Virus on Windows7

Hey guys,

I seem to have a virus that won't go away and isn't detected by any of the scanners I have tried (AVG, Nod32, McAfee and a bunch of anti-malware things like S&D, AdAware etc)

What it seems to do is add a bunch of files to my Documents folder, add a locked Documents and Settings folder in C: and D: drives, replace or add shortcuts to all the usual places like (in the my documents folder):

My Music
My Pictures
My Documents
My Videos

etc etc.

By locked I mean it goes over each folder and applies an 'Everyone' security permission, not allowing or denying anything - so I have to go through manually and reset that.

It also adds the following files in this folder - *:\Documents and Settings\*USER*:

ntuser.dat
ntuser.dat.LOG1
ntuser.dat.LOG2
ntuser.dat{4eb2ce50-ab28-11de-9e5c-00221599bc5d}.TM.blf
ntuser.dat{4eb2ce50-ab28-11de-9e5c-00221599bc5d}.TMContainer00000000000000000001.regtrans-ms
ntuser.dat{4eb2ce50-ab28-11de-9e5c-00221599bc5d}.TMContainer00000000000000000002.regtrans-ms
ntuser.ini

I'm not sure if this is something I particularly need to worry about, and a previous system restore did get rid of everything (for about an hour, I'm guessing either when Windows Search or Nod32 went over a file it did it's magic again)
Although, the reason I formatted this system in the first place was that it had come to a crawl and had a lot of popups appearing... Either this Virus is just a little bit annoying, or it downloads more files and hides itself everywhere.

HijackThis Log:

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 6:15:45 p.m., on 29/09/2009
Platform: Unknown Windows (WinNT 6.01.3504)
MSIE: Internet Explorer v8.00 (8.00.7600.16385)
Boot mode: Normal

Running processes:
C:\Windows\system32\Dwm.exe
C:\Windows\system32\taskeng.exe
C:\Windows\Explorer.EXE
C:\Program Files\ASUS\EPU-6 Engine\SixEngine.exe
C:\Windows\system32\taskhost.exe
C:\Program Files\ASUS\AI Suite\AiNap\AiNap.exe
C:\Program Files\ASUS\AI Suite\QFan3\QFanHelp.exe
C:\Program Files\ESET\ESET NOD32 Antivirus\egui.exe
C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\MOM.exe
C:\Program Files\ClamWin\bin\ClamTray.exe
C:\Program Files\DAEMON Tools Lite\daemon.exe
C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CCC.exe
C:\Windows\system32\wuauclt.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Windows\system32\SearchFilterHost.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
O4 - HKLM\..\Run: [StartCCC] "C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" MSRun
O4 - HKLM\..\Run: [Ai Nap] "C:\Program Files\ASUS\AI Suite\AiNap\AiNap.exe"
O4 - HKLM\..\Run: [QFan Help] "C:\Program Files\ASUS\AI Suite\QFan3\QFanHelp.exe"
O4 - HKLM\..\Run: [Cpu Level Up help] "C:\Program Files\ASUS\AI Suite\CpuLevelUpHelp.exe"
O4 - HKLM\..\Run: [egui] "C:\Program Files\ESET\ESET NOD32 Antivirus\egui.exe" /hide /waitservice
O4 - HKLM\..\Run: [ClamWin] "C:\Program Files\ClamWin\bin\ClamTray.exe" --logon
O4 - HKCU\..\Run: [DAEMON Tools Lite] "C:\Program Files\DAEMON Tools Lite\daemon.exe" -autorun
O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-19\..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-20\..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (User 'NETWORK SERVICE')
O13 - Gopher Prefix:
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
O23 - Service: AMD External Events Utility - AMD - C:\Windows\system32\atiesrxx.exe
O23 - Service: ASUS System Control Service (AsSysCtrlService) - Unknown owner - C:\Program Files\ASUS\AsSysCtrlService\1.00.02\AsSysCtrlService.exe
O23 - Service: ESET HTTP Server (EhttpSrv) - ESET - C:\Program Files\ESET\ESET NOD32 Antivirus\EHttpSrv.exe
O23 - Service: ESET Service (ekrn) - ESET - C:\Program Files\ESET\ESET NOD32 Antivirus\ekrn.exe

--
End of file - 3546 bytes

I'm reasonably experienced with Windows systems and getting rid of malware, but this one I just can't track down - I don't want to wipe all my drives either. If anyone can let me know what the hell it is so I can start looking for ways to get rid of it that would? be awesome!

If theres any more information you need please let me know!

Regards,
JC

zerobit

Regs

zerobit

Ragnor

zerobit

Batman

zerobit