ThatAfroGuy11

Alright, so I was able to finally log in. I needed to update my drivers, badly (had 22 important ones out of date. Yikes!) and it stopped the BSOD that I was constantly getting. It seems just fine now, so I'll get back to you if any problem persists. Thank you so much for your guidence, and help. I've learned a bunch from this!

Sorry, I keep getting a 'desktop is not accessible. Access is denied.' message if I boot it up normally.

This is what I am getting if I log in normally. Caan't seem to get rid of it. Keeps popping up.

Here you go! And I think you may have fixed the problem! I can open task manager, and the command promt! I'll boot it up normally, and see of the fixes carry across! 11242012_212752.log

Here's the most recent ComboFix log for the user32.dll fix. ComboFix.txt

Alright, I'll do that now. This is what I get when I run ComboFix, with your updated script from earlier. (Screenshot)

Here's the virus total scan URL: https://www.virustotal.com/file/769154826a60361c9f9b8981b45dacce9b5d14f46d488c666a4a7bbbda29b791/analysis/1353787955/

Here's the ComboFix log. Many thanks for your assistance! Regards, Chris ComboFix.txt

I'll run the combofix scropt, but I ran an ESET scan last night, and it got rid of over 16 threats. I think the 2 files you're speaking of got deleted, because I cannot find them. I'll post the log from the scan. ESETSmartInstaller@High as downloader log: all ok # version=7 # OnlineScannerApp.exe=1.0.0.1 # OnlineScanner.ocx=1.0.0.6583 # api_version=3.0.2 # EOSSerial=284614dd595e134cb71b4ded4475d99b # end=finished # remove_checked=true # archives_checked=true # unwanted_checked=true # unsafe_checked=true # antistealth_checked=true # utc_time=2012-11-23 07:54:16 # local_time=2012-11-23 01:54:16 (-0600, Central Standard Time) # country="United States" # lang=1033 # osver=6.1.7601 NT Service Pack 1 # compatibility_mode=5893 16776573 100 94 0 62474896 0 0 # compatibility_mode=8192 67108863 100 0 0 0 0 0 # scanned=209941 # found=20 # cleaned=20 # scan_time=12608 C:\psneuter Android/Exploit.Lotoor.AK trojan (cleaned by deleting - quarantined) 00000000000000000000000000000000 C C:\Documents and Settings\All Users\Application Data\Tarma Installer\{889DF117-14D1-44EE-9F31-C5FB5D47F68B}\_Setupx.dll a variant of Win32/Adware.Yontoo.B application (cleaned by deleting - quarantined) 00000000000000000000000000000000 C C:\Documents and Settings\Steph\Application Data\Mozilla\Firefox\Profiles\8ar28lsw.default\extensions\plugin@yontoo.com\content\overlay.js Win32/Adware.Yontoo application (cleaned by deleting - quarantined) 00000000000000000000000000000000 C C:\Documents and Settings\Steph\Local Settings\Application Data\Google\Chrome\User Data\Default\Cache\f_001531 a variant of Win32/InstallCore.D application (cleaned by deleting - quarantined) 00000000000000000000000000000000 C C:\Documents and Settings\Steph\Local Settings\Temp\ICReinstall\cnet2_EWBackup_1-1-1006_dwn_exe.exe a variant of Win32/InstallCore.D application (cleaned by deleting - quarantined) 00000000000000000000000000000000 C C:\Documents and Settings\Steph\Local Settings\Temp\Temporary Internet Files\Content.IE5\KXUJK1AJ\com-comtribute-sntb[1].exe Win32/Toolbar.Zugo application (cleaned by deleting - quarantined) 00000000000000000000000000000000 C C:\Documents and Settings\Steph\My Documents\Downloads\avc-free.exe Win32/OpenCandy application (cleaned by deleting - quarantined) 00000000000000000000000000000000 C C:\Documents and Settings\Steph\My Documents\Downloads\BestVideoDownloaderSetup-OL.exe multiple threats (cleaned by deleting - quarantined) 00000000000000000000000000000000 C C:\Documents and Settings\Steph\My Documents\Downloads\cnet_avc-free_exe.exe a variant of Win32/InstallCore.D application (cleaned by deleting - quarantined) 00000000000000000000000000000000 C C:\Documents and Settings\Steph\My Documents\Downloads\vlcmediaplayer-setup.exe Win32/DownloadAdmin.A.Gen application (cleaned by deleting - quarantined) 00000000000000000000000000000000 C C:\ProgramData\Spybot - Search & Destroy\Recovery\WinAgentrer.zip Win32/Bagle.gen.zip worm (cleaned by deleting - quarantined) 00000000000000000000000000000000 C C:\System Volume Information\SystemRestore\FRStaging\Documents and Settings\Steph\Application Data\Mozilla\Firefox\Profiles\8ar28lsw.default\extensions\plugin@yontoo.com\content\overlay.js Win32/Adware.Yontoo application (cleaned by deleting - quarantined) 00000000000000000000000000000000 C C:\System Volume Information\SystemRestore\FRStaging\Documents and Settings\Steph\My Documents\Downloads\avc-free.exe Win32/OpenCandy application (cleaned by deleting - quarantined) 00000000000000000000000000000000 C C:\System Volume Information\SystemRestore\FRStaging\Documents and Settings\Steph\My Documents\Downloads\BestVideoDownloaderSetup-OL.exe multiple threats (cleaned by deleting - quarantined) 00000000000000000000000000000000 C C:\System Volume Information\SystemRestore\FRStaging\Documents and Settings\Steph\My Documents\Downloads\cnet_avc-free_exe.exe a variant of Win32/InstallCore.D application (cleaned by deleting - quarantined) 00000000000000000000000000000000 C C:\System Volume Information\SystemRestore\FRStaging\Documents and Settings\Steph\My Documents\Downloads\vlcmediaplayer-setup.exe Win32/DownloadAdmin.A.Gen application (cleaned by deleting - quarantined) 00000000000000000000000000000000 C C:\Users\Chris and Steph\Downloads\Hirens.BootCD.15.2(1).zip multiple threats (deleted - quarantined) 00000000000000000000000000000000 C C:\Users\Chris and Steph\Downloads\Hirens.BootCD.15.2.zip multiple threats (deleted - quarantined) 00000000000000000000000000000000 C C:\Users\Yes\Desktop\Hiren's.BootCD.15.2.iso multiple threats (deleted - quarantined) 00000000000000000000000000000000 C C:\Windows\System32\config\systemprofile\Desktop\hiren's.bootcd.15.1.iso Win32/PSWTool.KonBoot.A application (deleted - quarantined) 00000000000000000000000000000000 C

The drivers disappeared. Couldn't find them.

Here ya go! ComboFix.txt

I'll take a look at the drivers. none of them look familiar. And the .bat file is the one I use to open up the command prompt. It cannot be opened any other way.

I've already tried this. Does not work. My boot up time is significantly faster, so I believe we're making head way. Any other suggestions? Thanks, Chris

Clicking on the FBI page icon at the bottom, I can push it back to the task bar, kinda like you can click a program, and it will shrink back to the task bar. If I click on it again, the task bar disappears, but maybe this is progress? Many thanks, Chris

I had another relative at the computer, and he deleted the files. It's still infected. I am able to log into a profile, but am greeted with the FBI fake warning page. I can log out, and log back in, and the task bar is accessible, so I can click on the script that is running. Thimg is, I can't start any program from shortcuts or anything, but I can from the start menu. I'm still at a loss as to what to do.

Here ya go. TDSSKiller.2.8.15.0_21.11.2012_19.44.59_log.txt TDSSKiller.2.8.15.0_21.11.2012_19.42.53_log.txt TDSSKiller.2.8.15.0_21.11.2012_19.30.44_log.txt

Sorry! I totally read the instructions wrong. Here they are.

There's no folder where the log files should be.

This is what I get after I've run the scan. I rebooted as it told me to after I changed the parameters. Still nothing.

Are you still here Mr. C?

I just got a BSOD when I started the scan. It said CLASSPNP.SYS was the culprit.

And no, it seem to have erased my system restore points. I may have disabled restore point (major fail, I understand), because when I boot up and select system repair, and system restore, the aren't any restore points available.

No, I do not recognize it.

Here are the logs. Search.txt FRST.txt