clspartan

OK... It worked!!! Is there something else I need to do to remove any remnants???

Trying to reboot now

when i X out of the prompt it goes back to the Moneypak page

no... a black screen with a command prompt box shows...

Sorry I am taking so long... Goin back n forth between PC n Mac... here is the fix log: Fix result of Farbar Recovery Tool (FRST written by Farbar) (x86) Version: 17-07-2013 02Ran by SYSTEM at 2013-07-17 15:28:21 Run:1Running from K:\Boot Mode: Recovery ============================================== HKU\Craig\...\Run: [qcgce2mrvjq91kk1e7pnbb19m52fx] - C:\Users\Craig\AppData\Local\Temp\fiuhempovaqntlvfj.exe [ 2013-07-17] (NVIDIA Corporation) <===== ATTENTION
HKU\Craig\...\Winlogon: [shell] cmd.exe [ 2010-11-20] (Microsoft Corporation) <==== ATTENTION
HKU\Craig\Software\Microsoft\Command Processor\\AutoRun => Value not found.HKU\Craig\Software\Microsoft\Windows\CurrentVersion\Run\\qcgce2mrvjq91kk1e7pnbb19m52fx => Value deleted successfully.HKU\Craig\...\Run: [qcgce2mrvjq91kk1e7pnbb19m52fx] - C:\Users\Craig\AppData\Local\Temp\fiuhempovaqntlvfj.exe [ 2013-07-17] (NVIDIA Corporation) <===== ATTENTION
HKU\Craig\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\\Shell => Value not found. ==== End of Fixlog ====

Ugh... Nevermind... I got it

How do I enter System Recovery Options?

OK here is what i got running FRST.exe: Scan result of Farbar Recovery Scan Tool (FRST) (x86) Version: 17-07-2013 02Ran by SYSTEM on 17-07-2013 14:12:57Running from K:\Windows 7 Home Premium (X86) OS Language: English(US)Internet Explorer Version 10Boot Mode: Recovery The current controlset is ControlSet001ATTENTION!:=====> FRST is updated to run from normal or Safe mode to produce a full FRST.txt log and Addition.txt log. ==================== Registry (Whitelisted) ================== HKU\Administrator\...\RunOnce: [mctadmin] - C:\Windows\System32\mctadmin.exe [ 2009-07-13] (Microsoft Corporation)HKU\Craig\...\Run: [Weather] - C:\Program Files\AWS\WeatherBug\Weather.exe 1 [ 2009-10-20] (AWS Convergence Technologies, Inc.)HKU\Craig\...\Run: [swg] - "C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [x]HKU\Craig\...\Run: [iSUSPM] - "C:\Program Files\Common Files\InstallShield\UpdateService\ISUSPM.exe" -scheduler [x]HKU\Craig\...\Run: [Google Update] - "C:\Users\Craig\AppData\Local\Google\Update\GoogleUpdate.exe" /c [ 2012-06-20] (Google Inc.)HKU\Craig\...\Run: [qcgce2mrvjq91kk1e7pnbb19m52fx] - C:\Users\Craig\AppData\Local\Temp\fiuhempovaqntlvfj.exe [ 2013-07-17] (NVIDIA Corporation) <===== ATTENTIONHKU\Craig\...\RunOnce: [FlashPlayerUpdate] - C:\Windows\system32\Macromed\Flash\FlashUtil32_11_7_700_224_ActiveX.exe -update activex [ 2013-06-12] (Adobe Systems Incorporated)HKU\Craig\...\Winlogon: [shell] cmd.exe [ 2010-11-20] (Microsoft Corporation) <==== ATTENTION HKU\Craig\...\Command Processor: "C:\Users\Craig\AppData\Local\Temp\fiuhempovaqntlvfj.exe" <===== ATTENTION!HKU\Default\...\RunOnce: [mctadmin] - C:\Windows\System32\mctadmin.exe [ 2009-07-13] (Microsoft Corporation)HKU\Default User\...\RunOnce: [mctadmin] - C:\Windows\System32\mctadmin.exe [ 2009-07-13] (Microsoft Corporation)Startup: C:\Users\Craig\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Picture Motion Browser Media Check Tool.lnkShortcutTarget: Picture Motion Browser Media Check Tool.lnk -> C:\Program Files\Sony\Sony Picture Utility\VolumeWatcher\SPUVolumeWatcher.exe (Sony Corporation) ========================== Services (Whitelisted) ================= S2 AdobeActiveFileMonitor6.0; C:\Program Files\Adobe\Photoshop Elements 6.0\PhotoshopElementsFileAgent.exe [124832 2007-09-10] ()S2 MBAMScheduler; C:\Program Files\Malwarebytes' Anti-Malware\mbamscheduler.exe [418376 2013-04-04] (Malwarebytes Corporation)S2 MBAMService; C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe [701512 2013-04-04] (Malwarebytes Corporation)S2 N360; C:\Program Files\Norton 360\Engine\20.4.0.40\diMaster.dll [556336 2013-05-29] (Symantec Corporation)S3 Symantec RemoteAssist; C:\Program Files\Common Files\Symantec Shared\Support Controls\ssrc.exe [394704 2008-01-29] (Symantec, Inc.) ==================== Drivers (Whitelisted) ==================== S1 BHDrvx86; C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_20.3.1.22\Definitions\BASHDefs\20130620.001\BHDrvx86.sys [1002072 2013-05-31] (Symantec Corporation)S1 ccSet_N360; C:\Windows\system32\drivers\N360\1404000.028\ccSetx86.sys [134744 2013-04-15] (Symantec Corporation)S1 eeCtrl; C:\Program Files\Common Files\Symantec Shared\EENGINE\eeCtrl.sys [376480 2013-02-14] (Symantec Corporation)S1 IDSVix86; C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_20.3.1.22\Definitions\IPSDefs\20130626.001\IDSvix86.sys [386720 2013-06-05] (Symantec Corporation)S3 MBAMProtector; C:\Windows\system32\drivers\mbam.sys [22856 2013-04-04] (Malwarebytes Corporation)S3 NAVENG; C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_20.3.1.22\Definitions\VirusDefs\20130627.001\NAVENG.SYS [93272 2013-06-03] (Symantec Corporation)S3 NAVEX15; C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_20.3.1.22\Definitions\VirusDefs\20130627.001\NAVEX15.SYS [1611992 2013-06-03] (Symantec Corporation)S3 SRTSP; C:\Windows\System32\Drivers\N360\1404000.028\SRTSP.SYS [603224 2013-05-15] (Symantec Corporation)S1 SRTSPX; C:\Windows\system32\drivers\N360\1404000.028\SRTSPX.SYS [32344 2013-03-04] (Symantec Corporation)S0 SymDS; C:\Windows\System32\drivers\N360\1404000.028\SYMDS.SYS [367704 2013-05-20] (Symantec Corporation)S0 SymEFA; C:\Windows\System32\drivers\N360\1404000.028\SYMEFA.SYS [934488 2013-05-22] (Symantec Corporation)S3 SymEvent; C:\Windows\system32\Drivers\SYMEVENT.SYS [142496 2013-06-18] (Symantec Corporation)S1 SymIRON; C:\Windows\system32\drivers\N360\1404000.028\Ironx86.SYS [175264 2013-03-04] (Symantec Corporation)S1 SymNetS; C:\Windows\System32\Drivers\N360\1404000.028\SYMNETS.SYS [339544 2013-04-24] (Symantec Corporation)S3 RimUsb; System32\Drivers\RimUsb.sys [x] ==================== NetSvcs (Whitelisted) =================== ==================== One Month Created Files and Folders ======== 2013-07-17 14:12 - 2013-07-17 14:12 - 00000000 ____D C:\FRST2013-07-17 08:23 - 2013-07-17 08:23 - 01097645 _____ C:\Users\Craig\AppData\Roaming\2433f4332013-07-17 08:23 - 2013-07-17 08:23 - 01097645 _____ C:\Users\Craig\AppData\Local\2433f4332013-07-17 08:23 - 2013-07-17 08:23 - 01097642 _____ C:\ProgramData\2433f4332013-07-11 23:22 - 2013-06-11 15:43 - 14329856 _____ (Microsoft Corporation) C:\Windows\System32\mshtml.dll2013-07-11 23:22 - 2013-06-11 15:43 - 02877440 _____ (Microsoft Corporation) C:\Windows\System32\jscript9.dll2013-07-11 23:22 - 2013-06-11 15:43 - 01767936 _____ (Microsoft Corporation) C:\Windows\System32\wininet.dll2013-07-11 23:22 - 2013-06-11 15:43 - 01141248 _____ (Microsoft Corporation) C:\Windows\System32\urlmon.dll2013-07-11 23:22 - 2013-06-11 15:43 - 00690688 _____ (Microsoft Corporation) C:\Windows\System32\jscript.dll2013-07-11 23:22 - 2013-06-11 15:43 - 00493056 _____ (Microsoft Corporation) C:\Windows\System32\msfeeds.dll2013-07-11 23:22 - 2013-06-11 15:43 - 00042496 _____ (Microsoft Corporation) C:\Windows\System32\ie4uinit.exe2013-07-11 23:22 - 2013-06-11 15:43 - 00039424 _____ (Microsoft Corporation) C:\Windows\System32\jsproxy.dll2013-07-11 23:22 - 2013-06-11 15:42 - 13760512 _____ (Microsoft Corporation) C:\Windows\System32\ieframe.dll2013-07-11 23:22 - 2013-06-11 15:42 - 02046976 _____ (Microsoft Corporation) C:\Windows\System32\iertutil.dll2013-07-11 23:22 - 2013-06-11 15:42 - 00391168 _____ (Microsoft Corporation) C:\Windows\System32\ieui.dll2013-07-11 23:22 - 2013-06-11 15:42 - 00109056 _____ (Microsoft Corporation) C:\Windows\System32\iesysprep.dll2013-07-11 23:22 - 2013-06-11 15:42 - 00061440 _____ (Microsoft Corporation) C:\Windows\System32\iesetup.dll2013-07-11 23:22 - 2013-06-11 15:42 - 00033280 _____ (Microsoft Corporation) C:\Windows\System32\iernonce.dll2013-07-11 23:22 - 2013-06-11 14:51 - 00071680 _____ (Microsoft Corporation) C:\Windows\System32\RegisterIEPKEYs.exe2013-07-11 23:22 - 2013-06-06 18:37 - 02706432 _____ (Microsoft Corporation) C:\Windows\System32\mshtml.tlb2013-07-11 08:52 - 2013-06-04 19:05 - 02347520 _____ (Microsoft Corporation) C:\Windows\System32\win32k.sys2013-07-11 08:52 - 2013-06-03 20:53 - 00509440 _____ (Microsoft Corporation) C:\Windows\System32\qedit.dll2013-07-11 08:52 - 2013-05-05 20:56 - 01620480 _____ (Microsoft Corporation) C:\Windows\System32\WMVDECOD.DLL2013-07-11 08:52 - 2013-04-09 15:34 - 01247744 _____ (Microsoft Corporation) C:\Windows\System32\DWrite.dll ==================== One Month Modified Files and Folders ======= 2013-07-17 14:12 - 2013-07-17 14:12 - 00000000 ____D C:\FRST2013-07-17 09:50 - 2009-07-13 20:39 - 00071257 _____ C:\Windows\setupact.log2013-07-17 09:44 - 2009-11-07 21:09 - 00308000 _____ C:\Windows\PFRO.log2013-07-17 09:44 - 2009-07-13 20:34 - 00014272 ____H C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A02013-07-17 09:44 - 2009-07-13 20:34 - 00014272 ____H C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A02013-07-17 09:43 - 2009-11-06 23:08 - 01958498 _____ C:\Windows\WindowsUpdate.log2013-07-17 08:23 - 2013-07-17 08:23 - 01097645 _____ C:\Users\Craig\AppData\Roaming\2433f4332013-07-17 08:23 - 2013-07-17 08:23 - 01097645 _____ C:\Users\Craig\AppData\Local\2433f4332013-07-17 08:23 - 2013-07-17 08:23 - 01097642 _____ C:\ProgramData\2433f4332013-07-11 23:59 - 2009-07-13 18:37 - 00000000 ____D C:\Windows\Microsoft.NET2013-07-11 23:47 - 2009-07-13 20:33 - 00508192 _____ C:\Windows\System32\FNTCACHE.DAT2013-07-11 23:45 - 2009-07-13 23:49 - 00000000 ____D C:\Program Files\Windows Journal2013-07-11 23:45 - 2009-07-13 20:52 - 00000000 ____D C:\Program Files\Windows Defender2013-07-11 23:26 - 2009-11-07 05:25 - 00739906 _____ C:\Windows\System32\PerfStringBackup.INI2013-07-11 23:17 - 2009-11-07 05:27 - 75699896 _____ (Microsoft Corporation) C:\Windows\System32\MRT.exe2013-07-10 06:06 - 2009-11-07 08:57 - 00000000 ____D C:\Users\Craig\AppData\Local\Google2013-07-09 08:07 - 2012-06-27 05:42 - 00000000 ____D C:\Windows\System32\Drivers\N3602013-07-09 08:07 - 2009-11-07 08:16 - 00000000 ____D C:\Users\Craig\AppData\Local\WeatherBug2013-07-09 08:05 - 2012-06-27 05:44 - 00002241 _____ C:\Users\Public\Desktop\Norton 360.lnk2013-07-09 08:05 - 2009-07-13 18:37 - 00000000 __RHD C:\Users\Public\Desktop2013-06-22 18:56 - 2009-07-13 18:37 - 00000000 ____D C:\Windows\rescache2013-06-18 12:06 - 2012-06-27 05:44 - 00142496 _____ (Symantec Corporation) C:\Windows\System32\Drivers\SYMEVENT.SYS2013-06-18 12:06 - 2012-06-27 05:44 - 00007611 _____ C:\Windows\System32\Drivers\SYMEVENT.CAT Files to move or delete:====================C:\Users\Craig\GoToAssistDownloadHelper.exeC:\ProgramData\7619792.padC:\ProgramData\l_0_00_re.pad ==================== Known DLLs (Whitelisted) ============ ==================== Bamital & volsnap Check ================= C:\Windows\explorer.exe => MD5 is legitC:\Windows\System32\winlogon.exe => MD5 is legitC:\Windows\System32\wininit.exe => MD5 is legitC:\Windows\System32\svchost.exe => MD5 is legitC:\Windows\System32\services.exe => MD5 is legitC:\Windows\System32\User32.dll => MD5 is legitC:\Windows\System32\userinit.exe => MD5 is legitC:\Windows\System32\Drivers\volsnap.sys => MD5 is legit ==================== EXE ASSOCIATION ===================== HKLM\...\.exe: exefile => OKHKLM\...\exefile\DefaultIcon: %1 => OKHKLM\...\exefile\open\command: "%1" %* => OK ==================== Restore Points ========================= Restore point made on: 2013-05-28 23:03:17Restore point made on: 2013-06-10 16:51:24Restore point made on: 2013-06-12 23:01:24Restore point made on: 2013-06-22 18:55:17Restore point made on: 2013-06-30 10:01:54Restore point made on: 2013-07-07 20:00:31Restore point made on: 2013-07-11 23:01:02 ==================== Memory info =========================== Percentage of memory in use: 37%Total physical RAM: 1013.18 MBAvailable physical RAM: 636.07 MBTotal Pagefile: 1013.18 MBAvailable Pagefile: 638.02 MBTotal Virtual: 2047.88 MBAvailable Virtual: 1931.3 MB ==================== Drives ================================ Drive c: () (Fixed) (Total:229.47 GB) (Free:36.13 GB) NTFS ==>[Drive with boot components (obtained from BCD)]Drive e: () (Fixed) (Total:186.31 GB) (Free:4.3 GB) NTFSDrive j: (My Book) (Fixed) (Total:465.65 GB) (Free:77.21 GB) FAT32Drive k: (Lexar) (Removable) (Total:14.92 GB) (Free:4.99 GB) FAT32Drive x: (Boot) (Fixed) (Total:0.03 GB) (Free:0.03 GB) NTFS ==================== MBR & Partition Table ================== ========================================================Disk: 0 (MBR Code: Windows 7 or 8) (Size: 233 GB) (Disk ID: 41AB2316)Partition 1: (Not Active) - (Size=47 MB) - (Type=DE)Partition 2: (Active) - (Size=229 GB) - (Type=07 NTFS)Partition 3: (Not Active) - (Size=3 GB) - (Type=DB) ========================================================Disk: 1 (MBR Code: Windows XP) (Size: 186 GB) (Disk ID: 8BE403AA)Partition 1: (Not Active) - (Size=186 GB) - (Type=07 NTFS) ========================================================Disk: 6 (Size: 466 GB) (Disk ID: 44FDFE06)Partition 1: (Not Active) - (Size=466 GB) - (Type=0C) ========================================================Disk: 7 (MBR Code: Windows XP) (Size: 15 GB) (Disk ID: C3072E18)Partition 1: (Active) - (Size=15 GB) - (Type=0C) LastRegBack: 2013-07-15 09:47 ==================== End Of Log ============================

I am running windows 7

I turned on the computer, logged in, and got a FBI warning with the moneypak page. It is not allowing me to reboot in safe mode with networking... I followed some previous steps and have applied the FRST.exe file as suggested... Where do I go from here?... as it appears that the script content from previous posts is unique to each individual.

Nevermind... I found it... Thanks for the quick reply too!!

How do I start a new topic on this site?

Mr Charlie I have the same moneypak virus problem can i follow the same steps to clear it up??