Something wrong with it...Not sure what the deal is..

computer was acting funny and I ran avast. said there was a virus restarted and it was still there. was going to run my system recovery cd to fix any file changes and it wouldnt accept it at a boot option. there factory cd…
ran rouge killer and its restoring now

attatchment of the remote assistance programs running- the last box down that was cutoff on the lables of each row was allowed computer-all are marked as any

What did Avast detect ?

Also do you recognise this programme

C:\Program Files (x86)\josh yime

Yeah, It’s a renamed program. I was actively running avira on the highest settings and for whatever reason it had gotten damaged/changed. The last time that I had issues of my antivirus being messed with and the man on here requested that I change the name of the programs when downloading it in case the virus was made to disable malware and virus protection. I installed avast and I believe it said that it was a win32 SwizDrop. I found the files that were associated with it and was able to use a program in Revo to pretty much blast the files away. Now I seem to not be reading it on avast anymore. I am about to do a full boot scan to double check. I also noticed my firewall has been shut off and can’t figure out how to get it back on. I added a section of my windows firewall and advenced settings with advanced security and seen that some of the remote assistance programs are running and enabled in the inbound connections settings. Is this normal?

have you tried a quick scan with Malwarebytes… make sure it is updated and attach the log when done

Malware bytes was the one that origionally caught the virus once and only when I used HBCD to run it. The renamed program was mwb. RK changed it back but i will post it in about ten min

computer will not allow me to i un installed it and reinstalled it and it is not responding

How and where did you mess up?

if i knew that i wouldnt be on here asking for help i would have done it myself…

im just going to reformat it…or atleast try it crashed and is just doing a looped startup

Good Luck Man sounds serious I am confused as you are, I always fixed things without stripping system files

Master Boot rootkit killer?

As of right now whatever it is has a dummy bios and I have no files…took me four hours and using the other comp to get USB bootable software to re enable my cd drive to try and use my restore cd and that’s not happen until I get rid of this fake bios…any pointers?

Reset the BIOS… Remove the CMOS battery and leave it out for at least 15 minutes.
Reinsert the battery and try again

No program would reformat my hard drive even boot n nuke, my system recovery cd’s or anything else I tried…So I decided to install linux mint 14 to atleast reformat it so that I could put windows 7 back on it like I have. After doing this and IMMEDIATELY downloading avast i ran a full system scan…i’m going to post the results cause unless there “false positives” which I highly doubt at this point I have ALOT of root kits in my hard drive that will not come off even with a reformat. what do I do?

Well we can work outside of windows

Is your windows 32 or 64 bit

Download the following three programmes to your desktop :

  1. WiNTBootIc

  2. Windows RC 32

  3. Farbar Recovery Scan Tool 32

  4. WiNTBootIc

  5. Windows RC 64

  6. Farbar Recovery Scan Tool 64

Extract wintoboot to your desktop
Insert a USB drive of at least 1GB
Run Wintoboot

http://dl.dropbox.com/u/73555776/wintoboot.JPG

Drag and drop the Windows 7 ISO to the programme in the space indicated
Tick the Format box and accept the warnings
Press Do It

You will see it progressing

http://dl.dropbox.com/u/73555776/usb%20progress.JPG

It will let you know when it is done
Then copy FRST to the same USB

http://dl.dropbox.com/u/73555776/frstwintoboot.JPG

Insert the USB into the sick computer and start the computer. First ensuring that the system is set to boot from USB
Note: If you are not sure how to do that follow the instructions Here

When you reboot you will see this although yours will say windows 7.
Click repair my computer

http://i1224.photobucket.com/albums/ee362/Essexboy3/RepairVista_7275.jpg

Select your operating system

http://i1224.photobucket.com/albums/ee362/Essexboy3/RepairVista_7277202.jpg

Select Command prompt

http://i1224.photobucket.com/albums/ee362/Essexboy3/RepairVista_7277.jpg

At the command prompt type the following :

notepad and press Enter.
The notepad opens. Under File menu select Open.
Select “Computer” and find your flash drive letter and close the notepad.
In the command window type e:\FRST.exe and press Enter (or FRST64.exe)
Note: Replace letter e with the drive letter of your flash drive.
The tool will start to run.

http://i1224.photobucket.com/albums/ee362/Essexboy3/Farbar/FRST2.gif

[*]When the tool opens click Yes to disclaimer.
[*]Press Scan button.
[*]It will make a log (FRST.txt) on the flash drive. Please copy and paste it to your reply.

I have 64 bit windows 7

OK use the second group of 3 programmes

1. WiNTBootIc 2. Windows RC 64 3. Farbar Recovery Scan Tool 64

When loading this program I noticed a third partition and I only had two when I installed windows 7 this morning…

This is starting to look alot like the TDL4 but I am not getting confirmation from any program saying thats what it is. I’ve had multiple trojans, the mbr was changed, the hidden partition, the hidden file systems, and that explains my looped bootup…I just don’t know anything more than that about that type of virus…

Do you mean this one ?

* Volume 1 Y System Rese NTFS Partition 100 MB Healthy
This is the recovery console that was installed from the second link..

Could you now remove the USB
Reboot the computer and immediately press and hold F8
On the menu select repair my computer
Select start up repair (you may need to do this two or three times)
Then try a normal boot