Restart the computer in safe mode with command prompt
Run Regedit
Search the Registry for Winlogon keys
Find the one that contains explorer.exe
There will be an additional key before explorer.exe referencing a random ocx file remove only the filename that is not explorer.exe. (in my instance it was dbu32.ocx)
Restart the computer normally
This virus disabled most services and deleted the windows firewall service so download and run: http://kb.eset.com/library/ESET/KB%20Team%20Only/Malware/ServicesRepair.exe
I recommend running the ESET online scanner: http://www.eset.com/us/online-scanner-popup/
and downloading Malwarebytes Anti-Malware: http://downloads.malwarebytes.org/mbam-download.php
FBI Warning Ransomeware Virus Removal
Previous post: Office 2013 VLK MAK Activation
Next post: Windows XP SP3 Stuck on Applying Computer Settings on Domain