WiredWX Hobby Weather ToolsLog in

 


Failed OTL Scan

2 posters

descriptionFailed OTL Scan - Page 2 EmptyRe: Failed OTL Scan

more_horiz
After combofix completed and my computer rebooted, my desktop reloaded incomplete, my background had been changed, and all my desktop shortcuts removed. When the computer boots up, it tries to load the windows repair mode, but it brings up a login screen and doesn't recognize my user name or password, and refers to both as failed domains. Any suggestions?

descriptionFailed OTL Scan - Page 2 EmptyRe: Failed OTL Scan

more_horiz
Hello.
We'll worry about the Desktop soon, first there is more malware that has to go.


  1. Close any open browsers.
  2. Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.
  3. Open notepad and copy/paste the text in the quotebox below into it:

    Code:


    Folder::
    c:\users\NightSpawn\AppData\Roaming\A1939
    c:\users\NightSpawn\AppData\Roaming\106A1

    FileLook::
    c:\windows\system32\drivers\tcpip.sys
    c:\program files\Common Files\System\wab32.dll

    DirLook::
    C:\e

    DDS::
    uInternet Settings,ProxyOverride = *.local
    uInternet Settings,ProxyServer = http=127.0.0.1:63899

  4. Save this as CFScript.txt, in the same location as ComboFix.exe

    Failed OTL Scan - Page 2 Cfscriptb4i

  5. Referring to the picture above, drag CFScript into ComboFix.exe
  6. When finished, it shall produce a log for you at C:\ComboFix.txt
  7. Please post the contents of the log in your next reply.

descriptionFailed OTL Scan - Page 2 EmptyRe: Failed OTL Scan

more_horiz
ComboFix 11-11-16.01 - NightSpawn 11/16/2011 18:33:05.2.2 - x86
Microsoft® Windows Vista™ Home Premium 6.0.6002.2.1252.1.1033.18.3581.2452 [GMT -5:00]
Running from: c:\users\NightSpawn\Desktop\ComboFix.exe
Command switches used :: c:\users\NightSpawn\Desktop\CFScript.txt
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
* Resident AV is active
.
.
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\programdata\dYIajiwXVoeuA.exe
c:\programdata\oVGuSZrJARtdIO.exe
c:\users\NightSpawn\AppData\Roaming\106A1
c:\users\NightSpawn\AppData\Roaming\106A1\1939.06A
c:\users\NightSpawn\AppData\Roaming\106A1\DE94C.exe
c:\users\NightSpawn\AppData\Roaming\A1939
c:\users\NightSpawn\AppData\Roaming\A1939\lvvm.exe
c:\users\NightSpawn\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\System Fix.lnk
c:\users\NightSpawn\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\System Fix
c:\users\NightSpawn\Desktop\System Fix.lnk
.
.
((((((((((((((((((((((((( Files Created from 2011-10-17 to 2011-11-17 )))))))))))))))))))))))))))))))
.
.
2011-11-17 00:11 . 2011-11-17 00:12 -------- d-----w- c:\users\NightSpawn\AppData\Local\temp
2011-11-17 00:11 . 2011-11-17 00:11 -------- d-----w- c:\windows\system32\config\systemprofile\AppData\Local\temp
2011-11-17 00:11 . 2011-11-17 00:11 -------- d-----w- c:\users\Default\AppData\Local\temp
2011-11-14 05:55 . 2011-11-14 05:55 98816 ---ha-w- c:\users\NightSpawn\AppData\Roaming\Microsoft\4CE1\437E.tmp
2011-11-14 05:53 . 2011-11-14 05:53 -------- d-----w- C:\_OTL
2011-11-12 08:01 . 2011-11-12 08:01 -------- d-----w- c:\windows\CheckSur
2011-11-11 17:11 . 2011-09-20 21:02 905088 ----a-w- c:\windows\system32\drivers\tcpip.sys
2011-11-11 17:09 . 2011-09-30 15:57 707584 ---ha-w- c:\program files\Common Files\System\wab32.dll
2011-11-10 16:16 . 2011-11-10 16:16 -------- d-----w- C:\e
2011-11-09 04:29 . 2011-11-09 04:29 -------- d-----w- c:\users\NightSpawn\AppData\Local\ElevatedDiagnostics
2011-11-08 17:21 . 2011-11-08 18:06 -------- d--h--w- c:\program files\GridinSoft Trojan Killer
2011-10-28 03:38 . 2011-10-30 17:41 -------- d--h--w- c:\programdata\AVAST Software
2011-10-28 02:51 . 2011-10-28 02:51 -------- d--h--w- c:\program files\ESET
2011-10-26 04:55 . 2011-10-30 17:45 -------- d--h--w- c:\programdata\STOPzilla!
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2011-11-13 22:28 . 2011-08-22 16:30 414368 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
.
.
(((((((((((((((((((((((((((((((((((((((((((( Look )))))))))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
--- c:\program files\Common Files\System\wab32.dll ---
Company: Microsoft Corporation
File Description: Microsoft (R) Contacts DLL
File Version: 6.0.6002.18521 (vistasp2_gdr.110930-0337)
Product Name: Microsoft® Windows® Operating System
Copyright: © Microsoft Corporation. All rights reserved.
Original Filename: WAB32.DLL
File size: 707584
Created time: 2011-11-11 17:09
Modified time: 2011-09-30 15:57
MD5: F101C848A95FDC6474A66A9D395EAAEB
SHA1: 38EE5E6D0237B99CD368E4C7451DA6BEFB7D2176
.
.
--- c:\windows\system32\drivers\tcpip.sys ---
Company: Microsoft Corporation
File Description: TCP/IP Driver
File Version: 6.0.6002.18519 (vistasp2_gdr.110920-0346)
Product Name: Microsoft® Windows® Operating System
Copyright: © Microsoft Corporation. All rights reserved.
Original Filename: tcpip.sys
File size: 905088
Created time: 2011-11-11 17:11
Modified time: 2011-09-20 21:02
MD5: 814A1C66FBD4E1B310A517221F1456BF
SHA1: 5F7B2C07950E57D30C48C84AE37CB39F6D0298A4
.
---- Directory of C:\e ----
.
2011-11-10 16:16 . 2011-11-10 16:16 163 ---ha-w- c:\e\ecap_s0.png
2011-11-10 16:16 . 2011-11-10 16:16 666 ---ha-w- c:\e\sset_02_s1.png
2011-11-10 16:16 . 2011-11-10 16:16 161 ---ha-w- c:\e\add_grp.png
2011-11-10 16:16 . 2011-11-10 16:16 139 ---ha-w- c:\e\ecap_s1_h.png
2011-11-10 16:16 . 2011-11-10 16:16 168 ---ha-w- c:\e\ecap_s1.png
2011-11-10 16:16 . 2011-11-10 16:16 140 ---ha-w- c:\e\ecap_s0_h.png
2011-11-10 16:16 . 2011-11-10 16:16 194 ---ha-w- c:\e\add_grp_h.png
2011-11-10 16:16 . 2011-11-10 16:16 598 ---ha-w- c:\e\sset_02_s0.png
2011-11-10 16:16 . 2011-11-10 16:16 425 ---ha-w- c:\e\ybang_200908276_h.png
2011-11-10 16:16 . 2011-11-10 16:16 768 ---ha-w- c:\e\ebay27_spc.png
.
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\URLSearchHooks]
"{81017EA9-9AA8-4A6A-9734-7AF40E7D593F}"= "c:\program files\Yahoo!\Companion\Installs\cpn1\YTNavAssist.dll" [2011-01-21 213816]
.
[HKEY_CLASSES_ROOT\clsid\{81017ea9-9aa8-4a6a-9734-7af40e7d593f}]
[HKEY_CLASSES_ROOT\YTNavAssist.YTNavAssistPlugin.1]
[HKEY_CLASSES_ROOT\TypeLib\{A31F34A1-EBD2-45A2-BF6D-231C1B987CC8}]
[HKEY_CLASSES_ROOT\YTNavAssist.YTNavAssistPlugin]
.
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{0095C290-A428-4BDD-B98C-E0A116F1C702}]
2011-06-09 04:11 682496 ---ha-w- c:\program files\Shop to Win 9\ShoppingBHO.dll
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"WindowsWelcomeCenter"="oobefldr.dll" [2009-04-11 2153472]
"DellAutomatedPCTuneUp"="c:\program files\DellAutomatedPCTuneUp\PTAgnt.exe" [2007-10-11 465136]
"Messenger (Yahoo!)"="c:\progra~1\Yahoo!\Messenger\YahooMessenger.exe" [2010-06-01 5252408]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ECenter"="c:\dell\E-Center\EULALauncher.exe" [2008-02-29 17920]
"Apoint"="c:\program files\DellTPad\Apoint.exe" [2007-09-24 159744]
"OEM02Mon.exe"="c:\windows\OEM02Mon.exe" [2007-12-03 36864]
"NvSvc"="c:\windows\system32\nvsvc.dll" [2007-06-25 86016]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2007-06-25 8433664]
"NvMediaCenter"="c:\windows\system32\NvMcTray.dll" [2007-06-25 81920]
"NVHotkey"="c:\windows\system32\nvHotkey.dll" [2007-06-25 67584]
"VolPanel"="c:\program files\Creative\SBAudigy\Volume Panel\VolPanlu.exe" [2006-11-27 180224]
"UpdReg"="c:\windows\UpdReg.EXE" [2000-05-11 90112]
"DELL Webcam Manager"="c:\program files\Dell\Dell Webcam Manager\DellWMgr.exe" [2007-07-27 118784]
"Broadcom Wireless Manager UI"="c:\windows\system32\WLTRAY.exe" [2008-05-19 3444736]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2007-05-11 40048]
"mcagent_exe"="c:\program files\McAfee.com\Agent\mcagent.exe" [2007-11-02 582992]
"dscactivate"="c:\program files\Dell Support Center\gs_agent\custom\dsca.exe" [2008-03-11 16384]
"PCMService"="c:\program files\Dell\MediaDirect\PCMService.exe" [2007-12-21 184320]
"SigmatelSysTrayApp"="c:\program files\SigmaTel\C-Major Audio\WDM\sttray.exe" [2008-01-02 405504]
"QuickTime Task"="c:\program files\QuickTime\QTTask.exe" [2010-11-29 421888]
"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2011-01-25 421160]
"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2010-10-29 249064]
"MRT"="c:\windows\system32\MRT.exe" [2011-10-28 50295240]
.
c:\users\NightSpawn\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
CurseClientStartup.ccip [2010-9-3 0]
.
c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
Bluetooth.lnk - [N/A]
Digital Line Detect.lnk - c:\program files\Digital Line Detect\DLG.exe [2008-6-23 50688]
QuickSet.lnk - [N/A]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"EnableUIADesktopToggle"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\GoToAssist]
2008-06-23 17:43 10536 ---ha-w- c:\program files\Citrix\GoToAssist\514\g2awinlogon.dll
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\mcmscsvc]
@=""
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MCODS]
@=""
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys]
@="Driver"
.
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Svc\S-1-5-21-143357251-2404659723-3031534349-1001]
"EnableNotificationsRef"=dword:00000001
.
R2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384]
R3 WPFFontCache_v0400;Windows Presentation Foundation Font Cache 4.0.0.0;c:\windows\Microsoft.NET\Framework\v4.0.30319\WPF\WPFFontCache_v0400.exe [2010-03-18 753504]
S2 AESTFilters;Andrea ST Filters Service;c:\windows\system32\aestsrv.exe [2008-01-02 73728]
S2 RosettaStoneDaemon;RosettaStoneDaemon;c:\program files\RosettaStoneLtdServices\RosettaStoneDaemon.exe [2011-04-15 1646056]
.
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
bthsvcs REG_MULTI_SZ BthServ
LocalServiceAndNoImpersonation REG_MULTI_SZ FontCache
.
Contents of the 'Scheduled Tasks' folder
.
2011-11-15 c:\windows\Tasks\McDefragTask.job
- c:\progra~1\mcafee\mqc\QcConsol.exe [2008-06-23 18:32]
.
2011-07-01 c:\windows\Tasks\McQcTask.job
- c:\progra~1\mcafee\mqc\QcConsol.exe [2008-06-23 18:32]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.yahoo.com/
IE: Send image to &Bluetooth Device... - c:\program files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm
IE: Send page to &Bluetooth Device... - c:\program files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
TCP: DhcpNameServer = 192.168.1.1
.
Supplementary scan did not complete!
.
- - - - ORPHANS REMOVED - - - -
.
HKCU-Run-dYIajiwXVoeuA.exe - c:\programdata\dYIajiwXVoeuA.exe
.
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2011-11-16 19:12
Windows 6.0.6002 Service Pack 2 NTFS
.
scanning hidden processes ...
.
scanning hidden autostart entries ...
.
scanning hidden files ...
.
scan completed successfully
hidden files: 0
.
**************************************************************************
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
Completion time: 2011-11-16 19:30:53
ComboFix-quarantined-files.txt 2011-11-17 00:30
ComboFix2.txt 2011-11-15 19:53
.
Pre-Run: 183,169,159,168 bytes free
Post-Run: 182,763,372,544 bytes free
.
- - End Of File - - B977B3287C1D8BED00AA6B9590C4B0FA

descriptionFailed OTL Scan - Page 2 EmptyRe: Failed OTL Scan

more_horiz
Ok, the privacy protection thing is back, and it is preventing the use of Rkill or the other decoy Rkill(s). It's telling me everything I attempt to run is infected by W/32 Blaster worm, and it preventing anything from running. Also, I'm noticing that I'm hearing audio for stuff, and I have nothing open or running at the time. Its kind of unnerving. It'll run for a bit, and then cut out. Any suggestions? Thanks much in advance.

descriptionFailed OTL Scan - Page 2 EmptyRe: Failed OTL Scan

more_horiz
Bump.

descriptionFailed OTL Scan - Page 2 EmptyRe: Failed OTL Scan

more_horiz
Bump.

descriptionFailed OTL Scan - Page 2 EmptyRe: Failed OTL Scan

more_horiz
Bump.

descriptionFailed OTL Scan - Page 2 EmptyRe: Failed OTL Scan

more_horiz
Sorry for the delay, been busy.

Run ESET Online Scan
Please do an online scan with ESET Online Scanner. Please use Internet Explorer as it uses ActiveX.

  • Check (tick) this box: YES, I accept the Terms of Use.
  • Click on the Start button next to it.
  • When prompted to run ActiveX. click Yes.
  • You will be asked to install an ActiveX. Click Install.
  • Once installed, the scanner will be initialized.
  • After the scanner is initialized, click Start.
  • Check (tick) Remove found threats box.
  • Check (tick) Scan unwanted applications.
  • Click on Scan.
  • It will start scanning. Please be patient.
  • Once the scan is done, the log will be saved here: C:\Program Files\esetonlinescanner\log.txt.

descriptionFailed OTL Scan - Page 2 EmptyRe: Failed OTL Scan

more_horiz
First of all, Happy Thanksgiving. Secondly, no worries, I understand the busy thing, and I still appreciate all your help. Just want you to know that. Had to run RKill again: Here's the log:

This log file is located at C:\rkill.log.
Please post this only if requested to by the person helping you.
Otherwise you can close this log when you wish.

Rkill was run on 11/24/2011 at 22:53:51.
Operating System: Windows Vista (TM) Home Premium


Processes terminated by Rkill or while it was running:

C:\PROGRA~1\McAfee\VIRUSS~1\mcshield.exe
C:\Users\NightSpawn\Desktop\eXplorer.exe


--- ATTENTION ---

Windows was configured to use a proxy! Proxy settings have been removed.

The Proxy Server that was configured is: http=127.0.0.1:55778

If this was a valid setting, please double-click on the rk-proxy.reg file on your desktop and allow the data to be merged to restore your proxy settings.


Rkill completed on 11/24/2011 at 22:55:06.


I will complete the Eset scan and post the log shortly.

descriptionFailed OTL Scan - Page 2 EmptyRe: Failed OTL Scan

more_horiz
ESETSmartInstaller@High as CAB hook log:
OnlineScanner.ocx - registred OK
# version=7
# iexplore.exe=8.00.6001.18702 (longhorn_ie8_rtm(wmbla).090308-0339)
# OnlineScanner.ocx=1.0.0.6583
# api_version=3.0.2
# EOSSerial=8d7ce07f8896d246a98b4e6e5797e011
# end=finished
# remove_checked=true
# archives_checked=true
# unwanted_checked=true
# unsafe_checked=true
# antistealth_checked=true
# utc_time=2011-11-25 05:45:59
# local_time=2011-11-25 12:45:59 (-0500, Eastern Standard Time)
# country="United States"
# lang=1033
# osver=6.0.6002 NT Service Pack 2
# compatibility_mode=5121 16776574 100 96 1315356 135977840 0 0
# compatibility_mode=5892 16776638 100 95 1315320 158803466 0 0
# compatibility_mode=8192 67108863 100 0 1504039 1504039 0 0
# scanned=138211
# found=37
# cleaned=35
# scan_time=4021
C:\Program Files\A1939\lvvm.exe a variant of Win32/Kryptik.VZB trojan (cleaned by deleting - quarantined) 00000000000000000000000000000000 C
C:\Program Files\LP\4CE1\47DA.tmp a variant of Win32/Kryptik.VZB trojan (cleaned by deleting - quarantined) 00000000000000000000000000000000 C
C:\Program Files\LP\4CE1\FE1.exe Win32/Cycbot.AK trojan (cleaned by deleting (after the next restart) - quarantined) 00000000000000000000000000000000 C
C:\Qoobox\Quarantine\C\Program Files\LP\4CE1\FE1.exe.vir Win32/Cycbot.AF trojan (cleaned by deleting - quarantined) 00000000000000000000000000000000 C
C:\Qoobox\Quarantine\C\ProgramData\dYIajiwXVoeuA.exe.vir a variant of Win32/Kryptik.VNX trojan (cleaned by deleting - quarantined) 00000000000000000000000000000000 C
C:\Qoobox\Quarantine\C\ProgramData\oVGuSZrJARtdIO.exe.vir a variant of Win32/Kryptik.VNX trojan (cleaned by deleting - quarantined) 00000000000000000000000000000000 C
C:\Qoobox\Quarantine\C\Users\NightSpawn\AppData\Roaming\iexplore.exe.vir Win32/Cycbot.AF trojan (cleaned by deleting - quarantined) 00000000000000000000000000000000 C
C:\Qoobox\Quarantine\C\Users\NightSpawn\AppData\Roaming\106A1\DE94C.exe.vir a variant of Win32/Kryptik.VJK trojan (cleaned by deleting - quarantined) 00000000000000000000000000000000 C
C:\Qoobox\Quarantine\C\Users\NightSpawn\AppData\Roaming\A1939\lvvm.exe.vir a variant of Win32/Kryptik.VJK trojan (cleaned by deleting - quarantined) 00000000000000000000000000000000 C
C:\Qoobox\Quarantine\C\Users\NightSpawn\AppData\Roaming\Microsoft\4CE1\FE1.exe.vir Win32/Cycbot.AF trojan (cleaned by deleting - quarantined) 00000000000000000000000000000000 C
C:\Qoobox\Quarantine\C\Windows\System32\config\systemprofile\AppData\Local\6Nxsyk.com.vir a variant of Win32/Kryptik.UYJ trojan (cleaned by deleting - quarantined) 00000000000000000000000000000000 C
C:\Qoobox\Quarantine\C\Windows\System32\config\systemprofile\AppData\Local\3beeaf5f\X.vir Win32/Sirefef.DD trojan (cleaned by deleting - quarantined) 00000000000000000000000000000000 C
C:\Users\NightSpawn\AppData\Local\temp\0.6396809879420475.exe a variant of Win32/Kryptik.VTC trojan (cleaned by deleting - quarantined) 00000000000000000000000000000000 C
C:\Users\NightSpawn\AppData\Local\temp\51C1.tmp a variant of Win32/Kryptik.VQQ trojan (cleaned by deleting - quarantined) 00000000000000000000000000000000 C
C:\Users\NightSpawn\AppData\Local\temp\6D60.tmp a variant of Win32/Kryptik.VTC trojan (cleaned by deleting - quarantined) 00000000000000000000000000000000 C
C:\Users\NightSpawn\AppData\Local\temp\76B4.tmp a variant of Win32/Kryptik.VTC trojan (cleaned by deleting - quarantined) 00000000000000000000000000000000 C
C:\Users\NightSpawn\AppData\Local\temp\BB47.tmp a variant of Win32/Kryptik.VTC trojan (cleaned by deleting - quarantined) 00000000000000000000000000000000 C
C:\Users\NightSpawn\AppData\Local\temp\dwme.exe Win32/Cycbot.AK trojan (cleaned by deleting - quarantined) 00000000000000000000000000000000 C
C:\Users\NightSpawn\AppData\Local\temp\NOD29D4.tmp Win32/Cycbot.AK trojan (cleaned by deleting - quarantined) 00000000000000000000000000000000 C
C:\Users\NightSpawn\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\17\1964f251-7e3fd774 Java/Agent.DW trojan (deleted - quarantined) 00000000000000000000000000000000 C
C:\Users\NightSpawn\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\2\7e8a6802-2b58c59a a variant of Win32/Kryptik.UOE trojan (cleaned by deleting - quarantined) 00000000000000000000000000000000 C
C:\Users\NightSpawn\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\24\6555fc58-2d70cb0a a variant of Win32/Kryptik.VRM trojan (cleaned by deleting - quarantined) 00000000000000000000000000000000 C
C:\Users\NightSpawn\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\25\1589f399-2bfe2e94 a variant of Win32/Kryptik.UOE trojan (cleaned by deleting - quarantined) 00000000000000000000000000000000 C
C:\Users\NightSpawn\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\47\2dc8efef-4bd781c5 a variant of Java/TrojanDownloader.OpenStream.NCM trojan (deleted - quarantined) 00000000000000000000000000000000 C
C:\Users\NightSpawn\AppData\Roaming\6EB7.tmp a variant of Win32/Kryptik.VQQ trojan (cleaned by deleting - quarantined) 00000000000000000000000000000000 C
C:\Users\NightSpawn\AppData\Roaming\BBA5.tmp a variant of Win32/Kryptik.VTC trojan (cleaned by deleting - quarantined) 00000000000000000000000000000000 C
C:\Users\NightSpawn\AppData\Roaming\dwme.exe Win32/Cycbot.AK trojan (cleaned by deleting - quarantined) 00000000000000000000000000000000 C
C:\Users\NightSpawn\AppData\Roaming\iexplore.exe Win32/Cycbot.AK trojan (cleaned by deleting - quarantined) 00000000000000000000000000000000 C
C:\Users\NightSpawn\AppData\Roaming\java.exe Win32/Cycbot.AK trojan (cleaned by deleting - quarantined) 00000000000000000000000000000000 C
C:\Users\NightSpawn\AppData\Roaming\106A1\DE94C.exe a variant of Win32/Kryptik.VZB trojan (cleaned by deleting (after the next restart) - quarantined) 00000000000000000000000000000000 C
C:\Users\NightSpawn\AppData\Roaming\Microsoft\4CE1\437E.tmp Win32/PSW.Agent.NTM trojan (cleaned by deleting - quarantined) 00000000000000000000000000000000 C
C:\Users\NightSpawn\AppData\Roaming\Microsoft\4CE1\FE1.exe Win32/Cycbot.AK trojan (cleaned by deleting (after the next restart) - quarantined) 00000000000000000000000000000000 C
C:\Users\NightSpawn\Desktop\sname probably a variant of Win32/Lukicsel.T trojan (cleaned by deleting - quarantined) 00000000000000000000000000000000 C
C:\Windows\System32\AV Protection 2011v121.exe a variant of Win32/Kryptik.VRM trojan (cleaned by deleting - quarantined) 00000000000000000000000000000000 C
C:\Windows\System32\drivers\i8042prt.sys a variant of Win32/Rootkit.Kryptik.FF trojan (unable to clean) 00000000000000000000000000000000 I
C:\Windows\System32\drivers\etc\hosts Win32/Qhost trojan (cleaned by deleting - quarantined) 00000000000000000000000000000000 C
${Memory} a variant of Win32/Sirefef.DN trojan 00000000000000000000000000000000 I

descriptionFailed OTL Scan - Page 2 EmptyRe: Failed OTL Scan

more_horiz
After completing the Eset scan, I had to reboot, and run Rkill again to be able to access the internet. Don't know if they information is relevant, but thought I would included it in my latest post. Thanks much.

descriptionFailed OTL Scan - Page 2 EmptyRe: Failed OTL Scan

more_horiz
Bump.

descriptionFailed OTL Scan - Page 2 EmptyRe: Failed OTL Scan

more_horiz
Well, my comp rebooted itself, and when it loaded up again, my screen is jet black, and I can't access anything. The only thing that was visable was this Vista Antivirus 2012 thing, which is claiming everything I have is infected. It's not letting me access or even view my desktop. I can open task manager, but it is a struggle to get it to remain open so I can do anything. Any suggestions? Because at this rate, I may have to post and work from another computer if it continues like this.

descriptionFailed OTL Scan - Page 2 EmptyRe: Failed OTL Scan

more_horiz
Ok, I'm mananged to access IE through the task manager, although my desktop is still black and I cannot fix that. Not sure what the problem is, but at least I can still post here, and (fingers crossed) still download anything you need me to from here. The Vista Antivirus 2012 doesn't appear to be popping up, but I don't know if it is or isn't because I have no desktop and nothing that normally loads at the start is appearing. I've tried rebooting in safe mode, but I get the same problem. Suggestions or recommendation are welcome. Whatever you think the next logically course of action may be. I did manage to run rkill and an eset scan, but nothing is coming up, and rkill kills a few processes but nothing that I necessarily can see as threatening. I can't access my notepads to link the logs, but if I find a way, I'll post them here ASAP. Thanks again in advance.

descriptionFailed OTL Scan - Page 2 EmptyRe: Failed OTL Scan

more_horiz
Ok, I managed to do a little bit a of reading and research. Apparently, I am suffering from KSOD (Black Screen of Death). Now, I can access things on this computer via the Task Manager. I've tried launching the explorer.exe from task manager, but Task Manager says that the specific path doesn't exist. I've looked at my registry key for this by opening "regedit.exe" with task manager. No, I'm not 100% that everything was right, but it appeared that "shell = explorer". So I assume that that key is correct. So, at present, the KSOD has dropped a interesting challenge in my lap that I cannot yet solve. I would mess around with the registry keys more, but I don't feel comfortable doing that, as most explanations I've read from users, seem to suggest more than a basic knowledge of computers and systems, and in short, I really don't want to mess anything up worse than it already is. Hope this info helps. I'll keep you posted if I find a solution for KSOD before you get a chance to post again.

descriptionFailed OTL Scan - Page 2 EmptyRe: Failed OTL Scan

more_horiz
privacy_tip Permissions in this forum:
You cannot reply to topics in this forum