Okay, this is strange. That's twice that I ran VundoFix followed by Hijackthis and the changes made in Hijackthis didn't take.
I had to make the fixes in Hijackthis in regular windows mode and reboot and they all went away except for: F2 - REG:system.ini: Shell=
Here's the logs you requested:
Logfile of HijackThis v1.99.1
Scan saved at 6:52:27 AM, on 12/13/2005
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Panda Software\Panda Titanium 2006 Antivirus + Antispyware\TPSrv.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Panda Software\Panda Titanium 2006 Antivirus + Antispyware\pavsrv51.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Panda Software\Panda Titanium 2006 Antivirus + Antispyware\AVENGINE.EXE
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
c:\program files\panda software\panda titanium 2006 antivirus + antispyware\firewall\PNMSRV.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\System32\CTsvcCDA.EXE
C:\Program Files\ewido\security suite\ewidoctrl.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\WINDOWS\system32\nvsvc32.exe
C:\Program Files\Panda Software\Panda Titanium 2006 Antivirus + Antispyware\PavFnSvr.exe
C:\Program Files\Common Files\Panda Software\PavShld\pavprsrv.exe
C:\Program Files\Panda Software\Panda Titanium 2006 Antivirus + Antispyware\PsImSvc.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Webroot\Spy Sweeper\WRSSSDK.exe
C:\WINDOWS\system32\wdfmgr.exe
C:\WINDOWS\System32\MsPMSPSv.exe
C:\Program Files\Panda Software\Panda Titanium 2006 Antivirus + Antispyware\apvxdwin.exe
C:\WINDOWS\System32\alg.exe
C:\Program Files\Panda Software\Panda Titanium 2006 Antivirus + Antispyware\WebProxy.exe
C:\Program Files\Creative\ShareDLL\CtNotify.exe
C:\PROGRA~1\MICROS~4\GAMECO~1\common\swtrayv4.exe
C:\WINDOWS\system32\CTHELPER.EXE
C:\WINDOWS\system32\RUNDLL32.EXE
C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe
C:\Program Files\Messenger\msmsgs.exe
C:\Program Files\Creative\ShareDLL\MediaDet.Exe
C:\Program Files\Logitech\MouseWare\system\em_exec.exe
C:\Program Files\Panda Software\Panda Titanium 2006 Antivirus + Antispyware\avciman.exe
C:\Program Files\Panda Software\Panda Titanium 2006 Antivirus + Antispyware\psimreal.exe
C:\Documents and Settings\Kenny\Desktop\hijackthis\HijackThis.exe
C:\WINDOWS\system32\wuauclt.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.comcast.net/home.html
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.comcast.net/home.html
F2 - REG:system.ini: Shell=
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar1.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll
O4 - HKLM\..\Run: [Disc Detector] C:\Program Files\Creative\ShareDLL\CtNotify.exe
O4 - HKLM\..\Run: [Logitech Utility] Logi_MwX.Exe
O4 - HKLM\..\Run: [SideWinderTrayV4] C:\PROGRA~1\MICROS~4\GAMECO~1\common\swtrayv4.exe
O4 - HKLM\..\Run: [CTHelper] CTHELPER.EXE
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe
O4 - HKLM\..\Run: [APVXDWIN] "C:\Program Files\Panda Software\Panda Titanium 2006 Antivirus + Antispyware\APVXDWIN.EXE" /s
O4 - HKLM\..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O8 - Extra context menu item: &Google Search - res://C:\Program Files\Google\GoogleToolbar1.dll/cmsearch.html
O8 - Extra context menu item: &Translate English Word - res://C:\Program Files\Google\GoogleToolbar1.dll/cmwordtrans.html
O8 - Extra context menu item: &Yahoo! Search - file:///C:\Program Files\Yahoo!\Common/ycsrch.htm
O8 - Extra context menu item: Backward Links - res://C:\Program Files\Google\GoogleToolbar1.dll/cmbacklinks.html
O8 - Extra context menu item: Cached Snapshot of Page - res://C:\Program Files\Google\GoogleToolbar1.dll/cmcache.html
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MI1933~1\OFFICE11\EXCEL.EXE/3000
O8 - Extra context menu item: Similar Pages - res://C:\Program Files\Google\GoogleToolbar1.dll/cmsimilar.html
O8 - Extra context menu item: Translate Page into English - res://C:\Program Files\Google\GoogleToolbar1.dll/cmtrans.html
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O16 - DPF: {0A5FD7C5-A45C-49FC-ADB5-9952547D5715} (Creative Software AutoUpdate) - http://www.creative.com/su/ocx/15015/CTSUEng.cab
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (YInstStarter Class) - C:\Program Files\Yahoo!\Common\yinsthelper.dll
O16 - DPF: {39B0684F-D7BF-4743-B050-FDC3F48F7E3B} (FilePlanet Download Control Class) - http://www.fileplanet.com/fpdlmgr/ca...C_2.1.1.74.cab
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://acs.pandasoftware.com/actives...ree/asinst.cab
O16 - DPF: {B9191F79-5613-4C76-AA2A-398534BB8999} - http://us.dl1.yimg.com/download.yaho...tocomplete.cab
O16 - DPF: {F6ACF75C-C32C-447B-9BEF-46B766368D29} (Creative Software AutoUpdate Support Package) - http://www.creative.com/su/ocx/15016/CTPID.cab
O23 - Service: Creative Service for CDROM Access - Creative Technology Ltd - C:\WINDOWS\System32\CTsvcCDA.EXE
O23 - Service: ewido security suite control - ewido networks - C:\Program Files\ewido\security suite\ewidoctrl.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: Panda Function Service (PAVFNSVR) - Panda Software - C:\Program Files\Panda Software\Panda Titanium 2006 Antivirus + Antispyware\PavFnSvr.exe
O23 - Service: Panda Process Protection Service (PavPrSrv) - Panda Software - C:\Program Files\Common Files\Panda Software\PavShld\pavprsrv.exe
O23 - Service: Panda anti-virus service (PAVSRV) - Panda Software - C:\Program Files\Panda Software\Panda Titanium 2006 Antivirus + Antispyware\pavsrv51.exe
O23 - Service: Panda Network Manager (PNMSRV) - Panda Software - c:\program files\panda software\panda titanium 2006 antivirus + antispyware\firewall\PNMSRV.EXE
O23 - Service: Panda IManager Service (PSIMSVC) - Panda Software Internacional - C:\Program Files\Panda Software\Panda Titanium 2006 Antivirus + Antispyware\PsImSvc.exe
O23 - Service: Sandra Data Service (SandraDataSrv) - SiSoftware - C:\Program Files\SiSoftware\SiSoftware Sandra Lite 2005.SR2a\RpcDataSrv.exe
O23 - Service: Sandra Service (SandraTheSrv) - SiSoftware - C:\Program Files\SiSoftware\SiSoftware Sandra Lite 2005.SR2a\RpcSandraSrv.exe
O23 - Service: Webroot Spy Sweeper Engine (svcWRSSSDK) - Webroot Software, Inc. - C:\Program Files\Webroot\Spy Sweeper\WRSSSDK.exe
O23 - Service: Panda TPSrv (TPSrv) - Panda Software - C:\Program Files\Panda Software\Panda Titanium 2006 Antivirus + Antispyware\TPSrv.exe
VundoFix log:
VundoFix V2.15 by Atri
--------------------------------------------------------------------------------------
Listing files contained in the vundofix folder.
--------------------------------------------------------------------------------------
killvundo.bat
process.exe
ReadMe.txt
vundo.reg
vundofix.txt
--------------------------------------------------------------------------------------
Filepaths entered
--------------------------------------------------------------------------------------
The filepath entered was C:\WINDOWS\SYSTEM32\avldr.dll
The second filepath entered was C:\WINDOWS\system32\rdlva.*
--------------------------------------------------------------------------------------
Log from Process
--------------------------------------------------------------------------------------
Killing PID 204 'smss.exe'
Killing PID 868 'explorer.exe'
Killing PID 868 'explorer.exe'
Killing PID 280 'winlogon.exe'
Killing PID 280 'winlogon.exe'
--------------------------------------------------------------------------------------
C:\WINDOWS\SYSTEM32\avldr.dll Deleted sucessfully.
C:\WINDOWS\system32\rdlva.* Deleted sucessfully.
Fixing Registry
--------------------------------------------------------------------------------------
Thanks for all your help. Seems I was running inadequate Spyware apps for quite a while. I think I have the application problems solved, so I won't become infected like this again (I hope!).
Let me know if there is anything else I need to do.