Jump to content

FBI Moneypak (safe mode issue)


Recommended Posts

Hello,

I am experiencing the same issue as many other posters with the moneypak virus appearing even in safe mode. I'm running Windows XP, computer manufactured in Jan 2008, so I believe it's 32-bit. I've downloaded the FRST.exe and will await further instructions.

I couldn't figure out where I use the program on XP's Advanced Options Menu.

Thank you for the help.

Link to post
Share on other sites

  • Replies 55
  • Created
  • Last Reply

Top Posters In This Topic

  • Staff

hello this is not as easy as working on win 7 so I need you to do this

Try this please. You will need a USB drive.

Download http://unetbootin.sourceforge.net/unetbootin-xpud-windows-latest.exe & http://noahdfear.net/downloads/bootable/xPUD/xpud-0.9.2.iso to the desktop of your clean computer

  • Insert your USB drive
  • Press Start > My Computer > right click your USB drive > choose Format > Quick format
  • Double click the unetbootin-xpud-windows-387.exe that you just downloaded
  • Press Run then OK
  • Select the DiskImage option then click the browse button located on the right side of the textbox field.
  • Browse to and select the xpud-0.9.2.iso file you downloaded
  • Verify the correct drive letter is selected for your USB device then click OK
  • It will install a little bootable OS on your USB device
  • Once the files have been written to the device you will be prompted to reboot ~ do not reboot and instead just Exit the UNetbootin interface
  • After it has completed do not choose to reboot the clean computer simply close the installer
  • Next download http://noahdfear.net/downloads/driver.sh to your USB
  • Remove the USB and insert it in the sick computer
  • Boot the Sick computer
  • Press F12 and choose to boot from the USB
  • Follow the prompts
  • A Welcome to xPUD screen will appear
  • Press File
  • Expand mnt
  • sda1,2...usually corresponds to your HDD
  • sdb1 is likely your USB
  • Click on the folder that represents your USB drive (sdb1 ?)
  • Confirm that you see driver.sh that you downloaded there
  • Press Tool at the top
  • Choose Open Terminal
  • Type bash driver.sh
  • Press Enter
  • After it has finished a report will be located on your USB drive named report.txt
  • Remove the USB drive and insert back in your working computer and navigate to report.txt
    Please note - all text entries are case sensitive

Copy and paste the report.txt for my review

Link to post
Share on other sites

Here it is: Thanks.

Tue Jan 15 22:22:22 UTC 2013

Driver report for /mnt/sda5/windows/system32/drivers

009927db8019c54477dabf6f9d795053 1394bus.sys

Microsoft Corporation

a10c7534f7223f4a73a948967d00e69b acpi.sys

Microsoft Corporation

841f385c6cfaf66b58fbd898722bb4f0 aec.sys

Microsoft Corporation

5ac495f4cb807b2b98ad2ad591e6d92e afd.sys

Microsoft Corporation

f0d692b0bffb46e30eb3cea168bbc49f arp1394.sys

Microsoft Corporation

02000abf34af4c218c35d257024807d6 asyncmac.sys

Microsoft Corporation

cdfe4411a69c224bd1d11b2da92dac51 atapi.sys

Microsoft Corporation

d9f724aa26c010a217c97606b160ed68 audstub.sys

Microsoft Corporation

ea22edadf90c0aba8319454b2a07b700 battc.sys

Microsoft Corporation

e82c5ae309ab903d1019a240e5e469a9 bdasup.sys

Microsoft Corporation

6163ed60b684bab19d3352ab22fc48b2 ccdecode.sys

Microsoft Corporation

cd7d5152df32b47f4e36f710b35aae02 cdfs.sys

Microsoft Corporation

af9c19b3100fe010496b1a27181fbf72 cdrom.sys

Microsoft Corporation

d86173b401470f06d9810f7962969ddf classpnp.sys

Microsoft Corporation

8a252d42cc836b949f226a08cb36323e clsupper.sys

Windows DDK provider

4266be808f85826aedf3c64c1e240203 CmBatt.sys

Microsoft Corporation

df1b1a24bf52d0ebc01ed4ece8979f50 compbatt.sys

Microsoft Corporation

00ca44e4534865f8a3b64f7c0984bff0 disk.sys

Microsoft Corporation

c0fbb516e06e243f0cf31f597e7ebf7d dmboot.sys

Microsoft Corp

f5e7b358a732d09f4bcf2824b88b9e28 dmio.sys

Microsoft Corp

e9317282a63ca4d188c0df5e09c6ac5f dmload.sys

Microsoft Corp

a6f881284ac1150e37d9ae47ff601267 DMusic.sys

Microsoft Corporation

1ed4dbbae9f5d558dbba4cc450e3eb2e drmkaud.sys

Microsoft Corporation

1efd70465fe2814be93b11c70d6adc1a drmk.sys

Microsoft Corporation

fe97d0343acfdebdd578fc67cc91fa87 dxapi.sys

Microsoft Corporation

d3dac8432110aad0b02a58b4459ab835 dxg.sys

Microsoft Corporation

a73f5d6705b1d820c19b18782e176efd dxgthk.sys

Microsoft Corporation

80d1b490b60e74e002dc116ec5d41748 enum1394.sys

Microsoft Corporation

3117f595e9615e04f05a54fc15a03b20 fastfat.sys

Microsoft Corporation

e153ab8a11de5452bcf5ac7652dbf3ed fips.sys

Microsoft Corporation

3e1e2bd4f39b0e2b7dc4f4d2bcc2779a fs_rec.sys

Microsoft Corporation

6ac26732762483366c3969c9e4d2259d ftdisk.sys

Microsoft Corporation

e31363d186b3e1d7c4e9117884a6aee5 Hdaudbus.sys

Windows Server DDK provider

9131ede087af04a7d80f7ebadc164254 Hdaudio.sys

Windows Server DDK provider

5502b58eef7486ee6f93f3f164dcb808 i8042prt.sys

Microsoft Corporation

cc449157474d5e43daea7e20f52c635a ialmnt5.sys

Intel Corporation

fd7f9d74c2b35dbda400804a3f5ed5d8 iaStor.sys

Intel Corporation

200cca76cd0e0f7eec78fa56c29b4d67 igxpmp32.sys

Intel Corporation

f8aa320c6a0409c0380e5d8a99d76ec6 imapi.sys

Microsoft Corporation

279fb78702454dff2bb445f238c048d2 intelppm.sys

Microsoft Corporation

4448006b6bc60e6c027932cfc38d6855 ip6fw.sys

Microsoft Corporation

e1ec7f5da720b640cd8fb8424f1b14bb ipinip.sys

Microsoft Corporation

b5a8e215ac29d24d60b4d1250ef05ace ipnat.sys

Microsoft Corporation

64537aa5c003a6afeee1df819062d0d1 ipsec.sys

Microsoft Corporation

e504f706ccb699c2596e9a3da1596e87 isapnp.sys

Microsoft Corporation

ebdee8a2ee5393890a1acee971c4c246 kbdclass.sys

Microsoft Corporation

d93cad07c5683db066b0b2d2d3790ead kmixer.sys

Microsoft Corporation

eb7ffe87fd367ea8fca0506f74a87fbb ksecdd.sys

Microsoft Corporation

08f2089704ffe8ba672ab2130fb82111 ks.sys

Microsoft Corporation

4ae068242760a1fb6e1a44bf4e16afa6 mnmdd.sys

Microsoft Corporation

1992e0d143b09653ab0f9c5e04b0fd65 modemcsa.sys

Microsoft Corporation

34e1f0031153e491910e12551400192c mouclass.sys

Microsoft Corporation

65653f3b4477f3c63e68a9659f85ee2e mountmgr.sys

Microsoft Corporation

55a9a7e6bb297bf0f5b144029dcb79cc mpe.sys

Microsoft Corporation

1fd607fc67f7f7c633c3da65bfc53d18 mrxsmb.sys

Microsoft Corporation

8575d788395c4d6378d98d1ed7cdadb9 msdv.sys

Microsoft Corporation

561b3a4333ca2dbdba28b5b956822519 msfs.sys

Microsoft Corporation

c0f1d4a21de5a415df8170616703debf msgpc.sys

Microsoft Corporation

ae431a8dd3c1d0d0610cdbac16057ad0 mskssrv.sys

Microsoft Corporation

13e75fef9dfeb08eeded9d0246e1f448 mspclock.sys

Microsoft Corporation

1988a33ff19242576c3d0ef9ce785da7 mspqm.sys

Microsoft Corporation

469541f8bfd2b32659d5d463a6714bce mssmbios.sys

Microsoft Corporation

bf13612142995096ab084f2db7f40f77 mstee.sys

Microsoft Corporation

82035e0f41c2dd05ae41d27fe6cf7de1 mup.sys

Microsoft Corporation

5c8dc6429c43dc6177c1fa5b76290d1a nabtsfec.sys

Microsoft Corporation

520ce427a8b298f54112857bcf6bde15 ndisip.sys

Microsoft Corporation

558635d3af1c7546d26067d5d9b6959e ndis.sys

Microsoft Corporation

08d43bbdacdf23f34d79e44ed35c1b4c ndistapi.sys

Microsoft Corporation

34d6cd56409da9a7ed573e1c90a308bf ndisuio.sys

Microsoft Corporation

0b90e255a9490166ab368cd55a529893 ndiswan.sys

Microsoft Corporation

59fc3fb44d2669bc144fd87826bb571f ndproxy.sys

Microsoft Corporation

3a2aca8fc1d7786902ca434998d7ceb4 netbios.sys

Microsoft Corporation

0c80e410cd2f47134407ee7dd19cc86b netbt.sys

Microsoft Corporation

5c5c53db4fef16cf87b9911c7e8c6fbc nic1394.sys

Microsoft Corporation

4f601bcb8f64ea3ac0994f98fed03f8e npfs.sys

Microsoft Corporation

b78be402c3f63dd55521f73876951cdd ntfs.sys

Microsoft Corporation

e7461a54174ab5877d572072826c5562 nv4_mini.sys

NVIDIA Corporation

0951db8e5823ea366b0e408d71e1ba2a ohci1394.sys

Microsoft Corporation

3334430c29dc338092f79c38ef7b4cd0 partmgr.sys

Microsoft Corporation

ccf5f451bb1a5a2a522a76e670000ff0 pciide.sys

Microsoft Corporation

520b91ab011456b940d9b05fc91108ff pciidex.sys

Microsoft Corporation

8086d9979234b603ad5bc2f5d890b234 pci.sys

Microsoft Corporation

9f467463f3fa660dcd3bada82354cd20 portcls.sys

Microsoft Corporation

48671f327553dcf1d27f6197f622a668 psched.sys

Microsoft Corporation

80d317bd1c3dbc5d4fe7b1678c60cadd ptilink.sys

Parallel Technologies

fe0d99d6f31e4fad8159f690d68ded9c rasacd.sys

Microsoft Corporation

98faeb4a4dcf812ba1c6fca4aa3e115c rasl2tp.sys

Microsoft Corporation

7306eeed8895454cbed4669be9f79faa raspppoe.sys

Microsoft Corporation

1c5cc65aac0783c344f16353e60b72ac raspptp.sys

Microsoft Corporation

fdbb1d60066fcfbb7452fd8f9829b242 raspti.sys

Microsoft Corporation

29d66245adba878fff574cd66abd2884 rdbss.sys

Microsoft Corporation

4912d5b403614ce99c28420f75353332 rdpcdd.sys

Microsoft Corporation

a2cae2c60bc37e0751ef9dda7ceaf4ad rdpdr.sys

Microsoft Corporation

d4f5643d7714ef499ae9527fdcd50894 rdpwd.sys

Microsoft Corporation

b31b4588e4086d8d84adbf9845c2402b redbook.sys

Microsoft Corporation

355aac141b214bef1dbc1483afd9bd50 rimmptsk.sys

Ricoh Company

a4216c71dd4f60b26418ccfd99cd0815 rimsptsk.sys

Ricoh Company

d231b577024aa324af13a42f3a807d10 rixdptsk.sys

Ricoh Company

d8b0b4ade32574b2d9c5cc34dc0dbbe7 rootmdm.sys

Microsoft Corporation

d7fd0ff761e28ac0ea35ad71e0cd67e9 scsiport.sys

Microsoft Corporation

4acfb25ecc8dd21707f747b28216cea1 scsiscan.sys

Microsoft Corporation

d3dc16b8d62d508a5c69c22b4e9871d1 sdbus.sys

Microsoft Corporation

2741c291e33d5ac6b3e79d84f197555d sffdisk.sys

Microsoft Corporation

830349b6b0c57b3baedf46b432f8af8e sffp_mmc.sys

Microsoft Corporation

15ee034b33fce5650d8b2cdd46a62bbb sffp_sd.sys

Microsoft Corporation

0d13b6df6e9e101013a7afb0ce629fe0 sfloppy.sys

Microsoft Corporation

5caeed86821fa2c6139e32e9e05ccdc9 slip.sys

Microsoft Corporation

8e186b8f23295d1e42c573b82b80d548 splitter.sys

Microsoft Corporation

20b7e396720353e4117d64d9dcb926ca srv.sys

Microsoft Corporation

58f855684e163466a5c565adf0865536 sthda.sys

SigmaTel

284c57df5dc7abca656bc2b96a667afb streamip.sys

Microsoft Corporation

6a6f1bde18f309c47f36a5dc0a62f02c stream.sys

Microsoft Corporation

03c1bae4766e2450219d20b993d6e046 swenum.sys

Microsoft Corporation

94abc808fc4b6d7d2bbf42b85e25bb4d swmidi.sys

Microsoft Corporation

650ad082d46bac0e64c9c0e0928492fd sysaudio.sys

Microsoft Corporation

4d58bb1ae8841aafd8790ad7e1e3b8ea tcpip6.sys

Microsoft Corporation

9f4b36614a0fc234525ba224957de55c tcpip.sys

Microsoft Corporation

3fc234c9e20918ce856ffa42c421e678 tdasync.sys

Microsoft Corporation

182a77eecbdea330472a9a7a6f1457ce tdipx.sys

Microsoft Corporation

6891b74ab9a016064e82a419388d0601 tdi.sys

Microsoft Corporation

38d437cf2d98965f239b0abcd66dcb0f tdpipe.sys

Microsoft Corporation

5fb281f720939cbe9961d1808cc270e9 tdspx.sys

Microsoft Corporation

ed0580af02502d00ad8c4c066b156be9 tdtcp.sys

Microsoft Corporation

a540a99c281d933f3d69d55e48727f47 termdd.sys

Microsoft Corporation

87a0e9e18c10a9e454238e3330e2a26d tunmp.sys

Microsoft Corporation

12f70256f140cd7d52c58c7048fde657 udfs.sys

Microsoft Corporation

aff2e5045961bbc0a602bb6f95eb1345 update.sys

Microsoft Corporation

bffd9f120cc63bcbaa3d840f3eef9f79 usbccgp.sys

Microsoft Corporation

596eb39b50d6ebd9b734dc4ae0544693 usbd.sys

Microsoft Corporation

15e993ba2f6946b2bfbbfcd30398621e usbehci.sys

Microsoft Corporation

c72f40947f92cea56a8fb532edf025f1 usbhub.sys

Microsoft Corporation

2034ca78f9c6e787b4b76d81ac888351 usbport.sys

Microsoft Corporation

a6bc71402f4f7dd5b77fd7f4a8ddba85 usbscan.sys

Microsoft Corporation

6cd7b22193718f1d17a47a1cd6d37e75 usbstor.sys

Microsoft Corporation

f8fd1400092e23c8f2f31406ef06167b usbuhci.sys

Microsoft Corporation

8968ff3973a883c49e8b564200f565b9 usbvideo.sys

Microsoft Corporation

8a60edd72b4ea5aea8202daf0e427925 vga.sys

Microsoft Corporation

d5a9d123f5ed7c9965a481bd20cf66d8 videoprt.sys

Microsoft Corporation

ee4660083deba849ff6c485d944b379b volsnap.sys

Microsoft Corporation

984ef0b9788abf89974cfed4bfbaacbc wanarp.sys

Microsoft Corporation

2797f33ebf50466020c430ee4f037933 wdmaud.sys

Microsoft Corporation

ae2c8544e747c20062db27456ea2d67a wmiacpi.sys

Microsoft Corporation

2f31b7f954bed437f2c75026c65caf7b wmilib.sys

Microsoft Corporation

1385e5aa9c9821790d33a9563b8d2dd0 wpdusb.sys

Microsoft Corporation

6abe6e225adb5a751622a9cc3bc19ce8 ws2ifsl.sys

Microsoft Corporation

d5842484f05e12121c511aa93f6439ec wstcodec.sys

Microsoft Corporation

Driver report for /mnt/sda2/i386/SP1/Windows/System32/Drivers /mnt/sda2/i386/SP1/Windows/System32/Drivers/mrxsmb.sys has NO Company Name! /mnt/sda2/i386/SP1/Windows/System32/Drivers/rdbss.sys has NO Company Name!

7f09b37065b61ddbc6116f612e6183d1 /mnt/sda2/i386/SP1/Windows/System32/Drivers/mrxsmb.sys

Microsoft Corporation

1fd256b6025449dca3670574c0229d65 /mnt/sda2/i386/SP1/Windows/System32/Drivers/rdbss.sys

Microsoft Corporation

Driver report for /mnt/sda2/i386/SP2/Windows/System32/Drivers /mnt/sda2/i386/SP2/Windows/System32/Drivers/mrxsmb.sys has NO Company Name!

7b195060ff456fa65954c72c5c1640ff /mnt/sda2/i386/SP2/Windows/System32/Drivers/mrxsmb.sys

Microsoft Corporation

Link to post
Share on other sites

  • Staff

Download http://noahdfear.net/downloads/rst.sh to the USB drive

  • Boot the Sick computer with the USB drive again
  • Press File
  • Expand mnt
  • Expand your USB (sdb1)
  • Confirm that you see rst.sh that you downloaded there
  • Press Tool at the top
  • Choose Open Terminal
  • Type bash rst.sh
  • Press Enter
  • After it has finished a report will be located at sdb1 named enum.log
  • Plug that USB back into the clean computer and open it

Please note: If you have an ethernet connection you can access the internet by way of xPUD (Firefox). You can perform all these steps on your sick computer. When you download the download will reside in the Download folder. It can be found under the File tab also. You can similarly access our thread by way of this OS too so you can send the logs that way.

Please also note - all text entries are case sensitive

Copy and paste the enum.log for my review

Link to post
Share on other sites

  • Staff

Download http://noahdfear.net/downloads/rst.sh to the USB drive

  • Boot the Sick computer with the USB drive again
  • Press File
  • Expand mnt
  • Expand your USB (sdb1)
  • Confirm that you see rst.sh that you downloaded there
  • Press Tool at the top
  • Choose Open Terminal
  • Type bash rst.sh
  • Press Enter
  • After it has finished a report will be located at sdb1 named enum.log
  • Plug that USB back into the clean computer and open it

Please note: If you have an ethernet connection you can access the internet by way of xPUD (Firefox). You can perform all these steps on your sick computer. When you download the download will reside in the Download folder. It can be found under the File tab also. You can similarly access our thread by way of this OS too so you can send the logs that way.

Please also note - all text entries are case sensitive

Copy and paste the enum.log for my review

Link to post
Share on other sites

Third time's a charm.

Sorry about that..

53.3M Jan 16 2013 /mnt/sda2/WINDOWS/system32/config/SOFTWARE

7.3M Feb 10 2011 /mnt/sda5/windows/system32/config/software

7.5M Jan 16 2013 /mnt/sda2/WINDOWS/system32/config/SYSTEM

5.3M Mar 15 2012 /mnt/sda5/windows/system32/config/system

52.4M Dec 4 03:10 /sda2/~/RP47/~SOFTWARE

52.4M Oct 18 21:37 /sda2/~/RP29/~SOFTWARE

52.4M Oct 22 12:38 /sda2/~/RP30/~SOFTWARE

52.4M Oct 25 15:55 /sda2/~/RP31/~SOFTWARE

52.4M Oct 30 11:36 /sda2/~/RP32/~SOFTWARE

52.4M Nov 1 02:08 /sda2/~/RP33/~SOFTWARE

52.4M Nov 2 03:00 /sda2/~/RP34/~SOFTWARE

52.4M Nov 3 19:22 /sda2/~/RP35/~SOFTWARE

52.4M Nov 4 22:47 /sda2/~/RP36/~SOFTWARE

52.4M Nov 6 13:16 /sda2/~/RP37/~SOFTWARE

52.4M Nov 8 12:43 /sda2/~/RP38/~SOFTWARE

52.4M Nov 10 15:10 /sda2/~/RP39/~SOFTWARE

52.4M Nov 11 19:27 /sda2/~/RP40/~SOFTWARE

52.4M Nov 14 03:00 /sda2/~/RP41/~SOFTWARE

52.4M Nov 25 15:06 /sda2/~/RP42/~SOFTWARE

52.4M Nov 27 01:41 /sda2/~/RP43/~SOFTWARE

52.4M Nov 29 13:56 /sda2/~/RP44/~SOFTWARE

52.4M Dec 1 14:24 /sda2/~/RP45/~SOFTWARE

52.4M Dec 2 19:26 /sda2/~/RP46/~SOFTWARE

52.4M Dec 6 12:41 /sda2/~/RP48/~SOFTWARE

52.4M Dec 8 23:33 /sda2/~/RP49/~SOFTWARE

52.4M Dec 9 16:21 /sda2/~/RP50/~SOFTWARE

52.4M Dec 9 16:23 /sda2/~/RP51/~SOFTWARE

52.4M Dec 10 16:34 /sda2/~/RP52/~SOFTWARE

52.4M Dec 12 16:25 /sda2/~/RP53/~SOFTWARE

52.4M Dec 13 20:04 /sda2/~/RP54/~SOFTWARE

52.4M Dec 14 02:09 /sda2/~/RP55/~SOFTWARE

52.4M Dec 15 17:11 /sda2/~/RP56/~SOFTWARE

52.4M Dec 16 19:08 /sda2/~/RP57/~SOFTWARE

52.4M Dec 17 20:56 /sda2/~/RP58/~SOFTWARE

52.4M Dec 20 00:53 /sda2/~/RP59/~SOFTWARE

52.4M Dec 21 01:36 /sda2/~/RP60/~SOFTWARE

52.4M Dec 22 16:16 /sda2/~/RP61/~SOFTWARE

52.4M Dec 23 18:29 /sda2/~/RP62/~SOFTWARE

52.4M Dec 24 19:22 /sda2/~/RP63/~SOFTWARE

52.4M Dec 26 14:00 /sda2/~/RP64/~SOFTWARE

52.4M Dec 28 02:02 /sda2/~/RP65/~SOFTWARE

52.4M Dec 29 02:36 /sda2/~/RP66/~SOFTWARE

52.4M Dec 30 18:43 /sda2/~/RP67/~SOFTWARE

52.4M Dec 31 20:33 /sda2/~/RP68/~SOFTWARE

52.4M Jan 1 23:22 /sda2/~/RP69/~SOFTWARE

52.4M Jan 2 22:30 /sda2/~/RP70/~SOFTWARE

52.4M Jan 5 15:41 /sda2/~/RP71/~SOFTWARE

52.4M Jan 6 23:40 /sda2/~/RP72/~SOFTWARE

52.4M Jan 9 14:44 /sda2/~/RP73/~SOFTWARE

52.4M Jan 10 17:35 /sda2/~/RP74/~SOFTWARE

52.4M Jan 11 18:04 /sda2/~/RP75/~SOFTWARE

53.1M Jan 13 15:58 /sda2/~/RP76/~SOFTWARE

53.1M Jan 15 14:07 /sda2/~/RP77/~SOFTWARE

7.3M Dec 4 03:10 /sda2/~/RP47/~SYSTEM

7.3M Oct 18 21:37 /sda2/~/RP29/~SYSTEM

7.3M Oct 22 12:38 /sda2/~/RP30/~SYSTEM

7.3M Oct 25 15:55 /sda2/~/RP31/~SYSTEM

7.3M Oct 30 11:36 /sda2/~/RP32/~SYSTEM

7.3M Nov 1 02:08 /sda2/~/RP33/~SYSTEM

7.3M Nov 2 03:00 /sda2/~/RP34/~SYSTEM

7.3M Nov 3 19:22 /sda2/~/RP35/~SYSTEM

7.3M Nov 4 22:47 /sda2/~/RP36/~SYSTEM

7.3M Nov 6 13:16 /sda2/~/RP37/~SYSTEM

7.3M Nov 8 12:43 /sda2/~/RP38/~SYSTEM

7.3M Nov 10 15:10 /sda2/~/RP39/~SYSTEM

7.3M Nov 11 19:27 /sda2/~/RP40/~SYSTEM

7.3M Nov 14 03:00 /sda2/~/RP41/~SYSTEM

7.3M Nov 25 15:06 /sda2/~/RP42/~SYSTEM

7.3M Nov 27 01:41 /sda2/~/RP43/~SYSTEM

7.3M Nov 29 13:56 /sda2/~/RP44/~SYSTEM

7.3M Dec 1 14:24 /sda2/~/RP45/~SYSTEM

7.3M Dec 2 19:26 /sda2/~/RP46/~SYSTEM

7.3M Dec 6 12:41 /sda2/~/RP48/~SYSTEM

7.3M Dec 8 23:33 /sda2/~/RP49/~SYSTEM

7.3M Dec 9 16:21 /sda2/~/RP50/~SYSTEM

7.3M Dec 9 16:23 /sda2/~/RP51/~SYSTEM

7.3M Dec 10 16:34 /sda2/~/RP52/~SYSTEM

7.3M Dec 12 16:25 /sda2/~/RP53/~SYSTEM

7.3M Dec 13 20:04 /sda2/~/RP54/~SYSTEM

7.3M Dec 14 02:09 /sda2/~/RP55/~SYSTEM

7.3M Dec 15 17:11 /sda2/~/RP56/~SYSTEM

7.3M Dec 16 19:08 /sda2/~/RP57/~SYSTEM

7.3M Dec 17 20:56 /sda2/~/RP58/~SYSTEM

7.3M Dec 20 00:53 /sda2/~/RP59/~SYSTEM

7.3M Dec 21 01:36 /sda2/~/RP60/~SYSTEM

7.3M Dec 22 16:16 /sda2/~/RP61/~SYSTEM

7.3M Dec 23 18:29 /sda2/~/RP62/~SYSTEM

7.3M Dec 24 19:22 /sda2/~/RP63/~SYSTEM

7.3M Dec 26 14:00 /sda2/~/RP64/~SYSTEM

7.3M Dec 28 02:02 /sda2/~/RP65/~SYSTEM

7.3M Dec 29 02:36 /sda2/~/RP66/~SYSTEM

7.3M Dec 30 18:43 /sda2/~/RP67/~SYSTEM

7.3M Dec 31 20:34 /sda2/~/RP68/~SYSTEM

7.3M Jan 1 23:22 /sda2/~/RP69/~SYSTEM

7.3M Jan 2 22:30 /sda2/~/RP70/~SYSTEM

7.3M Jan 5 15:41 /sda2/~/RP71/~SYSTEM

7.3M Jan 6 23:40 /sda2/~/RP72/~SYSTEM

7.3M Jan 9 14:44 /sda2/~/RP73/~SYSTEM

7.3M Jan 10 17:35 /sda2/~/RP74/~SYSTEM

7.3M Jan 11 18:04 /sda2/~/RP75/~SYSTEM

7.3M Jan 13 15:58 /sda2/~/RP76/~SYSTEM

7.3M Jan 15 14:07 /sda2/~/RP77/~SYSTEM

Link to post
Share on other sites

  • Staff

Hello

sorry am at work and had to do a few things but should be around for few hours nowLet's see if there is an available registry backup we can use to help get your computer booting properly

  • Boot the Sick computer with the USB drive again
  • Press File
  • Expand mnt
  • Expand your USB (sdb1)
  • Press Tool at the top
  • Choose Open Terminal
  • Type bash rst.sh -r
  • Type 69
  • Press Enter
  • After it has finished a report will be located at sdb1 named restore.log
  • Please try to boot into normal Windows now and indicate if you were successful

Please note - all text entries are case sensitive

Copy and paste the restore.log from your USB drive for my review

Link to post
Share on other sites

  • Staff

 

Hello

try running these while you have a chance

 

These are the programs I would like you to run next, if you have any problems with these just skip it and run the next one.

 

-AdwCleaner-

  • Please download
AdwCleaner by Xplode onto your desktop.
  • Close all open programs and internet browsers.
  • Double click on AdwCleaner.exe to run the tool.
  • Click on Delete.
  • Confirm each time with Ok.
  • Your computer will be rebooted automatically. A text file will open after the restart.
  • Please post the content of that logfile with your next answer.
  • You can find the logfile at C:\AdwCleaner[s1].txt as well.

--RogueKiller--

  • Download & SAVE to your Desktop RogueKiller or from here
    • Quit all programs that you may have started.
    • Please disconnect any USB or external drives from the computer before you run this scan!
    • For Vista or Windows 7, right-click and select "Run as Administrator to start"
    • For Windows XP, double-click to start.
    • Wait until Prescan has finished ...
    • Then Click on "Scan" button
    • Wait until the Status box shows "Scan Finished"
    • click on "delete"
    • Wait until the Status box shows "Deleting Finished"
    • Click on "Report" and copy/paste the content of the Notepad into your next reply.
    • The log should be found in RKreport[1].txt on your Desktop
    • Exit/Close RogueKiller+

Gringo

Link to post
Share on other sites

So I went back to 66 and I still have the issue. I have a white screen for a really long time now, while the computer is thinking, and then the moneypak thing pops up.

SOFTWARE hive restored from RP66

SYSTEM hive restored from RP66

SECURITY hive restored from RP66

SAM hive restored from RP66

Link to post
Share on other sites

In safe mode, it jumps right to the moneypak screen, more quickly than in regular mode. In the regular mode, I have about 30 seconds of a blank white screen before the moneypak pops up. Thanks for sticking with me...I might have to call it a day soon, but will pick back up tomorrow. Hopefully, using the tool you sent me, I can pull my files off the infected computer. Will that program allow me to run an executable file? I appreciate any more advice you have.

Link to post
Share on other sites

Guest
This topic is now closed to further replies.
  • Recently Browsing   0 members

    • No registered users viewing this page.

Back to top
×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.