Big help Pc Been HACK

Yes I have a blue screen in the covering my wall paper telling me

Your computer has several fatal errors due to spyware activity.

an I keep gitting these pop ups telling me to download some things but im not
I tryed uesing HijackThis an im got these logfiles

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 12:30:48 PM, on 9/8/2008
Platform: Windows XP SP1 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\Softex\OmniPass\Omniserv.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Webroot\Spy Sweeper\SpySweeper.exe
C:\Program Files\Softex\OmniPass\OPXPApp.exe
C:\WINDOWS\System32\uesiuqcr.exe
C:\WINDOWS\Explorer.exe
C:\windows\system\hpsysdrv.exe
C:\WINDOWS\System32\hkcmd.exe
C:\HP\KBD\KBD.EXE
C:\Program Files\WildTangent\Apps\GameChannel.exe
C:\WINDOWS\System32\WinAvXX.exe
C:\WINDOWS\System32\igfxtray.exe
C:\Program Files\QuickTime\qttask.exe
C:\Program Files\Webroot\Spy Sweeper\SpySweeperUI.exe
C:\WINDOWS\wt\updater\wcmdmgr.exe
C:\Program Files\Messenger\msmsgs.exe
C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATICEA.EXE
C:\Program Files\America Online 8.0\aoltray.exe
C:\Program Files\Compaq Connections\1940576\Program\BackWeb-1940576.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://qus8.hpwis.com/
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://srch-qus8.hpwis.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://srch-qus8.hpwis.com/
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://store.presario.net/scripts/redirectors/presario/storeredir2.dll?s=oem003&c=2c02&lc=0409
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = localhost;*.local
R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn0\yt.dll
F2 - REG:system.ini: Shell=Explorer.exe C:\WINDOWS\System32\printer.exe
F2 - REG:system.ini: UserInit=C:\WINDOWS\system32\userinit.exe,C:\WINDOWS\System32\uesiuqcr.exe,
O2 - BHO: &Yahoo! Toolbar Helper - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn0\yt.dll
O2 - BHO: getsn32.msiesn - {2D9F1530-0B38-4DCB-A90A-CECD559F3514} - C:\WINDOWS\System32\getsn32.dll
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn0\yt.dll
O4 - HKLM..\Run: [hpsysdrv] c:\windows\system\hpsysdrv.exe
O4 - HKLM..\Run: [HotKeysCmds] C:\WINDOWS\System32\hkcmd.exe
O4 - HKLM..\Run: [KBD] C:\HP\KBD\KBD.EXE
O4 - HKLM..\Run: [StorageGuard] “C:\Program Files\Common Files\Sonic\Update Manager\sgtray.exe” /r
O4 - HKLM..\Run: [TkBellExe] “C:\Program Files\Common Files\Real\Update_OB\realsched.exe” -osboot
O4 - HKLM..\Run: [WT GameChannel] “C:\Program Files\WildTangent\Apps\GameChannel.exe”
O4 - HKLM..\Run: [Recguard] C:\WINDOWS\SMINST\RECGUARD.EXE
O4 - HKLM..\Run: [NvCplDaemon] “RUNDLL32.EXE” C:\WINDOWS\System32\NvCpl.dll,NvStartup
O4 - HKLM..\Run: [nwiz] “nwiz.exe” /installquiet /keeploaded /nodetect
O4 - HKLM..\Run: [AlcxMonitor] ALCXMNTR.EXE
O4 - HKLM..\Run: [Reminder] “C:\Windows\Creator\Remind_XP.exe”
O4 - HKLM..\Run: [PS2] C:\WINDOWS\system32\ps2.exe
O4 - HKLM..\Run: [WinAVX] C:\WINDOWS\System32\WinAvXX.exe
O4 - HKLM..\Run: [IgfxTray] C:\WINDOWS\System32\igfxtray.exe
O4 - HKLM..\Run: [QuickTime Task] “C:\Program Files\QuickTime\qttask.exe” -atboottime
O4 - HKLM..\Run: [hpfsched] C:\WINDOWS\hpfsched.exe
O4 - HKLM..\Run: [wcmdmgr] “C:\WINDOWS\wt\updater\wcmdmgrl.exe” -launch
O4 - HKLM..\Run: [SpySweeper] C:\Program Files\Webroot\Spy Sweeper\SpySweeperUI.exe /startintray
O4 - HKCU..\Run: [NVIEW] “rundll32.exe” nview.dll,nViewLoadHook
O4 - HKCU..\Run: [WinAVX] C:\WINDOWS\System32\WinAvXX.exe
O4 - HKCU..\Run: [MoneyAgent] “C:\Program Files\Microsoft Money\System\mnyexpr.exe”
O4 - HKCU..\Run: [MSMSGS] “C:\Program Files\Messenger\msmsgs.exe” /background
O4 - HKCU..\Run: [EPSON Stylus CX8400 Series] “C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATICEA.EXE” /FU “C:\WINDOWS\TEMP\E_S136.tmp” /EF “HKCU”
O4 - S-1-5-18 Startup: LimeWire On Startup.lnk = C:\Program Files\LimeWire\LimeWire.exe (User ‘SYSTEM’)
O4 - S-1-5-18 Startup: mod_sm.lnk = C:\hp\bin\cloaker.exe (User ‘SYSTEM’)
O4 - S-1-5-18 Startup: MSWin–2146792428.exe (User ‘SYSTEM’)
O4 - S-1-5-18 Startup: spamsubtract.lnk = C:\Program Files\interMute\SpamSubtract\SpamSubtract.exe (User ‘SYSTEM’)
O4 - S-1-5-18 Startup: system.exe (User ‘SYSTEM’)
O4 - S-1-5-18 Startup: wkcalrem.LNK = C:\Program Files\Common Files\Microsoft Shared\Works Shared\WkCalRem.exe (User ‘SYSTEM’)
O4 - .DEFAULT Startup: LimeWire On Startup.lnk = C:\Program Files\LimeWire\LimeWire.exe (User ‘Default user’)
O4 - .DEFAULT Startup: mod_sm.lnk = C:\hp\bin\cloaker.exe (User ‘Default user’)
O4 - .DEFAULT Startup: MSWin–2146792428.exe (User ‘Default user’)
O4 - .DEFAULT Startup: spamsubtract.lnk = C:\Program Files\interMute\SpamSubtract\SpamSubtract.exe (User ‘Default user’)
O4 - .DEFAULT Startup: system.exe (User ‘Default user’)
O4 - .DEFAULT Startup: wkcalrem.LNK = C:\Program Files\Common Files\Microsoft Shared\Works Shared\WkCalRem.exe (User ‘Default user’)
O4 - .DEFAULT User Startup: LimeWire On Startup.lnk = C:\Program Files\LimeWire\LimeWire.exe (User ‘Default user’)
O4 - .DEFAULT User Startup: MSWin–2146792428.exe (User ‘Default user’)
O4 - .DEFAULT User Startup: system.exe (User ‘Default user’)
O4 - Startup: spamsubtract.lnk = C:\Program Files\interMute\SpamSubtract\SpamSubtract.exe
O4 - Startup: system.exe
O4 - Global Startup: America Online 8.0 Tray Icon.lnk = C:\Program Files\America Online 8.0\aoltray.exe
O4 - Global Startup: autorun.exe
O4 - Global Startup: Compaq Connections.lnk = C:\Program Files\Compaq Connections\1940576\Program\BackWeb-1940576.exe
O4 - Global Startup: Quicken Scheduled Updates.lnk = C:\Program Files\Quicken\bagent.exe
O7 - HKCU\Software\Microsoft\Windows\CurrentVersion\Policies\System, DisableRegedit=1
O7 - HKLM\Software\Microsoft\Windows\CurrentVersion\Policies\System, DisableRegedit=1
O9 - Extra button: Related - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\WINDOWS\web\related.htm
O9 - Extra ‘Tools’ menuitem: Show &Related Links - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\WINDOWS\web\related.htm
O9 - Extra button: MoneySide - {E023F504-0C5A-4750-A1E7-A9046DEA8A21} - C:\Program Files\Microsoft Money\System\mnyside.dll
O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll
O16 - DPF: {0CCA191D-13A6-4E29-B746-314DEE697D83} (Facebook Photo Uploader 5) - http://upload.facebook.com/controls/FacebookPhotoUploader5.cab
O16 - DPF: {30528230-99F7-4BB4-88D8-FA1D4F56A2AB} (YInstStarter Class) - http://us.dl1.yimg.com/download.yahoo.com/dl/installs/yinst20040510.cab
O16 - DPF: {48DD0448-9209-4F81-9F6D-D83562940134} (MySpace Uploader Control) - http://lads.myspace.com/upload/MySpaceUploader1006.cab
O23 - Service: ##Id_String1.6844F930_1628_4223_B5CC_5BB94B879762## (Bonjour Service) - Apple Computer, Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe
O23 - Service: NVIDIA Driver Helper Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe
O23 - Service: Softex OmniPass Service (omniserv) - Unknown owner - C:\Program Files\Softex\OmniPass\Omniserv.exe
O23 - Service: Webroot Spy Sweeper Engine (WebrootSpySweeperService) - Webroot Software, Inc. - C:\Program Files\Webroot\Spy Sweeper\SpySweeper.exe


End of file - 8394 bytes

your hjt shows several problems
but before we destroy the evidence

do you have an avast log to post?

please download and update and run MalwareBytes Anti Malware, update
ckeck all baddies
then click
REMOVE CHECKED a backup will be made

Also
rt click the avast ball, click update programs, and update
then rt click the ball and schedule a boot time scan
reboot run the scan
send any baddies to the Chest do not remove/delete

What Firewall?

please post the AVAST scan logs, the MBAM log and then rerun HJT and post a fresh log
possibly some of the baddies will be gone
and this way their friends will be gone also

You could also run a Spybot Search and Destroy scan and/or a Super Anti Spyware Scan
please quarantine do not remove/delete any hits
while you are at the Malware Bytes site another tool they have is Rogue Remover- always worth a shot

these three scanners are handy to have around
and they will help tell the extent of the infestation

We’ll look at the new HJT in detail and go from there

:slight_smile: Hi :

Using Limewire and Wild Tangent is a prescription for disaster . As to your
current problem I recommend you run a “Full Scan” of the FREE Version of
“SUPERAntiSpyware” from www.superantispyware.com AND/OR the “Free”
Ver of “Malwarebytes’ Anti-Malware”, most easily downloaded from
www.malwarebytes.org/mbam.php to see IF they resolve your problem !?

ok I ran the update but when I hit full scan it do it but then the hole screen go white is it still scaning or did it fress?

I will try to help you as best as I can, which program did you update and run? most likely the desktop changing from the desktop hijacker background to a white screen is the Malware being detected and removed.

Yes- we do need to know which program (s) did or did not RUN and detailed results- if any

If you cannot get MBAM or SAS - Great suggestions by the Way- Use the links provided by Spiritsongs
or Avast to run …

The Avast Boot time scan
It should run as nothing else is running- unless a baddie damaged it- which is possible-
so try it then try one of the others (again)

we may have to kill with HJT first
problem is if they have a hidden reinstaller or rootkit the reboot after HJT can reinfect
then we have to use plan B

It’s much easier if we can knock out as much as possible with the free scanners

Wild tangent should not kill your system
I have NOT looked at your HJT in detail but will if the scanners will not run

another way to tackle this is to run one of the “on line” scans
Panda, Bit Defender, Dr Web Cure it is also a handy scan
I usually use Kaspersky but with your case I’d run one that actually fixes things rather than one that just identifies problems

I am sorry about that I just had to hold on a sec maby 10m tell it keep goning its scaning fine now.

Great news
Patience
any questions ask first
ah…
What is It? (as in it is scanning fine now)
or Which It? :slight_smile:

yea its scaning now an its still goning an to think ill be done by now I dont have alot of things on here.

ok its done scaning im seeing all these things called trojan.fake.alert
do I hit remove selected? :slight_smile:

for got to say also I have oneAdware.purity scan
and one trojan.downloader.

Halosnake
you have not said WHICH scanner you are scanning with
gimme a break pal
whatever it is we want you to quarantine/ move to chest/ move to vault not
Remove/Delete

NOW if you ARE scanning with MBAM then
put a checkmark next to everything bad
this requires you to sorta look them over and not nuke your modem driver, internet connection (etc)
then click REMOVE CHECKED- or remove selected whatever
(this is the exception to the do not remove warning above)
MBAM will make a backup just in case you do nuke something essential you can restore it
MBAM should get most of trojan fake alert
post the log

then try the avast boot time scan again

with mbam you can use the quick scan next time :slight_smile:
new version 1.27 out do not use 1.26 again