Jump to content

FBI Moneypak help required


Recommended Posts

I know I am not the OP, but I am having the same issue so thought I could try to get some advice. I did the above instructions and here are the logs from the scan.

Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version: 09-01-2013

Ran by SYSTEM at 13-01-2013 16:17:52

Running from H:\

Windows 7 Home Premium (X64) OS Language: English(US)

The current controlset is ControlSet002

==================== Registry (Whitelisted) ===================

HKLM\...\Run: [intelliPoint] "c:\Program Files\Microsoft IntelliPoint\ipoint.exe" [2417032 2011-08-01] (Microsoft Corporation)

HKLM\...\Run: [sysTrayApp] C:\Program Files\IDT\WDM\sttray64.exe [1128448 2011-10-10] (IDT, Inc.)

HKLM\...\Run: [synTPEnh] %ProgramFiles%\Synaptics\SynTP\SynTPEnh.exe [2837288 2011-10-14] (Synaptics Incorporated)

HKLM\...\Run: [Zune Launcher] "C:\Program Files\Zune\ZuneLauncher.exe" [163552 2011-08-05] (Microsoft Corporation)

HKLM-x32\...\Run: [startNowToolbarHelper] "C:\Program Files (x86)\StartNow Toolbar\ToolbarHelper.exe" [x]

HKLM-x32\...\Run: [HP Quick Launch] C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch\HPMSGSVC.exe [578944 2012-03-05] (Hewlett-Packard Development Company, L.P.)

HKLM-x32\...\Run: [HPConnectionManager] C:\Program Files (x86)\Hewlett-Packard\HP Connection Manager\HPCMDelayStart.exe [103992 2011-05-23] (Hewlett-Packard Development Company L.P.)

HKLM-x32\...\Run: [Easybits Recovery] C:\Program Files (x86)\EasyBits For Kids\ezRecover.exe [61112 2011-03-16] (EasyBits Software AS)

HKLM-x32\...\Run: [sunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe" [252848 2012-07-03] (Sun Microsystems, Inc.)

HKLM-x32\...\Run: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [932288 2010-11-15] (Adobe Systems Incorporated)

HKLM-x32\...\Run: [startCCC] "C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" MSRun [336384 2011-07-05] (Advanced Micro Devices, Inc.)

HKLM-x32\...\Run: [Adobe Reader Speed Launcher] "C:\Program Files (x86)\Adobe\Reader 10.0\Reader\Reader_sl.exe" [35736 2010-11-15] (Adobe Systems Incorporated)

HKLM-x32\...\Run: [HPOSD] C:\Program Files (x86)\Hewlett-Packard\HP On Screen Display\HPOSD.exe [379960 2011-08-19] (Hewlett-Packard Development Company, L.P.)

HKLM-x32\...\Run: [] [x]

HKLM-x32\...\Run: [searchSettings] "C:\Program Files (x86)\Common Files\Spigot\Search Settings\SearchSettings.exe" [1123720 2012-11-28] (Spigot, Inc.)

HKU\Josh\...\Run: [steam] "C:\Program Files (x86)\Steam\Steam.exe" -silent [1354736 2012-12-09] (Valve Corporation)

HKU\Josh\...\Run: [spotify Web Helper] "C:\Users\Josh\AppData\Roaming\Spotify\Data\SpotifyWebHelper.exe" [1192664 2012-07-03] ()

HKU\Josh\...\Run: [startNow Search Protect] "C:\Program Files (x86)\StartNow Toolbar\search_protect.exe" /RELAY /REPORT /PROTECT [1352048 2012-09-06] ()

HKU\Josh\...\Run: [skype] "C:\Program Files (x86)\Skype\Phone\Skype.exe" /minimized /regrun [17877168 2012-11-09] (Skype Technologies S.A.)

HKU\Josh\...\Run: [rlqvaknd] C:\Users\Josh\AppData\Roaming\unzhaza [x]

HKU\Josh\...\Policies\system: [DisableTaskMgr] 1

HKLM\...\Winlogon: [shell] explorer.exe, C:\ProgramData\unzhaza [x ] ()

Tcpip\Parameters: [DhcpNameServer] 192.168.200.1

Startup: C:\Users\Josh\Start Menu\Programs\Startup\OpenOffice.org 3.3.lnk

ShortcutTarget: OpenOffice.org 3.3.lnk -> C:\Program Files (x86)\OpenOffice.org 3\program\quickstart.exe ()

==================== Services (Whitelisted) ===================

2 MBAMScheduler; "C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe" [399432 2012-09-29] (Malwarebytes Corporation)

2 MBAMService; "C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe" [676936 2012-09-29] (Malwarebytes Corporation)

2 N360; "C:\Program Files (x86)\Norton 360\Engine\6.4.0.9\ccSvcHst.exe" /s "N360" /m "C:\Program Files (x86)\Norton 360\Engine\6.4.0.9\diMaster.dll" /prefetch:1 [309688 2012-04-12] (Symantec Corporation)

2 Updater Service for StartNow Toolbar; C:\Program Files (x86)\StartNow Toolbar\ToolbarUpdaterService.exe [265952 2012-06-22] ()

==================== Drivers (Whitelisted) =====================

1 BHDrvx64; \??\C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_6.2.0.9\Definitions\BASHDefs\20120804.001\BHDrvx64.sys [1161376 2012-06-18] (Symantec Corporation)

1 ccSet_N360; C:\Windows\system32\drivers\N360x64\0604000.009\ccSetx64.sys [167072 2012-06-06] (Symantec Corporation)

1 eeCtrl; \??\C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\eeCtrl64.sys [484512 2012-08-11] (Symantec Corporation)

3 EraserUtilRebootDrv; \??\C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys [138912 2012-08-17] (Symantec Corporation)

1 IDSVia64; \??\C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_6.2.0.9\Definitions\IPSDefs\20120817.001\IDSvia64.sys [509088 2012-06-14] (Symantec Corporation)

3 MBAMProtector; \??\C:\Windows\system32\drivers\mbam.sys [25928 2012-09-29] (Malwarebytes Corporation)

3 NAVENG; \??\C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_6.2.0.9\Definitions\VirusDefs\20120820.002\ENG64.SYS [120440 2012-08-20] (Symantec Corporation)

3 NAVEX15; \??\C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_6.2.0.9\Definitions\VirusDefs\20120820.002\EX64.SYS [2068600 2012-08-20] (Symantec Corporation)

3 SRTSP; C:\Windows\System32\Drivers\N360x64\0604000.009\SRTSP64.SYS [737952 2012-07-05] (Symantec Corporation)

1 SRTSPX; C:\Windows\system32\drivers\N360x64\0604000.009\SRTSPX64.SYS [37536 2012-07-05] (Symantec Corporation)

0 SymDS; C:\Windows\System32\drivers\N360x64\0604000.009\SYMDS64.SYS [451192 2012-03-28] (Symantec Corporation)

0 SymEFA; C:\Windows\System32\drivers\N360x64\0604000.009\SYMEFA64.SYS [1129120 2012-05-21] (Symantec Corporation)

3 SymEvent; \??\C:\Windows\system32\Drivers\SYMEVENT64x86.SYS [175736 2012-05-04] (Symantec Corporation)

1 SymIRON; C:\Windows\system32\drivers\N360x64\0604000.009\Ironx64.SYS [190072 2012-03-28] (Symantec Corporation)

1 SymNetS; C:\Windows\System32\Drivers\N360x64\0604000.009\SYMNETS.SYS [405624 2012-03-28] (Symantec Corporation)

3 esgiguard; \??\C:\Program Files\Enigma Software Group\SpyHunter\esgiguard.sys [x]

==================== NetSvcs (Whitelisted) ====================

==================== One Month Created Files and Folders ========

2013-01-13 16:17 - 2013-01-13 16:17 - 00000000 ____D C:\FRST

2013-01-13 12:28 - 2013-01-13 12:58 - 00189440 ____A (BitTech Co. Ltd.) C:\Users\Josh\AppData\Roaming\unzhaza.exe

2013-01-13 12:05 - 2013-01-13 12:58 - 00189440 ____A (BitTech Co. Ltd.) C:\Users\Josh\AppData\Local\unzhaza.exe

2013-01-13 12:05 - 2013-01-13 12:49 - 00189440 ____A (BitTech Co. Ltd.) C:\Users\All Users\unzhaza.exe

2013-01-10 17:14 - 2012-11-08 21:45 - 00750592 ____A (Microsoft Corporation) C:\Windows\System32\win32spl.dll

2013-01-10 17:14 - 2012-11-08 20:43 - 00492032 ____A (Microsoft Corporation) C:\Windows\SysWOW64\win32spl.dll

2013-01-10 17:10 - 2012-11-22 19:26 - 03149824 ____A (Microsoft Corporation) C:\Windows\System32\win32k.sys

2013-01-10 17:10 - 2012-11-22 19:13 - 00068608 ____A (Microsoft Corporation) C:\Windows\System32\taskhost.exe

2013-01-10 17:10 - 2012-11-19 21:48 - 00307200 ____A (Microsoft Corporation) C:\Windows\System32\ncrypt.dll

2013-01-10 17:10 - 2012-11-19 20:51 - 00220160 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ncrypt.dll

2013-01-10 17:10 - 2012-10-31 21:43 - 02002432 ____A (Microsoft Corporation) C:\Windows\System32\msxml6.dll

2013-01-10 17:10 - 2012-10-31 21:43 - 01882624 ____A (Microsoft Corporation) C:\Windows\System32\msxml3.dll

2013-01-10 17:10 - 2012-10-31 20:47 - 01389568 ____A (Microsoft Corporation) C:\Windows\SysWOW64\msxml6.dll

2013-01-10 17:10 - 2012-10-31 20:47 - 01236992 ____A (Microsoft Corporation) C:\Windows\SysWOW64\msxml3.dll

2013-01-02 14:07 - 2013-01-02 15:13 - 00000000 ____D C:\Users\Josh\White Panda

2012-12-28 08:27 - 2012-12-28 08:27 - 00896488 ____A (Oracle Corporation) C:\Users\Josh\Downloads\jre-7u10-windows-i586-iftw.exe

2012-12-27 18:58 - 2012-11-28 07:35 - 00095184 ____A (Oracle Corporation) C:\Windows\SysWOW64\WindowsAccessBridge-32.dll

2012-12-27 18:58 - 2012-11-28 07:31 - 00174000 ____A (Oracle Corporation) C:\Windows\SysWOW64\javaw.exe

2012-12-27 18:58 - 2012-11-28 07:31 - 00173992 ____A (Oracle Corporation) C:\Windows\SysWOW64\java.exe

2012-12-27 18:56 - 2012-12-27 18:58 - 00004630 ____A C:\Windows\SysWOW64\jupdate-1.7.0_10-b18.log

2012-12-26 13:28 - 2013-01-10 17:12 - 00000000 ____D C:\Users\Josh\Frank Sinatra

2012-12-22 09:25 - 2012-12-16 09:11 - 00046080 ____A (Adobe Systems) C:\Windows\System32\atmlib.dll

2012-12-22 09:25 - 2012-12-16 06:45 - 00367616 ____A (Adobe Systems Incorporated) C:\Windows\System32\atmfd.dll

2012-12-22 09:25 - 2012-12-16 06:13 - 00295424 ____A (Adobe Systems Incorporated) C:\Windows\SysWOW64\atmfd.dll

2012-12-22 09:25 - 2012-12-16 06:13 - 00034304 ____A (Adobe Systems) C:\Windows\SysWOW64\atmlib.dll

2012-12-15 10:39 - 2012-12-15 10:43 - 114934578 ____A C:\Users\Josh\Downloads\Kendrick Lamar - Section.80 - DOPEHOOD.COM.zip

==================== One Month Modified Files and Folders =======

2013-01-13 16:17 - 2013-01-13 16:17 - 00000000 ____D C:\FRST

2013-01-13 13:00 - 2009-07-13 21:08 - 00000006 ___AH C:\Windows\Tasks\SA.DAT

2013-01-13 13:00 - 2009-07-13 20:51 - 00069800 ____A C:\Windows\setupact.log

2013-01-13 12:59 - 2012-01-05 19:26 - 00000000 ____D C:\Program Files (x86)\Steam

2013-01-13 12:58 - 2013-01-13 12:28 - 00189440 ____A (BitTech Co. Ltd.) C:\Users\Josh\AppData\Roaming\unzhaza.exe

2013-01-13 12:58 - 2013-01-13 12:05 - 00189440 ____A (BitTech Co. Ltd.) C:\Users\Josh\AppData\Local\unzhaza.exe

2013-01-13 12:58 - 2011-09-08 12:07 - 00000890 ____A C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job

2013-01-13 12:49 - 2013-01-13 12:05 - 00189440 ____A (BitTech Co. Ltd.) C:\Users\All Users\unzhaza.exe

2013-01-13 12:35 - 2011-07-16 22:46 - 01154896 ____A C:\Windows\WindowsUpdate.log

2013-01-13 12:15 - 2009-07-13 21:13 - 00727310 ____A C:\Windows\System32\PerfStringBackup.INI

2013-01-13 12:05 - 2009-07-13 20:45 - 00032064 ___AH C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0

2013-01-13 12:05 - 2009-07-13 20:45 - 00032064 ___AH C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0

2013-01-13 12:00 - 2011-09-08 12:07 - 00000894 ____A C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job

2013-01-12 13:09 - 2012-10-20 19:08 - 00000000 ____D C:\Users\Josh\AppData\Roaming\Skype

2013-01-11 20:34 - 2009-07-13 19:20 - 00000000 ____D C:\Windows\LiveKernelReports

2013-01-11 16:53 - 2009-07-13 19:20 - 00000000 ____D C:\Windows\System32\NDF

2013-01-11 10:15 - 2009-07-13 20:45 - 00295264 ____A C:\Windows\System32\FNTCACHE.DAT

2013-01-11 10:05 - 2012-01-11 15:12 - 67599240 ____A (Microsoft Corporation) C:\Windows\System32\MRT.exe

2013-01-10 19:14 - 2012-03-14 03:00 - 00000340 ____A C:\Windows\Tasks\HPCeeScheduleForJOSH-HP$.job

2013-01-10 17:12 - 2012-12-26 13:28 - 00000000 ____D C:\Users\Josh\Frank Sinatra

2013-01-10 16:52 - 2011-08-21 16:34 - 00000052 ____A C:\Windows\SysWOW64\DOErrors.log

2013-01-02 16:17 - 2012-10-20 19:08 - 00000000 ____D C:\Users\All Users\Skype

2013-01-02 16:16 - 2012-02-26 16:01 - 00000328 ____A C:\Windows\Tasks\HPCeeScheduleForJosh.job

2013-01-02 16:10 - 2011-02-10 11:23 - 00000000 ____D C:\SWSetup

2013-01-02 15:13 - 2013-01-02 14:07 - 00000000 ____D C:\Users\Josh\White Panda

2013-01-02 15:09 - 2011-08-20 13:43 - 00000000 ____D C:\users\Josh

2012-12-28 08:27 - 2012-12-28 08:27 - 00896488 ____A (Oracle Corporation) C:\Users\Josh\Downloads\jre-7u10-windows-i586-iftw.exe

2012-12-27 18:58 - 2012-12-27 18:56 - 00004630 ____A C:\Windows\SysWOW64\jupdate-1.7.0_10-b18.log

2012-12-27 18:58 - 2011-04-13 15:28 - 00000000 ____D C:\Program Files (x86)\Java

2012-12-24 09:42 - 2011-11-06 14:09 - 00000000 ____A C:\Windows\System32\HP_ActiveX_Patch_NOT_DETECTED.txt

2012-12-16 09:11 - 2012-12-22 09:25 - 00046080 ____A (Adobe Systems) C:\Windows\System32\atmlib.dll

2012-12-16 06:45 - 2012-12-22 09:25 - 00367616 ____A (Adobe Systems Incorporated) C:\Windows\System32\atmfd.dll

2012-12-16 06:13 - 2012-12-22 09:25 - 00295424 ____A (Adobe Systems Incorporated) C:\Windows\SysWOW64\atmfd.dll

2012-12-16 06:13 - 2012-12-22 09:25 - 00034304 ____A (Adobe Systems) C:\Windows\SysWOW64\atmlib.dll

2012-12-15 21:00 - 2011-08-26 07:43 - 00000000 ____D C:\Users\Josh\AppData\Roaming\SoftGrid Client

2012-12-15 10:44 - 2011-09-28 19:03 - 00000000 ____D C:\Users\Josh\Songs

2012-12-15 10:43 - 2012-12-15 10:39 - 114934578 ____A C:\Users\Josh\Downloads\Kendrick Lamar - Section.80 - DOPEHOOD.COM.zip

2012-12-14 10:22 - 2009-07-13 19:20 - 00000000 ____D C:\Windows\rescache

==================== Known DLLs (Whitelisted) =================

==================== Bamital & volsnap Check =================

C:\Windows\System32\winlogon.exe => MD5 is legit

C:\Windows\System32\wininit.exe => MD5 is legit

C:\Windows\SysWOW64\wininit.exe => MD5 is legit

C:\Windows\explorer.exe => MD5 is legit

C:\Windows\SysWOW64\explorer.exe => MD5 is legit

C:\Windows\System32\svchost.exe => MD5 is legit

C:\Windows\SysWOW64\svchost.exe => MD5 is legit

C:\Windows\System32\services.exe => MD5 is legit

C:\Windows\System32\User32.dll => MD5 is legit

C:\Windows\SysWOW64\User32.dll => MD5 is legit

C:\Windows\System32\userinit.exe => MD5 is legit

C:\Windows\SysWOW64\userinit.exe => MD5 is legit

C:\Windows\System32\Drivers\volsnap.sys => MD5 is legit

==================== EXE ASSOCIATION =====================

HKLM\...\.exe: exefile => OK

HKLM\...\exefile\DefaultIcon: %1 => OK

HKLM\...\exefile\open\command: "%1" %* => OK

==================== Restore Points =========================

==================== Memory info ===========================

Percentage of memory in use: 17%

Total physical RAM: 3834.9 MB

Available physical RAM: 3146.8 MB

Total Pagefile: 3833.05 MB

Available Pagefile: 3140.11 MB

Total Virtual: 8192 MB

Available Virtual: 8191.9 MB

==================== Partitions =============================

1 Drive c: () (Fixed) (Total:450.77 GB) (Free:361.87 GB) NTFS ==>[system with boot components (obtained from reading drive)]

2 Drive e: (RECOVERY) (Fixed) (Total:14.7 GB) (Free:1.63 GB) NTFS ==>[system with boot components (obtained from reading drive)]

3 Drive f: (HP_TOOLS) (Fixed) (Total:0.1 GB) (Free:0.09 GB) FAT32

5 Drive h: (Lexar) (Removable) (Total:3.73 GB) (Free:3.73 GB) FAT32

6 Drive x: (Boot) (Fixed) (Total:0.25 GB) (Free:0.25 GB) NTFS

7 Drive y: (SYSTEM) (Fixed) (Total:0.19 GB) (Free:0.16 GB) NTFS ==>[system with boot components (obtained from reading drive)]

Disk ### Status Size Free Dyn Gpt

-------- ------------- ------- ------- --- ---

Disk 0 Online 465 GB 0 B

Disk 1 Online 3824 MB 0 B

Partitions of Disk 0:

===============

Partition ### Type Size Offset

------------- ---------------- ------- -------

Partition 1 Primary 199 MB 1024 KB

Partition 2 Primary 450 GB 200 MB

Partition 3 Primary 14 GB 450 GB

Partition 4 Primary 103 MB 465 GB

==================================================================================

Disk: 0

Partition 1

Type : 07

Hidden: No

Active: Yes

Volume ### Ltr Label Fs Type Size Status Info

---------- --- ----------- ----- ---------- ------- --------- --------

* Volume 1 Y SYSTEM NTFS Partition 199 MB Healthy

=========================================================

Disk: 0

Partition 2

Type : 07

Hidden: No

Active: No

Volume ### Ltr Label Fs Type Size Status Info

---------- --- ----------- ----- ---------- ------- --------- --------

* Volume 2 C NTFS Partition 450 GB Healthy

=========================================================

Disk: 0

Partition 3

Type : 07

Hidden: No

Active: No

Volume ### Ltr Label Fs Type Size Status Info

---------- --- ----------- ----- ---------- ------- --------- --------

* Volume 3 E RECOVERY NTFS Partition 14 GB Healthy

=========================================================

Disk: 0

Partition 4

Type : 0C

Hidden: No

Active: No

Volume ### Ltr Label Fs Type Size Status Info

---------- --- ----------- ----- ---------- ------- --------- --------

* Volume 4 F HP_TOOLS FAT32 Partition 103 MB Healthy

=========================================================

Partitions of Disk 1:

===============

Partition ### Type Size Offset

------------- ---------------- ------- -------

Partition 1 Primary 3823 MB 24 KB

==================================================================================

Disk: 1

Partition 1

Type : 0C

Hidden: No

Active: Yes

Volume ### Ltr Label Fs Type Size Status Info

---------- --- ----------- ----- ---------- ------- --------- --------

* Volume 5 H Lexar FAT32 Removable 3823 MB Healthy

=========================================================

Last Boot: 2012-12-15 22:28

==================== End Of Log =============================

Link to post
Share on other sites

  • Staff

Greetings and Welcome to The Forums!!

My name is Gringo and I'll be glad to help you with your malware problems.

I have put together somethings for you to keep in mind while I am helping you to make things go easier and faster for both of us


  • Please do not run any tools unless instructed to do so.
    • We ask you to run different tools in a specific order to ensure the malware is completely removed from your machine, and running any additional tools may detect false positives, interfere with our tools, or cause unforeseen damage or system instability.

    [*]Please do not attach logs or use code boxes, just copy and paste the text.

    • Due to the high volume of logs we receive it helps to receive everything in the same format, and code boxes make the logs very difficult to read. Also, attachments require us to download and open the reports when it is easier to just read the reports in your post.

    [*]Please read every post completely before doing anything.

    • Pay special attention to the NOTE: lines, these entries identify an individual issue or important step in the cleanup process.

    [*]Please provide feedback about your experience as we go.

    • A short statement describing how the computer is working helps us understand where to go next, for example: I am still getting redirected, the computer is running normally, etc. Please do not describe the computer as "the same", this requires the extra step of looking back at your previous post.

NOTE: At the top of your post, click on the Watch Topic Button, select Immediate Notification, and click on Proceed. This will send you an e-mail as soon as I reply to your topic, allowing us to resolve the issue faster.

NOTE: Backup any files that cannot be replaced. Removing malware can be unpredictable and this step can save a lot of heartaches if things don't go as planed. You can put them on a CD/DVD, external drive or a pen drive, anywhere except on the computer.

NOTE: It is good practice to copy and paste the instructions into notepad and print them in case it is necessary for you to go offline during the cleanup process. To open notepad, navigate to Start Menu > All Programs > Accessories > Notepad. Please remember to copy the entire post so you do not miss any instructions.

Open notepad. Please copy the contents of the code box below. To do this highlight the contents of the box and right click on it. Paste this into the open notepad. Save it on the flash drive as fixlist.txt


HKU\Josh\...\Run: [rlqvaknd] C:\Users\Josh\AppData\Roaming\unzhaza [x]
HKU\Josh\...\Policies\system: [DisableTaskMgr] 1
HKLM\...\Winlogon: [Shell] explorer.exe, C:\ProgramData\unzhaza [x ] ()
2013-01-13 12:28 - 2013-01-13 12:58 - 00189440 ____A (BitTech Co. Ltd.) C:\Users\Josh\AppData\Roaming\unzhaza.exe
2013-01-13 12:05 - 2013-01-13 12:58 - 00189440 ____A (BitTech Co. Ltd.) C:\Users\Josh\AppData\Local\unzhaza.exe
2013-01-13 12:05 - 2013-01-13 12:49 - 00189440 ____A (BitTech Co. Ltd.) C:\Users\All Users\unzhaza.exe

NOTICE: This script was written specifically for this user, for use on that particular machine. Running this on another machine may cause damage to your operating system

On Vista or Windows 7: Now please enter System Recovery Options.

Run FRST again like we did before but this time press the Fix button just once and wait.

The tool will make a log on the flash drive (Fixlog.txt) please post it to your reply.

Gringo

Link to post
Share on other sites

  • Staff

Greetings

I have not heard from you in a couple of days so I am coming by to check on you to see if you are having problems or you just need some more time.

Also to remind you that it is very important that we finish the process completely so as to not get reinfected. I will let you know when we are complete and I will ask to remove our tools

Gringo

Link to post
Share on other sites

Due to the lack of feedback this topic is closed to prevent others from posting here. If you need this topic reopened, please send a Private Message to any one of the moderating team members. Please include a link to this thread with your request. This applies only to the originator of this thread.

Other members who need assistance please start your own topic in a new thread. Thanks!

Link to post
Share on other sites

Guest
This topic is now closed to further replies.
  • Recently Browsing   0 members

    • No registered users viewing this page.
Back to top
×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.