Help required - redirects and trojans

  1. 10-01-2012  #11
    broni
    broni is offline Senior Member

    For x32 (x86) bit systems download Farbar Recovery Scan Tool and save it to your desktop.
    For x64 bit systems download Farbar Recovery Scan Tool x64 and save it to your desktop.

    • Double click on downloaded file to run it.
    • When the tool opens click Yes to disclaimer.
    • Press Scan button.
    • It will produce a log (FRST.txt) on your desktop.
    • Please copy and paste it to your reply.
  2. 10-01-2012  #12
    graywok
    graywok is offline Full Member
    FRST ran for 64 bit win7

    Scan result of Farbars's Recovery Tool (FRST written by farbar) Version 2.3.2
    Ran by Emzie at 2012-01-10 04:02:47
    Running from C:\Users\Emzie\Desktop
    (X64) OS Language: English(US)
    Attention: Could not load system hive.ERROR: The process cannot access the file because it is being used by another process.

    ========================== Registry (Whitelisted) =============

    HKLM\...\Winlogon: [Userinit]
    HKLM-x32\...\Winlogon: [Userinit]
    HKLM\...\Winlogon: [Shell]
    HKLM-x32\...\Winlogon: [Shell] [x x] ()

    ==================== Services (Whitelisted) ======


    ========================== Drivers (Whitelisted) =============


    ========================== NetSvcs (Whitelisted) ===========

    ============ One Month Created Files and Folders ==============

    2012-01-10 04:01 - 2012-01-10 03:59 - 1379209 ____A C:\Users\Emzie\Desktop\FRST64.exe
    2012-01-09 23:35 - 2012-01-09 23:43 - 0050430 ____A C:\Users\Emzie\Desktop\bootkit_remover_debug_log.t xt
    2012-01-09 23:34 - 2012-01-09 23:34 - 0000000 ____D C:\Users\Emzie\Desktop\bootkit_remover
    2012-01-09 23:32 - 2012-01-09 23:40 - 0078102 ____A C:\TDSSKiller.2.6.25.0_09.01.2012_23.32.02_log.txt
    2012-01-09 23:28 - 2012-01-09 23:31 - 0078102 ____A C:\TDSSKiller.2.6.25.0_09.01.2012_23.28.00_log.txt
    2012-01-09 23:26 - 2012-01-09 23:19 - 0044607 ____A C:\Users\Emzie\Desktop\bootkit_remover.zip
    2012-01-09 23:26 - 2012-01-09 23:18 - 1578288 ____A (Kaspersky Lab ZAO) C:\Users\Emzie\Desktop\tdsskiller.exe
    2012-01-09 20:14 - 2012-01-09 20:14 - 0065536 __ASH C:\Windows\System32\config\components{c577b01f-3939-11e1-a1f4-b167d6cbafe1}.TxR.blf
    2012-01-09 19:56 - 2012-01-09 19:56 - 0000000 __SHD C:\$RECYCLE.BIN
    2012-01-09 18:37 - 2012-01-09 18:37 - 0018036 ____A C:\Users\Emzie\Desktop\Combofix.txt
    2012-01-08 22:50 - 2012-01-08 22:50 - 0018036 ____A C:\ComboFix.txt
    2012-01-08 21:45 - 2011-06-26 06:45 - 0256000 ____A C:\Windows\PEV.exe
    2012-01-08 21:45 - 2010-11-07 17:20 - 0208896 ____A C:\Windows\MBR.exe
    2012-01-08 21:45 - 2009-04-20 04:56 - 0060416 ____A (NirSoft) C:\Windows\NIRCMD.exe
    2012-01-08 21:45 - 2000-08-31 00:00 - 0518144 ____A (SteelWerX) C:\Windows\SWREG.exe
    2012-01-08 21:45 - 2000-08-31 00:00 - 0406528 ____A (SteelWerX) C:\Windows\SWSC.exe
    2012-01-08 21:45 - 2000-08-31 00:00 - 0098816 ____A C:\Windows\sed.exe
    2012-01-08 21:45 - 2000-08-31 00:00 - 0080412 ____A C:\Windows\grep.exe
    2012-01-08 21:45 - 2000-08-31 00:00 - 0068096 ____A C:\Windows\zip.exe
    2012-01-08 21:44 - 2012-01-08 22:51 - 0000000 ____D C:\ComboFix
    2012-01-08 21:44 - 2012-01-08 22:33 - 0000000 ____D C:\Windows\ERDNT
    2012-01-08 21:43 - 2012-01-08 22:51 - 0000000 ____D C:\Qoobox
    2012-01-08 21:30 - 2012-01-08 21:27 - 1832544 ____A (McAfee, Inc.) C:\Users\Emzie\Desktop\MCPR.exe
    2012-01-08 21:23 - 2012-01-08 21:19 - 4374678 ____R (Swearware) C:\Users\Emzie\Desktop\ComboFix.exe
    2012-01-07 22:28 - 2012-01-07 22:28 - 0004684 ____A C:\Users\Emzie\Desktop\mbam-log-2011-11-01 (23-29-27).txt
    2012-01-07 21:58 - 2012-01-07 21:58 - 0006250 ____A C:\Users\Emzie\Desktop\Attach.txt
    2012-01-07 21:57 - 2012-01-07 21:57 - 0023825 ____A C:\Users\Emzie\Desktop\DDS.txt
    2012-01-07 21:45 - 2012-01-07 21:45 - 0001687 ____A C:\Users\Emzie\Desktop\aswMBR.txt
    2012-01-07 21:45 - 2012-01-07 21:45 - 0000512 ____A C:\Users\Emzie\Desktop\MBR.dat
    2012-01-07 21:43 - 2012-01-07 21:43 - 0000393 ____A C:\Users\Emzie\Desktop\gmer.log
    2012-01-07 20:39 - 2012-01-07 20:17 - 0607260 ____R (Swearware) C:\Users\Emzie\Desktop\dds.scr
    2012-01-07 20:39 - 2012-01-07 20:16 - 4713472 ____A (AVAST Software) C:\Users\Emzie\Desktop\aswMBR.exe
    2012-01-07 20:39 - 2011-07-16 22:21 - 0302592 ____A C:\Users\Emzie\Desktop\gmer.exe
    2012-01-07 15:16 - 2012-01-07 15:16 - 0015325 ____A C:\Users\Emzie\Desktop\hijackthis.log
    2012-01-07 14:11 - 2012-01-07 14:11 - 0001115 ____A C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
    2012-01-03 21:02 - 2012-01-03 21:02 - 0055296 ____A C:\Users\Emzie\Downloads\The Housing Market.doc
    2011-12-25 16:19 - 2011-12-25 16:19 - 0002117 ____A C:\Windows\IE9_main.log
    2011-12-25 16:17 - 2011-12-07 12:26 - 54867776 ____A (Microsoft Corporation) C:\Windows\System32\MRT.exe
    2011-12-25 16:17 - 2011-11-10 05:54 - 0157472 ____A (Sun Microsystems, Inc.) C:\Windows\SysWOW64\javaws.exe
    2011-12-25 16:17 - 2011-11-10 05:54 - 0149280 ____A (Sun Microsystems, Inc.) C:\Windows\SysWOW64\javaw.exe
    2011-12-25 16:17 - 2011-11-10 05:54 - 0149280 ____A (Sun Microsystems, Inc.) C:\Windows\SysWOW64\java.exe
    2011-12-25 16:15 - 2011-12-25 16:16 - 0005501 ____A C:\Windows\SysWOW64\jupdate-1.6.0_30-b12.log
    2011-12-25 16:12 - 2011-12-25 16:12 - 0000000 ____D C:\Windows\System32\EventProviders
    2011-12-14 18:41 - 2011-11-11 06:41 - 12370944 ____A (Microsoft Corporation) C:\Windows\System32\ieframe.dll
    2011-12-14 18:41 - 2011-11-11 05:50 - 10990080 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll
    2011-12-14 18:41 - 2011-11-05 05:26 - 1197568 ____A (Microsoft Corporation) C:\Windows\System32\wininet.dll
    2011-12-14 18:41 - 2011-11-05 05:23 - 9332736 ____A (Microsoft Corporation) C:\Windows\System32\mshtml.dll
    2011-12-14 18:41 - 2011-11-05 04:35 - 0981504 ____A (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll
    2011-12-14 18:41 - 2011-11-05 04:34 - 5997568 ____A (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
    2011-12-14 18:41 - 2011-10-26 05:19 - 0043520 ____A (Microsoft Corporation) C:\Windows\System32\csrsrv.dll
    2011-12-14 18:40 - 2011-11-24 05:00 - 3141632 ____A (Microsoft Corporation) C:\Windows\System32\win32k.sys
    2011-12-14 18:40 - 2011-11-11 06:41 - 0247808 ____A (Microsoft Corporation) C:\Windows\System32\ieui.dll
    2011-12-14 18:40 - 2011-11-11 05:50 - 0176640 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll
    2011-12-14 18:40 - 2011-11-05 05:26 - 1501184 ____A (Microsoft Corporation) C:\Windows\System32\urlmon.dll
    2011-12-14 18:40 - 2011-11-05 05:26 - 0134144 ____A (Microsoft Corporation) C:\Windows\System32\url.dll
    2011-12-14 18:40 - 2011-11-05 05:23 - 1026560 ____A (Microsoft Corporation) C:\Windows\System32\mstime.dll
    2011-12-14 18:40 - 2011-11-05 05:23 - 0703488 ____A (Microsoft Corporation) C:\Windows\System32\msfeeds.dll
    2011-12-14 18:40 - 2011-11-05 05:23 - 0097280 ____A (Microsoft Corporation) C:\Windows\System32\mshtmled.dll
    2011-12-14 18:40 - 2011-11-05 05:23 - 0082944 ____A (Microsoft Corporation) C:\Windows\System32\msfeedsbs.dll
    2011-12-14 18:40 - 2011-11-05 05:23 - 0057856 ____A (Microsoft Corporation) C:\Windows\System32\licmgr10.dll
    2011-12-14 18:40 - 2011-11-05 05:22 - 2458624 ____A (Microsoft Corporation) C:\Windows\System32\iertutil.dll
    2011-12-14 18:40 - 2011-11-05 05:22 - 0445952 ____A (Microsoft Corporation) C:\Windows\System32\iedkcs32.dll
    2011-12-14 18:40 - 2011-11-05 05:22 - 0256000 ____A (Microsoft Corporation) C:\Windows\System32\iepeers.dll
    2011-12-14 18:40 - 2011-11-05 05:22 - 0064512 ____A (Microsoft Corporation) C:\Windows\System32\jsproxy.dll
    2011-12-14 18:40 - 2011-11-05 05:19 - 0012288 ____A (Microsoft Corporation) C:\Windows\System32\msfeedssync.exe
    2011-12-14 18:40 - 2011-11-05 05:17 - 0002048 ____A (Microsoft Corporation) C:\Windows\System32\tzres.dll
    2011-12-14 18:40 - 2011-11-05 04:35 - 1230336 ____A (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll
    2011-12-14 18:40 - 2011-11-05 04:35 - 0132096 ____A (Microsoft Corporation) C:\Windows\SysWOW64\url.dll
    2011-12-14 18:40 - 2011-11-05 04:34 - 2072576 ____A (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll
    2011-12-14 18:40 - 2011-11-05 04:34 - 0606208 ____A (Microsoft Corporation) C:\Windows\SysWOW64\mstime.dll
    2011-12-14 18:40 - 2011-11-05 04:34 - 0599552 ____A (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll
    2011-12-14 18:40 - 2011-11-05 04:34 - 0185856 ____A (Microsoft Corporation) C:\Windows\SysWOW64\iepeers.dll
    2011-12-14 18:40 - 2011-11-05 04:34 - 0067072 ____A (Microsoft Corporation) C:\Windows\SysWOW64\mshtmled.dll
    2011-12-14 18:40 - 2011-11-05 04:34 - 0064512 ____A (Microsoft Corporation) C:\Windows\SysWOW64\msfeedsbs.dll
    2011-12-14 18:40 - 2011-11-05 04:34 - 0048128 ____A (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll
    2011-12-14 18:40 - 2011-11-05 04:34 - 0044544 ____A (Microsoft Corporation) C:\Windows\SysWOW64\licmgr10.dll
    2011-12-14 18:40 - 2011-11-05 04:33 - 0381440 ____A (Microsoft Corporation) C:\Windows\SysWOW64\iedkcs32.dll
    2011-12-14 18:40 - 2011-11-05 04:32 - 0012800 ____A (Microsoft Corporation) C:\Windows\SysWOW64\msfeedssync.exe
    2011-12-14 18:40 - 2011-11-05 04:30 - 0002048 ____A (Microsoft Corporation) C:\Windows\SysWOW64\tzres.dll
    2011-12-14 18:40 - 2011-11-05 04:07 - 0482816 ____A (Microsoft Corporation) C:\Windows\System32\html.iec
    2011-12-14 18:40 - 2011-11-05 03:28 - 0386048 ____A (Microsoft Corporation) C:\Windows\SysWOW64\html.iec
    2011-12-14 18:40 - 2011-11-05 03:25 - 1638912 ____A (Microsoft Corporation) C:\Windows\System32\mshtml.tlb
    2011-12-14 18:40 - 2011-11-05 02:55 - 1638912 ____A (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb
    2011-12-14 18:40 - 2011-10-15 06:25 - 0723456 ____A (Microsoft Corporation) C:\Windows\System32\EncDec.dll
    2011-12-14 18:40 - 2011-10-15 05:48 - 0534528 ____A (Microsoft Corporation) C:\Windows\SysWOW64\EncDec.dll


    ============ 3 Months Modified Files and Folders =============

    2012-01-10 04:03 - 2012-01-10 04:02 - 0000000 ____D C:\FRST
    2012-01-10 03:59 - 2012-01-10 04:01 - 1379209 ____A C:\Users\Emzie\Desktop\FRST64.exe
    2012-01-10 03:58 - 2011-09-05 14:10 - 0000928 ____A C:\Windows\Tasks\FacebookUpdateTaskUserS-1-5-21-2604660202-2106518849-2539510468-1001UA.job
    2012-01-10 03:58 - 2011-06-22 17:45 - 0000908 ____A C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-2604660202-2106518849-2539510468-1001UA.job
    2012-01-09 23:50 - 2010-09-30 16:31 - 1918119 ____A C:\Windows\WindowsUpdate.log
    2012-01-09 23:43 - 2012-01-09 23:35 - 0050430 ____A C:\Users\Emzie\Desktop\bootkit_remover_debug_log.t xt
    2012-01-09 23:40 - 2012-01-09 23:32 - 0078102 ____A C:\TDSSKiller.2.6.25.0_09.01.2012_23.32.02_log.txt
    2012-01-09 23:34 - 2012-01-09 23:34 - 0000000 ____D C:\Users\Emzie\Desktop\bootkit_remover
    2012-01-09 23:31 - 2012-01-09 23:28 - 0078102 ____A C:\TDSSKiller.2.6.25.0_09.01.2012_23.28.00_log.txt
    2012-01-09 23:19 - 2012-01-09 23:26 - 0044607 ____A C:\Users\Emzie\Desktop\bootkit_remover.zip
    2012-01-09 23:18 - 2012-01-09 23:26 - 1578288 ____A (Kaspersky Lab ZAO) C:\Users\Emzie\Desktop\tdsskiller.exe
    2012-01-09 20:53 - 2010-12-14 19:51 - 0000000 ____D C:\Users\Emzie\AppData\Roaming\Skype
    2012-01-09 20:53 - 2010-12-05 13:19 - 0000000 ____D C:\Program Files (x86)\Spotify
    2012-01-09 20:53 - 2010-09-30 17:30 - 0000000 ____D C:\Users\All Users\Skype
    2012-01-09 20:53 - 2010-09-30 17:30 - 0000000 ____D C:\ProgramData\Skype
    2012-01-09 20:40 - 2009-07-14 04:45 - 0013872 ____A C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
    2012-01-09 20:40 - 2009-07-14 04:45 - 0013872 ____A C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
    2012-01-09 20:33 - 2011-03-18 21:10 - 0025184 ____A C:\Windows\setupact.log
    2012-01-09 20:33 - 2010-12-01 08:25 - 0000071 ____A C:\Windows\SysWOW64\ToasterLauncherLog.log
    2012-01-09 20:33 - 2010-11-30 20:58 - 0000000 ____D C:\Users\Emzie\AppData\Local\SoftThinks
    2012-01-09 20:33 - 2010-09-30 17:29 - 0000000 ____D C:\Program Files (x86)\Dell DataSafe Local Backup
    2012-01-09 20:33 - 2009-07-14 05:08 - 0000006 ___AH C:\Windows\Tasks\SA.DAT
    2012-01-09 20:32 - 2010-09-30 16:25 - 2307932160 __ASH C:\hiberfil.sys
    2012-01-09 20:14 - 2012-01-09 20:14 - 0065536 __ASH C:\Windows\System32\config\components{c577b01f-3939-11e1-a1f4-b167d6cbafe1}.TxR.blf
    2012-01-09 19:56 - 2012-01-09 19:56 - 0000000 __SHD C:\$RECYCLE.BIN
    2012-01-09 19:55 - 2010-09-30 17:26 - 0141236 ____A C:\Windows\PFRO.log
    2012-01-09 18:39 - 2011-09-05 14:10 - 0000906 ____A C:\Windows\Tasks\FacebookUpdateTaskUserS-1-5-21-2604660202-2106518849-2539510468-1001Core.job
    2012-01-09 18:37 - 2012-01-09 18:37 - 0018036 ____A C:\Users\Emzie\Desktop\Combofix.txt
    2012-01-09 18:37 - 2011-06-22 17:45 - 0000856 ____A C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-2604660202-2106518849-2539510468-1001Core.job
    2012-01-08 22:51 - 2012-01-08 21:44 - 0000000 ____D C:\ComboFix
    2012-01-08 22:51 - 2012-01-08 21:43 - 0000000 ____D C:\Qoobox
    2012-01-08 22:51 - 2009-07-14 03:20 - 0000000 ___RD C:\users\Public
    2012-01-08 22:51 - 2009-07-14 03:20 - 0000000 ___RD C:\users\Default
    2012-01-08 22:50 - 2012-01-08 22:50 - 0018036 ____A C:\ComboFix.txt
    2012-01-08 22:33 - 2012-01-08 21:44 - 0000000 ____D C:\Windows\ERDNT
    2012-01-08 22:29 - 2009-07-14 02:34 - 0000215 ____A C:\Windows\system.ini
    2012-01-08 22:28 - 2009-07-14 02:34 - 0000027 ____A C:\Windows\System32\Drivers\etc\hosts
    2012-01-08 22:25 - 2010-11-30 20:58 - 0000000 ____D C:\users\Emzie
    2012-01-08 21:27 - 2012-01-08 21:30 - 1832544 ____A (McAfee, Inc.) C:\Users\Emzie\Desktop\MCPR.exe
    2012-01-08 21:19 - 2012-01-08 21:23 - 4374678 ____R (Swearware) C:\Users\Emzie\Desktop\ComboFix.exe
    2012-01-07 22:28 - 2012-01-07 22:28 - 0004684 ____A C:\Users\Emzie\Desktop\mbam-log-2011-11-01 (23-29-27).txt
    2012-01-07 21:58 - 2012-01-07 21:58 - 0006250 ____A C:\Users\Emzie\Desktop\Attach.txt
    2012-01-07 21:57 - 2012-01-07 21:57 - 0023825 ____A C:\Users\Emzie\Desktop\DDS.txt
    2012-01-07 21:45 - 2012-01-07 21:45 - 0001687 ____A C:\Users\Emzie\Desktop\aswMBR.txt
    2012-01-07 21:45 - 2012-01-07 21:45 - 0000512 ____A C:\Users\Emzie\Desktop\MBR.dat
    2012-01-07 21:43 - 2012-01-07 21:43 - 0000393 ____A C:\Users\Emzie\Desktop\gmer.log
    2012-01-07 20:39 - 2009-07-14 05:13 - 0747500 ____A C:\Windows\System32\PerfStringBackup.INI
    2012-01-07 20:17 - 2012-01-07 20:39 - 0607260 ____R (Swearware) C:\Users\Emzie\Desktop\dds.scr
    2012-01-07 20:16 - 2012-01-07 20:39 - 4713472 ____A (AVAST Software) C:\Users\Emzie\Desktop\aswMBR.exe
    2012-01-07 15:24 - 2011-11-01 18:11 - 0603474 ____A C:\Windows\ntbtlog.txt
    2012-01-07 15:16 - 2012-01-07 15:16 - 0015325 ____A C:\Users\Emzie\Desktop\hijackthis.log
    2012-01-07 14:18 - 2011-06-22 17:46 - 0002405 ____A C:\Users\Emzie\Desktop\Google Chrome.lnk
    2012-01-07 14:13 - 2011-11-01 22:33 - 0000000 ____D C:\Program Files (x86)\Malwarebytes' Anti-Malware
    2012-01-07 14:11 - 2012-01-07 14:11 - 0001115 ____A C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
    2012-01-03 21:02 - 2012-01-03 21:02 - 0055296 ____A C:\Users\Emzie\Downloads\The Housing Market.doc
    2011-12-28 12:54 - 2009-07-14 05:08 - 0032608 ____A C:\Windows\Tasks\SCHEDLGU.TXT
    2011-12-25 16:19 - 2011-12-25 16:19 - 0002117 ____A C:\Windows\IE9_main.log
    2011-12-25 16:16 - 2011-12-25 16:15 - 0005501 ____A C:\Windows\SysWOW64\jupdate-1.6.0_30-b12.log
    2011-12-25 16:16 - 2010-12-01 10:21 - 0000000 ____D C:\Program Files (x86)\Java
    2011-12-25 16:12 - 2011-12-25 16:12 - 0000000 ____D C:\Windows\System32\EventProviders
    2011-12-25 16:08 - 2011-09-08 17:52 - 0000000 ___RD C:\Users\Emzie\Dropbox
    2011-12-25 16:08 - 2011-09-08 17:50 - 0000000 ____D C:\Users\Emzie\AppData\Roaming\Dropbox
    2011-12-21 16:22 - 2011-03-29 19:52 - 0000000 ____D C:\Program Files (x86)\Mozilla Firefox
    2011-12-18 20:08 - 2010-12-05 19:57 - 0000000 ____D C:\Users\All Users\Microsoft Help
    2011-12-18 20:08 - 2010-12-05 19:57 - 0000000 ____D C:\ProgramData\Microsoft Help
    2011-12-16 08:00 - 2009-07-14 03:20 - 0000000 ____D C:\Windows\rescache
    2011-12-15 07:07 - 2009-07-14 04:45 - 0419064 ____A C:\Windows\System32\FNTCACHE.DAT
    2011-12-14 07:40 - 2010-09-30 16:45 - 0000000 ____D C:\Program Files (x86)\Windows Live
    2011-12-10 15:24 - 2011-11-01 22:33 - 0023152 ____A (Malwarebytes Corporation) C:\Windows\System32\Drivers\mbam.sys
    2011-12-08 19:27 - 2011-12-08 19:27 - 0000000 ____D C:\Windows\System32\Macromed
    2011-12-08 19:27 - 2009-07-14 05:32 - 0000000 ____D C:\Windows\Downloaded Program Files
    2011-12-07 12:26 - 2011-12-25 16:17 - 54867776 ____A (Microsoft Corporation) C:\Windows\System32\MRT.exe
    2011-12-06 20:49 - 2010-11-30 21:15 - 0000000 ____D C:\Users\Emzie\Tracing
    2011-12-02 07:24 - 2011-12-01 08:01 - 3499415 ____A C:\Users\Emzie\Downloads\Kiss the rain - Bella's lullaby (Twilight).mp3
    2011-12-02 07:24 - 2011-12-01 08:00 - 2802259 ____A C:\Users\Emzie\Downloads\Bella's Lullaby (Twilight Soundtrack Version Official ).mp3
    2011-12-02 07:24 - 2011-12-01 07:58 - 3043003 ____A C:\Users\Emzie\Downloads\Edward Cullen - BELLA's LULLABY _ RIVER FLOWS IN YOU (download link_sheet music in description).mp3
    2011-11-30 19:55 - 2011-11-30 19:55 - 0012598 ____A C:\Users\Emzie\Documents\twiiiiilight.docx
    2011-11-30 19:55 - 2011-11-30 19:55 - 0000162 ___AH C:\Users\Emzie\Documents\~$iiiiilight.docx
    2011-11-30 07:54 - 2011-11-23 20:15 - 0000000 ____D C:\Users\Emzie\AppData\Local\lewqylml
    2011-11-29 15:12 - 2011-11-24 18:14 - 0000000 ____A C:\Users\Emzie\AppData\Local\saafwmse.log
    2011-11-29 15:12 - 2011-11-23 20:15 - 0000024 ____A C:\Users\Emzie\AppData\Local\ulrxkneb.log
    2011-11-29 15:10 - 2011-11-23 20:21 - 1059779 ____A C:\Users\Emzie\AppData\Local\wyobagjq.log
    2011-11-28 18:43 - 2011-08-08 18:45 - 0434176 ____A (e-academy Inc.) C:\Users\Emzie\Downloads\Microsoft_Office_Professi onal_Plus_2010_64bit_(English).exe
    2011-11-28 18:42 - 2011-08-08 18:39 - 0434176 ____A (e-academy Inc.) C:\Users\Emzie\Downloads\Business_Contact_Manager_ 2010_64-bit_(English).exe
    2011-11-28 16:10 - 2011-11-23 20:20 - 0148314 ____A C:\Users\Emzie\AppData\Local\jtjvqcqr.log
    2011-11-28 16:10 - 2011-11-23 20:20 - 0001634 ____A C:\Users\Emzie\AppData\Local\hboncfgc.log
    2011-11-28 16:10 - 2011-11-23 20:15 - 0338624 ____A C:\Users\Emzie\AppData\Local\vcvlgkix.log
    2011-11-27 19:26 - 2011-11-27 19:26 - 0360448 ____A C:\Users\Emzie\Downloads\Attachment 1 - formation.ppt
    2011-11-27 19:26 - 2011-11-27 19:26 - 0174592 ____A C:\Users\Emzie\Downloads\Attachment 6 - Bowlby.ppt
    2011-11-27 19:19 - 2011-11-27 19:18 - 1902592 ____A C:\Users\Emzie\Downloads\Attachment 14 Daycare and social development.ppt
    2011-11-25 20:31 - 2011-11-23 20:20 - 0003198 ____A C:\Users\Emzie\AppData\Local\niclslqp.log
    2011-11-24 05:00 - 2011-12-14 18:40 - 3141632 ____A (Microsoft Corporation) C:\Windows\System32\win32k.sys
    2011-11-23 20:20 - 2011-11-23 20:20 - 0000000 ____A C:\Users\Emzie\AppData\Local\qluwykku.log
    2011-11-23 20:19 - 2011-11-23 20:19 - 0004001 ____A C:\Users\Emzie\AppData\Local\aumsmgur.log
    2011-11-23 17:17 - 2011-11-03 17:09 - 0000000 ____D C:\Users\All Users\AVG2012
    2011-11-23 17:17 - 2011-11-03 17:09 - 0000000 ____D C:\ProgramData\AVG2012
    2011-11-19 15:39 - 2011-11-19 15:39 - 0011542 ____A C:\Windows\SysWOW64\commonpriv.log
    2011-11-19 15:39 - 2011-11-19 15:39 - 0000000 ____A C:\Windows\SysWOW64\commonpriv.log.lock
    2011-11-19 15:37 - 2011-11-19 15:36 - 0014800 ____A C:\Windows\SysWOW64\avgui.log
    2011-11-19 15:37 - 2011-11-19 15:35 - 0191794 ____A C:\Users\Emzie\Desktop\commonpriv.log
    2011-11-19 15:36 - 2011-11-19 15:36 - 0002770 ____A C:\Windows\SysWOW64\avgtray_idp_Emzie.log
    2011-11-19 15:36 - 2011-11-19 15:36 - 0000442 ____A C:\Windows\SysWOW64\commonpub.log
    2011-11-19 15:36 - 2011-11-19 15:36 - 0000000 ____A C:\Windows\SysWOW64\commonpub.log.lock
    2011-11-19 15:36 - 2011-11-19 15:36 - 0000000 ____A C:\Windows\SysWOW64\avgtray_idp_Emzie.log.lock
    2011-11-19 15:36 - 2011-11-03 17:04 - 0000000 ____D C:\Users\All Users\MFAData
    2011-11-19 15:36 - 2011-11-03 17:04 - 0000000 ____D C:\ProgramData\MFAData
    2011-11-19 15:35 - 2011-11-19 15:35 - 0000000 ____A C:\Users\Emzie\Desktop\commonpriv.log.lock
    2011-11-19 15:09 - 2011-11-19 15:09 - 0000000 ____D C:\Users\Emzie\AppData\Roaming\AVG2012
    2011-11-19 14:21 - 2011-11-03 17:10 - 0000000 ____D C:\Program Files (x86)\Spybot - Search & Destroy
    2011-11-19 14:13 - 2011-11-19 14:13 - 0002975 ____A C:\Users\Emzie\Desktop\HiJackThis.lnk
    2011-11-19 14:13 - 2011-11-19 14:13 - 0000000 ____D C:\Program Files (x86)\Trend Micro
    2011-11-19 12:04 - 2011-11-03 17:09 - 0000000 ____D C:\Windows\System32\Drivers\AVG
    2011-11-17 07:23 - 2011-11-17 07:23 - 0201782 ____A C:\Users\Emzie\Downloads\PSYA1 Jan 2010.pdf
    2011-11-16 21:03 - 2011-11-10 12:23 - 0779743 ____A C:\Users\Emzie\Downloads\Consequences of Spotify.pptx
    2011-11-15 22:40 - 2009-07-14 03:20 - 0000000 ____D C:\Program Files\Common Files\System
    2011-11-15 22:40 - 2009-07-14 02:34 - 0000478 ____A C:\Windows\win.ini
    2011-11-15 22:39 - 2011-11-15 22:39 - 0000000 ____D C:\Users\Default\AppData\Local\Microsoft Help
    2011-11-15 22:39 - 2011-11-15 22:39 - 0000000 ____D C:\Users\Default User\AppData\Local\Microsoft Help
    2011-11-15 21:30 - 2011-11-15 21:30 - 0295936 ____A C:\Users\Emzie\Downloads\Safety and Security of ICT systems work for 101111.ppt
    2011-11-11 06:41 - 2011-12-14 18:41 - 12370944 ____A (Microsoft Corporation) C:\Windows\System32\ieframe.dll
    2011-11-11 06:41 - 2011-12-14 18:40 - 0247808 ____A (Microsoft Corporation) C:\Windows\System32\ieui.dll
    2011-11-11 05:50 - 2011-12-14 18:41 - 10990080 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll
    2011-11-11 05:50 - 2011-12-14 18:40 - 0176640 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll
    2011-11-10 18:30 - 2011-11-10 12:23 - 0185326 ____A C:\Users\Emzie\Downloads\Changes that IT has made - presentation.pptx
    2011-11-10 05:54 - 2011-12-25 16:17 - 0157472 ____A (Sun Microsystems, Inc.) C:\Windows\SysWOW64\javaws.exe
    2011-11-10 05:54 - 2011-12-25 16:17 - 0149280 ____A (Sun Microsystems, Inc.) C:\Windows\SysWOW64\javaw.exe
    2011-11-10 05:54 - 2011-12-25 16:17 - 0149280 ____A (Sun Microsystems, Inc.) C:\Windows\SysWOW64\java.exe
    2011-11-10 05:54 - 2010-12-01 10:21 - 0472808 ____A (Sun Microsystems, Inc.) C:\Windows\SysWOW64\deployJava1.dll
    2011-11-05 05:26 - 2011-12-14 18:41 - 1197568 ____A (Microsoft Corporation) C:\Windows\System32\wininet.dll
    2011-11-05 05:26 - 2011-12-14 18:40 - 1501184 ____A (Microsoft Corporation) C:\Windows\System32\urlmon.dll
    2011-11-05 05:26 - 2011-12-14 18:40 - 0134144 ____A (Microsoft Corporation) C:\Windows\System32\url.dll
    2011-11-05 05:23 - 2011-12-14 18:41 - 9332736 ____A (Microsoft Corporation) C:\Windows\System32\mshtml.dll
    2011-11-05 05:23 - 2011-12-14 18:40 - 1026560 ____A (Microsoft Corporation) C:\Windows\System32\mstime.dll
    2011-11-05 05:23 - 2011-12-14 18:40 - 0703488 ____A (Microsoft Corporation) C:\Windows\System32\msfeeds.dll
    2011-11-05 05:23 - 2011-12-14 18:40 - 0097280 ____A (Microsoft Corporation) C:\Windows\System32\mshtmled.dll
    2011-11-05 05:23 - 2011-12-14 18:40 - 0082944 ____A (Microsoft Corporation) C:\Windows\System32\msfeedsbs.dll
    2011-11-05 05:23 - 2011-12-14 18:40 - 0057856 ____A (Microsoft Corporation) C:\Windows\System32\licmgr10.dll
    2011-11-05 05:22 - 2011-12-14 18:40 - 2458624 ____A (Microsoft Corporation) C:\Windows\System32\iertutil.dll
    2011-11-05 05:22 - 2011-12-14 18:40 - 0445952 ____A (Microsoft Corporation) C:\Windows\System32\iedkcs32.dll
    2011-11-05 05:22 - 2011-12-14 18:40 - 0256000 ____A (Microsoft Corporation) C:\Windows\System32\iepeers.dll
    2011-11-05 05:22 - 2011-12-14 18:40 - 0064512 ____A (Microsoft Corporation) C:\Windows\System32\jsproxy.dll
    2011-11-05 05:19 - 2011-12-14 18:40 - 0012288 ____A (Microsoft Corporation) C:\Windows\System32\msfeedssync.exe
    2011-11-05 05:17 - 2011-12-14 18:40 - 0002048 ____A (Microsoft Corporation) C:\Windows\System32\tzres.dll
    2011-11-05 04:35 - 2011-12-14 18:41 - 0981504 ____A (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll
    2011-11-05 04:35 - 2011-12-14 18:40 - 1230336 ____A (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll
    2011-11-05 04:35 - 2011-12-14 18:40 - 0132096 ____A (Microsoft Corporation) C:\Windows\SysWOW64\url.dll
    2011-11-05 04:34 - 2011-12-14 18:41 - 5997568 ____A (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
    2011-11-05 04:34 - 2011-12-14 18:40 - 2072576 ____A (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll
    2011-11-05 04:34 - 2011-12-14 18:40 - 0606208 ____A (Microsoft Corporation) C:\Windows\SysWOW64\mstime.dll
    2011-11-05 04:34 - 2011-12-14 18:40 - 0599552 ____A (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll
    2011-11-05 04:34 - 2011-12-14 18:40 - 0185856 ____A (Microsoft Corporation) C:\Windows\SysWOW64\iepeers.dll
    2011-11-05 04:34 - 2011-12-14 18:40 - 0067072 ____A (Microsoft Corporation) C:\Windows\SysWOW64\mshtmled.dll
    2011-11-05 04:34 - 2011-12-14 18:40 - 0064512 ____A (Microsoft Corporation) C:\Windows\SysWOW64\msfeedsbs.dll
    2011-11-05 04:34 - 2011-12-14 18:40 - 0048128 ____A (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll
    2011-11-05 04:34 - 2011-12-14 18:40 - 0044544 ____A (Microsoft Corporation) C:\Windows\SysWOW64\licmgr10.dll
    2011-11-05 04:33 - 2011-12-14 18:40 - 0381440 ____A (Microsoft Corporation) C:\Windows\SysWOW64\iedkcs32.dll
    2011-11-05 04:32 - 2011-12-14 18:40 - 0012800 ____A (Microsoft Corporation) C:\Windows\SysWOW64\msfeedssync.exe
    2011-11-05 04:30 - 2011-12-14 18:40 - 0002048 ____A (Microsoft Corporation) C:\Windows\SysWOW64\tzres.dll
    2011-11-05 04:07 - 2011-12-14 18:40 - 0482816 ____A (Microsoft Corporation) C:\Windows\System32\html.iec
    2011-11-05 03:28 - 2011-12-14 18:40 - 0386048 ____A (Microsoft Corporation) C:\Windows\SysWOW64\html.iec
    2011-11-05 03:25 - 2011-12-14 18:40 - 1638912 ____A (Microsoft Corporation) C:\Windows\System32\mshtml.tlb
    2011-11-05 02:55 - 2011-12-14 18:40 - 1638912 ____A (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb
    2011-11-03 20:33 - 2011-11-03 17:10 - 0000000 ____D C:\Users\All Users\Spybot - Search & Destroy
    2011-11-03 20:33 - 2011-11-03 17:10 - 0000000 ____D C:\ProgramData\Spybot - Search & Destroy
    2011-11-03 17:12 - 2010-11-30 20:58 - 0000000 ____D C:\Users\Emzie\AppData\LocalLow
    2011-11-03 17:11 - 2011-11-03 17:11 - 0000000 ____D C:\Windows\SysWOW64\Drivers\AVG
    2011-11-03 17:10 - 2011-11-03 17:10 - 0001264 ____A C:\Users\Emzie\Desktop\Spybot - Search & Destroy.lnk
    2011-11-03 17:08 - 2011-11-03 17:08 - 16409960 ____A (Safer Networking Limited ) C:\Users\Emzie\Downloads\spybotsd162.exe
    2011-11-03 17:07 - 2011-11-03 17:07 - 0000000 ____D C:\Program Files (x86)\AVG
    2011-11-03 16:30 - 2010-09-30 16:59 - 0000000 ____D C:\Program Files (x86)\Adobe
    2011-11-03 16:27 - 2010-11-30 20:59 - 0109904 ____A C:\Users\Emzie\AppData\Local\GDIPFONTCACHEV1.DAT
    2011-11-01 22:33 - 2011-11-01 22:33 - 0000000 ____D C:\Users\Emzie\AppData\Roaming\Malwarebytes
    2011-11-01 22:33 - 2011-11-01 22:33 - 0000000 ____D C:\Users\All Users\Malwarebytes
    2011-11-01 22:33 - 2011-11-01 22:33 - 0000000 ____D C:\ProgramData\Malwarebytes
    2011-11-01 22:33 - 2011-11-01 22:32 - 9852544 ____A (Malwarebytes Corporation ) C:\Users\Emzie\Downloads\mbam-setup-1.51.2.1300.exe
    2011-11-01 19:21 - 2011-11-01 19:21 - 0001918 ____A C:\TDSSKiller.2.6.14.0_01.11.2011_19.21.51_log.txt
    2011-11-01 19:19 - 2011-11-01 19:19 - 0509440 ____A (iS3, Inc.) C:\Users\Emzie\Downloads\STOPzilla_Setup.exe
    2011-11-01 19:14 - 2011-11-01 19:12 - 0079180 ____A C:\TDSSKiller.2.6.14.0_01.11.2011_19.12.11_log.txt
    2011-11-01 19:11 - 2011-11-01 19:11 - 1564464 ____A (Kaspersky Lab ZAO) C:\Users\Emzie\Downloads\tdsskiller.exe
    2011-10-30 15:02 - 2009-07-14 03:20 - 0000000 ____D C:\Windows\System32\NDF
    2011-10-26 05:19 - 2011-12-14 18:41 - 0043520 ____A (Microsoft Corporation) C:\Windows\System32\csrsrv.dll
    2011-10-24 10:35 - 2011-10-24 10:35 - 0019456 ____A C:\Users\Emzie\Documents\registration no. nw.docx
    2011-10-21 00:11 - 2009-07-14 03:20 - 0000000 ____D C:\Windows\AppCompat
    2011-10-21 00:10 - 2009-07-14 03:20 - 0000000 ____D C:\Windows\registration
    2011-10-20 18:20 - 2011-10-20 18:20 - 0034304 ____A C:\Users\Emzie\Downloads\CARB CYCLING.doc
    2011-10-20 18:12 - 2009-07-14 03:20 - 0000000 ____D C:\Windows\System32\config\TxR
    2011-10-20 17:50 - 2011-10-20 17:46 - 0000000 ___SD C:\Users\TEMP\AppData\LocalLow
    2011-10-19 22:20 - 2011-10-19 22:20 - 4383744 ____A C:\Users\Emzie\Downloads\web_proxy_traces.doc
    2011-10-15 06:25 - 2011-12-14 18:40 - 0723456 ____A (Microsoft Corporation) C:\Windows\System32\EncDec.dll
    2011-10-15 05:48 - 2011-12-14 18:40 - 0534528 ____A (Microsoft Corporation) C:\Windows\SysWOW64\EncDec.dll
    2011-10-15 05:37 - 2011-10-15 05:35 - 4268885 ____A C:\Users\Emzie\Downloads\Charlie Simpson - Riverbanks.mp3
    2011-10-15 05:37 - 2011-10-15 05:34 - 4161887 ____A C:\Users\Emzie\Downloads\Charlie Simpson - If I Lose It (Young Pilgrim) [Lyrics].mp3
    2011-10-15 05:37 - 2011-10-15 05:33 - 3733061 ____A C:\Users\Emzie\Downloads\Charlie Simpson - Hold On (Young Pilgrim) [Lyrics].mp3
    2011-10-15 05:37 - 2011-10-15 05:33 - 3534112 ____A C:\Users\Emzie\Downloads\Charlie Simpson - I Need A Friend Tonight.mp3
    2011-10-15 05:37 - 2011-10-15 05:33 - 3203507 ____A C:\Users\Emzie\Downloads\Charlie Simpson - Suburbs.mp3
    2011-10-15 05:36 - 2011-10-15 05:35 - 3409979 ____A C:\Users\Emzie\Downloads\Charlie Simpson - Don't I hold You (HD).mp3
    2011-10-15 05:36 - 2011-10-15 05:34 - 3706730 ____A C:\Users\Emzie\Downloads\Farmer And His Gun.mp3
    2011-10-15 05:36 - 2011-10-15 05:34 - 3417058 ____A C:\Users\Emzie\Downloads\Sundown - Charlie Simpson.mp3
    2011-10-15 05:31 - 2011-10-15 05:29 - 3426697 ____A C:\Users\Emzie\Downloads\Charlie Simpson - Cemetery.mp3
    2011-10-15 05:31 - 2011-10-15 05:29 - 3138305 ____A C:\Users\Emzie\Downloads\Charlie Simpson - All At Once.mp3
    2011-10-15 05:31 - 2011-10-15 05:28 - 3431294 ____A C:\Users\Emzie\Downloads\Charlie Simpson 'Parachutes' OFFICIAL VIDEO.mp3
    2011-10-15 05:31 - 2011-10-15 05:27 - 3080601 ____A C:\Users\Emzie\Downloads\Down Down Down - Charlie Simpson.mp3
    2011-10-15 05:31 - 2011-10-15 05:26 - 3272470 ____A C:\Users\Emzie\Downloads\Charlie Simpson - Dead Man Walking.mp3
    2011-10-15 05:31 - 2011-10-15 05:25 - 3473090 ____A C:\Users\Emzie\Downloads\Charlie Simpson - Skin and Bones.mp3
    2011-10-15 05:31 - 2011-10-15 05:24 - 3804114 ____A C:\Users\Emzie\Downloads\Charlie Simpson - Thorns.mp3
    2011-10-15 05:21 - 2011-11-02 16:21 - 0001785 ____A C:\Users\Public\Desktop\iTunes.lnk
    2011-10-15 05:21 - 2011-10-15 05:19 - 0000000 ____D C:\Program Files\iTunes
    2011-10-15 05:21 - 2011-10-15 05:19 - 0000000 ____D C:\Program Files (x86)\iTunes
    2011-10-15 05:19 - 2011-10-15 05:19 - 0000000 ____D C:\Program Files\iPod
    2011-10-15 05:16 - 2011-10-15 05:16 - 0000000 ____D C:\Program Files\Bonjour
    2011-10-15 05:16 - 2011-10-15 05:16 - 0000000 ____D C:\Program Files (x86)\Bonjour
    2011-10-13 06:22 - 2010-09-30 16:49 - 0000000 ____D C:\Program Files (x86)\Microsoft Silverlight

    ========================= Known DLLs (Whitelisted) ============


    ========================= Bamital & volsnap Check ============

    C:\Windows\System32\winlogon.exe => MD5 is legit

    C:\Windows\System32\wininit.exe => MD5 is legit

    C:\Windows\explorer.exe => MD5 is legit

    C:\Windows\System32\Drivers\volsnap.sys => MD5 is legit

    ========================= Memory info ======================

    Percentage of memory in use: 46%
    Total physical RAM: 2934.69 MB
    Available physical RAM: 1558.34 MB
    Total Pagefile: 5867.49 MB
    Available Pagefile: 4037.67 MB
    Total Virtual: 8192 MB
    Available Virtual: 8191.86 MB

    ======================= Partitions =========================

    1 Drive c: (OS) (Fixed) (Total:283.34 GB) (Free:234.02 GB) NTFS ==>[Drive with boot components]

    Disk ### Status Size Free Dyn Gpt
    -------- ------------- ------- ------- --- ---
    Disk 0 Online 298 GB 0 B

    Partitions of Disk 0:
    ===============

    Partition ### Type Size Offset
    ------------- ---------------- ------- -------
    Partition 1 OEM 100 MB 1024 KB
    Partition 2 Primary 14 GB 101 MB
    Partition 3 Primary 283 GB 14 GB

    Disk: 0
    Partition 1
    Type : DE
    Hidden: Yes
    Active: No

    There is no volume associated with this partition.

    Disk: 0
    Partition 2
    Type : 07
    Hidden: No
    Active: Yes

    Volume ### Ltr Label Fs Type Size Status Info
    ---------- --- ----------- ----- ---------- ------- --------- --------
    * Volume 1 Recovery NTFS Partition 14 GB Healthy System

    Disk: 0
    Partition 3
    Type : 07
    Hidden: No
    Active: No

    Volume ### Ltr Label Fs Type Size Status Info
    ---------- --- ----------- ----- ---------- ------- --------- --------
    * Volume 2 C OS NTFS Partition 283 GB Healthy Boot

    ================================================== ========

    Last Boot: 2012-01-01 19:37

    ======================= End Of Log ==========================
  3. 10-01-2012  #13
    broni
    broni is offline Senior Member
    Save 20% on AVG Internet Security 2012 Suite!
    Download the FixTDSS.exe

    Save the file to your Windows desktop.
    Close all running programs.
    If you are running Windows XP, turn off System Restore. How to turn off or turn on Windows XP System Restore
    Double-click the FixTDSS.exe file to start the removal tool.
    Click Start to begin the process, and then allow the tool to run.
    OK any security prompts.
    Restart the computer when prompted by the tool.
    After the computer has started, the tool will inform you of the state of infection (make sure to let me know what it said)
    If you are running Windows XP, re-enable System Restore.
Closed Thread
Page 2 of 2 FirstFirst 1 2
« help please. seriously infected | Hijack This Help »