Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Google redirects to mysearchx.com


  • This topic is locked This topic is locked
5 replies to this topic

#1 VRocker

VRocker

  • Members
  • 3 posts
  • OFFLINE
  •  
  • Local time:09:28 PM

Posted 22 November 2010 - 04:31 PM

Hi all, I hope someone can help me,
Both in IE and Firefox my homepage is changed and google redirects me to a site called mysearchx.com.
I read the sticky and attached the following log files.
I also have a hijackthis log, so i'll add this as well.
GMER is still scanning, will add later.


DDS (Ver_10-11-10.01) - NTFS_AMD64
Run by Jens at 22:20:24,78 on ma 22/11/2010
Internet Explorer: 8.0.7600.16385 BrowserJavaVersion: 1.6.0_21
Microsoft Windows 7 Professional 6.1.7600.0.1252.32.1033.18.3036.1368 [GMT 1:00]


============== Running Processes ===============

C:\Windows\system32\wininit.exe
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\svchost.exe -k RPCSS
C:\Windows\system32\atiesrxx.exe
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\atieclxx.exe
C:\Windows\system32\Hpservice.exe
C:\Windows\system32\svchost.exe -k NetworkService
C:\Windows\System32\spoolsv.exe
C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Windows\system32\AEADISRV.EXE
C:\Program Files (x86)\Hotspot Shield\bin\openvpnas.exe
C:\Program Files (x86)\Hotspot Shield\HssWPR\hsssrv.exe
C:\Program Files (x86)\Hotspot Shield\bin\hsswd.exe
C:\Program Files\Microsoft SQL Server\100\DTS\Binn\MsDtsSrvr.exe
C:\Windows\system32\taskhost.exe
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\MOM.exe
C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CCC.exe
C:\Program Files\Microsoft SQL Server\MSSQL10_50.MSSQLSERVER\MSSQL\Binn\sqlservr.exe
C:\Program Files\Microsoft SQL Server\MSAS10_50.MSSQLSERVER\OLAP\bin\msmdsrv.exe
C:\Program Files\MySQL\MySQL Server 5.1\bin\mysqld.exe
C:\Program Files\Microsoft SQL Server\MSRS10_50.MSSQLSERVER\Reporting Services\ReportServer\bin\ReportingServicesService.exe
C:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe
C:\Windows\system32\svchost.exe -k imgsvc
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
C:\Windows\System32\alg.exe
C:\Program Files\Microsoft SQL Server\MSSQL10_50.MSSQLSERVER\MSSQL\Binn\fdlauncher.exe
C:\Windows\system32\svchost.exe -k bthsvcs
C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
C:\Program Files\Microsoft SQL Server\MSSQL10_50.MSSQLSERVER\MSSQL\Binn\fdhost.exe
C:\Windows\system32\conhost.exe
C:\Program Files\Windows Media Player\wmpnetwk.exe
C:\Windows\System32\svchost.exe -k LocalServicePeerNet
C:\Program Files (x86)\Xfire\Xfire.exe
C:\Program Files (x86)\Xfire\xfire64.exe
C:\Program Files (x86)\Xfire\xfire64.exe
C:\Windows\system32\DllHost.exe
C:\Windows\System32\svchost.exe -k secsvcs
D:\Games\Steam\steam.exe
C:\Program Files (x86)\Windows Live\Messenger\msnmsgr.exe
C:\Program Files (x86)\Windows Live\Contacts\wlcomm.exe
C:\Program Files (x86)\Windows Media Player\wmplayer.exe
C:\Windows\system32\taskhost.exe
C:\Program Files (x86)\TeamViewer\Version5\TeamViewer_Service.exe
C:\Program Files (x86)\Mozilla Firefox\firefox.exe
C:\Program Files (x86)\Mozilla Firefox\plugin-container.exe
C:\Program Files (x86)\Hotspot Shield\bin\openvpntray.exe
C:\Users\Jens\Desktop\HijackThis.exe
C:\Windows\SysWOW64\NOTEPAD.EXE
C:\Windows\system32\taskeng.exe
D:\Downloads\dds.scr
C:\Windows\system32\conhost.exe
C:\Windows\system32\wbem\wmiprvse.exe

============== Pseudo HJT Report ===============

uStart Page = hxxp://www.mysearchx.com
mStart Page = hxxp://www.mysearchx.com
mWinlogon: Userinit=userinit.exe
BHO: ContributeBHO Class: {074c1dc5-9320-4a9a-947d-c042949c6216} - C:\Program Files (x86)\Adobe\Adobe Contribute CS5\Plugins\IEPlugin\contributeieplugin.dll
BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
BHO: Groove GFS Browser Helper: {72853161-30c5-4d22-b7f9-0bbc1d38a37e} - C:\Program Files (x86)\Microsoft Office\Office12\GrooveShellExtensions.dll
BHO: Windows Live ID Sign-in Helper: {9030d464-4c02-4abf-8ecc-5164760863c6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
BHO: Skype Plug-In: {ae805869-2e5c-4ed4-8f7b-f1f7851a4497} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
BHO: Java™ Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll
BHO: Microsoft Web Test Recorder 10.0 Helper: {dda57003-0068-4ed2-9d32-4d1ec707d94d} - c:\Program Files (x86)\Microsoft Visual Studio 10.0\Common7\IDE\PrivateAssemblies\Microsoft.VisualStudio.QualityTools.RecorderBarBHO100.dll
BHO: Hotspot Shield Class: {f9e4a054-e9b1-4bc3-83a3-76a1ae736170} - C:\Program Files (x86)\Hotspot Shield\HssIE\HssIE.dll
TB: Contribute Toolbar: {517bdde4-e3a7-4570-b21e-2b52b6139fc7} - C:\Program Files (x86)\Adobe\Adobe Contribute CS5\Plugins\IEPlugin\contributeieplugin.dll
TB: {D4027C7F-154A-4066-A1AD-4243D8127440} - No File
EB: Web Test Recorder 10.0: {5802d092-1784-4908-8cdb-99b6842d353d} - mscoree.dll
uRun: [yapbakalim] C:\WINDOWS\host.exe
mRun: [StartCCC] "C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" MSRun
mRun: [Communicator] "C:\Program Files (x86)\Microsoft Office Communicator\communicator.exe" /fromrunkey
mPolicies-explorer: NoActiveDesktop = 1 (0x1)
mPolicies-explorer: NoActiveDesktopChanges = 1 (0x1)
mPolicies-system: ConsentPromptBehaviorAdmin = 0 (0x0)
mPolicies-system: ConsentPromptBehaviorUser = 3 (0x3)
mPolicies-system: EnableLUA = 0 (0x0)
mPolicies-system: EnableUIADesktopToggle = 0 (0x0)
mPolicies-system: PromptOnSecureDesktop = 0 (0x0)
IE: E&xport to Microsoft Excel - C:\PROGRA~2\MICROS~1\Office12\EXCEL.EXE/3000
IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - C:\PROGRA~2\MICROS~1\Office12\ONBttnIE.dll
IE: {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - C:\PROGRA~2\MICROS~1\Office12\REFIEBAR.DLL
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_21-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_21-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_21-windows-i586.cab
DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
TCP: {44AD12D3-4885-4DCD-B870-1E067FD2C1A7} = 10.31.64.1
TCP: {5FAB2EC9-BB2E-4FBF-A1AE-AB8A838317C0} = 192.168.100.2
Handler: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\Program Files (x86)\Microsoft Office\Office12\GrooveSystemServices.dll
Handler: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~2\COMMON~1\Skype\SKYPE4~1.DLL
SEH: Groove GFS Stub Execution Hook: {b5a7f190-dda6-4420-b3ba-52453494e6cd} - C:\Program Files (x86)\Microsoft Office\Office12\GrooveShellExtensions.dll
BHO-X64: Windows Live ID Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
BHO-X64: Java™ Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
BHO-X64: Hotspot Shield Class: {F9E4A054-E9B1-4BC3-83A3-76A1AE736170} - C:\Program Files (x86)\Hotspot Shield\HssIE\HssIE_64.dll
TB-X64: {D4027C7F-154A-4066-A1AD-4243D8127440} - No File
mRun-x64: [(Default)]
mRun-x64: [SynTPEnh] %ProgramFiles%\Synaptics\SynTP\SynTPEnh.exe
Hosts: 95.154.237.107 www.google.com.tr
Hosts: 95.154.237.107 www.google.ca
Hosts: 95.154.237.107 www.google.com.br
Hosts: 95.154.237.107 www.google.co.il
Hosts: 95.154.237.107 www.google.com.ar

Note: multiple HOSTS entries found. Please refer to Attach.txt

================= FIREFOX ===================

FF - ProfilePath - C:\Users\Jens\AppData\Roaming\Mozilla\Firefox\Profiles\qwqy5573.default\
FF - prefs.js: browser.search.defaulturl - hxxp://www.bing.com/search?FORM=IEFM1&q=
FF - prefs.js: browser.search.selectedEngine - Google
FF - prefs.js: browser.startup.homepage - hxxp://nl.start3.mozilla.com/firefox?client=firefox-a&rls=org.mozilla:nl:official
FF - prefs.js: keyword.URL - hxxp://www.bing.com/search?FORM=IEFM1&q=
FF - prefs.js: network.proxy.type - 0
FF - component: C:\Program Files (x86)\Adobe\Adobe Contribute CS5\Plugins\FirefoxPlugin\{01A8CA0A-4C96-465b-A49B-65C46FAD54F9}\components\Contribute.dll
FF - component: C:\Program Files (x86)\Mozilla Firefox\extensions\{AB2CE124-6272-4b12-94A9-7303C7397BD1}\components\SkypeFfComponent.dll
FF - plugin: C:\Program Files (x86)\Java\jre6\bin\new_plugin\npdeployJava1.dll
FF - plugin: C:\Program Files (x86)\Mozilla Firefox\plugins\npContribute.dll
FF - plugin: C:\Program Files (x86)\Pando Networks\Media Booster\npPandoWebPlugin.dll
FF - plugin: C:\Users\Jens\AppData\Local\Google\Update\1.2.183.39\npGoogleOneClick8.dll
FF - plugin: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32.dll
FF - HiddenExtension: Java Console: No Registry Reference - C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA}

---- FIREFOX POLICIES ----
C:\Program Files (x86)\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgbaam7a8h", true);
C:\Program Files (x86)\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--fiqz9s", true); // Traditional
C:\Program Files (x86)\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--fiqs8s", true); // Simplified
C:\Program Files (x86)\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--j6w193g", true);
C:\Program Files (x86)\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgberp4a5d4ar", true);
C:\Program Files (x86)\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgberp4a5d4a87g", true);
C:\Program Files (x86)\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgbqly7c0a67fbc", true);
C:\Program Files (x86)\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgbqly7cvafr", true);
C:\Program Files (x86)\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--kpry57d", true); // Traditional
C:\Program Files (x86)\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--kprw13d", true); // Simplified

============= SERVICES / DRIVERS ===============

R0 PxHlpa64;PxHlpa64;C:\Windows\System32\drivers\PxHlpa64.sys [2010-10-1 55280]
R1 vwififlt;Virtual WiFi Filter Driver;C:\Windows\System32\drivers\vwififlt.sys [2009-7-14 59904]
R2 AMD External Events Utility;AMD External Events Utility;C:\Windows\System32\atiesrxx.exe [2010-10-27 203776]
R2 hpsrv;HP Service;C:\Windows\System32\hpservice.exe [2010-7-16 30520]
R2 HssWd;Hotspot Shield Monitoring Service;C:\Program Files (x86)\Hotspot Shield\bin\hsswd.exe -product HSS --> C:\Program Files (x86)\Hotspot Shield\bin\hsswd.exe -product HSS [?]
R2 MsDtsServer100;SQL Server Integration Services 10.0;C:\Program Files\Microsoft SQL Server\100\DTS\Binn\MsDtsSrvr.exe [2010-4-3 210784]
R2 ReportServer;SQL Server Reporting Services (MSSQLSERVER);C:\Program Files\Microsoft SQL Server\MSRS10_50.MSSQLSERVER\Reporting Services\ReportServer\bin\ReportingServicesService.exe [2010-4-3 2175328]
R2 TeamViewer5;TeamViewer 5;C:\Program Files (x86)\TeamViewer\Version5\TeamViewer_Service.exe [2010-11-13 2011944]
R3 amdkmdag;amdkmdag;C:\Windows\System32\drivers\atikmdag.sys [2010-10-27 8012288]
R3 amdkmdap;amdkmdap;C:\Windows\System32\drivers\atikmpag.sys [2010-10-27 287232]
R3 ATSwpWDF;AuthenTec TruePrint USB WBF WDF Driver;C:\Windows\System32\drivers\ATSwpWDF.sys [2009-12-3 716872]
R3 e1yexpress;Intel® Gigabit Network Connections Driver;C:\Windows\System32\drivers\e1y62x64.sys [2009-6-13 287960]
R3 MSSQLFDLauncher;SQL Full-text Filter Daemon Launcher (MSSQLSERVER);C:\Program Files\Microsoft SQL Server\MSSQL10_50.MSSQLSERVER\MSSQL\Binn\fdlauncher.exe [2010-4-3 32096]
R3 NETw5s64;Intel® Wireless WiFi Link 5000 Series Adapter Driver for Windows 7 - 64 Bit;C:\Windows\System32\drivers\NETw5s64.sys [2010-1-13 7675392]
R3 Razerlow;Razer Pro|Solutions;C:\Windows\System32\drivers\Razerlow.sys [2005-11-7 21120]
R3 RICOH SmartCard Reader;RICOH SmartCard Reader;C:\Windows\System32\drivers\rismcx64.sys [2006-10-3 79488]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]
S2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-3-18 138576]
S3 netw5v64;Intel® Wireless WiFi Link 5000 Series Adapter Driver for Windows Vista 64 Bit;C:\Windows\System32\drivers\netw5v64.sys [2009-6-10 5434368]
S3 SRS_HDAL_Service;HD Audio Lab;C:\Windows\System32\drivers\SRS_HDAL_amd64.sys [2010-7-2 525040]
S3 StorSvc;Storage Service;C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted [2009-7-14 27136]
S3 SwitchBoard;SwitchBoard;C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe [2010-2-19 517096]
S3 VSPerfDrv100;Performance Tools Driver 10.0;C:\Program Files (x86)\Microsoft Visual Studio 10.0\Team Tools\Performance Tools\x64\VSPerfDrv100.sys [2010-3-17 68440]
S3 vwifimp;Microsoft Virtual WiFi Miniport Service;C:\Windows\System32\drivers\vwifimp.sys [2009-7-14 17920]
S3 WatAdminSvc;Windows Activation Technologies Service;C:\Windows\System32\Wat\WatAdminSvc.exe [2010-9-26 1255736]
S4 MSSQLServerADHelper100;SQL Active Directory Helper Service;C:\Program Files\Microsoft SQL Server\100\Shared\sqladhlp.exe [2010-4-3 59744]
S4 RsFx0150;RsFx0150 Driver;C:\Windows\System32\drivers\RsFx0150.sys [2010-4-3 313696]

=============== Created Last 30 ================

2010-11-22 19:21:11 -------- d-----w- C:\Program Files (x86)\Spybot - Search & Destroy
2010-11-22 19:21:11 -------- d-----w- C:\PROGRA~3\Spybot - Search & Destroy
2010-11-22 13:33:47 290816 ----a-w- C:\Users\Jens\AppData\Roaming\Microsoft\SharePoint Designer\ProxyAssemblyCache\12.0.0.6545\Microsoft.SharePoint.WorkflowActions.Proxy.dll
2010-11-22 10:43:06 183296 ----a-w- C:\Windows\host.exe
2010-11-20 10:20:30 -------- d-----w- C:\Program Files (x86)\SpeedFan
2010-11-19 10:56:11 -------- d-----w- C:\Windows\SysWow64\xlive
2010-11-19 10:56:02 -------- d-----w- C:\Program Files (x86)\Microsoft Games for Windows - LIVE
2010-11-19 07:47:28 8199504 ----a-w- C:\PROGRA~3\Microsoft\Windows Defender\Definition Updates\{4A1099FE-19D7-46A1-8B2A-2276811381CD}\mpengine.dll
2010-11-17 21:24:24 -------- d-----w- C:\Users\Jens\AppData\Local\ATI
2010-11-17 21:24:21 -------- d-----w- C:\Program Files\Common Files\ATI Technologies
2010-11-17 21:24:21 -------- d-----w- C:\Program Files (x86)\Common Files\ATI Technologies
2010-11-17 21:24:16 -------- d-----w- C:\Program Files (x86)\ATI Stream
2010-11-17 21:23:23 -------- d-----w- C:\Program Files (x86)\ATI Technologies
2010-11-17 21:23:11 -------- d-----w- C:\Program Files\ATI
2010-11-17 21:22:35 -------- d-----w- C:\ATI
2010-11-17 21:14:02 -------- d-----w- C:\AMD
2010-11-17 21:10:45 -------- d-----w- C:\Program Files\ATI Technologies
2010-11-16 15:42:03 -------- d-----w- C:\Users\Jens\AppData\Roaming\TS3Client
2010-11-16 15:41:57 -------- d-----w- C:\Program Files\TeamSpeak 3 Client
2010-11-16 14:06:58 -------- d-----w- C:\Windows\SysWow64\directx
2010-11-16 07:50:24 -------- d-----w- C:\Users\Jens\AppData\Local\Activision
2010-11-15 13:39:28 1638400 ----a-w- C:\Users\Jens\AppData\Roaming\Microsoft\SharePoint Designer\ProxyAssemblyCache\12.0.0.6545\Microsoft.SharePoint.Proxy.dll
2010-11-15 13:39:11 28672 ----a-w- C:\Users\Jens\AppData\Roaming\Microsoft\SharePoint Designer\ProxyAssemblyCache\12.0.0.6545\System.Web.Proxy.dll
2010-11-13 19:49:06 -------- d-----w- C:\Users\Jens\AppData\Roaming\TeamViewer
2010-11-13 19:49:01 -------- d-----w- C:\Program Files (x86)\TeamViewer
2010-11-13 12:12:47 294232 ----a-w- C:\Windows\System32\drivers\VMM.sys
2010-11-12 13:10:12 165232 ---ha-w- C:\Users\Jens\AppData\Roaming\Microsoft\Virtual PC\VPCKeyboard.dll
2010-11-12 13:07:03 -------- d-----w- C:\Program Files (x86)\SystemRequirementsLab
2010-11-12 13:01:57 -------- d-----w- C:\Program Files (x86)\Microsoft Virtual PC
2010-11-08 11:29:20 -------- d-----w- C:\Users\Jens\AppData\Roaming\Command & Conquer 3 Kane's Wrath
2010-11-08 06:54:51 -------- d-----w- C:\Users\Jens\AppData\Roaming\Command & Conquer 3 Tiberium Wars
2010-11-07 21:26:59 5073256 ----a-w- C:\Windows\System32\d3dx9_35.dll
2010-11-07 16:41:38 -------- d-----w- C:\Program Files (x86)\RapidShareManager
2010-11-07 16:32:41 -------- d-----w- C:\Program Files\Unlocker
2010-11-07 11:08:23 267272 ----a-w- C:\Windows\SysWow64\xactengine2_10.dll
2010-11-07 11:08:22 444776 ----a-w- C:\Windows\SysWow64\d3dx10_36.dll
2010-11-07 11:08:22 17928 ----a-w- C:\Windows\SysWow64\X3DAudio1_2.dll
2010-11-07 11:08:22 1374232 ----a-w- C:\Windows\SysWow64\D3DCompiler_36.dll
2010-11-07 11:08:21 3734536 ----a-w- C:\Windows\SysWow64\d3dx9_36.dll
2010-11-07 11:08:20 3426072 ----a-w- C:\Windows\SysWow64\d3dx9_32.dll
2010-11-06 10:37:34 103864 ----a-w- C:\Program Files (x86)\Mozilla Firefox\plugins\nppdf32.dll
2010-11-02 12:55:51 -------- d-----w- C:\Users\Jens\android-sdk_r07-windows
2010-11-02 10:32:43 -------- d-----w- C:\Users\Jens\.android
2010-10-29 12:30:50 -------- d-----w- C:\Users\Jens\.VirtualBox
2010-10-29 12:30:20 203024 ----a-w- C:\Windows\System32\drivers\VBoxDrv.sys
2010-10-29 12:30:09 53968 ----a-w- C:\Windows\System32\drivers\VBoxUSBMon.sys
2010-10-29 12:30:07 -------- d-----w- C:\Program Files\Oracle
2010-10-27 07:15:27 -------- d-----w- C:\Users\Jens\AppData\Local\Google
2010-10-27 06:40:24 961024 ----a-w- C:\Windows\System32\CPFilters.dll
2010-10-27 06:40:24 641536 ----a-w- C:\Windows\SysWow64\CPFilters.dll
2010-10-27 06:40:24 552960 ----a-w- C:\Windows\System32\msdri.dll
2010-10-27 06:40:23 288256 ----a-w- C:\Windows\System32\MSNP.ax
2010-10-27 06:40:23 258560 ----a-w- C:\Windows\System32\mpg2splt.ax
2010-10-27 06:40:23 204288 ----a-w- C:\Windows\SysWow64\MSNP.ax
2010-10-27 06:40:23 199680 ----a-w- C:\Windows\SysWow64\mpg2splt.ax
2010-10-27 06:40:18 27008 ----a-w- C:\Windows\System32\drivers\Diskdump.sys
2010-10-27 04:00:14 8012288 ----a-w- C:\Windows\System32\drivers\atikmdag.sys
2010-10-27 03:25:36 21422592 ----a-w- C:\Windows\System32\atio6axx.dll
2010-10-27 03:08:16 16281600 ----a-w- C:\Windows\SysWow64\atioglxx.dll
2010-10-27 02:55:30 143360 ----a-w- C:\Windows\System32\atiapfxx.exe
2010-10-27 02:55:22 547328 ----a-w- C:\Windows\SysWow64\aticfx32.dll
2010-10-27 02:54:22 645120 ----a-w- C:\Windows\System32\aticfx64.dll
2010-10-27 02:52:18 450560 ----a-w- C:\Windows\System32\ATIDEMGX.dll
2010-10-27 02:52:12 478208 ----a-w- C:\Windows\System32\atieclxx.exe
2010-10-27 02:51:36 203776 ----a-w- C:\Windows\System32\atiesrxx.exe
2010-10-27 02:50:28 120320 ----a-w- C:\Windows\System32\atitmm64.dll
2010-10-27 02:50:14 423424 ----a-w- C:\Windows\System32\atipdl64.dll
2010-10-27 02:50:08 356352 ----a-w- C:\Windows\SysWow64\atipdlxx.dll
2010-10-27 02:49:56 278528 ----a-w- C:\Windows\SysWow64\Oemdspif.dll
2010-10-27 02:49:52 16384 ----a-w- C:\Windows\System32\atimuixx.dll
2010-10-27 02:49:48 59392 ----a-w- C:\Windows\System32\atiedu64.dll
2010-10-27 02:49:44 43520 ----a-w- C:\Windows\SysWow64\ati2edxx.dll
2010-10-27 02:46:56 4020736 ----a-w- C:\Windows\SysWow64\atidxx32.dll
2010-10-27 02:35:28 51200 ----a-w- C:\Windows\System32\aticalrt64.dll
2010-10-27 02:35:26 46080 ----a-w- C:\Windows\SysWow64\aticalrt.dll
2010-10-27 02:35:18 44544 ----a-w- C:\Windows\System32\aticalcl64.dll
2010-10-27 02:35:16 44032 ----a-w- C:\Windows\SysWow64\aticalcl.dll
2010-10-27 02:35:06 6815744 ----a-w- C:\Windows\System32\aticaldd64.dll
2010-10-27 02:33:50 5441536 ----a-w- C:\Windows\SysWow64\aticaldd.dll
2010-10-27 02:28:20 4094464 ----a-w- C:\Windows\SysWow64\atiumdag.dll
2010-10-27 02:22:02 5218304 ----a-w- C:\Windows\System32\atiumd64.dll
2010-10-27 02:14:58 58880 ----a-w- C:\Windows\System32\coinst.dll
2010-10-27 02:14:56 349184 ----a-w- C:\Windows\System32\atiadlxx.dll
2010-10-27 02:14:50 249856 ----a-w- C:\Windows\SysWow64\atiadlxy.dll
2010-10-27 02:14:42 14848 ----a-w- C:\Windows\System32\atig6pxx.dll
2010-10-27 02:14:40 12800 ----a-w- C:\Windows\SysWow64\atiglpxx.dll
2010-10-27 02:14:40 12800 ----a-w- C:\Windows\System32\atiglpxx.dll
2010-10-27 02:14:36 31744 ----a-w- C:\Windows\System32\atig6txx.dll
2010-10-27 02:14:30 27136 ----a-w- C:\Windows\SysWow64\atigktxx.dll
2010-10-27 02:14:22 287232 ----a-w- C:\Windows\System32\drivers\atikmpag.sys
2010-10-27 02:13:42 39936 ----a-w- C:\Windows\System32\atiuxp64.dll
2010-10-27 02:13:34 30720 ----a-w- C:\Windows\SysWow64\atiuxpag.dll
2010-10-27 02:13:28 37888 ----a-w- C:\Windows\System32\atiu9p64.dll
2010-10-27 02:13:22 28672 ----a-w- C:\Windows\SysWow64\atiu9pag.dll
2010-10-27 02:12:54 53248 ----a-w- C:\Windows\System32\drivers\ati2erec.dll
2010-10-27 01:57:02 3221504 ----a-w- C:\Windows\System32\atiumd6a.dll
2010-10-27 01:50:08 3460096 ----a-w- C:\Windows\SysWow64\atiumdva.dll
2010-10-27 01:37:16 53760 ----a-w- C:\Windows\System32\atimpc64.dll
2010-10-27 01:37:16 53760 ----a-w- C:\Windows\System32\amdpcom64.dll
2010-10-27 01:37:12 52736 ----a-w- C:\Windows\SysWow64\atimpc32.dll
2010-10-27 01:37:12 52736 ----a-w- C:\Windows\SysWow64\amdpcom32.dll
2010-10-25 16:12:42 -------- d-----r- C:\Program Files (x86)\Skype
2010-10-25 11:58:34 -------- d-----w- C:\Users\Jens\AppData\Local\Windows Live
2010-10-25 11:58:03 206848 ----a-w- C:\Windows\System32\mfps.dll
2010-10-25 11:58:02 257024 ----a-w- C:\Windows\System32\mfreadwrite.dll
2010-10-25 11:58:02 196608 ----a-w- C:\Windows\SysWow64\mfreadwrite.dll
2010-10-25 11:58:02 1888256 ----a-w- C:\Windows\System32\WMVDECOD.DLL
2010-10-25 11:58:02 1619456 ----a-w- C:\Windows\SysWow64\WMVDECOD.DLL
2010-10-25 11:58:01 4068864 ----a-w- C:\Windows\System32\mf.dll
2010-10-25 11:58:01 3181568 ----a-w- C:\Windows\SysWow64\mf.dll

==================== Find3M ====================

2010-10-27 02:38:02 4744704 ----a-w- C:\Windows\System32\atidxx64.dll
2010-10-19 09:41:44 270720 ------w- C:\Windows\System32\MpSigStub.exe
2010-10-14 00:36:52 15451288 ----a-w- C:\Windows\SysWow64\xlive.dll
2010-10-14 00:36:50 13642904 ----a-w- C:\Windows\SysWow64\xlivefnt.dll
2010-10-10 14:15:16 419840 ----a-w- C:\Windows\System32\wrap_oal.dll
2010-10-10 14:15:16 413696 ----a-w- C:\Windows\SysWow64\wrap_oal.dll
2010-10-10 14:15:16 133632 ----a-w- C:\Windows\System32\OpenAL32.dll
2010-10-10 14:15:16 110592 ----a-w- C:\Windows\SysWow64\OpenAL32.dll
2010-10-08 13:52:38 164304 ----a-w- C:\Windows\System32\drivers\VBoxNetFlt.sys
2010-10-08 13:52:38 144784 ----a-w- C:\Windows\System32\drivers\VBoxNetAdp.sys
2010-10-08 13:52:36 318992 ----a-w- C:\Windows\System32\VBoxNetFltNotify.dll
2010-09-28 11:41:44 423656 ----a-w- C:\Windows\SysWow64\deployJava1.dll
2010-09-28 07:31:21 468480 ----a-w- C:\Windows\System32\deployJava1.dll
2010-09-26 18:30:02 0 ----a-w- C:\Windows\ativpsrm.bin
2010-09-22 22:47:28 49016 ----a-w- C:\Windows\SysWow64\sirenacm.dll
2010-09-22 19:19:02 56832 ----a-w- C:\Windows\System32\drivers\HssDrv.sys
2010-09-22 19:19:02 37888 ----a-w- C:\Windows\System32\drivers\taphss.sys
2010-09-21 12:49:02 252800 ----a-w- C:\Windows\System32\LIVESSP.DLL
2010-09-21 12:03:14 208768 ----a-w- C:\Windows\SysWow64\LIVESSP.DLL
2010-09-10 05:35:44 135168 ----a-w- C:\Windows\apppatch\AppPatch64\AcXtrnal.dll
2010-09-10 05:35:43 347648 ----a-w- C:\Windows\apppatch\AppPatch64\AcLayers.dll
2010-09-08 05:36:17 1192960 ----a-w- C:\Windows\System32\wininet.dll
2010-09-08 05:34:34 57856 ----a-w- C:\Windows\System32\licmgr10.dll
2010-09-08 04:30:04 978432 ----a-w- C:\Windows\SysWow64\wininet.dll
2010-09-08 04:28:15 44544 ----a-w- C:\Windows\SysWow64\licmgr10.dll
2010-09-08 04:16:38 482816 ----a-w- C:\Windows\System32\html.iec
2010-09-08 03:35:30 1638912 ----a-w- C:\Windows\System32\mshtml.tlb
2010-09-08 03:22:31 386048 ----a-w- C:\Windows\SysWow64\html.iec
2010-09-08 02:48:16 1638912 ----a-w- C:\Windows\SysWow64\mshtml.tlb
2010-09-01 05:12:09 12625920 ----a-w- C:\Windows\System32\wmploc.DLL
2010-09-01 04:23:49 12625408 ----a-w- C:\Windows\SysWow64\wmploc.DLL
2010-09-01 02:58:34 3123712 ----a-w- C:\Windows\System32\win32k.sys
2010-08-31 04:32:30 954752 ----a-w- C:\Windows\SysWow64\mfc40.dll
2010-08-31 04:32:30 954288 ----a-w- C:\Windows\SysWow64\mfc40u.dll
2010-08-27 18:33:08 332800 ----a-w- C:\Windows\System32\ATIODE.exe
2010-08-27 06:14:02 236032 ----a-w- C:\Windows\System32\srvsvc.dll
2010-08-27 05:46:48 9728 ----a-w- C:\Windows\SysWow64\sscore.dll
2010-08-27 03:38:04 463360 ----a-w- C:\Windows\System32\drivers\srv.sys
2010-08-27 03:37:48 402944 ----a-w- C:\Windows\System32\drivers\srv2.sys
2010-08-27 03:37:26 161792 ----a-w- C:\Windows\System32\drivers\srvnet.sys
2010-08-26 05:27:28 148992 ----a-w- C:\Windows\System32\t2embed.dll
2010-08-26 04:39:58 109056 ----a-w- C:\Windows\SysWow64\t2embed.dll

============= FINISH: 22:21:12,41 ===============






Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 22:03:48, on 22/11/2010
Platform: Windows 7 (WinNT 6.00.3504)
MSIE: Internet Explorer v8.00 (8.00.7600.16671)
Boot mode: Normal

Running processes:
C:\Program Files (x86)\Xfire\Xfire.exe
D:\Games\Steam\steam.exe
C:\Program Files (x86)\Windows Live\Messenger\msnmsgr.exe
C:\Program Files (x86)\Windows Live\Contacts\wlcomm.exe
C:\Program Files (x86)\Windows Media Player\wmplayer.exe
C:\Program Files (x86)\Mozilla Firefox\firefox.exe
C:\Program Files (x86)\Mozilla Firefox\plugin-container.exe
C:\Program Files (x86)\Hotspot Shield\bin\openvpntray.exe
C:\Users\Jens\Desktop\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.mysearchx.com
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.mysearchx.com
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
F2 - REG:system.ini: UserInit=userinit.exe
O1 - Hosts: 95.154.237.107 www.google.com.tr
O1 - Hosts: 95.154.237.107 www.google.ca
O1 - Hosts: 95.154.237.107 www.google.com.br
O1 - Hosts: 95.154.237.107 www.google.co.il
O1 - Hosts: 95.154.237.107 www.google.com.ar
O1 - Hosts: 95.154.237.107 www.google.com.my
O1 - Hosts: 95.154.237.107 www.google.gr
O1 - Hosts: 95.154.237.107 www.google.com.ph
O1 - Hosts: 95.154.237.107 www.google.com.tw
O1 - Hosts: 95.154.237.107 www.google.co.id
O1 - Hosts: 95.154.237.107 www.google.co.in
O1 - Hosts: 95.154.237.107 www.google.com.au
O1 - Hosts: 95.154.237.107 www.google.co.nz
O1 - Hosts: 95.154.237.107 www.google.com.pk
O1 - Hosts: 95.154.237.107 www.google.dk
O1 - Hosts: 95.154.237.107 www.google.pt
O1 - Hosts: 95.154.237.107 www.google.es
O1 - Hosts: 95.154.237.107 www.google.se
O1 - Hosts: 95.154.237.107 www.google.de
O1 - Hosts: 95.154.237.107 www.google.com.hk
O1 - Hosts: 95.154.237.107 www.google.fr
O1 - Hosts: 95.154.237.107 www.google.co.jp
O1 - Hosts: 95.154.237.107 www.google.com.mx
O1 - Hosts: 95.154.237.107 www.google.com.sa
O1 - Hosts: 95.154.237.107 www.google.com.sg
O1 - Hosts: 95.154.237.107 www.google.cn
O1 - Hosts: 95.154.237.107 www.google.com.eg
O1 - Hosts: 95.154.237.107 www.google.com.ba
O1 - Hosts: 95.154.237.107 www.google.com.at
O1 - Hosts: 95.154.237.107 www.google.be
O1 - Hosts: 95.154.237.107 www.google.ch
O1 - Hosts: 95.154.237.107 www.google.no
O1 - Hosts: 95.154.237.107 www.google.sk
O1 - Hosts: 95.154.237.107 www.google.fi
O1 - Hosts: 95.154.237.107 search.yahoo.com
O1 - Hosts: 95.154.237.107 www.baidu.com
O2 - BHO: ContributeBHO Class - {074C1DC5-9320-4A9A-947D-C042949C6216} - C:\Program Files (x86)\Adobe\Adobe Contribute CS5\Plugins\IEPlugin\contributeieplugin.dll
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files (x86)\Microsoft Office\Office12\GrooveShellExtensions.dll
O2 - BHO: Windows Live ID Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: SkypeIEPluginBHO - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
O2 - BHO: Java™ Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll
O2 - BHO: Microsoft Web Test Recorder 10.0 Helper - {DDA57003-0068-4ed2-9D32-4D1EC707D94D} - c:\Program Files (x86)\Microsoft Visual Studio 10.0\Common7\IDE\PrivateAssemblies\Microsoft.VisualStudio.QualityTools.RecorderBarBHO100.dll
O2 - BHO: Hotspot Shield Class - {F9E4A054-E9B1-4BC3-83A3-76A1AE736170} - C:\Program Files (x86)\Hotspot Shield\HssIE\HssIE.dll
O3 - Toolbar: Contribute Toolbar - {517BDDE4-E3A7-4570-B21E-2B52B6139FC7} - C:\Program Files (x86)\Adobe\Adobe Contribute CS5\Plugins\IEPlugin\contributeieplugin.dll
O4 - HKLM\..\Run: [StartCCC] "C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" MSRun
O4 - HKLM\..\Run: [Communicator] "C:\Program Files (x86)\Microsoft Office Communicator\communicator.exe" /fromrunkey
O4 - HKCU\..\Run: [yapbakalim] C:\WINDOWS\host.exe
O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-19\..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-20\..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (User 'NETWORK SERVICE')
O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~2\MICROS~1\Office12\EXCEL.EXE/3000
O9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~2\MICROS~1\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~2\MICROS~1\Office12\ONBttnIE.dll
O9 - Extra button: Skype Plug-In - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
O9 - Extra 'Tools' menuitem: Skype Plug-In - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~2\MICROS~1\Office12\REFIEBAR.DLL
O10 - Unknown file in Winsock LSP: c:\program files (x86)\common files\microsoft shared\windows live\wlidnsp.dll
O10 - Unknown file in Winsock LSP: c:\program files (x86)\common files\microsoft shared\windows live\wlidnsp.dll
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{44AD12D3-4885-4DCD-B870-1E067FD2C1A7}: NameServer = 10.31.64.1
O17 - HKLM\System\CCS\Services\Tcpip\..\{5FAB2EC9-BB2E-4FBF-A1AE-AB8A838317C0}: NameServer = 192.168.100.2
O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\Program Files (x86)\Microsoft Office\Office12\GrooveSystemServices.dll
O18 - Protocol: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~2\COMMON~1\Skype\SKYPE4~1.DLL
O23 - Service: Andrea ADI Filters Service (AEADIFilters) - Unknown owner - C:\Windows\system32\AEADISRV.EXE (file missing)
O23 - Service: @%SystemRoot%\system32\Alg.exe,-112 (ALG) - Unknown owner - C:\Windows\System32\alg.exe (file missing)
O23 - Service: AMD External Events Utility - Unknown owner - C:\Windows\system32\atiesrxx.exe (file missing)
O23 - Service: @%SystemRoot%\system32\efssvc.dll,-100 (EFS) - Unknown owner - C:\Windows\System32\lsass.exe (file missing)
O23 - Service: @%systemroot%\system32\fxsresm.dll,-118 (Fax) - Unknown owner - C:\Windows\system32\fxssvc.exe (file missing)
O23 - Service: Hotspot Shield Service (HotspotShieldService) - Unknown owner - C:\Program Files (x86)\Hotspot Shield\bin\openvpnas.exe
O23 - Service: HP Service (hpsrv) - Unknown owner - C:\Windows\system32\Hpservice.exe (file missing)
O23 - Service: Hotspot Shield Routing Service (HssSrv) - AnchorFree Inc. - C:\Program Files (x86)\Hotspot Shield\HssWPR\hsssrv.exe
O23 - Service: Hotspot Shield Tray Service (HssTrayService) - Unknown owner - C:\Program Files (x86)\Hotspot Shield\bin\HssTrayService.EXE
O23 - Service: Hotspot Shield Monitoring Service (HssWd) - Unknown owner - C:\Program Files (x86)\Hotspot Shield\bin\hsswd.exe
O23 - Service: @keyiso.dll,-100 (KeyIso) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: @comres.dll,-2797 (MSDTC) - Unknown owner - C:\Windows\System32\msdtc.exe (file missing)
O23 - Service: MySQL - Unknown owner - C:\Program.exe (file missing)
O23 - Service: @%SystemRoot%\System32\netlogon.dll,-102 (Netlogon) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: @%systemroot%\system32\psbase.dll,-300 (ProtectedStorage) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: Remote Packet Capture Protocol v.0 (experimental) (rpcapd) - CACE Technologies, Inc. - C:\Program Files (x86)\WinPcap\rpcapd.exe
O23 - Service: @%systemroot%\system32\Locator.exe,-2 (RpcLocator) - Unknown owner - C:\Windows\system32\locator.exe (file missing)
O23 - Service: @%SystemRoot%\system32\samsrv.dll,-1 (SamSs) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: @%SystemRoot%\system32\snmptrap.exe,-3 (SNMPTRAP) - Unknown owner - C:\Windows\System32\snmptrap.exe (file missing)
O23 - Service: @%systemroot%\system32\spoolsv.exe,-1 (Spooler) - Unknown owner - C:\Windows\System32\spoolsv.exe (file missing)
O23 - Service: @%SystemRoot%\system32\sppsvc.exe,-101 (sppsvc) - Unknown owner - C:\Windows\system32\sppsvc.exe (file missing)
O23 - Service: Steam Client Service - Valve Corporation - C:\Program Files (x86)\Common Files\Steam\SteamService.exe
O23 - Service: SwitchBoard - Adobe Systems Incorporated - C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe
O23 - Service: TeamViewer 5 (TeamViewer5) - TeamViewer GmbH - C:\Program Files (x86)\TeamViewer\Version5\TeamViewer_Service.exe
O23 - Service: @%SystemRoot%\system32\ui0detect.exe,-101 (UI0Detect) - Unknown owner - C:\Windows\system32\UI0Detect.exe (file missing)
O23 - Service: @%SystemRoot%\system32\vaultsvc.dll,-1003 (VaultSvc) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: @%SystemRoot%\system32\vds.exe,-100 (vds) - Unknown owner - C:\Windows\System32\vds.exe (file missing)
O23 - Service: @%systemroot%\system32\vssvc.exe,-102 (VSS) - Unknown owner - C:\Windows\system32\vssvc.exe (file missing)
O23 - Service: wampapache - Apache Software Foundation - c:\wamp\bin\apache\apache2.2.11\bin\httpd.exe
O23 - Service: wampmysqld - Unknown owner - c:\wamp\bin\mysql\mysql5.1.36\bin\mysqld.exe
O23 - Service: @%SystemRoot%\system32\Wat\WatUX.exe,-601 (WatAdminSvc) - Unknown owner - C:\Windows\system32\Wat\WatAdminSvc.exe (file missing)
O23 - Service: @%systemroot%\system32\wbengine.exe,-104 (wbengine) - Unknown owner - C:\Windows\system32\wbengine.exe (file missing)
O23 - Service: @%Systemroot%\system32\wbem\wmiapsrv.exe,-110 (wmiApSrv) - Unknown owner - C:\Windows\system32\wbem\WmiApSrv.exe (file missing)
O23 - Service: @%PROGRAMFILES%\Windows Media Player\wmpnetwk.exe,-101 (WMPNetworkSvc) - Unknown owner - C:\Program Files (x86)\Windows Media Player\wmpnetwk.exe (file missing)

--
End of file - 11619 bytes

added ark.txt

Merged posts. ~ OB

Attached Files


Edited by Orange Blossom, 22 November 2010 - 07:01 PM.


BC AdBot (Login to Remove)

 


#2 miekiemoes

miekiemoes

    Malware Killer Dog


  • Malware Response Team
  • 19,420 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:Belgium
  • Local time:04:28 AM

Posted 23 November 2010 - 05:38 AM

Hi,

Go to << link deleted to prevent other users uploading the same file over and over again >>
Enter the url of this thread in the first field.
Where it says, browse to the file that you want to submit, click the browse button next to it and browse to next file:

C:\WINDOWS\host.exe

Select it and click ok:
Then click the Send File button below.

Let me know once you have submitted the file.

Edited by miekiemoes, 12 December 2010 - 04:24 PM.

AntispywareScanners---Antivirus Scanners---Firewalls---Online Scanners---Prevention---Help! My computer is slow---My Blog---Follow me on Twitter.
My help is ALWAYS FREE, but if you want to donate to help me continue my fight against malware -- click here!
Asking for help via Private Message or Mail will be ignored - So If you need help, post your problem in the forum.

#3 VRocker

VRocker
  • Topic Starter

  • Members
  • 3 posts
  • OFFLINE
  •  
  • Local time:09:28 PM

Posted 23 November 2010 - 06:47 AM

Since yesterday, I scanned with MalwareBytes Anti-Malware and manually fixed some things in my hijackthis log file. I will scan again and post the results here.
The file you requested isn't there anymore and I recall MalwareBytes finding and deleting it. Google isn't redirected anymore as well, so it seems fixed.

Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 12:46:56, on 23/11/2010
Platform: Windows 7 (WinNT 6.00.3504)
MSIE: Internet Explorer v8.00 (8.00.7600.16671)
Boot mode: Normal

Running processes:
C:\Program Files (x86)\Xfire\Xfire.exe
C:\Program Files (x86)\Mozilla Firefox\firefox.exe
C:\Program Files (x86)\Mozilla Firefox\plugin-container.exe
D:\Downloads\gmer\gmer.exe
C:\Users\Jens\Desktop\HijackThis.exe
C:\Windows\SysWOW64\DllHost.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.mysearchx.com
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.mysearchx.com
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
O2 - BHO: ContributeBHO Class - {074C1DC5-9320-4A9A-947D-C042949C6216} - C:\Program Files (x86)\Adobe\Adobe Contribute CS5\Plugins\IEPlugin\contributeieplugin.dll
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files (x86)\Microsoft Office\Office12\GrooveShellExtensions.dll
O2 - BHO: Windows Live ID Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: SkypeIEPluginBHO - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
O2 - BHO: Java™ Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll
O2 - BHO: Microsoft Web Test Recorder 10.0 Helper - {DDA57003-0068-4ed2-9D32-4D1EC707D94D} - c:\Program Files (x86)\Microsoft Visual Studio 10.0\Common7\IDE\PrivateAssemblies\Microsoft.VisualStudio.QualityTools.RecorderBarBHO100.dll
O2 - BHO: Hotspot Shield Class - {F9E4A054-E9B1-4BC3-83A3-76A1AE736170} - C:\Program Files (x86)\Hotspot Shield\HssIE\HssIE.dll
O3 - Toolbar: Contribute Toolbar - {517BDDE4-E3A7-4570-B21E-2B52B6139FC7} - C:\Program Files (x86)\Adobe\Adobe Contribute CS5\Plugins\IEPlugin\contributeieplugin.dll
O4 - HKLM\..\Run: [StartCCC] "C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" MSRun
O4 - HKLM\..\Run: [Communicator] "C:\Program Files (x86)\Microsoft Office Communicator\communicator.exe" /fromrunkey
O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-19\..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-20\..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (User 'NETWORK SERVICE')
O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~2\MICROS~1\Office12\EXCEL.EXE/3000
O9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~2\MICROS~1\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~2\MICROS~1\Office12\ONBttnIE.dll
O9 - Extra button: Skype Plug-In - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
O9 - Extra 'Tools' menuitem: Skype Plug-In - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~2\MICROS~1\Office12\REFIEBAR.DLL
O10 - Unknown file in Winsock LSP: c:\program files (x86)\common files\microsoft shared\windows live\wlidnsp.dll
O10 - Unknown file in Winsock LSP: c:\program files (x86)\common files\microsoft shared\windows live\wlidnsp.dll
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{44AD12D3-4885-4DCD-B870-1E067FD2C1A7}: NameServer = 10.31.64.1
O17 - HKLM\System\CCS\Services\Tcpip\..\{5FAB2EC9-BB2E-4FBF-A1AE-AB8A838317C0}: NameServer = 192.168.100.2
O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\Program Files (x86)\Microsoft Office\Office12\GrooveSystemServices.dll
O18 - Protocol: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~2\COMMON~1\Skype\SKYPE4~1.DLL
O23 - Service: Andrea ADI Filters Service (AEADIFilters) - Unknown owner - C:\Windows\system32\AEADISRV.EXE (file missing)
O23 - Service: @%SystemRoot%\system32\Alg.exe,-112 (ALG) - Unknown owner - C:\Windows\System32\alg.exe (file missing)
O23 - Service: AMD External Events Utility - Unknown owner - C:\Windows\system32\atiesrxx.exe (file missing)
O23 - Service: @%SystemRoot%\system32\efssvc.dll,-100 (EFS) - Unknown owner - C:\Windows\System32\lsass.exe (file missing)
O23 - Service: @%systemroot%\system32\fxsresm.dll,-118 (Fax) - Unknown owner - C:\Windows\system32\fxssvc.exe (file missing)
O23 - Service: Hotspot Shield Service (HotspotShieldService) - Unknown owner - C:\Program Files (x86)\Hotspot Shield\bin\openvpnas.exe
O23 - Service: HP Service (hpsrv) - Unknown owner - C:\Windows\system32\Hpservice.exe (file missing)
O23 - Service: Hotspot Shield Routing Service (HssSrv) - AnchorFree Inc. - C:\Program Files (x86)\Hotspot Shield\HssWPR\hsssrv.exe
O23 - Service: Hotspot Shield Tray Service (HssTrayService) - Unknown owner - C:\Program Files (x86)\Hotspot Shield\bin\HssTrayService.EXE
O23 - Service: Hotspot Shield Monitoring Service (HssWd) - Unknown owner - C:\Program Files (x86)\Hotspot Shield\bin\hsswd.exe
O23 - Service: @keyiso.dll,-100 (KeyIso) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: @comres.dll,-2797 (MSDTC) - Unknown owner - C:\Windows\System32\msdtc.exe (file missing)
O23 - Service: MySQL - Unknown owner - C:\Program.exe (file missing)
O23 - Service: @%SystemRoot%\System32\netlogon.dll,-102 (Netlogon) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: @%systemroot%\system32\psbase.dll,-300 (ProtectedStorage) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: Remote Packet Capture Protocol v.0 (experimental) (rpcapd) - CACE Technologies, Inc. - C:\Program Files (x86)\WinPcap\rpcapd.exe
O23 - Service: @%systemroot%\system32\Locator.exe,-2 (RpcLocator) - Unknown owner - C:\Windows\system32\locator.exe (file missing)
O23 - Service: @%SystemRoot%\system32\samsrv.dll,-1 (SamSs) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: @%SystemRoot%\system32\snmptrap.exe,-3 (SNMPTRAP) - Unknown owner - C:\Windows\System32\snmptrap.exe (file missing)
O23 - Service: @%systemroot%\system32\spoolsv.exe,-1 (Spooler) - Unknown owner - C:\Windows\System32\spoolsv.exe (file missing)
O23 - Service: @%SystemRoot%\system32\sppsvc.exe,-101 (sppsvc) - Unknown owner - C:\Windows\system32\sppsvc.exe (file missing)
O23 - Service: Steam Client Service - Valve Corporation - C:\Program Files (x86)\Common Files\Steam\SteamService.exe
O23 - Service: SwitchBoard - Adobe Systems Incorporated - C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe
O23 - Service: TeamViewer 5 (TeamViewer5) - TeamViewer GmbH - C:\Program Files (x86)\TeamViewer\Version5\TeamViewer_Service.exe
O23 - Service: @%SystemRoot%\system32\ui0detect.exe,-101 (UI0Detect) - Unknown owner - C:\Windows\system32\UI0Detect.exe (file missing)
O23 - Service: @%SystemRoot%\system32\vaultsvc.dll,-1003 (VaultSvc) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: @%SystemRoot%\system32\vds.exe,-100 (vds) - Unknown owner - C:\Windows\System32\vds.exe (file missing)
O23 - Service: @%systemroot%\system32\vssvc.exe,-102 (VSS) - Unknown owner - C:\Windows\system32\vssvc.exe (file missing)
O23 - Service: wampapache - Apache Software Foundation - c:\wamp\bin\apache\apache2.2.11\bin\httpd.exe
O23 - Service: wampmysqld - Unknown owner - c:\wamp\bin\mysql\mysql5.1.36\bin\mysqld.exe
O23 - Service: @%SystemRoot%\system32\Wat\WatUX.exe,-601 (WatAdminSvc) - Unknown owner - C:\Windows\system32\Wat\WatAdminSvc.exe (file missing)
O23 - Service: @%systemroot%\system32\wbengine.exe,-104 (wbengine) - Unknown owner - C:\Windows\system32\wbengine.exe (file missing)
O23 - Service: @%Systemroot%\system32\wbem\wmiapsrv.exe,-110 (wmiApSrv) - Unknown owner - C:\Windows\system32\wbem\WmiApSrv.exe (file missing)
O23 - Service: @%PROGRAMFILES%\Windows Media Player\wmpnetwk.exe,-101 (WMPNetworkSvc) - Unknown owner - C:\Program Files (x86)\Windows Media Player\wmpnetwk.exe (file missing)

--
End of file - 9735 bytes


DDS (Ver_10-11-10.01) - NTFS_AMD64
Run by Jens at 12:44:32,08 on di 23/11/2010
Internet Explorer: 8.0.7600.16385 BrowserJavaVersion: 1.6.0_21
Microsoft Windows 7 Professional 6.1.7600.0.1252.32.1033.18.3036.1647 [GMT 1:00]


============== Running Processes ===============

C:\Windows\system32\wininit.exe
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\svchost.exe -k RPCSS
C:\Windows\system32\atiesrxx.exe
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\atieclxx.exe
C:\Windows\system32\svchost.exe -k NetworkService
C:\Windows\System32\spoolsv.exe
C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Windows\system32\AEADISRV.EXE
C:\Program Files (x86)\Hotspot Shield\bin\openvpnas.exe
C:\Program Files (x86)\Hotspot Shield\HssWPR\hsssrv.exe
C:\Windows\system32\taskhost.exe
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\MOM.exe
C:\Windows\system32\svchost.exe -k imgsvc
C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CCC.exe
C:\Windows\system32\svchost.exe -k bthsvcs
C:\Windows\System32\alg.exe
C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalServicePeerNet
C:\Windows\system32\DllHost.exe
C:\Windows\System32\svchost.exe -k secsvcs
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
C:\Program Files\Windows Media Player\wmpnetwk.exe
C:\Program Files\Microsoft SQL Server\MSRS10_50.MSSQLSERVER\Reporting Services\ReportServer\bin\ReportingServicesService.exe
C:\Program Files (x86)\TeamViewer\Version5\TeamViewer_Service.exe
C:\Program Files (x86)\Xfire\Xfire.exe
C:\Program Files (x86)\Xfire\xfire64.exe
C:\Program Files (x86)\Xfire\xfire64.exe
C:\Program Files\TeamSpeak 3 Client\ts3client_win64.exe
C:\Program Files (x86)\Mozilla Firefox\firefox.exe
C:\Program Files (x86)\Mozilla Firefox\plugin-container.exe
C:\Windows\system32\DllHost.exe
D:\Downloads\dds.scr
C:\Windows\system32\conhost.exe
C:\Windows\system32\wbem\wmiprvse.exe

============== Pseudo HJT Report ===============

uStart Page = hxxp://www.mysearchx.com
mStart Page = hxxp://www.mysearchx.com
BHO: ContributeBHO Class: {074c1dc5-9320-4a9a-947d-c042949c6216} - C:\Program Files (x86)\Adobe\Adobe Contribute CS5\Plugins\IEPlugin\contributeieplugin.dll
BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
BHO: Groove GFS Browser Helper: {72853161-30c5-4d22-b7f9-0bbc1d38a37e} - C:\Program Files (x86)\Microsoft Office\Office12\GrooveShellExtensions.dll
BHO: Windows Live ID Sign-in Helper: {9030d464-4c02-4abf-8ecc-5164760863c6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
BHO: Skype Plug-In: {ae805869-2e5c-4ed4-8f7b-f1f7851a4497} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
BHO: Java™ Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll
BHO: Microsoft Web Test Recorder 10.0 Helper: {dda57003-0068-4ed2-9d32-4d1ec707d94d} - c:\Program Files (x86)\Microsoft Visual Studio 10.0\Common7\IDE\PrivateAssemblies\Microsoft.VisualStudio.QualityTools.RecorderBarBHO100.dll
BHO: Hotspot Shield Class: {f9e4a054-e9b1-4bc3-83a3-76a1ae736170} - C:\Program Files (x86)\Hotspot Shield\HssIE\HssIE.dll
TB: Contribute Toolbar: {517bdde4-e3a7-4570-b21e-2b52b6139fc7} - C:\Program Files (x86)\Adobe\Adobe Contribute CS5\Plugins\IEPlugin\contributeieplugin.dll
TB: {D4027C7F-154A-4066-A1AD-4243D8127440} - No File
EB: Web Test Recorder 10.0: {5802d092-1784-4908-8cdb-99b6842d353d} - mscoree.dll
mRun: [StartCCC] "C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" MSRun
mRun: [Communicator] "C:\Program Files (x86)\Microsoft Office Communicator\communicator.exe" /fromrunkey
mPolicies-explorer: NoActiveDesktop = 1 (0x1)
mPolicies-explorer: NoActiveDesktopChanges = 1 (0x1)
mPolicies-system: ConsentPromptBehaviorAdmin = 0 (0x0)
mPolicies-system: ConsentPromptBehaviorUser = 3 (0x3)
mPolicies-system: EnableLUA = 0 (0x0)
mPolicies-system: EnableUIADesktopToggle = 0 (0x0)
mPolicies-system: PromptOnSecureDesktop = 0 (0x0)
IE: E&xport to Microsoft Excel - C:\PROGRA~2\MICROS~1\Office12\EXCEL.EXE/3000
IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - C:\PROGRA~2\MICROS~1\Office12\ONBttnIE.dll
IE: {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - C:\PROGRA~2\MICROS~1\Office12\REFIEBAR.DLL
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_21-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_21-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_21-windows-i586.cab
DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
TCP: {44AD12D3-4885-4DCD-B870-1E067FD2C1A7} = 10.31.64.1
TCP: {5FAB2EC9-BB2E-4FBF-A1AE-AB8A838317C0} = 192.168.100.2
Handler: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\Program Files (x86)\Microsoft Office\Office12\GrooveSystemServices.dll
Handler: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~2\COMMON~1\Skype\SKYPE4~1.DLL
SEH: Groove GFS Stub Execution Hook: {b5a7f190-dda6-4420-b3ba-52453494e6cd} - C:\Program Files (x86)\Microsoft Office\Office12\GrooveShellExtensions.dll
BHO-X64: Windows Live ID Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
BHO-X64: Java™ Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
BHO-X64: Hotspot Shield Class: {F9E4A054-E9B1-4BC3-83A3-76A1AE736170} - C:\Program Files (x86)\Hotspot Shield\HssIE\HssIE_64.dll
TB-X64: {D4027C7F-154A-4066-A1AD-4243D8127440} - No File
mRun-x64: [(Default)]
mRun-x64: [SynTPEnh] %ProgramFiles%\Synaptics\SynTP\SynTPEnh.exe

================= FIREFOX ===================

FF - ProfilePath - C:\Users\Jens\AppData\Roaming\Mozilla\Firefox\Profiles\qwqy5573.default\
FF - prefs.js: browser.search.defaulturl - hxxp://www.bing.com/search?FORM=IEFM1&q=
FF - prefs.js: browser.search.selectedEngine - Google
FF - prefs.js: browser.startup.homepage - hxxp://nl.start3.mozilla.com/firefox?client=firefox-a&rls=org.mozilla:nl:official
FF - prefs.js: keyword.URL - hxxp://www.bing.com/search?FORM=IEFM1&q=
FF - prefs.js: network.proxy.type - 0
FF - component: C:\Program Files (x86)\Adobe\Adobe Contribute CS5\Plugins\FirefoxPlugin\{01A8CA0A-4C96-465b-A49B-65C46FAD54F9}\components\Contribute.dll
FF - component: C:\Program Files (x86)\Mozilla Firefox\extensions\{AB2CE124-6272-4b12-94A9-7303C7397BD1}\components\SkypeFfComponent.dll
FF - plugin: C:\Program Files (x86)\Java\jre6\bin\new_plugin\npdeployJava1.dll
FF - plugin: C:\Program Files (x86)\Mozilla Firefox\plugins\npContribute.dll
FF - plugin: C:\Program Files (x86)\Pando Networks\Media Booster\npPandoWebPlugin.dll
FF - plugin: C:\Users\Jens\AppData\Local\Google\Update\1.2.183.39\npGoogleOneClick8.dll
FF - plugin: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32.dll
FF - HiddenExtension: Java Console: No Registry Reference - C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA}

---- FIREFOX POLICIES ----
C:\Program Files (x86)\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgbaam7a8h", true);
C:\Program Files (x86)\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--fiqz9s", true); // Traditional
C:\Program Files (x86)\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--fiqs8s", true); // Simplified
C:\Program Files (x86)\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--j6w193g", true);
C:\Program Files (x86)\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgberp4a5d4ar", true);
C:\Program Files (x86)\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgberp4a5d4a87g", true);
C:\Program Files (x86)\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgbqly7c0a67fbc", true);
C:\Program Files (x86)\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgbqly7cvafr", true);
C:\Program Files (x86)\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--kpry57d", true); // Traditional
C:\Program Files (x86)\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--kprw13d", true); // Simplified

============= SERVICES / DRIVERS ===============

R0 PxHlpa64;PxHlpa64;C:\Windows\System32\drivers\PxHlpa64.sys [2010-10-1 55280]
R1 vwififlt;Virtual WiFi Filter Driver;C:\Windows\System32\drivers\vwififlt.sys [2009-7-14 59904]
R2 AMD External Events Utility;AMD External Events Utility;C:\Windows\System32\atiesrxx.exe [2010-10-27 203776]
R2 ReportServer;SQL Server Reporting Services (MSSQLSERVER);C:\Program Files\Microsoft SQL Server\MSRS10_50.MSSQLSERVER\Reporting Services\ReportServer\bin\ReportingServicesService.exe [2010-4-3 2175328]
R2 TeamViewer5;TeamViewer 5;C:\Program Files (x86)\TeamViewer\Version5\TeamViewer_Service.exe [2010-11-13 2011944]
R3 amdkmdag;amdkmdag;C:\Windows\System32\drivers\atikmdag.sys [2010-10-27 8012288]
R3 amdkmdap;amdkmdap;C:\Windows\System32\drivers\atikmpag.sys [2010-10-27 287232]
R3 ATSwpWDF;AuthenTec TruePrint USB WBF WDF Driver;C:\Windows\System32\drivers\ATSwpWDF.sys [2009-12-3 716872]
R3 e1yexpress;Intel® Gigabit Network Connections Driver;C:\Windows\System32\drivers\e1y62x64.sys [2009-6-13 287960]
R3 NETw5s64;Intel® Wireless WiFi Link 5000 Series Adapter Driver for Windows 7 - 64 Bit;C:\Windows\System32\drivers\NETw5s64.sys [2010-1-13 7675392]
R3 Razerlow;Razer Pro|Solutions;C:\Windows\System32\drivers\Razerlow.sys [2005-11-7 21120]
R3 RICOH SmartCard Reader;RICOH SmartCard Reader;C:\Windows\System32\drivers\rismcx64.sys [2006-10-3 79488]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]
S2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-3-18 138576]
S2 hpsrv;HP Service;C:\Windows\System32\hpservice.exe [2010-7-16 30520]
S2 HssWd;Hotspot Shield Monitoring Service;C:\Program Files (x86)\Hotspot Shield\bin\hsswd.exe -product HSS --> C:\Program Files (x86)\Hotspot Shield\bin\hsswd.exe -product HSS [?]
S2 MsDtsServer100;SQL Server Integration Services 10.0;C:\Program Files\Microsoft SQL Server\100\DTS\Binn\MsDtsSrvr.exe [2010-4-3 210784]
S3 MSSQLFDLauncher;SQL Full-text Filter Daemon Launcher (MSSQLSERVER);C:\Program Files\Microsoft SQL Server\MSSQL10_50.MSSQLSERVER\MSSQL\Binn\fdlauncher.exe [2010-4-3 32096]
S3 netw5v64;Intel® Wireless WiFi Link 5000 Series Adapter Driver for Windows Vista 64 Bit;C:\Windows\System32\drivers\netw5v64.sys [2009-6-10 5434368]
S3 SRS_HDAL_Service;HD Audio Lab;C:\Windows\System32\drivers\SRS_HDAL_amd64.sys [2010-7-2 525040]
S3 StorSvc;Storage Service;C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted [2009-7-14 27136]
S3 SwitchBoard;SwitchBoard;C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe [2010-2-19 517096]
S3 VSPerfDrv100;Performance Tools Driver 10.0;C:\Program Files (x86)\Microsoft Visual Studio 10.0\Team Tools\Performance Tools\x64\VSPerfDrv100.sys [2010-3-17 68440]
S3 vwifimp;Microsoft Virtual WiFi Miniport Service;C:\Windows\System32\drivers\vwifimp.sys [2009-7-14 17920]
S3 WatAdminSvc;Windows Activation Technologies Service;C:\Windows\System32\Wat\WatAdminSvc.exe [2010-9-26 1255736]
S4 MSSQLServerADHelper100;SQL Active Directory Helper Service;C:\Program Files\Microsoft SQL Server\100\Shared\sqladhlp.exe [2010-4-3 59744]
S4 RsFx0150;RsFx0150 Driver;C:\Windows\System32\drivers\RsFx0150.sys [2010-4-3 313696]

=============== Created Last 30 ================

2010-11-23 06:36:37 8199504 ----a-w- C:\PROGRA~3\Microsoft\Windows Defender\Definition Updates\{F4113E28-6BFB-471B-8D32-03D3693A9E15}\mpengine.dll
2010-11-22 22:44:26 -------- d-----w- C:\Users\Jens\AppData\Roaming\Malwarebytes
2010-11-22 22:44:19 38224 ----a-w- C:\Windows\SysWow64\drivers\mbamswissarmy.sys
2010-11-22 22:44:18 24664 ----a-w- C:\Windows\System32\drivers\mbam.sys
2010-11-22 22:44:18 -------- d-----w- C:\Program Files (x86)\Malwarebytes' Anti-Malware
2010-11-22 22:44:18 -------- d-----w- C:\PROGRA~3\Malwarebytes
2010-11-22 19:21:11 -------- d-----w- C:\Program Files (x86)\Spybot - Search & Destroy
2010-11-22 19:21:11 -------- d-----w- C:\PROGRA~3\Spybot - Search & Destroy
2010-11-22 13:33:47 290816 ----a-w- C:\Users\Jens\AppData\Roaming\Microsoft\SharePoint Designer\ProxyAssemblyCache\12.0.0.6545\Microsoft.SharePoint.WorkflowActions.Proxy.dll
2010-11-20 10:20:30 -------- d-----w- C:\Program Files (x86)\SpeedFan
2010-11-19 10:56:11 -------- d-----w- C:\Windows\SysWow64\xlive
2010-11-19 10:56:02 -------- d-----w- C:\Program Files (x86)\Microsoft Games for Windows - LIVE
2010-11-17 21:24:24 -------- d-----w- C:\Users\Jens\AppData\Local\ATI
2010-11-17 21:24:21 -------- d-----w- C:\Program Files\Common Files\ATI Technologies
2010-11-17 21:24:21 -------- d-----w- C:\Program Files (x86)\Common Files\ATI Technologies
2010-11-17 21:24:16 -------- d-----w- C:\Program Files (x86)\ATI Stream
2010-11-17 21:23:23 -------- d-----w- C:\Program Files (x86)\ATI Technologies
2010-11-17 21:23:11 -------- d-----w- C:\Program Files\ATI
2010-11-17 21:22:35 -------- d-----w- C:\ATI
2010-11-17 21:14:02 -------- d-----w- C:\AMD
2010-11-17 21:10:45 -------- d-----w- C:\Program Files\ATI Technologies
2010-11-16 15:42:03 -------- d-----w- C:\Users\Jens\AppData\Roaming\TS3Client
2010-11-16 15:41:57 -------- d-----w- C:\Program Files\TeamSpeak 3 Client
2010-11-16 14:06:58 -------- d-----w- C:\Windows\SysWow64\directx
2010-11-16 07:50:24 -------- d-----w- C:\Users\Jens\AppData\Local\Activision
2010-11-15 13:39:28 1638400 ----a-w- C:\Users\Jens\AppData\Roaming\Microsoft\SharePoint Designer\ProxyAssemblyCache\12.0.0.6545\Microsoft.SharePoint.Proxy.dll
2010-11-15 13:39:11 28672 ----a-w- C:\Users\Jens\AppData\Roaming\Microsoft\SharePoint Designer\ProxyAssemblyCache\12.0.0.6545\System.Web.Proxy.dll
2010-11-13 19:49:06 -------- d-----w- C:\Users\Jens\AppData\Roaming\TeamViewer
2010-11-13 19:49:01 -------- d-----w- C:\Program Files (x86)\TeamViewer
2010-11-13 12:12:47 294232 ----a-w- C:\Windows\System32\drivers\VMM.sys
2010-11-12 13:10:12 165232 ---ha-w- C:\Users\Jens\AppData\Roaming\Microsoft\Virtual PC\VPCKeyboard.dll
2010-11-12 13:07:03 -------- d-----w- C:\Program Files (x86)\SystemRequirementsLab
2010-11-12 13:01:57 -------- d-----w- C:\Program Files (x86)\Microsoft Virtual PC
2010-11-08 11:29:20 -------- d-----w- C:\Users\Jens\AppData\Roaming\Command & Conquer 3 Kane's Wrath
2010-11-08 06:54:51 -------- d-----w- C:\Users\Jens\AppData\Roaming\Command & Conquer 3 Tiberium Wars
2010-11-07 21:26:59 5073256 ----a-w- C:\Windows\System32\d3dx9_35.dll
2010-11-07 16:41:38 -------- d-----w- C:\Program Files (x86)\RapidShareManager
2010-11-07 16:32:41 -------- d-----w- C:\Program Files\Unlocker
2010-11-07 11:08:23 267272 ----a-w- C:\Windows\SysWow64\xactengine2_10.dll
2010-11-07 11:08:22 444776 ----a-w- C:\Windows\SysWow64\d3dx10_36.dll
2010-11-07 11:08:22 17928 ----a-w- C:\Windows\SysWow64\X3DAudio1_2.dll
2010-11-07 11:08:22 1374232 ----a-w- C:\Windows\SysWow64\D3DCompiler_36.dll
2010-11-07 11:08:21 3734536 ----a-w- C:\Windows\SysWow64\d3dx9_36.dll
2010-11-07 11:08:20 3426072 ----a-w- C:\Windows\SysWow64\d3dx9_32.dll
2010-11-06 10:37:34 103864 ----a-w- C:\Program Files (x86)\Mozilla Firefox\plugins\nppdf32.dll
2010-11-02 12:55:51 -------- d-----w- C:\Users\Jens\android-sdk_r07-windows
2010-11-02 10:32:43 -------- d-----w- C:\Users\Jens\.android
2010-10-29 12:30:50 -------- d-----w- C:\Users\Jens\.VirtualBox
2010-10-29 12:30:20 203024 ----a-w- C:\Windows\System32\drivers\VBoxDrv.sys
2010-10-29 12:30:09 53968 ----a-w- C:\Windows\System32\drivers\VBoxUSBMon.sys
2010-10-29 12:30:07 -------- d-----w- C:\Program Files\Oracle
2010-10-27 07:15:27 -------- d-----w- C:\Users\Jens\AppData\Local\Google
2010-10-27 06:40:24 961024 ----a-w- C:\Windows\System32\CPFilters.dll
2010-10-27 06:40:24 641536 ----a-w- C:\Windows\SysWow64\CPFilters.dll
2010-10-27 06:40:24 552960 ----a-w- C:\Windows\System32\msdri.dll
2010-10-27 06:40:23 288256 ----a-w- C:\Windows\System32\MSNP.ax
2010-10-27 06:40:23 258560 ----a-w- C:\Windows\System32\mpg2splt.ax
2010-10-27 06:40:23 204288 ----a-w- C:\Windows\SysWow64\MSNP.ax
2010-10-27 06:40:23 199680 ----a-w- C:\Windows\SysWow64\mpg2splt.ax
2010-10-27 06:40:18 27008 ----a-w- C:\Windows\System32\drivers\Diskdump.sys
2010-10-27 04:00:14 8012288 ----a-w- C:\Windows\System32\drivers\atikmdag.sys
2010-10-27 03:25:36 21422592 ----a-w- C:\Windows\System32\atio6axx.dll
2010-10-27 03:08:16 16281600 ----a-w- C:\Windows\SysWow64\atioglxx.dll
2010-10-27 02:55:30 143360 ----a-w- C:\Windows\System32\atiapfxx.exe
2010-10-27 02:55:22 547328 ----a-w- C:\Windows\SysWow64\aticfx32.dll
2010-10-27 02:54:22 645120 ----a-w- C:\Windows\System32\aticfx64.dll
2010-10-27 02:52:18 450560 ----a-w- C:\Windows\System32\ATIDEMGX.dll
2010-10-27 02:52:12 478208 ----a-w- C:\Windows\System32\atieclxx.exe
2010-10-27 02:51:36 203776 ----a-w- C:\Windows\System32\atiesrxx.exe
2010-10-27 02:50:28 120320 ----a-w- C:\Windows\System32\atitmm64.dll
2010-10-27 02:50:14 423424 ----a-w- C:\Windows\System32\atipdl64.dll
2010-10-27 02:50:08 356352 ----a-w- C:\Windows\SysWow64\atipdlxx.dll
2010-10-27 02:49:56 278528 ----a-w- C:\Windows\SysWow64\Oemdspif.dll
2010-10-27 02:49:52 16384 ----a-w- C:\Windows\System32\atimuixx.dll
2010-10-27 02:49:48 59392 ----a-w- C:\Windows\System32\atiedu64.dll
2010-10-27 02:49:44 43520 ----a-w- C:\Windows\SysWow64\ati2edxx.dll
2010-10-27 02:46:56 4020736 ----a-w- C:\Windows\SysWow64\atidxx32.dll
2010-10-27 02:35:28 51200 ----a-w- C:\Windows\System32\aticalrt64.dll
2010-10-27 02:35:26 46080 ----a-w- C:\Windows\SysWow64\aticalrt.dll
2010-10-27 02:35:18 44544 ----a-w- C:\Windows\System32\aticalcl64.dll
2010-10-27 02:35:16 44032 ----a-w- C:\Windows\SysWow64\aticalcl.dll
2010-10-27 02:35:06 6815744 ----a-w- C:\Windows\System32\aticaldd64.dll
2010-10-27 02:33:50 5441536 ----a-w- C:\Windows\SysWow64\aticaldd.dll
2010-10-27 02:28:20 4094464 ----a-w- C:\Windows\SysWow64\atiumdag.dll
2010-10-27 02:22:02 5218304 ----a-w- C:\Windows\System32\atiumd64.dll
2010-10-27 02:14:58 58880 ----a-w- C:\Windows\System32\coinst.dll
2010-10-27 02:14:56 349184 ----a-w- C:\Windows\System32\atiadlxx.dll
2010-10-27 02:14:50 249856 ----a-w- C:\Windows\SysWow64\atiadlxy.dll
2010-10-27 02:14:42 14848 ----a-w- C:\Windows\System32\atig6pxx.dll
2010-10-27 02:14:40 12800 ----a-w- C:\Windows\SysWow64\atiglpxx.dll
2010-10-27 02:14:40 12800 ----a-w- C:\Windows\System32\atiglpxx.dll
2010-10-27 02:14:36 31744 ----a-w- C:\Windows\System32\atig6txx.dll
2010-10-27 02:14:30 27136 ----a-w- C:\Windows\SysWow64\atigktxx.dll
2010-10-27 02:14:22 287232 ----a-w- C:\Windows\System32\drivers\atikmpag.sys
2010-10-27 02:13:42 39936 ----a-w- C:\Windows\System32\atiuxp64.dll
2010-10-27 02:13:34 30720 ----a-w- C:\Windows\SysWow64\atiuxpag.dll
2010-10-27 02:13:28 37888 ----a-w- C:\Windows\System32\atiu9p64.dll
2010-10-27 02:13:22 28672 ----a-w- C:\Windows\SysWow64\atiu9pag.dll
2010-10-27 02:12:54 53248 ----a-w- C:\Windows\System32\drivers\ati2erec.dll
2010-10-27 01:57:02 3221504 ----a-w- C:\Windows\System32\atiumd6a.dll
2010-10-27 01:50:08 3460096 ----a-w- C:\Windows\SysWow64\atiumdva.dll
2010-10-27 01:37:16 53760 ----a-w- C:\Windows\System32\atimpc64.dll
2010-10-27 01:37:16 53760 ----a-w- C:\Windows\System32\amdpcom64.dll
2010-10-27 01:37:12 52736 ----a-w- C:\Windows\SysWow64\atimpc32.dll
2010-10-27 01:37:12 52736 ----a-w- C:\Windows\SysWow64\amdpcom32.dll
2010-10-25 16:12:42 -------- d-----r- C:\Program Files (x86)\Skype
2010-10-25 11:58:34 -------- d-----w- C:\Users\Jens\AppData\Local\Windows Live
2010-10-25 11:58:03 206848 ----a-w- C:\Windows\System32\mfps.dll
2010-10-25 11:58:02 257024 ----a-w- C:\Windows\System32\mfreadwrite.dll
2010-10-25 11:58:02 196608 ----a-w- C:\Windows\SysWow64\mfreadwrite.dll
2010-10-25 11:58:02 1888256 ----a-w- C:\Windows\System32\WMVDECOD.DLL
2010-10-25 11:58:02 1619456 ----a-w- C:\Windows\SysWow64\WMVDECOD.DLL
2010-10-25 11:58:01 4068864 ----a-w- C:\Windows\System32\mf.dll
2010-10-25 11:58:01 3181568 ----a-w- C:\Windows\SysWow64\mf.dll

==================== Find3M ====================

2010-10-27 02:38:02 4744704 ----a-w- C:\Windows\System32\atidxx64.dll
2010-10-19 09:41:44 270720 ------w- C:\Windows\System32\MpSigStub.exe
2010-10-14 00:36:52 15451288 ----a-w- C:\Windows\SysWow64\xlive.dll
2010-10-14 00:36:50 13642904 ----a-w- C:\Windows\SysWow64\xlivefnt.dll
2010-10-10 14:15:16 419840 ----a-w- C:\Windows\System32\wrap_oal.dll
2010-10-10 14:15:16 413696 ----a-w- C:\Windows\SysWow64\wrap_oal.dll
2010-10-10 14:15:16 133632 ----a-w- C:\Windows\System32\OpenAL32.dll
2010-10-10 14:15:16 110592 ----a-w- C:\Windows\SysWow64\OpenAL32.dll
2010-10-08 13:52:38 164304 ----a-w- C:\Windows\System32\drivers\VBoxNetFlt.sys
2010-10-08 13:52:38 144784 ----a-w- C:\Windows\System32\drivers\VBoxNetAdp.sys
2010-10-08 13:52:36 318992 ----a-w- C:\Windows\System32\VBoxNetFltNotify.dll
2010-09-28 11:41:44 423656 ----a-w- C:\Windows\SysWow64\deployJava1.dll
2010-09-28 07:31:21 468480 ----a-w- C:\Windows\System32\deployJava1.dll
2010-09-26 18:30:02 0 ----a-w- C:\Windows\ativpsrm.bin
2010-09-22 22:47:28 49016 ----a-w- C:\Windows\SysWow64\sirenacm.dll
2010-09-22 19:19:02 56832 ----a-w- C:\Windows\System32\drivers\HssDrv.sys
2010-09-22 19:19:02 37888 ----a-w- C:\Windows\System32\drivers\taphss.sys
2010-09-21 12:49:02 252800 ----a-w- C:\Windows\System32\LIVESSP.DLL
2010-09-21 12:03:14 208768 ----a-w- C:\Windows\SysWow64\LIVESSP.DLL
2010-09-10 05:35:44 135168 ----a-w- C:\Windows\apppatch\AppPatch64\AcXtrnal.dll
2010-09-10 05:35:43 347648 ----a-w- C:\Windows\apppatch\AppPatch64\AcLayers.dll
2010-09-08 05:36:17 1192960 ----a-w- C:\Windows\System32\wininet.dll
2010-09-08 05:34:34 57856 ----a-w- C:\Windows\System32\licmgr10.dll
2010-09-08 04:30:04 978432 ----a-w- C:\Windows\SysWow64\wininet.dll
2010-09-08 04:28:15 44544 ----a-w- C:\Windows\SysWow64\licmgr10.dll
2010-09-08 04:16:38 482816 ----a-w- C:\Windows\System32\html.iec
2010-09-08 03:35:30 1638912 ----a-w- C:\Windows\System32\mshtml.tlb
2010-09-08 03:22:31 386048 ----a-w- C:\Windows\SysWow64\html.iec
2010-09-08 02:48:16 1638912 ----a-w- C:\Windows\SysWow64\mshtml.tlb
2010-09-01 05:12:09 12625920 ----a-w- C:\Windows\System32\wmploc.DLL
2010-09-01 04:23:49 12625408 ----a-w- C:\Windows\SysWow64\wmploc.DLL
2010-09-01 02:58:34 3123712 ----a-w- C:\Windows\System32\win32k.sys
2010-08-31 04:32:30 954752 ----a-w- C:\Windows\SysWow64\mfc40.dll
2010-08-31 04:32:30 954288 ----a-w- C:\Windows\SysWow64\mfc40u.dll
2010-08-27 18:33:08 332800 ----a-w- C:\Windows\System32\ATIODE.exe
2010-08-27 06:14:02 236032 ----a-w- C:\Windows\System32\srvsvc.dll
2010-08-27 05:46:48 9728 ----a-w- C:\Windows\SysWow64\sscore.dll
2010-08-27 03:38:04 463360 ----a-w- C:\Windows\System32\drivers\srv.sys
2010-08-27 03:37:48 402944 ----a-w- C:\Windows\System32\drivers\srv2.sys
2010-08-27 03:37:26 161792 ----a-w- C:\Windows\System32\drivers\srvnet.sys
2010-08-26 05:27:28 148992 ----a-w- C:\Windows\System32\t2embed.dll
2010-08-26 04:39:58 109056 ----a-w- C:\Windows\SysWow64\t2embed.dll

============= FINISH: 12:45:18,36 ===============

Attached Files


Edited by VRocker, 23 November 2010 - 06:48 AM.


#4 miekiemoes

miekiemoes

    Malware Killer Dog


  • Malware Response Team
  • 19,420 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:Belgium
  • Local time:04:28 AM

Posted 23 November 2010 - 07:00 AM

Hi,

Since yesterday, I scanned with MalwareBytes Anti-Malware and manually fixed some things in my hijackthis log file. I will scan again and post the results here.

Malwarebytes doesn't detect this one yet, so that's why I asked a sample (since I work for malwarebytes as a researcher). Detection for it will be added in next update.

I see in your log that you already have deleted the hosts.exe file + deleted its related startupentry in the registry: O4 - HKCU\..\Run: [yapbakalim] C:\WINDOWS\host.exe
and restored your hostsfile (since that one was modified as well).
Malwarebytes should have deleted the "DisableRegistry" and locked "ControlPanel" policy in the registry already before.

The only thing you have to do here is to change your startpage again in Internet explorer.
To do this easily, rightclick HijackThis.exe, click to run as administrator and check next entries in it:

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.mysearchx.com
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.mysearchx.com

Then click the fix checked button below.
HijackThis will then delete these entries and restore the default startpage in IE again.

Let me know in your next reply how things are now.

Edited by miekiemoes, 23 November 2010 - 07:02 AM.

AntispywareScanners---Antivirus Scanners---Firewalls---Online Scanners---Prevention---Help! My computer is slow---My Blog---Follow me on Twitter.
My help is ALWAYS FREE, but if you want to donate to help me continue my fight against malware -- click here!
Asking for help via Private Message or Mail will be ignored - So If you need help, post your problem in the forum.

#5 miekiemoes

miekiemoes

    Malware Killer Dog


  • Malware Response Team
  • 19,420 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:Belgium
  • Local time:04:28 AM

Posted 23 November 2010 - 07:18 AM

FYI, looks like Malwarebytes detects the hosts.exe file already :)
I'll add some additional detection to restore the homepage in next version update. :)
For anyone else reading this, to restore the windows hostsfile to default, see here: http://support.microsoft.com/kb/972034/en-us

Edited by miekiemoes, 23 November 2010 - 07:23 AM.

AntispywareScanners---Antivirus Scanners---Firewalls---Online Scanners---Prevention---Help! My computer is slow---My Blog---Follow me on Twitter.
My help is ALWAYS FREE, but if you want to donate to help me continue my fight against malware -- click here!
Asking for help via Private Message or Mail will be ignored - So If you need help, post your problem in the forum.

#6 miekiemoes

miekiemoes

    Malware Killer Dog


  • Malware Response Team
  • 19,420 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:Belgium
  • Local time:04:28 AM

Posted 12 December 2010 - 04:23 PM

Since this issue appears resolved ... this Topic is closed.
If you need this topic reopened for continuations of existing problems, please request this by sending me a PM with the address of the thread. This applies only to the original topic starter.

Everyone else please begin a New Topic.
AntispywareScanners---Antivirus Scanners---Firewalls---Online Scanners---Prevention---Help! My computer is slow---My Blog---Follow me on Twitter.
My help is ALWAYS FREE, but if you want to donate to help me continue my fight against malware -- click here!
Asking for help via Private Message or Mail will be ignored - So If you need help, post your problem in the forum.




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users