Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Recover Files with .Block as the extension


  • This topic is locked This topic is locked
12 replies to this topic

#1 B_Eckenrode

B_Eckenrode

  • Members
  • 6 posts
  • OFFLINE
  •  
  • Local time:03:01 PM

Posted 10 January 2013 - 05:42 PM

Hello,

Hopefully you can help me out. I have been looking at some of the topics in here on this and I hope that it is ok to start a new topic.

My one laptop was infected with the FBI warning virus and we weren't able to do a lot with the machine. I was able to restore the computer to an earlier point in time and now the warning message is not coming back up. Now, all the office files (most of which I don't need since it is an old computer) have an extension of .block on them. I am trying to recover a 100 page story that my daughter has been working on on this laptop. Would love some help in recovering this information so that I can save this file on the new laptop and let her continue with her work.

BC AdBot (Login to Remove)

 


#2 Oh My!

Oh My!

    Adware and Spyware and Malware.....


  • Malware Response Instructor
  • 37,734 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:California
  • Local time:01:01 PM

Posted 15 January 2013 - 04:50 PM

Greetings B_Eckenrode and :welcome: to BleepingComputer's Virus/Trojan/Spyware/Malware Removal forum.

My name is Oh My! and I am here to help you! Now that we are "friends" please call me Gary.

If you would allow me to call you by your first name I would prefer to do that. :thumbup2:

At the outset I want to let you know that most of the time in these types of situations we are unable to decrypt the files. Having said that, if you wish for me to review the state of your computer please read and do the following for me.

Thank you for your patience. I know it has been a long wait.


===================================================


Ground Rules:

  • First, I would like to inform you that most of us here at Bleeping Computer offer our expert assistance out of the goodness of our hearts. Please try to match our commitment to you with your patience toward us. If this was easy we would never have met. :)
  • Please do not run any tools or take any steps other than those I will provide for you while we work on your computer together. I need to be certain about the state of your computer in order to provide appropriate and effective steps for you to take. Most often "well intentioned" (and usually panic driven!) independent efforts can make things much worse for both of us. If at any point you would prefer to take your own steps please let me know, I will not be offended. I would be happy to focus on the many others who are waiting in line for assistance.
  • Please perform all steps in the order they are listed in each set of instructions. Some steps are a bit complicated. If things are not clear, be sure to stop and let me know. We need to work on this together with confidence.
  • Please copy and paste all logs into your post unless directed otherwise. Please do not re-run any programs I suggest. If you encounter problems simply stop and tell me about it.
  • When you post your reply, do not use the Posted Image button but use the Posted Image button instead.
  • In the upper right hand corner of the topic you will see the Posted Image button. Click on this then choose Immediate E-Mail notification and then Proceed and you will be sent an email once I have posted a response.
  • If you do not reply to your topic after 5 days we assume it has been abandoned and I will close it.
  • When your computer is clean I will alert you of such. I will also provide for you detailed information about how you can combat future infections.
  • I would like to remind you to make no further changes to your computer unless I direct you to do so.

===================================================


Helping me Help You

Now that I am assisting you, you can expect that I will be very responsive to your situation. If you are able, I would request you check this thread at least once per day so that we can try to resolve your issues effectively and efficiently. If you are going to be delayed please be considerate and post that information so that I know you are still with me. Unfortunately, there are many people waiting to be assisted and not enough of us at BleepingComputer to go around. I appreciate your understanding and diligence.


===================================================


Additional Information

  • If you have since resolved the original problem you were having, I would appreciate you letting me know.
  • If you are unable to create a log because your computer cannot start up successfully please provide detailed information about your installed Windows Operating System including the Version, Edition and if it is a 32bit or a 64bit system.
    • If you are unsure about any of these characteristics just post what you can and I will guide you.
    • Explain as best you can what happens with your computer, i.e. it beeps three times, the the black screen starts then goes blank, etc
  • Please tell me if you have your original Windows CD/DVD available.
  • If you have not done so, include a clear description of the problems you're having, along with any steps you may have performed so far.
  • Upon completing the steps below I will review your topic an do my best to resolve your issues.
  • If you have already posted a DDS log, please do so again, as your situation may have changed.

===================================================


Create DDS.txt and Attach.txt

I need to see some information about what is happening in your machine. Please perform the following scan again:

  • Download DDS by sUBs from one of the following links if you no longer have it available. Save it to your desktop.

    DDS.com
    DDS.pif

  • Double click on the Posted Image icon, allow it to run.
  • A small box will open, with an explanation about the tool. No input is needed, the scan is running.
  • Notepad will open with the results.
  • Please copy and paste the contents of both results in your post.
  • Close the program window, and delete the program from your desktop.
You may have to disable any script protection running if the scan fails to run. After downloading the tool, disconnect from the internet and disable all antivirus protection. Run the scan, enable your A/V and reconnect to the internet.

Information on A/V control HERE


===================================================


Things I would like to see in your next reply. Please be sure to copy and paste the information rather than send an attachment. :thumbsup2:

  • DDS.txt
  • Attach.txt

Gary
 
If I do not reply within 24 hours please send me a Personal Message.

"Lord, to whom would we go? You have the words that give eternal life. We believe, and we know you are the Holy One of God."

#3 B_Eckenrode

B_Eckenrode
  • Topic Starter

  • Members
  • 6 posts
  • OFFLINE
  •  
  • Local time:03:01 PM

Posted 16 January 2013 - 05:11 PM

This computer is seriously messed up. I am going to reply more on my other computer. Thank you so much for looking into this for me.

Here is what I got from the DDS

.
UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.
IF REQUESTED, ZIP IT UP & ATTACH IT
.
DDS (Ver_2012-11-20.01)
.
Microsoft Windows XP Home Edition
Boot Device: \Device\HarddiskVolume1
Install Date: 4/18/2006 4:02:36 PM
System Uptime: 1/16/2013 2:35:11 PM (3 hours ago)
.
Motherboard: Compal | | 08A0
Processor: AMD Athlon™ 64 Processor 3000+ | Socket A | 701/133mhz
.
==== Disk Partitions =========================
.
C: is FIXED (NTFS) - 56 GiB total, 12.708 GiB free.
D: is CDROM ()
.
==== Disabled Device Manager Items =============
.
Class GUID: {4D36E972-E325-11CE-BFC1-08002BE10318}
Description: Realtek RTL8139/810x Family Fast Ethernet NIC
Device ID: PCI\VEN_10EC&DEV_8139&SUBSYS_813910EC&REV_10\4&2FF3801D&0&0850
Manufacturer: Realtek
Name: Realtek RTL8139/810x Family Fast Ethernet NIC
PNP Device ID: PCI\VEN_10EC&DEV_8139&SUBSYS_813910EC&REV_10\4&2FF3801D&0&0850
Service: rtl8139
.
==== System Restore Points ===================
.
RP1845: 9/21/2012 5:18:01 PM - System Checkpoint
RP1846: 9/24/2012 9:05:10 PM - System Checkpoint
RP1847: 9/27/2012 5:22:31 PM - System Checkpoint
RP1848: 9/29/2012 5:44:17 PM - System Checkpoint
RP1849: 9/30/2012 6:39:20 PM - System Checkpoint
RP1850: 10/1/2012 7:55:42 PM - System Checkpoint
RP1851: 10/5/2012 4:35:49 PM - System Checkpoint
RP1852: 10/6/2012 4:47:54 PM - System Checkpoint
RP1853: 10/17/2012 6:33:21 PM - System Checkpoint
RP1854: 10/18/2012 6:56:41 PM - System Checkpoint
RP1855: 10/19/2012 11:15:12 PM - System Checkpoint
RP1856: 10/21/2012 12:02:13 PM - System Checkpoint
RP1857: 10/22/2012 1:48:19 PM - System Checkpoint
RP1858: 10/23/2012 3:49:13 PM - System Checkpoint
RP1859: 10/24/2012 5:56:35 PM - System Checkpoint
RP1860: 10/26/2012 9:26:57 AM - System Checkpoint
RP1861: 10/29/2012 4:31:18 PM - System Checkpoint
RP1862: 11/1/2012 9:14:19 PM - Configured Barbie Girls
RP1863: 11/1/2012 9:16:52 PM - Configured Barbie Girls
RP1864: 11/27/2012 10:30:05 PM - System Checkpoint
RP1865: 11/30/2012 4:32:47 PM - System Checkpoint
RP1866: 12/17/2012 7:37:13 PM - Restore Operation
.
==== Installed Programs ======================
.
32 Bit HP CIO Components Installer
8500A909_BasicWeb
8500A909_Help_BasicWeb
Adobe Flash Player 11 ActiveX
Adobe Reader 7.0
Adobe Shockwave Player 11.5
Agere Systems AC'97 Modem
AiO_Scan_CDA
AiOSoftwareNPI
ALPS Touch Pad Driver
Apple Application Support
Apple Mobile Device Support
Apple Software Update
Ask.com Search Assistant 1.0.2
Athlon 64 Processor Driver
Barbie Girls
Bing Bar
Bing Bar Platform
Bonjour
bpd_scan
BPDSoftware
BPDSoftware_Ini
Broderbund Media Manager
BufferChm
C3100
c3100_Help
Camp Funshine: Carrie the Caregiver 3
CCleaner
Destinations
DeviceManagementQFolder
Diner Dash
Diner Dash - Flo on the Go
DocProc
DocProcQFolder
Dragon Tales
Driver Detective
Driver Wizard
eSupportQFolder
Fax_CDA
Google Toolbar for Internet Explorer
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB953595)
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB958484)
Hotfix for Windows Internet Explorer 7 (KB947864)
Hotfix for Windows XP (KB2158563)
Hotfix for Windows XP (KB2443685)
Hotfix for Windows XP (KB952287)
Hotfix for Windows XP (KB954550-v5)
Hotfix for Windows XP (KB961118)
Hotfix for Windows XP (KB970653-v3)
Hotfix for Windows XP (KB976098-v2)
Hotfix for Windows XP (KB979306)
Hotfix for Windows XP (KB981793)
HP Help and Support
HP Imaging Device Functions 7.0
HP Officejet Pro 8500 A909 Series
HP Photosmart and Deskjet 7.0.A
HP Photosmart Essential
HP Product Assistant
HP Solution Center 7.0
HP Update
HPPhotoSmartExpress
HPProductAssistant
IncrediMail
IncrediMail 2.0
IncrediMail MediaBar 2 Toolbar
InstantShareDevicesMFC
InterActual Player
InterVideo WinDVD
iTunes
J2SE Runtime Environment 5.0 Update 7
Java™ 6 Update 13
Java™ 6 Update 2
Java™ 6 Update 3
LiveUpdate (Symantec Corporation)
LiveUpdate Notice (Symantec Corporation)
MDaemon GroupWare Plug-in
Messenger Plus! Live
Microsoft .NET Framework 1.1
Microsoft .NET Framework 1.1 Security Update (KB2416447)
Microsoft .NET Framework 1.1 Security Update (KB979906)
Microsoft .NET Framework 2.0 Service Pack 2
Microsoft .NET Framework 3.0 Service Pack 2
Microsoft .NET Framework 3.5 SP1
Microsoft Antimalware
Microsoft Application Error Reporting
Microsoft Default Manager
Microsoft Internationalized Domain Names Mitigation APIs
Microsoft Kernel-Mode Driver Framework Feature Pack 1.5
Microsoft National Language Support Downlevel APIs
Microsoft Office 2000 SR-1 Professional
Microsoft Search Enhancement Pack
Microsoft Security Client
Microsoft Security Essentials
Microsoft Silverlight
Microsoft Visual C++ 2005 Redistributable
Microsoft Visual C++ 2005 Redistributable - KB2467175
Mobile Broadband Drivers
MobileMe Control Panel
Move Media Player
MSN
MSXML 4.0 SP2 (KB927978)
MSXML 4.0 SP2 (KB936181)
MSXML 4.0 SP2 (KB954430)
MSXML 4.0 SP2 (KB973688)
muvee autoProducer 3.5 - SE
My Web Search (Cursor Mania)
Network
NewCopy_CDA
Norton PC Checkup
NVIDIA nForce Drivers
NVIDIA Windows 2000/XP Display Drivers
OCR Software by I.R.I.S 7.0
OTOY
PanoStandAlone
PC Cleaners
PCI 1620 Cardbus Controller and Software
Photo Notifier and Animation Creator
Photodex Presenter
PricePeep for Internet Explorer
ProductContextNPI
Quick Launch Buttons 5.00 C1
QuickBooks Pro 2006
QuickTime
QuickTime 3.0
Readme
RealArcade
Realtek RTL8139/810x Fast Ethernet NIC Driver Setup
Road Runner Install
Road Runner Medic 6.1
Safari
Scan
ScannerCopy
Security Update for Microsoft .NET Framework 3.5 SP1 (KB2416473)
Security Update for Windows Internet Explorer 7 (KB928090)
Security Update for Windows Internet Explorer 7 (KB929969)
Security Update for Windows Internet Explorer 7 (KB931768)
Security Update for Windows Internet Explorer 7 (KB933566)
Security Update for Windows Internet Explorer 7 (KB937143)
Security Update for Windows Internet Explorer 7 (KB938127)
Security Update for Windows Internet Explorer 7 (KB939653)
Security Update for Windows Internet Explorer 7 (KB942615)
Security Update for Windows Internet Explorer 7 (KB944533)
Security Update for Windows Internet Explorer 7 (KB950759)
Security Update for Windows Internet Explorer 7 (KB953838)
Security Update for Windows Internet Explorer 7 (KB956390)
Security Update for Windows Internet Explorer 7 (KB958215)
Security Update for Windows Internet Explorer 7 (KB960714)
Security Update for Windows Internet Explorer 7 (KB961260)
Security Update for Windows Internet Explorer 8 (KB2183461)
Security Update for Windows Internet Explorer 8 (KB2360131)
Security Update for Windows Internet Explorer 8 (KB2416400)
Security Update for Windows Internet Explorer 8 (KB2482017)
Security Update for Windows Internet Explorer 8 (KB2497640)
Security Update for Windows Internet Explorer 8 (KB2510531)
Security Update for Windows Internet Explorer 8 (KB969897)
Security Update for Windows Internet Explorer 8 (KB971961)
Security Update for Windows Internet Explorer 8 (KB972260)
Security Update for Windows Internet Explorer 8 (KB974455)
Security Update for Windows Internet Explorer 8 (KB976325)
Security Update for Windows Internet Explorer 8 (KB978207)
Security Update for Windows Internet Explorer 8 (KB981332)
Security Update for Windows Internet Explorer 8 (KB982381)
Security Update for Windows Media Player (KB2378111)
Security Update for Windows Media Player (KB911564)
Security Update for Windows Media Player (KB952069)
Security Update for Windows Media Player (KB954155)
Security Update for Windows Media Player (KB968816)
Security Update for Windows Media Player (KB973540)
Security Update for Windows Media Player (KB975558)
Security Update for Windows Media Player (KB978695)
Security Update for Windows Media Player (KB979402)
Security Update for Windows Media Player 6.4 (KB925398)
Security Update for Windows Media Player 9 (KB911565)
Security Update for Windows Media Player 9 (KB917734)
Security Update for Windows Media Player 9 (KB936782)
Security Update for Windows XP (KB2079403)
Security Update for Windows XP (KB2115168)
Security Update for Windows XP (KB2121546)
Security Update for Windows XP (KB2160329)
Security Update for Windows XP (KB2229593)
Security Update for Windows XP (KB2259922)
Security Update for Windows XP (KB2279986)
Security Update for Windows XP (KB2286198)
Security Update for Windows XP (KB2296011)
Security Update for Windows XP (KB2296199)
Security Update for Windows XP (KB2347290)
Security Update for Windows XP (KB2360937)
Security Update for Windows XP (KB2387149)
Security Update for Windows XP (KB2393802)
Security Update for Windows XP (KB2412687)
Security Update for Windows XP (KB2419632)
Security Update for Windows XP (KB2423089)
Security Update for Windows XP (KB2436673)
Security Update for Windows XP (KB2440591)
Security Update for Windows XP (KB2443105)
Security Update for Windows XP (KB2476687)
Security Update for Windows XP (KB2478960)
Security Update for Windows XP (KB2478971)
Security Update for Windows XP (KB2479628)
Security Update for Windows XP (KB2479943)
Security Update for Windows XP (KB2481109)
Security Update for Windows XP (KB2483185)
Security Update for Windows XP (KB2485376)
Security Update for Windows XP (KB2485663)
Security Update for Windows XP (KB2503658)
Security Update for Windows XP (KB2506212)
Security Update for Windows XP (KB2506223)
Security Update for Windows XP (KB2507618)
Security Update for Windows XP (KB2508272)
Security Update for Windows XP (KB2508429)
Security Update for Windows XP (KB2509553)
Security Update for Windows XP (KB2511455)
Security Update for Windows XP (KB2524375)
Security Update for Windows XP (KB923561)
Security Update for Windows XP (KB923689)
Security Update for Windows XP (KB938464-v2)
Security Update for Windows XP (KB938464)
Security Update for Windows XP (KB941569)
Security Update for Windows XP (KB946648)
Security Update for Windows XP (KB950760)
Security Update for Windows XP (KB950762)
Security Update for Windows XP (KB950974)
Security Update for Windows XP (KB951066)
Security Update for Windows XP (KB951376-v2)
Security Update for Windows XP (KB951376)
Security Update for Windows XP (KB951698)
Security Update for Windows XP (KB951748)
Security Update for Windows XP (KB952004)
Security Update for Windows XP (KB952954)
Security Update for Windows XP (KB953839)
Security Update for Windows XP (KB954211)
Security Update for Windows XP (KB954459)
Security Update for Windows XP (KB954600)
Security Update for Windows XP (KB955069)
Security Update for Windows XP (KB956391)
Security Update for Windows XP (KB956572)
Security Update for Windows XP (KB956744)
Security Update for Windows XP (KB956802)
Security Update for Windows XP (KB956803)
Security Update for Windows XP (KB956841)
Security Update for Windows XP (KB956844)
Security Update for Windows XP (KB957095)
Security Update for Windows XP (KB957097)
Security Update for Windows XP (KB958644)
Security Update for Windows XP (KB958687)
Security Update for Windows XP (KB958690)
Security Update for Windows XP (KB958869)
Security Update for Windows XP (KB959426)
Security Update for Windows XP (KB960225)
Security Update for Windows XP (KB960715)
Security Update for Windows XP (KB960803)
Security Update for Windows XP (KB960859)
Security Update for Windows XP (KB961371)
Security Update for Windows XP (KB961373)
Security Update for Windows XP (KB961501)
Security Update for Windows XP (KB968537)
Security Update for Windows XP (KB969059)
Security Update for Windows XP (KB969898)
Security Update for Windows XP (KB969947)
Security Update for Windows XP (KB970238)
Security Update for Windows XP (KB970430)
Security Update for Windows XP (KB971468)
Security Update for Windows XP (KB971486)
Security Update for Windows XP (KB971557)
Security Update for Windows XP (KB971633)
Security Update for Windows XP (KB971657)
Security Update for Windows XP (KB972270)
Security Update for Windows XP (KB973346)
Security Update for Windows XP (KB973354)
Security Update for Windows XP (KB973507)
Security Update for Windows XP (KB973525)
Security Update for Windows XP (KB973869)
Security Update for Windows XP (KB973904)
Security Update for Windows XP (KB974112)
Security Update for Windows XP (KB974318)
Security Update for Windows XP (KB974392)
Security Update for Windows XP (KB974571)
Security Update for Windows XP (KB975025)
Security Update for Windows XP (KB975467)
Security Update for Windows XP (KB975560)
Security Update for Windows XP (KB975561)
Security Update for Windows XP (KB975562)
Security Update for Windows XP (KB975713)
Security Update for Windows XP (KB977165)
Security Update for Windows XP (KB977816)
Security Update for Windows XP (KB977914)
Security Update for Windows XP (KB978037)
Security Update for Windows XP (KB978251)
Security Update for Windows XP (KB978262)
Security Update for Windows XP (KB978338)
Security Update for Windows XP (KB978542)
Security Update for Windows XP (KB978601)
Security Update for Windows XP (KB978706)
Security Update for Windows XP (KB979309)
Security Update for Windows XP (KB979482)
Security Update for Windows XP (KB979559)
Security Update for Windows XP (KB979683)
Security Update for Windows XP (KB979687)
Security Update for Windows XP (KB980195)
Security Update for Windows XP (KB980218)
Security Update for Windows XP (KB980232)
Security Update for Windows XP (KB980436)
Security Update for Windows XP (KB981322)
Security Update for Windows XP (KB981852)
Security Update for Windows XP (KB981957)
Security Update for Windows XP (KB981997)
Security Update for Windows XP (KB982132)
Security Update for Windows XP (KB982214)
Security Update for Windows XP (KB982665)
Security Update for Windows XP (KB982802)
SeeqDo
Shockwave
Shopmania (remove only)
Smart Keyword Suggest
SolutionCenter
Sonic RecordNow!
Sonic Update Manager
SoundMAX
Sprint Mobile Broadband (Novatel Wireless)
Status
The Print Shop
TI1620/1520
Toolbox
TrayApp
Unload
Update for Microsoft .NET Framework 3.5 SP1 (KB963707)
Update for Windows Internet Explorer 8 (KB968220)
Update for Windows Internet Explorer 8 (KB976662)
Update for Windows Internet Explorer 8 (KB976749)
Update for Windows Internet Explorer 8 (KB980182)
Update for Windows XP (KB2141007)
Update for Windows XP (KB2345886)
Update for Windows XP (KB2467659)
Update for Windows XP (KB951072-v2)
Update for Windows XP (KB951978)
Update for Windows XP (KB955759)
Update for Windows XP (KB955839)
Update for Windows XP (KB967715)
Update for Windows XP (KB968389)
Update for Windows XP (KB971029)
Update for Windows XP (KB971737)
Update for Windows XP (KB973687)
Update for Windows XP (KB973815)
Virtual Earth 3D (Beta)
Virtual Makeover the Collection
Visual 2.05.0000
WebFldrs XP
WebReg
Windows Defender
Windows Genuine Advantage Notifications (KB905474)
Windows Genuine Advantage Validation Tool (KB892130)
Windows Imaging Component
Windows Internet Explorer 7
Windows Internet Explorer 8
Windows Live ID Sign-in Assistant
Windows Live Messenger
Windows Media Format Runtime
Windows XP Service Pack 3
XML Paper Specification Shared Components Pack 1.0
Zone Deluxe Games
.
==== Event Viewer Messages From Past Week ========
.
1/9/2013 5:43:40 PM, error: Service Control Manager [7026] - The following boot-start or system-start driver(s) failed to load: eeCtrl MpFilter
1/9/2013 5:43:40 PM, error: Service Control Manager [7023] - The Windows EventLog Helper service terminated with the following error: The specified module could not be found.
1/9/2013 5:43:40 PM, error: Service Control Manager [7023] - The Computer Browser service terminated with the following error: The specified service does not exist as an installed service.
1/9/2013 5:43:40 PM, error: Service Control Manager [7009] - Timeout (30000 milliseconds) waiting for the Norton PC Checkup Application Launcher service to connect.
1/9/2013 5:43:40 PM, error: Service Control Manager [7009] - Timeout (30000 milliseconds) waiting for the AMService service to connect.
1/9/2013 5:43:40 PM, error: Service Control Manager [7000] - The Norton PC Checkup Application Launcher service failed to start due to the following error: The service did not respond to the start or control request in a timely fashion.
1/9/2013 5:43:40 PM, error: Service Control Manager [7000] - The Common Client Job Manager Service service failed to start due to the following error: The system cannot find the file specified.
1/16/2013 2:53:25 PM, error: Service Control Manager [7009] - Timeout (30000 milliseconds) waiting for the LiveUpdate service to connect.
1/16/2013 2:53:23 PM, error: DCOM [10005] - DCOM got error "%1053" attempting to start the service LiveUpdate with arguments "" in order to run the server: {03E0E6C2-363B-11D3-B536-00902771A435}
1/16/2013 2:13:38 PM, error: Service Control Manager [7009] - Timeout (30000 milliseconds) waiting for the iPod Service service to connect.
1/16/2013 2:13:38 PM, error: Service Control Manager [7000] - The iPod Service service failed to start due to the following error: The service did not respond to the start or control request in a timely fashion.
1/16/2013 2:13:38 PM, error: DCOM [10005] - DCOM got error "%1053" attempting to start the service iPod Service with arguments "" in order to run the server: {063D34A4-BF84-4B8D-B699-E8CA06504DDE}
1/11/2013 6:40:14 PM, error: Service Control Manager [7011] - Timeout (30000 milliseconds) waiting for a transaction response from the stisvc service.
.
==== End Of File ===========================

#4 Oh My!

Oh My!

    Adware and Spyware and Malware.....


  • Malware Response Instructor
  • 37,734 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:California
  • Local time:01:01 PM

Posted 16 January 2013 - 05:19 PM

Greetings,

This computer is seriously messed up.

What do you mean by this, besides the encrypted files. Can you describe the issues you are having?
Gary
 
If I do not reply within 24 hours please send me a Personal Message.

"Lord, to whom would we go? You have the words that give eternal life. We believe, and we know you are the Holy One of God."

#5 B_Eckenrode

B_Eckenrode
  • Topic Starter

  • Members
  • 6 posts
  • OFFLINE
  •  
  • Local time:03:01 PM

Posted 16 January 2013 - 05:42 PM

Sorry, What I meant is that this is an old machine and I am not plannin on using it any more once I get this resolved(hopefully). It takes forever for it to load and there are too many auto-run programs that keep coming up when you start the computer.

I work for a software company and am the IT guy. However, that being said, I just know the basics (pretty detailed on our program, but windows operations is very minimal compared to what you all know. That being said, I want you to know how much I appreciate what you are doing and will have patience with you through the process.

By the way, my name is Bob.

Here is what I got from the second download.

DDS (Ver_2012-11-20.01) - NTFS_x86
Internet Explorer: 8.0.6001.18702
Run by Bob Eckenrode at 17:38:43 on 2013-01-16
Microsoft Windows XP Home Edition 5.1.2600.3.1252.1.1033.18.1279.417 [GMT -5:00]
.
AV: PC Cleaner Pro *Disabled/Updated* {737A8864-C2D9-4337-B49A-B5E35815B9BB}
AV: Microsoft Security Essentials *Disabled/Updated* {EDB4FA23-53B8-4AFA-8C5D-99752CCA7095}
.
============== Running Processes ================
.
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
C:\Program Files\Symantec\LiveUpdate\AluSchedulerSvc.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PifSvc.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\Program Files\Novatel Wireless\Sprint\Sprint PCS Connection Manager\OSCMUtilityService.exe
C:\Program Files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe
C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe
C:\Program Files\twc\medicsp2\bin\sprtsvc.exe
C:\WINDOWS\system32\wdfmgr.exe
C:\WINDOWS\msisear.exe
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
C:\Program Files\Apoint2K\Apoint.exe
C:\Program Files\Java\jre6\bin\jusched.exe
C:\Program Files\QuickTime\qttask.exe
C:\Program Files\twc\medicsp2\bin\sprtcmd.exe
C:\Program Files\Apoint2K\Apntex.exe
C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
C:\Program Files\MSN Toolbar\Platform\5.0.1355.0\mswinext.exe
C:\Program Files\Mattel\Barbie Girls\Mattel.BarbieGirls.Tray.exe
C:\WINDOWS\AGRSMMSG.exe
C:\Program Files\Microsoft Security Client\msseces.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\WINDOWS\system32\rundll32.exe
C:\WINDOWS\system32\rundll32.exe
C:\Program Files\PC Cleaners\PCCleaners.exe
C:\Program Files\Messenger\msmsgs.exe
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\PROGRA~1\MYWEBS~1\bar\1.bin\mwsoemon.exe
C:\Program Files\IncrediMail\bin\IncMail.exe
C:\WINDOWS\system32\Rundll32.exe
C:\Documents and Settings\Bob Eckenrode\jotgesadosjy.exe
C:\Program Files\IncrediMail\Bin\ImApp.exe
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\Program Files\Adobe\Acrobat 7.0\Reader\AcroRd32.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\WINDOWS\system32\rundll32.exe
C:\WINDOWS\system32\tubnfsuacpxyosxdpuo.exe
c:\program files\internet explorer\iexplore.exe
C:\Program Files\Smart Keyword Suggest\SMBarBroker.exe
C:\Program Files\Microsoft\Search Enhancement Pack\SCServer\SCServer.exe
C:\WINDOWS\explorer.exe
C:\WINDOWS\system32\wbem\wmiprvse.exe
C:\WINDOWS\System32\svchost.exe -k netsvcs
C:\WINDOWS\system32\svchost.exe -k NetworkService
C:\WINDOWS\system32\svchost.exe -k LocalService
C:\WINDOWS\system32\svchost.exe -k LocalService
C:\WINDOWS\system32\svchost.exe -k HPService
C:\WINDOWS\System32\svchost.exe -k HPZ12
C:\WINDOWS\System32\svchost.exe -k HPZ12
C:\WINDOWS\system32\svchost.exe -k imgsvc
C:\WINDOWS\System32\svchost.exe -k HTTPFilter
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
.
============== Pseudo HJT Report ===============
.
uStart Page = hxxp://www.foxnews.com/
uWindow Title = Road Runner High Speed Online
uSearch Bar = hxxp://www.google.com/ie
uSearch Page = hxxp://www.google.com
uSearchMigratedDefaultURL = hxxp://www.google.com/search?q={searchTerms}&sourceid=ie7&rls=com.microsoft:en-US&ie=utf8&oe=utf8
uInternet Connection Wizard,ShellNext = hxxp://www.hp.com/go/notebookaccessories
uSearchAssistant = hxxp://www.google.com/ie
uSearchURL,(Default) = hxxp://www.google.com/search?q=%s
mSearchAssistant = hxxp://www.google.com/ie
uURLSearchHooks: IncrediMail MediaBar 2 Toolbar: {d40b90b4-d3b1-4d6b-a5d7-dc041c1b76c0} - c:\program files\incredimail_mediabar_2\prxtbInc2.dll
uURLSearchHooks: <No Name>: {00A6FAF6-072E-44cf-8957-5838F569A31D} - c:\program files\mywebsearch\bar\1.bin\MWSSRCAS.DLL
BHO: MyWebSearch Search Assistant BHO: {00A6FAF1-072E-44cf-8957-5838F569A31D} - c:\program files\mywebsearch\bar\1.bin\MWSSRCAS.DLL
BHO: {02478D38-C3F9-4efb-9B51-7695ECA05670} - <orphaned>
BHO: AcroIEHlprObj Class: {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - c:\program files\adobe\acrobat 7.0\activex\AcroIEHelper.dll
BHO: mwsBar BHO: {07B18EA1-A523-4961-B6BB-170DE4475CCA} - c:\program files\mywebsearch\bar\1.bin\MWSBAR.DLL
BHO: Smart Keyword Suggest: {26470A0E-27B2-4ff0-8D6B-C7D44B0D550A} - c:\program files\smart keyword suggest\SmartKeywordSuggest.dll
BHO: {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} - <orphaned>
BHO: Search Helper: {6EBF7485-159F-4bff-A14F-B9E3AAC4465B} - c:\program files\microsoft\search enhancement pack\search helper\SEPsearchhelperie.dll
BHO: {7E853D72-626A-48EC-A868-BA8D5E23E045} - <orphaned>
BHO: Windows Live ID Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - c:\program files\common files\microsoft shared\windows live\WindowsLiveLogin.dll
BHO: Google Toolbar Helper: {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\google toolbar\GoogleToolbar_32.dll
BHO: Google Toolbar Notifier BHO: {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - c:\program files\google\googletoolbarnotifier\5.6.5612.1312\swg.dll
BHO: Bing Bar BHO: {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - c:\program files\msn toolbar\platform\5.0.1355.0\npwinext.dll
BHO: IncrediMail MediaBar 2 Toolbar: {d40b90b4-d3b1-4d6b-a5d7-dc041c1b76c0} - c:\program files\incredimail_mediabar_2\prxtbInc2.dll
BHO: Java™ Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - c:\program files\java\jre6\bin\jp2ssv.dll
BHO: JQSIEStartDetectorImpl Class: {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - c:\program files\java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
BHO: PricePeep: {FD6D90C0-E6EE-4BC6-B9F7-9ED319698007} - c:\program files\pricepeep\pricepeep.dll
TB: Google Toolbar: {2318C2B1-4965-11D4-9B18-009027A5CD4F} - c:\program files\google\google toolbar\GoogleToolbar_32.dll
TB: IncrediMail MediaBar 2 Toolbar: {D40B90B4-D3B1-4D6B-A5D7-DC041C1B76C0} - c:\program files\incredimail_mediabar_2\prxtbInc2.dll
TB: My Web Search: {07B18EA9-A523-4961-B6BB-170DE4475CCA} - c:\program files\mywebsearch\bar\1.bin\MWSBAR.DLL
TB: @c:\program files\msn toolbar\platform\5.0.1355.0\npwinext.dll,-100: {8dcb7100-df86-4384-8842-8fa844297b3f} - c:\program files\msn toolbar\platform\5.0.1355.0\npwinext.dll
TB: Google Toolbar: {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\google toolbar\GoogleToolbar_32.dll
TB: IncrediMail MediaBar 2 Toolbar: {d40b90b4-d3b1-4d6b-a5d7-dc041c1b76c0} - c:\program files\incredimail_mediabar_2\prxtbInc2.dll
TB: My Web Search: {07B18EA9-A523-4961-B6BB-170DE4475CCA} - c:\program files\mywebsearch\bar\1.bin\MWSBAR.DLL
uRun: [MSMSGS] "c:\program files\messenger\msmsgs.exe" /background
uRun: [swg] "c:\program files\google\googletoolbarnotifier\GoogleToolbarNotifier.exe"
uRun: [Skype] "c:\program files\skype\phone\Skype.exe" /nosplash /minimized
uRun: [MyWebSearch Email Plugin] c:\progra~1\mywebs~1\bar\1.bin\mwsoemon.exe
uRun: [IncrediMail] c:\program files\incredimail\bin\IncMail.exe /c
uRun: [GoToMeeting] c:\program files\citrix\gotomeeting\320\g2mstart.exe "/Trigger RunAtLogon"
uRun: [GoToAssist Express Expert] "c:\program files\citrix\gotoassist express expert\136\g2ax_start.exe" "/Trigger RunAtLogon"
uRun: [RegistryBooster] "c:\program files\uniblue\registrybooster\launcher.exe" delay 20000
uRun: [Nukyux] "c:\documents and settings\bob eckenrode\application data\reutd\meep.exe"
uRun: [K14rU] "c:\documents and settings\bob eckenrode\my userprograms\k14ru.exe"
uRun: [jotgesadosjy] c:\documents and settings\bob eckenrode\jotgesadosjy.exe
uRun: [Uxqaca] "c:\documents and settings\bob eckenrode\application data\pebocu\nedeh.exe"
uRun: [IADirectShow] Rundll32.exe "c:\documents and settings\bob eckenrode\local settings\application data\iadirectshow\jhtkcasq.dll",?GetOpen@CWatIme@@QAEHXZ
uRun: [pleCommsTrust] rundll32.exe "c:\documents and settings\bob eckenrode\application data\plecommstrust\pleCommsTrust.dll",NativeCommsSched HandlerHelpppm
mRun: [Apoint] c:\program files\apoint2k\Apoint.exe
mRun: [My Web Search Bar Search Scope Monitor] "c:\progra~1\mywebs~1\bar\1.bin\m3SrchMn.exe" /m=2 /w /h
mRun: [SunJavaUpdateSched] "c:\program files\java\jre6\bin\jusched.exe"
mRun: [UpdateManager] "c:\program files\common files\sonic\update manager\sgtray.exe" /r
mRun: [RoxWatchTray] "c:\program files\common files\roxio shared\9.0\sharedcom\RoxWatchTray9.exe"
mRun: [QuickTime Task] "c:\program files\quicktime\qttask.exe" -atboottime
mRun: [osCheck] "c:\program files\norton internet security\osCheck.exe"
mRun: [nwiz] nwiz.exe /install
mRun: [medicsp2] c:\program files\twc\medicsp2\bin\sprtcmd.exe /P medicsp2
mRun: [IMJPMIG8.1] "c:\windows\ime\imjp8_1\IMJPMIG.EXE" /Spoil /RemAdvDef /Migration32
mRun: [IkEJJmteVRTh.exe] c:\documents and settings\all users\application data\IkEJJmteVRTh.exe
mRun: [HP Software Update] c:\program files\hp\hp software update\HPWuSchd2.exe
mRun: [eFax 4.3] "c:\program files\efax messenger 4.3\J2GDllCmd.exe" /R
mRun: [Cpqset] c:\program files\hpq\default settings\cpqset.exe
mRun: [Bing Bar] "c:\program files\msn toolbar\platform\5.0.1355.0\mswinext.exe"
mRun: [BarbieGirlsTray] c:\program files\mattel\barbie girls\Mattel.BarbieGirls.Tray.exe
mRun: [AppleSyncNotifier] c:\program files\common files\apple\mobile device support\bin\AppleSyncNotifier.exe
mRun: [AGRSMMSG] AGRSMMSG.exe
mRun: [MSC] "c:\program files\microsoft security client\msseces.exe" -hide -runkey
mRun: [APSDaemon] "c:\program files\common files\apple\apple application support\APSDaemon.exe"
mRun: [iTunesHelper] "c:\program files\itunes\iTunesHelper.exe"
mRun: [bcmft] rundll32.exe "c:\documents and settings\bob eckenrode\application data\bcmft.dll",DeleteTempFile
mRun: [icomg] "c:\windows\system32\rundll32.exe" "c:\documents and settings\bob eckenrode\application data\icomg.dll",Number_AsSsize_t
mRun: [Regedit32] c:\windows\system32\regedit.exe
mRun: [PC Cleaners] "c:\program files\pc cleaners\PCCleaners.exe" /minimize
dRun: [DWQueuedReporting] "c:\progra~1\common~1\micros~1\dw\dwtrig20.exe" -t
dRun: [AMService] c:\windows\system32\tubnfsuacpxyosxdpuo.exe
uPolicies-Explorer: NoDriveTypeAutoRun = dword:255
uPolicies-Explorer: _NoDriveTypeAutoRun = dword:0
uPolicies-System: DisableTaskMgr = dword:1
mPolicies-System: DisableTaskMgr = dword:1
mPolicies-Windows\System: Allow-LogonScript-NetbiosDisabled = dword:1
mPolicies-Explorer: NoDriveTypeAutoRun = dword:145
IE: &Search - http://edits.mywebsearch.com/toolbaredits/menusearch.jhtml?s=100000334&p=ZCxpt0248UUS&si=3008&a=aYE_SuBMiGWKnsGLqXPP4g&n=2011051512
IE: Send To &Bluetooth - c:\program files\widcomm\bluetooth software\btsendto_ie_ctx.htm
IE: {C4426C5A-77BB-4c93-803A-A2D73A58A8BB} - {26470A0E-27B2-4ff0-8D6B-C7D44B0D550A} - c:\program files\smart keyword suggest\SmartKeywordSuggest.dll
IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe
IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe
LSP: mswsock.dll
DPF: {01113300-3E00-11D2-8470-0060089874ED} - hxxp://supportcenter.rr.com/sdccommon/download/tgctlcm.cab
DPF: {02BCC737-B171-4746-94C9-0D8A0B2C0089} - hxxp://office.microsoft.com/templates/ieawsdc.cab
DPF: {05CA9FB0-3E3E-4B36-BF41-0E3A5CAA8CD8} - hxxp://download.microsoft.com/download/e/7/3/e7345c16-80aa-4488-ae10-9ac6be844f99/OGAControl.cab
DPF: {0CCA191D-13A6-4E29-B746-314DEE697D83} - hxxp://upload.facebook.com/controls/2008.10.10_v5.5.8/FacebookPhotoUploader5.cab
DPF: {166B1BCA-3F9C-11CF-8075-444553540000} - hxxp://download.macromedia.com/pub/shockwave/cabs/director/sw.cab
DPF: {233C1507-6A77-46A4-9443-F871F945D258} - hxxp://download.macromedia.com/pub/shockwave/cabs/director/sw.cab
DPF: {31435657-9980-0010-8000-00AA00389B71} - hxxp://download.microsoft.com/download/e/2/f/e2fcec4b-6c8b-48b7-adab-ab9c403a978f/wvc1dmo.cab
DPF: {3D19135C-6D38-44AD-80F0-D9318F48726D} - hxxp://bwweb2.sea5.speakeasy.net/commpilot/customcontrols/BwOutlook.CAB
DPF: {406B5949-7190-4245-91A9-30A17DE16AD0} - hxxp://photo.walgreens.com/WalgreensActivia.cab
DPF: {6A344D34-5231-452A-8A57-D064AC9B7862} - hxxps://webdl.symantec.com/activex/symdlmgr.cab
DPF: {77E32299-629F-43C6-AB77-6A1E6D7663F6} - hxxp://atv.disney.go.com/global/download/otoy/OTOYAX29b.cab
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_13-windows-i586.cab
DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} - hxxp://fpdownload.macromedia.com/get/flashplayer/current/polarbear/ultrashim.cab
DPF: {BAE1D8DF-0B35-47E3-A1E7-EEB3FF2ECD19} - hxxp://www.playfirst.com/play/game/dinerdashfloonthego/ddfotg.1.0.0.32.cab
DPF: {C7DB51B4-BCF7-4923-8874-7F1A0DC92277} - hxxp://office.microsoft.com/officeupdate/content/opuc4.cab
DPF: {CAFEEFAC-0015-0000-0007-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.5.0/jinstall-1_5_0_07-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0002-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_02-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0003-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_03-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0013-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_13-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_13-windows-i586.cab
DPF: {CB50428B-657F-47DF-9B32-671F82AA73F7} - hxxp://www.photodex.com/pxplay.cab
DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} - hxxp://download.macromedia.com/pub/shockwave/cabs/flash/swflash.cab
DPF: {DC75FEF6-165D-4D25-A518-C8C4BDA7BAA6} - hxxp://www.playfirst.com/play/game/dinerdash/DinerDash.1.0.0.93.cab
DPF: {F7EDBBEA-1AD2-4EBF-AA07-D453CC29EE65} - hxxps://plugins.valueactive.eu/flashax/iefax.cab
DPF: {FD0B6769-6490-4A91-AA0A-B5AE0DC75AC9} - hxxps://secure.logmein.com/activex/ractrl.cab?lmi=100
TCP: NameServer = 209.18.47.61 209.18.47.62
TCP: Interfaces\{3C189033-CE75-4CD3-8483-8C693ED7048C} : DHCPNameServer = 209.18.47.61 209.18.47.62
Handler: x-mem1 - {C3719F83-7EF8-4BA0-89B0-3360C7AFB7CC} - c:\program files\common files\beaconsoftware\wowctl2.dll
SEH: Microsoft AntiMalware ShellExecuteHook - {091EB208-39DD-417D-A5DD-7E2C2D8FB9CB} - c:\program files\windows defender\MpShHook.dll
.
============= SERVICES / DRIVERS ===============
.
R2 sprtsvc_medicsp2;SupportSoft Sprocket Service (medicsp2);c:\program files\twc\medicsp2\bin\sprtsvc.exe [2007-7-6 202280]
R2 W32Serv;Windows Search Scheduler;c:\windows\msisear.exe [2012-9-19 275952]
S1 MpFilter;Microsoft Malware Protection Driver;c:\windows\system32\drivers\MpFilter.sys [2011-4-18 165648]
S1 MpKsl9321ac9f;MpKsl9321ac9f;\??\c:\documents and settings\all users\application data\microsoft\microsoft antimalware\definition updates\{e901aaa5-8ab8-4d9f-a520-f700434d8e6a}\mpksl9321ac9f.sys --> c:\documents and settings\all users\application data\microsoft\microsoft antimalware\definition updates\{e901aaa5-8ab8-4d9f-a520-f700434d8e6a}\MpKsl9321ac9f.sys [?]
S2 AMService;AMService;c:\windows\system32\tubnfsuacpxyosxdpuo.exe run --> c:\windows\system32\tubnfsuacpxyosxdpuo.exe run [?]
S2 MyWebSearchService;My Web Search Service;c:\progra~1\mywebs~1\bar\1.bin\mwssvc.exe [2011-5-15 34320]
S2 Norton PC Checkup Application Launcher;Norton PC Checkup Application Launcher;c:\program files\norton pc checkup\engine\2.0.11.20\SymcPCCULaunchSvc.exe [2012-8-26 123320]
S2 PCCUJobMgr;Common Client Job Manager Service;"c:\program files\norton pc checkup\engine\2.0.11.20\ccsvchst.exe" /s "pccujobmgr" /m "c:\program files\norton pc checkup\engine\2.0.11.20\dimaster.dll" /prefetch:1 --> c:\program files\norton pc checkup\engine\2.0.11.20\ccSvcHst.exe [?]
S3 cpuz132;cpuz132;\??\c:\docume~1\bobeck~1\locals~1\temp\cpuz132\cpuz132_x32.sys --> c:\docume~1\bobeck~1\locals~1\temp\cpuz132\cpuz132_x32.sys [?]
S3 NWUSBPort2;Novatel Wireless USB Status2 Port Driver;c:\windows\system32\drivers\nwusbser2.sys [2006-11-7 174336]
.
=============== Created Last 30 ================
.
2013-01-16 21:51:20 -------- d-----w- c:\documents and settings\bob eckenrode\application data\pleCommsTrust
2013-01-09 22:19:51 -------- d-----w- c:\documents and settings\bob eckenrode\local settings\application data\IADirectShow
2012-12-21 03:13:45 -------- d-----w- c:\documents and settings\bob eckenrode\application data\PC Cleaners
2012-12-21 03:13:06 -------- d-----w- c:\program files\PC Cleaners
2012-12-21 03:13:06 -------- d-----w- c:\documents and settings\bob eckenrode\application data\PCPro
2012-12-21 03:13:06 -------- d-----w- c:\documents and settings\all users\application data\PC1Data
2012-12-18 01:07:13 -------- d-----w- c:\documents and settings\bob eckenrode\local settings\application data\PCHealth
2012-12-18 00:40:11 -------- d-----w- c:\windows\system32\wbem\repository\FS
2012-12-18 00:40:11 -------- d-----w- c:\windows\system32\wbem\Repository
.
==================== Find3M ====================
.
2012-12-21 03:12:44 4727688 ----a-w- c:\windows\uninst.exe
2012-12-13 23:51:21 57104 ----a-w- c:\documents and settings\bob eckenrode\application data\dllexp.dll
2012-12-12 01:29:35 280064 ----a-w- c:\documents and settings\bob eckenrode\wgsdgsdgdsgsd.exe
2012-12-12 01:29:35 280064 ----a-w- c:\documents and settings\bob eckenrode\application data\WklIS.exe
2012-11-29 21:19:20 117582 ----a-w- c:\documents and settings\bob eckenrode\jtxvqphqtqa.exe
2012-11-28 21:06:14 133632 --sha-w- c:\documents and settings\bob eckenrode\26b4853a-5762.exe
2012-11-28 21:05:36 108544 ----a-w- c:\windows\system32\dlwjsuclnastxnkigfwmmxd.exe
2012-11-28 21:05:36 108544 ----a-w- c:\documents and settings\bob eckenrode\dlwjsuclnastxnkigfwmmxd.exe
2012-11-28 21:05:35 40468 ----a-w- c:\documents and settings\bob eckenrode\xhfxurlsvnggbqdiiwrbc.exe
2012-11-17 17:05:37 524312 ----a-w- c:\windows\system32\PerfStringBackup.TMP
2007-04-29 13:54:47 774144 ----a-w- c:\program files\RngInterstitial.dll
.
============= FINISH: 17:46:16.34 ===============

#6 Oh My!

Oh My!

    Adware and Spyware and Malware.....


  • Malware Response Instructor
  • 37,734 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:California
  • Local time:01:01 PM

Posted 16 January 2013 - 07:35 PM

Hi Bob,

Well you were right even if you didn't know it. Your computer is seriously messed up with viruses. I want to first provide you with the following warning then, after considering the information you can let me know your feelings about where we are and where you would like to go.



===================================================


BACKDOOR WARNING!

--------------------

One or more of the identified infections is a Backdoor Trojan.

This allows hackers to remotely control your computer, steal critical system information and download and execute files.

I would counsel you to disconnect this PC from the Internet immediately. If you do any banking or other financial transactions on the PC or if it should contain any other sensitive information, please get to a known clean computer and change all passwords where applicable, and it would be wise to contact those same financial institutions to apprise them of your situation. Please let me know if you have already noticed evedences of financial institution irregularities.

Though the trojan has been identified and can be killed, because of it's backdoor functionality, your PC is very likely compromised and there is no way to be sure your computer can ever again be trusted. Many experts in the security community believe that once infected with this type of trojan, the best course of action would be a reformat and reinstall of the OS. Please read these for more information:

How Do I Handle Possible Identify Theft, Internet Fraud and CC Fraud?
When Should I Format, How Should I Reinstall

We can still clean this machine but I can't guarantee that it will be 100% secure afterwards. Let me know what you decide to do.
Gary
 
If I do not reply within 24 hours please send me a Personal Message.

"Lord, to whom would we go? You have the words that give eternal life. We believe, and we know you are the Holy One of God."

#7 B_Eckenrode

B_Eckenrode
  • Topic Starter

  • Members
  • 6 posts
  • OFFLINE
  •  
  • Local time:03:01 PM

Posted 16 January 2013 - 10:40 PM

Gary,

Thanks. I had figured it was bad, but didn't think it was all that bad. As for missing or hacked information, I have not seen anything to indicate that we have any stolen information. I have not used that computer for about 3 years now. Hopefully, there wasn't anything on there that was ripped off and I am not aware of it. Also, with our credit rating, identity thieves will probably laugh at us (LOL).

I have disconnected that machine from the internet and will only utilize for any downloads that you may need. I will try to copy everything you may need to a thumb drive and send it to you through this machine.

Almost everything of importance on this machine has been removed a long time ago. The picture files that were on that machine were not blocked and have since been stored on a separate drive external to that computer. It is only the files that my daughter has been working on that or of any concern. I know it may be a long shot to get them decrypted, but I want to try as best I can. She has spent about 6 months writing this book. Hopefully we will be successful. Even if there is a hidden copied file that I am not aware of, would be awesome.

Let me know what to do next.

Again, thank you so much for the time you are spending on this.

#8 Oh My!

Oh My!

    Adware and Spyware and Malware.....


  • Malware Response Instructor
  • 37,734 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:California
  • Local time:01:01 PM

Posted 16 January 2013 - 11:33 PM

Hi Bob,

It is my pleasure to try to help you.

I want to hold off on taking any steps to clean your computer because we don't want to inadvertently eliminate any chance to decrypt the file(s), although I am not very optimistic to begin with. Please upload one of the files here to see if it can be analyzed.

I would also like you to do this for me please.


===================================================


SystemLook by jpshortstuff

--------------------

Please download SystemLook from one of the links below and save it to your Desktop.

Download Mirror #1
Download Mirror #2

  • Double-click SystemLook.exe to run it.
  • Copy the content of the following codebox into the main textfield:

    :filefind
    *.block
    
  • Click the Look button to start the scan.
  • When finished, a notepad window will open with the results of the scan. Please post this log in your next reply.
  • If the file is too large please zip and attach it to your reply
Note: The log can also be found on your Desktop entitled SystemLook.txt

===================================================


Things I would like to see in your next reply. Please be sure to copy and paste the information rather than send an attachment. :thumbsup2:

  • Uploaded file
  • SystemLook log

Gary
 
If I do not reply within 24 hours please send me a Personal Message.

"Lord, to whom would we go? You have the words that give eternal life. We believe, and we know you are the Holy One of God."

#9 B_Eckenrode

B_Eckenrode
  • Topic Starter

  • Members
  • 6 posts
  • OFFLINE
  •  
  • Local time:03:01 PM

Posted 17 January 2013 - 11:17 PM

Gary,

Sorry for the delay in getting back to you. Somehow, we got lucky and the document was now unblocked and we were able to transfer it to her new computer. Many of the files were now un-blocked. I know a few days ago I ran a utility on one of the threads that I saw on this website. It did everything it was supposed to do, but I never restarted my computer. I guess after we restarted the computer it finished the work and unblocked the files.

I want to thank you for your attention to this matter and I hopefully look forward to not having to talk again - :-). I will, however, come back here if I ever have any questions in the future.

Thanks Again.

Bob

#10 Oh My!

Oh My!

    Adware and Spyware and Malware.....


  • Malware Response Instructor
  • 37,734 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:California
  • Local time:01:01 PM

Posted 17 January 2013 - 11:34 PM

Hi Bob,

That is very good news. I am happy!

Just curious, do you remember what utility you ran?
Gary
 
If I do not reply within 24 hours please send me a Personal Message.

"Lord, to whom would we go? You have the words that give eternal life. We believe, and we know you are the Holy One of God."

#11 B_Eckenrode

B_Eckenrode
  • Topic Starter

  • Members
  • 6 posts
  • OFFLINE
  •  
  • Local time:03:01 PM

Posted 18 January 2013 - 05:33 PM

Gary,

Here is the topic that I found before joining that I used to unlock the files (at least I believe they did).

http://www.bleepingcomputer.com/forums/topic446111.html/page__st__165

and this was the link that I used:

http://tmp.emsisoft.com/fw/decrypt_birele.zip

#12 Oh My!

Oh My!

    Adware and Spyware and Malware.....


  • Malware Response Instructor
  • 37,734 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:California
  • Local time:01:01 PM

Posted 18 January 2013 - 07:24 PM

Hi Bob,

You are most fortunate. That fix doesn't always work, in fact most of the time it doesn't because of the encryption methods. I am happy for you!

Since we wrapped this up I am going to close this thread but you can always send me a Personal Message. If I may, I would like to provide you with some excellent information about what steps you can take to keep your computer clean.


Lawrence Abrams, the founder of BleepingComputer.com, has developed an excellent tutorial which will provide you with the information you need to know to keep your computer secure and clean. Please take the time to read:

In addition, here are some more links you might find of interest:


Thank you for placing your trust in BleepingComputer. It was a pleasure serving you. Posted Image

Edited by Oh My, 19 January 2013 - 11:19 AM.

Gary
 
If I do not reply within 24 hours please send me a Personal Message.

"Lord, to whom would we go? You have the words that give eternal life. We believe, and we know you are the Holy One of God."

#13 Oh My!

Oh My!

    Adware and Spyware and Malware.....


  • Malware Response Instructor
  • 37,734 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:California
  • Local time:01:01 PM

Posted 18 January 2013 - 07:25 PM

It appears that this issue is resolved, therefore I am closing the topic. If that is not the case and you need or wish to continue with this topic, please send me or any Moderator a Personal Message (PM) that you would like this topic re-opened.
Gary
 
If I do not reply within 24 hours please send me a Personal Message.

"Lord, to whom would we go? You have the words that give eternal life. We believe, and we know you are the Holy One of God."




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users