Yes I have a blue screen in the covering my wall paper telling me
Your computer has several fatal errors due to spyware activity.
an I keep gitting these pop ups telling me to download some things but im not
I tryed uesing HijackThis an im got these logfiles
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 12:30:48 PM, on 9/8/2008
Platform: Windows XP SP1 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)
Boot mode: Normal
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\Softex\OmniPass\Omniserv.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Webroot\Spy Sweeper\SpySweeper.exe
C:\Program Files\Softex\OmniPass\OPXPApp.exe
C:\WINDOWS\System32\uesiuqcr.exe
C:\WINDOWS\Explorer.exe
C:\windows\system\hpsysdrv.exe
C:\WINDOWS\System32\hkcmd.exe
C:\HP\KBD\KBD.EXE
C:\Program Files\WildTangent\Apps\GameChannel.exe
C:\WINDOWS\System32\WinAvXX.exe
C:\WINDOWS\System32\igfxtray.exe
C:\Program Files\QuickTime\qttask.exe
C:\Program Files\Webroot\Spy Sweeper\SpySweeperUI.exe
C:\WINDOWS\wt\updater\wcmdmgr.exe
C:\Program Files\Messenger\msmsgs.exe
C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATICEA.EXE
C:\Program Files\America Online 8.0\aoltray.exe
C:\Program Files\Compaq Connections\1940576\Program\BackWeb-1940576.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://qus8.hpwis.com/
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://srch-qus8.hpwis.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://srch-qus8.hpwis.com/
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://store.presario.net/scripts/redirectors/presario/storeredir2.dll?s=oem003&c=2c02&lc=0409
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = localhost;*.local
R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn0\yt.dll
F2 - REG:system.ini: Shell=Explorer.exe C:\WINDOWS\System32\printer.exe
F2 - REG:system.ini: UserInit=C:\WINDOWS\system32\userinit.exe,C:\WINDOWS\System32\uesiuqcr.exe,
O2 - BHO: &Yahoo! Toolbar Helper - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn0\yt.dll
O2 - BHO: getsn32.msiesn - {2D9F1530-0B38-4DCB-A90A-CECD559F3514} - C:\WINDOWS\System32\getsn32.dll
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn0\yt.dll
O4 - HKLM..\Run: [hpsysdrv] c:\windows\system\hpsysdrv.exe
O4 - HKLM..\Run: [HotKeysCmds] C:\WINDOWS\System32\hkcmd.exe
O4 - HKLM..\Run: [KBD] C:\HP\KBD\KBD.EXE
O4 - HKLM..\Run: [StorageGuard] “C:\Program Files\Common Files\Sonic\Update Manager\sgtray.exe” /r
O4 - HKLM..\Run: [TkBellExe] “C:\Program Files\Common Files\Real\Update_OB\realsched.exe” -osboot
O4 - HKLM..\Run: [WT GameChannel] “C:\Program Files\WildTangent\Apps\GameChannel.exe”
O4 - HKLM..\Run: [Recguard] C:\WINDOWS\SMINST\RECGUARD.EXE
O4 - HKLM..\Run: [NvCplDaemon] “RUNDLL32.EXE” C:\WINDOWS\System32\NvCpl.dll,NvStartup
O4 - HKLM..\Run: [nwiz] “nwiz.exe” /installquiet /keeploaded /nodetect
O4 - HKLM..\Run: [AlcxMonitor] ALCXMNTR.EXE
O4 - HKLM..\Run: [Reminder] “C:\Windows\Creator\Remind_XP.exe”
O4 - HKLM..\Run: [PS2] C:\WINDOWS\system32\ps2.exe
O4 - HKLM..\Run: [WinAVX] C:\WINDOWS\System32\WinAvXX.exe
O4 - HKLM..\Run: [IgfxTray] C:\WINDOWS\System32\igfxtray.exe
O4 - HKLM..\Run: [QuickTime Task] “C:\Program Files\QuickTime\qttask.exe” -atboottime
O4 - HKLM..\Run: [hpfsched] C:\WINDOWS\hpfsched.exe
O4 - HKLM..\Run: [wcmdmgr] “C:\WINDOWS\wt\updater\wcmdmgrl.exe” -launch
O4 - HKLM..\Run: [SpySweeper] C:\Program Files\Webroot\Spy Sweeper\SpySweeperUI.exe /startintray
O4 - HKCU..\Run: [NVIEW] “rundll32.exe” nview.dll,nViewLoadHook
O4 - HKCU..\Run: [WinAVX] C:\WINDOWS\System32\WinAvXX.exe
O4 - HKCU..\Run: [MoneyAgent] “C:\Program Files\Microsoft Money\System\mnyexpr.exe”
O4 - HKCU..\Run: [MSMSGS] “C:\Program Files\Messenger\msmsgs.exe” /background
O4 - HKCU..\Run: [EPSON Stylus CX8400 Series] “C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATICEA.EXE” /FU “C:\WINDOWS\TEMP\E_S136.tmp” /EF “HKCU”
O4 - S-1-5-18 Startup: LimeWire On Startup.lnk = C:\Program Files\LimeWire\LimeWire.exe (User ‘SYSTEM’)
O4 - S-1-5-18 Startup: mod_sm.lnk = C:\hp\bin\cloaker.exe (User ‘SYSTEM’)
O4 - S-1-5-18 Startup: MSWin–2146792428.exe (User ‘SYSTEM’)
O4 - S-1-5-18 Startup: spamsubtract.lnk = C:\Program Files\interMute\SpamSubtract\SpamSubtract.exe (User ‘SYSTEM’)
O4 - S-1-5-18 Startup: system.exe (User ‘SYSTEM’)
O4 - S-1-5-18 Startup: wkcalrem.LNK = C:\Program Files\Common Files\Microsoft Shared\Works Shared\WkCalRem.exe (User ‘SYSTEM’)
O4 - .DEFAULT Startup: LimeWire On Startup.lnk = C:\Program Files\LimeWire\LimeWire.exe (User ‘Default user’)
O4 - .DEFAULT Startup: mod_sm.lnk = C:\hp\bin\cloaker.exe (User ‘Default user’)
O4 - .DEFAULT Startup: MSWin–2146792428.exe (User ‘Default user’)
O4 - .DEFAULT Startup: spamsubtract.lnk = C:\Program Files\interMute\SpamSubtract\SpamSubtract.exe (User ‘Default user’)
O4 - .DEFAULT Startup: system.exe (User ‘Default user’)
O4 - .DEFAULT Startup: wkcalrem.LNK = C:\Program Files\Common Files\Microsoft Shared\Works Shared\WkCalRem.exe (User ‘Default user’)
O4 - .DEFAULT User Startup: LimeWire On Startup.lnk = C:\Program Files\LimeWire\LimeWire.exe (User ‘Default user’)
O4 - .DEFAULT User Startup: MSWin–2146792428.exe (User ‘Default user’)
O4 - .DEFAULT User Startup: system.exe (User ‘Default user’)
O4 - Startup: spamsubtract.lnk = C:\Program Files\interMute\SpamSubtract\SpamSubtract.exe
O4 - Startup: system.exe
O4 - Global Startup: America Online 8.0 Tray Icon.lnk = C:\Program Files\America Online 8.0\aoltray.exe
O4 - Global Startup: autorun.exe
O4 - Global Startup: Compaq Connections.lnk = C:\Program Files\Compaq Connections\1940576\Program\BackWeb-1940576.exe
O4 - Global Startup: Quicken Scheduled Updates.lnk = C:\Program Files\Quicken\bagent.exe
O7 - HKCU\Software\Microsoft\Windows\CurrentVersion\Policies\System, DisableRegedit=1
O7 - HKLM\Software\Microsoft\Windows\CurrentVersion\Policies\System, DisableRegedit=1
O9 - Extra button: Related - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\WINDOWS\web\related.htm
O9 - Extra ‘Tools’ menuitem: Show &Related Links - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\WINDOWS\web\related.htm
O9 - Extra button: MoneySide - {E023F504-0C5A-4750-A1E7-A9046DEA8A21} - C:\Program Files\Microsoft Money\System\mnyside.dll
O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll
O16 - DPF: {0CCA191D-13A6-4E29-B746-314DEE697D83} (Facebook Photo Uploader 5) - http://upload.facebook.com/controls/FacebookPhotoUploader5.cab
O16 - DPF: {30528230-99F7-4BB4-88D8-FA1D4F56A2AB} (YInstStarter Class) - http://us.dl1.yimg.com/download.yahoo.com/dl/installs/yinst20040510.cab
O16 - DPF: {48DD0448-9209-4F81-9F6D-D83562940134} (MySpace Uploader Control) - http://lads.myspace.com/upload/MySpaceUploader1006.cab
O23 - Service: ##Id_String1.6844F930_1628_4223_B5CC_5BB94B879762## (Bonjour Service) - Apple Computer, Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe
O23 - Service: NVIDIA Driver Helper Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe
O23 - Service: Softex OmniPass Service (omniserv) - Unknown owner - C:\Program Files\Softex\OmniPass\Omniserv.exe
O23 - Service: Webroot Spy Sweeper Engine (WebrootSpySweeperService) - Webroot Software, Inc. - C:\Program Files\Webroot\Spy Sweeper\SpySweeper.exe
–
End of file - 8394 bytes