Hi soar3,
As there is most likely nothing else we can do for you, I am going to request that this thread be closed.
All the best,
shinybeast
Type: Posts; User: shinybeast; Keyword(s):
Hi soar3,
As there is most likely nothing else we can do for you, I am going to request that this thread be closed.
All the best,
shinybeast
That's rough.
So you cannot get into BIOS setup?
If you cannot, I would dig out the manual for the motherboard. Reset the CMOS and see what happens. It appears that the motherboard may have a 2...
Hello soar3,
Any luck?
OK.
You should definitely be able to salvage your data and program installers if you choose to format/reinstall on C:. The programs installed to D:\Program Files 2\, F:, and G: will probably have...
I asked because if you can get into BIOS setup, you can reformat and reinstall Windows. That's probably the best option at this point. The only other thing to do is diagnose the blue screen and find...
Hello soar3,
I'm sorry that the computer is in such a bad state. Did you try to uninstall while in diagnostic startup? You would need to do that after changing back to Selective or Normal startup....
OTL successfully created a restore point when you first ran it.
Did you turn off System Restore?
Also, System Restore will probably not run under diagnostic startup as the services needed for...
Nothing much there but empty folders. We can try System Restore to before the drivers were installed and OTL fix run. This may or may not fix things and could restore the infection as well. Before we...
You didn't save OTL to the desktop.
Try this.
cmd /c dir /s D:\_OTL >> "%userprofile%\Desktop\files.txt"
Hi soar3,
Try this
cmd /c dir /s C:\_OTL >> "%userprofile%\Desktop\files.txt"
OK, we can undo the OTL fix and see what that does.
Please run this command.
Copy the text in the codebox below.
dir /s C:\_OTL >> "%userprofile%\Desktop\files.txt"
Click Start, click...
OK, that looks good.
I notice you have NVIDIA ForceWare Network Access Manager installed. It is known to be buggy and cause issues. It is also unnecessary. I recommend you uninstall it and see if...
Boot.ini Check
We can check the current state of the Boot.ini file to check if it is corrupted or not as follows:
Open Notepad.
Copy and Paste everything from the Code Box below into...
Hi soar3,
See if you can stay online long enough to download TDSSKiller. Then disconnect the modem and run it. Post back with the log.
TDSSKiller
Click here to download TDSSKiller to your...
If you can get the computer to work normally with modem disconnected, I strongly suggest you back up any important data on C: drive.
I'll post again once I get some more opinions.
OK
I want to pause here and seek a second opinion before you do anything else. I do not want the situation to become worse.
In the mean time, I have some questions.
What drivers did you...
Good question.
Before I can answer, I need to confirm that link to Foxconn in my previous post is your motherboard.
...
Hi soar3,
Sorry for the strife. :sad:
Forget about the OTL fix for now. We'll get back to that after we get the computer stable.
The replaced drivers seem to be conflicting with drivers on...
Sorry, I missed the safe mode info. Is the keyboard wireless?
I need to know if the computer was rebooted at any time after installing the chipset drivers but before OTL fix. I suspect the OTL fix is not responsible and the chipset driver might be. I'll come up...
Hi soar3,
OTL
Close all other open windows, then double-click OTL.exe to start OTL
Copy all of the text in the code box below and paste it in the white area under Custom Scans/Fixes (under...
You should have a CD with drivers for your motherboard. Load it up and reinstall the chipset drivers. Then scan with OTL.
Scan with OTL
Click here to download OTL by OldTimer and save it to...
You have an infection in nvata.sys. OTL says you do not have a replacement on-board. The best thing to do is reinstall chipset drivers which can be acquired from the manufacturer of the computer (or...
Hi soar3,
Do you have or can you locate chipset drivers for your computer?
Hello soar3,
P2P Software
IMPORTANT I notice there are signs of one or more P2P (Peer to Peer) File Sharing Programs on your computer.
BitTorrent
DNA
Vuze
Hello and welcome to Safer Networking Forums
My handle is shinybeast and I will be assisting you in the removal of malware your computer may have.
Please follow these guidelines as we work to...
Hi glock19,
All you need to do is delete the TFC file. It does not install or make any changes to the computer other than deleting temp files when you run it.
Glad I could be of assistance.
...
Hi glock19,
HijackThis
Start HijackThis and select Do a system scan only.
Place a check next to the lines listed below.
O3 - Toolbar: (no name) - {472734EA-242A-422B-ADF8-83D1E48CC825} -...
Hi Glock19,
Looks good.
The two things ESET found are in ComboFix's quarantine and will be deleted when we clean up.
Uninstall Programs
Click Start, click Run...
Hi glock19,
Try ESET scan one more time after disabling McAfee as described below.
To disable McAfee SecurityCenter
Locate McAfee...
Hello glock19,
How is Internet Explorer acting otherwise? Does it crash if you use it for things other than ESET scan?
What version of McAfee Internet Security do you have?
Hi glock19,
Is the web browsing back to normal?
TFC (Temp File Cleaner)
Click here to download TFC by OldTimer and save it to your desktop.
NOTE: Save any unsaved work. TFC will close...
Hello glock19,
Download and Run ComboFix
Download Combofix by sUBs from one of these links and save it to your Desktop.
Link 1 | Link 2
**Ensure you have disabled ALL anti-virus,...
Hi billy2182,
You're welcome.
No, it will not be deleted, it will be archived here.
Hello billy2182,
OTM Cleanup
Please run OTM which should still be on your desktop
In the upper right click CleanUp!
This will delete OTM and will clean up after it.
Create a new System...
Hello and welcome to Safer Networking Forums
My handle is shinybeast and I will be assisting you in the removal of malware your computer may have.
Please follow these guidelines as we work to...
Hi billy2182,
Glad to hear it. :)
Things look pretty good.
Registry "Cleaner," "Fixer," or "Optimizer" Warning
Hello billy2182,
You're welcome. :)
Download and run OTM
Click here to download OTM by Old Timer and save it to your Desktop.
Hello and welcome to Safer Networking Forums
My handle is shinybeast and I will be assisting you in the removal of malware your computer may have.
Please follow these guidelines as we work to...
You are very welcome, mandfense. :)
Take care and surf safe.
Hi mandfense,
You are very welcome. :)
Everything looks good from here. The infection was probably being partially removed by McAfee and then being restored by the infection itself. Over and...
Hi mandfense,
As far as I can tell, if those files are not listed in McAfee Security Center there is no getting them back to what they were. So, I think it is fine to remove the atapi.sys from...
Hi mandfense,
Let's try another scan but first let's try to clean up some stuff to shorten the scan time.
Did you remove the quarantined files? If you haven't you can remove them by opening...
Hi mandfense,
I'm not sure where they came from, but I do know of a hundered MB or so you can get rid of.
You have ERUNT set to auto-backup the registry, so no doubt you have some...
Hello mandfense,
Please perform the following:
Backup Registry With ERUNT
Before we make changes to the registry, we need to back it up.
Highlight and Copy the entire command line from...
Hi mandfense,
I notice you have posted at BleepingComputer. We had the topic closed there as two helpers working on the same computer can cause confusion and problems.
OK, we will deal with...
Hello mandfense,
Please perform the following.
If you need to transfer files to the afflicted computer, download the files necessary and copy the instructions and paste them in a Notepad/Wordpad...
Hello and welcome to Safer Networking Forums
My handle is shinybeast and I will be assisting you in the removal of malware your computer may have.
Please follow these guidelines as we work to...
You are very welcome, Crymmsun.
Stay safe!
Hi Crymmsun,
I'm glad the issues seem to be gone.
Delete GMER file
Delete the randomly named GMER file from your desktop. It looks like this...