Need help with FBI Moneypak virus

[dboj]

Hello,

 

My dell laptop has been infected with the FBI Moneypack virus. Attached is the FRST.txt file. Help would be much appreciated!!

 

Best,

dboj

FRST.txt

[Psychotic]

Fix with FRST (Recovery Environment)

• Open notepad (Start =>All Programs => Accessories => Notepad).
• Please copy the entire contents of the code box below.
  (To do this highlight the contents of the box, right click on it and select copy. Right-click in the open notepad and select Paste). Save it on the flashdrive as fixlist.txt
  
  

  HKLM-x32\...\Winlogon: [Shell] C:\Users\Didi\AppData\Roaming\Microsoft\Windows\Templates\securitywindrv.exe [x ] ()HKLM\...D6A79037F57F\InprocServer32: [Default-fastprox]  ATTENTION! ====> ZeroAccessHKLM-x32\...\Run: [DisplaySwitch] "C:\Users\Didi\AppData\Roaming\Microsoft\Windows\Templates\securitywindrv.exe" [46080 2013-08-23] ()Startup: C:\Users\Didi\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\MyPC Backup.lnkShortcutTarget: MyPC Backup.lnk -> C:\Program Files (x86)\MyPC Backup\MyPC Backup.exe (MyPCBackup.com)S2 ?etadpug; "C:\Program Files (x86)\Google\Desktop\Install\{4dad04f6-b2c5-024f-5627-6417a7e2306e}\   \...\???\{4dad04f6-b2c5-024f-5627-6417a7e2306e}\GoogleUpdate.exe" < [x]S2 Update SaltarSmart; C:\Program Files (x86)\SaltarSmart\updateSaltarSmart.exe [206624 2013-08-26] (SaltarSmart)S2 BackupStack; C:\Program Files (x86)\MyPC Backup\BackupStack.exe [x]C:\Users\Didi\AppData\Roaming\Microsoft\Windows\Templates\securitywindrv.exeC:\Program Files (x86)\MyPC BackupC:\Program Files (x86)\GoogleC:\Users\Didi\AppData\Local\ConduitC:\Program Files (x86)\Vafmusic6C:\Program Files (x86)\MyPC BackupC:\Program Files (x86)\ConduitC:\Program Files (x86)\SearchProtectC:\Users\Didi\Downloads\Setup (1).exeC:\Users\Didi\Desktop\MyPC Backup.lnkC:\Users\Didi\Desktop\Optimizer Pro.lnkC:\Users\Didi\AppData\Roaming\Optimizer ProC:\Users\Didi\AppData\Local\CREC:\Program Files (x86)\SaltarSmartC:\Users\Didi\AppData\Local\DefineExtC:\Users\Didi\AppData\Roaming\SearchProtectC:\Users\Didi\AppData\Roaming\DefaultTabC:\Users\Didi\AppData\Roaming\0D0S1L2Z1P1B0T1P1B2ZC:\Program Files (x86)\OpenItC:\Program Files (x86)\LyriXeekerC:\Users\Didi\jucheck.exeC:\Users\Didi\chrome.exeC:\Users\Didi\alg.exeC:\$Recycle.Bin\S-1-5-21-1774169416-1426424659-2584523098-1000\$4dad04f6b2c5024f56276417a7e2306eC:\$Recycle.Bin\S-1-5-18\$4dad04f6b2c5024f56276417a7e2306e

  
  
  NOTICE: This script was written specifically for this user, for use on that particular machine. Running this on another machine may cause damage to your operating system
  
  Now please enter System Recovery Options again.
  
• Run frst.exe (on 64bit, run frst64.exe) and press the Fix button just once and wait.
• The tool will make a log on the flashdrive (Fixlog.txt) please post it to your reply.
  

 

 

 

Now boot into windows!

 

 

 

Combofix

Combofix should only be run when adviced by a team member!

Link


Important - Save the file to your desktop!

• Deactivate any and all of your antivirus programs /spyware scanners - they can prevent CF from doing its work.
• Run Combofix.exe
  

When finished, Combofix creates a log file named C:\Combofix.txt. Please post its content in your next reply.

Note: When receiving an error message containing ""Illegal operation attempted on a registry key that has been marked for deletion" simply restart your computer to fix this.

[Maurice Naggar]

Due to the lack of feedback this topic is closed to prevent others from posting here. If you need this topic reopened, please send a Private Message to any one of the moderating team members. Please include a link to this thread with your request. This applies only to the originator of this thread.

Other members who need assistance please start your own topic in a new thread. Thanks!