im using windows xp sp2. I noticed that my firewall keeps getting turned off so i got zone alarm free firewall.it started detecting various incoming port scans from various diffrent ip's .upgraded to zone alarm pro free trial and did a full check.found 2 viruses (even thought nod32 didnt find any) and 5 spywares with 2 being high risk (not-a-virus mirc client and a p2p client) thought the incoming warnings should stop but they didnt.then i couldnt open any file not even firefox but startup files i could like zone alarm and nod32.did a full check again and found a 'abc keylogger' . Googled for the file thing and found a way to change user permissions through windows folder.played with the permissions and the files started to work after reboot but i noticed that the sharing on windows folder was set to name:ADMIN$ comment:remote admin and user count to maximum. This morning the same thing started to happen even though zone alarm and nod32 dont find anything.im writing this from my cell phone because when i connect to the net i get tons of port scans from different ip's.also sorry for the spelling mistakes.i dont really know what to do and would really appriciate any help.

use more tools to ensure no malware is running

http://wiki.castlecops.com/Malware_Removal_and_Prevention:_Overview

Cudni

after booting in safe mode i noticed that theres an administrator account with my own which i never created and also the guest account is disabled. And i noticed that sharing options on my drives were also on and when i disabled them i got some warning message saying that the options will be restored when the server will be rebooted

Just a note on abc keylogger, it must be installed manually. Anyone else using that machine? http://www.symantec.com/security_response/writeup.jsp?docid=2004-092419-2845-99

1) What *exactly* did the error message say when you disabled sharing on the drives?

2) In Safe mode there is usually a 'hidden' account name "administrator" - unless this is the account that you use (a bad no no) for all your daily work, this is normal.

3) It honestly sounds like you have already been infected, and more than that, that your machine is a part of the zombie network. I'd take the computer offline (remove the Ethernet cable, unplug the DSL / Cable modem, whatever you have to do) and go to another computer and grab the tools mentioned by Cudni in the first reply and burn them to CD / DVD and then run them on this computer - while staying offline.

i kinda cleaned my pc so went on and registered here because its really a great place to get help. now about the problems. after getting tons of port scans from diffrent ips ones from my own isp and others from diffrent. on one of the ips i used the zone alarms 'more info' option and it showed me that i was getting hacked from korea. i disconnected my modem and ran nod32 scans. after not finding any viruses i downloaded the recommended programs from the malware removal guide from anoter computer and ran the scans.found some tracking cookies,trojans and keyloggers.cleaned them but the port scans still wouldnt go away.im using dial-up and the second i connect i would instantly get a warning from zone alarm.at my isps web page there is a port scanner which showed me that my port 135 was open. then i found out that my isp was providing a security service for like 1$/month which instantly stopped all the port scans and the port 135 was closed. this was strange for me because i only got a couple of scans through that port and they were always blocked or so i believed.but anyway the scans stoped. i updated all my anti malware and anti virus programs and scanned again. found a trojan downloader and another trojan but i still think that im not 100% clean because nod32 and ad-aware run strangely slow and the permissions on my c,e drives and windows folder get back there after every reboot.
the shares on the drives are normal i think because they only write this when i turn them off :

"This share was created for administrative purposes only.The share will reappear when the Server service is stopped nad restarted or the computer is rebooted.Are you sure you wish to stop sharing E$?"

when i turn off sharing on windows it doesnt say anything.

soo long story short : my isp removed all the port scans and i cleaned all the malware with the programs from the malware removal guide but i still get the sharing options on c,e drives and windows folder.

oh and by the way as wand411 the abc keylogger can only be installed manually. i used to downloaded all kinds of stuff for mmorpg games and keyloggers are often used to steal the accouts in such games so could i have downloaded and installed the keylogger with any other programs not knowing it? because im the only one using this computer.

i allready submited my hjt log not wanting to waste your time but if this is a common virus and could be easily removed i would appreciate your help.