My computer automatically turn of the windows firewall, and a message always popup say's 40.tmp application error, stop working and whenever i am installing a new program like antivirus, it say's setup . exe has been change.. And m computer is slow when it is starting up, sometimes, it restarts itself and sometimes, whenever i click on an account, it's taking a long time to see the desktop, and sometimes, it is stock on the loading screen..
here is for the 40.tmp:
40.tmp- application Error
the instruction at 0x00400041 referenced memory at 0xfffffff.
the memory could not be read
click on OK to terminate the problem
click cancel to debug the problem
here is for the setup.exe
File:
c:\DOCUME~1\SiRa\LOCALS~1\Temp\RarSFX0\basic\setup.exe has been change!
Setup cannot continue?..
What the hell is this?..
PLSS HELP!..
Tell me what to do to remove this?..
Is this a virus or malware or anything?..
Tell me how to remove this?..
And here is the log of hijackthis:
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 8:05:04 AM, on 12/3/2009
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\wscntfy.exe
C:\WINDOWS\system32\Rundll32.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\av_md.exe
C:\WINDOWS\system32\cmd.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\reader_s.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\43.tmp
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\WINDOWS\fonts\services.exe
C:\Documents and Settings\SiRa\av_md.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Documents and Settings\SiRa\reader_s.exe
C:\WINDOWS\explorer.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe
O4 - HKLM\..\Run: [31068] C:\WINDOWS\system32\40.tmp.exe
O4 - HKLM\..\Run: [wgdmpc] RUNDLL32.EXE C:\WINDOWS\system32\mscowgxj.dll,w
O4 - HKLM\..\Run: [av_md] C:\WINDOWS\system32\av_md.exe
O4 - HKLM\..\Run: [reader_s] C:\WINDOWS\System32\reader_s.exe
O4 - HKLM\..\Run: [Regedit32] C:\WINDOWS\system32\regedit.exe
O4 - HKLM\..\Run: [userini] C:\WINDOWS\explorer.exe:userini.exe
O4 - HKCU\..\Run: [av_md] C:\Documents and Settings\SiRa\av_md.exe
O4 - HKCU\..\Run: [reader_s] C:\Documents and Settings\SiRa\reader_s.exe
O4 - HKLM\..\Policies\Explorer\Run: [exec] C:\WINDOWS\fonts\services.exe
O4 - HKLM\..\Policies\Explorer\Run: [userini] C:\WINDOWS\explorer.exe:userini.exe
O4 - HKUS\S-1-5-18\..\Run: [av_md] C:\Documents and Settings\SiRa\av_md.exe (User 'SYSTEM')
O4 - HKUS\S-1-5-18\..\Run: [reader_s] C:\Documents and Settings\SiRa\reader_s.exe (User 'SYSTEM')
O4 - HKUS\S-1-5-18\..\Run: [userini] C:\WINDOWS\explorer.exe:userini.exe (User 'SYSTEM')
O4 - HKUS\S-1-5-18\..\Policies\Explorer\Run: [userini] C:\WINDOWS\explorer.exe:userini.exe (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [av_md] C:\Documents and Settings\SiRa\av_md.exe (User 'Default user')
O4 - HKUS\.DEFAULT\..\Policies\Explorer\Run: [userini] C:\WINDOWS\explorer.exe:userini.exe (User 'Default user')
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
--
End of file - 3032 bytes
Please, im begging you to all sir..
Please hel me, a tool and an instruction can help me.. please!.
here is for the 40.tmp:
40.tmp- application Error
the instruction at 0x00400041 referenced memory at 0xfffffff.
the memory could not be read
click on OK to terminate the problem
click cancel to debug the problem
here is for the setup.exe
File:
c:\DOCUME~1\SiRa\LOCALS~1\Temp\RarSFX0\basic\setup.exe has been change!
Setup cannot continue?..
What the hell is this?..
PLSS HELP!..
Tell me what to do to remove this?..
Is this a virus or malware or anything?..
Tell me how to remove this?..
And here is the log of hijackthis:
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 8:05:04 AM, on 12/3/2009
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\wscntfy.exe
C:\WINDOWS\system32\Rundll32.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\av_md.exe
C:\WINDOWS\system32\cmd.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\reader_s.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\43.tmp
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\WINDOWS\fonts\services.exe
C:\Documents and Settings\SiRa\av_md.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Documents and Settings\SiRa\reader_s.exe
C:\WINDOWS\explorer.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe
O4 - HKLM\..\Run: [31068] C:\WINDOWS\system32\40.tmp.exe
O4 - HKLM\..\Run: [wgdmpc] RUNDLL32.EXE C:\WINDOWS\system32\mscowgxj.dll,w
O4 - HKLM\..\Run: [av_md] C:\WINDOWS\system32\av_md.exe
O4 - HKLM\..\Run: [reader_s] C:\WINDOWS\System32\reader_s.exe
O4 - HKLM\..\Run: [Regedit32] C:\WINDOWS\system32\regedit.exe
O4 - HKLM\..\Run: [userini] C:\WINDOWS\explorer.exe:userini.exe
O4 - HKCU\..\Run: [av_md] C:\Documents and Settings\SiRa\av_md.exe
O4 - HKCU\..\Run: [reader_s] C:\Documents and Settings\SiRa\reader_s.exe
O4 - HKLM\..\Policies\Explorer\Run: [exec] C:\WINDOWS\fonts\services.exe
O4 - HKLM\..\Policies\Explorer\Run: [userini] C:\WINDOWS\explorer.exe:userini.exe
O4 - HKUS\S-1-5-18\..\Run: [av_md] C:\Documents and Settings\SiRa\av_md.exe (User 'SYSTEM')
O4 - HKUS\S-1-5-18\..\Run: [reader_s] C:\Documents and Settings\SiRa\reader_s.exe (User 'SYSTEM')
O4 - HKUS\S-1-5-18\..\Run: [userini] C:\WINDOWS\explorer.exe:userini.exe (User 'SYSTEM')
O4 - HKUS\S-1-5-18\..\Policies\Explorer\Run: [userini] C:\WINDOWS\explorer.exe:userini.exe (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [av_md] C:\Documents and Settings\SiRa\av_md.exe (User 'Default user')
O4 - HKUS\.DEFAULT\..\Policies\Explorer\Run: [userini] C:\WINDOWS\explorer.exe:userini.exe (User 'Default user')
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
--
End of file - 3032 bytes
Please, im begging you to all sir..
Please hel me, a tool and an instruction can help me.. please!.
