Hi, my computer just started having some issues. It locks up when powering on at least 2 out of 3 attempts. When I do get it to power up, it ususally freezes within 15-20 minutes randomly. Sometimes while using internet, sometimes not. My AVG antivirus is not recognizing any issues, and I am ot sure what to do. All I know it is very annoying to have to restart computer every 20 minutes or so.

Thanks!

AVG8 is now obsolete and old, it cannot protect you properly

Please uninstall AVG from Add/Remove programs in Control Panel
Then run the AVG Remover Tool: http://www.avg.com/filedir/util/support/avgremover_en.exe
Then Restart

Download and install Free Avira Antivirus: http://www.free-av.com/
Update it
Run a full scan

Avira Antivir now installed

I have attached the log of the full scan from Avira. I will let you know if the freezing problem persists.

Thanks.

If you don't mind me saying. The real issue here is Limewire and sharing files on your computer to others, and other computers to you
I'll never feel that can be safe, however others explain it to me (1000 bitten, twice shy )

limewire

I thought I removed it. Did I only remove part of it?

Can you update Malwarebytes again, then run another quick scan, and save the log to be attached to a new reply


Combofix:

• Download Combofix to your desktop.
• Disable your Antivirus (as Combofix will remove any found malwares)
• Double click ComboFix & follow the prompts.
• A window will open with a warning.
• When the scan completes it will open a text window. Please save the log to be attached to a new reply

Restart


Run another fresh HJT Scan only log, and save the log to be attached to a new reply



3 Attachments required:

1. Malwarebytes
2. Combofix
3. HijackThis

All attached

Thank you for your help! All requested attachments are attached.

You are still infected. Please follow the following precisely (we don't want to mess up Windows )

Also, allow any Firewall message that may pop up

1. Download Atapi.zip to your Desktop
   • Extract Atapi.zip file directly to your Desktop, giving Atapi.sys
   
   
2. Start > Run > cmd /c del /a/f/q c:\atapi.sys > ok
   
   
3. Start > Run > cmd /c start /min cmd /c "copy %windir%\system32\drivers\atapi.sys Desktop\*.suspect >log.txt&log.txt"
   • You will get "1 file(s) copied." Please close this Notepad
   
   
4. Start > Run > cmd /c start /min cmd /c "copy Desktop\atapi.sys %windir%\system32\drivers\atapi.sys >log.txt&log.txt"
   • You will get "1 file(s) copied." Please close this Notepad
   
   
5. Start > Run > cmd /c start /min cmd /c "copy Desktop\atapi.sys c:\atapi.sys >log.txt&log.txt"
   • You will get "1 file(s) copied." Please close this Notepad
   
   
6. Start > Run > cmd /c start /min cmd /c "dir /a c:\atapi.sys >log.txt&log.txt"
   • Please save the text file to be attached to a new reply

Restart

Run Combofix again, attach the log

clarification

kimbo-

Not sure if I am doing this right. I downloaded the atapi.zip to the desktop. However, when "extracting" I am getting the following message. "Cannot start winzip! Required file winzip.chm was not found in same folder as winzip."

To be clear on how to extract: Right click the atapi desktop icon, then winzip, then extract to? This is when the above error comes up.

Thanks again for your help and patience with me!!

Well just uninstall Winzip its obviously corrupt

I use WinRAR: http://www.rarlab.com/rar/wrar391b2.exe
That link is to the newest "Trial" version, but its free for a little while

Install WinRAR and associated all the archives (like ZIP and all the rest to it) then finally right mouse drag the Atapi.zip file to a blank area on your Desktop, thus extracting it directly to your Desktop (ie not in its own folder) It says "extract here" I'm pretty sure

ok. now do this I issume?
The Log is attached.

Thanks!





Start > Run > cmd /c del /a/f/q c:\atapi.sys > ok


Start > Run > cmd /c start /min cmd /c "copy %windir%\system32\drivers\atapi.sys Desktop\*.suspect >log.txt&log.txt"
You will get "1 file(s) copied." Please close this Notepad


Start > Run > cmd /c start /min cmd /c "copy Desktop\atapi.sys %windir%\system32\drivers\atapi.sys >log.txt&log.txt"
You will get "1 file(s) copied." Please close this Notepad


Start > Run > cmd /c start /min cmd /c "copy Desktop\atapi.sys c:\atapi.sys >log.txt&log.txt"
You will get "1 file(s) copied." Please close this Notepad


Start > Run > cmd /c start /min cmd /c "dir /a c:\atapi.sys >log.txt&log.txt"
Please save the text file to be attached to a new reply

Ah huh, ..... And the rest I asked for too :rolleyes: (being really the most important part missing )

oops!

This is what you need!!

Yep that's it :grinthumb

But, Not done properly.

Please do those commands up there again (precisely )

clarify

Ok. Do I include the quote marks? " " " ? I just copied the commands from the post to the start>Run

Yes... yes you do

You do exactly as I stated

I actually copy the bold txt (and quotes) above :rolleyes: and Paste, that's a lot easier :grinthumb

Crossing fingers

I hope this is correct. I copy and pasted.

When first running combofix it "detected the presence of a rootkit activity and needs to reboot the machine"

When it rebooted, it froze. I manually rebooted, and locked up again while rebooting, and 2 nd time was a charm.

Nope It's persistent I'll say that

Lets try another option to remove this infection

Download MBR.exe and save it to your c:\ root directory, so its at c:\mbr.exe

Click on Start > Run and type in cmd and click OK.

Type in: c:\mbr.exe -f and then press the Enter key

Restart

Please provide another Combofix log as an attachment (I know, I know, but it only takes about 10 mins)

Report attached

Report attached.

Hopefully not a coincedence, but my computer seems to be running better.

It's finally gone :grinthumb

Now lets cleanup all this stuff
You can start by deleting all that "atapi" stuff on your Desktop
And deleting MBR.exe located at C:\


Un-install Combofix

• Click START then RUN
• Now type Combofix /uninstall in the runbox and click OK
• Any popup errors about Antivirus just ok or close

Note: 1 space after ComboFix in that uninstall command



Uninstall SUPERAntispyware
Start > Control Panel > Add/Remove Programs > SUPERAntispyware > Uninstall



Update Java and remove older Java versions
Run JavaRa
This will remove all your old Java stuff (that is not required)
It will also help you check for new Java updates Runtime updates
Or just go here and auto check: http://java.com/en/download/installed.jsp?detect=jre&try=1



Download and run TFC http://oldtimer.geekstogo.com/TFC.exe
Your computer may need to Restart



Clear & Reset System Restore's Cache
Go to Start >> Run - type or copy/paste control sysdm.cpl,,4 and then press Enter

• Tick on the checkbox - Turn off System Restore on all drives
• Click Apply

Turn it back 'On' by unticking the same checkbox & click Apply, and then OK


Restart, and let me know how its performing