A lot of viruses

[wigwamman]

Hello guys,

I'm new to TechSpot, I've a some what good understanding of computers but a very limited knowledge of viruses and malware. Ive tried looking in other threads about my problems with no luck.
My brother has given me his old PC, and I just use it really for playing games and searching the web but its littered with virues, first off I have the "Warning! Spyware detected on your computer" wallpaper and my background and screensaver tabs in display have disappeared.
Secondly, I use firefox as my default web browser and for some reason in the last couple of days it wont open, even in safe mode.

Attached is my HJT log, could someone please please have a look and help me!

Thanks, WigWamMan

 

[momok]

Your system is horribly infected. Fix the following:

R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = 127.0.0.1
F1 - win.ini: run= C:\WESTWOOD\REDALERT\INSTICON.EXE
F2 - REG:system.ini: Shell=Explorer.exe C:\WINDOWS\Config\csrss.exe
O3 - Toolbar: (no name) - {0BF43445-2F28-4351-9252-17FE6E806AA0} - (no file)
O4 - HKLM\..\Run: [StopHid] StopHid.exe
O4 - HKLM\..\Run: [lphcps8j0en53] C:\WINDOWS\system32\lphcps8j0en53.exe

O4 - HKLM\..\Run: [sysrest32.exe] C:\WINDOWS\system32\sysrest32.exe
O4 - HKLM\..\Run: [BM07783c8e] Rundll32.exe "C:\WINDOWS\system32\lgxwwmmt.dll",sO8 - Extra context menu item: &Search - http://edits.mywebsearch.com/toolbaredits/menusearch.jhtml?p=ZNfox000
O9 - Extra button: (no name) - {2670000A-7350-4f3c-8081-5663EE0C6C49} - (no file)O9 - Extra button: (no name) - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - (no file)
O16 - DPF: {1D4DB7D2-6EC9-47A3-BD87-1E41684E07BB} - http://ak.exe.imgfarm.com/images/no...ularScreenSaversFWBInitialSetup1.0.0.15-3.cab
O20 - AppInit_DLLs: C:\WINDOWS\system32\guard32.dll zatyfs.dll

Then, visit the 8-step malware removal guide in my signature and post the required logs (not from safe mode)

 

[tw0rld]

Not in safe Mode

Using HJT in safe Mode is somewhat against the point. Run HJT in normal Mode.

Point worth mentioning
You seem to be infected with Anti-Virus Xp 2008

O4 - HKLM\..\Run: [lphcps8j0en53] C:\WINDOWS\system32\lphcps8j0en53.exe

Malwarebytes show delete this, but you might encounter some difficulties with changing your desktop settings.

 

[wigwamman]

Sorry mate didnt know that.

Heres the HJT log in normal mode

 

[momok]

Boot into safe mode and fix these:

F2 - REG:system.ini: Shell=Explorer.exe C:\WINDOWS\Config\csrss.exe
O4 - HKCU\..\Run: [] C:\Documents and Settings\Neil\Application Data\Adobe\Player.exe

Unhide your files and folders and search for "C:\WINDOWS\Config\csrss.exe" to see if you find it. If you do, delete it and empty your recycle bin.

Reboot into normal mode and go through the 8 step malware removal thread. Post back with your logs (all 3 of them) when you're done. Let us know how your system is running after performing the instructions in the thread.

 

[wigwamman]

thanks for your help so far momok, but im having big problems now...
I followed your 8 steps and after running Super Anti Spyware i restarted my computer but now it wont start correctly.
When I run it in normal mode the windows log in screen freezes and when I run it in safe mode it crashes and comes up with the blue screen complaining about hardware and software arent installed correctly.

No worries now, i sorted the log in screen problem.
Momok, heres the 3 logs you asked for in your 8 step thingy. and again thanks for your help so far.

WigWamMan

sorry didnt put the HJT log, here you go.....

 

[momok]

The infection on your system has just gotten worse.
Boot into safe mode, run HJT and fix the following:

O2 - BHO: {8d546a10-c527-808a-f324-6cef2eb3e43c} - {c34e3be2-fec6-423f-a808-725c01a645d8} - C:\WINDOWS\system32\wqvjlp.dll (file missing)
O4 - HKLM\..\Run: [\YUR35.exe] C:\Windows\system32\YUR35.exe
O4 - HKLM\..\Run: [\YUR36.exe] C:\Windows\system32\YUR36.exe
O4 - HKLM\..\Run: [\YUR37.exe] C:\Windows\system32\YUR37.exe
O4 - HKLM\..\Run: [\YUR38.exe] C:\Windows\system32\YUR38.exe
O4 - HKLM\..\Run: [ANTIVIRUS] C:\Program Files\MicroAV\MicroAV.exe
O4 - HKLM\..\Run: [\YURF.exe] C:\Windows\system32\YURF.exe
O4 - HKLM\..\Run: [\YUR10.exe] C:\Windows\system32\YUR10.exe
O4 - HKLM\..\Run: [\YUR11.exe] C:\Windows\system32\YUR11.exe
O4 - HKLM\..\Run: [\YUR12.exe] C:\Windows\system32\YUR12.exe
O4 - HKCU\..\Run: [\YUR35.exe] C:\Windows\system32\YUR35.exe
O4 - HKCU\..\Run: [\YUR36.exe] C:\Windows\system32\YUR36.exe
O4 - HKCU\..\Run: [\YUR37.exe] C:\Windows\system32\YUR37.exe
O4 - HKCU\..\Run: [\YUR38.exe] C:\Windows\system32\YUR38.exe
O4 - HKCU\..\Run: [\YURF.exe] C:\Windows\system32\YURF.exe
O4 - HKCU\..\Run: [\YUR10.exe] C:\Windows\system32\YUR10.exe
O4 - HKCU\..\Run: [\YUR11.exe] C:\Windows\system32\YUR11.exe
O4 - HKCU\..\Run: [\YUR12.exe] C:\Windows\system32\YUR12.exe
O20 - AppInit_DLLs: wqvjlp.dll

Have you rebooted your system for the cleaning by SAS and malwarebytes?

 

[wigwamman]

Yes, I did malwarebytes a few times, and SAS once and rebooted every time. I have got rid of the "Warning! Spyware detected on your computer" wallpaper. But now im getting rude desktop icons.

and here is the HJT log after removing everything from your second list.

 

[momok]

What do you mean by 'rude desktop icons'? Are they existing icons which had their icon images changed, or totally new shortcuts?

How is your system running now? I suspect the infection has not gone away, so could you download and run Deckard System scanner from HERE?
It will produce 2 logs; attach both in your next reply.

 

[wigwamman]

Thanks for the help so far Momok. Last time i checked everything seemed to be fine with the PC. Im away for the weekend now so I'll download Deckard System on Monday and post the logs then.

Thanks again,
WigWamMan

 

[momok]

Np, just post back with the attachments when you're done.