System infected screen.....

View previous topic View next topic Go down

System infected screen.....

Post by brittanyn09 on Sat Dec 12, 2009 8:18 pm

Iam having tons of spyware pop ups. My wallpaper to my computer changed into a green background with red writing saying "your system is infected. system has stopped due to a serious malfunction. it is recommended you use spayware removal to prevent data loss & so on." I also have a internet security 2010 pop up that is on my computer some how. I get critical system warning. infected wih trojan spy.html.visfraud.a..... tons of things.. I try download removal tools but my internet goes to some random website everytime i try to click it to download....... Any help would be appriciated very much!



DDS (Ver_09-12-01.01) - NTFSx86
Run by Compaq_Owner at 15:38:39.45 on Sat 12/12/2009
Internet Explorer: 7.0.5730.13
Microsoft Windows XP Home Edition 5.1.2600.3.1252.1.1033.18.446.56 [GMT -5:00]

============== Running Processes ===============
C:\WINDOWS\system32\svchost -k DcomLaunch
svchost.exe
C:\WINDOWS\System32\svchost.exe -k netsvcs
C:\WINDOWS\system32\svchost.exe -k WudfServiceGroup
svchost.exe
svchost.exe
C:\WINDOWS\system32\spoolsv.exe
svchost.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\system32\HPZipm12.exe
C:\WINDOWS\system32\svchost.exe -k imgsvc
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\RTHDCPL.EXE
C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
C:\PROGRA~1\MICROI~1\INTERN~1\KEMailKb.EXE
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe
C:\Program Files\Java\jre6\bin\jusched.exe
C:\WINDOWS\system32\winupdate86.exe
C:\WINDOWS\system32\rundll32.exe
C:\WINDOWS\system32\RUNDLL32.EXE
C:\Program Files\AIM\aim.exe
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\DOCUME~1\COMPAQ~1\LOCALS~1\Temp\spoolsv.exe
C:\Program Files\InternetSecurity2010\IS2010.exe
C:\Program Files\Compaq Connections\5577497\Program\Compaq Connections.exe
C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
C:\Program Files\LimeWire\LimeWire.exe
C:\Program Files\HP\Digital Imaging\bin\hpqSTE08.exe
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\Documents and Settings\Compaq_Owner\Local Settings\Temporary Internet Files\Content.IE5\2GSEX4MB\dds[1].scr
============== Pseudo HJT Report ===============
uStart Page = [You must be registered and logged in to see this link.]
uSearch Page = [You must be registered and logged in to see this link.]
uDefault_Search_URL = [You must be registered and logged in to see this link.]
uSearch Bar = [You must be registered and logged in to see this link.]
uSearchMigratedDefaultURL = [You must be registered and logged in to see this link.]
mStart Page = [You must be registered and logged in to see this link.]
mSearch Bar = [You must be registered and logged in to see this link.]
uInternet Connection Wizard,ShellNext = iexplore
uSearchAssistant = [You must be registered and logged in to see this link.]
uSearchURL,(Default) = [You must be registered and logged in to see this link.]
mSearchAssistant = [You must be registered and logged in to see this link.]
uURLSearchHooks: Yahoo! Toolbar: {ef99bd32-c1fb-11d2-892f-0090271d4f88} - c:\program files\yahoo!\companion\installs\cpn1\yt.dll
mWinlogon: Userinit=c:\windows\system32\winlogon86.exe
BHO: &Yahoo! Toolbar Helper: {02478d38-c3f9-4efb-9b51-7695eca05670} - c:\program files\yahoo!\companion\installs\cpn1\yt.dll
BHO: c:\windows\system32\p6uxq.dll: {c5b24b16-23f2-41ad-f4e4-00abc39c0004} - c:\windows\system32\p6uxq.dll
TB: Yahoo! Toolbar: {ef99bd32-c1fb-11d2-892f-0090271d4f88} - c:\program files\yahoo!\companion\installs\cpn1\yt.dll
TB: Google Toolbar: {2318c2b1-4965-11d4-9b18-009027a5cd4f} - c:\program files\google\google toolbar\GoogleToolbar.dll
TB: {C4069E3A-68F1-403E-B40E-20066696354B} - No File
TB: {4E7BD74F-2B8D-469E-86BD-FD60BB9AAE3A} - No File
uRun: [AIM] c:\program files\aim\aim.exe -cnetwait.odl
uRun: [swg] "c:\program files\google\googletoolbarnotifier\GoogleToolbarNotifier.exe"
uRun: [MsnMsgr] "c:\program files\msn messenger\MsnMsgr.Exe" /background
uRun: [updateMgr] "c:\program files\adobe\acrobat 7.0\reader\AdobeUpdateManager.exe" AcRdB7_0_9 -reboot 1
uRun: [notepad] rundll32.exe c:\docume~1\compaq~1\ntload.dll,_IWMPEvents@0
uRun: [asg984jgkfmgasi8ug98jgkfgfb] c:\docume~1\compaq~1\locals~1\temp\spoolsv.exe
uRun: [Internet Security 2010] c:\program files\internetsecurity2010\IS2010.exe
mRun: [ftutil2] rundll32.exe ftutil2.dll,SetWriteCacheMode
mRun: [RTHDCPL] RTHDCPL.EXE
mRun: [NvCplDaemon] RUNDLL32.EXE c:\windows\system32\NvCpl.dll,NvStartup
mRun: [nwiz] nwiz.exe /install
mRun: [Recguard] c:\windows\sminst\RECGUARD.EXE
mRun: [PCDrProfiler]
mRun: [HPBootOp] "c:\program files\hewlett-packard\hp boot optimizer\HPBootOp.exe" /run
mRun: [HP Software Update] c:\program files\hp\hp software update\HPWuSchd2.exe
mRun: [D-Link Wireless G WDA-1320] c:\program files\d-link\wireless g wda-1320\AirGCFG.exe
mRun: [ANIWZCS2Service] c:\program files\ani\aniwzcs2 service\WZCSLDR2.exe
mRun: [KEMailKb] c:\progra~1\microi~1\intern~1\KEMailKb.EXE
mRun: [!AVG Anti-Spyware] "c:\program files\grisoft\avg anti-spyware 7.5\avgas.exe" /minimized
mRun: [QuickTime Task] "c:\program files\quicktime\qttask.exe" -atboottime
mRun: [SunJavaUpdateSched] "c:\program files\java\jre6\bin\jusched.exe"
mRun: [winupdate86.exe] c:\windows\system32\winupdate86.exe
mRun: [notepad] rundll32.exe c:\windows\system32\notepad.dll,_IWMPEvents@0
mRun: [MsWerr] RUNDLL32.EXE c:\windows\system32\xm1985.dll,w
mRun: [noyemofen] Rundll32.exe "c:\windows\system32\demohajo.dll",a
dRun: [notepad] rundll32.exe c:\docume~1\locals~1\ntload.dll,_IWMPEvents@0
dRun: [ygua8e7yhuiesfha876yfauy8fe] c:\windows\temp\ii05z.exe
dRun: [asg984jgkfmgasi8ug98jgkfgfb] c:\windows\temp\avp.exe
StartupFolder: c:\docume~1\compaq~1\startm~1\programs\startup\limewi~1.lnk - c:\program files\limewire\LimeWire.exe
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\adober~1.lnk - c:\program files\adobe\acrobat 7.0\reader\reader_sl.exe
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\compaq~1.lnk - c:\program files\compaq connections\5577497\program\Compaq Connections.exe
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\hpdigi~1.lnk - c:\program files\hp\digital imaging\bin\hpqtra08.exe
uPolicies-explorer: NoSetActiveDesktop = 1 (0x1)
uPolicies-explorer: NoActiveDesktopChanges = 1 (0x1)
uPolicies-explorer: NoFolderOptions = 1 (0x1)
uPolicies-system: DisableRegistryTools = 1 (0x1)
uPolicies-system: DisableTaskMgr = 1 (0x1)
mPolicies-explorer: NoSetActiveDesktop = 1 (0x1)
mPolicies-explorer: NoActiveDesktopChanges = 1 (0x1)
mPolicies-system: EnableLUA = 0 (0x0)
dPolicies-explorer: NoSetActiveDesktop = 1 (0x1)
dPolicies-explorer: NoActiveDesktopChanges = 1 (0x1)
dPolicies-explorer: NoFolderOptions = 1 (0x1)
dPolicies-system: DisableTaskMgr = 1 (0x1)
dPolicies-system: DisableRegistryTools = 1 (0x1)
IE: {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - c:\program files\aim\aim.exe
IE: {E2D4D26B-0180-43a4-B05F-462D6D54C789} - c:\windows\pchealth\helpctr\vendors\cn=hewlett-packard,l=cupertino,s=ca,c=us\iebutton\support.htm
IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe
IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe
DPF: {02BF25D5-8C17-4B23-BC80-D3488ABDDC6B} - [You must be registered and logged in to see this link.]
DPF: {166B1BCA-3F9C-11CF-8075-444553540000} - [You must be registered and logged in to see this link.]
DPF: {17492023-C23A-453E-A040-C7C580BBF700} - [You must be registered and logged in to see this link.]
DPF: {30528230-99F7-4BB4-88D8-FA1D4F56A2AB} - [You must be registered and logged in to see this link.]
DPF: {48DD0448-9209-4F81-9F6D-D83562940134} - [You must be registered and logged in to see this link.]
DPF: {5ED80217-570B-4DA9-BF44-BE107C0EC166} - [You must be registered and logged in to see this link.]
DPF: {67DABFBF-D0AB-41FA-9C46-CC0F21721616} - [You must be registered and logged in to see this link.]
DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} - [You must be registered and logged in to see this link.]
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - [You must be registered and logged in to see this link.]
DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} - [You must be registered and logged in to see this link.]
DPF: {CAFEEFAC-0016-0000-0017-ABCDEFFEDCBA} - [You must be registered and logged in to see this link.]
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - [You must be registered and logged in to see this link.]
DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} - [You must be registered and logged in to see this link.]
DPF: {D54160C3-DB7B-4534-9B65-190EE4A9C7F7} - [You must be registered and logged in to see this link.]
TCP: {67B4378D-325E-45E7-89D8-999A1440C924} = 193.104.110.38,4.2.2.1,192.168.0.1
TCP: {96025B78-3BE8-4019-A488-A52C2BB18508} = 193.104.110.38,4.2.2.1
Filter: x-sdch - {B1759355-3EEC-4C1E-B0F1-B719FE26E377} - c:\program files\google\google toolbar\component\fastsearch_A8904FB862BD9564.dll
AppInit_DLLs: c:\windows\system32\demohajo.dll fimegovu.dll c:\windows\system32\sesidasu.dll
SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - c:\windows\system32\WPDShServiceObj.dll
SSODL: huveyevat - {eb822ac6-450e-443a-9e7b-9967bc0a3933} - c:\windows\system32\sesidasu.dll
SSODL: zejejugiy - {8db784fe-16a5-43fb-80b2-fd10f9fad23a} - c:\windows\system32\demohajo.dll
STS: c:\windows\system32\p6uxq.dll: {c5b24b16-23f2-41ad-f4e4-00abc39c0004} - c:\windows\system32\p6uxq.dll
STS: kupuhivus: {eb822ac6-450e-443a-9e7b-9967bc0a3933} - c:\windows\system32\sesidasu.dll
STS: mujuzedij: {8db784fe-16a5-43fb-80b2-fd10f9fad23a} - c:\windows\system32\demohajo.dll
SEH: CShellExecuteHookImpl Object: {57b86673-276a-48b2-bae7-c6dbb3020eb8} - c:\program files\grisoft\avg anti-spyware 7.5\shellexecutehook.dll
LSA: Notification Packages = scecli kihufupu.dll
Hosts: 209.44.111.57 alarm-security.microsoft.com
Hosts: 209.44.111.57 inetantivir.com
Hosts: 209.44.111.57 [You must be registered and logged in to see this link.]
============= SERVICES / DRIVERS ===============
R1 AVG Anti-Spyware Driver;AVG Anti-Spyware Driver;c:\program files\grisoft\avg anti-spyware 7.5\guard.sys [2007-5-30 11000]
R1 AvgAsCln;AVG Anti-Spyware Clean Driver;c:\windows\system32\drivers\AvgAsCln.sys [2007-9-12 10872]
R2 AVG Anti-Spyware Guard;AVG Anti-Spyware Guard;c:\program files\grisoft\avg anti-spyware 7.5\guard.exe [2007-5-30 312880]
R3 A3AB;D-Link AirPro 802.11a/b Wireless Adapter Service(A3AB);c:\windows\system32\drivers\A3AB.sys [2005-8-25 466880]
=============== Created Last 30 ================
2009-12-12 18:10:43 529 --sh--w- c:\windows\system32\hemetepe.exe
2009-12-12 17:10:20 0 d-----w- c:\program files\InternetSecurity2010
2009-12-12 06:06:25 57344 ----a-w- c:\windows\system32\xm1985.dll
2009-12-12 06:05:34 21504 ----a-w- c:\windows\system32\winhelper86.dll
2009-12-12 06:05:11 2854 ----a-w- c:\windows\system32\critical_warning.html
2009-12-12 06:05:04 40960 ----a-w- c:\windows\system32\winupdate86.exe
2009-12-12 06:05:04 40960 ----a-w- c:\windows\system32\winlogon86.exe
2009-12-12 06:04:57 40960 ----a-w- C:\waees.exe
2009-12-12 06:04:57 15000 ----a-w- c:\windows\system32\p6uxq.dll
2009-12-12 06:04:56 8704 ----a-w- C:\acad.exe
2009-12-03 21:39:43 0 d-----w- c:\windows\system32\wbem\Repository
2009-11-24 19:39:04 0 d-----w- c:\program files\MSXML 4.0
==================== Find3M ====================
2009-10-28 14:36:11 70656 ----a-w- c:\windows\system32\dllcache\ie4uinit.exe
2009-10-28 14:36:11 13824 ------w- c:\windows\system32\dllcache\ieudinit.exe
2009-10-28 06:54:16 634632 ----a-w- c:\windows\system32\dllcache\iexplore.exe
2009-10-28 06:52:46 161792 ----a-w- c:\windows\system32\dllcache\ieakui.dll
2009-10-21 05:38:36 75776 ----a-w- c:\windows\system32\strmfilt.dll
2009-10-21 05:38:36 75776 ------w- c:\windows\system32\dllcache\strmfilt.dll
2009-10-21 05:38:36 25088 ----a-w- c:\windows\system32\httpapi.dll
2009-10-21 05:38:36 25088 ------w- c:\windows\system32\dllcache\httpapi.dll
2009-10-20 16:20:16 265728 ----a-w- c:\windows\system32\drivers\http.sys
2009-10-20 16:20:16 265728 ------w- c:\windows\system32\dllcache\http.sys
2009-10-13 10:30:16 270336 ----a-w- c:\windows\system32\oakley.dll
2009-10-13 10:30:16 270336 ------w- c:\windows\system32\dllcache\oakley.dll
2009-10-12 13:38:19 149504 ----a-w- c:\windows\system32\rastls.dll
2009-10-12 13:38:19 149504 ------w- c:\windows\system32\dllcache\rastls.dll
2009-10-12 13:38:18 79872 ----a-w- c:\windows\system32\raschap.dll
2009-10-12 13:38:18 79872 ------w- c:\windows\system32\dllcache\raschap.dll
2009-10-11 09:17:27 411368 ----a-w- c:\windows\system32\deploytk.dll
2009-09-27 20:46:55 13343 ----a-w- c:\windows\system32\olivagike.dat
2009-09-27 20:46:55 12324 ----a-w- c:\program files\common files\rywukufy.db
2009-09-27 20:46:54 16561 ----a-w- c:\windows\wegesyqyfi.bin
2009-09-12 06:06:12 92672 --sha-w- c:\windows\system32\demohajo.dll
2009-09-12 06:06:48 53760 --sha-w- c:\windows\system32\fimegovu.dll
2009-09-12 06:06:13 39424 --sha-w- c:\windows\system32\gedesumi.dll
2009-01-14 05:56:56 1549 --sha-w- c:\windows\system32\GroupPolicy000.dat
2009-09-12 06:06:48 53760 --sha-w- c:\windows\system32\kihufupu.dll
2009-09-12 18:10:26 61440 --sha-w- c:\windows\system32\kofusipo.dll
2009-07-17 20:35:14 169984 --sha-w- c:\windows\system32\meyiyezi(2).dll
2009-09-12 06:06:12 53760 --sha-w- c:\windows\system32\midepoba.dll
2009-03-21 14:06:58 28160 --sha-w- c:\windows\system32\notepad.dll
2009-09-12 18:10:27 45568 --sha-w- c:\windows\system32\rejutigo.dll
2009-09-12 18:10:26 92672 --sha-w- c:\windows\system32\sesidasu.dll
2009-09-12 18:10:26 39424 --sha-w- c:\windows\system32\vezipoyo.dll
2009-09-12 06:06:48 53760 --sha-w- c:\windows\system32\wurigepo.dll
2008-12-01 23:17:15 32768 --sha-w- c:\windows\system32\config\systemprofile\local settings\history\history.ie5\mshist012008120120081202\index.dat
============= FINISH: 15:41:16.32 ===============

brittanyn09
Beginner
Beginner

Posts Posts : 3
Joined Joined : 2009-12-12
OS OS : xp
Points Points : 25543
# Likes # Likes : 0

View user profile

Back to top Go down

Re: System infected screen.....

Post by Belahzur on Sat Dec 12, 2009 8:54 pm

Your system is severly infected. Problem with these infections nowadays is, it causes a lot of damage. Even if we clean the malware off your system, I can't guarantee that your system will be clean afterwards, because these infections/bundles leave a lot of leftovers behind that most scanners won't even recognise and logs won't show.
Also, I can't promise you we can repair all the damage it caused... Even after cleaning the malware, you can still get errors afterwards because of the damage. Solving these is not always possible since it will be searching for a needle in a haystack to find the right cause and solution.
So, we can try to clean this up and do what we can, but keep in mind that we can't solve ALL problems this malware already caused.

In light of this it would be wise for you to back up any files and folders that you don't want to lose before we start. Reason I am telling this is because when a system is so terribly infected and we try to clean this up manually, the damage that is already present may interfere with our removal attempts.

Actually, this doesn't suprise me at all...
I notice that you never scanned with an Antivirus previously before starting this thread - because you don't even have an Antivirus installed!
This is somewhat suicidal in today's digital world.
That's why I want you to install one first!!

* Please install Avira Antivirus: [You must be registered and logged in to see this link.]
This is a free Antivirus.

Perform a full scan with Avira and let it delete everything it is finding.
Then reboot.
After reboot, open your Avira and select "reports".
There doubleclick the report from the Full scan you have done. Click the "Report File" button and copy and paste this report in your next reply.
Then we'll start from there, because it really makes no sense otherwise that we clean this up manually if an Antivirusscan is not present which should be able to deal with most and prevent further reinfection.


[You must be registered and logged in to see this link.] - [You must be registered and logged in to see this link.] - Please PM me if I fail to respond within 24hrs.


Belahzur
Administrator
Administrator

Posts Posts : 34916
Joined Joined : 2008-08-03
Gender Gender : Male
OS OS : XP SP3 Media Centre
Points Points : 245069
# Likes # Likes : 1

View user profile

Back to top Go down

Re: System infected screen.....

Post by brittanyn09 on Sat Dec 12, 2009 9:07 pm

Is it possible you could give me the direct link to download? Im on a different computer going back and fourth between them, when i try clickin the link it automatically goes to a different website.

brittanyn09
Beginner
Beginner

Posts Posts : 3
Joined Joined : 2009-12-12
OS OS : xp
Points Points : 25543
# Likes # Likes : 0

View user profile

Back to top Go down

Re: System infected screen.....

Post by brittanyn09 on Sat Dec 12, 2009 11:33 pm

I ran the virus scan and after it rebooted it logged off my account and will not log back in now..... What am I suppost to do? It wont go in safe mode or anything... Basically wont start up. Is my computer done now?

brittanyn09
Beginner
Beginner

Posts Posts : 3
Joined Joined : 2009-12-12
OS OS : xp
Points Points : 25543
# Likes # Likes : 0

View user profile

Back to top Go down

Re: System infected screen.....

Post by Belahzur on Sun Dec 13, 2009 1:54 am

Looks like there is even more hȋdden damage by the malware, I would advise formatting, because at this moment, your machine is only helping the bad guys spread this stuff around.


[You must be registered and logged in to see this link.] - [You must be registered and logged in to see this link.] - Please PM me if I fail to respond within 24hrs.


Belahzur
Administrator
Administrator

Posts Posts : 34916
Joined Joined : 2008-08-03
Gender Gender : Male
OS OS : XP SP3 Media Centre
Points Points : 245069
# Likes # Likes : 1

View user profile

Back to top Go down

View previous topic View next topic Back to top

- Similar topics

 
Permissions in this forum:
You cannot reply to topics in this forum