Ok, I think I screwed up the Panda scan the first time. I scanned with Panda again after my last email and it found a bunch of stuff. I'm including it here, just in case.
PANDA
Incident Status Location
Virus:Trj/Qsuv.A Disinfected Operating system
Adware:Adware/E2Give No disinfected C:\Program Files\E2G\IeBHOs.dll
Adware:Adware/QoolShown No disinfected C:\WINDOWS\System32\jsfsgds.dll
Spyware:spyware/surfsidekick No disinfected C:\DOCUMENTS AND SETTINGS\ADMINISTRATOR\APPLICATION DATA\Sskknwrd.dll
Adware:adware/aurora No disinfected C:\WINDOWS\SYSTEM32\DrPMon.dll
Adware:adware/ezula No disinfected C:\WINDOWS\SYSTEM32\ezPopStub.exe
Adware:adware/iedriver No disinfected C:\WINDOWS\SYSTEM32\Searchx.htm
Adware:adware/powersearch No disinfected C:\WINDOWS\SYSTEM32\stlb2.xml
Adware:adware/searchforit No disinfected C:\WINDOWS\SYSTEM32\SYSsfitb.dll
Adware:adware/sqwire No disinfected C:\WINDOWS\SYSTEM32\tsuninst.exe
Adware:adware/portalscan No disinfected C:\WINDOWS\SYSTEM32\winupdt.008
Adware:adware/weirdontheweb No disinfected C:\DOCUMENTS AND SETTINGS\ADMINISTRATOR\FAVORITES\WeirdOnTheWeb.url
Adware:adware/searchtheweb No disinfected C:\WINDOWS\SYSTEM32\CACHE\mswinstall.exe
Adware:adware/topspyware No disinfected C:\PROGRAM FILES\WINDOWS MEDIA PLAYER\wmplayer.exe.tmp
Spyware:spyware/betterinet No disinfected C:\WINDOWS\INF\biini.inf
Adware:adware/ipinsight No disinfected C:\WINDOWS\INF\conscorr.inf
Adware:adware/pacimedia No disinfected C:\DOCUMENTS AND SETTINGS\ADMINISTRATOR\FAVORITES\1111\1111.url
Adware:adware/transponder No disinfected C:\WINDOWS\abiuninst.htm
Adware:adware/bookedspace No disinfected C:\WINDOWS\cfgmgr52.ini
Adware:adware/e2give No disinfected C:\PROGRAM FILES\E2G
Adware:adware/sidesearch No disinfected C:\PROGRAM FILES\Lycos
Adware:adware program No disinfected C:\WINDOWS\SYSTEM32\cache32dsrf4535dfs
Adware:adware/elitebar No disinfected C:\DOCUMENTS AND SETTINGS\ADMINISTRATOR\FAVORITES\Casino & Carrers
Adware:adware/wupd No disinfected Windows Registry
Virus:Exploit/ByteVerify Disinfected C:\Documents and Settings\Administrator\Application Data\Sun\Java\Deployment\cache\javapi\v1.0\jar\count.jar-290ed5ef-5a142333.zip[BlackBox.class]
Virus:Exploit/ByteVerify Disinfected C:\Documents and Settings\Administrator\Application Data\Sun\Java\Deployment\cache\javapi\v1.0\jar\count.jar-290ed5ef-5a142333.zip[VerifierBug.class]
Virus:Exploit/ByteVerify Disinfected C:\Documents and Settings\Administrator\Application Data\Sun\Java\Deployment\cache\javapi\v1.0\jar\count.jar-290ed5ef-5a142333.zip[Dummy.class]
Virus:Exploit/ByteVerify Disinfected C:\Documents and Settings\Administrator\Application Data\Sun\Java\Deployment\cache\javapi\v1.0\jar\count.jar-290ed5ef-5a142333.zip[Beyond.class]
Virus:Trj/Qsuv.A Disinfected C:\Documents and Settings\Administrator\Local Settings\Temp\6E.tmp
Virus:Trj/Qsuv.A Disinfected C:\Documents and Settings\Administrator\Local Settings\Temp\f51623380.exe
Adware:Adware/Look2Me No disinfected C:\Documents and Settings\Administrator\Local Settings\Temp\nsh_114.exe
Security Risk:Application/ProcessorNo disinfected C:\Documents and Settings\Administrator\My Documents\My Downloads\Nailfix\Nailfix\Process.exe
Security Risk:Application/ProcessorNo disinfected C:\Documents and Settings\Administrator\My Documents\My Downloads\Nailfix.zip[Process.exe]
Virus:Trj/Qsuv.A Disinfected C:\Documents and Settings\All Users\Start Menu\Programs\Startup\kirn.exe
Adware:Adware/PurityScan No disinfected C:\Documents and Settings\Julie\Local Settings\Temp\!update.exe
Adware:Adware/PurityScan No disinfected C:\Documents and Settings\Julie\Local Settings\Temporary Internet Files\Content.IE5\AK1PKONB\!update-2495[1].0000
Virus:Trj/Multidropper.ARI Disinfected C:\Documents and Settings\Julie\Local Settings\Temporary Internet Files\Content.IE5\F9NJY2RI\STATS5[1].CHM
Security Risk:Application/ProcessorNo disinfected C:\My Downloads\malware\l2mfix.exe[Process.exe]
Adware:Adware/PurityScan No disinfected C:\Program Files\acsu\terp.exe
Adware:Adware/E2Give No disinfected C:\Program Files\E2G\IeBHOs.dll
Adware:Adware/Look2Me No disinfected C:\Program Files\Windows Media Player\wmplayer.exe.tmp
Virus:Trj/Downloader.AE Disinfected C:\WINDOWS\hzxwzf.exe
Adware:Adware/SAHAgent No disinfected C:\WINDOWS\inf\biH.inf
Spyware:Spyware/BetterInet No disinfected C:\WINDOWS\inf\biini.inf
Adware:Adware/IPInsight No disinfected C:\WINDOWS\inf\conscorr.inf
Spyware:Spyware/BetterInet No disinfected C:\WINDOWS\inf\mmaker2.inf
Spyware:Spyware/BetterInet No disinfected C:\WINDOWS\inf\satmat.inf
Virus:Trj/Qsuv.A Disinfected C:\WINDOWS\system32\akwpv.dat
Adware:Adware/PurityScan No disinfected C:\WINDOWS\system32\config\systemprofile\Local Settings\Temporary Internet Files\Content.IE5\STAV4TMV\!update-2454[1].0000
Adware:Adware/eZula No disinfected C:\WINDOWS\system32\ezPopStub.exe
Virus:Trj/Qsuv.A Disinfected C:\WINDOWS\system32\gssldk.exe
Adware:Adware/QoolShown No disinfected C:\WINDOWS\system32\jsfsgds.dll
Adware:Adware/QoolShown No disinfected C:\WINDOWS\system32\nmdbocb.exe
Adware:Adware/PurityScan No disinfected C:\WINDOWS\system32\Shex.exe
Adware:Adware/Searchforit No disinfected C:\WINDOWS\system32\SYSsfitb.dll
Spyware:Spyware/ISTbar No disinfected C:\WINDOWS\system32\tsuninst.exe
Adware:Adware/PurityScan No disinfected C:\WINDOWS\Temp\!update.exe
Adware:Adware/Imibar No disinfected C:\WINDOWS\ttext.dll
Possible Virus. No disinfected D:\beavis\winxp\(app) windows xp KeyGens & Cracks & Appz\Rock XP 2.0.exe[RockXp_.exe] ===================================================
EWIDO
---------------------------------------------------------
ewido security suite - Scan report
---------------------------------------------------------
+ Created on: 8:12:02 PM, 8/19/2005
+ Report-Checksum: F473893B
+ Scan result:
HKLM\SOFTWARE\Classes\CLSID\{3643ABC2-21BF-46B9-B230-F247DB0C6FD6} -> Spyware.E2Give : Cleaned with backup
HKLM\SOFTWARE\Classes\IeBHOs.Control -> Spyware.E2G : Cleaned with backup
HKLM\SOFTWARE\Classes\IeBHOs.Control\CLSID -> Spyware.E2G : Cleaned with backup
HKLM\SOFTWARE\Classes\IeBHOs.Control\CurVer -> Spyware.E2G : Cleaned with backup
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{3643ABC2-21BF-46B9-B230-F247DB0C6FD6} -> Spyware.E2Give : Cleaned with backup
C:\Documents and Settings\Administrator\Cookies\administrator@abetterinternet[2].txt -> Spyware.Cookie.Abetterinternet : Cleaned with backup
C:\Documents and Settings\Administrator\Cookies\
[email protected][2].txt -> Spyware.Cookie.Yieldmanager : Cleaned with backup
C:\Documents and Settings\Administrator\Cookies\administrator@burstnet[2].txt -> Spyware.Cookie.Burstnet : Cleaned with backup
C:\Documents and Settings\Administrator\Cookies\
[email protected][1].txt -> Spyware.Cookie.Burstnet : Cleaned with backup
C:\Documents and Settings\Administrator\Local Settings\Temp\ei.exe -> TrojanDownloader.Small.bgl : Cleaned with backup
C:\Documents and Settings\Administrator\Local Settings\Temp\nsh_114.exe -> Spyware.Downloadware : Cleaned with backup
C:\Program Files\E2G\IeBHOs.dll -> Spyware.E2Give : Cleaned with backup
::Report End
===================================================
HIJACKTHIS
Logfile of HijackThis v1.99.1
Scan saved at 8:20:22 PM, on 8/19/2005
Platform: Windows XP SP1 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\QWRtaW5pc3RyYXRvcgAA\command.exe
C:\Program Files\ewido\security suite\ewidoctrl.exe
C:\Program Files\ewido\security suite\ewidoguard.exe
C:\Program Files\MySQL\MySQL Server 4.1\bin\mysqld-nt.exe
C:\WINDOWS\System32\nvsvc32.exe
C:\WINDOWS\System32\RioMSC.exe
C:\WINDOWS\Explorer.exe
C:\WINDOWS\System32\srrbac.exe
C:\WINDOWS\System32\srrbac.exe
C:\PROGRA~1\Lavasoft\AD-AWA~2\Ad-Watch.exe
C:\WINDOWS\System32\devldr32.exe
C:\Program Files\MSN\MSNCoreFiles\msn.exe
C:\WINDOWS\System32\wuauclt.exe
C:\Program Files\MSN Messenger\msnmsgr.exe
C:\WINDOWS\system32\NOTEPAD.EXE
C:\My Downloads\malware\hijackthis\HijackThis.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page =
http://www.mikefeeny.com/R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = about:blank
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch = about:blank
F2 - REG:system.ini: UserInit=C:\WINDOWS\System32\Userinit.exe
O2 - BHO: Band Class - {00027925-0017-4faf-9539-90E4AC0B9EC5} - C:\WINDOWS\ttext.dll
O2 - BHO: Band Class - {00F1D395-4744-40f0-A611-980F61AE2C59} - C:\WINDOWS\dsr.dll (file missing)
O2 - BHO: CControl Object - {3643ABC2-21BF-46B9-B230-F247DB0C6FD6} - C:\Program Files\E2G\IeBHOs.dll (file missing)
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: LANBridge Class - {71D1708F-973D-4600-AF01-AD86688403AE} - C:\WINDOWS\System32\ahhlmhtw.dll (file missing)
O2 - BHO: SDWin32 Class - {93B511C5-0A25-4EF4-BDC8-62549B7DB7DA} - C:\WINDOWS\System32\srnpg.dll (file missing)
O4 - HKLM\..\Run: [winsync] C:\WINDOWS\System32\rbpjoa.exe reg_run
O4 - HKLM\..\Run: [kmethj] C:\WINDOWS\System32\vlsiuoe.exe r
O4 - HKLM\..\Run: [SurfSideKick 3] C:\Program Files\SurfSideKick 3\Ssk.exe
O4 - HKCU\..\Run: [AWMON] "C:\PROGRA~1\Lavasoft\AD-AWA~2\Ad-Watch.exe"
O4 - HKCU\..\Run: [ipmrst] C:\WINDOWS\System32\ipmrst.exe
O4 - HKCU\..\Run: [SurfSideKick 3] C:\Program Files\SurfSideKick 3\Ssk.exe
O4 - HKCU\..\Run: [srrbac] C:\WINDOWS\System32\srrbac.exe
O4 - HKCU\..\RunOnce: [srrbac] C:\WINDOWS\System32\srrbac.exe
O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINDOWS\System32\msjava.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINDOWS\System32\msjava.dll
O9 - Extra button: ICQ Lite - {B863453A-26C3-4e1f-A54D-A2CD196348E9} - C:\Program Files\ICQLite\ICQLite.exe
O9 - Extra 'Tools' menuitem: ICQ Lite - {B863453A-26C3-4e1f-A54D-A2CD196348E9} - C:\Program Files\ICQLite\ICQLite.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\MSMSGS.EXE
O9 - Extra 'Tools' menuitem: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\MSMSGS.EXE
O16 - DPF: {03F998B2-0E00-11D3-A498-00104B6EB52E} -
https://components.v...od/install.htmlO16 - DPF: {15AD6789-CDB4-47E1-A9DA-992EE8E6BAD6} -
http://static.windup.../bridge-c17.cabO16 - DPF: {2C153C75-8476-434B-B3C3-57B63A3D1939} (Brickout Control) -
http://www.worldwinn...ut/brickout.cabO16 - DPF: {6A060448-60F9-11D5-A6CD-0002B31F7455} (ExentInf Class) -
http://www.atarionde...es/ExentCtl.ocxO16 - DPF: {74D05D43-3236-11D4-BDCD-00C04F9A3B61} (HouseCall Control) -
http://a840.g.akamai...all/xscan53.cabO16 - DPF: {76D90D08-EAB7-46D8-BF99-87445BF59E72} (SystemInfo Class) -
http://www.getdway.c.../dpcsysinfo.cabO16 - DPF: {77E32299-629F-43C6-AB77-6A1E6D7663F6} (Groove Control) -
http://www.nick.com/.../GrooveAX28.cabO16 - DPF: {7B297BFD-85E4-4092-B2AF-16A91B2EA103} (WScanCtl Class) -
http://www3.ca.com/s...nfo/webscan.cabO16 - DPF: {8A94C905-FF9D-43B6-8708-F0F22D22B1CB} (Wwlaunch Control) -
http://www.worldwinn...ed/wwlaunch.cabO16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) -
http://www.pandasoft...free/asinst.cabO16 - DPF: {AC2881FD-5760-46DB-83AE-20A5C6432A7E} (SwapIt Control) -
http://www.worldwinn...apit/swapit.cabO20 - AppInit_DLLs: repairs.dll
O23 - Service: Command Service (cmdService) - Unknown owner - C:\WINDOWS\QWRtaW5pc3RyYXRvcgAA\command.exe
O23 - Service: ewido security suite control - ewido networks - C:\Program Files\ewido\security suite\ewidoctrl.exe
O23 - Service: ewido security suite guard - ewido networks - C:\Program Files\ewido\security suite\ewidoguard.exe
O23 - Service: MySQL - Unknown owner - C:\Program.exe (file missing)
O23 - Service: NVIDIA Driver Helper Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe
O23 - Service: Rio MSC Manager (RioMSC) - Digital Networks North America, Inc. - C:\WINDOWS\System32\RioMSC.exe
O23 - Service: System Startup Service (SvcProc) - Unknown owner - C:\WINDOWS\svcproc.exe