I think I had the same problem two days ago. First, the tab options to change wallpaper and screensaver disappeared (even now they're still gone.) I also got the BSOD and the wallpaper saying I got two viruses, but I don't recall what they were. I think it messed up my firefox browser as well because when I tried to go to sites to download Anti-Virus programs I kept getting directed to other irrelevant places. To get around that, I downloaded the Trial Version of AVG with another computer onto my flash drive and installed it on this one. It ran and got rid of some viruses, malwares, spywares, etc. Now I dont see the warning window wallpaper or the BSOD anymore, but if my pc is inactive then there'll be a screensaver that looks like I restarted my pc even though I did not. In addition to that, the computer keeps freezing every 20 or 30 minutes. Everytime I turn it on, it would say it detects new hardwares: the wireless adapter card and "new ethernet controller". Helps would be greatly appreciated.
Hi NathanN First, please download ComboFix. With ComboFix, at the download window, please rename it to Combo-Fix(.exe) before downloading it. Please disable all security programs, such as antiviruses, antispywares, and firewalls. Also disable your internet connection. • Run Combo-Fix.exe and follow the prompts. **Understand that things like your system clock changing and your desktop disappearing might happen. Do not worry, because all will be restored later. • Wait for the scan to be completed. • If it requires a reboot, please do it. • After the scan has completed entirely, please post the log here. The log will be located at C:\ComboFix(.txt) Do not click on the ComoboFix window, as it may cause it to stall. Next, please download the HijackThis zip file. Save it onto a convenient place in your computer, and then unzip the file. Rename HijackThis(.exe) to scanner(.exe). Next, run scanner(.exe). A window will pop up. • Click on the button which says Main Menu, then Do a system scan and save a logfile. • Please wait for the scan to be completed. • After the scan has completed, a text window will pop up. Please post the contents of this window here. This will also be located at hijackthis(.txt) in the same folder that HijackThis was originally saved. NOTE:: Do not fix anything using HijackThis, as this may also damage legitimate components of your computer. Best Regards
I tried doing what I was told. I had to downlaod ComboFix and Hijack This from the other computer. Anyway, I turned off my firewall but for some reasons I couldnt turn off or disable AVG Antivirus. I also tried ending AVG processes using the Task manager and uninstalling it. Neither worked. Combo-Fix didnt seem to work as I couldnt turn off AVG. Here is the log that I found in C drive. It's called bug.txt instead of ComboFix.txt. I've also noticed that when I google and click on a site it always directs me to another irrelevant, ad site. It is like that for almost every site. Links to download Combo-Fix also didnt work on this infected computer. Here's the log: PUSHD "C:\32788R22FWJFW\" IF NOT EXIST C:\WINDOWS\system32\cmd.exe GOTO Not_NT VER 1>temp00 C:\WINDOWS\system32\FIND.exe "Microsoft Windows [Version 5.2.3790]" temp00 1>NULL IF NOT ERRORLEVEL 1 GOTO Not_NT C:\WINDOWS\system32\FIND.exe "Windows XP" temp00 1>NULL HANDLE | SED -r "/<Non-existant Process> pid: ([0-9]*) .*/!d; s//@Nircmd KillProcess \/\1/" 1>temp00.bat CALL temp00.bat PV -o"%i\t%l" | SED "/\t.*\\nircmd\.inf$/!d; s///; s/./@pv -kfi &/" 1>temp01.bat CALL temp01.bat DEL /Q temp0?.bat temp00 2>NULL ============================================= ALLUSERSPROFILE=C:\Documents and Settings\All Users APPDATA=C:\Documents and Settings\HP_Administrator\Application Data CFLDR=32788R22FWJFW CLASSPATH=.;C:\Program Files\Java\jre1.5.0\lib\ext\QTJava.zip CLIENTNAME=Console CommonProgramFiles=C:\Program Files\Common Files COMPUTERNAME=NATHAN ComSpec=C:\WINDOWS\system32\cmd.exe FP_NO_HOST_CHECK=NO HOMEDRIVE=C: HOMEPATH=\Documents and Settings\HP_Administrator KMD=CF17866.exe LOGONSERVER=\\NATHAN NUMBER_OF_PROCESSORS=2 OS=Windows_NT Path=C:\32788R22FWJFW;C:\WINDOWS\system32;C:\WINDOWS;C:\WINDOWS\system32\wbem;C:\WINDOWS\system32;C:\WINDOWS;C:\WINDOWS\System32\Wbem;c:\Python22;C:\Program Files\Autodesk\Backburner\;C:\Program Files\Common Files\Autodesk Shared\;C:\Program Files\QuickTime\QTSystem\;C:\Program Files\Smart Projects\IsoBuster;;C:\PROGRA~1\COMMON~1\MUVEET~1\030625;C:\PROGRA~1\COMMON~1\MUVEET~1\030625 PATHEXT=.cfexe;.COM;.EXE;.BAT;.CMD;.VBS;.VBE;.JS;.JSE;.WSF;.WSH PROCESSOR_ARCHITECTURE=x86 PROCESSOR_IDENTIFIER=x86 Family 15 Model 4 Stepping 3, GenuineIntel PROCESSOR_LEVEL=15 PROCESSOR_REVISION=0403 ProgramFiles=C:\Program Files PROMPT=$ QTJAVA=C:\Program Files\Java\jre1.5.0\lib\ext\QTJava.zip SESSIONNAME=Console sfxcmd="C:\Documents and Settings\HP_Administrator\My Documents\STuff\Combo-Fix.exe" sfxname=C:\Documents and Settings\HP_Administrator\My Documents\STuff\Combo-Fix.exe SonicCentral=c:\Program Files\Common Files\Sonic Shared\Sonic Central\ SYSTEM=C:\WINDOWS\system32 SystemDrive=C: SystemRoot=C:\WINDOWS TEMP=C:\DOCUME~1\HP_ADM~1\LOCALS~1\Temp TMP=C:\DOCUME~1\HP_ADM~1\LOCALS~1\Temp USERDOMAIN=NATHAN USERNAME=HP_Administrator USERPROFILE=C:\Documents and Settings\HP_Administrator windir=C:\WINDOWS ============================================= IF NOT DEFINED sfxname GOTO END CALL sfx.cmd Any idea?
Hey Nathan Hmmm... interesting. Try running both Combofix and HijackThis in safe mode (by repeatedly pressing the F8 key after you press the power button.) Best Regards
