Hello there... I needed some help with this as well since I seem to be having a similar problem...any help would be appreciated...

this is my Malwarebytes quick scan log

Malwarebytes' Anti-Malware 1.40
Database version: 2551
Windows 5.1.2600 Service Pack 2

9/13/2009 6:25:29 PM
mbam-log-2009-09-13 (18-25-23).txt

Scan type: Quick Scan
Objects scanned: 86450
Time elapsed: 10 minute(s), 25 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 0
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 1

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
(No malicious items detected)

Registry Values Infected:
(No malicious items detected)

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
(No malicious items detected)

Files Infected:
C:\WINDOWS\system32\SKYNETlog.dat (Trojan.Agent) -> No action taken.

You need to post much more info. I know you copied your post from a closed thread but remember, nobody knows exactly what symptoms YOUR computer is showing. We also need to know more about your computer. Operating system, antivirus program...etc.
How long have you been having whatever problem it is that you are having? In addition to MBA-M what else have you tried?

Now, MBA-M....your version is out of date. A new version was released last week the KEY rule with MBA-M is ALWAYS update before each scan. MBA-M has updates, daily, at the very least, sometimes more than once a day. Yours obviously had not been updated in quite awhile because the database alone is several weeks old, at least.
You need to open the program, go to the Update Tab and have it update. It will give you the new version and the latest database.
Then run a new Full Scan with it and please follow the instructions we give to all for running MBA-M;
Be sure that everything is checked, and click Remove Selected.
You didn't do that in your initial scan.

Then REBOOT the computer....this is vital.

Then download HiJackThis and run a full system scan with it and save the log.
Post back here with ALL the Information I requested and both of those logs.

Files Infected:
C:\WINDOWS\system32\SKYNETlog.dat (Trojan.Agent) -> No action taken.

SKYNET is used as part of rootkit technology which will be hard to clean unless you understand what's going on.
Maybe this thread will do just that

A solution I find more secure is to boot with UBCD and open a terminal. Then type:

CD C:\Windows\System32

And reboot.
That will disable the rootkit enough for Malwarebytes to finish the job afterward.

thanks jholland1964 ...

sorry for not providing the info before....i have xp basic and my antivirus is panda cloud ...let me know if i need to provide more information

the problem i am having is with the google search results ...the moment i click on any of the results (links) it takes me to a random website...

i have posted the information requested below.

Malwarebytes' Anti-Malware 1.41
Database version: 2798
Windows 5.1.2600 Service Pack 2

9/14/2009 10:02:53 PM
mbam-log-2009-09-14 (22-02-46).txt

Scan type: Full Scan (C:\|D:\|)
Objects scanned: 215087
Time elapsed: 1 hour(s), 16 minute(s), 41 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 0
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 5

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
(No malicious items detected)

Registry Values Infected:
(No malicious items detected)

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
(No malicious items detected)

Files Infected:
C:\WINDOWS\temp\cpv.exe (Trojan.Downloader) -> No action taken.
C:\WINDOWS\temp\ismixnoyxo.exe (Trojan.Dropper) -> No action taken.
C:\WINDOWS\temp\smcndtcvmb.exe (Trojan.Dropper) -> No action taken.
C:\WINDOWS\temp\winivsetup.exe (Rogue.WinAntiVirusPro) -> No action taken.
C:\WINDOWS\system32\SKYNETlog.dat (Trojan.Agent) -> No action taken.

i removed all the items as requested and rebooted the system..

after this i ran hijackthis:

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 10:18:11 PM, on 9/14/2009
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16876)
Boot mode: Normal

Running processes:
C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\Kontiki\KService.exe
C:\Program Files\Common Files\LightScribe\LSSrvc.exe
C:\Program Files\Panda Security\Panda Cloud Antivirus\PSANHost.exe
C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
C:\Program Files\Hewlett-Packard\Shared\hpqwmiex.exe
C:\Program Files\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe
C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\QlbCtrl.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Creative\Creative Live! Cam\VideoFX\StartFX.exe
C:\Program Files\Panda Security\Panda Cloud Antivirus\PSUNMain.exe
C:\Program Files\Messenger\msmsgs.exe
C:\Program Files\Veoh Networks\VeohWebPlayer\veohwebplayer.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iesearch&locale=EN_US&c=64&bd=presario&pf=laptop
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=EN_US&c=64&bd=presario&pf=laptop
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://go.microsoft.com/fwlink/?LinkId=74005
R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - (no file)
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O3 - Toolbar: Veoh Web Player Video Finder - {0FBB9689-D3D7-4f7a-A2E2-585B10099BFC} - C:\Program Files\Veoh Networks\VeohWebPlayer\VeohIEToolbar.dll
O4 - HKLM\..\Run: [hpWirelessAssistant] %ProgramFiles%\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [High Definition Audio Property Page Shortcut] CHDAudPropShortcut.exe
O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [ISUSPM Startup] "C:\Program Files\Common Files\InstallShield\UpdateService\isuspm.exe" -startup
O4 - HKLM\..\Run: [ISUSScheduler] "C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" -start
O4 - HKLM\..\Run: [Cpqset] C:\Program Files\HPQ\Default Settings\cpqset.exe
O4 - HKLM\..\Run: [RecGuard] C:\Windows\SMINST\RecGuard.exe
O4 - HKLM\..\Run: [QlbCtrl] %ProgramFiles%\Hewlett-Packard\HP Quick Launch Buttons\QlbCtrl.exe /Start
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [V0250Mon.exe] C:\WINDOWS\V0250Mon.exe
O4 - HKLM\..\Run: [AVFX Engine] C:\Program Files\Creative\Creative Live! Cam\VideoFX\StartFX.exe
O4 - HKLM\..\Run: [PSUNMain] "C:\Program Files\Panda Security\Panda Cloud Antivirus\PSUNMain.exe" /Traybar
O4 - HKLM\..\Run: [Malwarebytes Anti-Malware (reboot)] "C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe" /runcleanupscript
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [Yahoo! Pager] "C:\PROGRA~1\Yahoo!\MESSEN~1\YAHOOM~1.EXE" -quiet
O4 - HKCU\..\Run: [VeohPlugin] "C:\Program Files\Veoh Networks\VeohWebPlayer\veohwebplayer.exe"
O4 - S-1-5-18 Startup: Vongo Tray.lnk = C:\Program Files\Vongo\Tray.exe (User 'SYSTEM')
O4 - .DEFAULT Startup: Vongo Tray.lnk = C:\Program Files\Vongo\Tray.exe (User 'Default user')
O4 - .DEFAULT User Startup: Vongo Tray.lnk = C:\Program Files\Vongo\Tray.exe (User 'Default user')
O4 - Startup: Vongo Tray.lnk = C:\Program Files\Vongo\Tray.exe
O8 - Extra context menu item: Add to Google Photos Screensa&ver - res://C:\WINDOWS\system32\GPhotos.scr/200
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O14 - IERESET.INF: START_PAGE_URL=http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=EN_US&c=64&bd=presario&pf=laptop
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
O16 - DPF: {2BC66F54-93A8-11D3-BEB6-00105AA9B6AE} (Symantec AntiVirus scanner) - http://security.symantec.com/sscv6/SharedContent/vc/bin/AvSniff.cab
O16 - DPF: {2D8ED06D-3C30-438B-96AE-4D110FDC1FB8} (ActiveScan 2.0 Installer Class) - http://acs.pandasoftware.com/activescan/cabs/as2stubie.cab
O16 - DPF: {3EA4FA88-E0BE-419A-A732-9B79B87A6ED0} (CTVUAxCtrl Object) - http://dl.tvunetworks.com/TVUAx.cab
O16 - DPF: {49232000-16E4-426C-A231-62846947304B} (SysData Class) - http://ipgweb.cce.hp.com/rdqnbk/downloads/sysinfo.cab
O16 - DPF: {644E432F-49D3-41A1-8DD5-E099162EEEC5} (Symantec RuFSI Utility Class) - http://security.symantec.com/sscv6/SharedContent/common/bin/cabsa.cab
O16 - DPF: {67DABFBF-D0AB-41FA-9C46-CC0F21721616} (DivXBrowserPlugin Object) - http://download.divx.com/webplayer/stage6/windows/AutoDLDivXWebPlayerInstaller.cab
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://acs.pandasoftware.com/activescan/as5free/asinst.cab
O16 - DPF: {9F31B7A4-F438-48B8-AAF5-1C29A8A2B6C1} - http://download.bigflicks.com/cabs/bigflicks_1_0_0_5.cab
O16 - DPF: {CE7D2BF2-D173-4CE2-9DAF-15EA153B5B43} (MediaControl Class) - http://download.bigflicks.com/cabs/Entriq_3_6_0_15_Silent.cab
O16 - DPF: {FE0BD779-44EE-4A4B-AA2E-743C63F2E5E6} - http://pdl.stream.aol.com/downloads/aol/unagi/ampx_en_dl.cab
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O20 - Winlogon Notify: logstats - C:\WINDOWS\SYSTEM32\logstats.dll
O23 - Service: Lavasoft Ad-Aware Service (aawservice) - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe
O23 - Service: AddFiltr - Hewlett-Packard Development Company, L.P. - C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\AddFiltr.exe
O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: Automatic LiveUpdate Scheduler - Symantec Corporation - C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: hpqwmiex - Hewlett-Packard Development Company, L.P. - C:\Program Files\Hewlett-Packard\Shared\hpqwmiex.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: KService - Unknown owner - C:\Program Files\Kontiki\KService.exe
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Common Files\LightScribe\LSSrvc.exe
O23 - Service: LiveUpdate - Symantec Corporation - C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE
O23 - Service: NanoServiceMain - Panda Security, S.L. - C:\Program Files\Panda Security\Panda Cloud Antivirus\PSANHost.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: Symantec Core LC - Unknown owner - C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe

End of file - 10353 bytes

thanks for your time....

Did you reboot the system after running MBA-M? I need to see a log showing the items are no longer present. You must have saved the log too soon since it says No Action Taken.

Please download Combofix from Here or Here

You will get a prompt asking if you want to run or save the file. Choose SAVE and save it to the desk top. DO NOT RUN it YET
You must take some preventative measures so that there are no conflicts with other programs when running ComboFix. At this point you should do the following:

* Close all open Windows including this one.
* Close or disable all running Antivirus, Antispyware, and Firewall programs as they may interfere with the proper running of ComboFix.

Once these two steps have been completed, double-click on the ComboFix icon found on your desktop. Please note, that once you start ComboFix you should not click anywhere on the ComboFix window as it can cause the program to stall. In fact, when ComboFix is running, do not touch your computer at all and just take a break as it may take a while for it to complete.

Windows may issue a prompt because ComboFix does not have a digital signature. This is perfectly normal and safe and you can click on the Run button to continue.
ComboFix is now preparing to run and when it has finished you will see the Disclaimer screen you should press the number 1 key and then press the enter key to continue.
ComboFix will create a System Restore point so that if any problems occur while using the program you can restore back to your previous configuration. When ComboFix has finished creating the restore point, it will then backup your Windows Registry.
Once the Windows Registry has finished being backed up, ComboFix will disconnect your computer from the Internet. Therefore, do not be surprised or concerned if you receive any warnings stating that you are no longer on the Internet as your connection will be completely restored at a later stage in the program.

ComboFix will now start scanning your computer for known infections. This procedure can take some time, so please be patient.
While the program is scanning your computer, it will change your clock format, so do not be concerned when you see this happen. When ComboFix is finished it will restore your clock settings to what they were previously. You will also see the text in the ComboFix window being updated as it goes through the various stages of its scan.

When ComboFix has finished running, you will see a screen stating that it is preparing the log report
This can take a while, so please be patient. If you see your Windows desktop disappear, do not worry. This is normal and ComboFix will restore your desktop before it is finished. Eventually you will see a new screen that states the program is almost finished and telling you the programs log file, or report, will be located at C:\ComboFix.txt.
When ComboFix has finished, it will automatically close the program and change your clock back to its original format. It will then display the log file automatically
You should now post this log here when all is complete.

Here is the combofix log

ComboFix 09-09-14.02 - Admin 09/15/2009 17:59.1.1 - NTFSx86
Microsoft Windows XP Home Edition 5.1.2600.2.1252.1.1033.18.1983.1453 [GMT -4:00]
Running from: c:\documents and settings\Admin\Desktop\ComboFix.exe
AV: Panda Cloud Antivirus *On-access scanning disabled* (Updated) {5AD27692-540A-464E-B625-78275FA38393}

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))

c:\documents and settings\Admin\Application Data\Microsoft\Installer\{6815FCDD-401D-481E-BA88-31B4754C2B46}\ARPPRODUCTICON.exe
c:\documents and settings\Admin\Application Data\Microsoft\Installer\{DB7E00C9-6DEF-489A-8112-D8F81614F45A}\NewShortcut1_DB7E00C96DEF489A8112D8F81614F45A.exe
c:\documents and settings\Admin\Application Data\Microsoft\Installer\{DB7E00C9-6DEF-489A-8112-D8F81614F45A}\NewShortcut11_DB7E00C96DEF489A8112D8F81614F45A.exe
c:\documents and settings\Admin\Application Data\Microsoft\Installer\{DB7E00C9-6DEF-489A-8112-D8F81614F45A}\NewShortcut2_DB7E00C96DEF489A8112D8F81614F45A.exe
c:\documents and settings\Admin\Application Data\Microsoft\Installer\{DB7E00C9-6DEF-489A-8112-D8F81614F45A}\NewShortcut3_DB7E00C96DEF489A8112D8F81614F45A.exe
c:\documents and settings\Admin\Application Data\Microsoft\Installer\{DB7E00C9-6DEF-489A-8112-D8F81614F45A}\NewShortcut4_DB7E00C96DEF489A8112D8F81614F45A.exe
c:\documents and settings\Admin\Application Data\Microsoft\Installer\{DB7E00C9-6DEF-489A-8112-D8F81614F45A}\NewShortcut5_DB7E00C96DEF489A8112D8F81614F45A.exe
c:\documents and settings\Admin\Application Data\Microsoft\Installer\{DB7E00C9-6DEF-489A-8112-D8F81614F45A}\Shortcut0.C3A146F5_4B48_11D5_A819_00B0D0428C0C.exe
c:\documents and settings\Administrator\Application Data\Microsoft\Installer\{6815FCDD-401D-481E-BA88-31B4754C2B46}\ARPPRODUCTICON.exe
c:\documents and settings\Administrator\Application Data\Microsoft\Installer\{DB7E00C9-6DEF-489A-8112-D8F81614F45A}\NewShortcut1_DB7E00C96DEF489A8112D8F81614F45A.exe
c:\documents and settings\Administrator\Application Data\Microsoft\Installer\{DB7E00C9-6DEF-489A-8112-D8F81614F45A}\NewShortcut11_DB7E00C96DEF489A8112D8F81614F45A.exe
c:\documents and settings\Administrator\Application Data\Microsoft\Installer\{DB7E00C9-6DEF-489A-8112-D8F81614F45A}\NewShortcut2_DB7E00C96DEF489A8112D8F81614F45A.exe
c:\documents and settings\Administrator\Application Data\Microsoft\Installer\{DB7E00C9-6DEF-489A-8112-D8F81614F45A}\NewShortcut3_DB7E00C96DEF489A8112D8F81614F45A.exe
c:\documents and settings\Administrator\Application Data\Microsoft\Installer\{DB7E00C9-6DEF-489A-8112-D8F81614F45A}\NewShortcut4_DB7E00C96DEF489A8112D8F81614F45A.exe
c:\documents and settings\Administrator\Application Data\Microsoft\Installer\{DB7E00C9-6DEF-489A-8112-D8F81614F45A}\NewShortcut5_DB7E00C96DEF489A8112D8F81614F45A.exe
c:\documents and settings\Administrator\Application Data\Microsoft\Installer\{DB7E00C9-6DEF-489A-8112-D8F81614F45A}\Shortcut0.C3A146F5_4B48_11D5_A819_00B0D0428C0C.exe
c:\windows\system32\config\systemprofile\Application Data\Microsoft\Installer\{6815FCDD-401D-481E-BA88-31B4754C2B46}\ARPPRODUCTICON.exe
c:\windows\system32\config\systemprofile\Application Data\Microsoft\Installer\{DB7E00C9-6DEF-489A-8112-D8F81614F45A}\NewShortcut1_DB7E00C96DEF489A8112D8F81614F45A.exe
c:\windows\system32\config\systemprofile\Application Data\Microsoft\Installer\{DB7E00C9-6DEF-489A-8112-D8F81614F45A}\NewShortcut11_DB7E00C96DEF489A8112D8F81614F45A.exe
c:\windows\system32\config\systemprofile\Application Data\Microsoft\Installer\{DB7E00C9-6DEF-489A-8112-D8F81614F45A}\NewShortcut2_DB7E00C96DEF489A8112D8F81614F45A.exe
c:\windows\system32\config\systemprofile\Application Data\Microsoft\Installer\{DB7E00C9-6DEF-489A-8112-D8F81614F45A}\NewShortcut3_DB7E00C96DEF489A8112D8F81614F45A.exe
c:\windows\system32\config\systemprofile\Application Data\Microsoft\Installer\{DB7E00C9-6DEF-489A-8112-D8F81614F45A}\NewShortcut4_DB7E00C96DEF489A8112D8F81614F45A.exe
c:\windows\system32\config\systemprofile\Application Data\Microsoft\Installer\{DB7E00C9-6DEF-489A-8112-D8F81614F45A}\NewShortcut5_DB7E00C96DEF489A8112D8F81614F45A.exe
c:\windows\system32\config\systemprofile\Application Data\Microsoft\Installer\{DB7E00C9-6DEF-489A-8112-D8F81614F45A}\Shortcut0.C3A146F5_4B48_11D5_A819_00B0D0428C0C.exe
c:\windows\system32\config\systemprofile\Start Menu\Programs\System Security
c:\windows\system32\config\systemprofile\Start Menu\Programs\System Security\System Security

((((((((((((((((((((((((( Files Created from 2009-08-15 to 2009-09-15 )))))))))))))))))))))))))))))))

2009-09-15 02:17 . 2009-09-15 02:17 -------- d-----w- c:\program files\Trend Micro
2009-09-02 14:13 . 2009-09-02 14:13 -------- d-----w- c:\documents and settings\Administrator\Local Settings\Application Data\Mozilla

(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
2009-09-15 00:16 . 2009-08-12 18:01 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2009-09-10 18:54 . 2009-08-12 18:01 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2009-09-10 18:53 . 2009-08-12 18:01 19160 ----a-w- c:\windows\system32\drivers\mbam.sys
2009-08-14 22:29 . 2009-08-14 22:29 102664 ----a-w- c:\windows\system32\drivers\tmcomm.sys
2009-08-12 19:39 . 2009-08-12 19:34 79592 ----a-w- c:\documents and settings\Administrator\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
2009-08-12 19:35 . 2009-08-12 19:35 -------- d-----w- c:\documents and settings\Administrator\Application Data\Malwarebytes
2009-08-12 18:01 . 2009-08-12 18:01 -------- d-----w- c:\documents and settings\Admin\Application Data\Malwarebytes
2009-08-12 18:01 . 2009-08-12 18:01 -------- d-----w- c:\documents and settings\All Users\Application Data\Malwarebytes
2009-08-05 09:11 . 2004-08-04 21:00 204800 ----a-w- c:\windows\system32\mswebdvd.dll
2009-08-03 22:06 . 2009-08-03 22:05 5104 ----a-w- C:\NanoRepository.bin
2009-07-17 18:55 . 2004-08-04 21:00 58880 ----a-w- c:\windows\system32\atl.dll
2009-07-14 03:43 . 2004-08-04 21:00 286208 ----a-w- c:\windows\system32\wmpdxm.dll
2009-07-12 00:28 . 2009-07-12 00:28 245 ----a-w- c:\windows\system32\PSUNCpl.dat
2009-06-29 16:12 . 2004-08-04 21:00 827392 ----a-w- c:\windows\system32\wininet.dll
2009-06-29 16:12 . 2004-08-04 21:00 78336 ----a-w- c:\windows\system32\ieencode.dll
2009-06-29 16:12 . 2004-08-04 21:00 17408 ----a-w- c:\windows\system32\corpol.dll
2009-06-25 08:17 . 2004-08-04 21:00 729600 ----a-w- c:\windows\system32\lsasrv.dll
2009-06-25 08:17 . 2004-08-04 21:00 59392 ----a-w- c:\windows\system32\wdigest.dll
2009-06-25 08:17 . 2004-08-04 21:00 56320 ----a-w- c:\windows\system32\secur32.dll
2009-06-25 08:17 . 2004-08-04 21:00 301568 ----a-w- c:\windows\system32\kerberos.dll
2009-06-25 08:17 . 2004-08-04 21:00 168448 ----a-w- c:\windows\system32\schannel.dll
2009-06-25 08:17 . 2004-08-04 21:00 136192 ----a-w- c:\windows\system32\msv1_0.dll
2009-06-23 14:04 . 2009-06-23 14:04 136072 ----a-w- c:\windows\system32\drivers\PSINAflt.sys
2009-06-23 14:04 . 2009-06-23 14:04 114056 ----a-w- c:\windows\system32\drivers\PSINKNC.sys
2009-06-22 11:35 . 2004-08-04 21:00 92544 ----a-w- c:\windows\system32\drivers\ksecdd.sys

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
*Note* empty entries & legit default entries are not shown

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\Panda Malware Icon]
2009-06-18 21:51 283904 ----a-w- c:\program files\Panda Security\Panda Cloud Antivirus\PSUNShell.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\Panda Pending Delete Icon]
2009-06-18 21:51 283904 ----a-w- c:\program files\Panda Security\Panda Cloud Antivirus\PSUNShell.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\Panda Suspect Icon]
2009-06-18 21:51 283904 ----a-w- c:\program files\Panda Security\Panda Cloud Antivirus\PSUNShell.dll

2007-04-16 15:52 1770690 ----a-w- c:\windows\system32\ipmapi.dll

"MSMSGS"="c:\program files\Messenger\msmsgs.exe" [2004-10-14 1694208]

"hpWirelessAssistant"="c:\program files\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe" [2007-01-10 472776]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2006-06-14 7573504]
"SynTPEnh"="c:\program files\Synaptics\SynTP\SynTPEnh.exe" [2006-06-17 794713]
"ISUSPM Startup"="c:\program files\Common Files\InstallShield\UpdateService\isuspm.exe" [2005-08-12 249856]
"ISUSScheduler"="c:\program files\Common Files\InstallShield\UpdateService\issch.exe" [2005-08-12 81920]
"Cpqset"="c:\program files\HPQ\Default Settings\cpqset.exe" [2006-01-27 40960]
"RecGuard"="c:\windows\SMINST\RecGuard.exe" [2005-10-11 1187840]
"QlbCtrl"="c:\program files\Hewlett-Packard\HP Quick Launch Buttons\QlbCtrl.exe" [2006-11-06 159744]
"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2008-03-30 267048]
"QuickTime Task"="c:\program files\QuickTime\qttask.exe" [2008-03-29 413696]
"TkBellExe"="c:\program files\Common Files\Real\Update_OB\realsched.exe" [2007-01-07 185896]
"V0250Mon.exe"="c:\windows\V0250Mon.exe" [2006-06-08 32768]
"AVFX Engine"="c:\program files\Creative\Creative Live! Cam\VideoFX\StartFX.exe" [2006-06-09 24576]
"PSUNMain"="c:\program files\Panda Security\Panda Cloud Antivirus\PSUNMain.exe" [2009-06-04 353536]
"Malwarebytes Anti-Malware (reboot)"="c:\program files\Malwarebytes' Anti-Malware\mbam.exe" [2009-09-10 1312080]
"High Definition Audio Property Page Shortcut"="CHDAudPropShortcut.exe" - c:\windows\system32\CHDAudPropShortcut.exe [2006-04-18 61952]

c:\documents and settings\Default User\Start Menu\Programs\Startup\
Vongo Tray.lnk - c:\program files\Vongo\Tray.exe [2006-5-9 73728]

c:\documents and settings\Administrator\Start Menu\Programs\Startup\
Vongo Tray.lnk - c:\program files\Vongo\Tray.exe [2006-5-9 73728]

c:\documents and settings\Admin\Start Menu\Programs\Startup\
Vongo Tray.lnk - c:\program files\Vongo\Tray.exe [2006-5-9 73728]

"NoSetActiveDesktop"= 1 (0x1)
"NoActiveDesktopChanges"= 1 (0x1)

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\logstats]
2007-04-16 15:52 1177174 ----a-w- c:\windows\system32\logstats.dll


[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^HP Photosmart Premier Fast Start.lnk]
path=c:\documents and settings\All Users\Start Menu\Programs\Startup\HP Photosmart Premier Fast Start.lnk
backup=c:\windows\pss\HP Photosmart Premier Fast Start.lnkCommon Startup

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring]

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall]

"EnableFirewall"= 0 (0x0)

"c:\\Program Files\\Messenger\\msmsgs.exe"=
"c:\\Program Files\\Yahoo!\\Messenger\\YahooMessenger.exe"=
"c:\\Program Files\\Yahoo!\\Messenger\\YServer.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Program Files\\Google\\Google Talk\\googletalk.exe"=
"c:\\Program Files\\LimeWire\\LimeWire.exe"=
"c:\\Program Files\\Kontiki\\KService.exe"=
"c:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"=
"c:\\Program Files\\Windows Live\\Messenger\\livecall.exe"=
"c:\\Program Files\\iTunes\\iTunes.exe"=
"c:\\Program Files\\Skype\\Phone\\Skype.exe"=
"c:\\Program Files\\TVUPlayer\\TVUPlayer.exe"=
"c:\\Program Files\\Mozilla Firefox\\firefox.exe"=
"c:\\Program Files\\Veoh Networks\\VeohWebPlayer\\veohwebplayer.exe"=

R1 PSINKNC;PSINKNC;c:\windows\system32\drivers\PSINKNC.sys [6/23/2009 10:04 AM 114056]
R2 NanoServiceMain;NanoServiceMain;c:\program files\Panda Security\Panda Cloud Antivirus\PSANHost.exe [4/23/2009 8:14 PM 95488]
R2 PSINAflt;PSINAflt;c:\windows\system32\drivers\PSINAflt.sys [6/23/2009 10:04 AM 136072]
R2 PSINFile;PSINFile;c:\windows\system32\drivers\PSINFile.sys [6/4/2009 4:16 PM 92552]
R2 PSINProc;PSINProc;c:\windows\system32\drivers\PSINProc.sys [6/4/2009 4:16 PM 98184]
S2 npimz;npimz;c:\windows\system32\drivers\ujleik.sys --> c:\windows\system32\drivers\ujleik.sys [?]
S3 Flash1;Flash1;c:\swsetup\SP38062\winphlash\FLASH1.sys [3/1/2006 6:54 PM 3456]
S3 sit_bus;SIT_1x_usbmodem Device;c:\windows\system32\drivers\sit_bus.sys [7/1/2008 5:40 PM 22144]
S3 sit_flt;SUNGIL USB Filter Service;c:\windows\system32\drivers\sit_flt.sys [7/1/2008 5:40 PM 4352]
S3 sit_mdm;SIT_1x_usbmodem ;c:\windows\system32\drivers\sit_mdm.sys [7/1/2008 5:40 PM 39680]
S3 sit_prt;SIT_1x_usbmodem Port;c:\windows\system32\drivers\sit_prt.sys [7/1/2008 5:40 PM 38656]
S3 V0250Dev;Live! Cam Notebook Pro;c:\windows\system32\drivers\V0250Dev.sys [1/1/2009 9:16 PM 185504]
S3 V0250Vfx;V0250Vfx;c:\windows\system32\drivers\V0250Vfx.sys [1/1/2009 9:16 PM 6272]
------- Supplementary Scan -------
uStart Page = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=EN_US&c=64&bd=presario&pf=laptop
IE: Add to Google Photos Screensa&ver - c:\windows\system32\GPhotos.scr/200
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
FF - ProfilePath - c:\documents and settings\Admin\Application Data\Mozilla\Firefox\Profiles\aluat40d.default\
FF - plugin: c:\documents and settings\Admin\Application Data\Mozilla\Firefox\Profiles\aluat40d.default\extensions\firefox@tvunetworks.com\plugins\npTVUAx.dll
FF - plugin: c:\progra~1\Yahoo!\Common\npyaxmpb.dll
FF - plugin: c:\program files\Google\Picasa3\npPicasa3.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\npmozax.dll
FF - plugin: c:\program files\Veoh Networks\VeohWebPlayer\NPVeohTVPlugin.dll
FF - plugin: c:\program files\Veoh Networks\VeohWebPlayer\npWebPlayerVideoPluginATL.dll
- - - - ORPHANS REMOVED - - - -

AddRemove-Creative VF0250 - c:\windows\CtDrvIns.exe -uninstall -script VF0250.uns -unsext NT -plugin V0250Pin.dll


catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2009-09-15 18:11
Windows 5.1.2600 Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

Cpqset = c:\program files\HPQ\Default Settings\cpqset.exe?????? ???@???????????????@? ???`Y????????@???????@

scanning hidden files ...

scan completed successfully
hidden files: 0

--------------------- DLLs Loaded Under Running Processes ---------------------

- - - - - - - > 'winlogon.exe'(936)

- - - - - - - > 'explorer.exe'(3936)
c:\program files\Panda Security\Panda Cloud Antivirus\PSUNShell.dll
------------------------ Other Running Processes ------------------------
c:\program files\Lavasoft\Ad-Aware\aawservice.exe
c:\program files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
c:\program files\Symantec\LiveUpdate\AluSchedulerSvc.exe
c:\program files\Bonjour\mDNSResponder.exe
c:\program files\Common Files\LightScribe\LSSrvc.exe
c:\program files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
c:\program files\Hewlett-Packard\Shared\hpqwmiex.exe
c:\program files\Windows Media Player\wmpnetwk.exe
c:\program files\iPod\bin\iPodService.exe
c:\program files\Symantec\LiveUpdate\AUPDATE.EXE
Completion time: 2009-09-15 18:18 - machine was rebooted
ComboFix-quarantined-files.txt 2009-09-15 22:18

Pre-Run: 5,298,216,960 bytes free
Post-Run: 5,594,554,368 bytes free

[boot loader]
[operating systems]
c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons
multi(0)disk(0)rdisk(0)partition(1)\WINDOWS="Microsoft Windows XP Home Edition" /noexecute=optin /fastdetect /usepmtimer

240 --- E O F --- 2009-08-14 22:15

Believe this is an HP computer, correct? Did it come with Vongo? Did you recently install it?

Believe this is an HP computer, correct? Did it come with Vongo? Did you recently install it?

yup this is a compaq presario v3000 and it came with Vongo

anything else i should be doing??

Sorry, I was away for much of yesterday. Does the computer seem to be running better? Or are you still having problems?

One thing I AM questioning, you said you are using Panda Cloud Antivirus but there are a number of Symantec files on the computer...and running. Is this an OLD anti-virus program that you failed to totally uninstall?

the computer seems to be running much better...

i did another mbam scan and have posted the log...

Malwarebytes' Anti-Malware 1.41
Database version: 2813
Windows 5.1.2600 Service Pack 2

9/16/2009 7:56:06 PM
mbam-log-2009-09-16 (19-56-00).txt

Scan type: Full Scan (C:\|D:\|)
Objects scanned: 208226
Time elapsed: 1 hour(s), 9 minute(s), 1 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 0
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 2

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
(No malicious items detected)

Registry Values Infected:
(No malicious items detected)

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
(No malicious items detected)

Files Infected:
C:\Qoobox\Quarantine\C\WINDOWS\system32\SKYNETwqqoipuq.dll.vir (Rootkit.TDSS) -> No action taken.
C:\System Volume Information\_restore{1368902D-6A36-4B35-812D-DDC763090AC0}\RP356\A0196119.dll (Rootkit.TDSS) -> No action taken.

i removed all the checked items and completed another scan...
Malwarebytes' Anti-Malware 1.41
Database version: 2813
Windows 5.1.2600 Service Pack 2

9/16/2009 9:20:14 PM
mbam-log-2009-09-16 (21-20-14).txt

Scan type: Full Scan (C:\|D:\|)
Objects scanned: 208129
Time elapsed: 1 hour(s), 0 minute(s), 46 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 0
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 0

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
(No malicious items detected)

Registry Values Infected:
(No malicious items detected)

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
(No malicious items detected)

Files Infected:
(No malicious items detected)

seems like it is gone....

anything else i might need to do...

and yes the symantec was something which was uninstalled previously...

and yes the symantec was something which was uninstalled previously...

Well at least some of it remains. How did you uninstall it? Via Add/Remove? Which version was it, do you recall?
There is a Norton Removal tool that you can use but you have to use the step given specifically for the version you had on the computer.
It DOES need to come off there.

alright...took it off...looks like i am all set...

thank you so much for your help....

WAIT! You are not finished yet. You need to do two more things....

First you need to Uninstall Combofix. This isn't needed anymore
* Click START then RUN
* Now type Combofix /u in the runbox and click OK. The space between the combofix and the /u, it must be there.
When shown the disclaimer, Select "2"

You also need to set a new, clean Restore point.
To do this Right Click My computer.
Choose Properties
When System Properties opens choose the System Restore Tab.
Place a check mark in Shut down System Restore.
You will probably get a message telling you it will be shut down, click ok or yes.
Allow it to shut down.
Wait a moment. Then go back in and take that check mark Out so that System Restore will turn back on.

oops...wrote too soon....

completed both the steps...combo fix is out....system restore was shut down and turned back on again...

once again...thanks a lot for your help with this....

Happy to help. If you feel all is well then you can mark this one solved.