I've been fighting with my computer for the last week. I was downloading some mp3's off of Limewire. I clicked on one to open it up and all of a sudden I started getting all these pop ups. When I clicked them all off I noticed that my wallpaper was gone and replaced with a blueish green background with something on it that said I was infected with spyware. Whenever I'd try to replace it with my usual wallpaper it would always come back. I decided to just dump my hard drive and start over. This didn't work. I bought a brand new hard drive and installed it and that didn't work. I downloaded AVG, Ad Aware, and Spy Bot and managed to get my computer working better, but I can still tell that it's not working as smooth as it should be. From time to time when I run scans with AVG, and Ad Aware it picks up Trojan generic10. I clean them up and everything is fine, but then I'll notice things aren't quite right and run another scan and there it is again.
When I first started running Spybot it would show Virtumonde, Virtumonde.dll, Smithfraud,wwwcoolsearches, and other things. At first I'd be able to get rid of them. I'd run another scan a little later and they'd be back, but I'd be able to get rid of them again. Now if I run a scan and try to get rid of them the program will freeze and become non responsive.

I ran hijackthis and here's what it came up with:

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\System32\hkcmd.exe
C:\WINDOWS\GWMDMMSG.exe
C:\WINDOWS\CYB2K.EXE
C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe
C:\Program Files\Starfield\Desktop Notifier\wben.exe
C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
C:\WINDOWS\System32\NMSSvc.exe
C:\Program Files\Common Files\Lanovation\PrismXL\PRISMXL.SYS
C:\WINDOWS\System32\svchost.exe
C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
C:\WINDOWS\system32\MsPMSPSv.exe
C:\PROGRA~1\AVG\AVG8\avgam.exe
C:\PROGRA~1\AVG\AVG8\avgrsx.exe
C:\Program Files\HP\Digital Imaging\bin\hpqgalry.exe
C:\PROGRA~1\AVG\AVG8\avgemc.exe
C:\Program Files\Messenger\msmsgs.exe
C:\WINDOWS\system32\wscntfy.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\PROGRA~1\AVG\AVG8\avgnsx.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.gatewaybiz.com
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.gatewaybiz.com
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://www.gatewaybiz.com/
F2 - REG:system.ini: UserInit=C:\WINDOWS\system32\userinit.exe,C:\WINDOWS\system32\iftuyszv.exe,
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx
O2 - BHO: (no name) - {0F77BF8C-A591-4922-93B0-F7D3785D6120} - C:\WINDOWS\system32\cbXnMdcD.dll (file missing)
O2 - BHO: (no name) - {189CFEAD-DD80-4D54-9397-58AA7B96D4D4} - C:\WINDOWS\system32\vtUomJDt.dll (file missing)
O2 - BHO: (no name) - {19AB6B8A-9BB8-4895-A059-2BBB6641BE15} - (no file)
O2 - BHO: (no name) - {21CA0CBC-B9EA-45FA-9FC1-33BD13ECC0EE} - (no file)
O2 - BHO: (no name) - {23D95A2D-8B94-47CC-BE46-8D21B4F7E5CE} - (no file)
O2 - BHO: (no name) - {3055C21B-9E0C-43D0-801C-CA281C423731} - (no file)
O2 - BHO: (no name) - {393D097B-570F-455F-94AC-183373D073C8} - C:\WINDOWS\system32\vtUnNHxu.dll
O2 - BHO: (no name) - {46da881d-f2a5-4f57-b276-9d6a56e37ed0} - (no file)
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
O2 - BHO: (no name) - {6f16e0bc-e5fb-4561-955d-a9776d6f0543} - (no file)
O2 - BHO: (no name) - {79F9DCD5-4560-4ED1-8A55-2EEE1B33D084} - (no file)
O2 - BHO: (no name) - {8DA564B0-B007-4D6A-9920-976CE9C9B06F} - C:\WINDOWS\system32\opnkljgF.dll (file missing)
O2 - BHO: (no name) - {9E4DEF24-CD05-43ED-A1B3-D179C46B1F06} - (no file)
O2 - BHO: (no name) - {9F54480D-0A80-410D-9050-47E70DF22587} - (no file)
O2 - BHO: (no name) - {A8D259CB-A888-4DAF-96DF-609E100EB4D6} - (no file)
O2 - BHO: (no name) - {C3132078-E3B0-4250-9E13-686A94E1402B} - C:\WINDOWS\system32\ssqRHBUN.dll (file missing)
O2 - BHO: (no name) - {F44F6322-0355-4CB2-AC2B-ACB0B9FF8095} - (no file)
O3 - Toolbar: (no name) - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - (no file)
O4 - HKLM\..\Run: [IgfxTray] C:\WINDOWS\System32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\System32\hkcmd.exe
O4 - HKLM\..\Run: [GWMDMMSG] GWMDMMSG.exe
O4 - HKLM\..\Run: [GWMDMpi] C:\WINDOWS\GWMDMpi.exe
O4 - HKLM\..\Run: [C2K] C:\WINDOWS\CYB2K.EXE
O4 - HKLM\..\Run: [RoxioEngineUtility] "C:\Program Files\Common Files\Roxio Shared\System\EngUtil.exe"
O4 - HKLM\..\Run: [5d4829b7] rundll32.exe "C:\WINDOWS\system32\ornnmprv.dll",b
O4 - HKLM\..\Run: [BM5e7b1a2b] Rundll32.exe "C:\WINDOWS\system32\anawpdfn.dll",s
O4 - HKLM\..\Run: [HP Software Update] "C:\Program Files\HP\HP Software Update\HPWuSchd2.exe"
O4 - HKLM\..\Run: [MSConfig] C:\WINDOWS\PCHealth\HelpCtr\Binaries\MSConfig.exe /auto
O4 - HKLM\..\RunOnce: [Spybot - Search & Destroy] "C:\Program Files\Spybot - Search & Destroy\SpybotSD.exe" /autocheck
O4 - HKCU\..\Run: [wben] "C:\Program Files\Starfield\Desktop Notifier\wben.exe"
O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
O4 - Global Startup: HP Image Zone Fast Start.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqthb08.exe
O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\System32\Shdocvw.dll
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search && Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll
O18 - Protocol: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files\AVG\AVG8\avgpp.dll
O20 - AppInit_DLLs: avgrsstx.dll
O20 - Winlogon Notify: vtUnNHxu - C:\WINDOWS\SYSTEM32\vtUnNHxu.dll
O23 - Service: Lavasoft Ad-Aware Service (aawservice) - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe
O23 - Service: AVG8 E-mail Scanner (avg8emc) - AVG Technologies CZ, s.r.o. - C:\PROGRA~1\AVG\AVG8\avgemc.exe
O23 - Service: AVG8 WatchDog (avg8wd) - AVG Technologies CZ, s.r.o. - C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe
O23 - Service: MsSecurity Updated (MsSecurity1.209.4) - Unknown owner - C:\WINDOWS\444.470.exe (file missing)
O23 - Service: Intel(R) NMS (NMSSvc) - Intel Corporation - C:\WINDOWS\System32\NMSSvc.exe
O23 - Service: PictureTaker - LANovation - C:\WINDOWS\System32\PCTKRNT.SYS
O23 - Service: Plug and Play (RPC) (PlugPlayRPC) - Unknown owner - C:\WINDOWS\portsv.exe (file missing)
O23 - Service: PrismXL - Lanovation - C:\Program Files\Common Files\Lanovation\PrismXL\PRISMXL.SYS

Hi

Please uninstall Spybot for now to make sure TeaTimer won't interfere fixing. You may reinstall it after system is clean :)

1. Download combofix from any of these links and save it to Desktop:
Link 1 (http://download.bleepingcomputer.com/sUBs/ComboFix.exe)
Link 2 (http://www.forospyware.com/sUBs/ComboFix.exe)
Link 3 (http://subs.geekstogo.com/ComboFix.exe)

**Note: It is important that it is saved directly to your desktop**

2. Double click combofix.exe & follow the prompts.
3. When finished, it shall produce a log for you (C:\ComboFix.txt). Post that log & a fresh hjt log in your next reply

Note:
Do not mouseclick combofix's window whilst it's running. That may cause it to stall

Combofix should never take more that 20 minutes including the reboot if malware is detected.
If it does, open Task Manager then Processes tab (press ctrl, alt and del at the same time) and end any processes of findstr, find, sed or swreg, then combofix should continue.
If that happened we want to know, and also what process you had to end.

If you have problems with Combofix usage, see here (http://www.bleepingcomputer.com/combofix/how-to-use-combofix)

Due to inactivity, this thread will now be closed.

Note:If it has been five days or more since your last post, and the helper assisting you posted a response to that post to which you did not reply, your topic will not be reopened. At that point, if you still require help, please start a new topic and include a fresh HijackThis log and a link to your previous thread.

If it has been less than five days since your last response and you need the thread re-opened, please send me or MOD a private message (pm). A valid, working link to the closed topic is required.