[Stormy]

This machine is a mess and I am not sure how it keeps getting worse. Avast is being shut off on every reboot. Windows Update wont run. My services and tools are gone. However in every reboot to safe mode, I am running Malwarebytes and it is finding them and removing them. Sorry for mbam results. Adding OTL in reply.

I have tried a reply, a new topic and an edit, to paste my OTL and everytime I get a Internet Reset error window.

Malwarebytes' Anti-Malware 1.50.1.1100
www.malwarebytes.org

Database version: 6379

Windows 5.1.2600 Service Pack 2 (Safe Mode)
Internet Explorer 7.0.5730.13

5/2/2011 1:20:09 AM
mbam-log-2011-05-02 (01-20-09).txt

Scan type: Quick scan
Objects scanned: 231333
Time elapsed: 20 minute(s), 3 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 0
Registry Values Infected: 2
Registry Data Items Infected: 0
Folders Infected: 1
Files Infected: 7

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
(No malicious items detected)

Registry Values Infected:
HKEY_USERS\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\chxwbang (Trojan.FakeAlertRP.Gen) -> Value: chxwbang -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\{B7F7656D-1988-426B-991D-070A7CA24337} (Trojan.ZbotR.Gen) -> Value: {B7F7656D-1988-426B-991D-070A7CA24337} -> Quarantined and deleted successfully.

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
c:\documents and settings\stormy.stormys2ndlife.000\application data\Mozilla\extensions\{ec8030f7-c20a-464f-9b0e-13a3a9e97384}\[email protected] (Adware.GamesVance) -> Quarantined and deleted successfully.

Files Infected:
c:\WINDOWS\Temp\fefpqofcw\idrdlooxsik.exe (Trojan.FakeAlertRP.Gen) -> Quarantined and deleted successfully.
c:\RECYCLER\s-1-5-21-1229272821-2025429265-839522115-1004\Dc86.exe (PUP.Casino) -> Not selected for removal.
c:\WINDOWS\system32\null0.7432525234239289.exe (Trojan.FakeAlertRP.Gen) -> Quarantined and deleted successfully.
c:\WINDOWS\system32\null0.7979731198125255.exe (Trojan.FakeAlertRP.Gen) -> Quarantined and deleted successfully.
c:\WINDOWS\Temp\jar_cache208793404512239648.tmp (Trojan.FakeAlertRP.Gen) -> Quarantined and deleted successfully.
c:\WINDOWS\Temp\jar_cache2262201143431956168.tmp (Trojan.FakeAlertRP.Gen) -> Quarantined and deleted successfully.
c:\documents and settings\stormy.stormys2ndlife.000\application data\Ofapi\ipan.exe (Trojan.ZbotR.Gen) -> Quarantined and deleted successfully.

Edited by Stormy, 02 May 2011 - 08:30 PM.

[Advertisements]

I really need help guys. I can't even post my OTL log here. Don't know if this is your sites parameters blocking me or this mess of a PC. I have attached the file below.

Attached Files

•  OTL.Txt   174.71KB   131 downloads

[Stormy]

I really need help guys. I can't even post my OTL log here. Don't know if this is your sites parameters blocking me or this mess of a PC. I have attached the file below.

Attached Files

•  OTL.Txt   174.71KB   131 downloads

[Stormy]

I don't think I will be able to keep checking here for reply, everything is shutting down or disappearing by the minute. Avast which was turning itself off every time I rebooted or opened firefox, has now stopped loading completely. My firewall is off and cant be found. System restore is gone as well. I know you guys are extremely busy, can someone at least throw me a towline to keep my head above water?

I have my OTL, Malwarebytes and Hijackthis logs here, but for some reason I can't post it. It gives me an Internet reset error when I try. Also am dealing with that google re route web page thing as well. How did all this get past avast in the first place? I update it daily.

Thank you in advance.

[Stormy]

I don't think I will be able to keep checking here for reply, everything is shutting down or disappearing by the minute. Avast which was turning itself off every time I rebooted or opened firefox, has now stopped loading completely. My firewall is off and cant be found. System restore is gone as well. I know you guys are extremely busy, can someone at least throw me a towline to keep my head above water?

I have my OTL, Malwarebytes and Hijackthis logs here, but for some reason I can't post it. It gives me an Internet reset error when I try. I have attached my OTL file. Also am dealing with that google re route web page thing as well. How did all this get past avast in the first place? I update it daily.

Thank you in advance.

Attached Files

•  OTL.Txt   176.89KB   118 downloads

Edited by Stormy, 06 May 2011 - 09:20 AM.

[Salagubang]

Hi Stormy,

My name is Salagubang and welcome to the GeekstoGo.

Sorry for the delay. Are you still having problems with this computer?

[Salagubang]

Due to lack of feedback, this topic has been closed.

If you need this topic reopened, please contact a staff member. This applies only to the original topic starter. Everyone else please begin a New Topic.

[Salagubang]

Hi there Stormy,

Tell me how the computer is acting up today.

Also, I need a fresh log to look into.

Step One

• Download aswMBR.exe ( 511KB ) to your desktop.
• Double click the aswMBR.exe to run it
• Click the "Scan" button to start scan
  
  
• Click Save log button and Save the aswMBR.log to the desktop
• Post content of that log here for me

Step Two

Download OTL to your Desktop

• Double click on the icon to run it. Make sure all other windows are closed and to let it run uninterrupted.
• Click on Standard Output at the top
• Under the Extra Registry sectionm ensure that Safelist is selected
• Select All Users
• Download the following file scan.txt to your Desktop. Click here to download it. You may need to right click on it and select "Save"
• Double click inside the Custom Scan box at the bottom
• A window will appear saying "Click Ok to load a custom scan from a file or Cancel to cancel"
• Click the Ok button and navigate to the file scan.txt which we just saved to your desktop
• Select scan.txt and click Open. Writing will now appear under the Custom Scan box
• Click the
  Quick Scan
  button. Do not change any settings unless otherwise told to do so. The scan wont take long.
  
• When the scan completes, it will open two notepad windows. OTL.Txt and Extras.Txt. These are saved in the same location as OTL.
• Please copy (Edit->Select All, Edit->Copy) the contents of these files, one at a time and post them in your topic

Lastly, tell me what is the make and model of this machine.

[Stormy]

Update

I was told to run combofix from a tech on another site. I did and it found and fixed rootkit and TDL4. That over a week ago and he is gone from that site. Not knowing what to do next I started windows repair tonight and now I am running chkdsk because after it coppied the files to the windows folder and rebooted it kept looping the reboot.
I then chose recovery console and started chkdsk. It is at 69%.

[Salagubang]

Err.. no boot?

First, have you backed up all your files of importance?
2nd, were you halfway the repair install when the error occurred?.

Lets try this one.

Restart your computer with Automatic Restart on System Failure disabled

• You can do this by restarting your computer and continually tapping the F8 key until a menu appears.
  Use your up arrow key to highlight "Disable Automatic Restart on System Failure" then hit enter.

• If windows failed to boot, windows will not restart and will show a blue screen indicating the source of the error as shown in the example below
  
  
  
• Copy the technical information (as shown in the above example enclosed in red boxes) and post it on your next response.

Also, I need to know what kind of machine this we are trying to fix.

[Stormy]

I wasn't able to get it all backed up and I am sick about that. I am hoping to fix it before having to do a fresh winsows install.

Yes the repair was initiated, it then coppied the needed files, then rebooted and thats where it started the reboot loop. I chose recovery console on one of those loops. I am still in the middle of the chkdsk /r I started.

Oh wait i see it is now at the prompt waiting for a command. It said it found and fixed one or more errors. Shall I try to reboot it? Will it still be in the middle of that repair?

I can only recall it is an asus p5e 8400 cpu and intel 4

[Stormy]

You have no idea how happy I am your here now.

[Salagubang]

Yes, try to reboot and see if it continues. If it doesn't here is your instruction:

• Restart your computer
• Before Windows loads, you will be prompted to choose which Operating System to start
• Use the up and down arrow key to select Microsoft Windows Recovery Console
• You must enter which Windows installation to log onto. Type 1 and press enter.
• At the C:\Windows prompt, type the following bolded text, and press Enter:
  
  fixmbr
  
• At the next prompt type the following bolded text, and press Enter:
  
  exit

Restart the machine and hopefully it continues with the repair-install.

[Stormy]

It didn't work . It is still looping.

[Stormy]

I disabled the auto start and the blue screen is up. It says the problem is the nv4_mini.sys

I don't want to mess this up any further, so I am going to leave it with the blue screen until I hear back from you. Thank you so much for your fast response tonight.

Edited by Stormy, 27 May 2011 - 10:49 PM.

[Salagubang]

nv4_mini.sys is part of your video card driver.

Try if this will work.

Reboot your computer then press continuously press F8 to bring up the boot menu.

Select Enable VGA mode (or along that wordings) then press enter. See if it pushes through.