Your system is infected! please help

Hi, i woke this morning to a blue screen YOUR SYSTEM IS INFECTED! in red writing with the message ' system has been stopped due to a serious malfunction spyware activity has been detected, its recommended that you use spyware removal tool to prevent data loss, do not use your computer before all spyware is removed. please help
Thanks in advance

Please help GP it keeps popping up windows will now download antispyware tools to prevent data lose windows will now install the most up to date antispyware for you.
Should i do this???

Potential hazard (TROJANSPM/LX)

i ran hi-jack as this is what i was told to do before, so this is it, can anyone help?
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Internet Explorer\iexplore.exe
C:\Documents and Settings\Administrator\Local Settings\Temporary Internet Files\Content.IE5\CBYFA32J\winlogon[1].scr

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page =
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
R3 - Default URLSearchHook is missing
O1 - Hosts: 92.63.97.167 www.postbank.de
O1 - Hosts: 92.63.97.167 postbank.de
O1 - Hosts: 92.63.97.167 banking.postbank.de
O1 - Hosts: 92.63.97.167 direkt.postbank.de
O1 - Hosts: 92.63.97.167 www.smile.co.uk
O1 - Hosts: 92.63.97.167 smile.co.uk
O1 - Hosts: 92.63.97.167 cahoot.com
O1 - Hosts: 92.63.97.167 www.cahoot.com
O1 - Hosts: 92.63.97.167 www.cahoot.co.uk
O1 - Hosts: 92.63.97.167 cahoot.co.uk
O1 - Hosts: 92.63.97.167 www.co-operativebank.co.uk
O1 - Hosts: 92.63.97.167 co-operativebank.co.uk
O1 - Hosts: 92.63.97.167 www.co-operativebank.com
O1 - Hosts: 92.63.97.167 co-operativebank.com
O1 - Hosts: 92.63.97.167 personal.barclays.co.uk
O1 - Hosts: 92.63.97.167 barclays.co.uk
O1 - Hosts: 92.63.97.167 ibank.barclays.co.uk
O1 - Hosts: 92.63.97.167 www.barclays.co.uk
O1 - Hosts: 92.63.97.167 barclays.touchclarity.com
O1 - Hosts: 92.63.97.167 hsbc.co.uk
O1 - Hosts: 92.63.97.167 www.hsbc.co.uk
O1 - Hosts: 92.63.97.167 hsbc.touchclarity.com
O1 - Hosts: 92.63.97.167 www1.member-hsbc-group.com
O1 - Hosts: 92.63.97.167 lloydstsb.co.uk
O1 - Hosts: 92.63.97.167 www.lloydstsb.co.uk
O1 - Hosts: 92.63.97.167 lloydstsb.com
O1 - Hosts: 92.63.97.167 www.lloydstsb.com
O1 - Hosts: 92.63.97.167 mi.lloydstsb.com
O1 - Hosts: 92.63.97.167 www.woolwich.co.uk
O1 - Hosts: 92.63.97.167 woolwich.co.uk
O1 - Hosts: 92.63.97.167 www.deutsche-bank.de
O1 - Hosts: 92.63.97.167 deutsche-bank.de
O1 - Hosts: 92.63.97.167 meine.deutsche-bank.de
O1 - Hosts: 92.63.97.167 www.anbusiness.com
O1 - Hosts: 92.63.97.167 anbusiness.com
O1 - Hosts: 92.63.97.167 www.abbeyinternational.com
O1 - Hosts: 92.63.97.167 www.barclays.com
O1 - Hosts: 92.63.97.167 barclays.com
O1 - Hosts: 92.63.97.167 ibank.internationalbanking.barclays.com
O1 - Hosts: 92.63.97.167 offshore.hsbc.com
O1 - Hosts: 92.63.97.167 www.lloydstsb-offshore.com
O1 - Hosts: 92.63.97.167 lloydstsb-offshore.com
O1 - Hosts: 92.63.97.167 citibank.de
O1 - Hosts: 92.63.97.167 www.citibank.de
O1 - Hosts: 92.63.97.167 www.natwest.com
O1 - Hosts: 92.63.97.167 natwest.com
O1 - Hosts: 92.63.97.167 www.nwolb.com
O1 - Hosts: 92.63.97.167 nwolb.com
O1 - Hosts: 92.63.97.167 rbs.co.uk
O1 - Hosts: 92.63.97.167 www.rbs.co.uk
O1 - Hosts: 92.63.97.167 www.rbsdigital.com
O1 - Hosts: 92.63.97.167 rbsdigital.com
O1 - Hosts: 92.63.97.167 www.ybonline.co.uk
O1 - Hosts: 92.63.97.167 ybonline.co.uk
O2 - BHO: ToggleEN Toolbar - {038cb5c7-48ea-4af9-94e0-a1646542e62b} - C:\Program Files\ToggleEN\tbTog0.dll
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.2.4204.1700\swg.dll
O2 - BHO: Google Dictionary Compression sdch - {C84D72FE-E17D-4195-BB24-76C02E2E7C4E} - C:\Program Files\Google\Google Toolbar\Component\fastsearch_B7C5AC242193BB3E.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O3 - Toolbar: ToggleEN Toolbar - {038cb5c7-48ea-4af9-94e0-a1646542e62b} - C:\Program Files\ToggleEN\tbTog0.dll
O3 - Toolbar: Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll
O4 - HKLM\..\Run: [IgfxTray] C:\WINDOWS\System32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\System32\hkcmd.exe
O4 - HKLM\..\Run: [Persistence] C:\WINDOWS\System32\igfxpers.exe
O4 - HKLM\..\Run: [Smapp] C:\Program Files\Analog Devices\SoundMAX\SMTray.exe
O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
O4 - HKLM\..\Run: [TalkTalk] "C:\Program Files\TalkTalk\bin\sprtcmd.exe" /P TalkTalk
O4 - HKLM\..\Run: [NovaBackup 7 Tray Control] "C:\Program Files\StompSoft\PC BackUp\NbkCtrl.exe"
O4 - HKLM\..\Run: [Google Quick Search Box] "C:\Program Files\Google\Quick Search Box\GoogleQuickSearchBox.exe" /autorun
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [Sony Ericsson PC Suite] "C:\Program Files\Sony Ericsson\Mobile2\Application Launcher\Application Launcher.exe" /startoptions
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe"
O4 - HKLM\..\Run: [Microsoft Network Services Controller] C:\WINDOWS\system32\mmsvc32.exe
O4 - HKLM\..\Run: [winupdate.exe] C:\WINDOWS\system32\winupdate.exe
O4 - HKLM\..\RunOnce: [Malwarebytes' Anti-Malware] C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe /install /silent
O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O10 - Unknown file in Winsock LSP: c:\windows\system32\winhelper.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\winhelper.dll
O16 - DPF: {1D4DB7D2-6EC9-47A3-BD87-1E41684E07BB} - http://ak.exe.imgfarm.com/images/nocache/funwebproducts/ei-4/WebfettiInitialSetup1.0.1.1.cab
O23 - Service: Google Software Updater (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1150\Intel 32\IDriverT.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe
O23 - Service: NMSAccess - Unknown owner - C:\Program Files\StompSoft\PC BackUp\NMSAccess.exe
O23 - Service: NsEngine - Unknown owner - C:\Program Files\StompSoft\PC BackUp\NSENGINE.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\System32\HPZipm12.exe
O23 - Service: SoundMAX Agent Service (SoundMAX Agent Service (default)) - Analog Devices, Inc. - C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe
O23 - Service: SupportSoft Sprocket Service (TalkTalk) (sprtsvc_TalkTalk) - SupportSoft, Inc. - C:\Program Files\TalkTalk\bin\sprtsvc.exe
O23 - Service: SupportSoft RemoteAssist - SupportSoft, Inc. - C:\Program Files\Common Files\Supportsoft\bin\ssrc.exe
O23 - Service: SupportSoft Repair Service (TalkTalk) (tgsrvc_TalkTalk) - SupportSoft, Inc. - C:\Program Files\Common Files\Supportsoft\bin\tgsrvc.exe
O23 - Service: TomTomHOMEService - TomTom - C:\Program Files\TomTom HOME 2\TomTomHOMEService.exe

--
End of file - 7974 bytes

Hi, i did have this problem before if you type in 'How to Remove PersonalAV [Removal Guide] in the search bar this should help

Someone please help me with my problem

Hello.

Please download the LSPfix from here: LSPFix
Unzip it to the Desktop (Important!!) and run it. Check the box that says "I know what I'm doing", and then select each instance of "winhelper.dll" in the left-hand panel and click >> button to move it to the right-hand panel. Then click Finish to allow LSPfix to rebuild the LSP chain.

• Open HijackThis
  
• Choose "Do a system scan only"
  
• Check the boxes in front of these lines:
  
  
  O1 - Hosts: 92.63.97.167 www.postbank.de
  O1 - Hosts: 92.63.97.167 postbank.de
  O1 - Hosts: 92.63.97.167 banking.postbank.de
  O1 - Hosts: 92.63.97.167 direkt.postbank.de
  O1 - Hosts: 92.63.97.167 www.smile.co.uk
  O1 - Hosts: 92.63.97.167 smile.co.uk
  O1 - Hosts: 92.63.97.167 cahoot.com
  O1 - Hosts: 92.63.97.167 www.cahoot.com
  O1 - Hosts: 92.63.97.167 www.cahoot.co.uk
  O1 - Hosts: 92.63.97.167 cahoot.co.uk
  O1 - Hosts: 92.63.97.167 www.co-operativebank.co.uk
  O1 - Hosts: 92.63.97.167 co-operativebank.co.uk
  O1 - Hosts: 92.63.97.167 www.co-operativebank.com
  O1 - Hosts: 92.63.97.167 co-operativebank.com
  O1 - Hosts: 92.63.97.167 personal.barclays.co.uk
  O1 - Hosts: 92.63.97.167 barclays.co.uk
  O1 - Hosts: 92.63.97.167 ibank.barclays.co.uk
  O1 - Hosts: 92.63.97.167 www.barclays.co.uk
  O1 - Hosts: 92.63.97.167 barclays.touchclarity.com
  O1 - Hosts: 92.63.97.167 hsbc.co.uk
  O1 - Hosts: 92.63.97.167 www.hsbc.co.uk
  O1 - Hosts: 92.63.97.167 hsbc.touchclarity.com
  O1 - Hosts: 92.63.97.167 www1.member-hsbc-group.com
  O1 - Hosts: 92.63.97.167 lloydstsb.co.uk
  O1 - Hosts: 92.63.97.167 www.lloydstsb.co.uk
  O1 - Hosts: 92.63.97.167 lloydstsb.com
  O1 - Hosts: 92.63.97.167 www.lloydstsb.com
  O1 - Hosts: 92.63.97.167 mi.lloydstsb.com
  O1 - Hosts: 92.63.97.167 www.woolwich.co.uk
  O1 - Hosts: 92.63.97.167 woolwich.co.uk
  O1 - Hosts: 92.63.97.167 www.deutsche-bank.de
  O1 - Hosts: 92.63.97.167 deutsche-bank.de
  O1 - Hosts: 92.63.97.167 meine.deutsche-bank.de
  O1 - Hosts: 92.63.97.167 www.anbusiness.com
  O1 - Hosts: 92.63.97.167 anbusiness.com
  O1 - Hosts: 92.63.97.167 www.abbeyinternational.com
  O1 - Hosts: 92.63.97.167 www.barclays.com
  O1 - Hosts: 92.63.97.167 barclays.com
  O1 - Hosts: 92.63.97.167 ibank.internationalbanking.barclays.com
  O1 - Hosts: 92.63.97.167 offshore.hsbc.com
  O1 - Hosts: 92.63.97.167 www.lloydstsb-offshore.com
  O1 - Hosts: 92.63.97.167 lloydstsb-offshore.com
  O1 - Hosts: 92.63.97.167 citibank.de
  O1 - Hosts: 92.63.97.167 www.citibank.de
  O1 - Hosts: 92.63.97.167 www.natwest.com
  O1 - Hosts: 92.63.97.167 natwest.com
  O1 - Hosts: 92.63.97.167 www.nwolb.com
  O1 - Hosts: 92.63.97.167 nwolb.com
  O1 - Hosts: 92.63.97.167 rbs.co.uk
  O1 - Hosts: 92.63.97.167 www.rbs.co.uk
  O1 - Hosts: 92.63.97.167 www.rbsdigital.com
  O1 - Hosts: 92.63.97.167 rbsdigital.com
  O1 - Hosts: 92.63.97.167 www.ybonline.co.uk
  O1 - Hosts: 92.63.97.167 ybonline.co.uk
  O4 - HKLM\..\Run: [Microsoft Network Services Controller] C:\WINDOWS\system32\mmsvc32.exe
  O4 - HKLM\..\Run: [winupdate.exe] C:\WINDOWS\system32\winupdate.exe
  O16 - DPF: {1D4DB7D2-6EC9-47A3-BD87-1E41684E07BB} - http://ak.exe.imgfarm.com/images/nocache/funwebproducts/ei-4/WebfettiInitialSetup1.0.1.1.cab
  
  
  
  
• Press "Fix Checked"
  
• Close Hijack This.
  

Please download and run this tool.

Download Malwarebytes' Anti-Malware from Here

Double Click mbam-setup.exe to install the application.

• Make sure a checkmark is placed next to Update Malwarebytes' Anti-Malware and Launch Malwarebytes' Anti-Malware, then click Finish.
  
• If an update is found, it will download and install the latest version.
  
• Once the program has loaded, select "Perform Quick Scan", then click Scan.
  
• The scan may take some time to finish,so please be patient.
  
• When the scan is complete, click OK, then Show Results to view the results.
  
• Make sure that everything is checked, and click Remove Selected.
  
• When disinfection is completed, a log will open in Notepad and you may be prompted to Restart. (See Note)
  
• The log is automatically saved by MBAM and can be viewed by clicking the Logs tab in MBAM.
  

Note:
If MBAM encounters a file that is difficult to remove, you will be presented with 1 of 2 prompts.
Click OK to either and let MBAM proceed with the disinfection process.
If asked to restart the computer, please do so immediately.

Post the contents of the MBAM Log.

sorry to sound simple but how do u unzip it to the desktop. thanks

Since it's a .zip file, Windows let you open a zip file like a folder, so usually just open it like a normal folder, then drag the main program to the Desktop.

ok thanks. when i download Malwarebytes' Anti-Malware it asks if i want to run or save, does this make a difference?

Save it, because we may need to rename it later if it doesn't install right straight away.

i saved it but it doesn't seem to open.

Hello.

• Download combofix from here
  Link 1
  Link 2
  
  1. If you are using Firefox, make sure that your download settings are as follows:
  
  * Tools->Options->Main tab
  * Set to "Always ask me where to Save the files".
  
  2. During the download, rename Combofix to Combo-Fix as follows:
  
  
  
  
  
  3. It is important you rename Combofix during the download, but not after.
  4. Please do not rename Combofix to other names, but only to the one indicated.
  5. Close any open browsers.
  6. Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.
  
  
• We need to disable your local AV (Anti-virus) before running Combofix.
  
• See HERE for how to disable your AV.
  
• Double click on ComboFix.exe.
  
• Follow the prompts. NOTE:
  
• ComboFix will check to see if the Microsoft Windows Recovery Console is installed.
  ***It's strongly recommended to have the Recovery Console installed before doing any malware removal.***
  
  **Please note: If the Microsoft Windows Recovery Console is already installed, ComboFix will automatically proceed with its scan.
  
  
  
• The Recovery Console provides a recovery/repair mode should a problem occur during a Combofix run.
  
  
  
  
• Allow ComboFix to download the Recovery Console.
  
• Accept the End-User License Agreement.
  
• The Recovery Console will be installed.
  
• You will then get this next prompt that asks if you want to continue the malware scan, select yes
  
  
  
  
• Allow combofix to run
  
• Post C:\combofix.txt back here.
  
  Note:
  Do not mouseclick combofix's window whilst it's running. That may cause it to stall.