My computer is doing really strange things lately!! When it goes into hibernation and I come back to turn it on, instead of a screen saver there is a blue screen with black bugs crawling all over it and then when i touch the mouse pad it will go back to normal...

also, getting really weird pop-ups: some are pornographic and some are like "debt saver" pages - never seen any of them before!

When i attempt to press ctrl-alt-del i get a message that says i cannot access the task manager because the administrator blocked it?? I'm pretty sure i'm the administrator on my computer and i didn't change this!

I think there is malware or spyware on here so I scanned my computer twice with SUPERAntiSpyware but the problems still persist.

WHAT CAN I DO?!?! HELP PLEASE!!! Thank you sooo much

Hello gracie_girl,

Your system does have malware infections. You need to do some preparation work and then after, make a New post in the HijackThis forum.

The main page for Trend Micro HijackThis Logs forum is
/f67-Trend_Micro_HijackThis_Logs.html

Read this first /t102301-Hijackthis_Guidelines_Read_Before_Posting.html

If you have peer-to-peer filesharing programs on this system, remove them first.
See /t204179-P2P_programs_we_ask_that_you_remove_first.html

Next, see http://wiki.castlecops.com/Malware_Removal_and_Prevention:_Overview

Get the HijackThis utility, run it as suggested, and only then, post a new thread by going to this forum
/f67-Trend_Micro_HijackThis_Logs.html

and pressing "New Topic" button, put your HJT log in there, along with all pertinent details.

NOTE: As you get this popups from rogues & malware, do not click the X button at upper right to clode the window(s).
Instead, press and HOLD the ALT key, then tap the F4 function key.
ALT+F4 is the key sequence to close a window.
Some of these rogues will get further into your system when you press the X (close) button {for 'their' message window}.

Don't do free-whelling web surfing and minimize your internet activity to basically just this forum, or the sites you are guided to by CC forum staff.

This is my standard 1st reply to malware issues, consisting of doing some cleanup and getting basic reports.

If your system is running Vista, you likely need to run the programs as Administrator. If so, you Right-click on the program icon or shortcut, select "Run As Administrator".

1. Set Windows to show all files and all folders.
Bring up Windows Explorer / Tools / Folder Options/ select VIEW Tab and look at all of settings listed.

"CHECK" (turn on) Display the contents of system folders.

Under column, Hidden files and folders----choose ( *select* ) Show hidden files and folders.
Next, un-check Hide extensions for known file types.
Next un-check Hide protected operating system files.

2. Take out the trash (temporary files & temporary internet files)
Please download ATF Cleaner by Atribune, saving it to your desktop. It is used to cleanout temporary files & temp areas used by internet browsers.

This program is for XP and Windows 2000 and Vista


• Double-click ATF-Cleaner.exe to run the program.
  
• Under Main choose: Select All
  
• Click the Empty Selected button.
  
  
• If you use Firefox browser:
  
  
  • Click Firefox at the top and choose: Select All
    
  • Click the Empty Selected button.
    
  • NOTE: If you would like to keep your saved passwords, please click No at the prompt.
  
  
• If you use Opera browser:
  
  
  • Click Opera at the top and choose: Select All
    
  • Click the Empty Selected button.
    
  • NOTE: If you would like to keep your saved passwords, please click No at the prompt.
  
  
• Click Exit on the Main menu to close the program.

• Make sure a checkmark is placed next to Update Malwarebytes' Anti-Malware and Launch Malwarebytes Anti-Malware, then click Finish.
  
• If an update is found, it will download and install the latest version.
  
• Once the program has loaded, select Perform FULL Scan, then click Scan.
  
• The scan may take some time to finish,so please be patient.
  
• When the scan is complete, click OK, then Show Results to view the results.
  
• Make sure that everything is checked, and click Remove Selected.
  
• When disinfection is completed, a log will open in Notepad and you may be prompted to Restart.(See Extra Note)
  
• The log is automatically saved by MBAM and can be viewed by clicking the Logs tab in MBAM.
  
• Copy & Paste the entire report in a new reply as soon as it has finished.

• Close all applications and windows.
  
• Double-click on dss.exe to run the application; follow the prompts.
  
• When the scan is completed, a text file named Main.txt will open. Please save this file, then close Notepad.
  
• The folder C:\Deckard also will open. This folder will contain another text file named Extra.txt. Please save this file to your desktop, too, then exit Notepad.

• the MBAM report and
  
• the contents of Main.txt and Extra.txt (from above).

Malwarebytes' Anti-Malware 1.12
Database version: 783

Scan type: Full Scan (C:\|)
Objects scanned: 96605
Time elapsed: 56 minute(s), 1 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 5
Registry Keys Infected: 11
Registry Values Infected: 6
Registry Data Items Infected: 2
Folders Infected: 0
Files Infected: 17

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
C:\WINDOWS\system32\chfvqagi.dll (Trojan.Vundo) -> Unloaded module successfully.
C:\WINDOWS\system32\ddcBRlif.dll (Trojan.Vundo) -> Unloaded module successfully.
C:\WINDOWS\system32\odmvfstw.dll (Trojan.Vundo) -> Unloaded module successfully.
C:\WINDOWS\system32\tkyuygob.dll (Trojan.Vundo) -> Unloaded module successfully.
C:\WINDOWS\system32\iprjrjxf.dll (Trojan.Vundo) -> Unloaded module successfully.

Registry Keys Infected:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{fc25fe12-39d7-4625-a95a-e895774356aa} (Trojan.Vundo) -> Delete on reboot.
HKEY_CLASSES_ROOT\CLSID\{fc25fe12-39d7-4625-a95a-e895774356aa} (Trojan.Vundo) -> Delete on reboot.
HKEY_CLASSES_ROOT\CLSID\{240a2128-acd4-4124-87af-527124caac38} (Trojan.Vundo) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{240a2128-acd4-4124-87af-527124caac38} (Trojan.Vundo) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\aoprndtws (Malware.Trace) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\Software\Microsoft\affri (Malware.Trace) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\Software\Microsoft\rdfa (Trojan.Vundo) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Software Notifier (Rogue.Multiple) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\affri (Malware.Trace) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\FCOVM (Trojan.Vundo) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\RemoveRP (Trojan.Vundo) -> Quarantined and deleted successfully.

Registry Values Infected:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\b4bda793 (Trojan.Vundo) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks\{240a2128-acd4-4124-87af-527124caac38} (Trojan.Vundo) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\Control Panel\Desktop\OriginalWallpaper (Trojan.FakeAlert) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\Control Panel\Desktop\ConvertedWallpaper (Trojan.FakeAlert) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\Control Panel\Desktop\SCRNSAVE.EXE (Trojan.FakeAlert) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run\ttool (Trojan.Agent) -> Quarantined and deleted successfully.

Registry Data Items Infected:
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\LSA\Authentication Packages (Trojan.Vundo) -> Data: c:\windows\system32\ddcbrlif -> Delete on reboot.
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\Authentication Packages (Trojan.Vundo) -> Data: c:\windows\system32\ddcbrlif -> Delete on reboot.

Folders Infected:
(No malicious items detected)

Files Infected:
C:\WINDOWS\system32\chfvqagi.dll (Trojan.Vundo) -> Delete on reboot.
C:\WINDOWS\system32\igaqvfhc.ini (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\ddcBRlif.dll (Trojan.Vundo) -> Delete on reboot.
C:\WINDOWS\system32\filRBcdd.ini (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\filRBcdd.ini2 (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\odmvfstw.dll (Trojan.Vundo) -> Delete on reboot.
C:\WINDOWS\system32\wtsfvmdo.ini (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\tkyuygob.dll (Trojan.Vundo) -> Delete on reboot.
C:\WINDOWS\system32\bogyuykt.ini (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\Documents and Settings\Gracie\Local Settings\Temporary Internet Files\Content.IE5\HAMLT3TV\hctp[1] (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\Documents and Settings\Gracie\Local Settings\Temporary Internet Files\Content.IE5\HAMLT3TV\kb456456[1] (Trojan.Vundo) -> Delete on reboot.
C:\Documents and Settings\Gracie\Local Settings\Temporary Internet Files\Content.IE5\HAMLT3TV\kb456456[2] (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{145A78D9-30F3-4441-A76F-9F54405CDEA6}\RP726\A0091612.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{145A78D9-30F3-4441-A76F-9F54405CDEA6}\RP731\A0092647.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{145A78D9-30F3-4441-A76F-9F54405CDEA6}\RP731\A0092667.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\blackster.scr (Trojan.Agent) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\iprjrjxf.dll (Trojan.Vundo) -> Delete on reboot.

MBAM shows that you have Vundo infections. Please, right away, do as requested by Prince Serendip.
De-install BitComet and Ares.
Run a new HijackThis Scan and Save.

Reply ONLY on your thread at the HIJACKTHIS forum and not anywhere else. The link to that thread is

/t222425-New_Log.html

Do NOT reply here.

I will endeavor to catch your updated HijackThis post after you have done as requested by Prince Serendip.
Cheers.