B.com, Aurora, ptf-0026.exe, Nail.exe and malware driving us crazy

We are running XP 6.0 on our HP Pavilion. Intel 4A CPU 2Kmhz 502mb DDR SDRAM. We have Norton anti virus and Zone Alarm Fire wall. I've had HJT for a while and I've been through the Read This First sticky thread and what it removes comes back almost right away. We use AOL and I could not run the two online scans in safe mode (I couldn't get the computer to recognize the modem) If I stop processes in Task manager they restart right away. some of them appear as random letters and as soon as I stop one a new one (different letters) pops up. I've folowed instructions from other threads to remove Nail.exe and it returns almost right away.
Obviously I have some deep issues and apparently I only know enough about computers to get into trouble. I can run through the RTF list again and keep better notes, just let me know what you need to see.
Oh, and Thank You Very Much.

 

Fisrt, download Nail/Bolder/Aurora Remover 0.3.3 Beta and save it to its own folder like c:\ABIremover

- Now extract the abiremover.exe file from the ZIP file into the folder you created but do not run the EXE yet.

- Reboot into Safe Mode with no network suppost and do not run anything else but what I tell you to run!

- Run the ABIRemover.exe, press install, wait (explorer window will disappear)

- When it finishes just reboot and continue with the below steps.


Please download HOSTER and then follow the below steps.

• Unzip Hoster to a convenient folder such as C:\Hoster

• Run Hoster.exe, click Restore Original Hosts and then click OK.
• Click the X to exit the program.

http://www.majorgeeks.com/images/grenade.gif Download HijackThis 1.99.1

http://www.majorgeeks.com/images/grenade.gif Unzip the hijackthis.exe file to a folder you create named C:\Program Files\HJT

http://www.majorgeeks.com/images/grenade.gif Do NOT run Hijack This from the Desktop, a temp folder, or a sub-folder of C:\Documents and Settings, or choose to run it directly from the ZIP file as your backups will not be safely stored.

http://www.majorgeeks.com/images/grenade.gifBefore running HijackThis: You must close each of the following:your web browser, e-mail client, instant messenger, and programs like notepad, wordpad, MS Word etc. And any other unnecessary running programs.

http://www.majorgeeks.com/images/grenade.gifRun HijackThis and save your log file.

http://www.majorgeeks.com/images/grenade.gif Post your log as an ATTACHMENT to your next post. (Do NOT copy/paste the log into your post as it will be removed).

http://www.majorgeeks.com/images/grenade.gifNeed help with HJT? See this thread: NO HIJACK THIS LOG FILES BEFORE READING THIS: HJT Tutorial & LOG File Posting

 

OK, followed your directions from the post. One question: your post says to run Hoster.exe, click Restore Original Hosts and then click OK. Click the X to exit the program. Which is what I did, but the instructions at the Hoster download page say to reboot in safe mode and remove fragments.
Here's the HJT log (as an attachement)
(and, by the way, as I type this I'm getting Hotbar popups)

 

You have many different infections all of which can be removed. We will have to take them one at a time. Let's get started...

Please download the following tools and utilities:

Pocket KillBox

L2MeFix Tool

Generic Detection Tool - NT/2000/XP

Qoologic Tool

RKFiles Tool

DO NOT RUN ANY OF THESE TOOLS UNLESS REQUESTED!

Please move the L2MeFix Tool to your Desktop and DoubleClick l2mfix.exe. Click the Install button to extract the files and follow the prompts, then open the newly added l2mfix Folder on your Desktop. DoubleClick l2mfix.bat and type 2 and ENTER to select option #2 for Run Fix. Then, press any key to Reboot your machine.
Your computer will go crazy for a bit, but just let it run. It should eventually spit out a log in Notepad. Please attach that log.

Please don't run any other files in the L2MFix folder.

 

OK, everything is downloaded. Ran L2MeFix. Here's the log.

 

Something didnt work right, run the L2MeFix Tool again selecting option 2 for run FIX.

 

Ran L2mfix.bat again and it acted the same: After I double clicked the .bat file it says if an internet connection is available press any key to continue. After I press the any key it says download failed, something about missing end string, then it keeps going, appearing to run the program.
After the system reboots the dos screen comes back up only to say press any key or the x to close the screen. Then I have to open the l2m folder on the desk top and open the text file to see what happened, which is what I sent to you last time (and this time).
Oops, just read the instructions in the L2M folder. There is supposed to be a file called second.bat that runs after the reboot and could take five minutes. That is not happening. I'll run L2M again and be sure to manually start seond.bat like the instructions tell me to. Then I'll send you a copy of the report.

 

Ran it again, same results. Except that this time I got away from the computer after I started second.bat and when I came back two hours later the screen saver had kicked in. When I cleared the screen saver and had to log back into the computer it said that there were two processes running. After logging in there was just the desk top, no icons or taskbar, so I opened task manager to start explorer and T.M. said there were no applications running. Here's what the dos window said when I started L2M.bat (attachment 1) and what the L2M Log file says this time(attachment 2)

 

Remove the entire tool you have now, go back to post #4, get a fresh download and follow the instructions.

 

OK, major development. I had re-downloaded L2Mfix and was in the process of getting it unstuck after the second.bat file ran. (Back to a desktop with nothing but a mouse arrow for better than 15 minutes, the text file says it might last five) when a thunderstorm rolled through Meigs County and before I could get backed out and shut down we took a couple of close lightning strikes and the power blinked on and off about half a dozen times.
After the storm blew through I started the computer back up and I can't get past the blue screen of death. This paticular one says "Unmountable Boot Sector"
I tried a number of different approaches, safe mode, safe mode w/networking, debugging..... The most I get is a couple of seconds of the splash screen, then it goes back to the blue screen.
I'm thinking this was an electrical problem (through our surge suppressor and all), but if you think it might be software related, I can try anything you want to to see if we can recover it. (I'm on my computer, which is not normally online)
If you think it's truly toast I can have someone local trry to recover the data and put it on a new hard drive.
(and it was getting better with the spyware.)

 

Do you mean "Unmountable Boot Volume" ??

If so, do you have your Windows XP CD?

 

Yes, I mean what you said, and I have an XP Professional CD.

 

I have an XP pro Cd, but when I startup the computer and press F1 to enter setup I never get the setup notification screen and pressing enter does not get me a welcome to setup screen. Pressing R at the setup screen does nothing (of course). I've entered setup and moved the CD drive to the top of the boot list, used F10 to save changes on exit and still it's like the CD is not there. When I put the CD in this computer it auto starts to a welcome to windows XP screen. Any ideas?
I'm headed back to the microsoft website to see if they've got any help.
Thanks.

 

You need to boot from the WinXP CD, Press R on the first menu to get into the Recovery Console.

Choose your install, usually #1 C:\WINDOWS

Type in chkdsk /r

This should take care of the problem, if it does not then I would recommend getting a new IDE Cable and then doing the chkdsk again from the console.

 

Starting from the Cd does not give me an "R" option on startup. It goes right to the safe mode option screen. (and "R" only beeps there) (If I press F1 I get the setup screen)
Downloaded boot floppies from Microsoft. Booting with XP SP2 boot floppies, it locks up at "Windows is inspecting your hardware configuration"
I never get to see a startup or recovery screen.
Just out of frustration I downloaded the SP1 boot floppies, it runs the first one, but during the second one I get 'cannot run ntkrnlmp.exe" error code is 7.
"are we having fun yet?"

 

Okay, before we can continue this issues needs to be resolved so I'm going to request you post this in the Software Forum.

After you get this fixed up come back here and we will continue with the Malware issues.