Anway, a virus got installed on my machine. It basically installed an application called Antivirus XP 2008. I was able to manually delete the files that it installed and remove it from the start menu and desktop.
But this darn thing also installed itself in my \windows\System32 directory. I was able to notice the suspect file by looking at the files by date and I noticed a few that were created when I got the virus:
lanmanwrk.exe
KernelDrv.exe
kcopt.dll
Dll.dll
ikhcore.cfg
ksvcl.dll
Also I noticed a driver file (Winlt17.sys) that was in the \windows\System32\Drivers director
Some of the files in the System32 directory I could delete but I could not delete some of them nor could I delete the driver file (Winlt17.sys). Even in safe mode, Windows would load it upon startup and so the file would be locked. I kept getting warnings of applications trying to access dll.dll from my spyware application. I could also never delete the registry settings that pointed to the Winlt17.sys file. I was able to delete the other registry settings to the other files, but after a few minutes they would appear back in the registry.
Finally after trying many options, I found a very useful site: http://www.slax.org/
They provide a bootable Linux CD that I used to boot my PC. Then from Linux, I went to my hard drive and manually deleted the files. Then when I booted into Windows, I was able to delete the registry settings that pertained to those files.
Now I am no longer getting any warnings from my spyware, nor are there any files appearing in the System32 or System32/Drivers directory.
Another thing that was done to my machine was that my screen saver tab was missing. The Antivirus XP 2008 software replaced the background with its image and disabled the Screen Saver tab. I found out that I needed to change the registry setting:
[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\System]I spent much time on this, and so I hope this helps someone else.
"NoDispScrSavPage"=dword:00000000
BTW, the application "Antivirus XP 2008" links to a site. When I did a whois on that site, it shows an address of someplace in Russia. If I ever visit Russia, I will definately make a visit there.
