weird connections

thalantis · August 2, 2012

im seeing these weird connections in tcpview, other then that the pc is acting normal, but last night i did a clean install of the OS.

System 3876 TCP 49681 192.168.1.121 80 http 87.248.203.253 cdn-87-248-203-253.ams.llnw.net Established 8/2/2012 8:53:07 AM THALANTIS-W8\Administrator 8/2/2012 9:34:02 AM

System 3876 TCP 49691 192.168.1.121 80 http 87.248.203.253 cdn-87-248-203-253.ams.llnw.net Established 8/2/2012 8:53:07 AM THALANTIS-W8\Administrator 8/2/2012 9:34:02 AM

System 3876 TCP 49693 192.168.1.121 80 http 87.248.203.253 cdn-87-248-203-253.ams.llnw.net Established 8/2/2012 8:53:07 AM THALANTIS-W8\Administrator 8/2/2012 9:34:02 AM

System 3876 TCP 49694 192.168.1.121 80 http 87.248.203.253 cdn-87-248-203-253.ams.llnw.net Established 8/2/2012 8:53:07 AM THALANTIS-W8\Administrator 8/2/2012 9:34:02 AM

System 3876 TCP 49695 192.168.1.121 80 http 87.248.203.253 cdn-87-248-203-253.ams.llnw.net Established 8/2/2012 8:53:07 AM THALANTIS-W8\Administrator 8/2/2012 9:34:02 AM

System 3876 TCP 49696 192.168.1.121 80 http 87.248.203.253 cdn-87-248-203-253.ams.llnw.net Established 8/2/2012 8:53:07 AM THALANTIS-W8\Administrator 8/2/2012 9:34:02 AM

System 3876 TCP 49698 192.168.1.121 80 http 87.248.203.253 cdn-87-248-203-253.ams.llnw.net Established 8/2/2012 8:53:07 AM THALANTIS-W8\Administrator 8/2/2012 9:34:02 AM

System 3876 TCP 49706 192.168.1.121 80 http 87.248.203.253 cdn-87-248-203-253.ams.llnw.net Established 8/2/2012 8:53:07 AM THALANTIS-W8\Administrator 8/2/2012 9:34:02 AM

System 3876 TCP 49708 192.168.1.121 80 http 87.248.203.253 cdn-87-248-203-253.ams.llnw.net Established 8/2/2012 8:53:07 AM THALANTIS-W8\Administrator 8/2/2012 9:34:02 AM

System 3876 TCP 49710 192.168.1.121 80 http 87.248.203.253 cdn-87-248-203-253.ams.llnw.net Established 8/2/2012 8:53:07 AM THALANTIS-W8\Administrator 8/2/2012 9:34:02 AM

System 3948 TCP 49918 192.168.1.121 80 http 74.125.132.113 wb-in-f113.1e100.net Established 8/2/2012 9:08:37 AM THALANTIS-W8\Administrator 8/2/2012 9:34:02 AM

System 3948 TCP 49919 192.168.1.121 80 http 74.125.132.100 wb-in-f100.1e100.net Established 8/2/2012 9:08:37 AM THALANTIS-W8\Administrator 8/2/2012 9:34:02 AM

System 3948 TCP 49923 192.168.1.121 80 http 199.7.50.72 OCSP.NYC3.VERISIGN.COM Established 8/2/2012 9:08:37 AM THALANTIS-W8\Administrator 8/2/2012 9:34:02 AM

System 3948 TCP 49924 192.168.1.121 80 http 199.7.50.72 OCSP.NYC3.VERISIGN.COM Established 8/2/2012 9:08:37 AM THALANTIS-W8\Administrator 8/2/2012 9:34:02 AM

and tcpview gives these

<non-existent>:3876 TCP thalantis-w8.dynamic.ziggo.nl:49681 cdn-87-248-203-253.ams.llnw.net:http ESTABLISHED

<non-existent>:3876 TCP thalantis-w8.dynamic.ziggo.nl:49691 cdn-87-248-203-253.ams.llnw.net:http ESTABLISHED

<non-existent>:3876 TCP thalantis-w8.dynamic.ziggo.nl:49693 cdn-87-248-203-253.ams.llnw.net:http ESTABLISHED

<non-existent>:3876 TCP thalantis-w8.dynamic.ziggo.nl:49694 cdn-87-248-203-253.ams.llnw.net:http ESTABLISHED

<non-existent>:3876 TCP thalantis-w8.dynamic.ziggo.nl:49695 cdn-87-248-203-253.ams.llnw.net:http ESTABLISHED

<non-existent>:3876 TCP thalantis-w8.dynamic.ziggo.nl:49696 cdn-87-248-203-253.ams.llnw.net:http ESTABLISHED

<non-existent>:3876 TCP thalantis-w8.dynamic.ziggo.nl:49698 cdn-87-248-203-253.ams.llnw.net:http ESTABLISHED

<non-existent>:3876 TCP thalantis-w8.dynamic.ziggo.nl:49706 cdn-87-248-203-253.ams.llnw.net:http ESTABLISHED

<non-existent>:3876 TCP thalantis-w8.dynamic.ziggo.nl:49708 cdn-87-248-203-253.ams.llnw.net:http ESTABLISHED

<non-existent>:3876 TCP thalantis-w8.dynamic.ziggo.nl:49710 cdn-87-248-203-253.ams.llnw.net:http ESTABLISHED

also firefox has a lot of connections open.

am i infected with something? the quick scan of mbam revealed nothing

screen317 · August 2, 2012

Hi and welcome to Malwarebytes.

Why are those connections weird to you?

thalantis · August 2, 2012

because they are to these weird sites, and im only on this site now, and dds isnt working otherwise i would have posted some logs

firefox.exe:2372 TCP thalantis-w8.dynamic.ziggo.nl:49307 194.web03.sld5.mb-internal.com:http ESTABLISHED

firefox.exe:2372 TCP thalantis-w8.dynamic.ziggo.nl:49345 wb-in-f139.1e100.net:http ESTABLISHED

firefox.exe:2632 TCP thalantis-w8.dynamic.ziggo.nl:49356 wb-in-f102.1e100.net:https ESTABLISHED

firefox.exe:2632 TCP thalantis-w8.dynamic.ziggo.nl:49357 194.web03.sld5.mb-internal.com:http ESTABLISHED

firefox.exe:2632 TCP thalantis-w8.dynamic.ziggo.nl:49358 194.web03.sld5.mb-internal.com:http ESTABLISHED

screen317 · August 2, 2012

Are you from the Netherlands? Have you ever used this "Ziggo" online TV service?

Download RSIT by random/random and save it to your Desktop.

Double click RSIT.exe to start the tool and click Continue at the disclaimer.
When the scan completes it will open a log named log.txt maximized, and a log named info.txt minimized.
Please post the contents of both logs here in your next reply.

thalantis · August 2, 2012

yes i am from the netherlands and i have ziggo.

but i haven used ziggo online tv service

here is the log

Logfile of random's system information tool 1.09 (written by random/random)

Run by Administrator at 2012-08-02 23:43:48

Microsoft Windows Server 2008 R2 Enterprise Service Pack 1

System drive C: has 36 GB (63%) free of 57 GB

Total RAM: 12279 MB (76% free)

Logfile of Trend Micro HijackThis v2.0.4

Scan saved at 11:44:13 PM, on 8/2/2012

Platform: Windows 7 SP1 (WinNT 6.00.3505)

MSIE: Internet Explorer v8.00 (8.00.7601.17514)

Boot mode: Normal

Running processes:

C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe

H:\SABnzbd\SABnzbd.exe

H:\SickBeard\SickBeard.exe

C:\Users\Administrator\AppData\Roaming\Wuala\Wuala.exe

C:\totalcmd\TOTALCMD.EXE

C:\Program Files (x86)\VMware\VMware Player\vmplayer.exe

C:\Program Files (x86)\VMware\VMware Player\vmware-unity-helper.exe

C:\Program Files (x86)\Mozilla Firefox\firefox.exe

C:\Users\Administrator\Desktop\RSIT.exe

C:\Program Files (x86)\trend micro\Administrator.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = res://iesetup.dll/HardAdmin.htm

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = res://iesetup.dll/HardAdmin.htm

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896

R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157

R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =

R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =

R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm

R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =

F2 - REG:system.ini: UserInit=userinit.exe

O2 - BHO: Virtual Storage Mount Notification - {5FF49FE8-B332-4CB9-B102-FB6951629E55} - C:\Windows\SysWOW64\CbFsMntNtf3.dll

O2 - BHO: Java Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre6\bin\ssv.dll

O2 - BHO: Java Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll

O4 - HKLM\..\Run: [Malwarebytes' Anti-Malware] "C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe" /starttray

O4 - Startup: SABnzbd.lnk = H:\SABnzbd\SABnzbd.exe

O4 - Startup: SickBeard - Shortcut.lnk = H:\SickBeard\SickBeard.exe

O4 - Startup: Wuala.lnk = C:\Users\Administrator\AppData\Roaming\Wuala\Wuala.exe

O10 - Unknown file in Winsock LSP: c:\windows\system32\vsocklib.dll

O15 - ESC Trusted Zone: http://static.addtoany.com

O15 - ESC Trusted Zone: http://pandasecurity.s3.amazonaws.com

O15 - ESC Trusted Zone: http://s3.amazonaws.com

O15 - ESC Trusted Zone: http://a2a.lockerz.com

O15 - ESC Trusted Zone: http://runonce.msn.com

O15 - ESC Trusted Zone: http://www.pandasecurity.com

O15 - ESC Trusted Zone: http://*.windowsupdate.com

O15 - ESC Trusted Zone: http://runonce.msn.com (HKLM)

O15 - ESC Trusted Zone: http://*.windowsupdate.com (HKLM)

O20 - AppInit_DLLs: c:\progra~1\agnitum\outpos~1\wl_hook.dll

O21 - SSODL: EldosMountNotificator - {5FF49FE8-B332-4CB9-B102-FB6951629E55} - C:\Windows\SysWOW64\CbFsMntNtf3.dll

O22 - SharedTaskScheduler: Virtual Storage Mount Notification - {5FF49FE8-B332-4CB9-B102-FB6951629E55} - C:\Windows\SysWOW64\CbFsMntNtf3.dll

O23 - Service: Agnitum Client Security Service (acssrv) - Agnitum Ltd. - C:\PROGRA~1\Agnitum\OUTPOS~1\acs.exe

O23 - Service: @%SystemRoot%\system32\Alg.exe,-112 (ALG) - Unknown owner - C:\Windows\System32\alg.exe (file missing)

O23 - Service: @%SystemRoot%\system32\efssvc.dll,-100 (EFS) - Unknown owner - C:\Windows\System32\lsass.exe (file missing)

O23 - Service: @keyiso.dll,-100 (KeyIso) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)

O23 - Service: LMIGuardianSvc - LogMeIn, Inc. - C:\Program Files (x86)\LogMeIn\x64\LMIGuardianSvc.exe

O23 - Service: LogMeIn Maintenance Service (LMIMaint) - LogMeIn, Inc. - C:\Program Files (x86)\LogMeIn\x64\RaMaint.exe

O23 - Service: LogMeIn - LogMeIn, Inc. - C:\Program Files (x86)\LogMeIn\x64\LogMeIn.exe

O23 - Service: MBAMService - Malwarebytes Corporation - C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe

O23 - Service: Mozilla Maintenance Service (MozillaMaintenance) - Mozilla Foundation - C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe

O23 - Service: @comres.dll,-2797 (MSDTC) - Unknown owner - C:\Windows\System32\msdtc.exe (file missing)

O23 - Service: @%SystemRoot%\System32\netlogon.dll,-102 (Netlogon) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)

O23 - Service: @%systemroot%\system32\psbase.dll,-300 (ProtectedStorage) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)

O23 - Service: Remote Packet Capture Protocol v.0 (experimental) (rpcapd) - CACE Technologies, Inc. - C:\Program Files (x86)\WinPcap\rpcapd.exe

O23 - Service: @%systemroot%\system32\Locator.exe,-2 (RpcLocator) - Unknown owner - C:\Windows\system32\locator.exe (file missing)

O23 - Service: @gpapi.dll,-114 (RSoPProv) - Unknown owner - C:\Windows\system32\RSoPProv.exe (file missing)

O23 - Service: @%SystemRoot%\system32\samsrv.dll,-1 (SamSs) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)

O23 - Service: @%SystemRoot%\system32\snmptrap.exe,-3 (SNMPTRAP) - Unknown owner - C:\Windows\System32\snmptrap.exe (file missing)

O23 - Service: @%systemroot%\system32\spoolsv.exe,-1 (Spooler) - Unknown owner - C:\Windows\System32\spoolsv.exe (file missing)

O23 - Service: @%SystemRoot%\system32\sppsvc.exe,-101 (sppsvc) - Unknown owner - C:\Windows\system32\sppsvc.exe (file missing)

O23 - Service: @%SystemRoot%\system32\ui0detect.exe,-101 (UI0Detect) - Unknown owner - C:\Windows\system32\UI0Detect.exe (file missing)

O23 - Service: @%SystemRoot%\system32\vaultsvc.dll,-1003 (VaultSvc) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)

O23 - Service: @%SystemRoot%\system32\vds.exe,-100 (vds) - Unknown owner - C:\Windows\System32\vds.exe (file missing)

O23 - Service: VMware Authorization Service (VMAuthdService) - VMware, Inc. - C:\Program Files (x86)\VMware\VMware Player\vmware-authd.exe

O23 - Service: VMware DHCP Service (VMnetDHCP) - VMware, Inc. - C:\Windows\system32\vmnetdhcp.exe

O23 - Service: VMware USB Arbitration Service (VMUSBArbService) - VMware, Inc. - C:\Program Files (x86)\Common Files\VMware\USB\vmware-usbarbitrator64.exe

O23 - Service: VMware NAT Service - VMware, Inc. - C:\Windows\system32\vmnat.exe

O23 - Service: @%systemroot%\system32\vssvc.exe,-102 (VSS) - Unknown owner - C:\Windows\system32\vssvc.exe (file missing)

O23 - Service: @%Systemroot%\system32\wbem\wmiapsrv.exe,-110 (wmiApSrv) - Unknown owner - C:\Windows\system32\wbem\WmiApSrv.exe (file missing)

--

End of file - 6962 bytes

======Scheduled tasks folder======

C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-3130183148-3393406439-340295829-500Core.job

C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-3130183148-3393406439-340295829-500UA.job

=========Mozilla firefox=========

ProfilePath - C:\Users\Administrator\AppData\Roaming\Mozilla\Firefox\Profiles\nomgye2u.default

[HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\@java.com/DTPlugin,version=1.6.0_33]

"Description"=

"Path"=C:\Windows\SysWOW64\npdeployJava1.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\@java.com/JavaPlugin]

"Description"=Oracle® Next Generation Java™ Plug-In

"Path"=C:\Program Files (x86)\Java\jre6\bin\plugin2\npjp2.dll

C:\Program Files (x86)\Mozilla Firefox\extensions\

{972ce4c6-7e08-4474-a285-3208198ce6fd}

C:\Program Files (x86)\Mozilla Firefox\components\

binary.manifest

browsercomps.dll

C:\Program Files (x86)\Mozilla Firefox\searchplugins\

bing.xml

bolcom-nl.xml

google.xml

marktplaats-nl.xml

wikipedia-nl.xml

======Registry dump======

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{5FF49FE8-B332-4CB9-B102-FB6951629E55}]

Virtual Storage Mount Notification - C:\Windows\SysWOW64\CbFsMntNtf3.dll [2011-12-02 158224]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{761497BB-D6F0-462C-B6EB-D4DAF1D92D43}]

Java Plug-In SSV Helper - C:\Program Files (x86)\Java\jre6\bin\ssv.dll [2012-08-02 329480]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{DBC80044-A445-435b-BC74-9C25C1C588A9}]

Java Plug-In 2 SSV Helper - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll [2012-08-02 59144]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]

"Malwarebytes' Anti-Malware"=C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe [2012-07-03 462920]

C:\Users\Administrator\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup

SABnzbd.lnk - H:\SABnzbd\SABnzbd.exe

SickBeard - Shortcut.lnk - H:\SickBeard\SickBeard.exe

Wuala.lnk - C:\Users\Administrator\AppData\Roaming\Wuala\Wuala.exe

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]

"AppInit_DLLs"="c:\progra~1\agnitum\outpos~1\wl_hook.dll"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad]

WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED}

EldosMountNotificator - {5FF49FE8-B332-4CB9-B102-FB6951629E55} - C:\Windows\SysWOW64\CbFsMntNtf3.dll [2011-12-02 158224]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\explorer\SharedTaskScheduler]

Virtual Storage Mount Notification - {5FF49FE8-B332-4CB9-B102-FB6951629E55} - C:\Windows\SysWOW64\CbFsMntNtf3.dll [2011-12-02 158224]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa]

"notification packages"=scecli

rassfm

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\securityproviders]

"SecurityProviders"=credssp.dll

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\AppInfo]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\AppMgmt]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Base]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Boot Bus Extender]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Boot file system]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\CryptSvc]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\DcomLaunch]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\EFS]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\EventLog]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\File system]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Filter]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\HelpSvc]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\KeyIso]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Netlogon]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\NTDS]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\PCI Configuration]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\PlugPlay]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\PNP Filter]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Power]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Primary disk]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\ProfSvc]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\RpcEptMapper]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\RpcSs]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\sacsvr]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\SCSI Class]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\sermouse.sys]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\SWPRV]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\System Bus Extender]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\TabletInputService]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\TBS]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\TrustedInstaller]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\VDS]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\vga.sys]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\vgasave.sys]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\vmms]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\volmgr.sys]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\volmgrx.sys]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WinMgmt]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WudfPf]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WudfRd]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WudfSvc]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\{36FC9E60-C465-11CF-8056-444553540000}]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\{4D36E965-E325-11CE-BFC1-08002BE10318}]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\{4D36E967-E325-11CE-BFC1-08002BE10318}]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\{4D36E969-E325-11CE-BFC1-08002BE10318}]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\{4D36E96A-E325-11CE-BFC1-08002BE10318}]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\{4D36E96B-E325-11CE-BFC1-08002BE10318}]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\{4D36E96F-E325-11CE-BFC1-08002BE10318}]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\{4D36E977-E325-11CE-BFC1-08002BE10318}]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\{4D36E97B-E325-11CE-BFC1-08002BE10318}]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\{4D36E97D-E325-11CE-BFC1-08002BE10318}]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\{4D36E980-E325-11CE-BFC1-08002BE10318}]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\{533C5B84-EC70-11D2-9505-00C04F79DEAF}]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\{6BDD1FC1-810F-11D0-BEC7-08002BE2092F}]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\{71A27CDD-812A-11D0-BEC7-08002BE2092F}]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\{745A17A0-74D3-11D0-B6FE-00A0C90F57DA}]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\{D48179BE-EC20-11D1-B6B8-00C04FA372A7}]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\{D94EE5D8-D189-4994-83D2-F68D7D41B0E6}]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\AFD]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\AppInfo]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\AppMgmt]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\Base]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\BFE]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\Boot Bus Extender]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\Boot file system]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\bowser]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\Browser]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\CryptSvc]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\DcomLaunch]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\dfsc]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\Dhcp]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\DnsCache]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\Dot3Svc]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\Eaphost]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\EFS]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\EventLog]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\File system]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\Filter]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\HelpSvc]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\IKEEXT]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\ipnat.sys]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\KeyIso]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\LanmanServer]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\LanmanWorkstation]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\LmHosts]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\Messenger]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\MPSDrv]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\MPSSvc]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\mrxsmb]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\mrxsmb10]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\mrxsmb20]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\NativeWifiP]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\NDIS]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\NDIS Wrapper]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\ndiscap]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\Ndisuio]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\NetBIOS]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\NetBIOSGroup]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\NetBT]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\NetDDEGroup]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\Netlogon]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\NetMan]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\netprofm]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\Network]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\NetworkProvider]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\NlaSvc]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\Nsi]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\nsiproxy.sys]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\NTDS]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\PCI Configuration]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\PlugPlay]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\PNP Filter]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\PNP_TDI]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\PolicyAgent]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\Power]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\Primary disk]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\ProfSvc]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\rdbss]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\rdpencdd.sys]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\rdsessmgr]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\RpcEptMapper]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\RpcSs]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\sacsvr]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\SCardSvr]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\SCSI Class]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\sermouse.sys]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\SharedAccess]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\Streams Drivers]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\SWPRV]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\System Bus Extender]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\TabletInputService]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\TBS]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\Tcpip]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\TDI]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\TrustedInstaller]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\VaultSvc]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\VDS]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\vga.sys]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\vgasave.sys]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\vmms]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\volmgr.sys]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\volmgrx.sys]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\WinMgmt]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\Wlansvc]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\WudfPf]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\WudfRd]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\WudfSvc]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\WudfUsbccidDriver]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\{36FC9E60-C465-11CF-8056-444553540000}]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\{4D36E965-E325-11CE-BFC1-08002BE10318}]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\{4D36E967-E325-11CE-BFC1-08002BE10318}]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\{4D36E969-E325-11CE-BFC1-08002BE10318}]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\{4D36E96A-E325-11CE-BFC1-08002BE10318}]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\{4D36E96B-E325-11CE-BFC1-08002BE10318}]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\{4D36E96F-E325-11CE-BFC1-08002BE10318}]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\{4D36E972-E325-11CE-BFC1-08002BE10318}]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\{4D36E973-E325-11CE-BFC1-08002BE10318}]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\{4D36E974-E325-11CE-BFC1-08002BE10318}]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\{4D36E975-E325-11CE-BFC1-08002BE10318}]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\{4D36E977-E325-11CE-BFC1-08002BE10318}]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\{4D36E97B-E325-11CE-BFC1-08002BE10318}]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\{4D36E97D-E325-11CE-BFC1-08002BE10318}]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\{4D36E980-E325-11CE-BFC1-08002BE10318}]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\{50DD5230-BA8A-11D1-BF5D-0000F805F530}]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\{533C5B84-EC70-11D2-9505-00C04F79DEAF}]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\{6BDD1FC1-810F-11D0-BEC7-08002BE2092F}]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\{71A27CDD-812A-11D0-BEC7-08002BE2092F}]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\{745A17A0-74D3-11D0-B6FE-00A0C90F57DA}]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\{D48179BE-EC20-11D1-B6B8-00C04FA372A7}]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\{D94EE5D8-D189-4994-83D2-F68D7D41B0E6}]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System]

"ConsentPromptBehaviorAdmin"=5

"ConsentPromptBehaviorUser"=3

"EnableUIADesktopToggle"=0

"disablecad"=0

"dontdisplaylastusername"=0

"legalnoticecaption"=

"legalnoticetext"=

"shutdownwithoutlogon"=0

"undockwithoutlogon"=1

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]

"NoActiveDesktop"=1

"NoActiveDesktopChanges"=1

"ForceActiveDesktopOn"=0

"ShowSuperHidden"=1

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Drivers32]

"vidc.mrle"=msrle32.dll

"vidc.msvc"=msvidc32.dll

"msacm.imaadpcm"=imaadp32.acm

"msacm.msg711"=msg711.acm

"msacm.msgsm610"=msgsm32.acm

"msacm.msadpcm"=msadp32.acm

"midimapper"=midimap.dll

"wavemapper"=msacm32.drv

"vidc.uyvy"=msyuv.dll

"vidc.yuy2"=msyuv.dll

"vidc.yvyu"=msyuv.dll

"vidc.iyuv"=iyuv_32.dll

"vidc.i420"=iyuv_32.dll

"vidc.yvu9"=tsbyuv.dll

"wave"=wdmaud.drv

"midi"=wdmaud.drv

"mixer"=wdmaud.drv

"aux"=wdmaud.drv

"VIDC.VMnc"=vmnc.dll

======File associations======

.js - edit - C:\Windows\System32\Notepad.exe %1

.js - open - C:\Windows\System32\WScript.exe "%1" %*

======List of files/folders created in the last 1 month======

2012-08-02 23:43:48 ----D---- C:\rsit

2012-08-02 23:43:48 ----D---- C:\Program Files (x86)\trend micro

2012-08-02 19:48:17 ----D---- C:\Users\Administrator\AppData\Roaming\VMware

2012-08-02 19:13:17 ----A---- C:\Windows\SysWOW64\vmnetdhcp.exe

2012-08-02 19:13:13 ----A---- C:\Windows\SysWOW64\vmnat.exe

2012-08-02 19:10:31 ----A---- C:\Windows\SysWOW64\PerfStringBackup.INI

2012-08-02 19:10:11 ----D---- C:\ProgramData\VMware

2012-08-02 19:10:11 ----D---- C:\Program Files (x86)\VMware

2012-08-02 19:10:11 ----D---- C:\Program Files (x86)\Common Files\VMware

2012-08-02 19:07:34 ----A---- C:\TDSSKiller.2.7.48.0_02.08.2012_19.07.34_log.txt

2012-08-02 18:44:22 ----D---- C:\Users\Administrator\AppData\Roaming\WinRAR

2012-08-02 11:35:26 ----D---- C:\Users\Administrator\AppData\Roaming\Wireshark

2012-08-02 11:22:41 ----D---- C:\Program Files (x86)\WinPcap

2012-08-02 09:08:38 ----D---- C:\Users\Administrator\AppData\Roaming\Mozilla

2012-08-02 09:08:29 ----D---- C:\ProgramData\Mozilla

2012-08-02 09:08:28 ----D---- C:\Program Files (x86)\Mozilla Maintenance Service

2012-08-02 09:08:24 ----D---- C:\Program Files (x86)\Mozilla Firefox

2012-08-02 08:53:02 ----D---- C:\Users\Administrator\AppData\Roaming\Malwarebytes

2012-08-02 08:52:54 ----D---- C:\ProgramData\Malwarebytes

2012-08-02 08:52:53 ----D---- C:\Program Files (x86)\Malwarebytes' Anti-Malware

2012-08-02 07:31:59 ----D---- C:\Windows\Panther

2012-08-02 07:30:31 ----D---- C:\Program Files (x86)\Wuala OverlayIcons

2012-08-02 07:30:22 ----A---- C:\Windows\SysWOW64\CbFsMntNtf3.dll

2012-08-02 07:30:19 ----A---- C:\Windows\SysWOW64\CbFsNetRdr3.dll

2012-08-02 07:29:37 ----D---- C:\Program Files (x86)\Wuala CBFS

2012-08-02 07:29:35 ----D---- C:\ProgramData\Sun

2012-08-02 07:29:34 ----D---- C:\Program Files (x86)\Common Files\Java

2012-08-02 07:29:26 ----A---- C:\Windows\SysWOW64\npdeployJava1.dll

2012-08-02 07:29:26 ----A---- C:\Windows\SysWOW64\javaws.exe

2012-08-02 07:29:26 ----A---- C:\Windows\SysWOW64\javaw.exe

2012-08-02 07:29:26 ----A---- C:\Windows\SysWOW64\java.exe

2012-08-02 07:29:26 ----A---- C:\Windows\SysWOW64\deployJava1.dll

2012-08-02 07:29:02 ----D---- C:\Program Files (x86)\Java

2012-08-02 07:28:14 ----D---- C:\Users\Administrator\AppData\Roaming\Wuala

2012-08-02 06:41:25 ----D---- C:\Windows\SoftwareDistribution

2012-08-02 06:41:12 ----SD---- C:\Users\Administrator\AppData\Roaming\Microsoft

2012-08-02 06:40:50 ----SHD---- C:\Recovery

2012-08-02 06:36:36 ----SHD---- C:\System Volume Information

2012-08-02 06:36:36 ----ASH---- C:\pagefile.sys

2012-08-01 23:00:48 ----D---- C:\ProgramData\LogMeIn

2012-08-01 23:00:27 ----D---- C:\Program Files (x86)\LogMeIn

2012-08-01 22:46:12 ----D---- C:\Users\Administrator\AppData\Roaming\GHISLER

2012-08-01 22:46:12 ----D---- C:\totalcmd

2012-08-01 22:46:12 ----A---- C:\Windows\UC.PIF

2012-08-01 22:46:12 ----A---- C:\Windows\RAR.PIF

2012-08-01 22:46:12 ----A---- C:\Windows\PKZIP.PIF

2012-08-01 22:46:12 ----A---- C:\Windows\PKUNZIP.PIF

2012-08-01 22:46:12 ----A---- C:\Windows\NOCLOSE.PIF

2012-08-01 22:46:12 ----A---- C:\Windows\LHA.PIF

2012-08-01 22:46:12 ----A---- C:\Windows\ARJ.PIF

2012-08-01 21:45:56 ----D---- C:\Users\Administrator\AppData\Roaming\Agnitum

2012-08-01 21:45:54 ----SHD---- C:\Windows\Installer

2012-08-01 21:45:41 ----D---- C:\ProgramData\Agnitum

======List of files/folders modified in the last 1 month======

2012-08-02 23:44:01 ----D---- C:\Windows\Temp

2012-08-02 23:43:48 ----RD---- C:\Program Files (x86)

2012-08-02 19:23:23 ----D---- C:\Windows\System32

2012-08-02 19:23:23 ----D---- C:\Windows\inf

2012-08-02 19:13:38 ----D---- C:\Windows\winsxs

2012-08-02 19:13:17 ----D---- C:\Windows\SysWOW64

2012-08-02 19:10:11 ----D---- C:\ProgramData

2012-08-02 19:10:11 ----D---- C:\Program Files (x86)\Common Files

2012-08-02 18:36:13 ----D---- C:\Program Files (x86)\Common Files\microsoft shared

2012-08-02 13:35:01 ----SD---- C:\ProgramData\Microsoft

2012-08-02 11:22:14 ----RD---- C:\Program Files

2012-08-02 08:27:49 ----D---- C:\Windows\Tasks

2012-08-02 06:41:49 ----D---- C:\Windows\Logs

2012-08-02 06:41:17 ----SHD---- C:\$Recycle.Bin

2012-08-02 06:41:12 ----RD---- C:\Users

2012-08-02 06:40:50 ----D---- C:\Windows\rescache

2012-08-01 22:47:33 ----D---- C:\Windows\debug

2012-08-01 22:46:12 ----D---- C:\Windows

2012-08-01 21:58:00 ----RSD---- C:\Windows\assembly

2012-08-01 21:58:00 ----D---- C:\Windows\Microsoft.NET

======List of drivers (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R0 ACPI;Microsoft ACPI Driver; C:\Windows\system32\drivers\ACPI.sys []

R0 amdxata;amdxata; C:\Windows\system32\drivers\amdxata.sys []

R0 arcs_a64;arcs_a64; C:\Windows\system32\DRIVERS\arcs_a64.sys []

R0 atapi;IDE Channel; C:\Windows\system32\drivers\atapi.sys []

R0 CLFS;@%SystemRoot%\system32\clfs.sys,-100; C:\Windows\System32\CLFS.sys []

R0 CNG;CNG; C:\Windows\System32\Drivers\cng.sys []

R0 Disk;Disk Driver; C:\Windows\system32\drivers\disk.sys []

R0 FltMgr;@%SystemRoot%\system32\drivers\fltmgr.sys,-10001; C:\Windows\system32\drivers\fltmgr.sys []

R0 hwpolicy;@%systemroot%\system32\drivers\hwpolicy.sys,-101; C:\Windows\System32\drivers\hwpolicy.sys []

R0 KSecDD;KSecDD; C:\Windows\System32\Drivers\ksecdd.sys []

R0 KSecPkg;KSecPkg; C:\Windows\System32\Drivers\ksecpkg.sys []

R0 mountmgr;@%SystemRoot%\system32\drivers\mountmgr.sys,-100; C:\Windows\System32\drivers\mountmgr.sys []

R0 msisadrv;msisadrv; C:\Windows\system32\drivers\msisadrv.sys []

R0 Mup;@%systemroot%\system32\drivers\mup.sys,-101; C:\Windows\System32\Drivers\mup.sys []

R0 NDIS;@%SystemRoot%\system32\drivers\ndis.sys,-200; C:\Windows\system32\drivers\ndis.sys []

R0 partmgr;@%SystemRoot%\system32\drivers\partmgr.sys,-100; C:\Windows\System32\drivers\partmgr.sys []

R0 pci;PCI Bus Driver; C:\Windows\system32\drivers\pci.sys []

R0 pciide;pciide; C:\Windows\system32\drivers\pciide.sys []

R0 pcw;Performance Counters for Windows Driver; C:\Windows\System32\drivers\pcw.sys []

R0 spldr;Security Processor Loader Driver; C:\Windows\SysWOW64\drivers\spldr.sys []

R0 storflt;@%SystemRoot%\system32\vmstorfltres.dll,-1000; C:\Windows\system32\drivers\vmstorfl.sys []

R0 Tcpip;@%SystemRoot%\system32\tcpipcfg.dll,-50003; C:\Windows\System32\drivers\tcpip.sys []

R0 vdrvroot;Microsoft Virtual Drive Enumerator Driver; C:\Windows\system32\drivers\vdrvroot.sys []

R0 vmci;VMware VMCI Bus Driver; C:\Windows\system32\DRIVERS\vmci.sys []

R0 volmgr;Volume Manager Driver; C:\Windows\system32\drivers\volmgr.sys []

R0 volmgrx;@%SystemRoot%\system32\drivers\volmgrx.sys,-100; C:\Windows\System32\drivers\volmgrx.sys []

R0 volsnap;Storage volumes; C:\Windows\system32\drivers\volsnap.sys []

R0 Wdf01000;Kernel Mode Driver Frameworks service; C:\Windows\system32\drivers\Wdf01000.sys []

R1 AFD;@%systemroot%\system32\drivers\afd.sys,-1000; C:\Windows\system32\drivers\afd.sys []

R1 afw;Agnitum Firewall Driver; C:\Windows\system32\DRIVERS\afw.sys []

R1 blbdrive;blbdrive; C:\Windows\system32\DRIVERS\blbdrive.sys []

R1 cbfs3;cbfs3; \??\C:\Windows\system32\drivers\cbfs3.sys []

R1 DfsC;@%systemroot%\system32\drivers\dfsc.sys,-101; C:\Windows\System32\Drivers\dfsc.sys []

R1 discache;@%systemroot%\system32\drivers\discache.sys,-102; C:\Windows\System32\drivers\discache.sys []

R1 Msfs;Msfs; C:\Windows\SysWOW64\drivers\Msfs.sys []

R1 mssmbios;Microsoft System Management BIOS Driver; C:\Windows\system32\DRIVERS\mssmbios.sys []

R1 NetBIOS;NetBIOS Interface; C:\Windows\system32\DRIVERS\netbios.sys []

R1 NetBT;@%SystemRoot%\system32\drivers\netbt.sys,-2; C:\Windows\System32\DRIVERS\netbt.sys []

R1 Npfs;Npfs; C:\Windows\SysWOW64\drivers\Npfs.sys []

R1 nsiproxy;@%SystemRoot%\system32\drivers\nsiproxy.sys,-2; C:\Windows\system32\drivers\nsiproxy.sys []

R1 Null;Null; C:\Windows\SysWOW64\drivers\Null.sys []

R1 Psched;@%SystemRoot%\System32\drivers\pacer.sys,-101; C:\Windows\system32\DRIVERS\pacer.sys []

R1 rdbss;@%systemroot%\system32\wkssvc.dll,-1000; C:\Windows\system32\DRIVERS\rdbss.sys []

R1 RDPCDD;@%systemroot%\system32\DRIVERS\RDPCDD.sys,-100; C:\Windows\System32\DRIVERS\RDPCDD.sys []

R1 RDPENCDD;@%systemroot%\system32\drivers\RDPENCDD.sys,-101; C:\Windows\system32\drivers\rdpencdd.sys []

R1 RDPREFMP;@%systemroot%\system32\drivers\RdpRefMp.sys,-101; C:\Windows\system32\drivers\rdprefmp.sys []

R1 SandBox;SandBox; \??\C:\Windows\system32\drivers\SandBox64.sys []

R1 Serial;Serial port driver; C:\Windows\system32\DRIVERS\serial.sys []

R1 tdx;@%SystemRoot%\system32\tcpipcfg.dll,-50004; C:\Windows\system32\DRIVERS\tdx.sys []

R1 TermDD;Terminal Device Driver; C:\Windows\system32\DRIVERS\termdd.sys []

R1 VgaSave;VgaSave; C:\Windows\System32\drivers\vga.sys []

R1 Wanarpv6;@%systemroot%\system32\rascfg.dll,-32012; C:\Windows\system32\DRIVERS\wanarp.sys []

R1 WfpLwf;WFP Lightweight Filter; C:\Windows\system32\DRIVERS\wfplwf.sys []

R1 ws2ifsl;Windows Socket 2.0 Non-IFS Service Provider Support Environment; C:\Windows\system32\drivers\ws2ifsl.sys []

R2 hcmon;VMware hcmon; \??\C:\Windows\system32\drivers\hcmon.sys []

R2 lltdio;Link-Layer Topology Discovery Mapper I/O Driver; C:\Windows\system32\DRIVERS\lltdio.sys []

R2 LMIInfo;LogMeIn Kernel Information Provider; \??\C:\Program Files (x86)\LogMeIn\x64\RaInfo.sys [2012-06-08 15928]

R2 LMIRfsDriver;LogMeIn Remote File System Driver; \??\C:\Windows\system32\drivers\LMIRfsDriver.sys []

R2 luafv;@%systemroot%\system32\drivers\luafv.sys,-100; C:\Windows\system32\drivers\luafv.sys []

R2 PEAUTH;PEAUTH; C:\Windows\system32\drivers\peauth.sys []

R2 rspndr;Link-Layer Topology Discovery Responder; C:\Windows\system32\DRIVERS\rspndr.sys []

R2 secdrv;Security Driver; C:\Windows\SysWOW64\drivers\secdrv.sys []

R2 tcpipreg;TCP/IP Registry Compatibility; C:\Windows\System32\drivers\tcpipreg.sys []

R2 VMnetBridge;VMware Bridge Protocol; C:\Windows\system32\DRIVERS\vmnetbridge.sys []

R2 VMnetuserif;VMware Network Application Interface; \??\C:\Windows\system32\drivers\vmnetuserif.sys []

R2 vmx86;VMware vmx86; \??\C:\Windows\system32\drivers\vmx86.sys []

R3 1394ohci;1394 OHCI Compliant Host Controller; C:\Windows\system32\DRIVERS\1394ohci.sys []

R3 afwcore;afwcore; C:\Windows\system32\drivers\afwcore.sys []

R3 ASWFilt;ASWFilt; \??\C:\Windows\system32\Filt\ASWFilt64.dll []

R3 AsyncMac;@%systemroot%\system32\rascfg.dll,-32000; C:\Windows\system32\DRIVERS\asyncmac.sys []

R3 bowser;@%systemroot%\system32\browser.dll,-102; C:\Windows\system32\DRIVERS\bowser.sys []

R3 CompositeBus;Composite Bus Enumerator Driver; C:\Windows\system32\DRIVERS\CompositeBus.sys []

R3 e1express;Intel® PRO/1000 PCI Express Network Connection Driver; C:\Windows\system32\DRIVERS\e1e6032e.sys []

R3 HdAudAddService;Microsoft 1.1 UAA Function Driver for High Definition Audio Service; C:\Windows\system32\drivers\HdAudio.sys []

R3 HDAudBus;Microsoft UAA Bus Driver for High Definition Audio; C:\Windows\system32\DRIVERS\HDAudBus.sys []

R3 HidUsb;Microsoft HID Class Driver; C:\Windows\system32\DRIVERS\hidusb.sys []

R3 HTTP;@%SystemRoot%\system32\drivers\http.sys,-1; C:\Windows\system32\drivers\HTTP.sys []

R3 intelppm;Intel Processor Driver; C:\Windows\system32\DRIVERS\intelppm.sys []

R3 kbdclass;Keyboard Class Driver; C:\Windows\system32\DRIVERS\kbdclass.sys []

R3 kbdhid;Keyboard HID Driver; C:\Windows\system32\DRIVERS\kbdhid.sys []

R3 ksthunk;Kernel Streaming Thunks; C:\Windows\system32\drivers\ksthunk.sys []

R3 lmimirr;lmimirr; C:\Windows\system32\DRIVERS\lmimirr.sys []

R3 MBAMProtector;MBAMProtector; \??\C:\Windows\system32\drivers\mbam.sys []

R3 monitor;Microsoft Monitor Class Function Driver Service; C:\Windows\system32\DRIVERS\monitor.sys []

R3 mouclass;Mouse Class Driver; C:\Windows\system32\DRIVERS\mouclass.sys []

R3 mouhid;Mouse HID Driver; C:\Windows\system32\DRIVERS\mouhid.sys []

R3 mpsdrv;@%SystemRoot%\system32\FirewallAPI.dll,-23092; C:\Windows\System32\drivers\mpsdrv.sys []

R3 mrxsmb;@%systemroot%\system32\wkssvc.dll,-1002; C:\Windows\system32\DRIVERS\mrxsmb.sys []

R3 mrxsmb10;@%systemroot%\system32\wkssvc.dll,-1004; C:\Windows\system32\DRIVERS\mrxsmb10.sys []

R3 mrxsmb20;@%systemroot%\system32\wkssvc.dll,-1006; C:\Windows\system32\DRIVERS\mrxsmb20.sys []

R3 NdisTapi;@%systemroot%\system32\rascfg.dll,-32001; C:\Windows\system32\DRIVERS\ndistapi.sys []

R3 NdisWan;@%systemroot%\system32\rascfg.dll,-32002; C:\Windows\system32\DRIVERS\ndiswan.sys []

R3 NDProxy;NDIS Proxy; C:\Windows\SysWOW64\drivers\NDProxy.sys []

R3 Ntfs;Ntfs; C:\Windows\SysWOW64\drivers\Ntfs.sys []

R3 PptpMiniport;@%systemroot%\system32\rascfg.dll,-32006; C:\Windows\system32\DRIVERS\raspptp.sys []

R3 RasAgileVpn;WAN Miniport (IKEv2); C:\Windows\system32\DRIVERS\AgileVpn.sys []

R3 Rasl2tp;@%systemroot%\system32\rascfg.dll,-32005; C:\Windows\system32\DRIVERS\rasl2tp.sys []

R3 RasPppoe;@%systemroot%\system32\rascfg.dll,-32007; C:\Windows\system32\DRIVERS\raspppoe.sys []

R3 RasSstp;@%systemroot%\system32\sstpsvc.dll,-202; C:\Windows\system32\DRIVERS\rassstp.sys []

R3 rdpbus;Remote Desktop Device Redirector Bus Driver; C:\Windows\system32\DRIVERS\rdpbus.sys []

R3 RDPDR;Terminal Server Device Redirector Driver; C:\Windows\System32\drivers\rdpdr.sys []

R3 RDPWD;RDP Winstation Driver; C:\Windows\SysWOW64\drivers\RDPWD.sys []

R3 RTL8167;Realtek 8167 NT Driver; C:\Windows\system32\DRIVERS\Rt64win7.sys []

R3 Serenum;Serenum Filter Driver; C:\Windows\system32\DRIVERS\serenum.sys []

R3 srv;@%systemroot%\system32\srvsvc.dll,-102; C:\Windows\System32\DRIVERS\srv.sys []

R3 srv2;@%systemroot%\system32\srvsvc.dll,-104; C:\Windows\System32\DRIVERS\srv2.sys []

R3 srvnet;srvnet; C:\Windows\System32\DRIVERS\srvnet.sys []

R3 swenum;Software Bus Driver; C:\Windows\system32\DRIVERS\swenum.sys []

R3 TDTCP;TDTCP; C:\Windows\system32\drivers\tdtcp.sys []

R3 tssecsrv;@%SystemRoot%\System32\DRIVERS\tssecsrv.sys,-101; C:\Windows\System32\DRIVERS\tssecsrv.sys []

R3 tunnel;Microsoft Tunnel Miniport Adapter Driver; C:\Windows\system32\DRIVERS\tunnel.sys []

R3 umbus;UMBus Enumerator Driver; C:\Windows\system32\DRIVERS\umbus.sys []

R3 usbccgp;Microsoft USB Generic Parent Driver; C:\Windows\system32\DRIVERS\usbccgp.sys []

R3 usbehci;Microsoft USB 2.0 Enhanced Host Controller Miniport Driver; C:\Windows\system32\DRIVERS\usbehci.sys []

R3 usbhub;Microsoft USB Standard Hub Driver; C:\Windows\system32\DRIVERS\usbhub.sys []

R3 usbuhci;Microsoft USB Universal Host Controller Miniport Driver; C:\Windows\system32\DRIVERS\usbuhci.sys []

R3 VBEngNT;VBEngNT; \??\C:\Windows\system32\drivers\VBEngNT.sys []

R3 VBFilt;VBFilt; \??\C:\Windows\system32\Filt\VBFilt64.dll []

R3 vga;vga; C:\Windows\system32\DRIVERS\vgapnp.sys []

R3 vmkbd;VMware kbd; \??\C:\Windows\system32\drivers\VMkbd.sys []

R3 VMnetAdapter;VMware Virtual Ethernet Adapter Driver; C:\Windows\system32\DRIVERS\vmnetadapter.sys []

R3 WmiAcpi;Microsoft Windows Management Interface for ACPI; C:\Windows\system32\DRIVERS\wmiacpi.sys []

S0 sacdrv;sacdrv; C:\Windows\system32\DRIVERS\sacdrv.sys []

S3 AcpiPmi;ACPI Power Meter Driver; C:\Windows\system32\drivers\acpipmi.sys []

S3 adp94xx;adp94xx; C:\Windows\system32\drivers\adp94xx.sys []

S3 adpahci;adpahci; C:\Windows\system32\drivers\adpahci.sys []

S3 adpu320;adpu320; C:\Windows\system32\drivers\adpu320.sys []

S3 agp440;Intel AGP Bus Filter; C:\Windows\system32\drivers\agp440.sys []

S3 aliide;aliide; C:\Windows\system32\drivers\aliide.sys []

S3 amdide;amdide; C:\Windows\system32\drivers\amdide.sys []

S3 AmdK8;AMD K8 Processor Driver; C:\Windows\system32\drivers\amdk8.sys []

S3 AmdPPM;AMD Processor Driver; C:\Windows\system32\drivers\amdppm.sys []

S3 amdsata;amdsata; C:\Windows\system32\drivers\amdsata.sys []

S3 amdsbs;amdsbs; C:\Windows\system32\drivers\amdsbs.sys []

S3 AppID;@%systemroot%\system32\appidsvc.dll,-102; C:\Windows\system32\drivers\appid.sys []

S3 arc;arc; C:\Windows\system32\drivers\arc.sys []

S3 arcsas;arcsas; C:\Windows\system32\drivers\arcsas.sys []

S3 b06bdrv;Broadcom NetXtreme II VBD; C:\Windows\system32\drivers\bxvbda.sys []

S3 b57nd60a;Broadcom NetXtreme Gigabit Ethernet - NDIS 6.0; C:\Windows\system32\DRIVERS\b57nd60a.sys []

S3 Beep;Beep; C:\Windows\SysWOW64\drivers\Beep.sys []

S3 BrFiltLo;Brother USB Mass-Storage Lower Filter Driver; C:\Windows\system32\drivers\BrFiltLo.sys []

S3 BrFiltUp;Brother USB Mass-Storage Upper Filter Driver; C:\Windows\system32\drivers\BrFiltUp.sys []

S3 Brserid;Brother MFC Serial Port Interface Driver (WDM); C:\Windows\System32\Drivers\Brserid.sys []

S3 BrSerWdm;Brother WDM Serial driver; C:\Windows\System32\Drivers\BrSerWdm.sys []

S3 BrUsbMdm;Brother MFC USB Fax Only Modem; C:\Windows\System32\Drivers\BrUsbMdm.sys []

S3 BrUsbSer;Brother MFC USB Serial WDM Driver; C:\Windows\System32\Drivers\BrUsbSer.sys []

S3 cdrom;cdrom; C:\Windows\system32\drivers\cdrom.sys []

S3 CmBatt;Microsoft ACPI Control Method Battery Driver; C:\Windows\system32\drivers\CmBatt.sys []

S3 cmdide;cmdide; C:\Windows\system32\drivers\cmdide.sys []

S3 Compbatt;Compbatt; C:\Windows\system32\drivers\compbatt.sys []

S3 dmvsc;dmvsc; C:\Windows\system32\drivers\dmvsc.sys []

S3 drmkaud;Microsoft Trusted Audio Drivers; C:\Windows\system32\drivers\drmkaud.sys []

S3 DXGKrnl;LDDM Graphics Subsystem; C:\Windows\System32\drivers\dxgkrnl.sys []

S3 ebdrv;Broadcom NetXtreme II 10 GigE VBD; C:\Windows\system32\drivers\evbda.sys []

S3 elxstor;elxstor; C:\Windows\system32\drivers\elxstor.sys []

S3 ErrDev;Microsoft Hardware Error Device Driver; C:\Windows\system32\drivers\errdev.sys []

S3 exfat;exFAT File System Driver; C:\Windows\SysWOW64\drivers\exfat.sys []

S3 fastfat;FAT12/16/32 File System Driver; C:\Windows\SysWOW64\drivers\fastfat.sys []

S3 fdc;Floppy Disk Controller Driver; C:\Windows\system32\drivers\fdc.sys []

S3 FileInfo;@%SystemRoot%\system32\drivers\fileinfo.sys,-100; C:\Windows\system32\drivers\fileinfo.sys []

S3 Filetrace;@%SystemRoot%\system32\drivers\filetrace.sys,-10001; C:\Windows\system32\drivers\filetrace.sys []

S3 flpydisk;Floppy Disk Driver; C:\Windows\system32\drivers\flpydisk.sys []

S3 FsDepends;@%SystemRoot%\system32\drivers\fsdepends.sys,-10001; C:\Windows\System32\drivers\FsDepends.sys []

S3 gagp30kx;Microsoft Generic AGPv3.0 Filter for K8 Processor Platforms; C:\Windows\system32\drivers\gagp30kx.sys []

S3 HidBatt;HID UPS Battery Driver; C:\Windows\system32\drivers\HidBatt.sys []

S3 HpSAMD;HpSAMD; C:\Windows\system32\drivers\HpSAMD.sys []

S3 i8042prt;i8042 Keyboard and PS/2 Mouse Port Driver; C:\Windows\system32\drivers\i8042prt.sys []

S3 iaStorV;iaStorV; C:\Windows\system32\drivers\iaStorV.sys []

S3 iirsp;iirsp; C:\Windows\system32\drivers\iirsp.sys []

S3 intelide;intelide; C:\Windows\system32\drivers\intelide.sys []

S3 ioatdma;Intel® QuickData Technology Device; C:\Windows\System32\Drivers\qd260x64.sys []

S3 IpFilterDriver;@%systemroot%\system32\rascfg.dll,-32013; C:\Windows\system32\DRIVERS\ipfltdrv.sys []

S3 IPMIDRV;IPMIDRV; C:\Windows\system32\drivers\IPMIDrv.sys []

S3 IPNAT;IP Network Address Translator; C:\Windows\System32\drivers\ipnat.sys []

S3 isapnp;isapnp; C:\Windows\system32\drivers\isapnp.sys []

S3 iScsiPrt;iScsiPort Driver; C:\Windows\system32\drivers\msiscsi.sys []

S3 LSI_FC;LSI_FC; C:\Windows\system32\drivers\lsi_fc.sys []

S3 LSI_SAS;LSI_SAS; C:\Windows\system32\drivers\lsi_sas.sys []

S3 LSI_SAS2;LSI_SAS2; C:\Windows\system32\drivers\lsi_sas2.sys []

S3 LSI_SCSI;LSI_SCSI; C:\Windows\system32\drivers\lsi_scsi.sys []

S3 megasas;megasas; C:\Windows\system32\drivers\megasas.sys []

S3 MegaSR;MegaSR; C:\Windows\system32\drivers\MegaSR.sys []

S3 Modem;Modem; C:\Windows\system32\drivers\modem.sys []

S3 mpio;mpio; C:\Windows\system32\drivers\mpio.sys []

S3 msahci;msahci; C:\Windows\system32\drivers\msahci.sys []

S3 msdsm;msdsm; C:\Windows\system32\drivers\msdsm.sys []

S3 mshidkmdf;@%SystemRoot%\system32\drivers\mshidkmdf.sys,-100; C:\Windows\System32\drivers\mshidkmdf.sys []

S3 MSKSSRV;Microsoft Streaming Service Proxy; C:\Windows\system32\drivers\MSKSSRV.sys []

S3 MSPCLOCK;Microsoft Streaming Clock Proxy; C:\Windows\system32\drivers\MSPCLOCK.sys []

S3 MSPQM;Microsoft Streaming Quality Manager Proxy; C:\Windows\system32\drivers\MSPQM.sys []

S3 MsRPC;MsRPC; C:\Windows\SysWOW64\drivers\MsRPC.sys []

S3 MSTEE;Microsoft Streaming Tee/Sink-to-Sink Converter; C:\Windows\system32\drivers\MSTEE.sys []

S3 MTConfig;Microsoft Input Configuration Driver; C:\Windows\system32\drivers\MTConfig.sys []

S3 NdisCap;NDIS Capture LightWeight Filter; C:\Windows\system32\DRIVERS\ndiscap.sys []

S3 Ndisuio;NDIS Usermode I/O Protocol; C:\Windows\system32\DRIVERS\ndisuio.sys []

S3 nfrd960;nfrd960; C:\Windows\system32\drivers\nfrd960.sys []

S3 NPF;NetGroup Packet Filter Driver; C:\Windows\system32\drivers\npf.sys []

S3 nv_agp;NVIDIA nForce AGP Bus Filter; C:\Windows\system32\drivers\nv_agp.sys []

S3 nvraid;nvraid; C:\Windows\system32\drivers\nvraid.sys []

S3 nvstor;nvstor; C:\Windows\system32\drivers\nvstor.sys []

S3 ohci1394;1394 OHCI Compliant Host Controller (Legacy); C:\Windows\system32\drivers\ohci1394.sys []

S3 Parport;Parallel port driver; C:\Windows\system32\drivers\parport.sys []

S3 pcmcia;pcmcia; C:\Windows\system32\drivers\pcmcia.sys []

S3 PORTMON;PORTMON; \??\H:\Sysinternalssuite\PORTMSYS.SYS [2012-08-02 28656]

S3 Processor;Processor Driver; C:\Windows\system32\drivers\processr.sys []

S3 ql2300;ql2300; C:\Windows\system32\drivers\ql2300.sys []

S3 ql40xx;ql40xx; C:\Windows\system32\drivers\ql40xx.sys []

S3 RasAcd;Remote Access Auto Connection Driver; C:\Windows\System32\DRIVERS\rasacd.sys []

S3 s3cap;s3cap; C:\Windows\system32\drivers\vms3cap.sys []

S3 sbp2port;sbp2port; C:\Windows\system32\drivers\sbp2port.sys []

S3 scfilter;@%SystemRoot%\System32\drivers\scfilter.sys,-11; C:\Windows\System32\DRIVERS\scfilter.sys []

S3 sermouse;Serial Mouse Driver; C:\Windows\system32\drivers\sermouse.sys []

S3 sffdisk;SFF Storage Class Driver; C:\Windows\system32\drivers\sffdisk.sys []

S3 sffp_mmc;SFF Storage Protocol Driver for MMC; C:\Windows\system32\drivers\sffp_mmc.sys []

S3 sffp_sd;SFF Storage Protocol Driver for SDBus; C:\Windows\system32\drivers\sffp_sd.sys []

S3 sfloppy;High-Capacity Floppy Disk Drive; C:\Windows\system32\drivers\sfloppy.sys []

S3 SiSRaid2;SiSRaid2; C:\Windows\system32\drivers\SiSRaid2.sys []

S3 SiSRaid4;SiSRaid4; C:\Windows\system32\drivers\sisraid4.sys []

S3 Smb;@%SystemRoot%\system32\tcpipcfg.dll,-50005; C:\Windows\system32\DRIVERS\smb.sys []

S3 stexstor;stexstor; C:\Windows\system32\drivers\stexstor.sys []

S3 storvsc;storvsc; C:\Windows\system32\drivers\storvsc.sys []

S3 storvsp;storvsp; C:\Windows\system32\drivers\storvsp.sys []

S3 TCPIP6;Microsoft IPv6 Protocol Driver; C:\Windows\system32\DRIVERS\tcpip.sys []

S3 TDPIPE;TDPIPE; C:\Windows\system32\drivers\tdpipe.sys []

S3 TsUsbFlt;TsUsbFlt; C:\Windows\system32\drivers\tsusbflt.sys []

S3 TsUsbGD;Remote Desktop Generic USB Device; C:\Windows\system32\drivers\TsUsbGD.sys []

S3 uagp35;Microsoft AGPv3.5 Filter; C:\Windows\system32\drivers\uagp35.sys []

S3 uliagpkx;Uli AGP Bus Filter; C:\Windows\system32\drivers\uliagpkx.sys []

S3 UmPass;Microsoft UMPass Driver; C:\Windows\system32\drivers\umpass.sys []

S3 usbohci;Microsoft USB Open Host Controller Miniport Driver; C:\Windows\system32\drivers\usbohci.sys []

S3 usbprint;Microsoft USB PRINTER Class; C:\Windows\system32\drivers\usbprint.sys []

S3 USBSTOR;USB Mass Storage Driver; C:\Windows\system32\drivers\USBSTOR.SYS []

S3 VBCoreNT.1;VirusBuster engine core driver; C:\Windows\System32\Filt\tmp\eal2sivq.vbt []

S3 vhdmp;vhdmp; C:\Windows\system32\drivers\vhdmp.sys []

S3 viaide;viaide; C:\Windows\system32\drivers\viaide.sys []

S3 Vid;Vid; C:\Windows\system32\drivers\Vid.sys []

S3 vmbus;vmbus; C:\Windows\system32\drivers\vmbus.sys []

S3 VMBusHID;VMBusHID; C:\Windows\system32\drivers\VMBusHID.sys []

S3 vsmraid;vsmraid; C:\Windows\system32\drivers\vsmraid.sys []

S3 WacomPen;Wacom Serial Pen HID Driver; C:\Windows\system32\drivers\wacompen.sys []

S3 WANARP;@%systemroot%\system32\rascfg.dll,-32011; C:\Windows\system32\DRIVERS\wanarp.sys []

S3 Wd;Wd; C:\Windows\system32\drivers\wd.sys []

S3 WIMMount;WIMMount; C:\Windows\system32\drivers\wimmount.sys [2009-07-14 19008]

S3 WudfPf;User Mode Driver Frameworks Platform Driver; C:\Windows\system32\drivers\WudfPf.sys []

S4 cdfs;CD/DVD File System Reader; C:\Windows\system32\DRIVERS\cdfs.sys []

S4 crcdisk;Crcdisk Filter Driver; C:\Windows\system32\drivers\crcdisk.sys []

S4 LMIRfsClientNP;LMIRfsClientNP; C:\Windows\SysWOW64\drivers\LMIRfsClientNP.sys []

S4 udfs;udfs; C:\Windows\system32\DRIVERS\udfs.sys []

======List of services (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R2 acssrv;Agnitum Client Security Service; C:\PROGRA~1\Agnitum\OUTPOS~1\acs.exe [2012-06-16 3268976]

R2 BFE;@%SystemRoot%\system32\bfe.dll,-1001; C:\Windows\system32\svchost.exe [2009-07-14 20992]

R2 CryptSvc;@%SystemRoot%\system32\cryptsvc.dll,-1001; C:\Windows\system32\svchost.exe [2009-07-14 20992]

R2 DcomLaunch;@oleres.dll,-5012; C:\Windows\system32\svchost.exe [2009-07-14 20992]

R2 Dhcp;@%SystemRoot%\system32\dhcpcore.dll,-100; C:\Windows\system32\svchost.exe [2009-07-14 20992]

R2 Dnscache;@%SystemRoot%\System32\dnsapi.dll,-101; C:\Windows\system32\svchost.exe [2009-07-14 20992]

R2 DPS;@%systemroot%\system32\dps.dll,-500; C:\Windows\System32\svchost.exe [2009-07-14 20992]

R2 eventlog;@%SystemRoot%\system32\wevtsvc.dll,-200; C:\Windows\System32\svchost.exe [2009-07-14 20992]

R2 EventSystem;@comres.dll,-2450; C:\Windows\system32\svchost.exe [2009-07-14 20992]

R2 FontCache;@%systemroot%\system32\FntCache.dll,-100; C:\Windows\system32\svchost.exe [2009-07-14 20992]

R2 gpsvc;@gpapi.dll,-112; C:\Windows\system32\svchost.exe [2009-07-14 20992]

R2 IKEEXT;@%SystemRoot%\system32\ikeext.dll,-501; C:\Windows\system32\svchost.exe [2009-07-14 20992]

R2 iphlpsvc;@%SystemRoot%\system32\iphlpsvc.dll,-500; C:\Windows\System32\svchost.exe [2009-07-14 20992]

R2 LanmanServer;@%systemroot%\system32\srvsvc.dll,-100; C:\Windows\system32\svchost.exe [2009-07-14 20992]

R2 LanmanWorkstation;@%systemroot%\system32\wkssvc.dll,-100; C:\Windows\System32\svchost.exe [2009-07-14 20992]

R2 lmhosts;@%SystemRoot%\system32\lmhsvc.dll,-101; C:\Windows\system32\svchost.exe [2009-07-14 20992]

R2 LMIGuardianSvc;LMIGuardianSvc; C:\Program Files (x86)\LogMeIn\x64\LMIGuardianSvc.exe [2012-07-05 375208]

R2 LMIMaint;LogMeIn Maintenance Service; C:\Program Files (x86)\LogMeIn\x64\RaMaint.exe [2012-07-05 147368]

R2 LogMeIn;LogMeIn; C:\Program Files (x86)\LogMeIn\x64\LogMeIn.exe [2012-06-08 407424]

R2 MBAMService;MBAMService; C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe [2012-07-03 655944]

R2 MpsSvc;@%SystemRoot%\system32\FirewallAPI.dll,-23090; C:\Windows\system32\svchost.exe [2009-07-14 20992]

R2 MSDTC;@comres.dll,-2797; C:\Windows\System32\msdtc.exe []

R2 NlaSvc;@%SystemRoot%\System32\nlasvc.dll,-1; C:\Windows\System32\svchost.exe [2009-07-14 20992]

R2 nsi;@%SystemRoot%\system32\nsisvc.dll,-200; C:\Windows\system32\svchost.exe [2009-07-14 20992]

R2 PlugPlay;@%SystemRoot%\system32\umpnpmgr.dll,-100; C:\Windows\system32\svchost.exe [2009-07-14 20992]

R2 Power;@%SystemRoot%\system32\umpo.dll,-100; C:\Windows\system32\svchost.exe [2009-07-14 20992]

R2 ProfSvc;@%systemroot%\system32\profsvc.dll,-300; C:\Windows\system32\svchost.exe [2009-07-14 20992]

R2 RemoteRegistry;@regsvc.dll,-1; C:\Windows\system32\svchost.exe [2009-07-14 20992]

R2 RpcEptMapper;@%windir%\system32\RpcEpMap.dll,-1001; C:\Windows\system32\svchost.exe [2009-07-14 20992]

R2 RpcSs;@oleres.dll,-5010; C:\Windows\system32\svchost.exe [2009-07-14 20992]

R2 SamSs;@%SystemRoot%\system32\samsrv.dll,-1; C:\Windows\system32\lsass.exe []

R2 Schedule;@%SystemRoot%\system32\schedsvc.dll,-100; C:\Windows\system32\svchost.exe [2009-07-14 20992]

R2 SENS;@%SystemRoot%\system32\Sens.dll,-200; C:\Windows\system32\svchost.exe [2009-07-14 20992]

R2 ShellHWDetection;@%SystemRoot%\System32\shsvcs.dll,-12288; C:\Windows\System32\svchost.exe [2009-07-14 20992]

R2 Spooler;@%systemroot%\system32\spoolsv.exe,-1; C:\Windows\System32\spoolsv.exe []

R2 TrkWks;@%SystemRoot%\system32\trkwks.dll,-1; C:\Windows\System32\svchost.exe [2009-07-14 20992]

R2 UxSms;@%SystemRoot%\system32\dwm.exe,-2000; C:\Windows\System32\svchost.exe [2009-07-14 20992]

R2 VMAuthdService;VMware Authorization Service; C:\Program Files (x86)\VMware\VMware Player\vmware-authd.exe [2012-06-09 79872]

R2 VMnetDHCP;VMware DHCP Service; C:\Windows\system32\vmnetdhcp.exe [2012-06-09 354456]

R2 VMUSBArbService;VMware USB Arbitration Service; C:\Program Files (x86)\Common Files\VMware\USB\vmware-usbarbitrator64.exe [2011-08-29 846448]

R2 VMware NAT Service;VMware NAT Service; C:\Windows\system32\vmnat.exe [2012-06-09 433816]

R2 Winmgmt;@%Systemroot%\system32\wbem\wmisvc.dll,-205; C:\Windows\system32\svchost.exe [2009-07-14 20992]

R2 WinRM;@%Systemroot%\system32\wsmsvc.dll,-101; C:\Windows\System32\svchost.exe [2009-07-14 20992]

R2 wuauserv;@%systemroot%\system32\wuaueng.dll,-105; C:\Windows\system32\svchost.exe [2009-07-14 20992]

R3 AeLookupSvc;@%SystemRoot%\system32\aelupsvc.dll,-1; C:\Windows\system32\svchost.exe [2009-07-14 20992]

R3 CertPropSvc;@%SystemRoot%\System32\certprop.dll,-11; C:\Windows\system32\svchost.exe [2009-07-14 20992]

R3 hidserv;@%SystemRoot%\System32\hidserv.dll,-101; C:\Windows\system32\svchost.exe [2009-07-14 20992]

R3 Netman;@%SystemRoot%\system32\netman.dll,-109; C:\Windows\System32\svchost.exe [2009-07-14 20992]

R3 netprofm;@%SystemRoot%\system32\netprofm.dll,-202; C:\Windows\System32\svchost.exe [2009-07-14 20992]

R3 PolicyAgent;@%SystemRoot%\System32\polstore.dll,-5010; C:\Windows\system32\svchost.exe [2009-07-14 20992]

R3 SessionEnv;@%SystemRoot%\System32\SessEnv.dll,-1026; C:\Windows\System32\svchost.exe [2009-07-14 20992]

R3 TermService;@%SystemRoot%\System32\termsrv.dll,-268; C:\Windows\System32\svchost.exe [2009-07-14 20992]

R3 TrustedInstaller;@%SystemRoot%\servicing\TrustedInstaller.exe,-100; C:\Windows\servicing\TrustedInstaller.exe [2010-11-21 194048]

R3 UmRdpService;@%SystemRoot%\system32\umrdp.dll,-1000; C:\Windows\System32\svchost.exe [2009-07-14 20992]

R3 WerSvc;@%SystemRoot%\System32\wersvc.dll,-100; C:\Windows\System32\svchost.exe [2009-07-14 20992]

R3 WinHttpAutoProxySvc;@%SystemRoot%\system32\winhttp.dll,-100; C:\Windows\system32\svchost.exe [2009-07-14 20992]

S2 sppsvc;@%SystemRoot%\system32\sppsvc.exe,-101; C:\Windows\system32\sppsvc.exe []

S3 ALG;@%SystemRoot%\system32\Alg.exe,-112; C:\Windows\System32\alg.exe []

S3 AppIDSvc;@%systemroot%\system32\appidsvc.dll,-100; C:\Windows\system32\svchost.exe [2009-07-14 20992]

S3 Appinfo;@%systemroot%\system32\appinfo.dll,-100; C:\Windows\system32\svchost.exe [2009-07-14 20992]

S3 AppMgmt;@appmgmts.dll,-3250; C:\Windows\system32\svchost.exe [2009-07-14 20992]

S3 AudioEndpointBuilder;@%SystemRoot%\system32\audiosrv.dll,-204; C:\Windows\System32\svchost.exe [2009-07-14 20992]

S3 AudioSrv;@%SystemRoot%\system32\audiosrv.dll,-200; C:\Windows\System32\svchost.exe [2009-07-14 20992]

S3 BITS;@%SystemRoot%\system32\qmgr.dll,-1000; C:\Windows\System32\svchost.exe [2009-07-14 20992]

S3 clr_optimization_v2.0.50727_32;Microsoft .NET Framework NGEN v2.0.50727_X86; C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe [2009-06-10 66384]

S3 clr_optimization_v2.0.50727_64;Microsoft .NET Framework NGEN v2.0.50727_X64; C:\Windows\Microsoft.NET\Framework64\v2.0.50727\mscorsvw.exe [2009-06-10 89920]

S3 COMSysApp;@comres.dll,-947; C:\Windows\system32\dllhost.exe [2009-07-14 7168]

S3 defragsvc;@%SystemRoot%\system32\defragsvc.dll,-101; C:\Windows\system32\svchost.exe [2009-07-14 20992]

S3 dot3svc;@%systemroot%\system32\dot3svc.dll,-1102; C:\Windows\system32\svchost.exe [2009-07-14 20992]

S3 EapHost;@%systemroot%\system32\eapsvc.dll,-1; C:\Windows\System32\svchost.exe [2009-07-14 20992]

S3 EFS;@%SystemRoot%\system32\efssvc.dll,-100; C:\Windows\System32\lsass.exe []

S3 FCRegSvc;@%SystemRoot%\system32\FCRegSvc.dll,-5000; C:\Windows\system32\svchost.exe [2009-07-14 20992]

S3 fdPHost;@%systemroot%\system32\fdPHost.dll,-100; C:\Windows\system32\svchost.exe [2009-07-14 20992]

S3 FDResPub;@%systemroot%\system32\fdrespub.dll,-100; C:\Windows\system32\svchost.exe [2009-07-14 20992]

S3 hkmsvc;@%SystemRoot%\system32\kmsvc.dll,-6; C:\Windows\System32\svchost.exe [2009-07-14 20992]

S3 KeyIso;@keyiso.dll,-100; C:\Windows\system32\lsass.exe []

S3 KtmRm;@comres.dll,-2946; C:\Windows\System32\svchost.exe [2009-07-14 20992]

S3 lltdsvc;@%SystemRoot%\system32\lltdres.dll,-1; C:\Windows\System32\svchost.exe [2009-07-14 20992]

S3 MMCSS;@%systemroot%\system32\mmcss.dll,-100; C:\Windows\system32\svchost.exe [2009-07-14 20992]

S3 MozillaMaintenance;Mozilla Maintenance Service; C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe [2012-07-14 113120]

S3 MSiSCSI;@%SystemRoot%\system32\iscsidsc.dll,-5000; C:\Windows\system32\svchost.exe [2009-07-14 20992]

S3 msiserver;@%SystemRoot%\system32\msimsg.dll,-27; C:\Windows\system32\msiexec.exe [2010-11-21 73216]

S3 napagent;@%SystemRoot%\system32\qagentrt.dll,-6; C:\Windows\System32\svchost.exe [2009-07-14 20992]

S3 Netlogon;@%SystemRoot%\System32\netlogon.dll,-102; C:\Windows\system32\lsass.exe []

S3 PerfHost;@%systemroot%\sysWow64\perfhost.exe,-2; C:\Windows\SysWow64\perfhost.exe [2009-07-14 20992]

S3 pla;@%systemroot%\system32\pla.dll,-500; C:\Windows\System32\svchost.exe [2009-07-14 20992]

S3 ProtectedStorage;@%systemroot%\system32\psbase.dll,-300; C:\Windows\system32\lsass.exe []

S3 RasAuto;@%Systemroot%\system32\rasauto.dll,-200; C:\Windows\System32\svchost.exe [2009-07-14 20992]

S3 RasMan;@%Systemroot%\system32\rasmans.dll,-200; C:\Windows\System32\svchost.exe [2009-07-14 20992]

S3 rpcapd;Remote Packet Capture Protocol v.0 (experimental); C:\Program Files (x86)\WinPcap\rpcapd.exe [2010-06-25 117264]

S3 RpcLocator;@%systemroot%\system32\Locator.exe,-2; C:\Windows\system32\locator.exe []

S3 RSoPProv;@gpapi.dll,-114; C:\Windows\system32\RSoPProv.exe []

S3 sacsvr;@%systemroot%\system32\sacsvr.dll,-500; C:\Windows\System32\svchost.exe [2009-07-14 20992]

S3 SCardSvr;@%SystemRoot%\System32\SCardSvr.dll,-1; C:\Windows\system32\svchost.exe [2009-07-14 20992]

S3 SCPolicySvc;@%SystemRoot%\System32\certprop.dll,-13; C:\Windows\system32\svchost.exe [2009-07-14 20992]

S3 seclogon;@%SystemRoot%\system32\seclogon.dll,-7001; C:\Windows\system32\svchost.exe [2009-07-14 20992]

S3 SNMPTRAP;@%SystemRoot%\system32\snmptrap.exe,-3; C:\Windows\System32\snmptrap.exe []

S3 sppuinotify;@%SystemRoot%\system32\sppuinotify.dll,-103; C:\Windows\system32\svchost.exe [2009-07-14 20992]

S3 SstpSvc;@%SystemRoot%\system32\sstpsvc.dll,-200; C:\Windows\system32\svchost.exe [2009-07-14 20992]

S3 swprv;@%SystemRoot%\System32\swprv.dll,-103; C:\Windows\System32\svchost.exe [2009-07-14 20992]

S3 TapiSrv;@%SystemRoot%\system32\tapisrv.dll,-10100; C:\Windows\System32\svchost.exe [2009-07-14 20992]

S3 TBS;@%SystemRoot%\system32\tbssvc.dll,-100; C:\Windows\System32\svchost.exe [2009-07-14 20992]

S3 THREADORDER;@%systemroot%\system32\mmcss.dll,-102; C:\Windows\system32\svchost.exe [2009-07-14 20992]

S3 UI0Detect;@%SystemRoot%\system32\ui0detect.exe,-101; C:\Windows\system32\UI0Detect.exe []

S3 VaultSvc;@%SystemRoot%\system32\vaultsvc.dll,-1003; C:\Windows\system32\lsass.exe []

S3 vds;@%SystemRoot%\system32\vds.exe,-100; C:\Windows\System32\vds.exe []

S3 VSS;@%systemroot%\system32\vssvc.exe,-102; C:\Windows\system32\vssvc.exe []

S3 W32Time;@%SystemRoot%\system32\w32time.dll,-200; C:\Windows\system32\svchost.exe [2009-07-14 20992]

S3 WcsPlugInService;@%SystemRoot%\system32\WcsPlugInService.dll,-200; C:\Windows\system32\svchost.exe [2009-07-14 20992]

S3 WdiServiceHost;@%systemroot%\system32\wdi.dll,-502; C:\Windows\System32\svchost.exe [2009-07-14 20992]

S3 WdiSystemHost;@%systemroot%\system32\wdi.dll,-500; C:\Windows\System32\svchost.exe [2009-07-14 20992]

S3 Wecsvc;@%SystemRoot%\system32\wecsvc.dll,-200; C:\Windows\system32\svchost.exe [2009-07-14 20992]

S3 wercplsupport;@%SystemRoot%\System32\wercplsupport.dll,-101; C:\Windows\System32\svchost.exe [2009-07-14 20992]

S3 wmiApSrv;@%Systemroot%\system32\wbem\wmiapsrv.exe,-110; C:\Windows\system32\wbem\WmiApSrv.exe []

S3 WPDBusEnum;@%SystemRoot%\system32\wpdbusenum.dll,-100; C:\Windows\system32\svchost.exe [2009-07-14 20992]

S3 wudfsvc;@%SystemRoot%\system32\wudfsvc.dll,-1000; C:\Windows\system32\svchost.exe [2009-07-14 20992]

S4 Browser;@%systemroot%\system32\browser.dll,-100; C:\Windows\System32\svchost.exe [2009-07-14 20992]

S4 IPBusEnum;@%systemroot%\system32\IPBusEnum.dll,-102; C:\Windows\system32\svchost.exe [2009-07-14 20992]

S4 RemoteAccess;@%Systemroot%\system32\mprdim.dll,-200; C:\Windows\System32\svchost.exe [2009-07-14 20992]

S4 SharedAccess;@%SystemRoot%\system32\ipnathlp.dll,-106; C:\Windows\System32\svchost.exe [2009-07-14 20992]

S4 SSDPSRV;@%systemroot%\system32\ssdpsrv.dll,-100; C:\Windows\system32\svchost.exe [2009-07-14 20992]

S4 upnphost;@%systemroot%\system32\upnphost.dll,-213; C:\Windows\system32\svchost.exe [2009-07-14 20992]

-----------------EOF-----------------

and the info

info.txt logfile of random's system information tool 1.09 2012-08-02 23:44:16

======Uninstall list======

Java 6 Update 33-->MsiExec.exe /X{26A24AE4-039D-4CA4-87B4-2F83216033FF}

LogMeIn-->MsiExec.exe /I{22461A1C-BD68-4D90-9897-1DB146D55ECB}

Malwarebytes Anti-Malware version 1.62.0.1300-->"C:\Program Files (x86)\Malwarebytes' Anti-Malware\unins000.exe"

Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022-->MsiExec.exe /X{FF66E9F6-83E7-3A3E-AF14-8DE9A809A6A4}

Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148-->MsiExec.exe /X{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}

Microsoft Visual C++ 2010 x86 Redistributable - 10.0.30319-->MsiExec.exe /X{196BB40D-1578-3D01-B289-BEFC77A11A1E}

Mozilla Firefox 14.0.1 (x86 nl)-->C:\Program Files (x86)\Mozilla Firefox\uninstall\helper.exe

Mozilla Maintenance Service-->"C:\Program Files (x86)\Mozilla Maintenance Service\uninstall.exe"

SABnzbd 0.7.2-->"H:\SABnzbd\uninstall.exe"

tools-freebsd-->MsiExec.exe /X{003BFBBD-6C67-419E-A24D-0DCAFC3A5249}

Total Commander (Remove or Repair)-->c:\totalcmd\tcuninst.exe

VMware Player-->C:\ProgramData\VMware\VMware Player\Uninstaller\uninstall.exe -x -S "C:\ProgramData\VMware\VMware Player\Uninstaller\"

VMware Player-->MsiExec.exe /I{E452E727-86B8-4233-8CC3-41FD817AFAFF}

WinPcap 4.1.2-->C:\Program Files (x86)\WinPcap\uninstall.exe

Wireshark 1.8.1 (64-bit)-->"C:\Program Files\Wireshark\uninstall.exe"

Wuala CBFS-->"C:\Program Files (x86)\Wuala CBFS\Uninstall.exe"

Wuala OverlayIcons-->"C:\Program Files (x86)\Wuala OverlayIcons\Uninstall.exe"

======System event log======

Computer Name: Thalantis-W8

Event Code: 11

Message: Custom dynamic link libraries are being loaded for every application. The system administrator should review the list of libraries to ensure they are related to trusted applications.

Record Number: 914

Source Name: Microsoft-Windows-Wininit

Time Written: 20120802052612.546035-000

Event Type: Warning

User: NT AUTHORITY\SYSTEM

Computer Name: Thalantis-W8

Event Code: 11

Message: Custom dynamic link libraries are being loaded for every application. The system administrator should review the list of libraries to ensure they are related to trusted applications.

Record Number: 777

Source Name: Microsoft-Windows-Wininit

Time Written: 20120801205333.733235-000

Event Type: Warning

User: NT AUTHORITY\SYSTEM

Computer Name: WIN-VMNFO3GSSOG

Event Code: 11

Message: Custom dynamic link libraries are being loaded for every application. The system administrator should review the list of libraries to ensure they are related to trusted applications.

Record Number: 653

Source Name: Microsoft-Windows-Wininit

Time Written: 20120801204315.546035-000

Event Type: Warning

User: NT AUTHORITY\SYSTEM

Computer Name: WIN-VMNFO3GSSOG

Event Code: 52

Message: The time service has set the time with offset 14355438563950637 seconds.

Record Number: 497

Source Name: Microsoft-Windows-Time-Service

Time Written: 20120801194405.075581-000

Event Type: Warning

User: NT AUTHORITY\LOCAL SERVICE

Computer Name: 37L4247F27-26

Event Code: 7026

Message: The following boot-start or system-start driver(s) failed to load:

cdrom

Record Number: 108

Source Name: Service Control Manager

Time Written: 20120802043646.608052-000

Event Type: Error

User:

=====Application event log=====

Computer Name: Thalantis-W8

Event Code: 10

Message: Event filter with query "SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 99" could not be reactivated in namespace "//./root/CIMV2" because of error 0x80041003. Events cannot be delivered through this filter until the problem is corrected.

Record Number: 155

Source Name: Microsoft-Windows-WMI

Time Written: 20120801205512.000000-000

Event Type: Error

User:

Computer Name: WIN-VMNFO3GSSOG

Event Code: 1530

Message: Windows detected your registry file is still in use by other applications or services. The file will be unloaded now. The applications or services that hold your registry file may not function properly afterwards.

DETAIL -

1 user registry handles leaked from \Registry\User\S-1-5-21-3130183148-3393406439-340295829-500:

Process 916 (\Device\HarddiskVolume2\Windows\System32\svchost.exe) has opened key \REGISTRY\USER\S-1-5-21-3130183148-3393406439-340295829-500\Printers\DevModePerUser

Record Number: 143

Source Name: Microsoft-Windows-User Profiles Service

Time Written: 20120801205128.834501-000

Event Type: Warning

User: NT AUTHORITY\SYSTEM

Computer Name: WIN-VMNFO3GSSOG

Event Code: 10

Message: Event filter with query "SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 99" could not be reactivated in namespace "//./root/CIMV2" because of error 0x80041003. Events cannot be delivered through this filter until the problem is corrected.

Record Number: 121

Source Name: Microsoft-Windows-WMI

Time Written: 20120801204454.000000-000

Event Type: Error

User:

Computer Name: WIN-VMNFO3GSSOG

Event Code: 1530

Message: Windows detected your registry file is still in use by other applications or services. The file will be unloaded now. The applications or services that hold your registry file may not function properly afterwards.

DETAIL -

5 user registry handles leaked from \Registry\User\S-1-5-21-3130183148-3393406439-340295829-500:

Process 1156 (\Device\HarddiskVolume2\Windows\System32\spoolsv.exe) has opened key \REGISTRY\USER\S-1-5-21-3130183148-3393406439-340295829-500

Process 444 (\Device\HarddiskVolume2\Windows\System32\svchost.exe) has opened key \REGISTRY\USER\S-1-5-21-3130183148-3393406439-340295829-500\Printers\DevModePerUser

Process 1156 (\Device\HarddiskVolume2\Windows\System32\spoolsv.exe) has opened key \REGISTRY\USER\S-1-5-21-3130183148-3393406439-340295829-500\Software\Microsoft\Windows NT\CurrentVersion\Devices

Process 1156 (\Device\HarddiskVolume2\Windows\System32\spoolsv.exe) has opened key \REGISTRY\USER\S-1-5-21-3130183148-3393406439-340295829-500\Software\Microsoft\Windows NT\CurrentVersion\Windows

Process 1156 (\Device\HarddiskVolume2\Windows\System32\spoolsv.exe) has opened key \REGISTRY\USER\S-1-5-21-3130183148-3393406439-340295829-500\Software\Microsoft\Windows NT\CurrentVersion\PrinterPorts

Record Number: 109

Source Name: Microsoft-Windows-User Profiles Service

Time Written: 20120801204054.757388-000

Event Type: Warning

User: NT AUTHORITY\SYSTEM

Computer Name: WIN-VMNFO3GSSOG

Event Code: 10

Message: Event filter with query "SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 99" could not be reactivated in namespace "//./root/CIMV2" because of error 0x80041003. Events cannot be delivered through this filter until the problem is corrected.

Record Number: 92

Source Name: Microsoft-Windows-WMI

Time Written: 20120802044225.000000-000

Event Type: Error

User:

=====Security event log=====

Computer Name: 37L4247F27-26

Event Code: 4672

Message: Special privileges assigned to new logon.

Subject:

Security ID: S-1-5-18

Account Name: SYSTEM

Account Domain: NT AUTHORITY

Logon ID: 0x3e7

Privileges: SeAssignPrimaryTokenPrivilege

SeTcbPrivilege

SeSecurityPrivilege

SeTakeOwnershipPrivilege

SeLoadDriverPrivilege

SeBackupPrivilege

SeRestorePrivilege

SeDebugPrivilege

SeAuditPrivilege

SeSystemEnvironmentPrivilege

SeImpersonatePrivilege

Record Number: 5

Source Name: Microsoft-Windows-Security-Auditing

Time Written: 20120802043642.520845-000

Event Type: Audit Success

User:

Computer Name: 37L4247F27-26

Event Code: 4624

Message: An account was successfully logged on.

Subject:

Security ID: S-1-5-18

Account Name: 37L4247F27-26$

Account Domain: WORKGROUP

Logon ID: 0x3e7

Logon Type: 5

New Logon:

Security ID: S-1-5-18

Account Name: SYSTEM

Account Domain: NT AUTHORITY

Logon ID: 0x3e7

Logon GUID: {00000000-0000-0000-0000-000000000000}

Process Information:

Process ID: 0x1d4

Process Name: C:\Windows\System32\services.exe

Network Information:

Workstation Name:

Source Network Address: -

Source Port: -

Detailed Authentication Information:

Logon Process: Advapi

Authentication Package: Negotiate

Transited Services: -

Package Name (NTLM only): -

Key Length: 0

This event is generated when a logon session is created. It is generated on the computer that was accessed.

The subject fields indicate the account on the local system which requested the logon. This is most commonly a service such as the Server service, or a local process such as Winlogon.exe or Services.exe.

The logon type field indicates the kind of logon that occurred. The most common types are 2 (interactive) and 3 (network).

The New Logon fields indicate the account for whom the new logon was created, i.e. the account that was logged on.

The network fields indicate where a remote logon request originated. Workstation name is not always available and may be left blank in some cases.

The authentication information fields provide detailed information about this specific logon request.

- Logon GUID is a unique identifier that can be used to correlate this event with a KDC event.

- Transited services indicate which intermediate services have participated in this logon request.

- Package name indicates which sub-protocol was used among the NTLM protocols.

- Key length indicates the length of the generated session key. This will be 0 if no session key was requested.

Record Number: 4

Source Name: Microsoft-Windows-Security-Auditing

Time Written: 20120802043642.520845-000

Event Type: Audit Success

User:

Computer Name: 37L4247F27-26

Event Code: 4902

Message: The Per-user audit policy table was created.

Number of Elements: 0

Policy ID: 0x2b960

Record Number: 3

Source Name: Microsoft-Windows-Security-Auditing

Time Written: 20120802043642.489645-000

Event Type: Audit Success

User:

Computer Name: 37L4247F27-26

Event Code: 4624

Message: An account was successfully logged on.

Subject:

Security ID: S-1-0-0

Account Name: -

Account Domain: -

Logon ID: 0x0

Logon Type: 0

New Logon:

Security ID: S-1-5-18

Account Name: SYSTEM

Account Domain: NT AUTHORITY

Logon ID: 0x3e7

Logon GUID: {00000000-0000-0000-0000-000000000000}

Process Information:

Process ID: 0x4

Process Name:

Network Information:

Workstation Name: -

Source Network Address: -

Source Port: -

Detailed Authentication Information:

Logon Process: -

Authentication Package: -