{HELP} I think this is beyond my expertise.

I've removed malware and viruses before but I think this one is a bit deeper than I've ever experienced. I've read and followed all the instructions on the sticky page and attached are the results. Let me know if I missed anything. Thanks.

After running all those scans I am still unable to access windowsupdate.microsoft.com and I got one pop window about winning somthing when I opened internet explorer... which tells me I still have some things to fix.

 

See Attached.

 

Shall I do both right away or just one then post and wait for reply to proceed to the other? I will be able to do this about 6 hours from now. Thanks.

 

Ok. Got maxlook to run... and after doing the sig command I got this error, don't know if it's related. Also attached looklog.txt. Off to do unhooker now.

 

Just ran unhooker and it said it detected a parasite in itself.:confused I've attached a pic of the error dialog. Everything else I've done has followed the instructions to a T so far and this isn't in the instructions, so I'll wait to hear back from you guys. Thanks.

 

after attempting combofix with script file... the pc is now stuck in a constant reboot loop in safe mode or normal mode. I can still log into recovery console. And I have not tried last known good configuration yet.

 

file copied successfully but didn't help. still have the reboot loop. I can see a quick flash of BSOD after the windows XP progress bar animation, but it's too fast to read the stop error.

 

Last known good does not work either. Combofix kept warning me about AVG. There didn't seem to be a way to shut AVG down so I used the system configuration utility to shut off the 3 services that I saw. rebooted and tried combofix. gave me a warning about avg. checked the avg UI and nothing was loaded nor did I see anything in the task manager. so I just continued. but then I remembered I forgot to drag the script file to start combofix. So I exited out of the combofix dos window and proceeded with the correct method of dragging the txt file onto combofix. It did it's thing and said it detect rootkit activity and needed to restart. After restart it was all over and never came back up. I have an additional hard drive in this box that I can install another windows xp on if it might help. Normally at this point I'd have given up but this media center stuff takes a lot of configuration time which is a pain.

 

oh and the unhooker program was still warning me about self infection prior to system configuration utitility change for AVG. I just cancelled

 

I'm still stuck in a reboot loop. I attempted a repair install last night only to have the same outcome. Reboot loop starts right after the windows xp logo screen. I see a stop error BSOD flash (but too quick to read) and then reboots. This happens in safe mode, last known good configuration, and normal mode. My next step when I get a chance (maybe tonight) was to see if I had a coincidental hardware failure/conflict of sorts by removing all hardware except hard drive, video card & 1 stick of memory... unless there's a better idea to try first.

 

My bad. I misunderstood chaslangs instructions there... brain dump I guess. I noticed in that link something about oem not applicable and must of just dismissed it. I should have asked...

This system is built from a system builders disk set, does the article still apply in that case?

It states "Warning Do not use the procedure that is described in this article if your computer has an OEM-installed operating system."

I'm thinking I'm still ok to try it, and that the warning is for systems like dell, gateway, etc., but wanted to make sure.

 

Well I tried the repair registry and failed. :cry did the whole replace file thing but when I tried to boot to safe mode per instructions it just goes to stop error and reboots like I achieved nothing. I did a chkdsk while in the console and it did find some errors on the drive, but it doesn't indicate that it fixes anything.

I also did some looking around as something seemed odd to me... that when I boot to my other hard drive it acts exactly the same way. Whether the other drive has a coherent installation or not, I'm not sure, I'm thinking not. So I was looking at the boot.ini file on both drives and both drives have it pointing to multi(0)disk(0)rdisk(0)partition(1). Now this was not a dual boot setup, but each drive has it's own boot.ini, so I'm not sure if this is normal or one of these should really be multi(0)disk(1)rdisk(0)partition(1). Just thinking out loud here. If this is the case, I think it would explain the current behavior. Any thoughts?

 

Guess that isn't it then. Yeah I have two drives not partitions. one is on a sata cable and the other on ide ribbon.

 

That's correct. I select which drive I want to boot to through the BIOS (MSI motherboard) boot menu and it'll go through the same loop.

 

Malware/rootkit issue morphed into hardware problem, can it get any worse? rolleyes don't answer that. Post in software for hardware issue? you sure? just checking.

Yes. I tried eliminating all hardware I could including the second ide hard drive. didn't help. even swapped single pieces of ram and made no difference. I did not try yet booting with only ide hard drive and disconnecting sata drive.

 

Well, after unhooking my sata drive. I could get into safe mode on the ide drive. but I still get the reboot loop in normal mode. Hooking the drives back up like they were I can still get into safe mode but loop on normal. I think that drive is riddled with malware too as there were a few things in the msconfig startup that I didn't recognize. I'm going to try a few things first, but I think I'm going to reinstall the OS from scratch on the ide drive after I move my tv shows off on to the sata drive... since this drive was serving as extra storage only for me. Then I will hopefully have a clean install in which can serve as a back up once I get the sata drive issues worked out. Once I've done that and am functional on the ide drive I will post to the software forum look for help in getting past the loop. If I end up with a reboot loop after a clean format and install or during it... I'm guessing I have a hardware issue somewhere.

 

Well I now have one hard drive with a clean install (SP2) that boots in all modes without error. I also did memtest for 23 passes (left it run overnight) with no errors. I haven't configured anything like internet, tv tuner cards, windows updates, antivirus, etc.

My main hard drive is still not able to boot except to recovery console. Can the main drive boot problems be diagnosed from another drive? Shall I take this to the software forum at this point now? Thanks.

 

Well now that I've rebuilt the smaller storage drive partially, I managed to get the malware again. Now I know what action is causing it and where it is coming from. Antivirus Soft is the fake scanner that pops up while disabling a bunch of stuff like task manager and such. Luckily I could boot into safe mode yet and run a system restore. I've now switched to Google Chrome with an advertising disable extension, but haven't been brave enough to go back to the computer killing web pages to see if the switch will protect me any better. 'Tis a shame as it was a great place to catch shows that my antenna missed. So anyway...

I have one more thing I think I want to try on the original problem drive to be able to boot into safe mode, but it's looking strong like I'm going to have to go through the pain of reformat/reinstalling everything. :major:crap I'll be on vacation for a bit, but will try it when I get back.

 

I've made some progress... if you can call it that. Somehow I got it to boot now to safe mode. After doing a repair install. I now get stop error 0x7e, instead of 7b. I'm going to put this in my thread in Software, but wanted to check here if there's anything we can do in safe mode at this point for malware, rootkits, etc.? Thanks.

 

Logs attached.

 

Well just wanted to follow up on this. Even though I managed to get the thing to boot and even after a repair install... there were so many things broken, I finally just bit the bullet and reformated. I'm now back in business with everything updated and configured better than before, and I'm dropping Internet explorer except for windows update, in favor of chrome and using some extensions. Still haven't been brave enough to go back to the web page that caused all this mess. I'll probably find any other way I can to get our Lost episodes we missed so that I can avoid that page.

Thanks so much for the help from everyone. I learned a lot about malware & how some things work in windows.