Started with many virii, worms, adware that were hard to ID

This might help: http://www.petri.co.il/forgot_administrator_password.htm

Many thanks. A bit to read here and possibly a lot more to do. I will post again after trying a few things.

Belahzur and DragonMaster Jay,

OK. I have finally gotten past my immediate issue (which was the login loop). I thought that I would have to do a repair install, thus the need for remembering my password. The link you gave me above about the password got me started and I finally found this cracking utility which worked very well and automatically after burning the iso image to CD: http://ophcrack.sourceforge.net/. It cracked my password in a little over 5 minutes! Popped my WinXP Home Ed CD into the drive, but no option to repair became available (I am guessing this is because I installed SP2 and this is the SP1 CD--I don't know). Anyway, I finally found the right search to determine that my login loop was caused because because of a userinit.exe and wsaupdater.exe problem. fȋxed that and login worked with all of my info/programs intact.

That being said, I now have problems with some unknown dlls not being found, an internet connection that I can't seem to get to work anymore, and an occasional Windows error that crops up mentioning a missing or corrupt \minint\SYSTEM32\Config\System.

*** Any further ideas or should I now turn to another forum as it appears this is no longer due to an active virus?

Thank you for all your help.

*** Any further ideas or should I post to another forum? Please see below and previous post for more info if necessary. Thanks, again!

Update of my prior post... Got rid of the dll problem using CCLEANER. Also, hopefully got rid of the crash (using XP_fix.exe) that was occurring with the missing or corrupt \minint\SYSTEM32\Config\System while logged into Windows (waiting to see if this repeats).

Only remaining problem (that is obvious to me anyway):
- wireless network adapter card has a great signal and says connected
- I can ping IP address and DNS address (i.e. Google) without issue
- IE won't connect to any website
- IE won't connect to router at 192.168.0.1
- I tried turning off the firewall on the wireless desktop
- Other wireless computer can browse the internet through the same router.
- IPCONFIG /all looks similar to other wireless computer

Note:
I have not tried another browser. Before my infection, it was working (which is how I got the infection in the first place!).

Hello.
Sounds like a proxy maybe, did you check that too? Did you try another browser? Does Firefox work?

Firefox starts up and yields a blank page and it doesn't look like I have anything set for proxy.

What is the latest report? What are any problems you are having?

The latest is I am still dead with my wireless internet connection. IE and Firefox do not connect, yet I am able to ping www.google.com and its IP address successfully. I think my next step is to try a hardwired ethernet connection to find out if that will connect. If so, I believe that will tell me whether it is a wireless or a wireless/firewall or just a firewall problem.

Does that sound right?

Do you have any further ideas?

Thanks!

Go ahead and try hardwired and let me know the results please.

I tried hardwired and no go.

Firefox and IE both come up with blank pages. No proxies, no firewalls. Ping still works either hardwired or wireless. When I disable them, ping does not work (as expected). All that shows in Firefox is done at the bottom and the white, blank page. There are no other messages.

Because this machine is now operating standalone, would it be worth running another HJT?

Sure, we can start off with another HijackThis log.

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 8:36:02 PM, on 11/6/2009
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16608)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Common Files\Acronis\Schedule2\schedul2.exe
C:\Program Files\Symantec\LiveUpdate\AluSchedulerSvc.exe
C:\WINDOWS\eHome\ehRecvr.exe
C:\WINDOWS\eHome\ehSched.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\system32\UAService7.exe
C:\WINDOWS\system32\dllhost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\ehome\ehtray.exe
C:\WINDOWS\SOUNDMAN.EXE
C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe
C:\WINDOWS\system32\RUNDLL32.EXE
C:\Program Files\Java\jre6\bin\jusched.exe
C:\Acer\Empowering Technology\eRecovery\Monitor.exe
C:\Program Files\Acronis\TrueImage\TrueImageMonitor.exe
C:\Program Files\Common Files\Acronis\Schedule2\schedhlp.exe
C:\Program Files\Common Files\InstallShield\UpdateService\isuspm.exe
C:\Program Files\Messenger\msmsgs.exe
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Customer\Wireless PCI_CardBus utility V1.01\Wireless PCI_CardBus utility V1.01.exe
C:\WINDOWS\eHome\ehmsas.exe
C:\WINDOWS\system32\rundll32.exe
C:\Documents and Settings\Mom~Dad\Application Data\U3\00001673A671642D\LaunchPad.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://global.acer.com/
O1 - Hosts: 195.245.119.131 browser-security.microsoft.com
O2 - BHO: (no name) - {a96bcc63-40fd-402c-9b9f-4909a30d1c38} - (no file)
O2 - BHO: (no name) - {C5BF49A2-94F3-42BD-F434-3604812C8955} - (no file)
O2 - BHO: (no name) - {eeea7df5-983d-4519-a80e-f576b6d6b221} - (no file)
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O3 - Toolbar: &Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar.dll
O4 - HKLM\..\Run: [ehTray] C:\WINDOWS\ehome\ehtray.exe
O4 - HKLM\..\Run: [LaunchApp] Alaunch
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [ntiMUI] c:\Program Files\NewTech Infosystems\NTI CD & DVD-Maker 7\ntiMUI.exe
O4 - HKLM\..\Run: [RemoteControl] "C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe"
O4 - HKLM\..\Run: [IMJPMIG8.1] "C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE" /Spoil /RemAdvDef /Migration32
O4 - HKLM\..\Run: [MSPY2002] C:\WINDOWS\system32\IME\PINTLGNT\ImScInst.exe /SYNC
O4 - HKLM\..\Run: [PHIME2002ASync] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /SYNC
O4 - HKLM\..\Run: [PHIME2002A] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /IMEName
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe"
O4 - HKLM\..\Run: [eRecoveryService] C:\Acer\Empowering Technology\eRecovery\Monitor.exe
O4 - HKLM\..\Run: [Acronis True Image Monitor] "C:\Program Files\Acronis\TrueImage\TrueImageMonitor.exe"
O4 - HKLM\..\Run: [Acronis Scheduler2 Service] "C:\Program Files\Common Files\Acronis\Schedule2\schedhlp.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [ISUSPM Startup] "C:\Program Files\Common Files\InstallShield\UpdateService\isuspm.exe" -startup
O4 - HKLM\..\Run: [ISUSScheduler] "C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" -start
O4 - HKLM\..\Run: [ISUSPM] "C:\Program Files\Common Files\InstallShield\UpdateService\isuspm.exe" -scheduler
O4 - HKLM\..\Run: [Framework Windows] frmwrk32.exe
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKUS\S-1-5-21-3405786225-280757992-2748749879-1006\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background (User 'Alex~Lucas~Zachary')
O4 - HKUS\S-1-5-21-3405786225-280757992-2748749879-1006\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe (User 'Alex~Lucas~Zachary')
O4 - HKUS\S-1-5-21-3405786225-280757992-2748749879-1006\..\Run: [skinclock] C:\Program Files\Real Ball\realball.exe.exe (User 'Alex~Lucas~Zachary')
O4 - HKUS\S-1-5-21-3405786225-280757992-2748749879-1006\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe (User 'Alex~Lucas~Zachary')
O4 - HKUS\S-1-5-21-3405786225-280757992-2748749879-1006\..\Run: [jsf8uiw3jnjgffght] C:\DOCUME~1\ALEX~L~1\LOCALS~1\Temp\winlognn.exe (User 'Alex~Lucas~Zachary')
O4 - HKUS\S-1-5-21-3405786225-280757992-2748749879-1006\..\Run: [z2m0z66rj1jcdf9luoh] C:\DOCUME~1\ALEX~L~1\LOCALS~1\Temp\itnm86silg.exe (User 'Alex~Lucas~Zachary')
O4 - HKUS\S-1-5-21-3405786225-280757992-2748749879-1006\..\Run: [nt2h43rqwj1rpm9hw0tebbjor7pebssyb7siaud6nr] C:\DOCUME~1\ALEX~L~1\LOCALS~1\Temp\i4pxqur.exe (User 'Alex~Lucas~Zachary')
O4 - HKUS\S-1-5-21-3405786225-280757992-2748749879-1006\..\Run: [b19mn21g0unygi8ctkk9w4oh9af84ek1cx7t] C:\DOCUME~1\ALEX~L~1\LOCALS~1\Temp\rhpkutjmjw.exe (User 'Alex~Lucas~Zachary')
O4 - HKUS\S-1-5-21-3405786225-280757992-2748749879-1006\..\Run: [e9f3p78dpznr3ftgicgqg7z6g9cm876v] C:\DOCUME~1\ALEX~L~1\LOCALS~1\Temp\q0fotu35.exe (User 'Alex~Lucas~Zachary')
O4 - HKUS\S-1-5-21-3405786225-280757992-2748749879-1006\..\Run: [o6xv0aplwwdu7ek22gnf] C:\DOCUME~1\ALEX~L~1\LOCALS~1\Temp\asa98nl2.exe (User 'Alex~Lucas~Zachary')
O4 - HKUS\S-1-5-21-3405786225-280757992-2748749879-1006\..\Run: [ylpqnc0e1gzq3dls7t2jgz7b9eg60rgmajj21y8t3zhapn0m1] C:\DOCUME~1\ALEX~L~1\LOCALS~1\Temp\b2f7z45dm.exe (User 'Alex~Lucas~Zachary')
O4 - HKUS\S-1-5-21-3405786225-280757992-2748749879-1006\..\Run: [system tool] C:\WINDOWS\sysguard.exe (User 'Alex~Lucas~Zachary')
O4 - HKUS\S-1-5-21-3405786225-280757992-2748749879-1006\..\Run: [c7px2kk2nl1q4mpm7wf3fo7hwavmhu] C:\DOCUME~1\ALEX~L~1\LOCALS~1\Temp\vqwpshtkrz.exe (User 'Alex~Lucas~Zachary')
O4 - HKUS\S-1-5-21-3405786225-280757992-2748749879-1006\..\Run: [phk3m5jddtntqi2] C:\DOCUME~1\ALEX~L~1\LOCALS~1\Temp\qb1x3g8m.exe (User 'Alex~Lucas~Zachary')
O4 - HKUS\S-1-5-21-3405786225-280757992-2748749879-1006\..\RunOnce: [Shockwave Updater] C:\WINDOWS\system32\Adobe\SHOCKW~1\SWHELP~2.EXE -Update -1100465 -"Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 5.1; GTB5; .NET CLR 1.0.3705; .NET CLR 1.1.4322; Media Center PC 4.0; .NET CLR 2.0.50727)" -"http://www.drivearcade.com/playgames/1320/moto-urban-fever.html" (User 'Alex~Lucas~Zachary')
O4 - S-1-5-21-3405786225-280757992-2748749879-1006 Startup: PowerReg Scheduler V3.exe (User 'Alex~Lucas~Zachary')
O4 - S-1-5-21-3405786225-280757992-2748749879-1006 User Startup: PowerReg Scheduler V3.exe (User 'Alex~Lucas~Zachary')
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: Launch Wireless PCI_CardBus utility V1.01.exe.lnk = ?
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O10 - Unknown file in Winsock LSP: c:\windows\system32\nwprovau.dll
O10 - Broken Internet access because of LSP provider 'c:\docume~1\alex~l~1\locals~1\temp\ntdll64.dll' missing
O16 - DPF: {44990301-3C9D-426D-81DF-AAB636FA4345} (Symantec Script Runner Class) - https://www-secure.symantec.com/techsupp/asa/ss/sa/sa_cabs/tgctlsr.cab
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://www.update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1196029020687
O16 - DPF: {D4323BF2-006A-4440-A2F5-27E3E7AB25F8} (Virtools WebPlayer Class) - http://3dlifeplayer.dl.3dvia.com/player/install/installer.exe
O17 - HKLM\System\CS1\Services\Tcpip\Parameters: NameServer = 85.255.112.94,85.255.112.147
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: NameServer = 85.255.112.94,85.255.112.147
O20 - AppInit_DLLs: C:\WINDOWS\system32\davuhano.dll yyzlmx.dll c:\windows\system32\hagatogo.dll
O20 - Winlogon Notify: crypt - crypts.dll (file missing)
O20 - Winlogon Notify: nwdmoihl - skutwek.dll (file missing)
O21 - SSODL: SSODL - {EC43E3FD-5C60-46a6-97D7-E0B85DBDD6C4} - (no file)
O22 - SharedTaskScheduler: jgzfkj9w38rksndfi7r4 - {C5BF49A2-94F3-42BD-F434-3604812C8955} - (no file)
O22 - SharedTaskScheduler: STS - {EC43E3FD-5C60-46a6-97D7-E0B85DBDD6C4} - (no file)
O23 - Service: Acronis Scheduler2 Service (AcrSch2Svc) - Acronis - C:\Program Files\Common Files\Acronis\Schedule2\schedul2.exe
O23 - Service: Automatic LiveUpdate Scheduler - Symantec Corporation - C:\Program Files\Symantec\LiveUpdate\AluSchedulerSvc.exe
O23 - Service: Background Intelligent Transfer Service (BITS) - Unknown owner - C:\WINDOWS\
O23 - Service: Google Updater Service (gusvc) - Unknown owner - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe (file missing)
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe
O23 - Service: LiveUpdate - Symantec Corporation - C:\Program Files\Symantec\LiveUpdate\LuComServer_3_4.EXE
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: SecuROM User Access Service (V7) (UserAccess7) - Unknown owner - C:\WINDOWS\system32\UAService7.exe

--
End of file - 10665 bytes

I ran HJT last night and posted the log (see previous post). I left the system with HJT open and the machine running. This morning I see the following error on screen (even though Windows seems to be running fine):

Windows could not start because the following file is missing or corrupt:
\Minint\SYSTEM32\CONFIG\SYSTEM
You can attempt to repair this file by starting Windows Setup using the original Setup CD-ROM. Select 'r' at the first screen to start repair.

Is your computer able to run at all?

If so, please do the following:

Please re-open HijackThis and scan. Check the boxes next to all the entries listed below.

O1 - Hosts: 195.245.119.131 browser-security.microsoft.com
O2 - BHO: (no name) - {a96bcc63-40fd-402c-9b9f-4909a30d1c38} - (no file)
O2 - BHO: (no name) - {C5BF49A2-94F3-42BD-F434-3604812C8955} - (no file)
O2 - BHO: (no name) - {eeea7df5-983d-4519-a80e-f576b6d6b221} - (no file)
O4 - HKUS\S-1-5-21-3405786225-280757992-2748749879-1006\..\Run: [jsf8uiw3jnjgffght] C:\DOCUME~1\ALEX~L~1\LOCALS~1\Temp\winlognn.exe (User 'Alex~Lucas~Zachary')
O4 - HKUS\S-1-5-21-3405786225-280757992-2748749879-1006\..\Run: [z2m0z66rj1jcdf9luoh] C:\DOCUME~1\ALEX~L~1\LOCALS~1\Temp\itnm86silg.exe (User 'Alex~Lucas~Zachary')
O4 - HKUS\S-1-5-21-3405786225-280757992-2748749879-1006\..\Run: [nt2h43rqwj1rpm9hw0tebbjor7pebssyb7siaud6nr] C:\DOCUME~1\ALEX~L~1\LOCALS~1\Temp\i4pxqur.exe (User 'Alex~Lucas~Zachary')
O4 - HKUS\S-1-5-21-3405786225-280757992-2748749879-1006\..\Run: [b19mn21g0unygi8ctkk9w4oh9af84ek1cx7t] C:\DOCUME~1\ALEX~L~1\LOCALS~1\Temp\rhpkutjmjw.exe (User 'Alex~Lucas~Zachary')
O4 - HKUS\S-1-5-21-3405786225-280757992-2748749879-1006\..\Run: [e9f3p78dpznr3ftgicgqg7z6g9cm876v] C:\DOCUME~1\ALEX~L~1\LOCALS~1\Temp\q0fotu35.exe (User 'Alex~Lucas~Zachary')
O4 - HKUS\S-1-5-21-3405786225-280757992-2748749879-1006\..\Run: [o6xv0aplwwdu7ek22gnf] C:\DOCUME~1\ALEX~L~1\LOCALS~1\Temp\asa98nl2.exe (User 'Alex~Lucas~Zachary')
O4 - HKUS\S-1-5-21-3405786225-280757992-2748749879-1006\..\Run: [ylpqnc0e1gzq3dls7t2jgz7b9eg60rgmajj21y8t3zhapn0m1] C:\DOCUME~1\ALEX~L~1\LOCALS~1\Temp\b2f7z45dm.exe (User 'Alex~Lucas~Zachary')
O4 - HKUS\S-1-5-21-3405786225-280757992-2748749879-1006\..\Run: [system tool] C:\WINDOWS\sysguard.exe (User 'Alex~Lucas~Zachary')
O4 - HKUS\S-1-5-21-3405786225-280757992-2748749879-1006\..\Run: [c7px2kk2nl1q4mpm7wf3fo7hwavmhu] C:\DOCUME~1\ALEX~L~1\LOCALS~1\Temp\vqwpshtkrz.exe (User 'Alex~Lucas~Zachary')
O4 - HKUS\S-1-5-21-3405786225-280757992-2748749879-1006\..\Run: [phk3m5jddtntqi2] C:\DOCUME~1\ALEX~L~1\LOCALS~1\Temp\qb1x3g8m.exe (User 'Alex~Lucas~Zachary')
O17 - HKLM\System\CS1\Services\Tcpip\Parameters: NameServer = 85.255.112.94,85.255.112.147
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: NameServer = 85.255.112.94,85.255.112.147
O20 - AppInit_DLLs: C:\WINDOWS\system32\davuhano.dll yyzlmx.dll c:\windows\system32\hagatogo.dll
O20 - Winlogon Notify: crypt - crypts.dll (file missing)
O20 - Winlogon Notify: nwdmoihl - skutwek.dll (file missing)
O21 - SSODL: SSODL - {EC43E3FD-5C60-46a6-97D7-E0B85DBDD6C4} - (no file)
O22 - SharedTaskScheduler: jgzfkj9w38rksndfi7r4 - {C5BF49A2-94F3-42BD-F434-3604812C8955} - (no file)
O22 - SharedTaskScheduler: STS - {EC43E3FD-5C60-46a6-97D7-E0B85DBDD6C4} - (no file)

Now close all windows other than HijackThis, then click Fix Checked. Close HijackThis.

Please reboot your computer.

Using Windows Explorer (to get there right-click your Start button and go to "Explore"), please delete these files (if present):

C:\WINDOWS\system32\davuhano.dll
c:\windows\system32\hagatogo.dll
c:\windows\system32\yyzlmx.dll
C:\documents and settings\Alex~Lucas~Zachary\local settings\temp\winlognn.exe
C:\documents and settings\Alex~Lucas~Zachary\local settings\temp\itnm86silg.exe
C:\documents and settings\Alex~Lucas~Zachary\local settings\temp\i4pxqur.exe
C:\documents and settings\Alex~Lucas~Zachary\local settings\temp\rhpkutjmjw.exe
C:\documents and settings\Alex~Lucas~Zachary\local settings\temp\q0fotu35.exe
C:\documents and settings\Alex~Lucas~Zachary\local settings\temp\asa98nl2.exe
C:\documents and settings\Alex~Lucas~Zachary\local settings\temp\b2f7z45dm.exe
C:\documents and settings\Alex~Lucas~Zachary\local settings\temp\sysguard.exe
C:\documents and settings\Alex~Lucas~Zachary\local settings\temp\vqwpshtkrz.exe
C:\documents and settings\Alex~Lucas~Zachary\local settings\temp\qb1x3g8m.exe


Please reboot your computer, and post a new HijackThis log here in your next reply.

==

There is some evidence of what may be a very nasty infection.
If the Computer has been used for any important data, you are strongly advised to do the following, immediately:

• Back up all important data on the machine.
  
• If you have ever used this computer for shopping, banking, or any transactions relating to your financial well being:
  
  Call all of your banks, credit card companies, and financial institutions, informing them that you may be a victim of identity theft, and to put a watch on your accounts or change all your account umbers.
  
• From a clean computer, change ALL your online passwords -- for ISP login, email, banks, financial accounts, PayPal, eBay, online companies, and any online forums or groups you belong to.
  
• DO NOT change passwords or do any transactions while using the infected computer because the attacker will get the new password and transaction information.
  
• Take any other steps you think appropriate for an attempted identity theft.

==

If you are able to post the HJT log, go ahead. If not, please let me know.

Followed all of your instructions without incident. Here is the new HJT log:

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 10:06:48 PM, on 11/7/2009
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16608)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Common Files\Acronis\Schedule2\schedul2.exe
C:\Program Files\Symantec\LiveUpdate\AluSchedulerSvc.exe
C:\WINDOWS\eHome\ehRecvr.exe
C:\WINDOWS\eHome\ehSched.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\system32\UAService7.exe
C:\WINDOWS\system32\dllhost.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\ehome\ehtray.exe
C:\WINDOWS\SOUNDMAN.EXE
C:\WINDOWS\eHome\ehmsas.exe
C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe
C:\WINDOWS\system32\RUNDLL32.EXE
C:\Program Files\Java\jre6\bin\jusched.exe
C:\Acer\Empowering Technology\eRecovery\Monitor.exe
C:\Program Files\Acronis\TrueImage\TrueImageMonitor.exe
C:\Program Files\Common Files\Acronis\Schedule2\schedhlp.exe
C:\Program Files\Common Files\InstallShield\UpdateService\isuspm.exe
C:\Program Files\Messenger\msmsgs.exe
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
C:\WINDOWS\system32\winlogon.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://global.acer.com/
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O3 - Toolbar: &Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar.dll
O4 - HKLM\..\Run: [ehTray] C:\WINDOWS\ehome\ehtray.exe
O4 - HKLM\..\Run: [LaunchApp] Alaunch
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [ntiMUI] c:\Program Files\NewTech Infosystems\NTI CD & DVD-Maker 7\ntiMUI.exe
O4 - HKLM\..\Run: [RemoteControl] "C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe"
O4 - HKLM\..\Run: [IMJPMIG8.1] "C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE" /Spoil /RemAdvDef /Migration32
O4 - HKLM\..\Run: [MSPY2002] C:\WINDOWS\system32\IME\PINTLGNT\ImScInst.exe /SYNC
O4 - HKLM\..\Run: [PHIME2002ASync] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /SYNC
O4 - HKLM\..\Run: [PHIME2002A] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /IMEName
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe"
O4 - HKLM\..\Run: [eRecoveryService] C:\Acer\Empowering Technology\eRecovery\Monitor.exe
O4 - HKLM\..\Run: [Acronis True Image Monitor] "C:\Program Files\Acronis\TrueImage\TrueImageMonitor.exe"
O4 - HKLM\..\Run: [Acronis Scheduler2 Service] "C:\Program Files\Common Files\Acronis\Schedule2\schedhlp.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [ISUSPM Startup] "C:\Program Files\Common Files\InstallShield\UpdateService\isuspm.exe" -startup
O4 - HKLM\..\Run: [ISUSScheduler] "C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" -start
O4 - HKLM\..\Run: [ISUSPM] "C:\Program Files\Common Files\InstallShield\UpdateService\isuspm.exe" -scheduler
O4 - HKLM\..\Run: [Framework Windows] frmwrk32.exe
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKUS\S-1-5-21-3405786225-280757992-2748749879-1006\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background (User 'Alex~Lucas~Zachary')
O4 - HKUS\S-1-5-21-3405786225-280757992-2748749879-1006\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe (User 'Alex~Lucas~Zachary')
O4 - HKUS\S-1-5-21-3405786225-280757992-2748749879-1006\..\Run: [skinclock] C:\Program Files\Real Ball\realball.exe.exe (User 'Alex~Lucas~Zachary')
O4 - HKUS\S-1-5-21-3405786225-280757992-2748749879-1006\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe (User 'Alex~Lucas~Zachary')
O4 - HKUS\S-1-5-21-3405786225-280757992-2748749879-1006\..\RunOnce: [Shockwave Updater] C:\WINDOWS\system32\Adobe\SHOCKW~1\SWHELP~2.EXE -Update -1100465 -"Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 5.1; GTB5; .NET CLR 1.0.3705; .NET CLR 1.1.4322; Media Center PC 4.0; .NET CLR 2.0.50727)" -"http://www.drivearcade.com/playgames/1320/moto-urban-fever.html" (User 'Alex~Lucas~Zachary')
O4 - S-1-5-21-3405786225-280757992-2748749879-1006 Startup: PowerReg Scheduler V3.exe (User 'Alex~Lucas~Zachary')
O4 - S-1-5-21-3405786225-280757992-2748749879-1006 User Startup: PowerReg Scheduler V3.exe (User 'Alex~Lucas~Zachary')
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: Launch Wireless PCI_CardBus utility V1.01.exe.lnk = ?
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O10 - Unknown file in Winsock LSP: c:\windows\system32\nwprovau.dll
O10 - Broken Internet access because of LSP provider 'c:\docume~1\alex~l~1\locals~1\temp\ntdll64.dll' missing
O16 - DPF: {44990301-3C9D-426D-81DF-AAB636FA4345} (Symantec Script Runner Class) - https://www-secure.symantec.com/techsupp/asa/ss/sa/sa_cabs/tgctlsr.cab
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://www.update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1196029020687
O16 - DPF: {D4323BF2-006A-4440-A2F5-27E3E7AB25F8} (Virtools WebPlayer Class) - http://3dlifeplayer.dl.3dvia.com/player/install/installer.exe
O23 - Service: Acronis Scheduler2 Service (AcrSch2Svc) - Acronis - C:\Program Files\Common Files\Acronis\Schedule2\schedul2.exe
O23 - Service: Automatic LiveUpdate Scheduler - Symantec Corporation - C:\Program Files\Symantec\LiveUpdate\AluSchedulerSvc.exe
O23 - Service: Background Intelligent Transfer Service (BITS) - Unknown owner - C:\WINDOWS\
O23 - Service: Google Updater Service (gusvc) - Unknown owner - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe (file missing)
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe
O23 - Service: LiveUpdate - Symantec Corporation - C:\Program Files\Symantec\LiveUpdate\LuComServer_3_4.EXE
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: SecuROM User Access Service (V7) (UserAccess7) - Unknown owner - C:\WINDOWS\system32\UAService7.exe

--
End of file - 7832 bytes