[johnnydotcom]

Hello, first of all I'd like to thank you guys for all the assistance you give to the public. Sometimes there are things that happen that we just dont understand.

Now on to the point of my post. Just today I was watching a video online, when i started getting a handfull of pop ups. The pop ups were different then those ive seen selling rogue spyware but I know better then to click on them anyhow. I start alt+F4 them and I got to a point were I couldnt alt+F4 them anymore so i powered down my PC.

I now restart my PC and the first thing I see is a pop up saying my pl is infected with Worm.Win32.Netsky. There is no wallpaper or anything. I tried starting it in safe mode and I noticed Spyboy S&D, and a Defender program I hadnt noticed. I am known for using Spybot before so maybe I had downloaded it prior so I scanned.

About 1/5th of the way through the scan i'm noticing the programs it's scanning are not ones i've seen before. Alot of malware programs, virusso and so even a Smitfraud C. I'm almost thinking that this spybot I just used started downloading other programs instead of taking them away. The stuff it was telling me to delete were stuff like Window Restore files ans such. I forced shutdown again and It wasnt allowing me to with a window saying "Spybot Is not allowing your computer to shut down cause it is still running" but it did give me the option to bypass it and proceed to shut down.

Now if I try to restart its just a plain black screen both in regular mode and in safe mode.

Please help, if at all possible. If a Reformat is needed so be it. I would post logs but as I said I cant even get into the computer in safe mode now. Maybe you guys know some tricks of the trade?

-John

Edited by johnnydotcom, 16 December 2009 - 06:13 PM.

[Advertisements]

Hi,

• Download OTL to your desktop.
• Double click on the icon to run it. Make sure all other windows are closed and to let it run uninterrupted.
• When the window appears, underneath Output at the top change it to Minimal Output.
• Check the boxes beside LOP Check and Purity Check.
• Under the Custom Scan box paste this in
  
  netsvcs
  HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WindowsUpdate\Auto Update\Results\Install|LastSuccessTime /rs
  %SYSTEMDRIVE%\*.exe
  /md5start
  eventlog.dll
  scecli.dll
  netlogon.dll
  cngaudit.dll
  sceclt.dll
  ntelogon.dll
  logevent.dll
  iaStor.sys
  nvstor.sys
  atapi.sys
  IdeChnDr.sys
  viasraid.sys
  AGP440.sys
  vaxscsi.sys
  nvatabus.sys
  viamraid.sys
  nvata.sys
  nvgts.sys
  iastorv.sys
  ViPrt.sys
  eNetHook.dll
  /md5stop
  CREATERESTOREPOINT
  
  
• Click the Run Scan button. Do not change any settings unless otherwise told to do so. The scan wont take long.
  
• When the scan completes, it will open two notepad windows. OTL.Txt and Extras.Txt. These are saved in the same location as OTL.
• Please copy (Edit->Select All, Edit->Copy) the contents of these files, one at a time, and post it with your next reply. You may need two posts to fit them all in.

[chamber]

Hi,

• Download OTL to your desktop.
• Double click on the icon to run it. Make sure all other windows are closed and to let it run uninterrupted.
• When the window appears, underneath Output at the top change it to Minimal Output.
• Check the boxes beside LOP Check and Purity Check.
• Under the Custom Scan box paste this in
  
  netsvcs
  HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WindowsUpdate\Auto Update\Results\Install|LastSuccessTime /rs
  %SYSTEMDRIVE%\*.exe
  /md5start
  eventlog.dll
  scecli.dll
  netlogon.dll
  cngaudit.dll
  sceclt.dll
  ntelogon.dll
  logevent.dll
  iaStor.sys
  nvstor.sys
  atapi.sys
  IdeChnDr.sys
  viasraid.sys
  AGP440.sys
  vaxscsi.sys
  nvatabus.sys
  viamraid.sys
  nvata.sys
  nvgts.sys
  iastorv.sys
  ViPrt.sys
  eNetHook.dll
  /md5stop
  CREATERESTOREPOINT
  
  
• Click the Run Scan button. Do not change any settings unless otherwise told to do so. The scan wont take long.
  
• When the scan completes, it will open two notepad windows. OTL.Txt and Extras.Txt. These are saved in the same location as OTL.
• Please copy (Edit->Select All, Edit->Copy) the contents of these files, one at a time, and post it with your next reply. You may need two posts to fit them all in.