Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Department of Justice ransomeware neither Hitmanpro or Kaspersky work


  • Please log in to reply
1 reply to this topic

#1 laser1

laser1

  • Members
  • 1 posts
  • OFFLINE
  •  
  • Local time:09:12 AM

Posted 11 October 2014 - 03:41 PM

I have a computer infected with ransomware but none of the tools I've found have been able to clean the virus. Safe modes are not functional, entering them results in reboot. I did get a pe disk to run and have the results of a farbar scan:

 

 

Scan result of Farbar Recovery Scan Tool (FRST) (x86) Version: 11-10-2014
Ran by SYSTEM on REATOGO on 11-10-2014 16:04:11
Running from I:\
Platform: Microsoft Windows XP (X86) OS Language: English (United States)
Internet Explorer Version 8
Boot Mode: Recovery

The current controlset is ControlSet002
ATTENTION!:=====> If the system is bootable FRST must be run from normal or Safe mode to create a complete log.

Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/

==================== Registry (Whitelisted) ==================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [KBD] => C:\HP\KBD\KBD.EXE [61440 2005-02-02] (Hewlett-Packard Company)
HKLM\...\Run: [HPBootOp] => C:\Program Files\Hewlett-Packard\HP Boot Optimizer\HPBootOp.exe [245760 2005-02-25] (Hewlett-Packard Company)
HKLM\...\Run: [HP Software Update] => C:\Program Files\HP\HP Software Update\HPWuSchd2.exe [49152 2007-03-11] (Hewlett-Packard Co.)
HKLM\...\Run: [AVG_UI] => C:\Program Files\AVG\AVG2014\avgui.exe [5188112 2014-08-25] (AVG Technologies CZ, s.r.o.)
HKLM\...\Run: [vProt] => C:\Program Files\AVG SafeGuard toolbar\vprot.exe [2640408 2014-08-25] ()
HKLM\...\Run: [SDTray] => C:\Program Files\Spybot - Search & Destroy 2\SDTray.exe [5624784 2013-07-25] (Safer-Networking Ltd.)
HKLM\...\Run: [EKIJ5000StatusMonitor] => C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\EKIJ5000MUI.exe [1638400 2010-09-02] (Eastman Kodak Company)
HKLM\...\Run: [Conime] => C:\Windows\system32\conime.exe [27648 2008-04-13] (Microsoft Corporation)
HKLM\...\Run: [Adobe ARM] => C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe [958576 2013-04-04] (Adobe Systems Incorporated)
HKLM\...\Run: [EEventManager] => C:\Program Files\Epson Software\Event Manager\EEventManager.exe [976320 2009-12-03] (SEIKO EPSON CORPORATION)
Winlogon\Notify\AtiExtEvent: C:\Windows\system32\Ati2evxx.dll (ATI Technologies Inc.)
Winlogon\Notify\SDWinLogon: SDWinLogon.dll [X]
HKLM\...\Policies\Explorer: [NoCDBurning] 0
HKLM\...\Policies\Explorer: [NoSetActiveDesktop] 0
HKU\Administrator\...\Policies\Explorer: [NoSetActiveDesktop] 0
HKU\Compaq_Administrator\...\Run: [EPSON NX420 Series] => C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATIGCA.EXE [200704 2009-09-13] (SEIKO EPSON CORPORATION)
HKU\Compaq_Administrator\...\Policies\Explorer: [NoSetActiveDesktop] 0
HKU\Compaq_Administrator\...\Policies\Explorer: [Run] "C:\Documents and Settings\Compaq_Administrator\Application Data\Microsoft\Windows\IEUpdate\shadow.exe"
HKU\LocalService\...\Policies\Explorer: [NoSetActiveDesktop] 0
HKU\NetworkService\...\Policies\Explorer: [NoSetActiveDesktop] 0
Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\HP Digital Imaging Monitor.lnk
ShortcutTarget: HP Digital Imaging Monitor.lnk -> C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe (Hewlett-Packard Co.)
Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Start Delivery Services.lnk
ShortcutTarget: Start Delivery Services.lnk -> C:\Program Files\RDS\DdsLaunch.exe (RICOH Company Ltd.)
Startup: C:\Documents and Settings\Compaq_Administrator\Start Menu\Programs\Startup\OpenOffice.org 3.4.1.lnk
ShortcutTarget: OpenOffice.org 3.4.1.lnk -> C:\Program Files\OpenOffice.org 3\program\quickstart.exe ()
Startup: C:\Documents and Settings\Compaq_Administrator\Start Menu\Programs\Startup\program.lnk
ShortcutTarget: program.lnk -> C:\Documents and Settings\All Users\Application Data\0DAC0CCC.cpp (Graphic-Region Development)
Startup: C:\Documents and Settings\Compaq_Administrator\Start Menu\Programs\Startup\wkcalrem.LNK
ShortcutTarget: wkcalrem.LNK -> C:\Program Files\Common Files\Microsoft Shared\Works Shared\WkCalRem.exe (Microsoft® Corporation)
BootExecute: autocheck autochk * sdnclean.exeC:\PROGRA~1\AVG\AVG2014\avgrsx.exe /sync /restart

========================== Services (Whitelisted) =================

(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

S2 avgfws; C:\Program Files\AVG\AVG2014\avgfws.exe [1417160 2014-08-25] (AVG Technologies CZ, s.r.o.)
S2 AVGIDSAgent; C:\Program Files\AVG\AVG2014\avgidsagent.exe [3242000 2014-08-25] (AVG Technologies CZ, s.r.o.)
S2 avgwd; C:\Program Files\AVG\AVG2014\avgwdsvc.exe [289328 2014-08-25] (AVG Technologies CZ, s.r.o.)
S2 DdsSched; C:\Program Files\RDS\ddsschednt.exe [36864 2002-11-20] (RICOH Company Ltd.)
S4 dlbt_device; C:\WINDOWS\system32\dlbtcoms.exe [538096 2007-06-07] ( )
S2 gupdate1c96220fab692ad; C:\Program Files\Google\Update\GoogleUpdate.exe [133104 2009-02-04] (Google Inc.)
S2 Iomega App Services; C:\Program Files\Iomega\System32\AppServices.exe [73728 2002-09-04] (Iomega Corporation)
S2 Kodak AiO Network Discovery Service; C:\Program Files\Kodak\AiO\Center\ekdiscovery.exe [308656 2010-09-13] (Eastman Kodak Company)
S2 McrdSvc; C:\WINDOWS\ehome\mcrdsvc.exe [99328 2005-08-05] (Microsoft Corporation)
S4 MotoHelper; C:\Program Files\Motorola\MotoHelper\MotoHelperService.exe [214896 2011-12-06] ()
S2 RsiSvc; C:\Program Files\RDS\RsiSvc.exe [65536 2000-11-30] (RICOH Company Ltd.)
S2 ScanRouterDriverV2; C:\Program Files\RDS\srscandr.exe [178688 2003-08-01] (Ricoh Co.,Ltd.)
S2 SDScannerService; C:\Program Files\Spybot - Search & Destroy 2\SDFSSvc.exe [3921880 2013-10-15] (Safer-Networking Ltd.)
S2 SDUpdateService; C:\Program Files\Spybot - Search & Destroy 2\SDUpdSvc.exe [1042272 2013-09-20] (Safer-Networking Ltd.)
S2 SDWSCService; C:\Program Files\Spybot - Search & Destroy 2\SDWSCSvc.exe [171416 2013-09-13] (Safer-Networking Ltd.)
S2 SOption; C:\Program Files\RDS\SOption.exe [98304 2002-07-31] (RICOH Company Ltd.)
S2 TuneUp.UtilitiesSvc; C:\Program Files\AVG\AVG PC TuneUp\TuneUpUtilitiesService32.exe [1739064 2013-10-30] (AVG)
S2 UxTuneUp; C:\Windows\System32\uxtuneup.dll [35640 2013-10-30] (AVG)
S2 vToolbarUpdater18.1.9; C:\Program Files\Common Files\AVG Secure Search\vToolbarUpdater\18.1.9\ToolbarUpdater.exe [1820184 2014-08-11] (AVG Secure Search)

==================== Drivers (Whitelisted) ====================

(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

S3 ALCXWDM; C:\Windows\System32\drivers\ALCXWDM.SYS [2317696 2005-04-20] (Realtek Semiconductor Corp.)
S1 AmdK8; C:\Windows\System32\DRIVERS\AmdK8.sys [36352 2005-03-09] (Advanced Micro Devices)
S1 Avgdiskx; C:\Windows\System32\DRIVERS\avgdiskx.sys [121624 2014-06-17] (AVG Technologies CZ, s.r.o.)
S3 Avgfwdx; C:\Windows\System32\DRIVERS\avgfwdx.sys [30944 2012-01-12] (AVG Technologies CZ, s.r.o.)
S3 Avgfwfd; C:\Windows\System32\DRIVERS\avgfwdx.sys [30944 2012-01-12] (AVG Technologies CZ, s.r.o.)
S1 AVGIDSDriverl; C:\Windows\System32\DRIVERS\avgidsdriverlx.sys [190232 2014-06-17] (AVG Technologies CZ, s.r.o.)
S0 AVGIDSHX; C:\Windows\System32\DRIVERS\avgidshx.sys [147736 2014-06-17] (AVG Technologies CZ, s.r.o.)
S1 AVGIDSShim; C:\Windows\System32\DRIVERS\avgidsshimx.sys [21272 2014-06-17] (AVG Technologies CZ, s.r.o.)
S1 Avgldx86; C:\Windows\System32\DRIVERS\avgldx86.sys [188696 2014-06-17] (AVG Technologies CZ, s.r.o.)
S0 Avglogx; C:\Windows\System32\DRIVERS\avglogx.sys [241944 2014-06-17] (AVG Technologies CZ, s.r.o.)
S0 Avgmfx86; C:\Windows\System32\DRIVERS\avgmfx86.sys [98584 2014-06-17] (AVG Technologies CZ, s.r.o.)
S0 Avgrkx86; C:\Windows\System32\DRIVERS\avgrkx86.sys [27416 2014-06-17] (AVG Technologies CZ, s.r.o.)
S1 Avgtdix; C:\Windows\System32\DRIVERS\avgtdix.sys [197400 2014-06-17] (AVG Technologies CZ, s.r.o.)
S1 avgtp; C:\WINDOWS\system32\drivers\avgtpx86.sys [42784 2014-08-11] (AVG Technologies)
S3 CCDECODE; C:\Windows\System32\DRIVERS\CCDECODE.sys [17024 2008-04-13] (Microsoft Corporation)
S0 iomdisk; C:\Windows\System32\DRIVERS\iomdisk.sys [30258 2002-09-04] (Iomega Corporation)
S3 ltmodem5; C:\Windows\System32\DRIVERS\ltmdmnt.sys [606684 2004-08-04] (LT)
S3 motport; C:\Windows\System32\DRIVERS\motport.sys [24064 2011-03-31] (Motorola)
S3 MREMP50; C:\Program Files\Common Files\Motive\MREMP50.sys [21248 2009-01-26] (Printing Communications Assoc., Inc. (PCAUSA))
S3 MRESP50; C:\Program Files\Common Files\Motive\MRESP50.sys [20096 2009-01-26] (Printing Communications Assoc., Inc. (PCAUSA))
S3 NdisIP; C:\Windows\System32\DRIVERS\NdisIP.sys [10880 2008-04-13] (Microsoft Corporation)
S3 pfc; C:\Windows\System32\drivers\pfc.sys [10368 2004-04-01] (Padus, Inc.)
S0 ppa3; C:\Windows\System32\DRIVERS\ppa3.sys [17664 2008-04-13] (Microsoft Corporation)
S3 RTL8023xp; C:\Windows\System32\DRIVERS\Rtlnicxp.sys [74496 2005-03-04] (Realtek Semiconductor Corporation )
S3 rtl8139; C:\Windows\System32\DRIVERS\RTL8139.SYS [20992 2004-08-04] (Realtek Semiconductor Corporation)
S2 Sentinel; C:\Windows\System32\Drivers\SENTINEL.SYS [76288 2002-12-17] (Rainbow Technologies, Inc.)
S3 SNTNLUSB; C:\Windows\System32\DRIVERS\SNTNLUSB.SYS [26120 2002-12-17] (Rainbow Technologies Inc.)
S3 sonypvs1; C:\Windows\System32\DRIVERS\sonypvs1.sys [102220 2002-10-15] (Sony Corporation)
S3 SWDUMon; C:\Windows\System32\DRIVERS\SWDUMon.sys [13464 2013-11-14] ()
S2 symlcbrd; C:\WINDOWS\system32\drivers\symlcbrd.sys [10344 2006-06-12] (Symantec Corporation)
S3 TuneUpUtilitiesDrv; C:\Program Files\AVG\AVG PC TuneUp\TuneUpUtilitiesDriver32.sys [12320 2013-09-18] (TuneUp Software)
S0 ftsata2; system32\DRIVERS\ftsata2.sys [X]
S3 iPodService; C:\Program Files\iPod\bin\iPodService.exe
S3 MREMP50a64; \??\C:\PROGRA~1\COMMON~1\Motive\MREMP50a64.SYS [X]
S3 MRESP50a64; \??\C:\PROGRA~1\COMMON~1\Motive\MRESP50a64.SYS [X]
S2 SamSs; %SystemRoot%\system32\lsass.exe
S2 Schedule; %SystemRoot%\System32\svchost.exe -k netsvcs
S5 ScsiPort; C:\Windows\system32\drivers\scsiport.sys [96384 2008-04-13] (Microsoft Corporation)
S1 WS2IFSL; No ImagePath

==================== NetSvcs (Whitelisted) ===================


(If an item is included in the fixlist, it will be removed from the registry. Any associated file could be listed separately to be moved.)

NETSVC: MHN -> C:\Windows\System32\mhn.dll (Microsoft Corporation)

==================== One Month Created Files and Folders ========

(If an entry is included in the fixlist, the file\folder will be moved.)

2014-10-11 16:04 - 2014-10-11 16:04 - 00000000 ____D () C:\FRST
2014-10-11 14:15 - 2014-10-11 14:15 - 00000018 ____H () C:\SYSREST
2014-10-11 11:44 - 2014-10-11 11:45 - 00000075 _____ () C:\Windows\setupact.log
2014-10-11 11:44 - 2014-10-11 11:44 - 00000000 _____ () C:\Windows\setuperr.log
2014-10-09 10:03 - 2014-10-11 11:45 - 00010254 _____ () C:\Windows\setupapi.log
2014-10-09 10:01 - 2014-10-11 11:43 - 00000050 _____ () C:\Windows\wiaservc.log
2014-10-09 10:01 - 2014-10-09 10:01 - 00000000 _____ () C:\Windows\Sti_Trace.log
2014-10-09 09:59 - 2014-10-09 09:59 - 00312376 _____ () C:\Windows\System32\FNTCACHE.DAT
2014-10-08 15:07 - 2014-10-08 15:07 - 00082624 _____ () C:\Documents and Settings\Compaq_Administrator\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
2014-10-06 09:08 - 2014-10-06 09:08 - 00229376 _____ (Graphic-Region Development) C:\Documents and Settings\All Users\Application Data\0DAC0CCC.cpp
2014-09-22 16:58 - 2014-09-22 16:58 - 00001301 _____ () C:\Documents and Settings\Compaq_Administrator\Desktop\Start Delivery Services.lnk
2014-09-19 17:19 - 2014-09-19 17:19 - 00000372 _____ () C:\Documents and Settings\Compaq_Administrator\Desktop\Shortcut to Scans.lnk
2014-09-19 17:14 - 2014-10-08 09:15 - 00000000 ____D () C:\Scans
2014-09-19 15:46 - 2014-09-19 17:15 - 00000000 ____D () C:\RICOH

==================== One Month Modified Files and Folders =======

(If an entry is included in the fixlist, the file\folder will be moved.)

2014-10-11 11:44 - 2005-06-10 06:38 - 00000000 ____D () C:\Windows\System32\ias
2014-10-11 11:44 - 2005-06-06 19:57 - 01507613 _____ () C:\Windows\WindowsUpdate.log
2014-10-11 11:43 - 2004-11-16 16:24 - 00000300 _____ () C:\Windows\wiadebug.log
2014-10-11 11:42 - 2010-09-10 11:14 - 00000000 ____D () C:\Documents and Settings\All Users\Application Data\Kodak
2014-10-11 11:01 - 2005-09-27 16:48 - 00000000 ____D () C:\Documents and Settings\Compaq_Administrator\Local Settings\Temp
2014-10-11 10:59 - 2013-11-12 21:36 - 00000000 ____D () C:\Documents and Settings\All Users\Application Data\MFAData
2014-10-10 21:32 - 2005-06-06 19:53 - 00001158 _____ () C:\Windows\System32\wpa.dbl
2014-10-09 10:22 - 2005-06-10 06:41 - 00000000 ____D () C:\Windows\System32\Restore
2014-10-09 09:44 - 2005-10-04 13:12 - 00000000 ____D () C:\temp
2014-10-08 16:14 - 2005-10-28 15:02 - 00001094 _____ () C:\Windows\link32.INI
2014-10-08 16:13 - 2005-09-28 08:12 - 00000000 ____D () C:\cogopc
2014-10-08 07:59 - 2010-08-10 17:47 - 00000000 __SHD () C:\Documents and Settings\Compaq_Administrator\IECompatCache
2014-10-08 07:59 - 2010-08-10 14:21 - 00000000 __SHD () C:\Documents and Settings\Compaq_Administrator\PrivacIE
2014-10-03 12:10 - 2010-07-29 09:06 - 00000000 ____D () C:\Documents and Settings\Compaq_Administrator\Application Data\PrimoPDF
2014-09-30 15:44 - 2005-10-11 09:26 - 00000000 ____D () C:\SDSK
2014-09-25 18:57 - 2013-11-15 12:31 - 00065536 _____ () C:\Windows\System32\config\TuneUp.evt
2014-09-25 18:57 - 2013-11-12 22:45 - 00393216 _____ () C:\Windows\System32\config\SpybotSD.evt
2014-09-24 20:21 - 2013-11-25 17:48 - 00001821 _____ () C:\Documents and Settings\All Users\Desktop\Google Chrome.lnk
2014-09-24 09:44 - 2012-09-25 14:56 - 00000000 ____D () C:\Documents and Settings\Compaq_Administrator\My Documents\INVOICES
2014-09-24 09:43 - 2005-11-01 10:40 - 00047082 _____ () C:\Documents and Settings\Compaq_Administrator\Application Data\wklnhst.dat
2014-09-24 09:35 - 2005-08-16 20:12 - 00000000 ____D () C:\Windows\System32\FxsTmp
2014-09-20 15:24 - 2013-08-30 15:25 - 00000000 ____D () C:\Documents and Settings\Compaq_Administrator\Local Settings\Application Data\CRE
2014-09-20 11:48 - 2006-09-18 20:24 - 00000000 ____D () C:\Windows\Minidump
2014-09-20 10:54 - 2013-11-12 21:41 - 00000000 ____D () C:\Documents and Settings\All Users\Application Data\AVG2014
2014-09-19 17:50 - 2005-10-11 09:16 - 00000000 ____D () C:\Program Files\AutoCAD R14
2014-09-19 17:15 - 2013-11-26 14:59 - 00000000 ____D () C:\ProcAlyzer Dumps
2014-09-19 17:15 - 2012-02-29 17:24 - 00000000 ____D () C:\Lxk1100
2014-09-19 17:15 - 2011-06-08 08:59 - 00000000 ____D () C:\phil
2014-09-19 17:15 - 2011-03-23 15:25 - 00000000 ____D () C:\SEPTIC APP
2014-09-19 17:15 - 2011-02-16 16:43 - 00000000 ____D () C:\CONTINUED2011
2014-09-19 17:15 - 2010-09-10 15:49 - 00000000 ____D () C:\RDCab
2014-09-19 17:15 - 2010-09-01 14:27 - 00000000 ____D () C:\Netgear
2014-09-19 17:15 - 2010-08-10 13:59 - 00000000 ____D () C:\201bc16cfc4194a381
2014-09-19 17:15 - 2010-08-02 08:46 - 00000000 ____D () C:\COGOPC JOBS
2014-09-19 17:15 - 2010-07-15 13:59 - 00000000 ____D () C:\Dell922
2014-09-19 17:15 - 2009-08-21 17:55 - 00000000 ____D () C:\7dea9d8716af4e8916a7469b39f5
2014-09-19 17:15 - 2009-05-22 16:28 - 00000000 ____D () C:\MALWARE
2014-09-19 17:15 - 2008-10-31 11:39 - 00000000 ____D () C:\Docum
2014-09-19 17:15 - 2007-10-19 14:21 - 00000000 ____D () C:\terra-drawings
2014-09-19 17:15 - 2007-09-22 12:27 - 00000000 ____D () C:\1486-PLAT
2014-09-19 17:15 - 2006-12-12 14:58 - 00000000 ____D () C:\Spectra
2014-09-19 17:15 - 2006-08-10 11:17 - 00000000 ____D () C:\Softpaq
2014-09-19 17:15 - 2006-08-04 13:35 - 00000000 ____D () C:\VIDEOTEMP
2014-09-19 17:15 - 2006-06-08 14:53 - 00000000 ____D () C:\BLSInfo
2014-09-19 17:15 - 2005-10-27 15:56 - 00000000 ____D () C:\TDS
2014-09-19 17:15 - 2005-10-10 17:38 - 00000000 ____D () C:\tds1
2014-09-19 17:15 - 2005-09-29 16:31 - 00000000 ____D () C:\TFRMAP
2014-09-19 17:15 - 2005-09-28 13:02 - 00000000 ____D () C:\HP Backup
2014-09-19 17:15 - 2005-09-28 08:52 - 00000000 ____D () C:\pcw
2014-09-19 17:15 - 2005-09-27 17:39 - 00000000 ____D () C:\Trimble
2014-09-19 17:15 - 2005-08-16 19:52 - 00000000 ____D () C:\Python22
2014-09-19 17:15 - 2005-06-10 06:01 - 00000000 ____D () C:\CMPNENTS
2014-09-19 17:14 - 2006-08-04 14:01 - 00000000 ____D () C:\Documents and Settings\Compaq_Administrator\Shared
2014-09-19 17:14 - 2006-08-04 14:01 - 00000000 ____D () C:\Documents and Settings\Compaq_Administrator\Incomplete
2014-09-19 17:14 - 2006-08-04 13:57 - 00000000 ____D () C:\Documents and Settings\Compaq_Administrator\.limewire
2014-09-19 17:14 - 2005-09-27 16:48 - 00000000 ____D () C:\Documents and Settings\Compaq_Administrator\WINDOWS
2014-09-19 17:06 - 2010-09-10 15:50 - 00000000 ____D () C:\Program Files\RDS
2014-09-19 17:03 - 2005-09-27 16:48 - 00000178 ___SH () C:\Documents and Settings\Compaq_Administrator\ntuser.ini
2014-09-19 17:01 - 2005-08-16 20:08 - 00000000 ___HD () C:\Program Files\InstallShield Installation Information
2014-09-19 15:55 - 2013-10-21 18:02 - 00299136 _____ () C:\Documents and Settings\LocalService\Local Settings\Application Data\FontCache3.0.0.0.dat

Some content of TEMP:
====================
C:\Documents and Settings\Compaq_Administrator\Local Settings\Temp\KHJQ.dll


==================== Known DLLs (Whitelisted) ============


==================== Bamital & volsnap Check =================

(There is no automatic fix for files that do not pass verification.)

C:\Windows\explorer.exe => MD5 is legit
C:\Windows\System32\winlogon.exe => MD5 is legit
C:\Windows\System32\svchost.exe => MD5 is legit
C:\Windows\System32\services.exe => MD5 is legit
C:\Windows\System32\User32.dll
[2004-08-10 08:00] - [2012-10-03 00:58] - 0613376 ____A (Microsoft Corporation) 3d949d6dce19b00d3da2eeca35a6904f

C:\Windows\System32\userinit.exe => MD5 is legit
C:\Windows\System32\rpcss.dll => MD5 is legit
C:\Windows\System32\Drivers\volsnap.sys => MD5 is legit

==================== Restore Points (XP) =====================

RP: -> 2014-10-09 10:22 - 028672 _restore{D7BD54B8-C977-4903-8CE7-9415B851EC71}\RP1


==================== Memory info ===========================

Percentage of memory in use: 13%
Total physical RAM: 1982.48 MB
Available physical RAM: 1706.66 MB
Total Pagefile: 1813.52 MB
Available Pagefile: 1747.62 MB
Total Virtual: 2047.88 MB
Available Virtual: 1999.09 MB

==================== Drives ================================

Drive b: (RAMDisk) (Fixed) (Total:0.06 GB) (Free:0.06 GB) NTFS
Drive c: (PRESARIO) (Fixed) (Total:225.36 GB) (Free:153.74 GB) NTFS ==>[Drive with boot components (Windows XP)]
Drive d: () (Fixed) (Total:186.31 GB) (Free:148.44 GB) NTFS ==>[Drive with boot components (Windows XP)]
Drive i: (HITMANPRO) (Removable) (Total:14.88 GB) (Free:14.86 GB) FAT32
Drive j: (PRESARIO_RP) (Fixed) (Total:7.5 GB) (Free:0.97 GB) FAT32 ==>[Drive with boot components (Windows XP)]
Drive x: (ReatogoPE) (CDROM) (Total:0.43 GB) (Free:0 GB) CDFS

==================== MBR & Partition Table ==================

========================================================
Disk: 0 (Size: 232.9 GB) (Disk ID: 1549F232)
Partition 1: (Not Active) - (Size=7.5 GB) - (Type=0C)
Partition 2: (Active) - (Size=225.4 GB) - (Type=07 NTFS)

========================================================
Disk: 1 (MBR Code: Windows XP) (Size: 186.3 GB) (Disk ID: 5FB05F41)
Partition 1: (Active) - (Size=186.3 GB) - (Type=07 NTFS)

========================================================
Disk: 6 (Size: 14.9 GB) (Disk ID: EB4FBDD6)
Partition 1: (Active) - (Size=14.9 GB) - (Type=0B)

==================== End Of Log ============================

 

Thanks for any help you may offer.



BC AdBot (Login to Remove)

 


#2 noknojon

noknojon

  • Banned
  • 10,871 posts
  • OFFLINE
  •  
  • Gender:Not Telling
  • Local time:11:12 PM

Posted 11 October 2014 - 05:46 PM

Hellolaser 1.

As you have attempted to use all of the normal given methods of removal, and they have failed, please see below ..............

 

Please follow the instructions in ==>This Preparation Guide<== starting at Step 6.

Once the proper logs are created, then make a NEW TOPIC and post them to Malware Removal logs area - Not back here -
 

Try to include a description of the full problem, and what you have done to try and fix it.

 

Thank You -






0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users