Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Ransomeware and ZeroRootAccess Infections


  • This topic is locked This topic is locked
13 replies to this topic

#1 NickPatMel1

NickPatMel1

  • Members
  • 10 posts
  • OFFLINE
  •  
  • Local time:03:06 AM

Posted 06 August 2013 - 09:00 AM

Hey Guys,

 

The Godfather King sent me here.  I have a DOJ/MoneyPak Ransomware infection that I cannot shake.  All safe modes (including command prompt), hitman pro, rkill, tdskiller, have been unsuccessful.  I have turned the internet off, and I get about 1 minute to do something before the screen is locked by the DOJ if the internet is off.  If it is on, the lock is automatic. 

RKill told me that I have a ZeroRootAccess infection.  So, I got a DDS, here it is. Also, I am running Windows XP on an old crappy laptop:

 

.
UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.
IF REQUESTED, ZIP IT UP & ATTACH IT
.
DDS (Ver_2012-11-20.01)
.
Microsoft Windows XP Professional
Boot Device: \Device\HarddiskVolume2
Install Date: 11/13/2007 11:49:46 AM
System Uptime: 8/6/2013 9:43:34 AM (0 hours ago)
.
Motherboard: Sony Corporation |  | VAIO
Processor: Intel® Core™2 Duo CPU     T7100  @ 1.80GHz | N/A | 1184/200mhz
.
==== Disk Partitions =========================
.
C: is FIXED (NTFS) - 68 GiB total, 28.61 GiB free.
D: is Removable
E: is Removable
G: is CDROM ()
H: is Removable
.
==== Disabled Device Manager Items =============
.
Class GUID: {6BDD1FC6-810F-11D0-BEC7-08002BE2092F}
Description: Photosmart C309a series
Device ID: ROOT\IMAGE\0000
Manufacturer: HP
Name: C309a,192.168.1.100
PNP Device ID: ROOT\IMAGE\0000
Service: StillCam
.
Class GUID: {4D36E971-E325-11CE-BFC1-08002BE10318}
Description: Photosmart C309a series
Device ID: ROOT\MULTIFUNCTION\0000
Manufacturer: HP
Name: Photosmart C309a series
PNP Device ID: ROOT\MULTIFUNCTION\0000
Service:
.
Class GUID: {4D36E971-E325-11CE-BFC1-08002BE10318}
Description: hp LaserJet 2430
Device ID: ROOT\MULTIFUNCTION\0001
Manufacturer: Hewlett-Packard
Name: hp LaserJet 2430
PNP Device ID: ROOT\MULTIFUNCTION\0001
Service:
.
Class GUID: {4D36E971-E325-11CE-BFC1-08002BE10318}
Description: deskjet 6127
Device ID: ROOT\MULTIFUNCTION\0002
Manufacturer: hp
Name: deskjet 6127
PNP Device ID: ROOT\MULTIFUNCTION\0002
Service:
.
Class GUID: {4D36E971-E325-11CE-BFC1-08002BE10318}
Description: HP Color LaserJet CM2320nf MFP
Device ID: ROOT\MULTIFUNCTION\0003
Manufacturer: Hewlett-Packard
Name: HP Color LaserJet CM2320nf MFP
PNP Device ID: ROOT\MULTIFUNCTION\0003
Service:
.
Class GUID: {4D36E971-E325-11CE-BFC1-08002BE10318}
Description: hp LaserJet 4250
Device ID: ROOT\MULTIFUNCTION\0004
Manufacturer: Hewlett-Packard
Name: hp LaserJet 4250
PNP Device ID: ROOT\MULTIFUNCTION\0004
Service:
.
Class GUID: {4D36E971-E325-11CE-BFC1-08002BE10318}
Description: HP Color LaserJet CP2025n
Device ID: ROOT\MULTIFUNCTION\0005
Manufacturer: Hewlett-Packard
Name: HP Color LaserJet CP2025n
PNP Device ID: ROOT\MULTIFUNCTION\0005
Service:
.
Class GUID: {4D36E971-E325-11CE-BFC1-08002BE10318}
Description: HP LaserJet 4050 Series
Device ID: ROOT\MULTIFUNCTION\0006
Manufacturer: Hewlett-Packard
Name: HP LaserJet 4050 Series
PNP Device ID: ROOT\MULTIFUNCTION\0006
Service:
.
Class GUID: {4D36E971-E325-11CE-BFC1-08002BE10318}
Description: hp LaserJet 2430
Device ID: ROOT\MULTIFUNCTION\0007
Manufacturer: Hewlett-Packard
Name: hp LaserJet 2430
PNP Device ID: ROOT\MULTIFUNCTION\0007
Service:
.
Class GUID: {4D36E971-E325-11CE-BFC1-08002BE10318}
Description: hp LaserJet 4250
Device ID: ROOT\MULTIFUNCTION\0008
Manufacturer: Hewlett-Packard
Name: hp LaserJet 4250
PNP Device ID: ROOT\MULTIFUNCTION\0008
Service:
.
Class GUID: {4D36E971-E325-11CE-BFC1-08002BE10318}
Description: hp LaserJet 2430
Device ID: ROOT\MULTIFUNCTION\0009
Manufacturer: Hewlett-Packard
Name: hp LaserJet 2430
PNP Device ID: ROOT\MULTIFUNCTION\0009
Service:
.
Class GUID: {4D36E971-E325-11CE-BFC1-08002BE10318}
Description: hp LaserJet 9050
Device ID: ROOT\MULTIFUNCTION\0010
Manufacturer: Hewlett-Packard
Name: hp LaserJet 9050
PNP Device ID: ROOT\MULTIFUNCTION\0010
Service:
.
Class GUID: {4D36E971-E325-11CE-BFC1-08002BE10318}
Description: hp LaserJet 2430
Device ID: ROOT\MULTIFUNCTION\0011
Manufacturer: Hewlett-Packard
Name: hp LaserJet 2430
PNP Device ID: ROOT\MULTIFUNCTION\0011
Service:
.
Class GUID: {4D36E971-E325-11CE-BFC1-08002BE10318}
Description: hp LaserJet 9050
Device ID: ROOT\MULTIFUNCTION\0012
Manufacturer: Hewlett-Packard
Name: hp LaserJet 9050
PNP Device ID: ROOT\MULTIFUNCTION\0012
Service:
.
Class GUID: {4D36E971-E325-11CE-BFC1-08002BE10318}
Description: hp LaserJet 2430
Device ID: ROOT\MULTIFUNCTION\0013
Manufacturer: Hewlett-Packard
Name: hp LaserJet 2430
PNP Device ID: ROOT\MULTIFUNCTION\0013
Service:
.
Class GUID: {4D36E971-E325-11CE-BFC1-08002BE10318}
Description: hp LaserJet 2430
Device ID: ROOT\MULTIFUNCTION\0014
Manufacturer: Hewlett-Packard
Name: hp LaserJet 2430
PNP Device ID: ROOT\MULTIFUNCTION\0014
Service:
.
Class GUID: {4D36E971-E325-11CE-BFC1-08002BE10318}
Description: HP LaserJet 4100 Series
Device ID: ROOT\MULTIFUNCTION\0015
Manufacturer: Hewlett-Packard
Name: HP LaserJet 4100 Series
PNP Device ID: ROOT\MULTIFUNCTION\0015
Service:
.
Class GUID: {4D36E971-E325-11CE-BFC1-08002BE10318}
Description: hp LaserJet 2430
Device ID: ROOT\MULTIFUNCTION\0016
Manufacturer: Hewlett-Packard
Name: hp LaserJet 2430
PNP Device ID: ROOT\MULTIFUNCTION\0016
Service:
.
Class GUID: {4D36E971-E325-11CE-BFC1-08002BE10318}
Description: HP LaserJet 4100 Series
Device ID: ROOT\MULTIFUNCTION\0017
Manufacturer: Hewlett-Packard
Name: HP LaserJet 4100 Series
PNP Device ID: ROOT\MULTIFUNCTION\0017
Service:
.
Class GUID: {4D36E971-E325-11CE-BFC1-08002BE10318}
Description: HP LaserJet 2200
Device ID: ROOT\MULTIFUNCTION\0018
Manufacturer:
Name: HP LaserJet 2200
PNP Device ID: ROOT\MULTIFUNCTION\0018
Service:
.
Class GUID: {4D36E971-E325-11CE-BFC1-08002BE10318}
Description: hp LaserJet 4300
Device ID: ROOT\MULTIFUNCTION\0019
Manufacturer: Hewlett-Packard
Name: hp LaserJet 4300
PNP Device ID: ROOT\MULTIFUNCTION\0019
Service:
.
Class GUID: {4D36E971-E325-11CE-BFC1-08002BE10318}
Description: HP LaserJet CM1415fnw
Device ID: ROOT\MULTIFUNCTION\0020
Manufacturer: Hewlett-Packard
Name: HP LaserJet CM1415fnw
PNP Device ID: ROOT\MULTIFUNCTION\0020
Service:
.
Class GUID: {4D36E971-E325-11CE-BFC1-08002BE10318}
Description: HP LaserJet 9000 Series
Device ID: ROOT\MULTIFUNCTION\0021
Manufacturer: Hewlett-Packard
Name: HP LaserJet 9000 Series
PNP Device ID: ROOT\MULTIFUNCTION\0021
Service:
.
Class GUID: {4D36E971-E325-11CE-BFC1-08002BE10318}
Description: hp LaserJet 4240
Device ID: ROOT\MULTIFUNCTION\0022
Manufacturer: Hewlett-Packard
Name: hp LaserJet 4240
PNP Device ID: ROOT\MULTIFUNCTION\0022
Service:
.
Class GUID: {4D36E971-E325-11CE-BFC1-08002BE10318}
Description: hp LaserJet 4250
Device ID: ROOT\MULTIFUNCTION\0023
Manufacturer: Hewlett-Packard
Name: hp LaserJet 4250
PNP Device ID: ROOT\MULTIFUNCTION\0023
Service:
.
Class GUID: {4D36E971-E325-11CE-BFC1-08002BE10318}
Description: HP LaserJet P2055dn
Device ID: ROOT\MULTIFUNCTION\0024
Manufacturer: Hewlett-Packard
Name: HP LaserJet P2055dn
PNP Device ID: ROOT\MULTIFUNCTION\0024
Service:
.
Class GUID: {4D36E971-E325-11CE-BFC1-08002BE10318}
Description: designjet 5500 (Q1253A)
Device ID: ROOT\MULTIFUNCTION\0025
Manufacturer: Hewlett-Packard
Name: designjet 5500 (Q1253A)
PNP Device ID: ROOT\MULTIFUNCTION\0025
Service:
.
Class GUID: {4D36E971-E325-11CE-BFC1-08002BE10318}
Description: hp LaserJet 2430
Device ID: ROOT\MULTIFUNCTION\0026
Manufacturer: Hewlett-Packard
Name: hp LaserJet 2430
PNP Device ID: ROOT\MULTIFUNCTION\0026
Service:
.
Class GUID: {4D36E971-E325-11CE-BFC1-08002BE10318}
Description: HP LaserJet 2200
Device ID: ROOT\MULTIFUNCTION\0027
Manufacturer:
Name: HP LaserJet 2200
PNP Device ID: ROOT\MULTIFUNCTION\0027
Service:
.
Class GUID: {4D36E971-E325-11CE-BFC1-08002BE10318}
Description: hp LaserJet 4240
Device ID: ROOT\MULTIFUNCTION\0028
Manufacturer: Hewlett-Packard
Name: hp LaserJet 4240
PNP Device ID: ROOT\MULTIFUNCTION\0028
Service:
.
Class GUID: {4D36E971-E325-11CE-BFC1-08002BE10318}
Description: hp LaserJet 4350
Device ID: ROOT\MULTIFUNCTION\0029
Manufacturer: Hewlett-Packard
Name: hp LaserJet 4350
PNP Device ID: ROOT\MULTIFUNCTION\0029
Service:
.
Class GUID: {4D36E971-E325-11CE-BFC1-08002BE10318}
Description: Officejet 6500 E710n-z
Device ID: ROOT\MULTIFUNCTION\0030
Manufacturer: HP
Name: Officejet 6500 E710n-z
PNP Device ID: ROOT\MULTIFUNCTION\0030
Service:
.
Class GUID: {4D36E971-E325-11CE-BFC1-08002BE10318}
Description: Officejet 6500 E710n-z
Device ID: ROOT\MULTIFUNCTION\0031
Manufacturer: HP
Name: Officejet 6500 E710n-z
PNP Device ID: ROOT\MULTIFUNCTION\0031
Service:
.
Class GUID: {4D36E971-E325-11CE-BFC1-08002BE10318}
Description: hp LaserJet 4240
Device ID: ROOT\MULTIFUNCTION\0032
Manufacturer: Hewlett-Packard
Name: hp LaserJet 4240
PNP Device ID: ROOT\MULTIFUNCTION\0032
Service:
.
Class GUID: {4D36E971-E325-11CE-BFC1-08002BE10318}
Description: hp LaserJet 4240
Device ID: ROOT\MULTIFUNCTION\0033
Manufacturer: Hewlett-Packard
Name: hp LaserJet 4240
PNP Device ID: ROOT\MULTIFUNCTION\0033
Service:
.
Class GUID: {4D36E971-E325-11CE-BFC1-08002BE10318}
Description: Deskjet 3050A J611 series
Device ID: ROOT\MULTIFUNCTION\0034
Manufacturer: HP
Name: Deskjet 3050A J611 series
PNP Device ID: ROOT\MULTIFUNCTION\0034
Service:
.
Class GUID: {4D36E971-E325-11CE-BFC1-08002BE10318}
Description: hp LaserJet 9050
Device ID: ROOT\MULTIFUNCTION\0035
Manufacturer: Hewlett-Packard
Name: hp LaserJet 9050
PNP Device ID: ROOT\MULTIFUNCTION\0035
Service:
.
Class GUID: {4D36E971-E325-11CE-BFC1-08002BE10318}
Description: HP LaserJet 2200
Device ID: ROOT\MULTIFUNCTION\0036
Manufacturer:
Name: HP LaserJet 2200
PNP Device ID: ROOT\MULTIFUNCTION\0036
Service:
.
Class GUID: {4D36E971-E325-11CE-BFC1-08002BE10318}
Description: HP LaserJet M2727nf MFP
Device ID: ROOT\MULTIFUNCTION\0037
Manufacturer: Hewlett-Packard
Name: HP LaserJet M2727nf MFP
PNP Device ID: ROOT\MULTIFUNCTION\0037
Service:
.
Class GUID: {4D36E971-E325-11CE-BFC1-08002BE10318}
Description: hp LaserJet 2430
Device ID: ROOT\MULTIFUNCTION\0038
Manufacturer: Hewlett-Packard
Name: hp LaserJet 2430
PNP Device ID: ROOT\MULTIFUNCTION\0038
Service:
.
Class GUID: {4D36E971-E325-11CE-BFC1-08002BE10318}
Description: hp LaserJet 4250
Device ID: ROOT\MULTIFUNCTION\0039
Manufacturer: Hewlett-Packard
Name: hp LaserJet 4250
PNP Device ID: ROOT\MULTIFUNCTION\0039
Service:
.
Class GUID: {4D36E971-E325-11CE-BFC1-08002BE10318}
Description: hp LaserJet 2430
Device ID: ROOT\MULTIFUNCTION\0040
Manufacturer: Hewlett-Packard
Name: hp LaserJet 2430
PNP Device ID: ROOT\MULTIFUNCTION\0040
Service:
.
Class GUID: {4D36E971-E325-11CE-BFC1-08002BE10318}
Description: hp LaserJet 2430
Device ID: ROOT\MULTIFUNCTION\0041
Manufacturer: Hewlett-Packard
Name: hp LaserJet 2430
PNP Device ID: ROOT\MULTIFUNCTION\0041
Service:
.
Class GUID: {4D36E971-E325-11CE-BFC1-08002BE10318}
Description: HP Designjet L26500 61in Printer
Device ID: ROOT\MULTIFUNCTION\0042
Manufacturer: Hewlett-Packard
Name: HP Designjet L26500 61in Printer
PNP Device ID: ROOT\MULTIFUNCTION\0042
Service:
.
Class GUID: {4D36E971-E325-11CE-BFC1-08002BE10318}
Description: Deskjet 6980 series
Device ID: ROOT\MULTIFUNCTION\0043
Manufacturer: HP
Name: Deskjet 6980 series
PNP Device ID: ROOT\MULTIFUNCTION\0043
Service:
.
==== System Restore Points ===================
.
RP1236: 5/30/2013 9:23:58 AM - System Checkpoint
RP1237: 5/31/2013 10:04:15 AM - System Checkpoint
RP1238: 6/1/2013 11:03:17 AM - System Checkpoint
RP1239: 6/2/2013 12:02:07 PM - System Checkpoint
RP1240: 6/3/2013 12:19:13 PM - System Checkpoint
RP1241: 6/4/2013 1:17:00 PM - System Checkpoint
RP1242: 6/5/2013 2:16:54 PM - System Checkpoint
RP1243: 6/5/2013 3:53:07 PM - Restore Operation
RP1244: 6/6/2013 4:00:37 PM - System Checkpoint
RP1245: 6/7/2013 4:23:17 PM - System Checkpoint
RP1246: 6/8/2013 4:32:11 PM - System Checkpoint
RP1247: 6/9/2013 5:30:02 PM - System Checkpoint
RP1248: 6/10/2013 5:36:02 PM - System Checkpoint
RP1249: 6/10/2013 6:48:21 PM - Restore Operation
RP1250: 6/11/2013 6:56:51 PM - System Checkpoint
RP1251: 6/12/2013 7:31:58 PM - System Checkpoint
RP1252: 6/13/2013 3:00:38 AM - Software Distribution Service 3.0
RP1253: 6/14/2013 3:51:19 AM - System Checkpoint
RP1254: 6/15/2013 4:50:19 AM - System Checkpoint
RP1255: 6/16/2013 5:50:23 AM - System Checkpoint
RP1256: 6/17/2013 6:49:12 AM - System Checkpoint
RP1257: 6/18/2013 9:05:00 AM - System Checkpoint
RP1258: 6/19/2013 9:30:51 AM - System Checkpoint
RP1259: 6/20/2013 10:29:56 AM - System Checkpoint
RP1260: 6/21/2013 11:16:54 AM - System Checkpoint
RP1261: 6/22/2013 12:15:50 PM - System Checkpoint
RP1262: 6/23/2013 1:13:45 PM - System Checkpoint
RP1263: 6/24/2013 2:11:33 PM - System Checkpoint
RP1264: 6/25/2013 3:10:32 PM - System Checkpoint
RP1265: 6/26/2013 4:09:02 PM - System Checkpoint
RP1266: 6/27/2013 4:56:01 PM - System Checkpoint
RP1267: 6/27/2013 6:07:13 PM - Removed Java 7 Update 21
RP1268: 6/27/2013 6:08:00 PM - Installed Java 7 Update 25
RP1269: 6/28/2013 6:54:03 PM - System Checkpoint
RP1270: 6/29/2013 7:52:08 PM - System Checkpoint
RP1271: 6/30/2013 8:51:04 PM - System Checkpoint
RP1272: 7/1/2013 9:48:43 PM - System Checkpoint
RP1273: 7/2/2013 9:57:06 PM - System Checkpoint
RP1274: 7/3/2013 9:58:45 PM - System Checkpoint
RP1275: 7/4/2013 10:57:41 PM - System Checkpoint
RP1276: 7/5/2013 11:56:34 PM - System Checkpoint
RP1277: 6/8/2013 9:07:15 AM - System Checkpoint
RP1278: 7/8/2013 10:35:01 PM - System Checkpoint
RP1279: 7/9/2013 11:31:54 PM - System Checkpoint
RP1280: 7/11/2013 12:30:50 AM - System Checkpoint
RP1281: 7/12/2013 1:28:48 AM - System Checkpoint
RP1282: 7/13/2013 2:27:46 AM - System Checkpoint
RP1283: 7/14/2013 3:20:39 AM - Software Distribution Service 3.0
RP1284: 7/16/2013 9:36:56 AM - System Checkpoint
RP1285: 7/17/2013 3:00:18 AM - Software Distribution Service 3.0
RP1286: 7/18/2013 3:48:08 AM - System Checkpoint
RP1287: 7/19/2013 4:46:03 AM - System Checkpoint
RP1288: 7/20/2013 5:44:01 AM - System Checkpoint
RP1289: 7/21/2013 6:41:55 AM - System Checkpoint
RP1290: 7/22/2013 7:14:11 AM - System Checkpoint
RP1291: 7/23/2013 8:12:10 AM - System Checkpoint
RP1292: 7/24/2013 8:38:57 AM - System Checkpoint
RP1293: 7/25/2013 9:21:15 AM - System Checkpoint
RP1294: 7/26/2013 9:36:44 AM - System Checkpoint
RP1295: 7/27/2013 10:08:20 AM - System Checkpoint
RP1296: 7/28/2013 11:07:18 AM - System Checkpoint
RP1297: 7/29/2013 12:06:23 PM - System Checkpoint
RP1298: 7/30/2013 1:05:11 PM - System Checkpoint
RP1299: 7/31/2013 1:38:12 PM - System Checkpoint
.
==== Image File Execution Options =============
.
IFEO: Your Image File Name Here without a path - ntsd -d
.
==== Installed Programs ======================
.
32 Bit HP CIO Components Installer
Adobe Acrobat 5.0
Adobe AIR
Adobe Community Help
Adobe Flash Player 11 ActiveX
Adobe Media Player
Adobe Photoshop CS5
Adobe Reader 8.1.3
Alpha Zawgyi Unicode System
Amazon MP3 Downloader 1.0.17
Apple Application Support
Apple Mobile Device Support
Apple Software Update
ATI Display Driver
Bluetooth Stack for Windows by Toshiba
Bonjour
BufferChm
C309a
CCleaner
Corel Paint Shop Pro Photo XI
Corel Snapfire
Critical Update for Windows Media Player 11 (KB959772)
DocProc
Garmin USB Drivers
Garmin WebUpdater
Google Chrome
Google Toolbar for Internet Explorer
Google Update Helper
HDAUDIO SoftV92 Data Fax Modem with SmartCP
High Definition Audio Driver Package - KB835221
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB953595)
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB958484)
Hotfix for Windows Internet Explorer 7 (KB947864)
Hotfix for Windows Media Format 11 SDK (KB929399)
Hotfix for Windows Media Player 11 (KB939683)
Hotfix for Windows XP (KB2158563)
Hotfix for Windows XP (KB2443685)
Hotfix for Windows XP (KB2570791)
Hotfix for Windows XP (KB2633952)
Hotfix for Windows XP (KB2756822)
Hotfix for Windows XP (KB2779562)
Hotfix for Windows XP (KB915800-v4)
Hotfix for Windows XP (KB952287)
Hotfix for Windows XP (KB954550-v5)
Hotfix for Windows XP (KB961118)
Hotfix for Windows XP (KB970653-v3)
Hotfix for Windows XP (KB976098-v2)
Hotfix for Windows XP (KB979306)
Hotfix for Windows XP (KB981793)
HP Deskjet 3050A J611 series Basic Device Software
HP Deskjet 3050A J611 series Help
hp deskjet 6122
HP Photosmart C309a All-In-One Driver Software 12.0 Rel .5
hp print screen utility
iDumpPro
Intel® Graphics Media Accelerator Driver
Intel® PROSet/Wireless Software
InterVideo WinDVD for VAIO
ISScript
iTunes
J2SE Runtime Environment 5.0 Update 7
Java 7 Update 25
Java Auto Updater
Java™ 6 Update 3
Korean Fonts Support For Adobe Reader 8
LAN Setting Utility
LiveUpdate 2.6 (Symantec Corporation)
mCore
mDriver
mDrWiFi
Memory Stick Formatter
mHelp
Microsoft .NET Framework 1.1
Microsoft .NET Framework 1.1 Security Update (KB2698023)
Microsoft .NET Framework 1.1 Security Update (KB2833941)
Microsoft .NET Framework 1.1 Security Update (KB979906)
Microsoft .NET Framework 2.0 Service Pack 2
Microsoft .NET Framework 3.0 Service Pack 2
Microsoft .NET Framework 3.5 SP1
Microsoft Application Error Reporting
Microsoft Compression Client Pack 1.0 for Windows XP
Microsoft Data Access Components KB870669
Microsoft Internationalized Domain Names Mitigation APIs
Microsoft Kernel-Mode Driver Framework Feature Pack 1.9
Microsoft National Language Support Downlevel APIs
Microsoft Office 2007 Service Pack 3 (SP3)
Microsoft Office Access MUI (English) 2007
Microsoft Office Access Setup Metadata MUI (English) 2007
Microsoft Office Enterprise 2007
Microsoft Office Excel MUI (English) 2007
Microsoft Office File Validation Add-In
Microsoft Office Groove MUI (English) 2007
Microsoft Office Groove Setup Metadata MUI (English) 2007
Microsoft Office InfoPath MUI (English) 2007
Microsoft Office OneNote MUI (English) 2007
Microsoft Office Outlook MUI (English) 2007
Microsoft Office PowerPoint MUI (English) 2007
Microsoft Office Proof (English) 2007
Microsoft Office Proof (French) 2007
Microsoft Office Proof (Spanish) 2007
Microsoft Office Proofing (English) 2007
Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
Microsoft Office Publisher MUI (English) 2007
Microsoft Office Shared MUI (English) 2007
Microsoft Office Shared Setup Metadata MUI (English) 2007
Microsoft Office Standard 2007
Microsoft Office Word MUI (English) 2007
Microsoft Security Essentials
Microsoft Silverlight
Microsoft Software Update for Web Folders  (English) 12
Microsoft SQL Server Native Client
Microsoft SQL Server Setup Support Files (English)
Microsoft SQL Server VSS Writer
Microsoft User-Mode Driver Framework Feature Pack 1.0
Microsoft Visual C++ 2008 ATL Update kb973924 - x86 9.0.30729.4148
Microsoft Visual C++ 2008 Redistributable - KB2467174 - x86 9.0.30729.5570
Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
Microsoft_VC80_ATL_x86
Microsoft_VC80_CRT_x86
Microsoft_VC80_MFC_x86
Microsoft_VC80_MFCLOC_x86
Microsoft_VC90_ATL_x86
Microsoft_VC90_CRT_x86
Microsoft_VC90_MFC_x86
mIWA
mLogView
mMHouse
Mobile Broadband Drivers
mPfMgr
mPfWiz
mProSafe
mSCfg
MSXML 4.0 SP2 (KB927978)
MSXML 4.0 SP2 (KB936181)
MSXML 4.0 SP2 (KB954430)
MSXML 4.0 SP2 (KB973688)
MSXML 4.0 SP2 Parser and SDK
MSXML 6.0 Parser (KB933579)
Music Manager
mWlsSafe
mZConfig
Network
OCR Software by I.R.I.S. 12.0
OGA Notifier 2.0.0048.0
PDF Settings CS5
Protector Suite QL 5.3
PS_AIO_05_C309_Software_Min
QuickBooks Product Listing Service
Realtek High Definition Audio Driver
Samsung Kies
SAMSUNG USB Driver for Mobile Phones
Scan
Security Update for CAPICOM (KB931906)
Security Update for Microsoft .NET Framework 3.5 SP1 (KB2604111)
Security Update for Microsoft .NET Framework 3.5 SP1 (KB2657424)
Security Update for Microsoft .NET Framework 3.5 SP1 (KB2736416)
Security Update for Microsoft .NET Framework 3.5 SP1 (KB2840629)
Security Update for Microsoft Office 2007 suites (KB2596615) 32-Bit Edition
Security Update for Microsoft Office 2007 suites (KB2596744) 32-Bit Edition
Security Update for Microsoft Office 2007 suites (KB2596754) 32-Bit Edition
Security Update for Microsoft Office 2007 suites (KB2596785) 32-Bit Edition
Security Update for Microsoft Office 2007 suites (KB2596792) 32-Bit Edition
Security Update for Microsoft Office 2007 suites (KB2596871) 32-Bit Edition
Security Update for Microsoft Office 2007 suites (KB2597969) 32-Bit Edition
Security Update for Microsoft Office 2007 suites (KB2687309) 32-Bit Edition
Security Update for Microsoft Office 2007 suites (KB2687311) 32-Bit Edition
Security Update for Microsoft Office 2007 suites (KB2687439) 32-Bit Edition
Security Update for Microsoft Office 2007 suites (KB2687441) 32-Bit Edition
Security Update for Microsoft Office 2007 suites (KB2687499) 32-Bit Edition
Security Update for Microsoft Office 2007 suites (KB2760416) 32-Bit Edition
Security Update for Microsoft Office Excel 2007 (KB2687307) 32-Bit Edition
Security Update for Microsoft Office InfoPath 2007 (KB2687440) 32-Bit Edition
Security Update for Microsoft Office PowerPoint 2007 (KB2596764) 32-Bit Edition
Security Update for Microsoft Office PowerPoint 2007 (KB2596912) 32-Bit Edition
Security Update for Microsoft Office Publisher 2007 (KB2597971) 32-Bit Edition
Security Update for Microsoft Office Word 2007 (KB2760421) 32-Bit Edition
Security Update for Microsoft Windows (KB2564958)
Security Update for Step By Step Interactive Training (KB923723)
Security Update for Windows Internet Explorer 7 (KB938127)
Security Update for Windows Internet Explorer 7 (KB939653)
Security Update for Windows Internet Explorer 7 (KB942615)
Security Update for Windows Internet Explorer 7 (KB944533)
Security Update for Windows Internet Explorer 7 (KB950759)
Security Update for Windows Internet Explorer 7 (KB953838)
Security Update for Windows Internet Explorer 7 (KB956390)
Security Update for Windows Internet Explorer 7 (KB958215)
Security Update for Windows Internet Explorer 7 (KB960714)
Security Update for Windows Internet Explorer 7 (KB961260)
Security Update for Windows Internet Explorer 7 (KB963027)
Security Update for Windows Internet Explorer 7 (KB969897)
Security Update for Windows Internet Explorer 8 (KB2183461)
Security Update for Windows Internet Explorer 8 (KB2360131)
Security Update for Windows Internet Explorer 8 (KB2416400)
Security Update for Windows Internet Explorer 8 (KB2482017)
Security Update for Windows Internet Explorer 8 (KB2497640)
Security Update for Windows Internet Explorer 8 (KB2510531)
Security Update for Windows Internet Explorer 8 (KB2530548)
Security Update for Windows Internet Explorer 8 (KB2544521)
Security Update for Windows Internet Explorer 8 (KB2559049)
Security Update for Windows Internet Explorer 8 (KB2586448)
Security Update for Windows Internet Explorer 8 (KB2618444)
Security Update for Windows Internet Explorer 8 (KB2647516)
Security Update for Windows Internet Explorer 8 (KB2675157)
Security Update for Windows Internet Explorer 8 (KB2699988)
Security Update for Windows Internet Explorer 8 (KB2722913)
Security Update for Windows Internet Explorer 8 (KB2744842)
Security Update for Windows Internet Explorer 8 (KB2761465)
Security Update for Windows Internet Explorer 8 (KB2792100)
Security Update for Windows Internet Explorer 8 (KB2797052)
Security Update for Windows Internet Explorer 8 (KB2799329)
Security Update for Windows Internet Explorer 8 (KB2809289)
Security Update for Windows Internet Explorer 8 (KB2817183)
Security Update for Windows Internet Explorer 8 (KB2829530)
Security Update for Windows Internet Explorer 8 (KB2838727)
Security Update for Windows Internet Explorer 8 (KB2846071)
Security Update for Windows Internet Explorer 8 (KB2847204)
Security Update for Windows Internet Explorer 8 (KB969897)
Security Update for Windows Internet Explorer 8 (KB971961)
Security Update for Windows Internet Explorer 8 (KB972260)
Security Update for Windows Internet Explorer 8 (KB974455)
Security Update for Windows Internet Explorer 8 (KB976325)
Security Update for Windows Internet Explorer 8 (KB978207)
Security Update for Windows Internet Explorer 8 (KB981332)
Security Update for Windows Internet Explorer 8 (KB982381)
Security Update for Windows Media Player (KB2378111)
Security Update for Windows Media Player (KB2834904)
Security Update for Windows Media Player (KB911564)
Security Update for Windows Media Player (KB952069)
Security Update for Windows Media Player (KB954155)
Security Update for Windows Media Player (KB968816)
Security Update for Windows Media Player (KB973540)
Security Update for Windows Media Player (KB975558)
Security Update for Windows Media Player (KB978695)
Security Update for Windows Media Player 11 (KB936782)
Security Update for Windows Media Player 11 (KB954154)
Security Update for Windows Media Player 6.4 (KB925398)
Security Update for Windows Search 4 - KB963093
Security Update for Windows XP (KB2079403)
Security Update for Windows XP (KB2115168)
Security Update for Windows XP (KB2121546)
Security Update for Windows XP (KB2160329)
Security Update for Windows XP (KB2229593)
Security Update for Windows XP (KB2259922)
Security Update for Windows XP (KB2279986)
Security Update for Windows XP (KB2286198)
Security Update for Windows XP (KB2296011)
Security Update for Windows XP (KB2296199)
Security Update for Windows XP (KB2347290)
Security Update for Windows XP (KB2360937)
Security Update for Windows XP (KB2387149)
Security Update for Windows XP (KB2393802)
Security Update for Windows XP (KB2412687)
Security Update for Windows XP (KB2419632)
Security Update for Windows XP (KB2423089)
Security Update for Windows XP (KB2436673)
Security Update for Windows XP (KB2440591)
Security Update for Windows XP (KB2443105)
Security Update for Windows XP (KB2476490)
Security Update for Windows XP (KB2476687)
Security Update for Windows XP (KB2478960)
Security Update for Windows XP (KB2478971)
Security Update for Windows XP (KB2479628)
Security Update for Windows XP (KB2479943)
Security Update for Windows XP (KB2481109)
Security Update for Windows XP (KB2483185)
Security Update for Windows XP (KB2485376)
Security Update for Windows XP (KB2485663)
Security Update for Windows XP (KB2491683)
Security Update for Windows XP (KB2503658)
Security Update for Windows XP (KB2503665)
Security Update for Windows XP (KB2506212)
Security Update for Windows XP (KB2506223)
Security Update for Windows XP (KB2507618)
Security Update for Windows XP (KB2507938)
Security Update for Windows XP (KB2508272)
Security Update for Windows XP (KB2508429)
Security Update for Windows XP (KB2509553)
Security Update for Windows XP (KB2511455)
Security Update for Windows XP (KB2524375)
Security Update for Windows XP (KB2535512)
Security Update for Windows XP (KB2536276-v2)
Security Update for Windows XP (KB2536276)
Security Update for Windows XP (KB2544893-v2)
Security Update for Windows XP (KB2544893)
Security Update for Windows XP (KB2555917)
Security Update for Windows XP (KB2562937)
Security Update for Windows XP (KB2566454)
Security Update for Windows XP (KB2567053)
Security Update for Windows XP (KB2567680)
Security Update for Windows XP (KB2570222)
Security Update for Windows XP (KB2570947)
Security Update for Windows XP (KB2584146)
Security Update for Windows XP (KB2585542)
Security Update for Windows XP (KB2592799)
Security Update for Windows XP (KB2598479)
Security Update for Windows XP (KB2603381)
Security Update for Windows XP (KB2618451)
Security Update for Windows XP (KB2619339)
Security Update for Windows XP (KB2620712)
Security Update for Windows XP (KB2621440)
Security Update for Windows XP (KB2624667)
Security Update for Windows XP (KB2631813)
Security Update for Windows XP (KB2633171)
Security Update for Windows XP (KB2639417)
Security Update for Windows XP (KB2641653)
Security Update for Windows XP (KB2646524)
Security Update for Windows XP (KB2647518)
Security Update for Windows XP (KB2653956)
Security Update for Windows XP (KB2655992)
Security Update for Windows XP (KB2659262)
Security Update for Windows XP (KB2660465)
Security Update for Windows XP (KB2661637)
Security Update for Windows XP (KB2676562)
Security Update for Windows XP (KB2685939)
Security Update for Windows XP (KB2686509)
Security Update for Windows XP (KB2691442)
Security Update for Windows XP (KB2695962)
Security Update for Windows XP (KB2698365)
Security Update for Windows XP (KB2705219)
Security Update for Windows XP (KB2707511)
Security Update for Windows XP (KB2709162)
Security Update for Windows XP (KB2712808)
Security Update for Windows XP (KB2718523)
Security Update for Windows XP (KB2719985)
Security Update for Windows XP (KB2723135)
Security Update for Windows XP (KB2724197)
Security Update for Windows XP (KB2727528)
Security Update for Windows XP (KB2731847)
Security Update for Windows XP (KB2753842-v2)
Security Update for Windows XP (KB2757638)
Security Update for Windows XP (KB2758857)
Security Update for Windows XP (KB2761226)
Security Update for Windows XP (KB2770660)
Security Update for Windows XP (KB2778344)
Security Update for Windows XP (KB2779030)
Security Update for Windows XP (KB2780091)
Security Update for Windows XP (KB2799494)
Security Update for Windows XP (KB2802968)
Security Update for Windows XP (KB2807986)
Security Update for Windows XP (KB2808735)
Security Update for Windows XP (KB2813170)
Security Update for Windows XP (KB2813345)
Security Update for Windows XP (KB2820197)
Security Update for Windows XP (KB2820917)
Security Update for Windows XP (KB2829361)
Security Update for Windows XP (KB2834886)
Security Update for Windows XP (KB2839229)
Security Update for Windows XP (KB2845187)
Security Update for Windows XP (KB2850851)
Security Update for Windows XP (KB923561)
Security Update for Windows XP (KB938464-v2)
Security Update for Windows XP (KB938464)
Security Update for Windows XP (KB941569)
Security Update for Windows XP (KB946648)
Security Update for Windows XP (KB950760)
Security Update for Windows XP (KB950762)
Security Update for Windows XP (KB950974)
Security Update for Windows XP (KB951066)
Security Update for Windows XP (KB951376-v2)
Security Update for Windows XP (KB951376)
Security Update for Windows XP (KB951698)
Security Update for Windows XP (KB951748)
Security Update for Windows XP (KB952004)
Security Update for Windows XP (KB952954)
Security Update for Windows XP (KB953839)
Security Update for Windows XP (KB954211)
Security Update for Windows XP (KB954459)
Security Update for Windows XP (KB954600)
Security Update for Windows XP (KB955069)
Security Update for Windows XP (KB956391)
Security Update for Windows XP (KB956572)
Security Update for Windows XP (KB956744)
Security Update for Windows XP (KB956802)
Security Update for Windows XP (KB956803)
Security Update for Windows XP (KB956841)
Security Update for Windows XP (KB956844)
Security Update for Windows XP (KB957095)
Security Update for Windows XP (KB957097)
Security Update for Windows XP (KB958644)
Security Update for Windows XP (KB958687)
Security Update for Windows XP (KB958690)
Security Update for Windows XP (KB958869)
Security Update for Windows XP (KB959426)
Security Update for Windows XP (KB960225)
Security Update for Windows XP (KB960715)
Security Update for Windows XP (KB960803)
Security Update for Windows XP (KB960859)
Security Update for Windows XP (KB961371)
Security Update for Windows XP (KB961373)
Security Update for Windows XP (KB961501)
Security Update for Windows XP (KB968537)
Security Update for Windows XP (KB969059)
Security Update for Windows XP (KB969898)
Security Update for Windows XP (KB969947)
Security Update for Windows XP (KB970238)
Security Update for Windows XP (KB970430)
Security Update for Windows XP (KB971468)
Security Update for Windows XP (KB971486)
Security Update for Windows XP (KB971557)
Security Update for Windows XP (KB971633)
Security Update for Windows XP (KB971657)
Security Update for Windows XP (KB972270)
Security Update for Windows XP (KB973346)
Security Update for Windows XP (KB973354)
Security Update for Windows XP (KB973507)
Security Update for Windows XP (KB973525)
Security Update for Windows XP (KB973869)
Security Update for Windows XP (KB973904)
Security Update for Windows XP (KB974112)
Security Update for Windows XP (KB974318)
Security Update for Windows XP (KB974392)
Security Update for Windows XP (KB974571)
Security Update for Windows XP (KB975025)
Security Update for Windows XP (KB975467)
Security Update for Windows XP (KB975560)
Security Update for Windows XP (KB975561)
Security Update for Windows XP (KB975562)
Security Update for Windows XP (KB975713)
Security Update for Windows XP (KB977165)
Security Update for Windows XP (KB977816)
Security Update for Windows XP (KB977914)
Security Update for Windows XP (KB978037)
Security Update for Windows XP (KB978251)
Security Update for Windows XP (KB978262)
Security Update for Windows XP (KB978338)
Security Update for Windows XP (KB978542)
Security Update for Windows XP (KB978601)
Security Update for Windows XP (KB978706)
Security Update for Windows XP (KB979309)
Security Update for Windows XP (KB979482)
Security Update for Windows XP (KB979559)
Security Update for Windows XP (KB979683)
Security Update for Windows XP (KB979687)
Security Update for Windows XP (KB980195)
Security Update for Windows XP (KB980218)
Security Update for Windows XP (KB980232)
Security Update for Windows XP (KB980436)
Security Update for Windows XP (KB981322)
Security Update for Windows XP (KB981852)
Security Update for Windows XP (KB981957)
Security Update for Windows XP (KB981997)
Security Update for Windows XP (KB982132)
Security Update for Windows XP (KB982214)
Security Update for Windows XP (KB982665)
Security Update for Windows XP (KB982802)
Setting Utility Series
Shared Add-in Extensibility Update for Microsoft .NET Framework 2.0 (KB908002)
Shared Add-in Support Update for Microsoft .NET Framework 2.0 (KB908002)
Simple Start Entice
Sony Certificate PCH
Sony Utilities DLL
Spiderman 3 XXXX
SupportSoft Assisted Service
Toolbox
UnloadSupport
Update for 2007 Microsoft Office System (KB967642)
Update for Microsoft .NET Framework 3.5 SP1 (KB963707)
Update for Microsoft Office 2007 suites (KB2596620) 32-Bit Edition
Update for Microsoft Office 2007 suites (KB2596660) 32-Bit Edition
Update for Microsoft Office 2007 suites (KB2596802) 32-Bit Edition
Update for Microsoft Office 2007 suites (KB2596848) 32-Bit Edition
Update for Microsoft Office 2007 suites (KB2767916) 32-Bit Edition
Update for Microsoft Office Outlook 2007 (KB2687404) 32-Bit Edition
Update for Microsoft Office Outlook 2007 Junk Email Filter (KB2817563) 32-Bit Edition
Update for Windows Internet Explorer 8 (KB976662)
Update for Windows Internet Explorer 8 (KB976749)
Update for Windows Internet Explorer 8 (KB980182)
Update for Windows XP (KB2141007)
Update for Windows XP (KB2345886)
Update for Windows XP (KB2467659)
Update for Windows XP (KB2541763)
Update for Windows XP (KB2607712)
Update for Windows XP (KB2616676)
Update for Windows XP (KB2641690)
Update for Windows XP (KB2661254-v2)
Update for Windows XP (KB2718704)
Update for Windows XP (KB2736233)
Update for Windows XP (KB2749655)
Update for Windows XP (KB951072-v2)
Update for Windows XP (KB951978)
Update for Windows XP (KB955759)
Update for Windows XP (KB955839)
Update for Windows XP (KB967715)
Update for Windows XP (KB968389)
Update for Windows XP (KB971029)
Update for Windows XP (KB971737)
Update for Windows XP (KB973687)
Update for Windows XP (KB973815)
VAIO Central
VAIO Event Service
VAIO Hardware Diagnostics
VAIO HDD Protection
VAIO Light Flo Wallpaper
VAIO Long Battery Life Wallpaper
VAIO Power Management
VAIO Registration
VAIO Security Center
VAIO Support Central
VAIO Update 3
VAIO Wireless LAN Setup Utility
WebFldrs XP
WebReg
Windows Driver Package - Garmin (grmnusb) GARMIN Devices  (04/19/2012 2.3.1.0)
Windows Genuine Advantage Notifications (KB905474)
Windows Genuine Advantage Validation Tool
Windows Internet Explorer 7
Windows Internet Explorer 7 Multilingual User Interface (MUI)
Windows Internet Explorer 8
Windows Media Connect
Windows Media Format 11 runtime
Windows Media Player 11
Windows PowerShell™ 1.0
Windows Search 4.0
Windows XP Service Pack 3
Wireless Switch Setting Utility
.
==== Event Viewer Messages From Past Week ========
.
8/6/2013 9:11:29 AM, error: System Error [1003]  - Error code 000000f4, parameter1 00000003, parameter2 86994950, parameter3 86994ac4, parameter4 805d22da.
8/6/2013 9:03:33 AM, error: System Error [1003]  - Error code 000000f4, parameter1 00000003, parameter2 8357db78, parameter3 8357dcec, parameter4 805d22da.
8/6/2013 8:53:12 AM, error: System Error [1003]  - Error code 000000f4, parameter1 00000003, parameter2 86c544b8, parameter3 86c5462c, parameter4 805d22da.
8/5/2013 9:22:21 PM, error: System Error [1003]  - Error code 000000f4, parameter1 00000003, parameter2 836e5bd0, parameter3 836e5d44, parameter4 805d22da.
8/5/2013 9:21:36 PM, error: W32Time [17]  - Time Provider NtpClient: An error occurred during DNS lookup of the manually configured peer 'time.windows.com,0x1'. NtpClient will try the DNS lookup again in 15 minutes. The error was: A socket operation was attempted to an unreachable host. (0x80072751)
8/5/2013 9:16:31 PM, error: System Error [1003]  - Error code 000000f4, parameter1 00000003, parameter2 833e18f8, parameter3 833e1a6c, parameter4 805d22da.
8/5/2013 9:16:20 PM, error: System Error [1003]  - Error code 000000f4, parameter1 00000003, parameter2 86894b90, parameter3 86894d04, parameter4 805d22da.
8/1/2013 4:45:38 PM, error: System Error [1003]  - Error code 000000f4, parameter1 00000003, parameter2 868e74f0, parameter3 868e7664, parameter4 805d22da.
8/1/2013 4:45:25 PM, error: System Error [1003]  - Error code 000000f4, parameter1 00000003, parameter2 86854da0, parameter3 86854f14, parameter4 805d22da.
8/1/2013 4:43:45 PM, error: Service Control Manager [7026]  - The following boot-start or system-start driver(s) failed to load:  SBRE
7/31/2013 4:43:59 PM, error: System Error [1003]  - Error code 000000f4, parameter1 00000003, parameter2 865d93b0, parameter3 865d9524, parameter4 805d22da.
7/31/2013 4:38:19 PM, error: System Error [1003]  - Error code 000000f4, parameter1 00000003, parameter2 868ae2d8, parameter3 868ae44c, parameter4 805d22da.
7/31/2013 4:33:35 PM, error: System Error [1003]  - Error code 000000f4, parameter1 00000003, parameter2 8339db78, parameter3 8339dcec, parameter4 805d22da.
7/31/2013 4:30:21 PM, error: System Error [1003]  - Error code 000000f4, parameter1 00000003, parameter2 ffaa63f8, parameter3 ffaa656c, parameter4 805d22da.
.
==== End Of File ===========================
 

Thanks!



BC AdBot (Login to Remove)

 


#2 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:03:06 AM

Posted 06 August 2013 - 11:20 AM


Hello NickPatMel1

I would like to welcome you to the Malware Removal section of the forum.

Around here they call me Gringo and I will be glad to help you with your malware problems.


Very Important --> Please read this post completely, I have spent my time to put together somethings for you to keep in mind while I am helping you to make things go easier, faster and smoother for both of us!

  • Please do not run any tools unless instructed to do so.
    • We ask you to run different tools in a specific order to ensure the malware is completely removed from your machine, and running any additional tools may detect false positives, interfere with our tools, or cause unforeseen damage or system instability.
  • Please do not attach logs or use code boxes, just copy and paste the text.
    • Due to the high volume of logs we receive it helps to receive everything in the same format, and code boxes make the logs very difficult to read. Also, attachments require us to download and open the reports when it is easier to just read the reports in your post.
  • Please read every post completely before doing anything.
    • Pay special attention to the NOTE: lines, these entries identify an individual issue or important step in the cleanup process.
  • Please provide feedback about your experience as we go.
    • A short statement describing how the computer is working helps us understand where to go next, for example: I am still getting redirected, the computer is running normally, etc. Please do not describe the computer as "the same", this requires the extra step of looking back at your previous post.
NOTE: At the top of your post, click on the "Follow This Topic" Button, make sure that the "Receive notification" box is checked and that it is set to "Instantly" - This will send you an e-mail as soon as I reply to your topic, allowing us to resolve the issue faster.

NOTE: Backup any files that cannot be replaced. Removing malware can be unpredictable and this step can save a lot of heartaches if things don't go as planed. You can put them on a CD/DVD, external drive or a pen drive, anywhere except on the computer.

NOTE: It is good practice to copy and paste the instructions into notepad and print them in case it is necessary for you to go offline during the cleanup process. To open notepad, navigate to Start Menu > All Programs > Accessories > Notepad. Please remember to copy the entire post so you do not miss any instructions.


These are the programs I would like you to run next, if you have any problems with one of these just skip it and move on to the next one.

-AdwCleaner-

Please download AdwCleaner by Xplode onto your desktop.
  • Close all open programs and internet browsers.
  • Double click on AdwCleaner.exe to run the tool.
  • Click on Delete.
  • Confirm each time with Ok.
  • Your computer will be rebooted automatically. A text file will open after the restart.
  • Please post the content of that logfile with your next answer.
  • You can find the logfile at C:\AdwCleaner[S1].txt as well.
-Junkware-Removal-Tool-

Please download Junkware Removal Tool to your desktop.
  • Shut down your protection software now to avoid potential conflicts.
  • Run the tool by double-clicking it. If you are using Windows Vista, 7, or 8; instead of double-clicking, right-mouse click JRT.exe and select "Run as Administrator".
  • The tool will open and start scanning your system.
  • Please be patient as this can take a while to complete depending on your system's specifications.
  • On completion, a log (JRT.txt) is saved to your desktop and will automatically open.
  • Post the contents of JRT.txt into your next message.
When they are complete let me have the two reports and let me know how things are running.

Gringo
I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#3 NickPatMel1

NickPatMel1
  • Topic Starter

  • Members
  • 10 posts
  • OFFLINE
  •  
  • Local time:03:06 AM

Posted 06 August 2013 - 02:41 PM

Hey Gringo,

 

Ok.  I was able to run the Adwcleaner, not able to run JRT.  It appears the Ransomware/moneypak is blocking the JRT from running.  It opens for a second, then closes very quickly.  Anyway, here is the adwcleaner log:

 

# AdwCleaner v2.306 - Logfile created 08/06/2013 at 15:25:48
# Updated 19/07/2013 by Xplode
# Operating system : Microsoft Windows XP Service Pack 3 (32 bits)
# User : nmeloni - ANGELO_RAM
# Boot Mode : Normal
# Running from : H:\AdwCleaner.exe
# Option [Delete]

***** [Services] *****

***** [Files / Folders] *****

Folder Deleted : C:\Documents and Settings\All Users\Application Data\Ask
Folder Deleted : C:\Documents and Settings\All Users\Application Data\PC Optimizer Pro
Folder Deleted : C:\Documents and Settings\nmeloni\Application Data\blekko

***** [Registry] *****

Key Deleted : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{3BD44F0E-0596-4008-AEE0-45D47E3A8F0E}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\App Management\ARPCache\{79A765E1-C399-405B-85AF-466F52E918B0}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{02478D38-C3F9-4EFB-9B51-7695ECA05670}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{6C97A91E-4524-4019-86AF-2AA2D567BF5C}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{D4027C7F-154A-4066-A1AD-4243D8127440}
Key Deleted : HKLM\SOFTWARE\Classes\AppID\{4D076AB4-7562-427A-B5D2-BD96E19DEE56}
Key Deleted : HKLM\SOFTWARE\Classes\AppID\secman.DLL
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{66EEF543-A9AC-4A9D-AA3C-1ED148AC8EEE}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{826D7151-8D99-434B-8540-082B8C2AE556}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{66EEF543-A9AC-4A9D-AA3C-1ED148AC8EEE}
Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{11549FE4-7C5A-4C17-9FC3-56FC5162A994}
Key Deleted : HKLM\Software\Freeze.com
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{02478D38-C3F9-4EFB-9B51-7695ECA05670}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{02478D38-C3F9-4EFB-9B51-7695ECA05670}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{EF99BD32-C1FB-11D2-892F-0090271D4F88}
Key Deleted : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\063A857434EDED11A893800002C0A966
Value Deleted : HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser [{D4027C7F-154A-4066-A1AD-4243D8127440}]
Value Deleted : HKCU\Software\Microsoft\Internet Explorer\URLSearchHooks [{6C97A91E-4524-4019-86AF-2AA2D567BF5C}]

***** [Internet Browsers] *****

-\\ Internet Explorer v8.0.6001.18702

[OK] Registry is clean.

-\\ Google Chrome v28.0.1500.95

File : C:\Documents and Settings\nmeloni\Local Settings\Application Data\Google\Chrome\User Data\Default\Preferences

[OK] File is clean.

*************************

AdwCleaner[R1].txt - [2966 octets] - [06/08/2013 15:22:54]
AdwCleaner[S1].txt - [2786 octets] - [06/08/2013 15:25:48]

########## EOF - C:\AdwCleaner[S1].txt - [2846 octets] ##########

 

Thanks,

 

Nick



#4 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:03:06 AM

Posted 06 August 2013 - 03:11 PM


Hello Nick

I Would like you to do the following.

Please print out or make a copy in notepad of any instructions given, as sometimes it is necessary to go offline and you will lose access to them.

Run Combofix:

You may be asked to install or update the Recovery Console (Win XP Only) if this happens please allow it to do so (you will need to be connected to the internet for this)

Before you run Combofix I will need you to turn off any security software you have running, If you do not know how to do this you can find out >here< or >here<

Combofix may need to reboot your computer more than once to do its job this is normal.

You can download Combofix from one of these links. I want you to save it to the desktop and run it from there.1. Close any open browsers or any other programs that are open.
2. Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.

Double click on combofix.exe & follow the prompts.
When finished, it will produce a report for you.

Note 1: Do not mouseclick combofix's window while it's running. That may cause it to stall

Note 2: If you receive an error "Illegal operation attempted on a registry key that has been marked for deletion." Please restart the computer

"information and logs"
  • In your next post I need the following
  • Log from Combofix
  • let me know of any problems you may have had
  • How is the computer doing now?
Gringo
I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#5 NickPatMel1

NickPatMel1
  • Topic Starter

  • Members
  • 10 posts
  • OFFLINE
  •  
  • Local time:03:06 AM

Posted 06 August 2013 - 03:43 PM

Hey Gringo,

 

So a couple things:

 

1.  The Ransomware is still present, and I only get about a minute of time (with no internet, less if internet is connected) to do anything before it pops up and locks my screen with the DOJ moneypak nonsense.  Therefore, I am unable to download anything directly to the infected computer.

 

2.  I tried to download Combofix directly onto a flash disk and tried to transfer it onto the sick computer but it keeps giving me an error message, nsis error.

 

3. If this wasnt a work laptop I would have thrown it onto the turnpike!

 

Any help is appreciated.

Thanks,

 

Nick



#6 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:03:06 AM

Posted 06 August 2013 - 08:11 PM


Hello Nick

I would like you to try and run these next.

TDSSKiller

Please download the latest version of TDSSKiller from here and save it to your Desktop.
  • Doubleclick on TDSSKiller.exe to run the application, then click on Change parameters.
  • Put a checkmark beside loaded modules.
  • A reboot will be needed to apply the changes. Do it.
  • TDSSKiller will launch automatically after the reboot. Also your computer may seem very slow and unusable. This is normal. Give it enough time to load your background programs.
  • Then click on Change parameters in TDSSKiller.
  • Check all boxes then click OK.
  • Click the Start Scan button.
  • The scan should take no longer than 2 minutes.
  • If a suspicious object is detected, the default action will be Skip, click on Continue.
  • If malicious objects are found, they will show in the Scan results
  • Ensure Cure (default) is selected, then click Continue > Reboot now to finish the cleaning process.
    Note: If Cure is not available, please choose Skip instead, do not choose Delete unless instructed.
  • more than one report will be created in your root directory, (usually C:\ folder) in the form of "TDSSKiller.[Version]_[Date]_[Time]_log.txt". The one that I need is the larger one. Please copy and paste the contents of that file here.

    Note** this report can be very long - so if the website gives you an error saying it is to long you may attache it

    If the forum still complains about it being to long send me everything that is at the end of the report after where it says

    ==================
    Scan finished
    ==================
and I will see if I want to see the whole report

--RogueKiller--

Download & SAVE to your Desktop RogueKiller for 32bit or Roguekiller for 64bit
  • Quit all programs that you may have started.
  • Please disconnect any external drives from the computer before you run this scan!
  • For Vista or Windows 7, right-click and select "Run as Administrator to start"
  • For Windows XP, double-click to start.
  • Wait until Prescan has finished ...
  • Then Click on "Scan" button
  • Wait until the Status box shows "Scan Finished"
  • click on "delete"
  • Wait until the Status box shows "Deleting Finished"
  • Click on "Report" and copy/paste the content of the Notepad into your next reply.
  • the scan will make two reports the one I would like to see is called RKreport[2].txt on your Desktop
  • Exit/Close RogueKiller+
send me the reports made from TDSSKiller and Roguekiller and also let me know how the computer is doing at this time.

Gringo
I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#7 NickPatMel1

NickPatMel1
  • Topic Starter

  • Members
  • 10 posts
  • OFFLINE
  •  
  • Local time:03:06 AM

Posted 06 August 2013 - 08:42 PM

Oh Man Gringo...We are falling down into the deep depths now! So I moved the TDSKiller onto my infected computer. I attempted to change the parameters and put a check mark next to loaded modules. It reboots, and it can't load Windows. I am in an all black screen that says "Windows could not start because the following file is missing or corrupt: \system32\hal.dll. Please re-install a copy of the above file." Sounds kind serious. Please help!

#8 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:03:06 AM

Posted 06 August 2013 - 09:10 PM


Hello


We are going to try System Restore to restore the system prior to the infection.

Depending on your Windows version.


Option 1.

Step 1: Use F8 to Boot to SafeMode With Command Prompt
Step 2: Use ctrl/alt/del (keys) to get task manager opened
Step 3: choose file and create new task
Step 4: Then Navigate to:
C:\windows\system32\restore\rstrui.exe and press Enter and press Enter (double click rstrui.exe) and press Enter (double click rstrui)
Step 5: Restore Computer to a Date you know you were virus free
Step 6: Run Malwarebytes

Option 2.

Step 1: Use F8 to Boot to SafeMode With Command Prompt
At the command prompt type in: rstrui.exe




Regards,
William Rowland
Consumer Support Specialist
Malwarebytes
I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#9 NickPatMel1

NickPatMel1
  • Topic Starter

  • Members
  • 10 posts
  • OFFLINE
  •  
  • Local time:03:06 AM

Posted 07 August 2013 - 07:11 AM

Not possible. Maybe I didn't explain myself well enough. So there is no boot up happening here. If I hold the power button down, it powers off. I wait 10 to 15 seconds, and press it again to power on. When I do that I see the system indentification and then in black screen with white lettering I get the following message: Windows could not start because the following file is missing or corrupt: \system32\hal.dll. Please reinstall a copyu of the above file. Anything I press after that causes a restart, and it comes back to that page. I have never seen anything like this. Let me know your thoughts...

#10 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:03:06 AM

Posted 07 August 2013 - 12:43 PM

Try this please. You will need a USB drive.

Download GETxPUD.exe to the desktop of your clean computer
  • Run GETxPUD.exe
  • A new folder will appear on the desktop.
  • Open the GETxPUD folder and click on the get&burn.bat
  • The program will download xpud_0.9.2.iso, and upon finished will open BurnCDCC ready to burn the image.
  • Click on Start and follow the prompts to burn the image to a CD.
  • Next download driver.sh to your USB drive
  • Remove the USB & CD and insert it in the sick computer
  • Boot the Sick computer with the CD you just burned
  • The computer must be set to boot from the CD
  • Gently tap F12 and choose to boot from the CD
  • Follow the prompts
  • A Welcome to xPUD screen will appear
  • Press File
  • Expand mnt
  • sda1,2...usually corresponds to your HDD
  • sdb1 is likely your USB
  • Click on the folder that represents your USB drive (sdb1 ?)
  • Confirm that you see driver.sh that you downloaded there
  • Press Tool at the top
  • Choose Open Terminal
  • Type bash driver.sh
  • Press Enter
  • After it has finished a report will be located on your USB drive named report.txt
  • Remove the USB drive and insert it back in your working computer and navigate to report.txt

    Please note - all text entries are case sensitive
Copy and paste the report.txt for my review
I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#11 NickPatMel1

NickPatMel1
  • Topic Starter

  • Members
  • 10 posts
  • OFFLINE
  •  
  • Local time:03:06 AM

Posted 07 August 2013 - 02:36 PM

Jesus I can't win.  I only have USB ports on my healthy laptop, no CD Drive.  Is there anything else I can do?



#12 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:03:06 AM

Posted 07 August 2013 - 02:59 PM

Try this please. You will need a USB drive.

Download http://unetbootin.sourceforge.net/unetbootin-xpud-windows-latest.exe & http://noahdfear.net/downloads/bootable/xPUD/xpud-0.9.2.iso to the desktop of your clean computer
  • Insert your USB drive
  • Press Start > My Computer > right click your USB drive > choose Format > Quick format
  • Double click the unetbootin-xpud-windows-387.exe that you just downloaded
  • Press Run then OK
  • Select the DiskImage option then click the browse button located on the right side of the textbox field.
  • Browse to and select the xpud-0.9.2.iso file you downloaded
  • Verify the correct drive letter is selected for your USB device then click OK
  • It will install a little bootable OS on your USB device
  • Once the files have been written to the device you will be prompted to reboot ~ do not reboot and instead just Exit the UNetbootin interface
  • After it has completed do not choose to reboot the clean computer simply close the installer
  • Next download http://noahdfear.net/downloads/driver.sh to your USB
  • Remove the USB and insert it in the sick computer
  • Boot the Sick computer
  • Press F12 and choose to boot from the USB
  • Follow the prompts
  • A Welcome to xPUD screen will appear
  • Press File
  • Expand mnt
  • sda1,2...usually corresponds to your HDD
  • sdb1 is likely your USB
  • Click on the folder that represents your USB drive (sdb1 ?)
  • Confirm that you see driver.sh that you downloaded there
  • Press Tool at the top
  • Choose Open Terminal
  • Type bash driver.sh
  • Press Enter
  • After it has finished a report will be located on your USB drive named report.txt
  • Remove the USB drive and insert back in your working computer and navigate to report.txt

    Please note - all text entries are case sensitive

Copy and paste the report.txt for my review
I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#13 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:03:06 AM

Posted 10 August 2013 - 01:00 AM



Hello

48 Hour bump

It has been more than 48 hours since my last post.
  • do you still need help with this?
  • do you need more time?
  • are you having problems following my instructions?
  • if after 48hrs you have not replied to this thread then it will have to be closed!
Gringo
I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#14 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:03:06 AM

Posted 14 August 2013 - 09:29 PM

Due to the lack of feedback, this topic is now closed.

In the event you still have problems, please send me or any Moderator a Private Message and ask them to reopen this topic within the next 5 days.

Please include a link to your topic in the Private Message. Thank you.
I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users