Anyone..how to get rid of Win32:Nerede [Drp]

As the topic. Does anyone knows how to get rid of this?

At first, i used mbam to scan, then avast window pops up. It can’t be move/rename, delete, or move to chest.

Oh the other thing, i have tried to go into safe mode for many times but it always appears in blue screen stated->
" A problem has been detected and windows has been shut down to prevent…
If this is the first time you see…
Check to be sure you have adequate disk space…
Check with your hardware vendor…
Technical information:
***STOP: 0x0000007E (0xC0000005, 0x80537009, 0xF88CD3B8, 0xF88CD0B4) "

I have little knowledge about this so i would be appreciate if someone helps and explains me in details

Thanks for your help.

search by google for the error number and you will go to microsft support
or go:::http://forum.avast.com/index.php?topic=50106.0

hey!

you can give superantispyware a try http://filehippo.com/download_superantispyware/

if that would not help then scan with hijackthis and post the result here.

good luck and write back if you get problems

Hello skyrocky,

i think you have got this by a drive by.

its kinda tedious to remove this.

i’ll ask this, http://forum.avast.com/index.php?action=profile;u=11091 , guy to help you. he is a trained guy. make sure you answer him.

nmb

thanks for the helps i’ll give a try for all ^^

but how can i contact mr.essexboy because he’s offline now

i have already pinged him. he will come and post here. take a break and come back.

nmb

oh thanks
By the way, i can’t install superantispyware. it said

“The Windows Installer Service could not be accessed.
This can occured if you are running windows in safe mode,
or if the Winndows Installer is not correctly installed.
Contact your support personnel for assistance.”

What does it mean??

To ensure that I get all the information this log will need to be uploaded to Mediafire and post the sharing link.

Download OTL to your Desktop

[]Double click on the icon to run it. Make sure all other windows are closed and to let it run uninterrupted.
[
]Under the Custom Scan box paste this in

netsvcs
%SYSTEMDRIVE%*.exe
%systemroot%\system32\eventlog.dll
%systemroot%\system32\scecli.dll
%systemroot%\netlogon.dll
%systemroot%\system32\cngaudit.dll
%systemroot%\system32\sceclt.dll
%systemroot%\ntelogon.dll
%systemroot%\system32\logevent.dll
%systemroot%\system32\drivers\iaStor.sys
%systemroot%\System32\drivers\nvstor.sys
%systemroot%\system32\drivers\atapi.sys
%systemroot%\system32\drivers\IdeChnDr.sys

[*]Click the Quick Scan button. Do not change any settings unless otherwise told to do so. The scan wont take long.

[*]When the scan completes, it will open two notepad windows. OTL.Txt and Extras.Txt. These are saved in the same location as OTL.

hey Mr.Essexboy, I’ve done what you suggested and here’s the link to OTL and Extras…

http://www.mediafire.com/?zwmzmejdjry
http://www.mediafire.com/?juezmzo3t4z

I don’t know why sometimes when i press safe mode it appears blue screen stated that

" A problem has been detected…
PAGE_FAULT_IN_NONPAGED_AREA
Check to make sure any new hardware or software is properly installed.
.
.
***STOP 0x00000050 (0xC0B7CA94, 0x00000001, 0x80537009, 0x00000002) "

But most of the times it appears

" A problem has been detected and windows has been shut down to prevent…
If this is the first time you see…
Check to be sure you have adequate disk space…
Check with your hardware vendor…
Technical information:
***STOP: 0x0000007E (0xC0000005, 0x80537009, 0xF88CD3B8, 0xF88CD0B4) "

Bear with me for a bit I have just installed 7 and need to get my tools across ;D

no problem! i gotta go to sleep now too ;D
will check again tomorrow

thanks a lot for the help!!

During this run all processes will be stopped so you will lose your taskbar

Run OTL.exe

[*]Under the Custom Scans/Fixes box at the bottom, paste in the following

:OTL
O33 - MountPoints2\{6bd981d0-7a84-11db-bda9-0016ecb6a45a}\Shell\Auto\command - "" = E:\RavMonE.exe -- File not found
O33 - MountPoints2\{6bd981d0-7a84-11db-bda9-0016ecb6a45a}\Shell\AutoRun - "" = Auto&Play
O33 - MountPoints2\{a4bfde16-f040-11dd-bf92-0016ecb6a45a}\Shell\AutoRun\command - "" = E:\xdxbkd.exe -- File not found
O33 - MountPoints2\{a4bfde16-f040-11dd-bf92-0016ecb6a45a}\Shell\explore\Command - "" = E:\xdxbkd.exe -- File not found
O33 - MountPoints2\{a4bfde16-f040-11dd-bf92-0016ecb6a45a}\Shell\open\Command - "" = E:\xdxbkd.exe -- File not found
O33 - MountPoints2\{ab457e4e-ce4f-11dc-bec9-0016ecb6a45a}\Shell - "" = AutoRun
O33 - MountPoints2\{ab457e4e-ce4f-11dc-bec9-0016ecb6a45a}\Shell\AutoRun - "" = Auto&Play
O33 - MountPoints2\{eb1639f6-b3a4-11dd-bf74-0016ecb6a45a}\Shell\AutoRun\command - "" = mranjm.exe
O33 - MountPoints2\{eb1639f6-b3a4-11dd-bf74-0016ecb6a45a}\Shell\open\Command - "" = mranjm.exe
O33 - MountPoints2\{f9634e2d-7891-11db-bd9d-0016ecb6a45a}\Shell - "" = AutoRun
O33 - MountPoints2\{f9634e2d-7891-11db-bd9d-0016ecb6a45a}\Shell\1\Command - "" = J:\.\RECYCLER\RECYCLER\autorun.exe -- File not found
O33 - MountPoints2\{f9634e2d-7891-11db-bd9d-0016ecb6a45a}\Shell\2\Command - "" = J:\.\RECYCLER\RECYCLER\autorun.exe -- File not found
O33 - MountPoints2\{f9634e2d-7891-11db-bd9d-0016ecb6a45a}\Shell\AutoRun - "" = Auto&Play

:Commands
[purity]
[emptytemp]

[*]Then click the Run Fix button at the top
[*]Let the program run unhindered, reboot when it is done
[*]Then post a new OTL log ( don’t check the boxes beside LOP Check or Purity this time )

THEN

Download Combofix from the link below. You must rename it before saving rename it to Gotcha before saving it to your desktop.

Link 1

==================================

http://www.hdrcgb.org.uk/g2g/Cfix_Gotcha.exe.jpg

Double click on the renamed ComboFix.exe & follow the prompts.

When finished, it will produce a report for you.
[*]Please post the C:\ComboFix.txt so we can continue cleaning the system.

Hi, Mr.Essexboy, i ran OTL.exe and copied the code into Custom Scans/Fixes box then click Run Fix (without ticking on LOP and Purity Check) im not sure…am i right??

The program showed the error message and it’s stuck left only with “[emptytemp]” in the Custom Scans/Fixes box. So, I pressed Run Fix again and the program said it finished and need to reboot now

After reboot i got this text
" All processes killed
Error: Unable to interpret <[emptytemp]> in the current context!

OTL by OldTimer - Version 3.0.22.1 log created on 10242009_120728

Files\Folders moved on Reboot…

Registry entries deleted on Reboot… "

Please tell me if i did wrong in some methods :-\

Another thing, i don’t understand the statement “Then post a new OTL log ( don’t check the boxes beside LOP Check or Purity this time )”

Sorry for the question. I don’t have much knowledge about this.

Thank you for your answer… :slight_smile:

No problem there - it does hang sometimes (rare, but it does)

If you could run the renamed Combofix now that will get the difficult ones ;D

้haha i can’t run the renamed Combofix ???
what’s wrong with this???
Should i click yes or no? :-\

Can you run combofix from safe mode ?

Hey mr.essexboy, i will not be available for 10 days because im at university now not at home.
But the difficult thing is that i can’t run safe mode after pressing F8 and choosing safemode.

Im not sure to go to Start->Run->msconfig and tick SAFEBOOT in BOOT.INI column becuase someone said it might not be able to go run Windows again.
Am i correct?

Thanks for your suggestion

Im not sure to go to Start->Run->msconfig and tick SAFEBOOT in BOOT.INI column becuase someone said it might not be able to go run Windows again. Am i correct?
Do not do this or you will end in a boot loop - it is the worst thing you could do

What yes or no were you refering to ?

Send me a PM when you are ready to start again