Virus taking over my computer with Ads

[RandomTaskMan]

virus opens iexplore.exe under SYSTEM and plays Adverts, I have no idea how to remove this

Hijack this log:

Logfile of Trend Micro HijackThis v2.0.2

Scan saved at 9:31:02 PM, on 11/14/2009

Platform: Windows XP SP3 (WinNT 5.01.2600)

MSIE: Internet Explorer v8.00 (8.00.6001.18702)

Boot mode: Normal

Running processes:

C:\WINDOWS\System32\smss.exe

C:\WINDOWS\system32\csrss.exe

C:\WINDOWS\system32\winlogon.exe

C:\WINDOWS\system32\services.exe

C:\WINDOWS\system32\lsass.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\System32\svchost.exe

C:\WINDOWS\System32\svchost.exe

C:\WINDOWS\System32\svchost.exe

C:\WINDOWS\system32\spoolsv.exe

C:\WINDOWS\System32\svchost.exe

C:\Program Files\Java\jre6\bin\jqs.exe

C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe

C:\WINDOWS\system32\nvsvc32.exe

C:\WINDOWS\System32\svchost.exe

C:\WINDOWS\Explorer.EXE

C:\Program Files\RALINK\Common\RaUI.exe

C:\WINDOWS\System32\alg.exe

C:\Program Files\Skype\Plugin Manager\skypePM.exe

C:\WINDOWS\system32\ctfmon.exe

C:\Program Files\Mozilla Firefox\firefox.exe

C:\Program Files\Skype\Phone\Skype.exe

C:\Program Files\Digsby\lib\digsby-app.exe

C:\Program Files\Digsby\lib\aspell\bin\aspell.exe

C:\Program Files\Skype\Toolbars\Shared\SkypeNames.exe

C:\Program Files\Adobe\acrotray.exe

C:\Program Files\Adobe\acrotray.exe

C:\Program Files\Adobe\acrotray .exe

C:\Program Files\Adobe\acrotray .exe

C:\Program Files\Internet Explorer\IEXPLORE.EXE

C:\Program Files\Internet Explorer\IEXPLORE.EXE

C:\Documents and Settings\Owner\My Documents\Downloads\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://us5.hpwis.com/

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://srch-us5.hpwis.com/

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://srch-us5.hpwis.com/

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://srch-us5.hpwis.com/

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = www.google.com

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://srch-us5.hpwis.com/

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896

R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157

R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://srch-us5.hpwis.com/

R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch = http://srch-us5.hpwis.com/

R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local

O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx

O2 - BHO: Skype add-on (mastermind) - {22BF413B-C6D2-4d91-82A9-A0F997BA588C} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll

O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll

O2 - BHO: Java Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll

O3 - Toolbar: &hp toolkit - {B2847E28-5D7D-4DEB-8B67-05D28BCF79F5} - C:\HP\EXPLOREBAR\HPTOOLKT.DLL

O3 - Toolbar: Ask.com Toolbar - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files\Ask.com\GenericAskToolbar.dll (file missing)

O4 - HKLM\..\Run: [PreloadApp] c:\hp\drivers\printers\photosmart\hphprld.exe c:\hp\drivers\printers\photosmart\setup.exe -d

O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit

O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup

O4 - HKLM\..\Run: [Malwarebytes' Anti-Malware] "C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe" /starttray

O4 - HKLM\..\Run: [Malwarebytes Anti-Malware (reboot)] "C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe" /runcleanupscript

O4 - HKLM\..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k

O4 - HKCU\..\Run: [skype] "C:\Program Files\Skype\Phone\Skype.exe" /nosplash /minimized

O4 - HKCU\..\Run: [uTorrent] "C:\Program Files\uTorrent\uTorrent.exe"

O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe

O4 - HKCU\..\Run: [Google Update] "C:\Documents and Settings\Owner\Local Settings\Application Data\Google\Update\GoogleUpdate.exe" /c

O4 - HKCU\..\Run: [DAEMON Tools Lite] "C:\Program Files\DAEMON Tools Lite\DTLite.exe" -autorun

O4 - HKCU\..\Run: [ONAIR] C:\Program Files\ONAIR\ONAIR .exe

O4 - S-1-5-18 Startup: AutoPlay.exe (User 'SYSTEM')

O4 - S-1-5-18 Startup: AutoTBar.exe (User 'SYSTEM')

O4 - .DEFAULT Startup: AutoPlay.exe (User 'Default user')

O4 - .DEFAULT Startup: AutoTBar.exe (User 'Default user')

O4 - .DEFAULT User Startup: AutoPlay.exe (User 'Default user')

O4 - .DEFAULT User Startup: AutoTBar.exe (User 'Default user')

O4 - Startup: digsby.lnk = C:\Program Files\Digsby\digsby.exe

O4 - Global Startup: Ralink Wireless Utility.lnk = C:\Program Files\RALINK\Common\RaUI.exe

O8 - Extra context menu item: Build LinkLister List from Selected Url(s) - C:\Program Files\LinkLister\build_from_sel.html

O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~3\Office12\EXCEL.EXE/3000

O9 - Extra button: (no name) - {5067A26B-1337-4436-8AFE-EE169C2DA79F} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll

O9 - Extra 'Tools' menuitem: Skype add-on for Internet Explorer - {5067A26B-1337-4436-8AFE-EE169C2DA79F} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll

O9 - Extra button: Skype - {77BF5300-1474-4EC7-9980-D32B190E9B07} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll

O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~3\Office12\REFIEBAR.DLL

O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe

O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe

O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe (file missing)

O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe (file missing)

O9 - Extra button: LinkLister - {63A59C7F-65C5-4fe9-AAD1-C9E508E9FBFB} - C:\Program Files\LinkLister\ll.exe (file missing) (HKCU)

O9 - Extra 'Tools' menuitem: LinkLister - {63A59C7F-65C5-4fe9-AAD1-C9E508E9FBFB} - C:\Program Files\LinkLister\ll.exe (file missing) (HKCU)

O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll

O16 - DPF: {5D6F45B3-9043-443D-A792-115447494D24} (UnoCtrl Class) - http://messenger.zone.msn.com/MessengerGam...1/GAME_UNO1.cab

O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/microsoftupdat...b?1245730708465

O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsoftupdat...b?1245730694856

O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/Messe...nt.cab56907.cab

O18 - Protocol: navnet - {AD6E5643-7B0C-46AA-95AD-9773FF2A857A} - C:\Program Files\NavNetApp\ComUtilities.dll

O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Documents and Settings\All Users\Application Data\Skype\Plugins\Plugins\31E6481A7A624C39BB43E8BF6390376C\Skype4COM.dll

O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe

O23 - Service: MBAMService - Malwarebytes Corporation - C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe

O23 - Service: nProtect GameGuard Service (npggsvc) - Unknown owner - C:\WINDOWS\system32\GameMon.des.exe (file missing)

O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe

--

End of file - 8438 bytes

[Blade81]

Hello,

Download DDS and save it to your desktop from here or here or here.

Disable any script blocker, and then double click dds.scr to run the tool.

• When done, DDS will open two (2) logs:
  1. DDS.txt
     
  2. Attach.txt
     

  [*]Save both reports to your desktop. Post them back to your topic.

[RandomTaskMan]

Hello,

Download DDS and save it to your desktop from here or here or here.

Disable any script blocker, and then double click dds.scr to run the tool.

• When done, DDS will open two (2) logs:
  1. DDS.txt
     
  2. Attach.txt
     

  [*]Save both reports to your desktop. Post them back to your topic.

DDS log:

DDS (Ver_09-10-26.01) - NTFSx86  
Run by Owner at 23:05:23.79 on Wed 11/18/2009
Internet Explorer: 8.0.6001.18702 BrowserJavaVersion: 1.6.0_15
Microsoft Windows XP Home Edition  5.1.2600.3.1252.1.1033.18.1023.440 [GMT -8:00]


============== Running Processes ===============

C:\WINDOWS\system32\svchost -k DcomLaunch
svchost.exe
C:\WINDOWS\System32\svchost.exe -k netsvcs
svchost.exe
svchost.exe
C:\WINDOWS\system32\spoolsv.exe
svchost.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\System32\svchost.exe -k imgsvc
C:\WINDOWS\system32\RUNDLL32.EXE
C:\Program Files\RALINK\Common\RaUI.exe
C:\Program Files\Digsby\lib\digsby-app.exe
C:\WINDOWS\System32\svchost.exe -k HTTPFilter
C:\Program Files\Skype\Plugin Manager\skypePM.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Digsby\lib\aspell\bin\aspell.exe
C:\Program Files\Skype\Phone\Skype.exe
C:\Documents and Settings\Owner\Local Settings\Application Data\Google\Update\googleupdate.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Skype\Toolbars\Shared\SkypeNames.exe
C:\Program Files\VideoLAN\VLC\vlc.exe
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\Documents and Settings\Owner\My Documents\Downloads\dds.scr

============== Pseudo HJT Report ===============

uStart Page = www.google.com
uSearch Page = hxxp://srch-us5.hpwis.com/
uDefault_Page_URL = hxxp://us5.hpwis.com/
uDefault_Search_URL = hxxp://srch-us5.hpwis.com/
uSearch Bar = hxxp://srch-us5.hpwis.com/
mSearch Bar = hxxp://srch-us5.hpwis.com/
uInternet Settings,ProxyOverride = *.local
mSearchAssistant = hxxp://srch-us5.hpwis.com/
mCustomizeSearch = hxxp://srch-us5.hpwis.com/
BHO: AcroIEHlprObj Class: {06849e9f-c8d7-4d59-b87d-784b7d6be0b3} - c:\program files\adobe\acrobat 5.0\reader\activex\AcroIEHelper.ocx
BHO: Skype add-on (mastermind): {22bf413b-c6d2-4d91-82a9-a0f997ba588c} - c:\program files\skype\toolbars\internet explorer\SkypeIEPlugin.dll
BHO: Windows Live Sign-in Helper: {9030d464-4c02-4abf-8ecc-5164760863c6} - c:\program files\common files\microsoft shared\windows live\WindowsLiveLogin.dll
BHO: Java(tm) Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll
BHO: Google Gears Helper: {e0fefe40-fbf9-42ae-ba58-794ca7e3fb53} - c:\program files\google\google gears\internet explorer\0.5.33.0\gears.dll
TB: &hp toolkit: {b2847e28-5d7d-4deb-8b67-05d28bcf79f5} - c:\hp\explorebar\HPTOOLKT.DLL
TB: Ask.com Toolbar: {d4027c7f-154a-4066-a1ad-4243d8127440} - c:\program files\ask.com\GenericAskToolbar.dll
EB: hp toolkit: {8f4902b6-6c04-4ade-8052-aa58578a21bd} - c:\windows\system32\Shdocvw.dll
EB: {32683183-48a0-441b-a342-7c2a440a9478} - No File
uRun: [Skype] "c:\program files\skype\phone\Skype.exe" /nosplash /minimized
uRun: [uTorrent] "c:\program files\utorrent\uTorrent.exe"
uRun: [ctfmon.exe] c:\windows\system32\ctfmon.exe
uRun: [Google Update] "c:\documents and settings\owner\local settings\application data\google\update\GoogleUpdate.exe" /c
uRun: [DAEMON Tools Lite] "c:\program files\daemon tools lite\DTLite.exe" -autorun
uRun: [ONAIR] c:\program files\onair\onair   .exe
mRun: [PreloadApp] c:\hp\drivers\printers\photosmart\hphprld.exe c:\hp\drivers\printers\photosmart\setup.exe -d
mRun: [NvMediaCenter] RUNDLL32.EXE c:\windows\system32\NvMcTray.dll,NvTaskbarInit
mRun: [NvCplDaemon] RUNDLL32.EXE c:\windows\system32\NvCpl.dll,NvStartup
mRun: [Malwarebytes' Anti-Malware] "c:\program files\malwarebytes' anti-malware\mbamgui.exe" /starttray
mRun: [Malwarebytes Anti-Malware (reboot)] "c:\program files\malwarebytes' anti-malware\mbam.exe" /runcleanupscript
mRun: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k
mRun: [Adobe_Reader] c:\program files\adobe\acrotray.exe
StartupFolder: c:\docume~1\owner\startm~1\programs\startup\digsby.lnk - c:\program files\digsby\digsby.exe
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\ralink~1.lnk - c:\program files\ralink\common\RaUI.exe
IE: Build LinkLister List from Selected Url(s) - c:\program files\linklister\build_from_sel.html
IE: E&xport to Microsoft Excel - c:\progra~1\micros~3\office12\EXCEL.EXE/3000
IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe
IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe
IE: {09C04DA7-5B76-4EBC-BBEE-B25EAC5965F5} - {0B4350D1-055F-47A3-B112-5F2F2B0D6F08} - c:\program files\google\google gears\internet explorer\0.5.33.0\gears.dll
IE: {5067A26B-1337-4436-8AFE-EE169C2DA79F} - {77BF5300-1474-4EC7-9980-D32B190E9B07} - c:\program files\skype\toolbars\internet explorer\SkypeIEPlugin.dll
IE: {77BF5300-1474-4EC7-9980-D32B190E9B07} - {77BF5300-1474-4EC7-9980-D32B190E9B07} - c:\program files\skype\toolbars\internet explorer\SkypeIEPlugin.dll
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\micros~3\office12\REFIEBAR.DLL
DPF: Microsoft XML Parser for Java - file://c:\windows\java\classes\xmldso.cab
DPF: {5D6F45B3-9043-443D-A792-115447494D24} - hxxp://messenger.zone.msn.com/MessengerGamesContent/GameContent/Default/uno1/GAME_UNO1.cab
DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} - hxxp://update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1245730708465
DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} - hxxp://update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1245730694856
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_15-windows-i586.cab
DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} - hxxp://fpdownload.macromedia.com/get/flashplayer/current/polarbear/ultrashim.cab
DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} - hxxp://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab56907.cab
DPF: {CAFEEFAC-0016-0000-0015-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_15-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_15-windows-i586.cab
Handler: navnet - {AD6E5643-7B0C-46AA-95AD-9773FF2A857A} - c:\program files\navnetapp\ComUtilities.dll
Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - c:\documents and settings\all users\application data\skype\plugins\plugins\31e6481a7a624c39bb43e8bf6390376c\Skype4COM.dll
Notify: igfxcui - igfxsrvc.dll
SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - c:\windows\system32\WPDShServiceObj.dll

============= SERVICES / DRIVERS ===============

R2 MBAMService;MBAMService;c:\program files\malwarebytes' anti-malware\mbamservice.exe [2009-10-6 269648]
R3 ManyCam;ManyCam Virtual Webcam, WDM Video Capture Driver;c:\windows\system32\drivers\ManyCam.sys [2008-1-14 21632]
R3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [2009-10-6 19160]
S2 gupdate;Google Update Service (gupdate);c:\program files\google\update\GoogleUpdate.exe [2009-11-15 135664]
S3 getPlusHelper;getPlus® Helper;c:\windows\system32\svchost.exe -k getPlusHelper [2009-1-5 17408]
S3 npggsvc;nProtect GameGuard Service;c:\windows\system32\gamemon.des -service --> c:\windows\system32\GameMon.des -service [?]
S3 trid3d;trid3d;c:\windows\system32\drivers\trid3dm.sys [2002-3-20 144860]

=============== Created Last 30 ================

2009-11-19 03:27:30	93030	----a-w-	c:\documents and settings\owner\rundll32.exe
2009-11-16 07:28:15	120578	----a-w-	c:\documents and settings\owner\rundll32 .exe
2009-11-15 19:04:52	4273	----a-w-	C:\test.spr
2009-11-15 18:36:39	0	d-----w-	c:\program files\Software2000
2009-11-15 17:00:20	40960	----a-w-	c:\windows\system32\SSubTmr6.dll
2009-11-15 17:00:20	118784	----a-w-	c:\windows\system32\vbalNCSM6.dll
2009-11-15 17:00:13	1760	----a-w-	c:\windows\system32\objsafe.tlb
2009-11-15 17:00:12	1453	----a-w-	c:\windows\system32\Project2.INF
2009-11-15 17:00:10	70088	----a-w-	c:\windows\system32\Project2-1.ocx
2009-11-15 16:59:00	0	d-----w-	c:\program files\eGames
2009-11-15 04:00:21	62214	----a-w-	c:\windows\system32\alcxmntr .exe
2009-11-11 11:05:45	0	d-----w-	c:\windows\system32\MpEngineStore
2009-11-09 18:13:16	1841196	----a-w-	c:\documents and settings\owner\paintball-s112-e-127.wav
2009-11-09 18:08:51	1430572	----a-w-	c:\documents and settings\owner\paintball-s9-e-25.wav
2009-11-08 21:29:58	65032	----a-w-	c:\windows\system32\XAPOFX1_0.dll
2009-11-08 21:29:58	507400	----a-w-	c:\windows\system32\XAudio2_1.dll
2009-11-08 21:29:47	25608	----a-w-	c:\windows\system32\X3DAudio1_4.dll
2009-11-08 21:29:37	267112	----a-w-	c:\windows\system32\xactengine2_9.dll
2009-11-08 21:29:37	18280	----a-w-	c:\windows\system32\x3daudio1_2.dll
2009-11-08 21:29:27	81768	----a-w-	c:\windows\system32\xinput1_3.dll
2009-11-08 21:29:13	3495784	----a-w-	c:\windows\system32\d3dx9_33.dll
2009-11-08 21:29:11	2414360	----a-w-	c:\windows\system32\d3dx9_31.dll
2009-11-08 21:29:02	0	d-----w-	c:\windows\Logs
2009-11-08 21:28:44	0	d-----w-	c:\program files\Microsoft XNA
2009-11-08 21:10:25	73728	----a-w-	c:\windows\system32\np_plugin.dll
2009-11-08 21:10:25	0	d-----w-	c:\program files\ONAIR
2009-11-08 21:08:01	0	d-----w-	c:\windows\system32\AGEIA
2009-11-08 20:58:53	0	d-----w-	c:\program files\Fort Zombie
2009-11-08 19:03:02	691696	----a-w-	c:\windows\system32\drivers\sptd.sys
2009-11-08 19:02:23	0	d-----w-	c:\program files\DAEMON Tools Lite
2009-11-08 19:02:02	0	d-----w-	c:\docume~1\owner\applic~1\DAEMON Tools Lite
2009-11-08 19:02:00	0	d-----w-	c:\docume~1\alluse~1\applic~1\DAEMON Tools Lite
2009-11-08 02:12:27	0	d-----w-	c:\docume~1\alluse~1\applic~1\Trymedia
2009-11-08 02:05:21	0	d-----w-	c:\program files\Peggle
2009-11-08 02:05:21	0	d-----w-	c:\program files\BFG
2009-11-07 05:08:32	0	d-----w-	c:\program files\CCleaner
2009-11-02 01:21:24	7168	--sha-w-	c:\windows\Thumbs.db
2009-10-26 01:03:09	0	d-----w-	c:\program files\Project64 1.6
2009-10-23 05:28:09	0	d-----w-	c:\program files\NVIDIA Corporation
2009-10-23 05:27:25	151552	----a-w-	c:\windows\system32\nvRegDev.dll
2009-10-20 12:42:16	0	d-----w-	c:\windows\system32\SoftwareDistribution

==================== Find3M  ====================

2009-10-23 05:17:11	60008	---ha-w-	c:\windows\system32\mlfcache.dat
2009-10-12 07:33:38	197	--sha-w-	c:\program files\common files\maxtreme.dat
2009-10-06 17:59:50	7496	----a-w-	c:\windows\system32\gasfkydmttnrmj.dat
2009-10-06 17:59:50	19968	----a-w-	c:\windows\system32\gasfkyqeewbfti.dll
2009-10-06 17:55:08	27136	----a-w-	c:\windows\system32\m9m8tgpttdfr .exe
2009-10-06 17:30:49	27136	----a-w-	c:\windows\system32\hkcmd.exe
2009-10-06 08:50:46	20992	----a-w-	c:\windows\system32\gasfkybayvilpv.dll
2009-10-06 08:49:44	45568	----a-w-	c:\windows\system32\gasfkyrpixlyab.dll
2009-10-06 08:49:35	27136	----a-w-	c:\windows\system32\ps2 .exe
2009-09-25 16:41:26	856064	----a-w-	c:\windows\system32\divx_xx0c.dll
2009-09-25 16:41:26	856064	----a-w-	c:\windows\system32\divx_xx07.dll
2009-09-25 16:41:26	847872	----a-w-	c:\windows\system32\divx_xx0a.dll
2009-09-25 16:41:26	843776	----a-w-	c:\windows\system32\divx_xx16.dll
2009-09-25 16:41:26	839680	----a-w-	c:\windows\system32\divx_xx11.dll
2009-09-25 16:41:26	696320	----a-w-	c:\windows\system32\DivX.dll
2009-09-11 14:18:39	136192	----a-w-	c:\windows\system32\msv1_0.dll
2009-09-04 21:03:36	58880	----a-w-	c:\windows\system32\msasn1.dll
2009-08-29 08:08:21	916480	----a-w-	c:\windows\system32\wininet.dll
2009-08-26 08:00:21	247326	----a-w-	c:\windows\system32\strmdll.dll
2001-08-18 12:00:00	94784	--sh--w-	c:\windows\twain.dll
2008-04-14 00:12:07	50688	--sh--w-	c:\windows\twain_32.dll
2008-04-14 00:11:56	1028096	--sha-w-	c:\windows\system32\mfc42.dll
2008-04-14 00:12:01	57344	--sha-w-	c:\windows\system32\msvcirt.dll
2008-04-14 00:12:01	413696	--sha-w-	c:\windows\system32\msvcp60.dll
2008-04-14 00:12:01	343040	--sha-w-	c:\windows\system32\msvcrt.dll
2008-04-14 00:12:32	11776	--sh--w-	c:\windows\system32\regsvr32.exe
2009-06-29 20:54:25	32768	--sha-w-	c:\windows\system32\config\systemprofile\local settings\history\history.ie5\mshist012009062220090629\index.dat
2009-06-29 20:54:25	32768	--sha-w-	c:\windows\system32\config\systemprofile\local settings\history\history.ie5\mshist012009062920090630\index.dat

============= FINISH: 23:06:32.59 ===============

Attach log:

UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.

IF REQUESTED, ZIP IT UP & ATTACH IT

DDS (Ver_09-10-26.01)

Microsoft Windows XP Home Edition

Boot Device: \Device\HarddiskVolume2

Install Date: 6/22/2009 8:57:54 PM

System Uptime: 11/18/2009 7:22:45 PM (4 hours ago)

Motherboard: MICRO-STAR INTERNATIONAL CO., LTD | | MS-6579

Processor: Intel® Pentium® 4 CPU 2.26GHz | Socket 478 | 2266/133mhz

==== Disk Partitions =========================

A: is Removable

C: is FIXED (NTFS) - 70 GiB total, 3.636 GiB free.

D: is FIXED (FAT32) - 5 GiB total, 0.746 GiB free.

E: is CDROM ()

F: is CDROM ()

G: is CDROM ()

==== Disabled Device Manager Items =============

Class GUID: {4D36E972-E325-11CE-BFC1-08002BE10318}

Description: Realtek RTL8139 Family PCI Fast Ethernet NIC

Device ID: PCI\VEN_10EC&DEV_8139&SUBSYS_579C1462&REV_10\4&11C9F252&0&60F0

Manufacturer: Realtek

Name: Realtek RTL8139 Family PCI Fast Ethernet NIC

PNP Device ID: PCI\VEN_10EC&DEV_8139&SUBSYS_579C1462&REV_10\4&11C9F252&0&60F0

Service: rtl8139

==== System Restore Points ===================

RP156: 11/10/2009 2:21:42 AM - System Checkpoint

RP157: 11/11/2009 3:00:37 AM - Software Distribution Service 3.0

RP158: 11/12/2009 3:26:58 AM - System Checkpoint

RP159: 11/13/2009 4:24:51 AM - System Checkpoint

RP160: 11/14/2009 9:24:50 PM - Move file to quarantine: ALCXMNTR.EXE

RP161: 11/15/2009 8:58:11 AM - Installation

RP162: 11/16/2009 10:16:48 AM - System Checkpoint

RP163: 11/17/2009 1:05:08 PM - System Checkpoint

RP164: 11/17/2009 5:15:11 PM - Software Distribution Service 3.0

RP165: 11/18/2009 7:38:45 PM - System Checkpoint

==== Installed Programs ======================

[Blade81]

Hi,

From now on post requested logs without placing them in code tags. Makes reading easier.

uTorrent

Above listed one is P2P file sharing program. P2P downloads are nowadays one of those things that most likely bring infection into the system. My recommendation is to uninstall such programs.

Please visit this webpage for download links, and instructions for running ComboFix tool:

http://www.bleepingcomputer.com/combofix/how-to-use-combofix

Please ensure you read this guide carefully first.

Please continue as follows:

1. Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix, link
   Remember to re-enable them afterwards.
   
2. Click Yes to allow ComboFix to continue scanning for malware.
   

When the tool is finished, it will produce a report for you.

Please include the following reports for further review, and so we may continue cleansing the system:

C:\ComboFix.txt

New dds log.

A word of warning: Neither I nor sUBs are responsible for any damage you may have caused your machine by running ComboFix. This tool is not a toy and not for everyday use.

[AdvancedSetup]

Due to the lack of feedback this Topic is closed to prevent others from posting here. If you need this topic reopened, please send a Private Message to any one of the moderating team members. Please include a link to this thread with your request. This applies only to the originator of this thread.

Other members who need assistance please start your own topic in a new thread. Thanks!

The fixes and advice in this thread are for this machine only. Do not apply the instructions from this thread to your own machine. Please start a new thread describing your issue and someone will be along to assist you.