FBI Moneypak Virus fixlist please

Welcome to Major Geeks!

Looks like you picked this up because you use Skype.

Download this >> View attachment fixlist.txt



Save fixlist.txt to your flash drive.

• You should now have both fixlist.txt and FRST64.exe on your flash drive.

Now reboot back into the System Recovery Options as you did previously.
Run FRST64 and press the Fix button just once and wait.
The tool will make a log on the flashdrive (Fixlog.txt).
Please attach this to your next message. (See how to attach)

Now boot into normal Windows and continue with the below.


Please follow the instructions in the below link:

READ & RUN ME FIRST. Malware Removal Guide

 

Before I can create a next fix, I need to understand something. I see signs of both McAfee and AVG antivirus programs in your logs but neither of these appear to be properly/fully installed. AVG does have a few things running though. To your knowledge, are you still using either of these?

Also I see the below which is a sign of an illegal activation of MSOffice.

O23 - Service: KMService - Unknown owner - C:\Windows\system32\srvany.exe

 

Okay then we will manually remove the rest of the left overs.

Yes. Two main reasons:

1. It's illegal to have hacked copies or bypass normal license keys.
2. It is a common source of malware getting onto PCs. Let's suppose the hack was created by an hacker in Russia whose hidden intention is to lure you in with the idea of a free copy of MS Office. And he make it even appear to be working properly for you. Now supposed they also added there own hooks into the program to capture information from your PC to steal personal info like credit card ...etc. Even they are not stealing info, can you really trust software that has been modified by unknown sources????

Now let's continue to remove AVG, McAfee and any other issues found in your logs.

First run this >> AVG Remover

Now we wil continue and the steps below will include additional references to AVG. If you don't see these items for AVG, just continue on as AVG Remover may have already cleaned them up.

Uninstall the below very old versions of software:
Java(TM) 6 Update 31

Now install the current version of Sun Java from: Sun Java Runtime Environment

Run C:\MGtools\analyse.exe by double clicking on it (Note: if using Vista or Win 7, don't double click, use right click and select Run As Administrator). This is really HijackThis (select Do a system scan only) and select the following lines but DO NOT CLICK FIX until you exit all browser sessions including the one you are reading in right now:

O2 - BHO: McAfee Phishing Filter - {27B4851A-3207-45A2-B947-BE8AFE6163AB} - c:\progra~1\mcafee\msk\mskapbho.dll (file missing)
O2 - BHO: WormRadar.com IESiteBlocker.NavFilter - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files (x86)\AVG\AVG9\avgssie.dll (file missing)
O3 - Toolbar: (no name) - {CCC7A320-B3CA-4199-B1A6-9F516DD69829} - (no file)
O4 - HKLM\..\Run: [AVG_UI] "C:\Program Files (x86)\AVG\AVG2013\avgui.exe" /TRAYONLY
O4 - HKLM\..\RunOnce: [AvgUninstallURL] cmd.exe /c start http://www.avg.com/ww.special-unins...0AMQAyAEEAVABCACsAMQA"&"prod=90"&"ver=9.0.894
O23 - Service: AVGIDSAgent - AVG Technologies CZ, s.r.o. - C:\Program Files (x86)\AVG\AVG2013\avgidsagent.exe
O23 - Service: AVG WatchDog (avgwd) - AVG Technologies CZ, s.r.o. - C:\Program Files (x86)\AVG\AVG2013\avgwdsvc.exe
O23 - Service: McAfee SiteAdvisor Service - Unknown owner - c:\PROGRA~2\mcafee\SITEAD~1\mcsacore.exe (file missing)
O23 - Service: McAfee Validation Trust Protection Service (mfevtp) - Unknown owner - C:\Windows\system32\mfevtps.exe (file missing)

After clicking Fix, exit HJT.

Please download OTM by Old Timer and save it to your Desktop.

• Right-click OTM.exe and select Run as administrator to run it.
• Copy the lines from the below codebox to the clipboard by highlighting ALL of them and pressing CTRL + C
  (or, after highlighting, right-click and choose Copy): Do not include the word Code: which is just a title line of
  the code box

Code:

:Processes
explorer.exe

:Services
AVGIDSAgent
avgwd
McAfee SiteAdvisor Service
mfevtp
:Files
C:\Program Files (x86)\AVG
c:\PROGRA~2\mcafee
c:\progra~1\mcafee
C:\Windows\system32\mfevtps.exe
C:\ProgramData\AVG2013
C:\ProgramData\GameXN
C:\ProgramData\McAfee
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\AVG
C:\$AVG
C:\Windows\SysNative\drivers\avgidsdrivera.sys
C:\Windows\SysNative\drivers\avgidsha.sys
C:\Windows\SysNative\drivers\avgldx64.sys
C:\Windows\SysNative\drivers\avgloga.sys
C:\Windows\SysNative\drivers\avgmfx64.sys
C:\Windows\SysNative\drivers\avgtdia.sys
C:\Windows\tasks\Ad-Aware Update (Weekly).job
C:\Users\Brandy Kawaii\AppData\Local\Temp\avginfo.id
C:\Users\Brandy Kawaii\AppData\Local\Temp\CRX_75DAF8CB7768
C:\Users\Brandy Kawaii\AppData\Local\Temp\div1F90.tmp
C:\Users\Brandy Kawaii\AppData\Local\Temp\div9913.tmp
C:\Users\Brandy Kawaii\AppData\Local\Temp\div9AC8.tmp
C:\Users\Brandy Kawaii\AppData\Local\Temp\Low

:Reg
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentVersion\Run]
"AVG_UI"=-
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentVersion\RunOnce]
"AvgUninstallURL"=-
[HKEY_LOCAL_MACHINE\software\Wow6432Node\microsoft\windows\currentVersion\Run]
"AVG_UI"=-
[HKEY_LOCAL_MACHINE\software\Wow6432Node\microsoft\windows\currentVersion\RunOnce]
"AvgUninstallURL"=-
[-HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\SearchScopes\{D16900B0-2EB8-4844-AE25-5180C27F970E}]
[-HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{27B4851A-3207-45A2-B947-BE8AFE6163AB}]
[-HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{3CA2F312-6F6E-4B53-A66E-4E65E497C8C0}]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
"{CCC7A320-B3CA-4199-B1A6-9F516DD69829}"=-
:Commands
[purity]
[EmptyTemp]
[start explorer]
[Reboot]

• Return to OTM, right click in the Paste List of Files/Folders to Move window (under the yellow bar
  ) and choose Paste.
• Now click the large http://forums.majorgeeks.com/chaslang/images/MoveIt!.png button.
• If OTM asks to reboot your computer, allow it to do so. The report should appear in Notepad after the reboot.
• Close OTM.

Now navigate to the C:\_OTM\MovedFiles folder ( assuming your Windows drive is C). This is where your log will be
saved in the form of Date and Time mmddyyyy_hhmmss.log. Just look for the most recent .log file. Attach
this log file to your next message.


Now run the C:\MGtools\GetLogs.bat file by double clicking on it (Note: if using Vista or Win7, don't double click, use right click and select Run As Administrator).

Then attach the below logs:

• the C:\_OTM\MovedFiles log
• C:\MGlogs.zip

Make sure you tell me how things are working now!

 

If you cannot no longer post replies in this thread, start a new thread to add your logs into. And reference this current thread whic is http://forums.majorgeeks.com/showthread.php?t=270896