Symptoms: Started with pop ups and got more severe pretty quickly. Have run Malwarebytes, AVG FREE, AVAST and adaware. Looks like quite a bit of it had gone, but my background is still different and unchangeable. Also, it seems that the whole system crashes and the computer restarts, though since running Malwarebytes this hasn't seemed to happen (though it's only been a half an hour). Thanks, hope someone can help!
~J
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 1:54:40 AM, on 9/13/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\PROGRA~1\AVG\AVG8\avgtray.exe
C:\Documents and Settings\DJWrecker\Desktop\windows-kb890830-v2.2.exe
c:\7d44de9bf38a62d832daa5977f6d\mrtstub.exe
C:\Program Files\Common Files\Apple\Mobile Device
Support\bin\AppleMobileDeviceService.exe
C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\M-Audio\Conectiv\MAUSBCVInst.exe
C:\WINDOWS\system32\svchost.exe
C:\PROGRA~1\AVG\AVG8\avgrsx.exe
C:\PROGRA~1\AVG\AVG8\avgemc.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\WINDOWS\system32\MRT.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title =
Microsoft Internet Explorer provided by HBI
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet
Settings,ProxyServer = hbi-isa.hbi.com:8080
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet
Settings,ProxyOverride =
artbox;flyers;cisco-acs;rims;*.hbi.com;callwatcher;webgarage;flyers.hbi
.com;corpmsg.hbi.com;graphics-ftp-gw.hbi.com;nav-metaframe;webmail.reel
zchannel.com;172.23.2.14;172.23.2.5;172.21.*;172.22.*;172.23.*;192.168.
*;69.54.46.142;207.126.125.9;<local>;*.local
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3}
- C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll (file
missing)
O2 - BHO: Skype add-on (mastermind) -
{22BF413B-C6D2-4d91-82A9-A0F997BA588C} - C:\Program
Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
O2 - BHO: WormRadar.com IESiteBlocker.NavFilter -
{3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program
Files\AVG\AVG8\avgssie.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -
C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O4 - HKLM\..\Run: [AVG8_TRAY] C:\PROGRA~1\AVG\AVG8\avgtray.exe
O4 - HKLM\..\Policies\Explorer\Run: [Goh0tNuYAF] C:\Documents and
Settings\DJWrecker\Desktop\AdobeFlashPlayerHD.exe
O4 - HKUS\S-1-5-18\..\Run: [cpucooler] C:\WINDOWS\cpucooler.exe (User
'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [cpucooler] C:\WINDOWS\cpucooler.exe (User
'Default user')
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} -
C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console -
{08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program
Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra button: Skype - {77BF5300-1474-4EC7-9980-D32B190E9B07} -
C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} -
C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger -
{FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program
Files\Messenger\msmsgs.exe
O17 -
HKLM\System\CCS\Services\Tcpip\..\{0D66CDAA-45C8-4E87-B065-84D813B0F02D
}: NameServer = 203.146.251.58
O17 -
HKLM\System\CCS\Services\Tcpip\..\{690223BF-71F6-461C-9D13-B05E2C9A9C4D
}: NameServer = 203.146.251.58
O17 -
HKLM\System\CCS\Services\Tcpip\..\{B8E338B8-64CC-4FF1-9574-421170533AF6
}: NameServer = 203.146.251.58
O17 -
HKLM\System\CS1\Services\Tcpip\..\{0D66CDAA-45C8-4E87-B065-84D813B0F02D
}: NameServer = 203.146.251.58
O17 -
HKLM\System\CS2\Services\Tcpip\..\{0D66CDAA-45C8-4E87-B065-84D813B0F02D
}: NameServer = 203.146.251.58
O18 - Protocol: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} -
C:\Program Files\AVG\AVG8\avgpp.dll
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} -
C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O20 - AppInit_DLLs: avgrsstx.dll
O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program
Files\Common Files\Apple\Mobile Device
Support\bin\AppleMobileDeviceService.exe
O23 - Service: AVG Free8 E-mail Scanner (avg8emc) - AVG Technologies
CZ, s.r.o. - C:\PROGRA~1\AVG\AVG8\avgemc.exe
O23 - Service: AVG Free8 WatchDog (avg8wd) - AVG Technologies CZ,
s.r.o. - C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe
O23 - Service: Bonjour Service - Apple Inc. - C:\Program
Files\Bonjour\mDNSResponder.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision
Corporation - C:\Program Files\Common
Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program
Files\iPod\bin\iPodService.exe
O23 - Service: M-Audio Conectiv Installer (MAudioConectivService) -
Avid Technology, Inc. - C:\Program
Files\M-Audio\Conectiv\MAUSBCVInst.exe
O23 - Service: SiSoftware Database Agent Service (SandraDataSrv) -
SiSoftware - C:\Program Files\SiSoftware\SiSoftware Sandra Lite
XIb\Win32\RpcDataSrv.exe
O23 - Service: SiSoftware Sandra Agent Service (SandraTheSrv) -
SiSoftware - C:\Program Files\SiSoftware\SiSoftware Sandra Lite
XIb\RpcSandraSrv.exe
--
End of file - 5111 bytes