Jump to content

s1kx

Members
  • Posts

    3
  • Joined

  • Last visited

Reputation

0 Neutral
  1. The files HookSurcode.dll and r8b.dll are both from a tool called eac3to, which is just an audio conversion tool. Nevertheless, here are the scan results: https://www.virustotal.com/file/5dc230efada61205a3a6bbb94a3591238a7116e7875aff62037e7dd132b16e0f/analysis/ File name: 17bd9c08c0facdedafb2c4ec8fbc5d06_HookSurcode.dll Detection ratio: 1 / 45 Sophos MadCodeHook 20121231 https://www.virustotal.com/file/add6c096422bb7c80f1f9a25eae3a9efc7de15206e373e91420c5830bf3a0ae2/analysis/ File name: r8b.dll Detection ratio: 0 / 45 Sadly, even after ComboFix ran, GMER is still showing all these hooks and unknown libraries loaded into avp.exe etc. I attached the log of that aswell. ComboFix 13-01-21.04 - Patrick 01/22/2013 11:21:15.1.8 - x64 Microsoft Windows 7 Ultimate 6.1.7601.1.1252.1.1033.18.16367.12503 [GMT 1:00] Running from: C:\ComboFix.exe AV: Kaspersky PURE 2.0 *Disabled/Updated* {2EAA32A5-1EE1-1B22-95DA-337730C6E984} FW: Kaspersky PURE 2.0 *Disabled* {1691B380-548E-1A7A-BE85-9A42CE15AEFF} SP: Kaspersky PURE 2.0 *Disabled/Updated* {95CBD341-38DB-14AC-AF6A-08054B41A339} SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46} * Created a new restore point . . ((((((((((((((((((((((((((((((((((((((( Other Deletions ))))))))))))))))))))))))))))))))))))))))))))))))) . . c:\programdata\1325091197.bdinstall.bin c:\programdata\1325549799.bdinstall.bin C:\readme.txt c:\users\Patrick\AppData\Local\Apps\2.0\0PBDY1M7.BO1\VE8GKWQL.6EQ\clou..tion_0000000000000000_0002.0001_6d893b9abb4e2d41\CloudShot.exe c:\users\Patrick\AppData\Local\assembly\tmp c:\windows\SysWow64\MSCOMCTL.1 c:\windows\SysWow64\Packet.dll c:\windows\SysWow64\pthreadVC.dll c:\windows\SysWow64\SET6DF2.tmp c:\windows\SysWow64\SET6EAF.tmp c:\windows\SysWow64\SET6EF2.tmp c:\windows\SysWow64\SET7241.tmp c:\windows\SysWow64\SET7553.tmp c:\windows\SysWow64\SET7585.tmp c:\windows\SysWow64\SET7597.tmp c:\windows\SysWow64\SET7659.tmp c:\windows\SysWow64\wpcap.dll c:\windows\wininit.ini . . ((((((((((((((((((((((((((((((((((((((( Drivers/Services ))))))))))))))))))))))))))))))))))))))))))))))))) . . -------\Legacy_NPF -------\Service_NPF . . ((((((((((((((((((((((((( Files Created from 2012-12-22 to 2013-01-22 ))))))))))))))))))))))))))))))) . . 2013-01-22 10:30 . 2013-01-22 10:30 -------- d-----w- c:\users\UpdatusUser\AppData\Local\temp 2013-01-22 10:30 . 2013-01-22 10:30 -------- d-----w- c:\users\Mcx1-PATRICKPC\AppData\Local\temp 2013-01-22 10:30 . 2013-01-22 10:30 -------- d-----w- c:\users\Guest\AppData\Local\temp 2013-01-22 10:18 . 2012-11-28 14:44 65536 ----a-w- C:\cports.exe 2013-01-22 07:03 . 2013-01-22 07:03 -------- d-----w- c:\users\Patrick\AppData\Roaming\Malwarebytes 2013-01-22 07:03 . 2013-01-22 07:03 -------- d-----w- c:\programdata\Malwarebytes 2013-01-22 07:03 . 2013-01-22 07:03 -------- d-----w- c:\program files (x86)\Malwarebytes' Anti-Malware 2013-01-22 07:03 . 2012-12-14 15:49 24176 ----a-w- c:\windows\system32\drivers\mbam.sys 2013-01-20 05:26 . 2013-01-21 18:04 -------- d-----w- C:\LivelyFeed 2013-01-18 08:40 . 2013-01-08 05:32 9161176 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{5A33CEA7-C6E3-4DBB-BC2F-39E0BB5BA1A6}\mpengine.dll 2013-01-17 10:25 . 2013-01-17 10:25 -------- d-----w- c:\users\Patrick\AppData\Roaming\KeePass 2013-01-17 10:23 . 2013-01-17 10:23 -------- d-----w- c:\program files (x86)\KeePass Password Safe 2 2013-01-15 13:37 . 2013-01-04 15:53 9060864 ----a-w- c:\windows\system32\mshtml.dll 2013-01-15 05:20 . 2013-01-15 05:20 -------- d-----w- c:\users\Patrick\AppData\Local\name1ess0ne 2013-01-14 02:14 . 2013-01-14 02:14 308640 ----a-w- c:\windows\system32\javaws.exe 2013-01-14 02:14 . 2013-01-14 02:14 1081760 ----a-w- c:\windows\system32\npDeployJava1.dll 2013-01-14 02:14 . 2013-01-14 02:14 188832 ----a-w- c:\windows\system32\javaw.exe 2013-01-14 02:14 . 2013-01-14 02:14 188832 ----a-w- c:\windows\system32\java.exe 2013-01-14 02:14 . 2013-01-14 02:14 108448 ----a-w- c:\windows\system32\WindowsAccessBridge-64.dll 2013-01-09 20:59 . 2012-11-01 05:43 2002432 ----a-w- c:\windows\system32\msxml6.dll 2013-01-09 20:59 . 2012-11-01 05:43 1882624 ----a-w- c:\windows\system32\msxml3.dll 2013-01-09 20:59 . 2012-11-01 04:47 1389568 ----a-w- c:\windows\SysWow64\msxml6.dll 2013-01-09 20:59 . 2012-11-01 04:47 1236992 ----a-w- c:\windows\SysWow64\msxml3.dll 2013-01-09 20:59 . 2012-11-09 05:45 750592 ----a-w- c:\windows\system32\win32spl.dll 2013-01-09 20:59 . 2012-11-09 04:43 492032 ----a-w- c:\windows\SysWow64\win32spl.dll 2013-01-09 20:59 . 2012-11-20 05:48 307200 ----a-w- c:\windows\system32\ncrypt.dll 2013-01-09 20:59 . 2012-11-20 04:51 220160 ----a-w- c:\windows\SysWow64\ncrypt.dll 2013-01-09 20:58 . 2012-11-23 03:26 3149824 ----a-w- c:\windows\system32\win32k.sys 2013-01-09 20:58 . 2012-11-23 03:13 68608 ----a-w- c:\windows\system32\taskhost.exe 2013-01-09 19:26 . 2013-01-22 07:18 -------- d-----w- C:\mbar 2013-01-09 04:53 . 2013-01-14 09:19 -------- d-----w- c:\program files (x86)\Mozilla Thunderbird 2013-01-07 23:59 . 2013-01-07 23:59 -------- d-----w- C:\Ruby193 2013-01-07 23:59 . 2013-01-07 23:59 -------- d-----w- c:\users\Patrick\AppData\Local\Programs 2013-01-07 18:43 . 2013-01-07 18:43 -------- d-----w- c:\users\Patrick\AppData\Roaming\name1ess0ne 2013-01-05 19:03 . 2013-01-05 19:08 -------- d-----w- C:\hashcat-utils-0.9 2013-01-03 02:44 . 2013-01-03 02:48 -------- d-----w- C:\hashcat-0.42 2013-01-03 02:26 . 2013-01-09 23:20 -------- d-----w- C:\oclHashcat-plus-0.12 2012-12-29 16:28 . 2012-12-29 16:28 -------- d-----w- c:\users\Patrick\AppData\Roaming\Microsoft Corporation 2012-12-29 16:16 . 2012-12-29 16:16 -------- d-----w- c:\program files (x86)\Microsoft Data Access SDK 2.8 2012-12-27 20:07 . 2012-12-27 20:07 -------- d-----w- c:\program files (x86)\Elcomsoft Password Recovery 2012-12-27 20:07 . 2012-12-27 20:07 -------- d-----w- c:\programdata\Elcomsoft Password Recovery 2012-12-27 20:07 . 2012-12-27 20:07 -------- d-----w- c:\program files (x86)\Elcomsoft . . . (((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))) . 2013-01-14 02:14 . 2011-11-13 00:43 960416 ----a-w- c:\windows\system32\deployJava1.dll 2013-01-14 02:03 . 2011-12-14 09:17 67599240 ----a-w- c:\windows\system32\MRT.exe 2013-01-09 19:28 . 2012-04-09 00:09 697864 ----a-w- c:\windows\SysWow64\FlashPlayerApp.exe 2013-01-09 19:28 . 2011-06-24 02:15 74248 ----a-w- c:\windows\SysWow64\FlashPlayerCPLApp.cpl 2012-12-16 17:11 . 2012-12-22 17:49 46080 ----a-w- c:\windows\system32\atmlib.dll 2012-12-16 14:45 . 2012-12-22 17:49 367616 ----a-w- c:\windows\system32\atmfd.dll 2012-12-16 14:13 . 2012-12-22 17:49 295424 ----a-w- c:\windows\SysWow64\atmfd.dll 2012-12-16 14:13 . 2012-12-22 17:49 34304 ----a-w- c:\windows\SysWow64\atmlib.dll 2012-11-28 09:35 . 2012-09-17 12:08 95184 ----a-w- c:\windows\SysWow64\WindowsAccessBridge-32.dll 2012-11-19 02:06 . 2012-11-19 02:06 0 ----a-w- c:\windows\system32\SETF14D.tmp 2012-11-19 02:06 . 2012-11-19 02:06 0 ----a-w- c:\windows\SysWow64\SETECD2.tmp 2012-11-19 02:06 . 2012-11-19 02:06 0 ----a-w- c:\windows\SysWow64\SETE888.tmp 2012-11-19 02:06 . 2012-11-19 02:06 0 ----a-w- c:\windows\system32\SETE6FD.tmp 2012-11-19 02:06 . 2012-11-19 02:06 0 ----a-w- c:\windows\system32\SETDCC3.tmp 2012-11-12 12:28 . 2012-12-13 00:46 1638912 ----a-w- c:\windows\system32\mshtml.tlb 2012-11-12 11:52 . 2012-12-13 00:46 1638912 ----a-w- c:\windows\SysWow64\mshtml.tlb 2012-11-09 05:45 . 2012-12-13 00:46 2048 ----a-w- c:\windows\system32\tzres.dll 2012-11-09 04:42 . 2012-12-13 00:46 2048 ----a-w- c:\windows\SysWow64\tzres.dll 2012-11-03 13:00 . 2012-07-25 07:57 88008 ----a-w- c:\windows\system32\LMIRfsClientNP.dll 2012-11-03 13:00 . 2012-07-25 07:57 35240 ----a-w- c:\windows\system32\LMIport.dll 2012-11-03 13:00 . 2012-07-25 07:57 83880 ----a-w- c:\windows\system32\LMIinit.dll 2012-11-02 05:59 . 2012-12-13 00:46 478208 ----a-w- c:\windows\system32\dpnet.dll 2012-11-02 05:11 . 2012-12-13 00:46 376832 ----a-w- c:\windows\SysWow64\dpnet.dll 2012-10-27 06:26 . 2012-12-13 00:46 981504 ----a-w- c:\windows\SysWow64\wininet.dll 2012-10-27 05:51 . 2012-12-13 00:46 1188864 ----a-w- c:\windows\system32\wininet.dll 2012-10-27 05:51 . 2012-12-13 00:46 1494528 ----a-w- c:\windows\system32\urlmon.dll 2012-10-27 05:51 . 2012-12-13 00:46 134144 ----a-w- c:\windows\system32\url.dll 2012-10-27 05:49 . 2012-12-13 00:46 97792 ----a-w- c:\windows\system32\mshtmled.dll 2012-10-27 05:49 . 2012-12-13 00:46 735744 ----a-w- c:\windows\system32\msfeeds.dll 2012-10-27 05:49 . 2012-12-13 00:46 64512 ----a-w- c:\windows\system32\jsproxy.dll 2012-10-27 05:49 . 2012-12-13 00:46 247808 ----a-w- c:\windows\system32\ieui.dll 2012-10-27 05:49 . 2012-12-13 00:46 2453504 ----a-w- c:\windows\system32\iertutil.dll 2012-10-27 05:49 . 2012-12-13 00:46 12295680 ----a-w- c:\windows\system32\ieframe.dll 2012-10-25 09:28 . 2011-09-12 14:17 636760 ----a-w- c:\windows\system32\drivers\klif.sys 2012-10-25 02:12 . 2012-10-25 02:12 94208 ----a-w- c:\windows\SysWow64\QuickTimeVR.qtx 2012-10-25 02:12 . 2012-10-25 02:12 69632 ----a-w- c:\windows\SysWow64\QuickTime.qts 2011-11-29 00:22 . 2011-11-29 00:22 13844000 ----a-w- c:\program files (x86)\Common Files\lpuninstall.exe 2010-08-15 21:14 . 2012-01-22 11:38 1892864 ----a-w- c:\program files\eac3to.exe 2008-02-10 14:42 . 2012-01-22 11:38 95232 ----a-w- c:\program files\HookSurcode.dll 2005-08-14 07:49 . 2012-01-22 11:38 219136 ----a-w- c:\program files\r8b.dll . . ((((((((((((((((((((((((((((((((((((( Reg Loading Points )))))))))))))))))))))))))))))))))))))))))))))))))) . . *Note* empty entries & legit default entries are not shown REGEDIT4 . [HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\1TortoiseNormal] @="{C5994560-53D9-4125-87C9-F193FC689CB2}" [HKEY_CLASSES_ROOT\CLSID\{C5994560-53D9-4125-87C9-F193FC689CB2}] 2011-06-13 08:20 64792 ----a-w- c:\program files (x86)\Common Files\TortoiseOverlays\TortoiseOverlays.dll . [HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\2TortoiseModified] @="{C5994561-53D9-4125-87C9-F193FC689CB2}" [HKEY_CLASSES_ROOT\CLSID\{C5994561-53D9-4125-87C9-F193FC689CB2}] 2011-06-13 08:20 64792 ----a-w- c:\program files (x86)\Common Files\TortoiseOverlays\TortoiseOverlays.dll . [HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\3TortoiseConflict] @="{C5994562-53D9-4125-87C9-F193FC689CB2}" [HKEY_CLASSES_ROOT\CLSID\{C5994562-53D9-4125-87C9-F193FC689CB2}] 2011-06-13 08:20 64792 ----a-w- c:\program files (x86)\Common Files\TortoiseOverlays\TortoiseOverlays.dll . [HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\4TortoiseLocked] @="{C5994563-53D9-4125-87C9-F193FC689CB2}" [HKEY_CLASSES_ROOT\CLSID\{C5994563-53D9-4125-87C9-F193FC689CB2}] 2011-06-13 08:20 64792 ----a-w- c:\program files (x86)\Common Files\TortoiseOverlays\TortoiseOverlays.dll . [HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\5TortoiseReadOnly] @="{C5994564-53D9-4125-87C9-F193FC689CB2}" [HKEY_CLASSES_ROOT\CLSID\{C5994564-53D9-4125-87C9-F193FC689CB2}] 2011-06-13 08:20 64792 ----a-w- c:\program files (x86)\Common Files\TortoiseOverlays\TortoiseOverlays.dll . [HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\6TortoiseDeleted] @="{C5994565-53D9-4125-87C9-F193FC689CB2}" [HKEY_CLASSES_ROOT\CLSID\{C5994565-53D9-4125-87C9-F193FC689CB2}] 2011-06-13 08:20 64792 ----a-w- c:\program files (x86)\Common Files\TortoiseOverlays\TortoiseOverlays.dll . [HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\7TortoiseAdded] @="{C5994566-53D9-4125-87C9-F193FC689CB2}" [HKEY_CLASSES_ROOT\CLSID\{C5994566-53D9-4125-87C9-F193FC689CB2}] 2011-06-13 08:20 64792 ----a-w- c:\program files (x86)\Common Files\TortoiseOverlays\TortoiseOverlays.dll . [HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\8TortoiseIgnored] @="{C5994567-53D9-4125-87C9-F193FC689CB2}" [HKEY_CLASSES_ROOT\CLSID\{C5994567-53D9-4125-87C9-F193FC689CB2}] 2011-06-13 08:20 64792 ----a-w- c:\program files (x86)\Common Files\TortoiseOverlays\TortoiseOverlays.dll . [HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\9TortoiseUnversioned] @="{C5994568-53D9-4125-87C9-F193FC689CB2}" [HKEY_CLASSES_ROOT\CLSID\{C5994568-53D9-4125-87C9-F193FC689CB2}] 2011-06-13 08:20 64792 ----a-w- c:\program files (x86)\Common Files\TortoiseOverlays\TortoiseOverlays.dll . [HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt1] @="{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}" [HKEY_CLASSES_ROOT\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}] 2012-11-13 23:32 129272 ----a-w- c:\users\Patrick\AppData\Roaming\Dropbox\bin\DropboxExt.17.dll . [HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt2] @="{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}" [HKEY_CLASSES_ROOT\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}] 2012-11-13 23:32 129272 ----a-w- c:\users\Patrick\AppData\Roaming\Dropbox\bin\DropboxExt.17.dll . [HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt3] @="{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}" [HKEY_CLASSES_ROOT\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}] 2012-11-13 23:32 129272 ----a-w- c:\users\Patrick\AppData\Roaming\Dropbox\bin\DropboxExt.17.dll . [HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt4] @="{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}" [HKEY_CLASSES_ROOT\CLSID\{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}] 2012-11-13 23:32 129272 ----a-w- c:\users\Patrick\AppData\Roaming\Dropbox\bin\DropboxExt.17.dll . [HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\KAVOverlayIcon] @="{dd230880-495a-11d1-b064-008048ec2fc5}" [HKEY_CLASSES_ROOT\CLSID\{dd230880-495a-11d1-b064-008048ec2fc5}] 2012-10-25 09:27 496056 ----a-w- c:\program files (x86)\Kaspersky Lab\Kaspersky PURE 2.0\shellex.dll . [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "TrueCrypt"="c:\program files\TrueCrypt\TrueCrypt.exe" [2011-06-24 1496528] "SandboxieControl"="c:\program files\Sandboxie\SbieCtrl.exe" [2011-08-27 638736] "Spotify Web Helper"="c:\users\Patrick\AppData\Roaming\Spotify\Data\SpotifyWebHelper.exe" [2012-12-01 1199576] "ApplePhotoStreams"="c:\program files (x86)\Common Files\Apple\Internet Services\ApplePhotoStreams.exe" [2012-12-17 59872] "Akamai NetSession Interface"="c:\users\Patrick\AppData\Local\Akamai\netsession_win.exe" [2012-10-09 4441920] "Facebook Update"="c:\users\Patrick\AppData\Local\Facebook\Update\FacebookUpdate.exe" [2012-07-11 138096] "uTorrent"="c:\program files (x86)\uTorrent\uTorrent.exe" [2012-12-09 969104] "GoogleChromeAutoLaunch_133FC10A42EC311A0885C7B36F719938"="c:\users\Patrick\AppData\Local\Google\Chrome\Application\chrome.exe" [2013-01-08 1248360] . [HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run] "AMD AVT"="start AMD Accelerated Video Transcoding device initialization" [X] "Adobe ARM"="c:\program files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2012-12-03 946352] "SwitchBoard"="c:\program files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe" [2010-02-19 517096] "AdobeCS5.5ServiceManager"="c:\program files (x86)\Common Files\Adobe\CS5.5ServiceManager\CS5.5ServiceManager.exe" [2011-01-12 1523360] "Adobe Acrobat Speed Launcher"="c:\program files (x86)\Adobe\Acrobat 10.0\Acrobat\Acrobat_sl.exe" [2012-12-18 39136] "Acrobat Assistant 8.0"="c:\program files (x86)\Adobe\Acrobat 10.0\Acrobat\Acrotray.exe" [2012-12-18 825560] "APSDaemon"="c:\program files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe" [2012-11-28 59280] "AVP"="c:\program files (x86)\Kaspersky Lab\Kaspersky PURE 2.0\avp.exe" [2011-12-24 202296] "LWS"="c:\program files (x86)\Logitech\LWS\Webcam Software\LWS.exe" [2011-11-11 205336] "wmagent.exe"="c:\program files (x86)\WebMoney Agent\wmagent.exe" [2009-10-19 210400] "vmware-tray.exe"="d:\programme\VMWare\vmware-tray.exe" [2012-08-15 104088] "LogMeIn Hamachi Ui"="c:\program files (x86)\LogMeIn Hamachi\hamachi-2-ui.exe" [2012-11-19 2254768] "QuickTime Task"="c:\program files (x86)\QuickTime\QTTask.exe" [2012-10-25 421888] "ControlCenter3"="c:\program files (x86)\Brother\ControlCenter3\brctrcen.exe" [2008-12-24 114688] "BrStsMon00"="c:\program files (x86)\Browny02\Brother\BrStMonW.exe" [2010-02-09 2621440] "iTunesHelper"="c:\program files (x86)\iTunes\iTunesHelper.exe" [2012-12-12 152544] "AdobeCS6ServiceManager"="c:\program files (x86)\Common Files\Adobe\CS6ServiceManager\CS6ServiceManager.exe" [2012-03-09 1073312] "KeePass 2 PreLoad"="c:\program files (x86)\KeePass Password Safe 2\KeePass.exe" [2012-10-04 1912832] . c:\users\Mcx1-PATRICKPC\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\ Install LastPass FF RunOnce.lnk - c:\program files (x86)\Common Files\lpuninstall.exe [2011-11-29 13844000] Install LastPass IE RunOnce.lnk - c:\program files (x86)\Common Files\lpuninstall.exe [2011-11-29 13844000] . c:\users\Patrick\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\ CurseClientStartup.ccip [2012-10-7 0] Dropbox.lnk - c:\users\Patrick\AppData\Roaming\Dropbox\bin\Dropbox.exe [2012-12-29 28539392] Pidgin.lnk - c:\program files (x86)\Pidgin\pidgin.exe [2011-12-15 49340] SABnzbd.lnk - c:\program files (x86)\SABnzbd\SABnzbd.exe [2011-6-13 102912] Serviio.lnk - c:\program files\Serviio\bin\ServiioConsole.exe [2012-12-19 629760] . [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system] "ConsentPromptBehaviorAdmin"= 0 (0x0) "ConsentPromptBehaviorUser"= 3 (0x3) "EnableLUA"= 0 (0x0) "EnableUIADesktopToggle"= 0 (0x0) "PromptOnSecureDesktop"= 0 (0x0) . [HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\KasperskyAntiVirus] "DisableMonitoring"=dword:00000001 . R2 AutoSSHLF;AutoSSHLF;c:\cygwin\bin\cygrunsrv.exe [2012-04-25 129550] R2 AutoSSHTunnel;AutoSSHTunnel;c:\cygwin\bin\cygrunsrv.exe [2012-04-25 129550] R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-03-18 138576] R2 DirMngr;DirMngr;c:\program files (x86)\GNU\GnuPG\dirmngr.exe [2011-03-02 224256] R2 LMIInfo;LogMeIn Kernel Information Provider;c:\program files (x86)\LogMeIn\x64\RaInfo.sys [2012-06-08 15928] R2 MBAMScheduler;MBAMScheduler;c:\program files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe [2012-12-14 398184] R2 MBAMService;MBAMService;c:\program files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe [2012-12-14 682344] R2 puppet;Puppet Agent;d:\program files\Puppet Labs\Puppet Enterprise\service\daemon.bat [2012-07-24 87] R2 SkypeUpdate;Skype Updater;c:\program files (x86)\Skype\Updater\Updater.exe [2012-11-09 160944] R2 VMwareHostd;VMware Workstation Server;d:\programme\VMWare\vmware-hostd.exe [2012-08-15 15680000] R3 AtiHDAudioService;AMD Function Driver for HD Audio Service;c:\windows\system32\drivers\AtihdW76.sys [2012-02-23 95760] R3 EagleX64;EagleX64;c:\windows\system32\drivers\EagleX64.sys [x] R3 LEqdUsb;Logitech SetPoint Unifying KMDF USB Filter;c:\windows\system32\DRIVERS\LEqdUsb.Sys [2011-09-02 76056] R3 LHidEqd;Logitech SetPoint Unifying KMDF HID Filter;c:\windows\system32\DRIVERS\LHidEqd.Sys [2011-09-02 15128] R3 LVRS64;Logitech RightSound Filter Driver;c:\windows\system32\DRIVERS\lvrs64.sys [2012-01-18 351136] R3 LVUVC64;Logitech QuickCam Pro 9000(UVC);c:\windows\system32\DRIVERS\lvuvc64.sys [2012-01-18 4865568] R3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [2012-12-14 24176] R3 Netaapl;Apple Mobile Device Ethernet Service;c:\windows\system32\DRIVERS\netaapl64.sys [2011-05-10 22528] R3 npggsvc;nProtect GameGuard Service;c:\windows\system32\GameMon.des [x] R3 PSM_AgentServer;Shaiya Agent Server;d:\temp\Shaiya\PSM_Server\PSMServer_Agent.exe [2008-04-01 516096] R3 RdpVideoMiniport;Remote Desktop Video Miniport Driver;c:\windows\system32\drivers\rdpvideominiport.sys [2010-11-20 20992] R3 RTCore64;RTCore64;c:\program files (x86)\EVGA Precision\RTCore64.sys [2011-05-03 14440] R3 SwitchBoard;SwitchBoard;c:\program files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe [2010-02-19 517096] R3 Synth3dVsc;Synth3dVsc;c:\windows\system32\drivers\synth3dvsc.sys [x] R3 tap0801;TAP-Win32 Adapter V8;c:\windows\system32\DRIVERS\tap0801.sys [2005-04-13 30720] R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [2010-11-20 59392] R3 tsusbhub;tsusbhub;c:\windows\system32\drivers\tsusbhub.sys [x] R3 USBAAPL64;Apple Mobile USB Driver;c:\windows\system32\Drivers\usbaapl64.sys [2012-09-28 53760] R3 VGPU;VGPU;c:\windows\system32\drivers\rdvgkmd.sys [x] R3 VSPerfDrv100;Performance Tools Driver 10.0;c:\program files (x86)\Microsoft Visual Studio 10.0\Team Tools\Performance Tools\x64\VSPerfDrv100.sys [2011-01-18 68440] R3 vtany;vtany;c:\windows\vtany.sys [x] R3 xsherlock;xsherlock;c:\windows\system32\xsherlock.xem [x] R4 MSSQLServerADHelper100;SQL Active Directory Helper Service;c:\program files\Microsoft SQL Server\100\Shared\SQLADHLP.EXE [2009-07-22 61976] R4 RsFx0103;RsFx0103 Driver;c:\windows\system32\DRIVERS\RsFx0103.sys [2009-03-30 311656] R4 SQLAgent$SQLEXPRESS;SQL Server Agent (SQLEXPRESS);c:\program files\Microsoft SQL Server\MSSQL10.SQLEXPRESS\MSSQL\Binn\SQLAGENT.EXE [2009-03-30 427880] S0 CSCrySec;InfoWatch Encrypt Sector Library driver;c:\windows\system32\DRIVERS\CSCrySec.sys [2009-12-14 85048] S0 PxHlpa64;PxHlpa64;c:\windows\System32\Drivers\PxHlpa64.sys [2011-11-03 56208] S0 vmci;VMware VMCI Bus Driver;c:\windows\system32\DRIVERS\vmci.sys [2012-07-06 85104] S0 vsock;vSockets Driver;c:\windows\system32\drivers\vsock.sys [2012-07-06 70256] S1 CSVirtualDiskDrv;InfoWatch Virtual Disk driver;c:\windows\system32\DRIVERS\CSVirtualDiskDrv.sys [2009-12-14 66104] S1 dtsoftbus01;DAEMON Tools Virtual Bus Driver;c:\windows\system32\DRIVERS\dtsoftbus01.sys [2012-07-23 283200] S1 kl2;kl2;c:\windows\system32\DRIVERS\kl2.sys [2011-10-20 13616] S1 KLIM6;Kaspersky Anti-Virus NDIS 6 Filter;c:\windows\system32\DRIVERS\klim6.sys [2011-03-10 29488] S1 VBoxDrv;VirtualBox Service;c:\windows\system32\DRIVERS\VBoxDrv.sys [2012-03-13 224048] S1 VBoxUSBMon;VirtualBox USB Monitor Driver;c:\windows\system32\DRIVERS\VBoxUSBMon.sys [2012-03-13 130864] S2 AMD External Events Utility;AMD External Events Utility;c:\windows\system32\atiesrxx.exe [2012-07-04 238080] S2 AMD_RAIDXpert;AMD RAIDXpert;c:\program files (x86)\AMD\RAIDXpert\bin\RAIDXpertService.exe [2009-09-19 122880] S2 CSObjectsSrv;CryptoStorage control service;c:\program files (x86)\Common Files\InfoWatch\CryptoStorage\ProtectedObjectsSrv.exe [2009-12-21 743992] S2 Hamachi2Svc;LogMeIn Hamachi Tunneling Engine;c:\program files (x86)\LogMeIn Hamachi\hamachi-2.exe [2012-11-19 2462128] S2 LMIGuardianSvc;LMIGuardianSvc;c:\program files (x86)\LogMeIn\x64\LMIGuardianSvc.exe [2012-11-03 375728] S2 Serviio;Serviio;c:\program files\Serviio\bin\ServiioService.exe [2012-12-19 348160] S2 Skype C2C Service;Skype C2C Service;c:\programdata\Skype\Toolbars\Skype C2C Service\c2c_service.exe [2012-12-13 3290896] S2 Stereo Service;NVIDIA Stereoscopic 3D Driver Service;c:\program files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe [2012-10-02 382824] S2 TeamViewer8;TeamViewer 8;c:\program files (x86)\TeamViewer\Version8\TeamViewer_Service.exe [2012-12-14 3467768] S2 UMVPFSrv;UMVPFSrv;c:\program files (x86)\Common Files\logishrd\LVMVFM\UMVPFSrv.exe [2012-01-18 450848] S2 VMUSBArbService;VMware USB Arbitration Service;c:\program files (x86)\Common Files\VMware\USB\vmware-usbarbitrator64.exe [2012-08-01 917656] S2 vstor2-mntapi10-shared;Vstor2 MntApi 1.0 Driver (shared);SysWOW64\drivers\vstor2-mntapi10-shared.sys [x] S3 BrYNSvc;BrYNSvc;c:\program files (x86)\Browny02\BrYNSvc.exe [2010-01-25 245760] S3 klmouflt;Kaspersky Lab KLMOUFLT;c:\windows\system32\DRIVERS\klmouflt.sys [2009-11-02 22544] S3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\DRIVERS\Rt64win7.sys [2010-06-23 344680] S3 RzSynapse;Razer Driver;c:\windows\system32\DRIVERS\RzSynapse.sys [2011-05-12 154624] S3 VBoxNetAdp;VirtualBox Host-Only Ethernet Adapter;c:\windows\system32\DRIVERS\VBoxNetAdp.sys [2012-03-13 147248] S3 VBoxNetFlt;VirtualBox Bridged Networking Service;c:\windows\system32\DRIVERS\VBoxNetFlt.sys [2012-03-13 166192] . . Contents of the 'Scheduled Tasks' folder . 2013-01-22 c:\windows\Tasks\Adobe Flash Player Updater.job - c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-04-09 19:28] . 2013-01-21 c:\windows\Tasks\FacebookUpdateTaskUserS-1-5-21-3621719022-3588801629-2505587224-1000Core.job - c:\users\Patrick\AppData\Local\Facebook\Update\FacebookUpdate.exe [2011-09-03 22:50] . 2013-01-22 c:\windows\Tasks\FacebookUpdateTaskUserS-1-5-21-3621719022-3588801629-2505587224-1000UA.job - c:\users\Patrick\AppData\Local\Facebook\Update\FacebookUpdate.exe [2011-09-03 22:50] . 2013-01-22 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job - c:\program files (x86)\Google\Update\GoogleUpdate.exe [2012-06-03 01:24] . 2013-01-22 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job - c:\program files (x86)\Google\Update\GoogleUpdate.exe [2012-06-03 01:24] . 2013-01-21 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-3621719022-3588801629-2505587224-1000Core.job - c:\users\Patrick\AppData\Local\Google\Update\GoogleUpdate.exe [2011-09-24 16:08] . 2013-01-22 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-3621719022-3588801629-2505587224-1000UA.job - c:\users\Patrick\AppData\Local\Google\Update\GoogleUpdate.exe [2011-09-24 16:08] . . --------- X64 Entries ----------- . . [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\1TortoiseNormal] @="{C5994560-53D9-4125-87C9-F193FC689CB2}" [HKEY_CLASSES_ROOT\CLSID\{C5994560-53D9-4125-87C9-F193FC689CB2}] 2011-06-13 08:20 75544 ----a-w- c:\program files\Common Files\TortoiseOverlays\TortoiseOverlays.dll . [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\2TortoiseModified] @="{C5994561-53D9-4125-87C9-F193FC689CB2}" [HKEY_CLASSES_ROOT\CLSID\{C5994561-53D9-4125-87C9-F193FC689CB2}] 2011-06-13 08:20 75544 ----a-w- c:\program files\Common Files\TortoiseOverlays\TortoiseOverlays.dll . [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\3TortoiseConflict] @="{C5994562-53D9-4125-87C9-F193FC689CB2}" [HKEY_CLASSES_ROOT\CLSID\{C5994562-53D9-4125-87C9-F193FC689CB2}] 2011-06-13 08:20 75544 ----a-w- c:\program files\Common Files\TortoiseOverlays\TortoiseOverlays.dll . [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\4TortoiseLocked] @="{C5994563-53D9-4125-87C9-F193FC689CB2}" [HKEY_CLASSES_ROOT\CLSID\{C5994563-53D9-4125-87C9-F193FC689CB2}] 2011-06-13 08:20 75544 ----a-w- c:\program files\Common Files\TortoiseOverlays\TortoiseOverlays.dll . [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\5TortoiseReadOnly] @="{C5994564-53D9-4125-87C9-F193FC689CB2}" [HKEY_CLASSES_ROOT\CLSID\{C5994564-53D9-4125-87C9-F193FC689CB2}] 2011-06-13 08:20 75544 ----a-w- c:\program files\Common Files\TortoiseOverlays\TortoiseOverlays.dll . [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\6TortoiseDeleted] @="{C5994565-53D9-4125-87C9-F193FC689CB2}" [HKEY_CLASSES_ROOT\CLSID\{C5994565-53D9-4125-87C9-F193FC689CB2}] 2011-06-13 08:20 75544 ----a-w- c:\program files\Common Files\TortoiseOverlays\TortoiseOverlays.dll . [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\7TortoiseAdded] @="{C5994566-53D9-4125-87C9-F193FC689CB2}" [HKEY_CLASSES_ROOT\CLSID\{C5994566-53D9-4125-87C9-F193FC689CB2}] 2011-06-13 08:20 75544 ----a-w- c:\program files\Common Files\TortoiseOverlays\TortoiseOverlays.dll . [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\8TortoiseIgnored] @="{C5994567-53D9-4125-87C9-F193FC689CB2}" [HKEY_CLASSES_ROOT\CLSID\{C5994567-53D9-4125-87C9-F193FC689CB2}] 2011-06-13 08:20 75544 ----a-w- c:\program files\Common Files\TortoiseOverlays\TortoiseOverlays.dll . [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\9TortoiseUnversioned] @="{C5994568-53D9-4125-87C9-F193FC689CB2}" [HKEY_CLASSES_ROOT\CLSID\{C5994568-53D9-4125-87C9-F193FC689CB2}] 2011-06-13 08:20 75544 ----a-w- c:\program files\Common Files\TortoiseOverlays\TortoiseOverlays.dll . [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt1] @="{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}" [HKEY_CLASSES_ROOT\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}] 2012-11-13 23:32 162552 ----a-w- c:\users\Patrick\AppData\Roaming\Dropbox\bin\DropboxExt64.17.dll . [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt2] @="{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}" [HKEY_CLASSES_ROOT\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}] 2012-11-13 23:32 162552 ----a-w- c:\users\Patrick\AppData\Roaming\Dropbox\bin\DropboxExt64.17.dll . [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt3] @="{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}" [HKEY_CLASSES_ROOT\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}] 2012-11-13 23:32 162552 ----a-w- c:\users\Patrick\AppData\Roaming\Dropbox\bin\DropboxExt64.17.dll . [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt4] @="{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}" [HKEY_CLASSES_ROOT\CLSID\{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}] 2012-11-13 23:32 162552 ----a-w- c:\users\Patrick\AppData\Roaming\Dropbox\bin\DropboxExt64.17.dll . [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\GDriveBlacklistedOverlay] @="{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D42}" [HKEY_CLASSES_ROOT\CLSID\{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D42}] 2012-12-17 18:50 755816 ----a-w- c:\program files (x86)\Google\Drive\googledrivesync64.dll . [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\GDriveSharedOverlay] @="{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D43}" [HKEY_CLASSES_ROOT\CLSID\{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D43}] 2012-12-17 18:50 755816 ----a-w- c:\program files (x86)\Google\Drive\googledrivesync64.dll . [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\GDriveSyncedOverlay] @="{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D40}" [HKEY_CLASSES_ROOT\CLSID\{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D40}] 2012-12-17 18:50 755816 ----a-w- c:\program files (x86)\Google\Drive\googledrivesync64.dll . [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\GDriveSyncingOverlay] @="{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D41}" [HKEY_CLASSES_ROOT\CLSID\{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D41}] 2012-12-17 18:50 755816 ----a-w- c:\program files (x86)\Google\Drive\googledrivesync64.dll . [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\KAVOverlayIcon] @="{dd230880-495a-11d1-b064-008048ec2fc5}" [HKEY_CLASSES_ROOT\CLSID\{dd230880-495a-11d1-b064-008048ec2fc5}] 2012-10-25 09:28 565688 ----a-w- c:\program files (x86)\Kaspersky Lab\Kaspersky PURE 2.0\x64\shellex.dll . [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "AdobeAAMUpdater-1.0"="c:\program files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe" [2012-04-04 446392] "LogMeIn GUI"="c:\program files (x86)\LogMeIn\x64\LogMeInSystray.exe" [2012-06-08 57928] "RtHDVCpl"="c:\program files\Realtek\Audio\HDA\RAVCpl64.exe" [2010-07-28 11101800] . ------- Supplementary Scan ------- . uLocal Page = c:\windows\system32\blank.htm uStart Page = about:blank mStart Page = about:blank mLocal Page = c:\windows\SysWOW64\blank.htm uInternet Settings,ProxyServer = 198.133.224.147:3127 uInternet Settings,ProxyOverride = *.local;<local> IE: Add to Anti-Banner - c:\program files (x86)\Kaspersky Lab\Kaspersky PURE 2.0\ie_banner_deny.htm IE: Append Link Target to Existing PDF - c:\program files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIEAppendSelLinks.html IE: Append to Existing PDF - c:\program files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIEAppend.html IE: Convert Link Target to Adobe PDF - c:\program files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIECaptureSelLinks.html IE: Convert to Adobe PDF - c:\program files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIECapture.html IE: LastPass - file://c:\program files (x86)\LastPass\context.html?cmd=lastpass IE: LastPass Fill Forms - file://c:\program files (x86)\LastPass\context.html?cmd=fillforms IE: Sothink SWF Catcher - c:\program files (x86)\Common Files\SourceTec\SWF Catcher\InternetExplorer.htm TCP: Interfaces\{5B27990B-5E13-42A5-9C66-16237A8F1619}: NameServer = 8.8.8.8,8.8.4.4 FF - ProfilePath - c:\users\Patrick\AppData\Roaming\Mozilla\Firefox\Profiles\729immec.default\ . - - - - ORPHANS REMOVED - - - - . URLSearchHooks-{bf7380fa-e3b4-4db2-af3e-9d8783a45bfc} - (no file) Toolbar-{bf7380fa-e3b4-4db2-af3e-9d8783a45bfc} - (no file) Wow6432Node-HKCU-Run-MobileDocuments - c:\program files (x86)\Common Files\Apple\Internet Services\ubd.exe Wow6432Node-HKCU-Run-CloudShot - c:\users\Patrick\AppData\Local\Apps\2.0\0PBDY1M7.BO1\VE8GKWQL.6EQ\clou..tion_0000000000000000_0002.0001_6d893b9abb4e2d41\CloudShot.exe Wow6432Node-HKCU-Run-AdobeBridge - (no file) Wow6432Node-HKLM-Run-<NO NAME> - (no file) WebBrowser-{BF7380FA-E3B4-4DB2-AF3E-9D8783A45BFC} - (no file) WebBrowser-{30F9B915-B755-4826-820B-08FBA6BD249D} - (no file) AddRemove-FileZilla Client - c:\program files (x86)\FileZilla FTP Client\uninstall.exe . . . [HKEY_LOCAL_MACHINE\system\ControlSet001\services\npggsvc] "ImagePath"="c:\windows\system32\GameMon.des -service" . [HKEY_LOCAL_MACHINE\system\ControlSet001\services\puppet] "ImagePath"="\"d:\program files\Puppet Labs\Puppet Enterprise\service\daemon.bat\"" . [HKEY_LOCAL_MACHINE\system\ControlSet001\services\xsherlock] "ImagePath"="c:\windows\system32\xsherlock.xem" . --------------------- LOCKED REGISTRY KEYS --------------------- . [HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}] @Denied: (A 2) (Everyone) @="FlashBroker" "LocalizedString"="@c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil64_11_5_502_146_ActiveX.exe,-101" . [HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation] "Enabled"=dword:00000001 . [HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32] @="c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil64_11_5_502_146_ActiveX.exe" . [HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib] @="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}" . [HKEY_LOCAL_MACHINE\software\Classes\CLSID\{BEB3C0C7-B648-4257-96D9-B5D024816E27}\Version*Version] "Version"=hex:ff,6e,86,ba,b2,7f,2a,8c,1d,22,19,88,32,fb,0a,14,91,04,6a,36,1a, a2,51,ae,e2,a7,4f,8d,1c,1a,1f,0a,60,ba,96,7e,d8,9b,3a,88,59,74,85,04,48,b7,\ . [HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}] @Denied: (A 2) (Everyone) @="IFlashBroker5" . [HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32] @="{00020424-0000-0000-C000-000000000046}" . [HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib] @="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}" "Version"="1.0" . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}] @Denied: (A 2) (Everyone) @="FlashBroker" "LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_5_502_146_ActiveX.exe,-101" . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation] "Enabled"=dword:00000001 . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32] @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_5_502_146_ActiveX.exe" . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib] @="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}" . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}] @Denied: (A 2) (Everyone) @="Shockwave Flash Object" . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32] @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_5_502_146.ocx" "ThreadingModel"="Apartment" . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus] @="0" . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID] @="ShockwaveFlash.ShockwaveFlash.11" . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32] @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_5_502_146.ocx, 1" . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib] @="{D27CDB6B-AE6D-11cf-96B8-444553540000}" . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version] @="1.0" . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID] @="ShockwaveFlash.ShockwaveFlash" . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}] @Denied: (A 2) (Everyone) @="Macromedia Flash Factory Object" . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32] @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_5_502_146.ocx" "ThreadingModel"="Apartment" . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID] @="FlashFactory.FlashFactory.1" . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32] @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_5_502_146.ocx, 1" . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib] @="{D27CDB6B-AE6D-11cf-96B8-444553540000}" . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version] @="1.0" . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID] @="FlashFactory.FlashFactory" . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}] @Denied: (A 2) (Everyone) @="IFlashBroker5" . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32] @="{00020424-0000-0000-C000-000000000046}" . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib] @="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}" "Version"="1.0" . [HKEY_LOCAL_MACHINE\software\Classes\VideoLAN.VLCPlugin.*1*] @="?????????????????? v1" . [HKEY_LOCAL_MACHINE\software\Classes\VideoLAN.VLCPlugin.*1*\CLSID] @="{E23FE9C6-778E-49D4-B537-38FCDE4887D8}" . [HKEY_LOCAL_MACHINE\software\Classes\VideoLAN.VLCPlugin.*2*] @="?????????????????? v2" . [HKEY_LOCAL_MACHINE\software\Classes\VideoLAN.VLCPlugin.*2*\CLSID] @="{9BE31822-FDAD-461B-AD51-BE1D1C159921}" . [HKEY_LOCAL_MACHINE\software\Minnetonka Audio Software\SurCode Dolby Digital Premiere\Version*Version] "Version"=hex:ff,6e,86,ba,b2,7f,2a,8c,1d,22,19,88,32,fb,0a,14,91,04,6a,36,1a, a2,51,ae,e2,a7,4f,8d,1c,1a,1f,0a,60,ba,96,7e,d8,9b,3a,88,59,74,85,04,48,b7,\ . [HKEY_LOCAL_MACHINE\software\Wow6432Node\Microsoft\Office\Common\Smart Tag\Actions\{B7EFF951-E52F-45CC-9EF7-57124F2177CC}] @Denied: (A) (Everyone) "Solution"="{15727DE6-F92D-4E46-ACB4-0E2C58B31A18}" . [HKEY_LOCAL_MACHINE\software\Wow6432Node\Microsoft\Schema Library\ActionsPane3] @Denied: (A) (Everyone) . [HKEY_LOCAL_MACHINE\software\Wow6432Node\Microsoft\Schema Library\ActionsPane3\0] "Key"="ActionsPane3" "Location"="c:\\Program Files (x86)\\Common Files\\Microsoft Shared\\VSTO\\ActionsPane3.xsd" . [HKEY_LOCAL_MACHINE\system\ControlSet001\Control\PCW\Security] @Denied: (Full) (Everyone) . ------------------------ Other Running Processes ------------------------ . c:\program files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe c:\program files (x86)\AMD\RAIDXpert\bin\RAIDXpert.exe c:\program files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe c:\windows\SysWOW64\PnkBstrA.exe c:\windows\SysWOW64\PnkBstrB.exe c:\windows\SysWOW64\vmnat.exe c:\program files (x86)\RealVNC\VNC4\WinVNC4.exe c:\windows\SysWOW64\vmnetdhcp.exe c:\program files (x86)\TeamViewer\Version8\TeamViewer.exe c:\program files (x86)\TeamViewer\Version8\tv_w32.exe c:\program files (x86)\Brother\ControlCenter3\brccMCtl.exe c:\program files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe . ************************************************************************** . Completion time: 2013-01-22 11:54:08 - machine was rebooted ComboFix-quarantined-files.txt 2013-01-22 10:54 . Pre-Run: 5,807,853,568 bytes free Post-Run: 17,859,375,104 bytes free . - - End Of File - - 90411D30D4639002966ED1F016715D0B GMER.log
  2. By the way, I tried to run the BETA of Malwarebytes Anti-Rootkit, but even though I download the most recent version, it complains that this version expired and I should download the newer one (from the link I just used!). Any workaround for this?
  3. Hey everyone! This morning I woke up to my PC having lots of programs (such as Skype) frozen, the Kaspersky PURE 2.0 tray icon being grey with the label "Required modules have been unloaded from memory" and many programs failed to open TCP connections until a reboot. I immediatly ran a Kaspersky scan and a MalwareBytes Anti-Malware scan, which both couldn't find anything of interest. Afterwards, I downloaded GMER which showed me something more interesting (Screenshot attached) - many psapi.dll functions seem to be hooked, which to me looks a lot like a rootkit. Sadly, I could not restore the original code in the affected functions, as GMER complained "Restore code: The parameters are invalid." I also ran a scan with the dds.com utility and here is the dds.txt and Attach.log attached. Is there any chance of getting rid of it or do I have to reinstall Windows? Thanks in advance, I would really appreciate your help! DDS (Ver_2012-11-20.01) - NTFS_AMD64 Internet Explorer: 8.0.7601.17514 BrowserJavaVersion: 10.10.2 Run by Patrick at 8:33:35 on 2013-01-22 Microsoft Windows 7 Ultimate 6.1.7601.1.1252.1.1033.18.16367.10995 [GMT 1:00] . AV: Kaspersky PURE 2.0 *Enabled/Updated* {2EAA32A5-1EE1-1B22-95DA-337730C6E984} SP: Kaspersky PURE 2.0 *Enabled/Updated* {95CBD341-38DB-14AC-AF6A-08054B41A339} SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46} FW: Kaspersky PURE 2.0 *Enabled* {1691B380-548E-1A7A-BE85-9A42CE15AEFF} . ============== Running Processes =============== . C:\Windows\system32\lsm.exe C:\Windows\system32\svchost.exe -k DcomLaunch C:\Windows\system32\nvvsvc.exe C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe C:\Windows\system32\svchost.exe -k RPCSS C:\Windows\system32\atiesrxx.exe C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted C:\Windows\system32\svchost.exe -k netsvcs C:\Program Files (x86)\Common Files\logishrd\LVMVFM\UMVPFSrv.exe C:\Windows\system32\svchost.exe -k LocalService C:\Program Files\Sandboxie\SbieSvc.exe C:\Windows\system32\atieclxx.exe C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe C:\Windows\system32\nvvsvc.exe C:\Windows\system32\svchost.exe -k NetworkService C:\Windows\System32\spoolsv.exe C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe C:\Program Files (x86)\AMD\RAIDXpert\bin\RAIDXpertService.exe C:\Program Files (x86)\AMD\RAIDXpert\bin\RAIDXpert.exe C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe C:\Program Files\Bonjour\mDNSResponder.exe C:\Program Files (x86)\Common Files\InfoWatch\CryptoStorage\ProtectedObjectsSrv.exe C:\Program Files (x86)\GNU\GnuPG\dirmngr.exe C:\Program Files (x86)\LogMeIn Hamachi\hamachi-2.exe C:\Program Files (x86)\LogMeIn\x64\LMIGuardianSvc.exe C:\Program Files (x86)\LogMeIn\x64\RaMaint.exe C:\Program Files (x86)\LogMeIn\x64\LogMeIn.exe C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe c:\Program Files\Microsoft SQL Server\MSSQL10.SQLEXPRESS\MSSQL\Binn\sqlservr.exe C:\Windows\SysWOW64\PnkBstrA.exe C:\Windows\SysWOW64\PnkBstrB.exe C:\Program Files\Serviio\bin\ServiioService.exe C:\Program Files\Serviio\bin\ServiioService.exe C:\ProgramData\Skype\Toolbars\Skype C2C Service\c2c_service.exe c:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation C:\Windows\system32\svchost.exe -k imgsvc C:\Windows\system32\svchost.exe -k LocalSystemNetworkRestricted C:\Program Files (x86)\TeamViewer\Version8\TeamViewer_Service.exe C:\Windows\SysWOW64\vmnat.exe C:\Program Files (x86)\RealVNC\VNC4\WinVNC4.exe C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE C:\Windows\SysWOW64\vmnetdhcp.exe C:\Program Files (x86)\Common Files\VMware\USB\vmware-usbarbitrator64.exe C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe C:\Windows\system32\taskhost.exe C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe C:\Program Files (x86)\TeamViewer\Version8\TeamViewer.exe C:\Windows\System32\svchost.exe -k secsvcs C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted C:\Windows\system32\Dwm.exe C:\Program Files (x86)\TeamViewer\Version8\tv_w32.exe C:\Program Files (x86)\TeamViewer\Version8\tv_x64.exe C:\Windows\Explorer.EXE C:\Program Files (x86)\LogMeIn\x64\LogMeInSystray.exe C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe C:\Program Files\TrueCrypt\TrueCrypt.exe C:\Program Files\Sandboxie\SbieCtrl.exe C:\Users\Patrick\AppData\Roaming\Spotify\Data\SpotifyWebHelper.exe C:\Program Files (x86)\Common Files\Apple\Internet Services\ApplePhotoStreams.exe C:\Users\Patrick\AppData\Local\Akamai\netsession_win.exe C:\Program Files\TortoiseSVN\bin\TSVNCache.exe C:\Users\Patrick\AppData\Local\Google\Chrome\Application\chrome.exe C:\Users\Patrick\AppData\Local\Akamai\netsession_win.exe C:\Users\Patrick\AppData\Local\Apps\2.0\0PBDY1M7.BO1\VE8GKWQL.6EQ\clou..tion_0000000000000000_0002.0001_6d893b9abb4e2d41\CloudShot.exe C:\Users\Patrick\AppData\Roaming\Dropbox\bin\Dropbox.exe C:\Program Files (x86)\Pidgin\pidgin.exe C:\Program Files (x86)\SABnzbd\SABnzbd.exe C:\Program Files\Serviio\bin\ServiioConsole.exe C:\Users\Patrick\AppData\Local\Apps\2.0\0PBDY1M7.BO1\VE8GKWQL.6EQ\curs..tion_9e9e83ddf3ed3ead_0005.0001_f88ee66177b243ac\CurseClient.exe C:\Program Files\NVIDIA Corporation\Display\nvtray.exe C:\Program Files (x86)\Adobe\Acrobat 10.0\Acrobat\acrotray.exe C:\Program Files (x86)\Logitech\LWS\Webcam Software\LWS.exe C:\Windows\system32\SearchIndexer.exe C:\Program Files (x86)\WebMoney Agent\wmagent.exe C:\Users\Patrick\AppData\Local\Google\Chrome\Application\chrome.exe C:\Program Files (x86)\LogMeIn Hamachi\hamachi-2-ui.exe C:\Program Files (x86)\Browny02\Brother\BrStMonW.exe C:\Program Files (x86)\iTunes\iTunesHelper.exe C:\Users\Patrick\AppData\Local\Google\Chrome\Application\chrome.exe C:\Users\Patrick\AppData\Local\Google\Chrome\Application\chrome.exe C:\Users\Patrick\AppData\Local\Google\Chrome\Application\chrome.exe C:\Program Files (x86)\Brother\ControlCenter3\brccMCtl.exe C:\Users\Patrick\AppData\Local\Google\Chrome\Application\chrome.exe C:\Users\Patrick\AppData\Local\Google\Chrome\Application\chrome.exe C:\Users\Patrick\AppData\Local\Google\Chrome\Application\chrome.exe C:\Users\Patrick\AppData\Local\Google\Chrome\Application\chrome.exe C:\Users\Patrick\AppData\Local\Google\Chrome\Application\chrome.exe C:\Users\Patrick\AppData\Local\Google\Chrome\Application\chrome.exe C:\Users\Patrick\AppData\Local\Google\Chrome\Application\chrome.exe C:\Program Files (x86)\Browny02\BrYNSvc.exe C:\Users\Patrick\AppData\Local\Google\Chrome\Application\chrome.exe C:\Users\Patrick\AppData\Local\Google\Chrome\Application\chrome.exe C:\Users\Patrick\AppData\Local\Google\Chrome\Application\chrome.exe C:\Users\Patrick\AppData\Local\Google\Chrome\Application\chrome.exe C:\Windows\System32\mobsync.exe C:\Program Files\iPod\bin\iPodService.exe C:\Windows\System32\svchost.exe -k LocalServicePeerNet C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe C:\Program Files (x86)\Kaspersky Lab\Kaspersky PURE 2.0\x64\klwtblfs.exe C:\Program Files\Windows Media Player\wmpnetwk.exe C:\Windows\SysWOW64\WinMsgBalloonServer.exe C:\Windows\SysWOW64\WinMsgBalloonClient.exe C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe C:\Users\Patrick\AppData\Local\Google\Chrome\Application\chrome.exe C:\Windows\System32\svchost.exe -k swprv C:\Program Files (x86)\Common Files\Adobe\CS5.5ServiceManager\CS5.5ServiceManager.exe C:\Program Files (x86)\Kaspersky Lab\Kaspersky PURE 2.0\avp.exe C:\Program Files (x86)\Kaspersky Lab\Kaspersky PURE 2.0\avp.exe C:\Program Files (x86)\Kaspersky Lab\Kaspersky PURE 2.0\x64\wmi64.exe C:\Windows\system32\wbem\wmiprvse.exe C:\Windows\System32\cscript.exe . ============== Pseudo HJT Report =============== . uStart Page = about:blank mStart Page = about:blank uProxyServer = 198.133.224.147:3127 uURLSearchHooks: {bf7380fa-e3b4-4db2-af3e-9d8783a45bfc} - <orphaned> mURLSearchHooks: {bf7380fa-e3b4-4db2-af3e-9d8783a45bfc} - <orphaned> BHO: ContributeBHO Class: {074C1DC5-9320-4A9A-947D-C042949C6216} - C:\Program Files (x86)\Adobe\Adobe Contribute CS5.1\Plugins\IEPlugin\contributeieplugin.dll BHO: Adobe PDF Link Helper: {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll BHO: IEVkbdBHO Class: {59273AB4-E7D3-40F9-A1A8-6FA9CCA1862C} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky PURE 2.0\ievkbd.dll BHO: Java(tm) Plug-In SSV Helper: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll BHO: Windows Live ID Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll BHO: LastPass Browser Helper Object: {95D9ECF5-2A4D-4550-BE49-70D42F71296E} - C:\Program Files (x86)\LastPass\LPBar.dll BHO: Adobe PDF Conversion Toolbar Helper: {AE7CD045-E861-484f-8273-0445EE161910} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll BHO: Skype Browser Helper: {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll BHO: Office Document Cache Handler: {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Program Files (x86)\Microsoft Office\Office14\URLREDIR.DLL BHO: Java(tm) Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll BHO: Microsoft Web Test Recorder 10.0 Helper: {DDA57003-0068-4ed2-9D32-4D1EC707D94D} - c:\Program Files (x86)\Microsoft Visual Studio 10.0\Common7\IDE\PrivateAssemblies\Microsoft.VisualStudio.QualityTools.RecorderBarBHO100.dll BHO: FilterBHO Class: {E33CF602-D945-461A-83F0-819F76A199F8} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky PURE 2.0\klwtbbho.dll BHO: SmartSelect Class: {F4971EE7-DAA0-4053-9964-665D8EE6A077} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll TB: Adobe PDF: {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll TB: Contribute Toolbar: {517BDDE4-E3A7-4570-B21E-2B52B6139FC7} - C:\Program Files (x86)\Adobe\Adobe Contribute CS5.1\Plugins\IEPlugin\contributeieplugin.dll TB: Adobe PDF: {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll TB: LastPass Toolbar: {9f6b5cc3-5c7b-4b5c-97af-19dec1e380e5} - C:\Program Files (x86)\LastPass\LPBar.dll EB: Web Test Recorder 10.0: {5802D092-1784-4908-8CDB-99B6842D353D} - uRun: [TrueCrypt] "C:\Program Files\TrueCrypt\TrueCrypt.exe" /q preferences /a logon uRun: [SandboxieControl] "C:\Program Files\Sandboxie\SbieCtrl.exe" uRun: [Google Update] "C:\Users\Patrick\AppData\Local\Google\Update\GoogleUpdate.exe" /c uRun: [MobileDocuments] C:\Program Files (x86)\Common Files\Apple\Internet Services\ubd.exe uRun: [Spotify Web Helper] "C:\Users\Patrick\AppData\Roaming\Spotify\Data\SpotifyWebHelper.exe" uRun: [ApplePhotoStreams] C:\Program Files (x86)\Common Files\Apple\Internet Services\ApplePhotoStreams.exe uRun: [Akamai NetSession Interface] "C:\Users\Patrick\AppData\Local\Akamai\netsession_win.exe" uRun: [Facebook Update] "C:\Users\Patrick\AppData\Local\Facebook\Update\FacebookUpdate.exe" /c /nocrashserver uRun: [uTorrent] "C:\Program Files (x86)\uTorrent\uTorrent.exe" /MINIMIZED uRun: [GoogleChromeAutoLaunch_133FC10A42EC311A0885C7B36F719938] "C:\Users\Patrick\AppData\Local\Google\Chrome\Application\chrome.exe" --no-startup-window uRun: [CloudShot] C:\Users\Patrick\AppData\Local\Apps\2.0\0PBDY1M7.BO1\VE8GKWQL.6EQ\clou..tion_0000000000000000_0002.0001_6d893b9abb4e2d41\CloudShot.exe uRun: [AdobeBridge] <no file> mRun: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" mRun: [SwitchBoard] C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe mRun: [AdobeCS5.5ServiceManager] "C:\Program Files (x86)\Common Files\Adobe\CS5.5ServiceManager\CS5.5ServiceManager.exe" -launchedbylogin mRun: [Adobe Acrobat Speed Launcher] "C:\Program Files (x86)\Adobe\Acrobat 10.0\Acrobat\Acrobat_sl.exe" mRun: [Acrobat Assistant 8.0] "C:\Program Files (x86)\Adobe\Acrobat 10.0\Acrobat\Acrotray.exe" mRun: [APSDaemon] "C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe" mRun: [AVP] "C:\Program Files (x86)\Kaspersky Lab\Kaspersky PURE 2.0\avp.exe" mRun: [LWS] C:\Program Files (x86)\Logitech\LWS\Webcam Software\LWS.exe -hide mRun: [wmagent.exe] "C:\Program Files (x86)\WebMoney Agent\wmagent.exe" mRun: [vmware-tray.exe] "D:\Programme\VMWare\vmware-tray.exe" mRun: [AMD AVT] Cmd.exe /c start "AMD Accelerated Video Transcoding device initialization" /min "C:\Program Files (x86)\AMD AVT\bin\kdbsync.exe" aml mRun: [LogMeIn Hamachi Ui] "C:\Program Files (x86)\LogMeIn Hamachi\hamachi-2-ui.exe" --auto-start mRun: [QuickTime Task] "C:\Program Files (x86)\QuickTime\QTTask.exe" -atboottime mRun: [ControlCenter3] C:\Program Files (x86)\Brother\ControlCenter3\brctrcen.exe /autorun mRun: [BrStsMon00] C:\Program Files (x86)\Browny02\Brother\BrStMonW.exe /AUTORUN mRun: [iTunesHelper] "C:\Program Files (x86)\iTunes\iTunesHelper.exe" mRun: [AdobeCS6ServiceManager] "C:\Program Files (x86)\Common Files\Adobe\CS6ServiceManager\CS6ServiceManager.exe" -launchedbylogin mRun: [KeePass 2 PreLoad] "C:\Program Files (x86)\KeePass Password Safe 2\KeePass.exe" --preload StartupFolder: C:\Users\Patrick\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\CurseClientStartup.ccip StartupFolder: C:\Users\Patrick\AppData\Roaming\MICROS~1\Windows\STARTM~1\Programs\Startup\Dropbox.lnk - C:\Users\Patrick\AppData\Roaming\Dropbox\bin\Dropbox.exe StartupFolder: C:\Users\Patrick\AppData\Roaming\MICROS~1\Windows\STARTM~1\Programs\Startup\Pidgin.lnk - C:\Program Files (x86)\Pidgin\pidgin.exe StartupFolder: C:\Users\Patrick\AppData\Roaming\MICROS~1\Windows\STARTM~1\Programs\Startup\SABnzbd.lnk - C:\Program Files (x86)\SABnzbd\SABnzbd.exe StartupFolder: C:\Users\Patrick\AppData\Roaming\MICROS~1\Windows\STARTM~1\Programs\Startup\Serviio.lnk - C:\Program Files\Serviio\bin\ServiioConsole.exe uPolicies-Explorer: NoDriveTypeAutoRun = dword:145 mPolicies-Explorer: NoActiveDesktop = dword:1 mPolicies-Explorer: NoActiveDesktopChanges = dword:1 mPolicies-Explorer: NoDriveTypeAutoRun = dword:28 mPolicies-System: ConsentPromptBehaviorAdmin = dword:0 mPolicies-System: ConsentPromptBehaviorUser = dword:3 mPolicies-System: EnableLUA = dword:0 mPolicies-System: EnableUIADesktopToggle = dword:0 mPolicies-System: PromptOnSecureDesktop = dword:0 IE: Add to Anti-Banner - C:\Program Files (x86)\Kaspersky Lab\Kaspersky PURE 2.0\ie_banner_deny.htm IE: Append Link Target to Existing PDF - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIEAppendSelLinks.html IE: Append to Existing PDF - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIEAppend.html IE: Convert Link Target to Adobe PDF - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIECaptureSelLinks.html IE: Convert to Adobe PDF - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIECapture.html IE: LastPass - C:\Program Files (x86)\LastPass\context.html?cmd=lastpass IE: LastPass Fill Forms - C:\Program Files (x86)\LastPass\context.html?cmd=fillforms IE: Sothink SWF Catcher - C:\Program Files (x86)\Common Files\SourceTec\SWF Catcher\InternetExplorer.htm IE: {4248FE82-7FCB-46AC-B270-339F08212110} - {4248FE82-7FCB-46AC-B270-339F08212110} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky PURE 2.0\ievkbd.dll IE: {43699cd0-e34f-11de-8a39-0800200c9a66} - {95D9ECF5-2A4D-4550-BE49-70D42F71296E} - C:\Program Files (x86)\LastPass\LPBar.dll IE: {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll IE: {CCF151D8-D089-449F-A5A4-D9909053F20F} - {CCF151D8-D089-449F-A5A4-D9909053F20F} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky PURE 2.0\klwtbbho.dll IE: {E19ADC6E-3909-43E4-9A89-B7B676377EE3} - C:\Program Files (x86)\Common Files\SourceTec\SWF Catcher\InternetExplorer.htm LSP: %SystemRoot%\system32\PrxerDrv.dll LSP: %windir%\system32\vsocklib.dll DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_33-windows-i586.cab DPF: {CAFEEFAC-0016-0000-0033-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_33-windows-i586.cab DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_33-windows-i586.cab TCP: NameServer = 192.168.178.1 TCP: Interfaces\{0382EAC4-0933-4813-A4E4-E7340E4EE0E2} : DHCPNameServer = 193.189.244.225 193.189.244.206 TCP: Interfaces\{5B27990B-5E13-42A5-9C66-16237A8F1619} : NameServer = 8.8.8.8,8.8.4.4 TCP: Interfaces\{5B27990B-5E13-42A5-9C66-16237A8F1619} : DHCPNameServer = 192.168.178.1 TCP: Interfaces\{D6576156-54E4-4523-BF2D-D0E670FDEBD0} : DHCPNameServer = 192.168.178.1 Filter: text/xml - {807573E5-5146-11D5-A672-00B0D022E945} - C:\Program Files (x86)\Common Files\Microsoft Shared\OFFICE14\MSOXMLMF.DLL Handler: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll SSODL: WebCheck - <orphaned> x64-BHO: IEVkbdBHO Class: {59273AB4-E7D3-40F9-A1A8-6FA9CCA1862C} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky PURE 2.0\x64\ievkbd.dll x64-BHO: Java(tm) Plug-In SSV Helper: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre7\bin\ssv.dll x64-BHO: Windows Live ID Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll x64-BHO: LastPass Browser Helper Object: {95D9ECF5-2A4D-4550-BE49-70D42F71296E} - C:\Program Files (x86)\LastPass\LPBar64.dll x64-BHO: Skype add-on for Internet Explorer: {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer x64\skypeieplugin.dll x64-BHO: Office Document Cache Handler: {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Program Files\Microsoft Office\Office14\URLREDIR.DLL x64-BHO: Java(tm) Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre7\bin\jp2ssv.dll x64-BHO: FilterBHO Class: {E33CF602-D945-461A-83F0-819F76A199F8} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky PURE 2.0\x64\klwtbbho.dll x64-TB: LastPass Toolbar: {9f6b5cc3-5c7b-4b5c-97af-19dec1e380e5} - C:\Program Files (x86)\LastPass\LPBar64.dll x64-Run: [AdobeAAMUpdater-1.0] "C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe" x64-Run: [LogMeIn GUI] "C:\Program Files (x86)\LogMeIn\x64\LogMeInSystray.exe" x64-Run: [RtHDVCpl] C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe -s x64-IE: {4248FE82-7FCB-46AC-B270-339F08212110} - {4248FE82-7FCB-46AC-B270-339F08212110} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky PURE 2.0\x64\ievkbd.dll x64-IE: {43699cd0-e34f-11de-8a39-0800200c9a66} - {95D9ECF5-2A4D-4550-BE49-70D42F71296E} - C:\Program Files (x86)\LastPass\LPBar64.dll x64-IE: {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer x64\skypeieplugin.dll x64-IE: {CCF151D8-D089-449F-A5A4-D9909053F20F} - {CCF151D8-D089-449F-A5A4-D9909053F20F} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky PURE 2.0\x64\klwtbbho.dll x64-Filter: text/xml - {807573E5-5146-11D5-A672-00B0D022E945} - C:\Program Files\Common Files\Microsoft Shared\OFFICE14\MSOXMLMF.DLL x64-Handler: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer x64\skypeieplugin.dll x64-Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - <orphaned> x64-Notify: klogon - C:\Windows\System32\klogon.dll x64-SSODL: WebCheck - <orphaned> Hosts: 192.168.178.22 newznab ================= FIREFOX =================== . FF - ProfilePath - C:\Users\Patrick\AppData\Roaming\Mozilla\Firefox\Profiles\729immec.default\ FF - plugin: C:\PROGRA~2\MIF5BA~1\Office14\NPAUTHZ.DLL FF - plugin: C:\PROGRA~2\MIF5BA~1\Office14\NPSPWRAP.DLL FF - plugin: C:\Program Files (x86)\Adobe\Acrobat 10.0\Acrobat\Air\nppdf32.dll FF - plugin: C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll FF - plugin: C:\Program Files (x86)\Battlelog Web Plugins\1.102.0\npesnlaunch.dll FF - plugin: C:\Program Files (x86)\Battlelog Web Plugins\Sonar\0.70.4\npesnsonar.dll FF - plugin: C:\Program Files (x86)\Common Files\VMware\VMware VMRC Plug-in\Firefox\np-vmware-vmrc.dll FF - plugin: C:\Program Files (x86)\Google\Update\1.3.21.115\npGoogleUpdate3.dll FF - plugin: C:\Program Files (x86)\Google\Update\1.3.21.123\npGoogleUpdate3.dll FF - plugin: C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll FF - plugin: c:\Program Files (x86)\Microsoft Silverlight\5.1.10411.0\npctrlui.dll FF - plugin: C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dv.dll FF - plugin: C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll FF - plugin: C:\Program Files (x86)\Pando Networks\Media Booster\npPandoWebPlugin.dll FF - plugin: C:\ProgramData\NexonEU\NGM\npNxGameeu.dll FF - plugin: C:\Users\Patrick\AppData\Local\Facebook\Video\Skype\npFacebookVideoCalling.dll FF - plugin: C:\Users\Patrick\AppData\Local\Google\Update\1.3.21.123\npGoogleUpdate3.dll FF - plugin: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_4_402_287.dll FF - plugin: C:\Windows\SysWOW64\npdeployJava1.dll FF - plugin: C:\Windows\SysWOW64\npmproxy.dll . ============= SERVICES / DRIVERS =============== . R0 CSCrySec;InfoWatch Encrypt Sector Library driver;C:\Windows\System32\drivers\CSCrySec.sys [2012-6-29 85048] R0 PxHlpa64;PxHlpa64;C:\Windows\System32\drivers\PxHlpa64.sys [2011-6-27 56208] R0 vsock;vSockets Driver;C:\Windows\System32\drivers\vsock.sys [2012-8-27 70256] R1 CSVirtualDiskDrv;InfoWatch Virtual Disk driver;C:\Windows\System32\drivers\CSVirtualDiskDrv.sys [2012-6-29 66104] R1 dtsoftbus01;DAEMON Tools Virtual Bus Driver;C:\Windows\System32\drivers\dtsoftbus01.sys [2012-7-23 283200] R1 kl2;kl2;C:\Windows\System32\drivers\kl2.sys [2011-10-20 13616] R1 KLIM6;Kaspersky Anti-Virus NDIS 6 Filter;C:\Windows\System32\drivers\klim6.sys [2011-3-10 29488] R2 AMD External Events Utility;AMD External Events Utility;C:\Windows\System32\atiesrxx.exe [2012-7-4 238080] R2 AMD_RAIDXpert;AMD RAIDXpert;C:\Program Files (x86)\AMD\RAIDXpert\bin\RAIDXpertService.exe [2009-9-19 122880] R2 AVP;Kaspersky Anti-Virus Service;C:\Program Files (x86)\Kaspersky Lab\Kaspersky PURE 2.0\avp.exe [2011-12-24 202296] R2 CSObjectsSrv;CryptoStorage control service;C:\Program Files (x86)\Common Files\InfoWatch\CryptoStorage\ProtectedObjectsSrv.exe [2009-12-21 743992] R2 DirMngr;DirMngr;C:\Program Files (x86)\GNU\GnuPG\dirmngr.exe [2011-3-2 224256] R2 Hamachi2Svc;LogMeIn Hamachi Tunneling Engine;C:\Program Files (x86)\LogMeIn Hamachi\hamachi-2.exe [2012-11-19 2462128] R2 LMIGuardianSvc;LMIGuardianSvc;C:\Program Files (x86)\LogMeIn\x64\LMIGuardianSvc.exe [2012-7-5 375728] R2 LMIInfo;LogMeIn Kernel Information Provider;C:\Program Files (x86)\LogMeIn\x64\rainfo.sys [2012-6-8 15928] R2 LMIRfsDriver;LogMeIn Remote File System Driver;C:\Windows\System32\drivers\LMIRfsDriver.sys [2012-7-25 72216] R2 MBAMScheduler;MBAMScheduler;C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe [2013-1-22 398184] R2 MBAMService;MBAMService;C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe [2013-1-22 682344] R2 Serviio;Serviio;C:\Program Files\Serviio\bin\ServiioService.exe [2012-12-19 348160] R2 Skype C2C Service;Skype C2C Service;C:\ProgramData\Skype\Toolbars\Skype C2C Service\c2c_service.exe [2012-12-13 3290896] R2 Stereo Service;NVIDIA Stereoscopic 3D Driver Service;C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe [2012-10-2 382824] R2 TeamViewer8;TeamViewer 8;C:\Program Files (x86)\TeamViewer\Version8\TeamViewer_Service.exe [2012-12-14 3467768] R2 UMVPFSrv;UMVPFSrv;C:\Program Files (x86)\Common Files\logishrd\LVMVFM\UMVPFSrv.exe [2012-1-18 450848] R2 VMUSBArbService;VMware USB Arbitration Service;C:\Program Files (x86)\Common Files\VMware\USB\vmware-usbarbitrator64.exe [2012-8-1 917656] R3 BrYNSvc;BrYNSvc;C:\Program Files (x86)\Browny02\BrYNSvc.exe [2012-12-6 245760] R3 klmouflt;Kaspersky Lab KLMOUFLT;C:\Windows\System32\drivers\klmouflt.sys [2009-11-2 22544] R3 MBAMProtector;MBAMProtector;C:\Windows\System32\drivers\mbam.sys [2013-1-22 24176] R3 RTL8167;Realtek 8167 NT Driver;C:\Windows\System32\drivers\Rt64win7.sys [2011-6-24 344680] R3 RzSynapse;Razer Driver;C:\Windows\System32\drivers\RzSynapse.sys [2011-5-12 154624] R3 SbieDrv;SbieDrv;C:\Program Files\Sandboxie\SbieDrv.sys [2011-8-27 156288] S2 AutoSSHLF;AutoSSHLF;C:\cygwin\bin\cygrunsrv.exe [2012-7-27 129550] S2 AutoSSHTunnel;AutoSSHTunnel;C:\cygwin\bin\cygrunsrv.exe [2012-7-27 129550] S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384] S2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-3-18 138576] S2 puppet;Puppet Agent;D:\Program Files\Puppet Labs\Puppet Enterprise\service\daemon.bat [2012-7-24 87] S2 SkypeUpdate;Skype Updater;C:\Program Files (x86)\Skype\Updater\Updater.exe [2012-11-9 160944] S2 VMwareHostd;VMware Workstation Server;D:\Programme\VMWare\vmware-hostd.exe -u "C:\ProgramData\VMware\hostd\config.xml" --> D:\Programme\VMWare\vmware-hostd.exe -u C:\ProgramData\VMware\hostd\config.xml [?] S3 AtiHDAudioService;AMD Function Driver for HD Audio Service;C:\Windows\System32\drivers\AtihdW76.sys [2012-2-23 95760] S3 LEqdUsb;Logitech SetPoint Unifying KMDF USB Filter;C:\Windows\System32\drivers\LEqdUsb.sys [2011-9-2 76056] S3 LHidEqd;Logitech SetPoint Unifying KMDF HID Filter;C:\Windows\System32\drivers\LHidEqd.sys [2011-9-2 15128] S3 LVRS64;Logitech RightSound Filter Driver;C:\Windows\System32\drivers\lvrs64.sys [2012-1-18 351136] S3 LVUVC64;Logitech QuickCam Pro 9000(UVC);C:\Windows\System32\drivers\lvuvc64.sys [2012-1-18 4865568] S3 Netaapl;Apple Mobile Device Ethernet Service;C:\Windows\System32\drivers\netaapl64.sys [2011-5-10 22528] S3 npggsvc;nProtect GameGuard Service;C:\Windows\System32\GameMon.des -service --> C:\Windows\System32\GameMon.des -service [?] S3 PSM_AgentServer;Shaiya Agent Server;D:\temp\Shaiya\PSM_Server\PSMServer_Agent.exe [2012-7-15 516096] S3 RdpVideoMiniport;Remote Desktop Video Miniport Driver;C:\Windows\System32\drivers\rdpvideominiport.sys [2011-7-11 20992] S3 RTCore64;RTCore64;C:\Program Files (x86)\EVGA Precision\RTCore64.sys [2011-5-3 14440] S3 SwitchBoard;SwitchBoard;C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe [2010-2-19 517096] S3 tap0801;TAP-Win32 Adapter V8;C:\Windows\System32\drivers\tap0801.sys [2005-4-13 30720] S3 TsUsbFlt;TsUsbFlt;C:\Windows\System32\drivers\TsUsbFlt.sys [2011-7-11 59392] S3 USBAAPL64;Apple Mobile USB Driver;C:\Windows\System32\drivers\usbaapl64.sys [2012-9-28 53760] S3 VSPerfDrv100;Performance Tools Driver 10.0;C:\Program Files (x86)\Microsoft Visual Studio 10.0\Team Tools\Performance Tools\x64\VSPerfDrv100.sys [2011-1-18 68440] S3 xsherlock;xsherlock;C:\Windows\System32\xsherlock.xem --> C:\Windows\System32\xsherlock.xem [?] S4 MSSQLServerADHelper100;SQL Active Directory Helper Service;C:\Program Files\Microsoft SQL Server\100\Shared\sqladhlp.exe [2009-7-22 61976] S4 RsFx0103;RsFx0103 Driver;C:\Windows\System32\drivers\RsFx0103.sys [2009-3-30 311656] S4 SQLAgent$SQLEXPRESS;SQL Server Agent (SQLEXPRESS);C:\Program Files\Microsoft SQL Server\MSSQL10.SQLEXPRESS\MSSQL\Binn\SQLAGENT.EXE [2009-3-30 427880] . =============== File Associations =============== . FileExt: .txt: Applications\notepad++.exe="C:\Program Files (x86)\Notepad++\notepad++.exe" "%1" [UserChoice] FileExt: .js: Applications\notepad++.exe="C:\Program Files (x86)\Notepad++\notepad++.exe" "%1" [UserChoice] ShellExec: dreamweaver.exe: Open="D:\Program Files\Adobe\Adobe Dreamweaver CS6\dreamweaver.exe", "%1" . =============== Created Last 30 ================ . 2013-01-22 07:03:26 -------- d-----w- C:\Users\Patrick\AppData\Roaming\Malwarebytes 2013-01-22 07:03:22 -------- d-----w- C:\ProgramData\Malwarebytes 2013-01-22 07:03:21 24176 ----a-w- C:\Windows\System32\drivers\mbam.sys 2013-01-22 07:03:21 -------- d-----w- C:\Program Files (x86)\Malwarebytes' Anti-Malware 2013-01-20 05:26:36 -------- d-----w- C:\LivelyFeed 2013-01-18 08:40:53 9161176 ----a-w- C:\ProgramData\Microsoft\Windows Defender\Definition Updates\{5A33CEA7-C6E3-4DBB-BC2F-39E0BB5BA1A6}\mpengine.dll 2013-01-17 10:25:29 -------- d-----w- C:\Users\Patrick\AppData\Roaming\KeePass 2013-01-17 10:23:24 -------- d-----w- C:\Program Files (x86)\KeePass Password Safe 2 2013-01-15 05:20:57 -------- d-----w- C:\Users\Patrick\AppData\Local\name1ess0ne 2013-01-14 02:14:21 1081760 ----a-w- C:\Windows\System32\npDeployJava1.dll 2013-01-14 02:14:12 108448 ----a-w- C:\Windows\System32\WindowsAccessBridge-64.dll 2013-01-09 20:59:06 2002432 ----a-w- C:\Windows\System32\msxml6.dll 2013-01-09 20:59:06 1882624 ----a-w- C:\Windows\System32\msxml3.dll 2013-01-09 20:59:06 1389568 ----a-w- C:\Windows\SysWow64\msxml6.dll 2013-01-09 20:59:05 1236992 ----a-w- C:\Windows\SysWow64\msxml3.dll 2013-01-09 20:59:03 750592 ----a-w- C:\Windows\System32\win32spl.dll 2013-01-09 20:59:03 492032 ----a-w- C:\Windows\SysWow64\win32spl.dll 2013-01-09 20:59:02 307200 ----a-w- C:\Windows\System32\ncrypt.dll 2013-01-09 20:59:02 220160 ----a-w- C:\Windows\SysWow64\ncrypt.dll 2013-01-09 20:58:59 68608 ----a-w- C:\Windows\System32\taskhost.exe 2013-01-09 20:58:59 3149824 ----a-w- C:\Windows\System32\win32k.sys 2013-01-09 19:26:47 -------- d-----w- C:\mbar 2013-01-07 23:59:18 -------- d-----w- C:\Ruby193 2013-01-07 23:59:14 -------- d-----w- C:\Users\Patrick\AppData\Local\Programs 2013-01-07 18:43:50 -------- d-----w- C:\Users\Patrick\AppData\Roaming\name1ess0ne 2013-01-05 19:03:30 -------- d-----w- C:\hashcat-utils-0.9 2013-01-03 02:44:56 -------- d-----w- C:\hashcat-0.42 2013-01-03 02:26:56 -------- d-----w- C:\oclHashcat-plus-0.12 2012-12-29 16:28:23 -------- d-----w- C:\Users\Patrick\AppData\Roaming\Microsoft Corporation 2012-12-29 16:16:06 -------- d-----w- C:\Program Files (x86)\Microsoft Data Access SDK 2.8 2012-12-27 20:07:13 -------- d-----w- C:\ProgramData\Elcomsoft Password Recovery 2012-12-27 20:07:13 -------- d-----w- C:\Program Files (x86)\Elcomsoft Password Recovery 2012-12-27 20:07:13 -------- d-----w- C:\Program Files (x86)\Elcomsoft . ==================== Find3M ==================== . 2013-01-14 02:14:08 960416 ----a-w- C:\Windows\System32\deployJava1.dll 2013-01-09 19:28:28 74248 ----a-w- C:\Windows\SysWow64\FlashPlayerCPLApp.cpl 2013-01-09 19:28:28 697864 ----a-w- C:\Windows\SysWow64\FlashPlayerApp.exe 2012-12-16 17:11:22 46080 ----a-w- C:\Windows\System32\atmlib.dll 2012-12-16 14:45:03 367616 ----a-w- C:\Windows\System32\atmfd.dll 2012-12-16 14:13:28 295424 ----a-w- C:\Windows\SysWow64\atmfd.dll 2012-12-16 14:13:20 34304 ----a-w- C:\Windows\SysWow64\atmlib.dll 2012-11-28 09:35:19 95184 ----a-w- C:\Windows\SysWow64\WindowsAccessBridge-32.dll 2012-11-19 02:06:37 0 ----a-w- C:\Windows\System32\SETF14D.tmp 2012-11-19 02:06:35 0 ----a-w- C:\Windows\SysWow64\SETECD2.tmp 2012-11-19 02:06:34 0 ----a-w- C:\Windows\SysWow64\SETE888.tmp 2012-11-19 02:06:34 0 ----a-w- C:\Windows\System32\SETE6FD.tmp 2012-11-19 02:06:31 0 ----a-w- C:\Windows\System32\SETDCC3.tmp 2012-11-12 12:28:37 1638912 ----a-w- C:\Windows\System32\mshtml.tlb 2012-11-12 11:52:18 1638912 ----a-w- C:\Windows\SysWow64\mshtml.tlb 2012-11-09 05:45:09 2048 ----a-w- C:\Windows\System32\tzres.dll 2012-11-09 04:42:49 2048 ----a-w- C:\Windows\SysWow64\tzres.dll 2012-11-03 13:00:06 88008 ----a-w- C:\Windows\System32\LMIRfsClientNP.dll 2012-11-03 13:00:06 83880 ----a-w- C:\Windows\System32\LMIinit.dll 2012-11-03 13:00:06 35240 ----a-w- C:\Windows\System32\LMIport.dll 2012-11-02 05:59:11 478208 ----a-w- C:\Windows\System32\dpnet.dll 2012-11-02 05:11:31 376832 ----a-w- C:\Windows\SysWow64\dpnet.dll 2012-10-27 06:26:55 981504 ----a-w- C:\Windows\SysWow64\wininet.dll 2012-10-27 05:51:21 1188864 ----a-w- C:\Windows\System32\wininet.dll 2012-10-25 02:12:26 94208 ----a-w- C:\Windows\SysWow64\QuickTimeVR.qtx 2012-10-25 02:12:26 69632 ----a-w- C:\Windows\SysWow64\QuickTime.qts 2011-11-29 00:22:11 13844000 ----a-w- C:\Program Files (x86)\Common Files\lpuninstall.exe 2010-08-15 21:14:18 1892864 ----a-w- C:\Program Files\eac3to.exe 2008-02-10 14:42:50 95232 ----a-w- C:\Program Files\HookSurcode.dll 2005-08-14 07:49:04 219136 ----a-w- C:\Program Files\r8b.dll . ============= FINISH: 8:33:55.49 =============== P.s.: C:\Users\Patrick\AppData\Local\name1ess0ne is just the configuration folder for CloudShot attach.txt
Back to top
×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.