System infected screen.....

Iam having tons of spyware pop ups. My wallpaper to my computer changed into a green background with red writing saying "your system is infected. system has stopped due to a serious malfunction. it is recommended you use spayware removal to prevent data loss & so on." I also have a internet security 2010 pop up that is on my computer some how. I get critical system warning. infected wih trojan spy.html.visfraud.a..... tons of things.. I try download removal tools but my internet goes to some random website everytime i try to click it to download....... Any help would be appriciated very much!



DDS (Ver_09-12-01.01) - NTFSx86
Run by Compaq_Owner at 15:38:39.45 on Sat 12/12/2009
Internet Explorer: 7.0.5730.13
Microsoft Windows XP Home Edition 5.1.2600.3.1252.1.1033.18.446.56 [GMT -5:00]

============== Running Processes ===============
C:\WINDOWS\system32\svchost -k DcomLaunch
svchost.exe
C:\WINDOWS\System32\svchost.exe -k netsvcs
C:\WINDOWS\system32\svchost.exe -k WudfServiceGroup
svchost.exe
svchost.exe
C:\WINDOWS\system32\spoolsv.exe
svchost.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\system32\HPZipm12.exe
C:\WINDOWS\system32\svchost.exe -k imgsvc
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\RTHDCPL.EXE
C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
C:\PROGRA~1\MICROI~1\INTERN~1\KEMailKb.EXE
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe
C:\Program Files\Java\jre6\bin\jusched.exe
C:\WINDOWS\system32\winupdate86.exe
C:\WINDOWS\system32\rundll32.exe
C:\WINDOWS\system32\RUNDLL32.EXE
C:\Program Files\AIM\aim.exe
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\DOCUME~1\COMPAQ~1\LOCALS~1\Temp\spoolsv.exe
C:\Program Files\InternetSecurity2010\IS2010.exe
C:\Program Files\Compaq Connections\5577497\Program\Compaq Connections.exe
C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
C:\Program Files\LimeWire\LimeWire.exe
C:\Program Files\HP\Digital Imaging\bin\hpqSTE08.exe
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\Documents and Settings\Compaq_Owner\Local Settings\Temporary Internet Files\Content.IE5\2GSEX4MB\dds[1].scr
============== Pseudo HJT Report ===============
uStart Page = hxxp://google.com/
uSearch Page = hxxp://www.google.com
uDefault_Search_URL = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iesearch&locale=EN_US&c=64&bd=PRESARIO&pf=desktop
uSearch Bar = hxxp://www.google.com/ie
uSearchMigratedDefaultURL = hxxp://www.google.com/search?q={searchTerms}&sourceid=ie7&rls=com.microsoft:en-US&ie=utf8&oe=utf8
mStart Page = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=EN_US&c=64&bd=PRESARIO&pf=desktop
mSearch Bar = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iesearch&locale=EN_US&c=64&bd=PRESARIO&pf=desktop
uInternet Connection Wizard,ShellNext = iexplore
uSearchAssistant = hxxp://www.google.com/ie
uSearchURL,(Default) = hxxp://www.google.com/search?q=%s
mSearchAssistant = hxxp://www.google.com/ie
uURLSearchHooks: Yahoo! Toolbar: {ef99bd32-c1fb-11d2-892f-0090271d4f88} - c:\program files\yahoo!\companion\installs\cpn1\yt.dll
mWinlogon: Userinit=c:\windows\system32\winlogon86.exe
BHO: &Yahoo! Toolbar Helper: {02478d38-c3f9-4efb-9b51-7695eca05670} - c:\program files\yahoo!\companion\installs\cpn1\yt.dll
BHO: c:\windows\system32\p6uxq.dll: {c5b24b16-23f2-41ad-f4e4-00abc39c0004} - c:\windows\system32\p6uxq.dll
TB: Yahoo! Toolbar: {ef99bd32-c1fb-11d2-892f-0090271d4f88} - c:\program files\yahoo!\companion\installs\cpn1\yt.dll
TB: Google Toolbar: {2318c2b1-4965-11d4-9b18-009027a5cd4f} - c:\program files\google\google toolbar\GoogleToolbar.dll
TB: {C4069E3A-68F1-403E-B40E-20066696354B} - No File
TB: {4E7BD74F-2B8D-469E-86BD-FD60BB9AAE3A} - No File
uRun: [AIM] c:\program files\aim\aim.exe -cnetwait.odl
uRun: [swg] "c:\program files\google\googletoolbarnotifier\GoogleToolbarNotifier.exe"
uRun: [MsnMsgr] "c:\program files\msn messenger\MsnMsgr.Exe" /background
uRun: [updateMgr] "c:\program files\adobe\acrobat 7.0\reader\AdobeUpdateManager.exe" AcRdB7_0_9 -reboot 1
uRun: [notepad] rundll32.exe c:\docume~1\compaq~1\ntload.dll,_IWMPEvents@0
uRun: [asg984jgkfmgasi8ug98jgkfgfb] c:\docume~1\compaq~1\locals~1\temp\spoolsv.exe
uRun: [Internet Security 2010] c:\program files\internetsecurity2010\IS2010.exe
mRun: [ftutil2] rundll32.exe ftutil2.dll,SetWriteCacheMode
mRun: [RTHDCPL] RTHDCPL.EXE
mRun: [NvCplDaemon] RUNDLL32.EXE c:\windows\system32\NvCpl.dll,NvStartup
mRun: [nwiz] nwiz.exe /install
mRun: [Recguard] c:\windows\sminst\RECGUARD.EXE
mRun: [PCDrProfiler]
mRun: [HPBootOp] "c:\program files\hewlett-packard\hp boot optimizer\HPBootOp.exe" /run
mRun: [HP Software Update] c:\program files\hp\hp software update\HPWuSchd2.exe
mRun: [D-Link Wireless G WDA-1320] c:\program files\d-link\wireless g wda-1320\AirGCFG.exe
mRun: [ANIWZCS2Service] c:\program files\ani\aniwzcs2 service\WZCSLDR2.exe
mRun: [KEMailKb] c:\progra~1\microi~1\intern~1\KEMailKb.EXE
mRun: [!AVG Anti-Spyware] "c:\program files\grisoft\avg anti-spyware 7.5\avgas.exe" /minimized
mRun: [QuickTime Task] "c:\program files\quicktime\qttask.exe" -atboottime
mRun: [SunJavaUpdateSched] "c:\program files\java\jre6\bin\jusched.exe"
mRun: [winupdate86.exe] c:\windows\system32\winupdate86.exe
mRun: [notepad] rundll32.exe c:\windows\system32\notepad.dll,_IWMPEvents@0
mRun: [MsWerr] RUNDLL32.EXE c:\windows\system32\xm1985.dll,w
mRun: [noyemofen] Rundll32.exe "c:\windows\system32\demohajo.dll",a
dRun: [notepad] rundll32.exe c:\docume~1\locals~1\ntload.dll,_IWMPEvents@0
dRun: [ygua8e7yhuiesfha876yfauy8fe] c:\windows\temp\ii05z.exe
dRun: [asg984jgkfmgasi8ug98jgkfgfb] c:\windows\temp\avp.exe
StartupFolder: c:\docume~1\compaq~1\startm~1\programs\startup\limewi~1.lnk - c:\program files\limewire\LimeWire.exe
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\adober~1.lnk - c:\program files\adobe\acrobat 7.0\reader\reader_sl.exe
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\compaq~1.lnk - c:\program files\compaq connections\5577497\program\Compaq Connections.exe
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\hpdigi~1.lnk - c:\program files\hp\digital imaging\bin\hpqtra08.exe
uPolicies-explorer: NoSetActiveDesktop = 1 (0x1)
uPolicies-explorer: NoActiveDesktopChanges = 1 (0x1)
uPolicies-explorer: NoFolderOptions = 1 (0x1)
uPolicies-system: DisableRegistryTools = 1 (0x1)
uPolicies-system: DisableTaskMgr = 1 (0x1)
mPolicies-explorer: NoSetActiveDesktop = 1 (0x1)
mPolicies-explorer: NoActiveDesktopChanges = 1 (0x1)
mPolicies-system: EnableLUA = 0 (0x0)
dPolicies-explorer: NoSetActiveDesktop = 1 (0x1)
dPolicies-explorer: NoActiveDesktopChanges = 1 (0x1)
dPolicies-explorer: NoFolderOptions = 1 (0x1)
dPolicies-system: DisableTaskMgr = 1 (0x1)
dPolicies-system: DisableRegistryTools = 1 (0x1)
IE: {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - c:\program files\aim\aim.exe
IE: {E2D4D26B-0180-43a4-B05F-462D6D54C789} - c:\windows\pchealth\helpctr\vendors\cn=hewlett-packard,l=cupertino,s=ca,c=us\iebutton\support.htm
IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe
IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe
DPF: {02BF25D5-8C17-4B23-BC80-D3488ABDDC6B} - hxxps://www.apple.com/qtactivex/qtplugin.cab
DPF: {166B1BCA-3F9C-11CF-8075-444553540000} - hxxp://download.macromedia.com/pub/shockwave/cabs/director/sw.cab
DPF: {17492023-C23A-453E-A040-C7C580BBF700} - hxxp://download.microsoft.com/download/F/D/9/FD9E437D-5BC8-4264-A093-DFA2C39D197E/LegitCheckControl.cab
DPF: {30528230-99F7-4BB4-88D8-FA1D4F56A2AB} - hxxp://us.dl1.yimg.com/download.yahoo.com/dl/yinst/yinst_current.cab
DPF: {48DD0448-9209-4F81-9F6D-D83562940134} - hxxp://lads.myspace.com/upload/MySpaceUploader1006.cab
DPF: {5ED80217-570B-4DA9-BF44-BE107C0EC166} - hxxp://cdn.scan.onecare.live.com/resource/download/scanner/wlscbase5483.cab
DPF: {67DABFBF-D0AB-41FA-9C46-CC0F21721616} - hxxp://go.divx.com/plugin/DivXBrowserPlugin.cab
DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} - hxxp://update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1239308930812
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_17-windows-i586.cab
DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} - hxxp://fpdownload.macromedia.com/get/flashplayer/current/ultrashim.cab
DPF: {CAFEEFAC-0016-0000-0017-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_17-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_17-windows-i586.cab
DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} - hxxp://fpdownload.macromedia.com/get/shockwave/cabs/flash/swflash.cab
DPF: {D54160C3-DB7B-4534-9B65-190EE4A9C7F7} - hxxp://games.bigfishgames.com/en_feedingfrenzy/online/Game/SproutLauncher.cab
TCP: {67B4378D-325E-45E7-89D8-999A1440C924} = 193.104.110.38,4.2.2.1,192.168.0.1
TCP: {96025B78-3BE8-4019-A488-A52C2BB18508} = 193.104.110.38,4.2.2.1
Filter: x-sdch - {B1759355-3EEC-4C1E-B0F1-B719FE26E377} - c:\program files\google\google toolbar\component\fastsearch_A8904FB862BD9564.dll
AppInit_DLLs: c:\windows\system32\demohajo.dll fimegovu.dll c:\windows\system32\sesidasu.dll
SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - c:\windows\system32\WPDShServiceObj.dll
SSODL: huveyevat - {eb822ac6-450e-443a-9e7b-9967bc0a3933} - c:\windows\system32\sesidasu.dll
SSODL: zejejugiy - {8db784fe-16a5-43fb-80b2-fd10f9fad23a} - c:\windows\system32\demohajo.dll
STS: c:\windows\system32\p6uxq.dll: {c5b24b16-23f2-41ad-f4e4-00abc39c0004} - c:\windows\system32\p6uxq.dll
STS: kupuhivus: {eb822ac6-450e-443a-9e7b-9967bc0a3933} - c:\windows\system32\sesidasu.dll
STS: mujuzedij: {8db784fe-16a5-43fb-80b2-fd10f9fad23a} - c:\windows\system32\demohajo.dll
SEH: CShellExecuteHookImpl Object: {57b86673-276a-48b2-bae7-c6dbb3020eb8} - c:\program files\grisoft\avg anti-spyware 7.5\shellexecutehook.dll
LSA: Notification Packages = scecli kihufupu.dll
Hosts: 209.44.111.57 alarm-security.microsoft.com
Hosts: 209.44.111.57 inetantivir.com
Hosts: 209.44.111.57 www.inetantivir.com
============= SERVICES / DRIVERS ===============
R1 AVG Anti-Spyware Driver;AVG Anti-Spyware Driver;c:\program files\grisoft\avg anti-spyware 7.5\guard.sys [2007-5-30 11000]
R1 AvgAsCln;AVG Anti-Spyware Clean Driver;c:\windows\system32\drivers\AvgAsCln.sys [2007-9-12 10872]
R2 AVG Anti-Spyware Guard;AVG Anti-Spyware Guard;c:\program files\grisoft\avg anti-spyware 7.5\guard.exe [2007-5-30 312880]
R3 A3AB;D-Link AirPro 802.11a/b Wireless Adapter Service(A3AB);c:\windows\system32\drivers\A3AB.sys [2005-8-25 466880]
=============== Created Last 30 ================
2009-12-12 18:10:43 529 --sh--w- c:\windows\system32\hemetepe.exe
2009-12-12 17:10:20 0 d-----w- c:\program files\InternetSecurity2010
2009-12-12 06:06:25 57344 ----a-w- c:\windows\system32\xm1985.dll
2009-12-12 06:05:34 21504 ----a-w- c:\windows\system32\winhelper86.dll
2009-12-12 06:05:11 2854 ----a-w- c:\windows\system32\critical_warning.html
2009-12-12 06:05:04 40960 ----a-w- c:\windows\system32\winupdate86.exe
2009-12-12 06:05:04 40960 ----a-w- c:\windows\system32\winlogon86.exe
2009-12-12 06:04:57 40960 ----a-w- C:\waees.exe
2009-12-12 06:04:57 15000 ----a-w- c:\windows\system32\p6uxq.dll
2009-12-12 06:04:56 8704 ----a-w- C:\acad.exe
2009-12-03 21:39:43 0 d-----w- c:\windows\system32\wbem\Repository
2009-11-24 19:39:04 0 d-----w- c:\program files\MSXML 4.0
==================== Find3M ====================
2009-10-28 14:36:11 70656 ----a-w- c:\windows\system32\dllcache\ie4uinit.exe
2009-10-28 14:36:11 13824 ------w- c:\windows\system32\dllcache\ieudinit.exe
2009-10-28 06:54:16 634632 ----a-w- c:\windows\system32\dllcache\iexplore.exe
2009-10-28 06:52:46 161792 ----a-w- c:\windows\system32\dllcache\ieakui.dll
2009-10-21 05:38:36 75776 ----a-w- c:\windows\system32\strmfilt.dll
2009-10-21 05:38:36 75776 ------w- c:\windows\system32\dllcache\strmfilt.dll
2009-10-21 05:38:36 25088 ----a-w- c:\windows\system32\httpapi.dll
2009-10-21 05:38:36 25088 ------w- c:\windows\system32\dllcache\httpapi.dll
2009-10-20 16:20:16 265728 ----a-w- c:\windows\system32\drivers\http.sys
2009-10-20 16:20:16 265728 ------w- c:\windows\system32\dllcache\http.sys
2009-10-13 10:30:16 270336 ----a-w- c:\windows\system32\oakley.dll
2009-10-13 10:30:16 270336 ------w- c:\windows\system32\dllcache\oakley.dll
2009-10-12 13:38:19 149504 ----a-w- c:\windows\system32\rastls.dll
2009-10-12 13:38:19 149504 ------w- c:\windows\system32\dllcache\rastls.dll
2009-10-12 13:38:18 79872 ----a-w- c:\windows\system32\raschap.dll
2009-10-12 13:38:18 79872 ------w- c:\windows\system32\dllcache\raschap.dll
2009-10-11 09:17:27 411368 ----a-w- c:\windows\system32\deploytk.dll
2009-09-27 20:46:55 13343 ----a-w- c:\windows\system32\olivagike.dat
2009-09-27 20:46:55 12324 ----a-w- c:\program files\common files\rywukufy.db
2009-09-27 20:46:54 16561 ----a-w- c:\windows\wegesyqyfi.bin
2009-09-12 06:06:12 92672 --sha-w- c:\windows\system32\demohajo.dll
2009-09-12 06:06:48 53760 --sha-w- c:\windows\system32\fimegovu.dll
2009-09-12 06:06:13 39424 --sha-w- c:\windows\system32\gedesumi.dll
2009-01-14 05:56:56 1549 --sha-w- c:\windows\system32\GroupPolicy000.dat
2009-09-12 06:06:48 53760 --sha-w- c:\windows\system32\kihufupu.dll
2009-09-12 18:10:26 61440 --sha-w- c:\windows\system32\kofusipo.dll
2009-07-17 20:35:14 169984 --sha-w- c:\windows\system32\meyiyezi(2).dll
2009-09-12 06:06:12 53760 --sha-w- c:\windows\system32\midepoba.dll
2009-03-21 14:06:58 28160 --sha-w- c:\windows\system32\notepad.dll
2009-09-12 18:10:27 45568 --sha-w- c:\windows\system32\rejutigo.dll
2009-09-12 18:10:26 92672 --sha-w- c:\windows\system32\sesidasu.dll
2009-09-12 18:10:26 39424 --sha-w- c:\windows\system32\vezipoyo.dll
2009-09-12 06:06:48 53760 --sha-w- c:\windows\system32\wurigepo.dll
2008-12-01 23:17:15 32768 --sha-w- c:\windows\system32\config\systemprofile\local settings\history\history.ie5\mshist012008120120081202\index.dat
============= FINISH: 15:41:16.32 ===============

Your system is severly infected. Problem with these infections nowadays is, it causes a lot of damage. Even if we clean the malware off your system, I can't guarantee that your system will be clean afterwards, because these infections/bundles leave a lot of leftovers behind that most scanners won't even recognise and logs won't show.
Also, I can't promise you we can repair all the damage it caused... Even after cleaning the malware, you can still get errors afterwards because of the damage. Solving these is not always possible since it will be searching for a needle in a haystack to find the right cause and solution.
So, we can try to clean this up and do what we can, but keep in mind that we can't solve ALL problems this malware already caused.

In light of this it would be wise for you to back up any files and folders that you don't want to lose before we start. Reason I am telling this is because when a system is so terribly infected and we try to clean this up manually, the damage that is already present may interfere with our removal attempts.

Actually, this doesn't suprise me at all...
I notice that you never scanned with an Antivirus previously before starting this thread - because you don't even have an Antivirus installed!
This is somewhat suicidal in today's digital world.
That's why I want you to install one first!!

* Please install Avira Antivirus: http://www.free-av.com/
This is a free Antivirus.

Perform a full scan with Avira and let it delete everything it is finding.
Then reboot.
After reboot, open your Avira and select "reports".
There doubleclick the report from the Full scan you have done. Click the "Report File" button and copy and paste this report in your next reply.
Then we'll start from there, because it really makes no sense otherwise that we clean this up manually if an Antivirusscan is not present which should be able to deal with most and prevent further reinfection.

Is it possible you could give me the direct link to download? Im on a different computer going back and fourth between them, when i try clickin the link it automatically goes to a different website.

I ran the virus scan and after it rebooted it logged off my account and will not log back in now..... What am I suppost to do? It wont go in safe mode or anything... Basically wont start up. Is my computer done now?

Looks like there is even more hȋdden damage by the malware, I would advise formatting, because at this moment, your machine is only helping the bad guys spread this stuff around.