ScottT

Maniac!!!! I rebooted and I am at my normal desktop screen. At an earlier point before you became involved, I tried to do a System Restore to an earlier time. This was not possible then. However, now I am presented with a System Restore warning window that is informing me of the unsuccessful System Restore effort. What steps do you suggest that I take now? (I am currently disconnected from the internet) Note: We do have Kaspersky but it did expire and it was not running. Do you suggest we sign up for the license and run a full scan using the Kaspersky program? Thank you. Please check your paypal.

Maniac... I just noticed that after the first line, there is a space at the beginning of each line in my Notepad file. I ran it again. Here is the fixlog.txt: Fix result of Farbar Recovery Tool (FRST written by Farbar) (x86) Version: 14-05-2013 Ran by SYSTEM at 2013-05-19 10:43:24 Run:4 Running from L:\ Boot Mode: Recovery ============================================== HKLM\Software\Microsoft\Windows\CurrentVersion\Run\\ => Value not found. HKLM\Software\Classes\CLSID\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InprocServer32\\Default => Value was restored successfully. HKEY_USERS\Ownetr\Software\Microsoft\Windows\CurrentVersion\Run\\qcgce2mrvjq91kk1e7pnbb19m52fx => Value not found. HKEY_USERS\Ownetr\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\\Shell => Value deleted successfully. C:\ProgramData\Application Data\2433f433 => Moved successfully. C:\ProgramData\2433f433 => File/Directory not found. C:\Users\Ownetr\Application Data\2433f433 => Moved successfully. C:\Users\Ownetr\AppData\Roaming\2433f433 => File/Directory not found. C:\Users\Ownetr\Local Settings\Application Data\2433f433 => Moved successfully. C:\Users\Ownetr\Local Settings\2433f433 => File/Directory not found. C:\Users\Ownetr\AppData\Local\2433f433 => File/Directory not found. C:\Users\Ownetr\My Documents\5d92534.exe => File/Directory not found. C:\Users\Ownetr\My Documents\5d92534.dll => Moved successfully. C:\Users\Ownetr\Documents\5d92534.exe => File/Directory not found. C:\Users\Ownetr\Documents\5d92534.dll => File/Directory not found. C:\Windows\Installer\{501abf18-ab15-8200-b433-083c56065162} => Moved successfully. C:\Users\Ownetr\AppData\Local\{501abf18-ab15-8200-b433-083c56065162} => Moved successfully. ==== End of Fixlog ==== Is this any better? Thank you.

Yes, each entry in the fixlist.txt is on individual lines. Here is the copy and paste from my Notepad: HKLM\...\Run: [] [x] HKLM\...\InprocServer32: [Default-wbemess] \\.\globalroot\systemroot\Installer\{501abf18-ab15-8200-b433-083c56065162}\n. HKU\Ownetr\...\Run: [qcgce2mrvjq91kk1e7pnbb19m52fx] C:\Users\Ownetr\Documents\5d92534.exe [ 2013-05-16] () HKU\Ownetr\...\Winlogon: [shell] cmd.exe [ 2008-01-20] (Microsoft Corporation) C:\ProgramData\Application Data\2433f433 C:\ProgramData\2433f433 C:\Users\Ownetr\Application Data\2433f433 C:\Users\Ownetr\AppData\Roaming\2433f433 C:\Users\Ownetr\Local Settings\Application Data\2433f433 C:\Users\Ownetr\Local Settings\2433f433 C:\Users\Ownetr\AppData\Local\2433f433 C:\Users\Ownetr\My Documents\5d92534.exe C:\Users\Ownetr\My Documents\5d92534.dll C:\Users\Ownetr\Documents\5d92534.exe C:\Users\Ownetr\Documents\5d92534.dll C:\Windows\Installer\{501abf18-ab15-8200-b433-083c56065162} C:\Users\Ownetr\AppData\Local\{501abf18-ab15-8200-b433-083c56065162}I ran it twice but the results look similar: Fix result of Farbar Recovery Tool (FRST written by Farbar) (x86) Version: 14-05-2013 Ran by SYSTEM at 2013-05-19 10:23:59 Run:3 Running from L:\ Boot Mode: Recovery ============================================== HKLM\Software\Microsoft\Windows\CurrentVersion\Run\\ => Value not found. HKLM\Software\Classes\CLSID\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InprocServer32\\Default => Value was restored successfully. HKEY_USERS\ Ownetr\Software\Microsoft\Windows\CurrentVersion\Run\\ qcgce2mrvjq91kk1e7pnbb19m52fx => Value not found. HKEY_USERS\ Ownetr\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\\Shell => Value not found. ==== End of Fixlog ==== Regarding one of your earlier replies: "Open Notepad (Start => All Programs => Accessories => Notepad). Please copy the entire contents of the code box below. (To do this highlight the contents of the box, right click on it and select copy. Right-click in the open Notepad and select Paste). Save it on the flashdrive as fixlist.txt" The "fixlist.txt" file disappears from the flash drive after the FRST.exe file runs. So, it seems to polling that information correctly. When in the F R S T window, Should I be selecting "Addition.txt" in the Optional Scan window?

Maniac: I am back working on this. Sorry for the delay. I had some family matters to attend. Status: 1. Fixlist is saved to a flash drive. 2. Below is the fixlog.txt (I tried to attach it as a file but I cannot find the "attach file" button now?) Fixlog.txt: Fix result of Farbar Recovery Tool (FRST written by Farbar) (x86) Version: 14-05-2013 Ran by SYSTEM at 2013-05-19 08:31:58 Run:1 Running from M:\ Boot Mode: Recovery ============================================== HKLM\Software\Microsoft\Windows\CurrentVersion\Run\\ => Value deleted successfully. HKLM\Software\Classes\CLSID\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InprocServer32\\Default => Value was restored successfully. HKEY_USERS\ Ownetr\Software\Microsoft\Windows\CurrentVersion\Run\\ qcgce2mrvjq91kk1e7pnbb19m52fx => Value not found. HKEY_USERS\ Ownetr\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\\Shell => Value not found. ==== End of Fixlog ==== Thank you.

That is what I guessed originally. Thank you.

One question before I proceed, how do I know if I have a 32 or 64 bit system? I cannot get to the START button or My Computer. I can only interrupt the system start up with the F8 key which allows me to get to the SYSTEM RECOVERY OPTIONS and COMMAND PROMPT. Thank you. I will be happy to donate to your paypal account.

Wow...that is bad. Thank you for the timely reply. Approach: 1. We will change all account passwords immediately. 2. Since we have some files that we would like to recover (family pictures, etc.), we'd like to see if you can clean the computer to the point where we can get these documents. Once that is complete, if possible, we'd reformat the system and start over. Therefore, please advise steps to clean as much as possible. Thank you again.

I'm infected with the MoneyPak virus on our home desktop. I do have access via a laptop. I've followed a few of the posts and tried to resolve with not much sucess. Status: I can get to a command prompt via Shift8 key during start up. I have run the procedure to generate the Search.txt and the FRST.txt files, attached. But now I am stuck. Thanks ScottT FRST.txt Search.txt

Hi Mr.C: FBI MoneyPak Virus Windows Vista Cannot get to Safe Mode with Networking. I'm new as well. I followed your sequence with the FRST.exe, did the reboot but the virus remains. Attached are the two text logs: Thanks ScottT Search.txt FRST.txt