Posts by gerbil

I think the cpu would not overheat excessivelyif there was at least some contact with the heatsink... you should at least see the BIOS run before any overheating occurs, but loading windows is a little cpu intensive. Your monitor.. when you power it up but not the pc, does it self test... ie, display its name and then perhaps say something like No Signal?
The designer of Intel heatsink hold-downs should be taken out the back and dealt with severely...
You didn't knock your graphics card loose?

Heya Billy, for a start, I take NO responsibility if this method fails. You can't find me, anyway....
If it does fail, you will need a Recovery Console [diskpart is in it].
Sure you can copy them [the 3 used by XP are ntldr, ntdetect.com and boot.ini, so COPY them over, and mod that boot.ini in E:].
One other thing....it IS important.
BIOS needs to be able to find those things, and it will look in the partition marked as Active. Check in Comp Mgmnt - Disk Mgmnt; you will see that your C: is marked as (System). It is also the Active partition, but because it contains those boot files it is called System.
You can use Disk Mgmnt to mark any primary partition Active [it complains in some circumstances], but it may not let you remove that setting.
Better to use diskpart in a command window. So.. enter:
diskpart
/? will give you a list of commands. Anyway...
list disk
select disk x - where x is the disk with E: from that list
list partition
select partition y - where y is the partition with the Windows system files, E:.
active
** Your E: is now marked Active. Next we make C: not Active....
select disk p - where p is the disk with C: on it.
list partition
select partition q - where q is the C: …

Hello, snow, if you can enter Safe Mode you can use Restore to revert to a date earlier than the M$ updating.
Let's assume that you cannot, and that it is an update giving you grief. Do you have a Recovery Console installed, or on cd [eg an XP installation cd]?
Load it : If you have a SATA drive use Del to enter BIOS and change the Drive emulation to IDE [this saves performing the F6 routine]; then F8 should give you a BBS popup where you can change the boot drive to cd, type R to enter the console.
Inside your Windows enter these commands:
cd \
systemroot
dir
This will give you, among other things, a list of $ntuninstallKB.....$ folders. Identify the latest ones you installed before the failed restart.
Then cd to [each of ] those $ntuninstallKB.....$ folders in turn - when in each enter this cmd:
batch spuninst\spuninst.txt
Let it run... you will see a list of files being deleted, copied... then move to the next $ntuninstallKB.....$ folder.
Fine. Exit the RC. You have wound back the file changes made by the updates.
Try to restart. If it does, then you need to uninstall those updates fully - do this via Add/Remove pgms [check Display M$ items box]. This undoes all reg changes as well.
Good. Now restart, go into BIOS to reset your Sata drive emulation if you altered this before, …

Yes, you can revert the drive type to AHCI or RAID after installing windows, but it is not all that straightforward. You must select the right driver [a .sys file] from those on the cd and copy it into your system along with the correct .ini file, change registry entries to ensure that the .ini file is read and the driver loaded. Once you have made the correct changes you then change the BIOS setting to either AHCI or RAID. And so find out if you did it all correctly.
You have some reading to do...

I know of no way to bypass that compliance check, Bob. He either runs Setup.exe from within the original OS [eg, 98, ME], else with no OS on the hard drive he boots from the upgrade cd and inserts a complying cd for the check when it is requested.
Anything else would be cheating.

Ah, Bob.. upgrading. That works from within Windows, doesn't it...?
But if he does what I said [disconnects his E: drive with XP on it] then I think his upgrade disc will want to see his original OS [98 ?] cd at a point early in Setup. That being satisfied it should be happy to clean install XP.

Umm... does using a psx emulator to increase fps involve overclocking? That is, did your emulator overclock your cpu? It may have taken it above its stable range. Check your BIOS entries. And downclock until the thing is happy. But really, an 8200 with its 64MB of memory is not going to offer any sort of gaming experience that you would be happy with. Look, notebooks are for simple file work, not for high-end graphics. Mid and high end graphics cards suited to gaming [they must do a LOT of image processing] generate a lot of heat, and a notebook cannot cope with that. Some things just are not meant to be.

Just guessing here.... some ISPs block or severely throttle ports in certain ranges which are known to be used for file sharing . If your pgm has the option try changing the ports it uses; if not possible then chat to your ISP.
As I said... just guessing. I am totally unfamiliar with your pgm.

Hi, billy.
Next time you install Windows don't let it [Setup] see your old installation... ie. disconnect your E: hard drive first. And then it should be happy to install onto C: its boot and system files.

Oops, that last value should read C:\WINDOWS\explorer.exe
Yeah....

Um... in the currentcontrolset, session manager, KnownDLLs subkey, change the DLLDirectory value to %systemroot%
Or go to this key, HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options.
Under it add a new key, explorer.exe, and in that create a new string with name Debugger, value C:\WINDOWS\system32\winlogon.exe
Then add another new key, regedit.exe with string name Debugger, value C:\WINDOWS\system32\explorer.exe

The simplest way to fix this is, if you do indeed hook up your drive as you say, to go in and edit your boot.ini file so as to remove the /safeboot parameter from the line where it occurs [it may be /safeboot:minimal]... just delete it from the end of the line. Save the edited file over the original, and job is done. Well, that bit, anyway. There is a reason the the safeboot parameter did not work, and that is that the safe boot key in registry was altered by your malware. There are fixes for that. Ask here if you need a resolution.

This post is to help a chap who pc'd me; I put it here in full to aid others.
Nouveaunoise "hello there my name is conor i am from ireland and i have a problem with my comp. basically im an idiot and did something i knew i shouldnt have done but due to frustration i did it anyway.
basically i had bad malware + b.exe and all sorts of problems which i was unable to resolve.
this all crippled my os and would not allow me to delete any of it. it crippled my system restore (group administrator block bullshit) it also wouldnt allow me to enter safe mode (blue screen shut down), so me being an idiot i did the msconfig safeboot! BOLLOX why did i do that i shouldn have done that. u know what happened from there as you posted on this very matter a few years ago.
i had no xp cd so i made a usb bootable recovery console http://tuts4tech.net/2009/07/14/crea...overy-console/ which worked fine. the problem im having is when i enter bootcfg the options come up. but when i prompt one of them i cant access anything. example bootcfg /list = there are currently no boot entries available to display.
bootcfg /rebuild = error: failed to successfully scan disks for windows instalations. this error may be caused by corrupt file system. so i do the chkdsk the volume appears to be in good condition the thing that …

Sometimes poorly made connectors can give a minimal contact to pins... the currents involved then get to a current density int eh contact area where the temperature increase in a tiny volume of metal can be enough to cause sparking [metal burning] and welding... the resulting oxides don't help the connectivity, and so it goes. A lot of pins and connectors have a smear of gold electroplated on the pins to reduce oxide formation.. but they still require a decent conatact area between them.

Windows Memory mgmnt has it under its control. If you are looking at Task Manager, Available physical memory, and wondering why it is so big, possibly more than half your installed RAM, be assured that Windows and the processes running under it are using all the RAM they need. Available is memory that contains recently used processes and their data, ready for restart without an I/O operation to disk. Aw heck... read it here: http://support.microsoft.com/kb/312628
The Total commit Charge is the amount of memory actually being used at that moment, and it includes paged memory. You can't force Windows to use more RAM and not the page file because if you make too small a one, or none at all, Windows will quietly make one and not tell you about it.
As far as L2 cache goes, how much of it is used is up to your HAL. You know from your CPU spec sheet how much there is in the processor chip, you can see how much windows knows about from this key:

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Session Manager\Memory Management]
"SecondLevelDataCache"=dword:00000000
That is a decimal dataword, zero implies 256KB.... you can set what your CPU has, in decimal KB. HAL might have it wrong.
Mine was not detected?, was originally set to minimum, so I set it to 6144. The sys seems happy; whether it made a difference, I don't know... I mean, cache size does make a difference [http://www.tomshardware.com/reviews/cache-size-matter,1709-2.html]. Certainly other software …

Then your sys has a discrete NVIDIA graphics card [ no integrated graphics on the mb].
It may have a problem.

Ah, nice to hear, Bushoi.
Cheers.

Does your machine have a video card as well as integrated graphics on the mb? try pulling the vid card and seeing if the machine can run with the IGP.

Virut. Ah. You may have already taken the best option, then. A format and reinstall. Note that a format does not remove files, just loses them; the new OS will not see them. And vv.
Cheers, Nathan. Sometimes you do have to just give up.

"GMER NO LONGER DETECTS UACd.sys" -it won't , in Safe mode, if the rootkit is not active. But nothing stops you in Safe mode from going into system32/drivers and deleting every UAC*.sys file, every UAC*.dll and tmp*.dll or .exe file in system32, cleaning out every tmp and temp directory...
And you could dl and run this:
==Download this file to your DESKTOP: http://download.bleepingcomputer.com/sUBs/ComboFix.exe
.....or this file: http://subs.geekstogo.com/ComboFix.exe
-IMPORTANT! : disconnect from the web, turn off your Antivirus, Antispyware and Firewall for the duration of this scan. Don't forget to reset them before you go back on the web!
- to run it dclick the Combofix.exe icon and follow the prompts to start it. When finished, it will produce a log, C:\Combofix.txt - post that log in your next reply.
A word of caution - do not touch your mouse/keyboard until the scan has completed. The scan will temporarily disable your desktop, and if interrupted may leave your desktop disabled. If this occurs reboot to restore the desktop.
There is a chance that you would need to rename the combofix exe before running it. It would be nice to clean his sys so that all his files could be saved.

You just did.
Cheers.

"Do you know where MBAM downloads the database updates for checking for malware? I have a working MBAM on one computer but since the infected computer cant connect to malwarebytes.org it cant get updates.."
I am going to work on that, Nathan. The only site that has them for installation is usually a month out of date, and that is almost useless. Atm it is about 50 releases behind...
Just for my information, did you run that block of file deletions via the cmd window that I gave you earlier? Because i would like to know what broke the back of UAC..., and it did break after that post of mine. After that MBAM was able to detect the rogue files it had been hiding, plus see more of UAC.
That was a comprehensive and growing infection you had. Did you need to do anything else after the last MBAM run you posted?
Nathan, we have to be seen to be doing the right thing by software vendors. But I did notice your action.

"If we choose any of the other options (i.e. safe mode), it shows rows and rows of the same message "... Similar, but not the same... these are the names of drivers [services] and files windows is loading in safe mode. But then it broke, so no chance to use a Restor Point....
I noted caper's reply in the other post you placed here. Do that.
If that does not work, a Windows Repair [NOT a NEW installation...] most likely will. This will not normally overwrite any of your data files. But you would have to dl any updates released since your OS version.

Saying it in Latin will do the job...
EGO subsisto quod coepi procer spooler muneris. effectus ut videlicet constupro lima.

Good morning.
Installing Recovery Console is a precaution in case Combofix breaks your sys. If you have a bootable XP cd you do not need it on your hard drive- it is then just a convenience.
This one, c:\windows\OPTIONS\CABS\_desktop.ini is associated with various worms, virii. The other deletions were of SMitfraudfix files.
I see no other problems there.... you certainly threw some stuff at it.. :)
You can remove that AVG8 browser toolbar if you so wish... a space waste.
Tell me how things are, please.

It will. If it returned once.... Okay, there are files there that I cannot see, to protect and regenerate malware. I suspect a rootkit, and this tool will flush out most problems:
==Download this file to your DESKTOP: http://download.bleepingcomputer.com/sUBs/ComboFix.exe
.....or this file: http://subs.geekstogo.com/ComboFix.exe
-IMPORTANT! : disconnect from the web, turn off your Antivirus, Antispyware and Firewall for the duration of this scan. Don't forget to reset them before you go back on the web!
- to run it dclick the Combofix.exe icon and follow the prompts to start it. When finished, it will produce a log, C:\Combofix.txt - post that log in your next reply.
A word of caution - do not touch your mouse/keyboard until the scan has completed. The scan will temporarily disable your desktop, and if interrupted may leave your desktop disabled. If this occurs reboot to restore the desktop.

You could not see those values in the Services\UACD keys because a simple trick has been employed to make their values invisible to regedit. But they can be removed easily.
Nathan, as I expected.... there is another problem. Your OS is cracked with a Windows Activation bypass hack, and I am not supposed to help you further until it is removed. I do not know if you are aware of it, but it is there. It may have been there already if you bought the machine with XP preinstalled.
This is the file... I alluded to it earlier: C:\WINDOWS\system32\antiwpa.dll ...it is no big secret, so I have put it in clear for you to deal with.
Sorry, but forum rules are there to protect the forum and its owners. This file, as its name indicates, is Anti Windows Product Activation, and its SOLE use is to pervert that.

Just for the time being, Nathan, I am going to ignore one of the detections..... I may get spanked for it.
Anyway.... use GMER to delete all these entries [you must run it in Normal Mode]:
Reg HKLM\SYSTEM\ControlSet004\Services\UACd.sys@start 1
Reg HKLM\SYSTEM\ControlSet004\Services\UACd.sys@type 1
Reg HKLM\SYSTEM\ControlSet004\Services\UACd.sys@group file system
Reg HKLM\SYSTEM\ControlSet004\Services\UACd.sys@imagepath \systemroot\system32\drivers\UACppjwbfoauuwvxxwmi.sys
Reg HKLM\SYSTEM\ControlSet004\Services\UACd.sys\modules
Reg HKLM\SYSTEM\ControlSet004\Services\UACd.sys\modules@UACd \\?\globalroot\systemroot\system32\drivers\UACppjwbfoauuwvxxwmi.sys
Reg HKLM\SYSTEM\ControlSet004\Services\UACd.sys\modules@UACc \\?\globalroot\systemroot\system32\UACvkbftebfvmevcvttv.dll
Reg HKLM\SYSTEM\ControlSet004\Services\UACd.sys\modules@UACsr \\?\globalroot\systemroot\system32\UACtmuhcepbrnaesbrvv.dat
Reg HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows@AppInit_DLLs C:\WINDOWS\TEMP\141078336mxx.dll

Delete all these files. This should do it in one hit. Paste this as ONE BLOCK into a cmd window at the prompt:

(del /f /a %systemroot%\system32\drivers\UACd.sys
del /f /a %systemroot%\system32\drivers\UACppjwbfoauuwvxxwmi.sys
del /f /a %systemroot%\system32\drivers\UACppjwbfoauuwvxxwmi.sys
del /f /a %systemroot%\system32\UACvkbftebfvmevcvttv.dll
del /f /a %systemroot%\system32\UACtmuhcepbrnaesbrvv.dat
del /f /a C:\WINDOWS\TEMP\141078336mxx.dll
del /f /a C:\Documents and Settings\Chris\reader_s.exe)

Then use hijackthis to fix these entries :
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page = \blank.htm
O2 - BHO: (no name) - {D76AB2A1-00F3-42BD-F434-00BBC39C8953} - (no file)
O4 - HKUS\S-1-5-18\..\Run: [reader_s] C:\Documents and Settings\Chris\reader_s.exe (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [reader_s] C:\Documents and Settings\Chris\reader_s.exe (User 'Default user')

Say how you get on...

a quick point while I get time to look at all those. I see this in the MBAM log:
Registry Keys Infected:
HKEY_LOCAL_MACHINE\SOFTWARE\AGprotect (Malware.Trace) -> No action taken.

Files Infected:
c:\WINDOWS\system32\5.tmp (Trojan.Agent) -> No action taken.
c:\WINDOWS\system32\6.tmp (Trojan.Agent) -> No action taken.
c:\WINDOWS\system32\7.tmp (Trojan.Agent) -> No action taken.
c:\WINDOWS\system32\8.tmp (Trojan.Agent) -> No action taken.
C:\WINDOWS\system32\drivers\UACd.sys (Trojan.Agent) -> No action taken.

So, do you do THIS?:
ENSURE that EVERYTHING found has a CHECKMARK against it, then click Remove Selected.
If malware has been found [and removed] MBAM will automatically produce a log for you when it completes... do not click the Save Logfile button.
Examine the log: if some files are listed as Delete on Reboot then restart your machine before continuing.
Copy and post that log [it is also saved under Logs tab in MBAM].

If you do not, nothing changes....

Norton/ symantec. The latest product seems to be performing better in the mix. Anyway, trot along to this page and get the correct removal tool for your version of Norton - use it to completely clean out your old AV.
http://service1.symantec.com/Support/tsgeninfo.nsf/docid/2005033108162039
THEN, install your new AV. Mcafee? Ummm....
You may then need to uninstall and reinstall any third party firewall.
Your ping going thru but not any browser traffic points to the AV. An AV acts as a proxy for your browser, handling all TCP traffic. Ping.exe is ignored.

A small point to make, just a general one... but if punters put the OS into its own partition and kept all data in other partitions they would have an increased chance of recovering deleted files. Windows, left alone for 15, 20 minutes, will start to reorganise its files so that the most used are more easily accessible [it uses a file of recent usage kept in the Prefetch folder]. It may overwrite unused space... it is an "organised defragmentation".

It is pretty clear which browser he is using... " Nothing has been dl'ed or installed since the format with the exception of AVG and SpyBot."
Apart from lobbing that bomb into the ruck I have nothing to add...

Good stuff, bushoi.
You can close and open explorer.exe at will, it is nothing special. Think of it as similar to IE. Well, it doe share a lot of functions.
browseuiad.dll seemed to be a modified version of browseui.dll, which is a M$ library of functions and other resources for browser [explorer is a browser also..] user interface management.
Your malware included it so as to present its wares, but its controlling software had already been removed. When it popped it simply had nothing to present....

You're welcome.

You would need to close all browsers [well, IE uses it... not opera or firefox] and also explorer, firstly. Delete via cmd.exe :
cd\
del /f /s /q /a C:\WINDOWS\system32\browseuiad.dll
Or there is this:
==This one is a general purpose deleter, Unlocker: http://filehippo.com/download_unlocker/
Dclick the exe to install it, unchecking the updater and assistant boxes. It runs from the rclick context menu, and that is cool.
Browse to the file, rclick it, choose Unlocker, remove any hooks...[ If the file or folder is locked then a window will appear with a list of processes locking the file or folder. Select the locks and click Unlock and you are done. It is recommended to Unlock wisely and to close open processes locking files or folder if any, but if only Explorer.exe is the culprit, do not hesitate!]
...choose Delete, and delete it.
You can then restart explorer via Task Manager [File, New Task... explorer.exe]

GMER takes 1 1/2 mins to scan my systemdrive. But windows is there all by itself, no data, no pgms other than those that fight to be there; the partition is tightly controlled... so... Anyway, uncheck the Sections and IAT/EAT boxes for the scan, make sure only your systemdrive is included in the drives choice..
UAC*.sys is a rootkit driver, but having said that, there is no reason why it should not also be protecting files that regenerate it, apart from the files that do its business. Could you post a MBAM scan run in Safe mode? Likely the rootkit will not be active there.

What, me do it instead of you? I do tend to be chatty in my posts, but that is because I am human, and like to relate to some folks. Just some... we pick each other out...
Anyway, Nathan, I cannot do a generic solution for you... solutions evolve as we see what is coming up. Best start with this [and rename mbam.exe and hijackthis.exe if they will not run initially, to mybam.exe and hoistthis.exe]:
==Please download Malwarebytes' Anti-Malware
from: http://www.majorgeeks.com/Malwarebytes_Anti-Malware_d5756.html
or: http://www.besttechie.net/tools/mbam-setup.exe
=Dclick that file, mbam-setup.exe, to install the application,
-ensure that it is set to update and start, else start it via the icon, and UPDATE it.
Select "Perform QUICK Scan", then click Scan; the application will guide you through the remaining steps.
ENSURE that EVERYTHING found has a CHECKMARK against it, then click Remove Selected.
If malware has been found [and removed] MBAM will automatically produce a log for you when it completes... do not click the Save Logfile button.
Examine the log: if some files are listed as Delete on Reboot then restart your machine before continuing.
Copy and post that log [it is also saved under Logs tab in MBAM].
Then...
==download hijackthis: http://www.majorgeeks.com/download5554.html
-copy it to a new FOLDER placed either alongside your program files or on your desktop and then... rename hijackthis.exe to imabunny.exe
-in that folder start HijackThis by dclicking the …

"I am making a program that cleans your computer". I know computer types love to reinvent the wheel, spend hours of their lives doing it and then get a sense of achievment that may well be valid. but look... there is already a wonderful, free example of this wheel out there... it's simple, quick, neat.. and very configurable. I would not be without it. I take my hat off to the writer. If you have other temp files not already included in the initial configuration you can simply add them for cleaning. Your cookie files are already there. It is wise to reinstall this cleaner periodically, because it will automatically add the temp folders of new softwares such as, say, a browser you have added.
==Get CCleaner from http://www.ccleaner.com/ - and install it in a new folder. You should keep this one for general use. I set the installation checkboxes only to open from the recycle bin. It's neater that way.
Now run CCleaner from the recycle bin rclick menu using its default settings [if you set up CCleaner as i suggested, rclicking the bin icon should give you the Open CCleaner option...].
If you have FireFox open the Applications tab and ensure at least that Cookies and Cache are checked.
Select the Cleaner icon, press Run Cleaner.
Run CCleaner in any other Accounts.
[For future quick temp file cleaning select the options you wish to use via the Windows and Applications …

If you wish it to be so... yes, you can change this. Go CP > System, Advanced tab, Performance Settings button. check the [bottom] item: use visual styles on Windows buttons ...
A lot of style things will alter with this setting.

Um... always reboot after doing sys file work, because the files that are already in memory won't be affected until they are reread.
Just in case malware did this [some do, because it is a lazy way of getting your files to execute], run MBAM, It finds various of the malwares that exhibit this behaviour:
==Please download Malwarebytes' Anti-Malware
from: http://www.majorgeeks.com/Malwarebytes_Anti-Malware_d5756.html
or: http://www.besttechie.net/tools/mbam-setup.exe
=Dclick that file, mbam-setup.exe, to install the application,
-ensure that it is set to update and start, else start it via the icon, and UPDATE it.
Select "Perform QUICK Scan", then click Scan; the application will guide you through the remaining steps.
ENSURE that EVERYTHING found has a CHECKMARK against it, then click Remove Selected.
If malware has been found [and removed] MBAM will automatically produce a log for you when it completes... do not click the Save Logfile button.
Examine the log: if some files are listed as Delete on Reboot then restart your machine before continuing.
Copy and post that log [it is also saved under Logs tab in MBAM].

sfc /scannow performs as per the behaviour you noted. There is no fanfare when it closes, no logfile, it does its job and that is it. Windows File Protection system [which is what this is] takes file version information from protected files, checks for the existence of updates via the Windows\$hf_mig$ folder and then uses that info to replace any corrupted or missing files. So, no, your Windows Updates are not affected. Re the lack of cd activity, you may have a [hidden] i386 folder which is pointed to in registry as the source of valid files, while updated versions are kept iin that $hf_mig$ folder.
And yes, autorun.inf may be hidden; godspeed's del cmd will work if it is.

Okay, thanks for that report. Because browseuiad.dll is unknown and its CLSID unregistered you should do the following:
Start hijackthis, select Scan Only, place checkmarks against all the entries listed below that still exist, and then press Fix Checked.
O22 - SharedTaskScheduler: Component Categories cache daemon preloader - {3A6AC8B5-6571-476F-A050-CD9E577D07CC} - C:\WINDOWS\system32\browseuiad.dll

Then delete C:\WINDOWS\system32\browseuiad.dll
Say if the IE openings continue.

Ah. Two active AV services. One never knows how they will interact - it seems to be often badly and unpredictably. Rule is, don't use more than one.
PC Tools use a rebadged AV service, I forget which.
You would need to check AV service test reviews to judge which suits you best. I mean, their performances in actual tests, where they are put up against 100's of known viruses and other malware and their results noted. Ggogle for them. A german site has a lot of information on AV services.

Get Process Explorer from Winternals. The tool for the job. It will show you the handles and dlls used by any running process.

I should ask... does your sys [if not a lappy] have a seperate video card? Because the problem likely emanates from the video processor. If a lappy, it is likely part of the motherboard. HP. yeah..

Check to see that you have this file in your sys: c:\windows\system32\browseui.dll -report back on this.
Virus Scan:
==Please go to this web page http://virusscan.jotti.org/, click browse and submit this file for examination [use the Choose button to browse to the file]:
C:\WINDOWS\system32\browseuiad.dll

I wish to see if it is a delf variant. Whatever, this will remove it and clean the key:
==Please download Malwarebytes' Anti-Malware
from: http://www.majorgeeks.com/Malwarebytes_Anti-Malware_d5756.html
or: http://www.besttechie.net/tools/mbam-setup.exe
=Dclick that file, mbam-setup.exe, to install the application,
-ensure that it is set to update and start, else start it via the icon, and UPDATE it.
Select "Perform QUICK Scan", then click Scan; the application will guide you through the remaining steps.
ENSURE that EVERYTHING found has a CHECKMARK against it, then click Remove Selected.
If malware has been found [and removed] MBAM will automatically produce a log for you when it completes... do not click the Save Logfile button.
Examine the log: if some files are listed as Delete on Reboot then restart your machine before continuing.
Copy and post that log [it is also saved under Logs tab in MBAM].

xetwnk.... check to see if in the root of each drive there is a file called autorun.inf. If there is please drag one into a notepad, zip it and attach to your next post [use the Go Advanced button]. Then delete each autorun.inf file that you find in the root of any drive. Tell us if they stay deleted ie are not recreated, say, at a fresh startup.

Try to reinstall over the top of it... that may give you the Repair installation option, in which case you can stop there. Or it may just reinstall and correct any settings, files. Then uninstall, if it will, and reinstall again.

If it is a CRT or LCD monitor , do consider buying a new one. Cheaper...
If it is a lappy.... wait for someone in here who knows.

cd c:\
But I like cd\
Any more?