Step Interactive Training (KB898458)
Security Update for Windows Media Player (KB911564)
Security Update for Windows Media Player 10 (KB917734)
Security Update for Windows XP (KB890046)
Security Update for Windows XP (KB893756)
Security Update for Windows XP (KB896358)
Security Update for Windows XP (KB896423)
Security Update for Windows XP (KB896424)
Security Update for Windows XP (KB896428)
Security Update for Windows XP (KB899587)
Security Update for Windows XP (KB899591)
Security Update for Windows XP (KB900725)
Security Update for Windows XP (KB901017)
Security Update for Windows XP (KB901214)
Security Update for Windows XP (KB902400)
Security Update for Windows XP (KB904706)
Security Update for Windows XP (KB905414)
Security Update for Windows XP (KB905495)
Security Update for Windows XP (KB905749)
Security Update for Windows XP (KB908519)
Security Update for Windows XP (KB911562)
Security Update for Windows XP (KB911927)
Security Update for Windows XP (KB912919)
Security Update for Windows XP (KB913580)
Security Update for Windows XP (KB914388)
Security Update for Windows XP (KB914389)
Security Update for Windows XP (KB917344)
Security Update for Windows XP (KB917422)
Security Update for Windows XP (KB917953)
Security Update for Windows XP (KB919007)
Security Update for Windows XP (KB920670)
Security Update for Windows XP (KB920683)
Security Update for Windows XP (KB920685)
Security Update for Windows XP (KB921398)
Security Update for Windows XP (KB921883)
Security Update for Windows XP (KB922616)
Security Update for Windows XP (KB922819)
Security Update for Windows XP (KB923191)
Security Update for Windows XP (KB923414)
Security Update for Windows XP (KB924191)
Security Update for Windows XP (KB924496)
Shockwave
Shots per second
Sierra Utilities
Skype 2.5
SmartFTP Client 2.0 Setup Files (remove only)
Sony USB Driver
Sorenson Squeeze 4.5
Spybot - Search & Destroy 1.4
Starcraft
StealthBot v2.4 (remove only)
StealthBot v2.6 (remove only)
StealthBot v2.6 Revision 3 (remove only)
Super Screen Capture 2.5
SWAT 4
The Panorama Factory V4 Legacy Edition
The Rosetta Stone
TI Connect 1.6
Total Video Converter 2.52
Ulead MediaStudio Pro 8.0
Ulead VideoStudio 10
Ulead VideoStudio 9.0
UltimateBot
Update for Windows XP (KB835409)
Update for Windows XP (KB898461)
Update for Windows XP (KB908531)
Update for Windows XP (KB910437)
Update for Windows XP (KB911280)
VideoLAN VLC media player 0.8.2
VideoReDo/Plus Version 2-1-2-417
Visual Task Tips 2.0
Warcraft II BNE
Web Gallery Wizard PRO 1.5.3113.1
WG111v2 Configuration Utility
WinCAM Video Codec
Windows Installer 3.1 (KB893803)
Windows Media Encoder 9 Series
Windows Media Encoder 9 Series
Windows Media Format Runtime
Windows Media Player 10
Windows Media Player Hotfix [See wm828026 for more information]
Windows XP Hotfix - KB821557
Windows XP Hotfix - KB822603
Windows XP Hotfix - KB823182
Windows XP Hotfix - KB823559
Windows XP Hotfix - KB824105
Windows XP Hotfix - KB824141
Windows XP Hotfix - KB824146
Windows XP Hotfix - KB825119
Windows XP Hotfix - KB828035
Windows XP Hotfix - KB828741
Windows XP Hotfix - KB828756
Windows XP Hotfix - KB833407
Windows XP Hotfix - KB833987
Windows XP Hotfix - KB835732
Windows XP Hotfix - KB837001
Windows XP Hotfix - KB839645
Windows XP Hotfix - KB840315
Windows XP Hotfix - KB840374
Windows XP Hotfix - KB841873
Windows XP Hotfix - KB842773
Windows XP Hotfix - KB873339
Windows XP Hotfix - KB885835
Windows XP Hotfix - KB885836
Windows XP Hotfix - KB888302
Windows XP Hotfix - KB890859
Windows XP Hotfix - KB891781
Windows XP Hotfix - KB911567
Windows XP Hotfix - KB918439
Windows XP Hotfix - KB918899
Windows XP Hotfix - KB925486
Windows XP Hotfix (SP2) [See Q329115 for more information]
Windows XP Hotfix (SP2) [See Q329390 for more information]
Windows XP Hotfix (SP2) [See Q329834 for more information]
Windows XP Hotfix (SP2) Q328310
Windows XP Hotfix (SP2) Q329170
Windows XP Hotfix (SP2) Q329441
Windows XP Hotfix (SP2) Q810565
Windows XP Hotfix (SP2) Q810577
Windows XP Hotfix (SP2) Q810833
Windows XP Hotfix (SP2) Q811493
Windows XP Hotfix (SP2) Q814033
Windows XP Hotfix (SP2) Q815021
Windows XP Hotfix (SP2) Q817287
Windows XP Hotfix (SP2) Q817606
Windows XP Hotfix (SP2) Q819696
WinRAR archiver
XoftSpySE
ZoneAlarm

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 6:20:42 PM, on 12/1/2007
Platform: Windows XP SP1 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
F:\Documents And Settings\Program Files\PandaAntiVirus\pavsrv51.exe
F:\Documents And Settings\Program Files\PandaAntiVirus\AVENGINE.EXE
C:\WINDOWS\system32\svchost.exe
F:\Documents And Settings\Program Files\PandaAntiVirus\TPSrv.exe
C:\WINDOWS\system32\LEXBCES.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\LEXPPS.EXE
F:\Documents And Settings\Program Files\AVG Anti-Spyware 7.5\guard.exe
F:\Documents And Settings\Program Files\Anti-Virus\fsgk32st.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
F:\Documents And Settings\Program Files\Anti-Virus\FSGK32.EXE
F:\Documents And Settings\Program Files\PandaAntiVirus\PavFnSvr.exe
C:\Program Files\Common Files\Panda Software\PavShld\pavprsrv.exe
F:\Documents And Settings\Program Files\PandaAntiVirus\PsImSvc.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Common Files\Ulead Systems\DVD\ULCDRSvr.exe
C:\WINDOWS\SYSTEM32\ZoneLabs\vsmon.exe
F:\Documents And Settings\Program Files\Anti-Virus\fssm32.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\System32\wuauclt.exe
C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe
F:\Documents And Settings\Program Files\iTunes\iTunesHelper.exe
F:\Documents And Settings\Program Files\PandaAntiVirus\APVXDWIN.EXE
F:\Documents And Settings\Program Files\AVG Anti-Spyware 7.5\avgas.exe
C:\WINDOWS\System32\ctfmon.exe
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
F:\Documents And Settings\Program Files\SetPoint\SetPoint\SetPoint.exe
C:\Program Files\NETGEAR\WG111v2 Configuration Utility\RtlWake.exe
C:\Program Files\iPod\bin\iPodService.exe
f:\documents and settings\program files\pandaantivirus\WebProxy.exe
C:\Program Files\Common Files\Logitech\khalshared\KHALMNPR.EXE
F:\Documents And Settings\Program Files\HijackThis.exe

O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_02\bin\ssv.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar5.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\2.0.301.7164\swg.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar5.dll
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\system32\msdxm.ocx
O4 - HKLM\..\Run: [Zone Labs Client] C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe
O4 - HKLM\..\Run: [Logitech Hardware Abstraction Layer] KHALMNPR.EXE
O4 - HKLM\..\Run: [Kernel and Hardware Abstraction Layer] KHALMNPR.EXE
O4 - HKLM\..\Run: [iTunesHelper] "F:\Documents And Settings\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [APVXDWIN] "F:\Documents And Settings\Program Files\PandaAntiVirus\APVXDWIN.EXE" /s
O4 - HKLM\..\Run: [!AVG Anti-Spyware] "F:\Documents And Settings\Program Files\AVG Anti-Spyware 7.5\avgas.exe" /minimized
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\System32\ctfmon.exe
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
O4 - Global Startup: Logitech SetPoint.lnk = ?
O4 - Global Startup: WG111v2 Smart Wizard Wireless Setting.lnk = ?
O8 - Extra context menu item: &Block this popup - F:\Documents And Settings\Program Files\Anti-Spyware\blockpopups.htm
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_02\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_02\bin\ssv.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~3\OFFICE11\REFIEBAR.DLL
O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\Program Files\AIM\aim.exe
O16 - DPF: {01A88BB1-1174-41EC-ACCB-963509EAE56B} (SysProWmi Class) - https://support.dell.com/systemprofiler/SysPro.CAB
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsoftupdat...b?1166061753307
O16 - DPF: {BE1BDC4F-2AAC-494E-88B1-86B2EE4F2D6D} - http://download.copysafe.net/Plugin/Download/Copysafe.cab
O16 - DPF: {CFCB7308-782F-11D4-BE27-000102598CE4} (NPX Control) - http://kr.pristontale.com/nprotect/nprotect/npx.cab
O16 - DPF: {FA3662C3-B8E8-11D6-A667-0010B556D978} (IWinAmpActiveX Class) - http://cdn.digitalcity.com/_media/dalaillama/ampx.cab
O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: AVG Anti-Spyware Guard - GRISOFT s.r.o. - F:\Documents And Settings\Program Files\AVG Anti-Spyware 7.5\guard.exe
O23 - Service: FSGKHS (F-Secure Gatekeeper Handler Starter) - F-Secure Corporation - F:\Documents And Settings\Program Files\Anti-Virus\fsgk32st.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPodService - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: LexBce Server (LexBceS) - Lexmark International, Inc. - C:\WINDOWS\system32\LEXBCES.EXE
O23 - Service: LiveUpdate - Symantec Corporation - C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE
O23 - Service: Panda Function Service (PAVFNSVR) - Panda Software International - F:\Documents And Settings\Program Files\PandaAntiVirus\PavFnSvr.exe
O23 - Service: Panda Process Protection Service (PavPrSrv) - Panda Software - C:\Program Files\Common Files\Panda Software\PavShld\pavprsrv.exe
O23 - Service: Panda anti-virus service (PAVSRV) - Panda Software International - F:\Documents And Settings\Program Files\PandaAntiVirus\pavsrv51.exe
O23 - Service: Panda IManager Service (PSIMSVC) - Panda Software - F:\Documents And Settings\Program Files\PandaAntiVirus\PsImSvc.exe
O23 - Service: Remote Procedure Call (RPC) Locator (RpcLocator) - Unknown owner - C:\WINDOWS\System32\locator.exe (file missing)
O23 - Service: Panda TPSrv (TPSrv) - Panda Software - F:\Documents And Settings\Program Files\PandaAntiVirus\TPSrv.exe
O23 - Service: Ulead Burning Helper (UleadBurningHelper) - Ulead Systems, Inc. - C:\Program Files\Common Files\Ulead Systems\DVD\ULCDRSvr.exe
O23 - Service: TrueVector Internet Monitor (vsmon) - Zone Labs, LLC - C:\WINDOWS\SYSTEM32\ZoneLabs\vsmon.exe

--
End of file - 7083 bytes

ComboFix 07-11-19.4 - Ryan 2007-12-01 18:21:45.3 - NTFSx86
Microsoft Windows XP Home Edition 5.1.2600.1.1252.1.1033.18.405 [GMT -5:00]
Running from: C:\Documents and Settings\Ryan\Desktop\ComboFix.exe
.

((((((((((((((((((((((((( Files Created from 2007-11-01 to 2007-12-01 )))))))))))))))))))))))))))))))
.

2007-11-27 15:00 <DIR> d-------- C:\Garmin
2007-11-27 15:00 17,536 --a------ C:\WINDOWS\SYSTEM32\DRIVERS\grmn0200.sys
2007-11-27 15:00 17,024 --a------ C:\WINDOWS\SYSTEM32\DRIVERS\grmngen.sys
2007-11-27 15:00 16,512 --a------ C:\WINDOWS\SYSTEM32\DRIVERS\grmn0400.sys
2007-11-27 15:00 11,776 --a------ C:\WINDOWS\SYSTEM32\DRIVERS\grmn1200.sys
2007-11-27 15:00 7,296 --a------ C:\WINDOWS\SYSTEM32\DRIVERS\grmnusb.sys
2007-11-24 13:17 289,144 --a------ C:\WINDOWS\SYSTEM32\VCCLSID.exe
2007-11-24 13:17 288,417 --a------ C:\WINDOWS\SYSTEM32\SrchSTS.exe
2007-11-24 13:17 53,248 --a------ C:\WINDOWS\SYSTEM32\Process.exe
2007-11-24 13:17 51,200 --a------ C:\WINDOWS\SYSTEM32\dumphive.exe
2007-11-24 13:17 25,600 --a------ C:\WINDOWS\SYSTEM32\WS2Fix.exe
2007-11-24 13:17 2,216 --a------ C:\WINDOWS\SYSTEM32\tmp.reg

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2007-11-27 22:00 --------- d-----w C:\Program Files\XoftSpySE
2007-11-25 14:47 --------- d-----w C:\Program Files\AIM
2007-11-03 23:43 32,128 ----a-w C:\Documents and Settings\Ryan\Application Data\wklnhst.dat
2007-11-02 01:51 --------- d-----w C:\Program Files\Microsoft Works
2007-10-20 01:04 --------- d-----w C:\Documents and Settings\Ryan\Application Data\Grisoft
2007-10-20 01:03 --------- d-----w C:\Documents and Settings\All Users\Application Data\Grisoft
2007-10-19 02:09 --------- d-----w C:\Program Files\Enigma Software Group
2007-10-16 15:57 --------- d-----w C:\Program Files\Lexmark X1100 Series
2007-10-16 15:31 --------- d-----w C:\Program Files\Common Files\Download Manager
2007-10-16 03:13 --------- d---a-w C:\Documents and Settings\All Users\Application Data\TEMP
2007-10-15 00:02 --------- d-----w C:\Documents and Settings\Ryan\Application Data\NCH Swift Sound
2007-10-15 00:02 --------- d-----w C:\Documents and Settings\All Users\Application Data\NCH Swift Sound
2006-10-30 22:21 4,394 ----a-w C:\Documents and Settings\Ryan\Application Data\SAS7_000.DAT
2006-07-07 05:37 560 ----a-w C:\Documents and Settings\Ryan\Application Data\ViewerApp.dat
2006-07-05 02:14 332 ----a-w C:\Documents and Settings\Ryan\restore.reg
2006-06-03 18:58 59,664 ----a-w C:\Documents and Settings\Ryan\Application Data\GDIPFONTCACHEV1.DAT
2006-04-12 19:02 33 ----a-w C:\Program Files\purl.txt
2006-01-14 20:53 6,512 ----a-w C:\Documents and Settings\Ryan\Device.dat
2001-06-04 22:24 1,012,224 -c--a-w C:\Program Files\Common Files\Staredit.dll
2006-07-12 21:47 152 --sh--r C:\WINDOWS\SYSTEM32\BBACA0DEC3.dll
.

((((((((((((((((((((((((((((( snapshot@2007-10-22_19.01.53.20 )))))))))))))))))))))))))))))))))))))))))
.
- 2007-10-20 11:03:30 136,192 ----a-w C:\WINDOWS\catchme.exe
+ 2007-11-08 21:59:01 136,704 ----a-w C:\WINDOWS\catchme.exe
- 2007-10-20 12:47:49 16,384 -c--a-w C:\WINDOWS\SYSTEM32\CONFIG\systemprofile\Cookies\index.dat
+ 2007-11-24 18:37:43 16,384 -c--a-w C:\WINDOWS\SYSTEM32\CONFIG\systemprofile\Cookies\index.dat
- 2007-10-20 12:47:49 16,384 -c--a-w C:\WINDOWS\SYSTEM32\CONFIG\systemprofile\Local Settings\History\History.IE5\index.dat
+ 2007-11-24 18:37:43 16,384 -c--a-w C:\WINDOWS\SYSTEM32\CONFIG\systemprofile\Local Settings\History\History.IE5\index.dat
- 2007-10-20 12:47:49 32,768 -c--a-w C:\WINDOWS\SYSTEM32\CONFIG\systemprofile\Local Settings\Temporary Internet Files\Content.IE5\index.dat
+ 2007-11-24 18:37:43 32,768 ----a-w C:\WINDOWS\SYSTEM32\CONFIG\systemprofile\Local Settings\Temporary Internet Files\Content.IE5\index.dat
- 2007-10-05 15:07:31 279,552 ----a-w C:\WINDOWS\SYSTEM32\swreg.exe
+ 2007-07-22 23:39:27 279,552 ----a-w C:\WINDOWS\SYSTEM32\swreg.exe
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ctfmon.exe"="C:\WINDOWS\System32\ctfmon.exe" [2002-08-29 05:00]
"swg"="C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2007-07-23 07:42]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Zone Labs Client"="C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe" [2005-04-19 18:06]
"Logitech Hardware Abstraction Layer"="KHALMNPR.EXE" [2006-07-19 12:03 C:\WINDOWS\KHALMNPR.Exe]
"Kernel and Hardware Abstraction Layer"="KHALMNPR.EXE" [2006-07-19 12:03 C:\WINDOWS\KHALMNPR.Exe]
"iTunesHelper"="F:\Documents And Settings\Program Files\iTunes\iTunesHelper.exe" [2006-06-14 16:24]
"APVXDWIN"="F:\Documents And Settings\Program Files\PandaAntiVirus\APVXDWIN.exe" [2006-09-13 07:59]
"!AVG Anti-Spyware"="F:\Documents And Settings\Program Files\AVG Anti-Spyware 7.5\avgas.exe" [2007-06-11 04:25]

C:\Documents and Settings\All Users\Start Menu\Programs\Startup\
Logitech SetPoint.lnk - F:\Documents And Settings\Program Files\SetPoint\SetPoint\SetPoint.exe [2006-12-03 20:02:00]
WG111v2 Smart Wizard Wireless Setting.lnk - C:\Program Files\NETGEAR\WG111v2 Configuration Utility\RtlWake.exe [2007-04-08 19:07:18]

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\system]
"Ghp`amfUbrhLds"= 0 (0x0)

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\explorer]
"AllowLegacyWebView"= 1 (0x1)
"AllowUnhashedWebView"= 1 (0x1)

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer]
"Mn@iboddPubswLfov"= 0 (0x0)
"Mn@mlrf"= 0 (0x0)
"MnOndNeg"= 0 (0x0)
"MnQtm"= 0 (0x0)
"NoLogOff"= 0 (0x0)

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\avldr]
avldr.dll 2005-09-27 12:13 45056 C:\WINDOWS\SYSTEM32\avldr.dll

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
"Notification Packages"= scecli scecli scecli scecli scecli scecli scecli scecli scecli scecli scecli scecli scecli scecli

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^America Online 8.0 Tray Icon.lnk]
path=C:\Documents and Settings\All Users\Start Menu\Programs\Startup\America Online 8.0 Tray Icon.lnk
backup=C:\WINDOWS\pss\America Online 8.0 Tray Icon.lnkCommon Startup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AIM]
C:\Program Files\AIM\aim.exe -cnetwait.odl

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\FRISK FP-Scheduler]
C:\Program Files\FSI\F-Prot\F-Sched.exe STARTUP

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MPFExe]
C:\PROGRA~1\McAfee.com\PERSON~1\MpfTray.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MsnMsgr]
C:\Program Files\MSN Messenger\MsnMsgr.Exe /background

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Weather]
C:\Program Files\AWS\WeatherBug\Weather.exe 1

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\run-]
"Aim6"="C:\Program Files\AIM6\aim6.exe" /d locale=en-US ee://aol/imApp
"Skype"="C:\Program Files\Skype\Phone\Skype.exe" /nosplash /minimized
"swg"=C:\Program Files\Google\GoogleToolbarNotifier\1.2.908.5008\GoogleToolbarNotifier.exe

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run-]
"ISUSScheduler"="C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" -start
"REGSHAVE"=C:\Program Files\REGSHAVE\REGSHAVE.EXE /AUTORUN
"SunJavaUpdateSched"=C:\Program Files\Java\jre1.5.0_07\bin\jusched.exe
"QuickTime Task"="C:\Program Files\QuickTime\qttask.exe" -atboottime

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\runservices-]
"Generic Host Process"=C:\WINDOWS\System32\scvhost.exe

R0 netflt;Panda Net Driver.;C:\WINDOWS\System32\Drivers\netflt.sys
R0 PzWDM;PzWDM;C:\WINDOWS\System32\Drivers\PzWDM.sys
R1 ShldDrv;Panda File Shield Driver;C:\WINDOWS\System32\drivers\ShldDrv.sys
R2 cpoint;Panda CPoint Driver;C:\WINDOWS\System32\Drivers\cpoint.sys
R2 F-Secure Filter;F-Secure File System Filter;\??\F:\Documents And Settings\Program Files\Anti-Virus\Win2K\FSfilter.sys
R2 F-Secure Gatekeeper;F-Secure Gatekeeper;\??\F:\Documents And Settings\Program Files\Anti-Virus\Win2K\FSgk.sys
R2 F-Secure Recognizer;F-Secure File System Recognizer;\??\F:\Documents And Settings\Program Files\Anti-Virus\Win2K\FSrec.sys
R2 LBeepKE;LBeepKE;C:\WINDOWS\System32\Drivers\LBeepKE.sys
R2 PavProc;Panda Process Protection Driver;\??\C:\WINDOWS\System32\DRIVERS\PavProc.sys
R2 Vcs;Vcs support;\??\C:\WINDOWS\System32\Drivers\Vcs.sys
R3 AvFlt;Antivirus Filter Driver;C:\WINDOWS\System32\drivers\av5flt.sys
R3 PavSRK.sys;PavSRK.sys;\??\C:\WINDOWS\System32\PavSRK.sys
S0 FVDSCSI;FVDSCSI;C:\WINDOWS\System32\DRIVERS\fvdscsi.sys
S2 BulkUsb;Plustek USB Scanner;C:\WINDOWS\System32\DRIVERS\usbscan.sys
S2 Ca536av;DV 4500(Video);C:\WINDOWS\System32\Drivers\Ca536av.sys
S3 PavTPK.sys;PavTPK.sys;\??\C:\WINDOWS\System32\PavTPK.sys
S3 RTLWUSB;NETGEAR WG111v2 54Mbps Wireless USB 2.0 Adapter NT Driver;C:\WINDOWS\System32\DRIVERS\wg111v2.sys
S3 SilverLink;Texas Instruments SilverLink (USB GraphLink) Cable;C:\WINDOWS\System32\Drivers\SilvrLnk.sys
S3 SjyPkt;SjyPkt;\??\C:\WINDOWS\System32\Drivers\SjyPkt.sys
S3 sonypvs1;Sony Digital Imaging Video2;C:\WINDOWS\System32\DRIVERS\sonypvs1.sys
S3 USBCamera;DV 4500(Still);C:\WINDOWS\System32\Drivers\Bulk536.sys
S3 USBFVNETR;NETGEAR MA101 USB Adapter;C:\WINDOWS\System32\DRIVERS\ma101rnd.sys

.
Contents of the 'Scheduled Tasks' folder
"2007-11-30 22:15:00 C:\WINDOWS\Tasks\1-Click Maintenance.job"
- F:\Documents And Settings\Program Files\TuneUp04\SystemOptimizer.exe
"2003-07-13 00:29:18 C:\WINDOWS\Tasks\ISP signup reminder 1.job"
- C:\WINDOWS\System32\OOBE\OOBEBALN.EXE
"2007-12-01 23:04:17 C:\WINDOWS\Tasks\XoftSpySE 2.job"
- C:\Program Files\XoftSpySE\XoftSpy.exe
"2007-12-01 22:12:05 C:\WINDOWS\Tasks\XoftSpySE.job"
- C:\Program Files\XoftSpySE\XoftSpy.exe
.
**************************************************************************

catchme 0.3.1262 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2007-12-01 18:25:27
Windows 5.1.2600 Service Pack 1 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

**************************************************************************
.
Completion time: 2007-12-01 18:26:46
C:\ComboFix2.txt ... 2007-10-22 19:06
.
--- E O F ---

The folders are at:

F:\Documents And Settings\Program Files\Anti-Virus\
F:\Documents And Settings\Program Files\PandaAntiVirus\

See if either of them has an uninstaller application (usually begins with uninst....something). If so, choose one of them and uninstall it.

Were you able to delete the C:\WINDOWS\System32\scvhost.exe file?

Right click on that delete.reg file you created and go to Edit. Then copy and paste the entire content of that file here. It should have worked...

Yes, I was able to delete the svchost.exe in the KillBox program.

I think i uninstalled FSecure thanks again for the tip.

I figured out the reg script problem just by re-reading what you wrote. I forgot to include "REGEDIT4".

My internet has always been a little screwy on the computer, so maybe it wasn't the virus that completely effected it although I have to think it was part of it. I have been messing around with it abit, but no luck as of right now... The "Security Toolbar 7.1" thing is deleted on internet explorer so that's defitnally a good sign. Anything else I should be doing?

This post has been edited by guthix12: Dec 3 2007, 05:18 PM

I really appreciate all the help so far, but I was contemplating just re-installing windows XP. I have the disk to do it, and an external hard drive (my F: drive) to backup everything into. Do you advise against doing this, can much bad come from it? Is there any special way I should back my C: drive up? I was thinking of just copy and pasting it into my F: drive, unplugging the F: drive, reinstalling windows, plugging the F: drive back in, and reinstalling the programs I need. I will also have all my music and documents this way as well, correct? Thanks again for the help..

A good format and install of Windows is always good after a while. I highly recommend this especially if it's been a few years. I actually do this as a yearly cleanup

Don't backup the entire C: drive. You only need to backup your data files (including documents, music, emails, favorites, etc.). For programs like Microsoft Office, Adobe, etc., you will need to reinstall them after you reinstalled Windows. I would make sure that you get all the necessary drivers (especially the one for your network card) before reinstalling as you will need to install them back as well.

Good luck with that. If you need any additional help on this, you may post in the Windows board since this area is mainly for malware related issues. I'm sure you will get your answers there.

I will mark this topic as resolved. If you want it re-opened, feel free to contact me via PM to re-open it. Otherwise, make sure you got ALL your important files before you do the format