Fire1

Okay, ran RogueKiller again and deleted the two items. Ran the Anti-rootkit and it said no cleanup is needed. Only one log was found, the system-log.txt, which is attached. Everything is looking good. I thank you very much. Mikesystem-log.txt

Okay, ran it and here is the report: RogueKiller V8.6.12 [sep 18 2013] by Tigzy mail : tigzyRK<at>gmail<dot>com Feedback : http://www.adlice.com/forum/ Website : http://www.adlice.com/softwares/roguekiller/ Blog : http://tigzyrk.blogspot.com/ Operating System : Windows XP (5.1.2600 Service Pack 3, v.3264) 32 bits version Started in : Normal mode User : Fire1 [Admin rights] Mode : Scan -- Date : 09/23/2013 18:55:21 | ARK || FAK || MBR | ¤¤¤ Bad processes : 0 ¤¤¤ ¤¤¤ Registry Entries : 5 ¤¤¤ [PROXY IE][PUM] HKCU\[...]\Internet Settings : ProxyEnable (1) -> FOUND [HJ SECU][PUM] HKLM\[...]\Security Center : AntiVirusDisableNotify (1) -> FOUND [HJ SECU][PUM] HKLM\[...]\Security Center : FirewallDisableNotify (1) -> FOUND [HJ SECU][PUM] HKLM\[...]\Security Center : UpdatesDisableNotify (1) -> FOUND [HJ DESK][PUM] HKLM\[...]\NewStartPanel : {20D04FE0-3AEA-1069-A2D8-08002B30309D} (1) -> FOUND ¤¤¤ Scheduled tasks : 0 ¤¤¤ ¤¤¤ Startup Entries : 2 ¤¤¤ [Administrator][Rans.Gendarm] msconfig.lnk : C:\Documents and Settings\Administrator\Start Menu\Programs\Startup\msconfig.lnk @C:\WINDOWS\system32\rundll32.exe c:\docume~1\alluse~1\applic~1\ri6zwi.dat,FG00 [-][-][x] -> FOUND [Fire1][Rans.Gendarm] msconfig.lnk : C:\Documents and Settings\Fire1\Start Menu\Programs\Startup\msconfig.lnk @C:\WINDOWS\system32\rundll32.exe c:\docume~1\alluse~1\applic~1\ri6zwi.dat,FG00 [-][-][x] -> FOUND ¤¤¤ Web browsers : 0 ¤¤¤ ¤¤¤ Particular Files / Folders: ¤¤¤ ¤¤¤ Driver : [LOADED] ¤¤¤ ¤¤¤ External Hives: ¤¤¤ ¤¤¤ Infection : Rans.Gendarm ¤¤¤ ¤¤¤ HOSTS File: ¤¤¤ --> %SystemRoot%\System32\drivers\etc\hosts 127.0.0.1 localhost ¤¤¤ MBR Check: ¤¤¤ +++++ PhysicalDrive0: ( @ ) - +++++ --- User --- [MBR] 7108622ecbff1dd410576848592d108f [bSP] e82bf694fe43c6b7390da1003ba6e9e5 : Windows XP MBR Code Partition table: 0 - [ACTIVE] NTFS (0x07) [VISIBLE] Offset (sectors): 63 | Size: 152625 Mo User = LL1 ... OK! User = LL2 ... OK! Finished : << RKreport[0]_S_09232013_185521.txt >>

Running the unlocker was the trick. I have control of my computer now but I'm getting a run error now. I can't attach or paste the pix of it. Any ideas on how I can get it to you? Mike

I'm pretty sure I've done that but I'll do it again. I'll let you know. Mike

Hello, Thanks to my son, my laptop has been infected with the FBI ransom malware. After logging in, everything seem fine but at the end of loading profile, I get a screen basically saying that I have been to an illegal website and wanting money to unlock my computer. Of course, it is locked up and I can not do any thing. I get the same in "Safe Mode" login too. I'm running Windows XP and the current version of Malwarebyte didn't stop it from entering. Any help would be appreciated. Thanks, Mike