Am I infected ? Proxycheck.exe trojan

Hey guys i was doing my daily scan with Malwarebytes yesterday afternoon and it picked up a single file i ended up just removing it and reformatting my hard driver since i was already thinking of doing it earlier this week. Anyways i forgot to save the MaM log to show you guys all i remember is it was named Trojan.(something).AI,proxycheck.exe. And it was located in a similar location i see in peoples logs on the site. Local Settings\temp\RarSFX0\proxycheck.exe not sure if it was located in the same Rar folder tho that's just an example of what i saw. Overall ive formatted my computer, changed all my passwords, etc... My problem is from the little research ive done it looks like a redirect virus, or a false-positive, or a backdoor, so im trying to figure out how serious this infect was. I dont believe it was on there for more then 24hrs because i pretty much scan my computer daily with Malwarebytes...

Help !

Hello, wel if it was a backdoor that is serious.
In whick case I would post tjis....

One or more of the identified infections is a backdoor trojan.

This allows hackers to remotely control your computer, steal critical system information and download and execute files.

I would counsel you to disconnect this PC from the Internet immediately. If you do any banking or other financial transactions on the PC or if it should contain any other sensitive information, please get to a known clean computer and change all passwords where applicable, and it would be wise to contact those same financial institutions to apprise them of your situation.

Though the trojan has been identified and can be killed, because of it's backdoor functionality, your PC is very likely compromised and there is no way to be sure your computer can ever again be trusted. Many experts in the security community believe that once infected with this type of trojan, the best course of action would be a reformat and reinstall of the OS. Please read these for more information:

How Do I Handle Possible Identify Theft, Internet Fraud and CC Fraud?
When Should I Format, How Should I Reinstall

We can still clean this machine but I can't guarantee that it will be 100% secure afterwards. Let me know what you decide to do.




So having reformattted ALL the malware is gone and the machine IS trustworthy.
You have changed passwords..good.

I would still let my bank know of the infection if you had banking on there.

Hello, wel if it was a backdoor that is serious.
In whick case I would post tjis....

One or more of the identified infections is a backdoor trojan.

This allows hackers to remotely control your computer, steal critical system information and download and execute files.

I would counsel you to disconnect this PC from the Internet immediately. If you do any banking or other financial transactions on the PC or if it should contain any other sensitive information, please get to a known clean computer and change all passwords where applicable, and it would be wise to contact those same financial institutions to apprise them of your situation.

Though the trojan has been identified and can be killed, because of it's backdoor functionality, your PC is very likely compromised and there is no way to be sure your computer can ever again be trusted. Many experts in the security community believe that once infected with this type of trojan, the best course of action would be a reformat and reinstall of the OS. Please read these for more information:

How Do I Handle Possible Identify Theft, Internet Fraud and CC Fraud?
When Should I Format, How Should I Reinstall

We can still clean this machine but I can't guarantee that it will be 100% secure afterwards. Let me know what you decide to do.




So having reformattted ALL the malware is gone and the machine IS trustworthy.
You have changed passwords..good.

I would still let my bank know of the infection if you had banking on there.

Ya like I said i reformatted my hdd's just to be sure. And changed all my passwords on sensitive info etc... I wanted to run some scans if you don't mind, and let you look over them just to make sure nothing is infected magically again. Is that ok? And as a added layer of protection I started to use sandboxie with my browser, I was wondering if you guys approved of sandboxie as a add layer of protection? Last two things are from what i researched on the forums is Rar folder's are related to rkill.exe in this topic " http://www.bleepingcomputer.com/forums/topic440676.html/page__p__2582652__hl__proxycheck__fromsearch__1#entry2582652 ." Finally after reading the how to handle possible identify theft and cc fraud the only thing I haven't done is get new cards and since its been a week, with no odd activity on them do you still think it be smart to replace them ? I know i just add a bunch of new questions for you to answer I just want to make sure everything is secure again.

Appreciate it !
-Colin

Hi Colin, Lets run these scans.
I don't mind looking them over.... Better safe than sorry is a good old adage.


Next run MBAM (MalwareBytes):

Please download Malwarebytes Anti-Malware and save it to your desktop.

• Important!! When you save the mbam-setup file, rename it to something random (such as 123abc.exe) before beginning the download.

Malwarebytes may "make changes to your registry" as part of its disinfection routine. If using other security programs that detect registry changes (ie Spybot's Teatimer), they may interfere or alert you. Temporarily disable such programs or permit them to allow the changes.

• Make sure you are connected to the Internet and double-click on the renamed file to install the application.
• When the installation begins, follow the prompts and do not make any changes to default settings.
• Malwarebytes will automatically start and you will be asked to update the program before performing a scan.
• If an update is found, the program will automatically update itself. Press the OK button and continue.
• If you cannot update Malwarebytes or use the Internet to download any files to the infected computer, manually update the database by following the instructions in FAQ Section A: 4. Issues.

• Under the Scanner tab, make sure the "Perform Quick Scan" option is selected.
• Click on the Scan button.
• When finished, a message box will say "The scan completed successfully. Click 'Show Results' to display all objects found".
• Click OK to close the message box, then click the Show Results button to see a list of any malware that was found.
• Make sure that everything is checked and then click Remove Selected.
• When removal is completed, a log report will open in Notepad.
• The log is automatically saved and can be viewed by clicking the Logs tab.
• Copy and paste the contents of that report in your next reply. Be sure to post the complete log to include the top portion which shows the database version and your operating system.
• Exit Malwarebytes when done.

Note: If Malwarebytes encounters a file that is difficult to remove, you will be asked to reboot your computer so it can proceed with the disinfection process. If asked to restart the computer, please do so immediately. Failure to reboot normally will prevent Malwarebytes from removing all the malware.

-- Some types of malware will target Malwarebytes and other security tools to keep them from running properly. If that's the case, go to Start > All Programs > Malwarebytes Anti-Malware folder > Tools > click on Malwarebytes Chameleon and follow the onscreen instructions. The Chameleon folder can be accessed by opening the program folder for Malwarebytes Anti-Malware (normally C:\Program Files\Malwarebytes' Anti-Malware or C:\Program Files (x86)\Malwarebytes' Anti-Malware).

>>>>>>>

Please download TDSSKiller.zip and and extract it.

• Run TDSSKiller.exe.
• Click Start scan.
• When it is finished the utility outputs a list of detected objects with description.
  The utility automatically selects an action (Cure or Delete) for malicious objects.
  The utility prompts the user to select an action to apply to suspicious objects (Skip, by default). Let the options as it is and click Continue
• Let reboot if needed and tell me if the tool needed a reboot.
• Click on Report and post the contents of the text file that will open.
  
  Note: By default, the utility outputs the log into system disk (it is usually the disk with installed operating system, C:\) root folder. The Log has a name like: TDSSKiller.Version_Date_Time_log.txt.

>>>>
Please download aswMBR ( 511KB ) to your desktop.

• Double click the aswMBR.exe icon to run it
• Click the Scan button to start the scan
• On completion of the scan, click the save log button, save it to your desktop and post it in your next reply.

>>>>>

I'd like us to scan your machine with ESET OnlineScan

• Hold down Control and click on the following link to open ESET OnlineScan in a new window.
  ESET OnlineScan
• Click the button.
• For alternate browsers only: (Microsoft Internet Explorer users can skip these steps)
  • Click on to download the ESET Smart Installer. Save it to your desktop.
  • Double click on the icon on your desktop.
• Check
• Click the button.
• Accept any security warnings from your browser.
• Under scan settings, check and check Remove found threats
• Click Advanced settings and select the following:
  • Scan potentially unwanted applications
  • Scan for potentially unsafe applications
  • Enable Anti-Stealth technology
• ESET will then download updates for itself, install itself, and begin scanning your computer. Please be patient as this can take some time.
• When the scan completes, push
• Push , and save the file to your desktop using a unique name, such as ESETScan. Include the contents of this report in your next reply.
• Push the button.
• Push

NOTE: In some instances if no malware is found there will be no log produced.




SWE do approve of Sandboxie ,see post 6.


Me I would replace my cards. Its only a call. Do all but one until the new one comes and then kill the last..

Malwarebytes Anti-Malware 1.62.0.1300
www.malwarebytes.org

Database version: v2012.09.03.01

Windows Vista Service Pack 2 x64 NTFS
Internet Explorer 9.0.8112.16421
Colin :: COLIN-PC [administrator]

9/2/2012 10:26:25 PM
mbam-log-2012-09-02 (22-26-25).txt

Scan type: Quick scan
Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM | P2P
Scan options disabled:
Objects scanned: 208764
Time elapsed: 19 second(s)

Memory Processes Detected: 0
(No malicious items detected)

Memory Modules Detected: 0
(No malicious items detected)

Registry Keys Detected: 0
(No malicious items detected)

Registry Values Detected: 0
(No malicious items detected)

Registry Data Items Detected: 0
(No malicious items detected)

Folders Detected: 0
(No malicious items detected)

Files Detected: 0
(No malicious items detected)

(end)

22:27:56.0489 4520 TDSS rootkit removing tool 2.8.8.0 Aug 24 2012 13:27:48
22:27:56.0779 4520 ============================================================
22:27:56.0779 4520 Current date / time: 2012/09/02 22:27:56.0778
22:27:56.0779 4520 SystemInfo:
22:27:56.0779 4520
22:27:56.0779 4520 OS Version: 6.0.6002 ServicePack: 2.0
22:27:56.0779 4520 Product type: Workstation
22:27:56.0779 4520 ComputerName: COLIN-PC
22:27:56.0779 4520 UserName: Colin
22:27:56.0779 4520 Windows directory: C:\Windows
22:27:56.0779 4520 System windows directory: C:\Windows
22:27:56.0779 4520 Running under WOW64
22:27:56.0779 4520 Processor architecture: Intel x64
22:27:56.0779 4520 Number of processors: 4
22:27:56.0779 4520 Page size: 0x1000
22:27:56.0779 4520 Boot type: Normal boot
22:27:56.0779 4520 ============================================================
22:27:57.0099 4520 Drive \Device\Harddisk0\DR0 - Size: 0xEE8156000 (59.63 Gb), SectorSize: 0x200, Cylinders: 0x72C4, SectorsPerTrack: 0x13, TracksPerCylinder: 0xE0, Type 'K0', Flags 0x00000040
22:27:57.0120 4520 Drive \Device\Harddisk1\DR1 - Size: 0x7470C06000 (465.76 Gb), SectorSize: 0x200, Cylinders: 0xED81, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000040
22:27:57.0123 4520 ============================================================
22:27:57.0123 4520 \Device\Harddisk0\DR0:
22:27:57.0123 4520 MBR partitions:
22:27:57.0123 4520 \Device\Harddisk0\DR0\Partition1: MBR, Type 0x7, StartLBA 0x800, BlocksNum 0x773F800
22:27:57.0123 4520 \Device\Harddisk1\DR1:
22:27:57.0123 4520 MBR partitions:
22:27:57.0123 4520 \Device\Harddisk1\DR1\Partition1: MBR, Type 0x7, StartLBA 0x800, BlocksNum 0x3A385000
22:27:57.0123 4520 ============================================================
22:27:57.0124 4520 C: <-> \Device\Harddisk0\DR0\Partition1
22:27:57.0139 4520 D: <-> \Device\Harddisk1\DR1\Partition1
22:27:57.0139 4520 ============================================================
22:27:57.0139 4520 Initialize success
22:27:57.0139 4520 ============================================================
22:28:15.0482 0856 ============================================================
22:28:15.0482 0856 Scan started
22:28:15.0482 0856 Mode: Manual; SigCheck; TDLFS;
22:28:15.0482 0856 ============================================================
22:28:15.0631 0856 ================ Scan system memory ========================
22:28:15.0631 0856 System memory - ok
22:28:15.0631 0856 ================ Scan services =============================
22:28:15.0661 0856 [ 7D9D615201A483D6FA99491C2E655A5A ] !SASCORE D:\programs\SASCORE64.EXE
22:28:15.0707 0856 !SASCORE - ok
22:28:15.0730 0856 [ 1965AAFFAB07E3FB03C77F81BEBA3547 ] ACPI C:\Windows\system32\drivers\acpi.sys
22:28:15.0739 0856 ACPI - ok
22:28:15.0753 0856 [ B2B64AF436FACCFA854DD397027C5360 ] AdobeFlashPlayerUpdateSvc C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
22:28:15.0762 0856 AdobeFlashPlayerUpdateSvc - ok
22:28:15.0767 0856 [ F14215E37CF124104575073F782111D2 ] adp94xx C:\Windows\system32\drivers\adp94xx.sys
22:28:15.0779 0856 adp94xx - ok
22:28:15.0784 0856 [ 7D05A75E3066861A6610F7EE04FF085C ] adpahci C:\Windows\system32\drivers\adpahci.sys
22:28:15.0794 0856 adpahci - ok
22:28:15.0797 0856 [ 820A201FE08A0C345B3BEDBC30E1A77C ] adpu160m C:\Windows\system32\drivers\adpu160m.sys
22:28:15.0805 0856 adpu160m - ok
22:28:15.0808 0856 [ 9B4AB6854559DC168FBB4C24FC52E794 ] adpu320 C:\Windows\system32\drivers\adpu320.sys
22:28:15.0815 0856 adpu320 - ok
22:28:15.0818 0856 [ 0F421175574BFE0BF2F4D8E910A253BB ] AeLookupSvc C:\Windows\System32\aelupsvc.dll
22:28:15.0834 0856 AeLookupSvc - ok
22:28:15.0840 0856 [ C4F6CE6087760AD70960C9EB130E7943 ] AFD C:\Windows\system32\drivers\afd.sys
22:28:15.0850 0856 AFD - ok
22:28:15.0853 0856 [ F6F6793B7F17B550ECFDBD3B229173F7 ] agp440 C:\Windows\system32\drivers\agp440.sys
22:28:15.0858 0856 agp440 - ok
22:28:15.0861 0856 [ 222CB641B4B8A1D1126F8033F9FD6A00 ] aic78xx C:\Windows\system32\drivers\djsvs.sys
22:28:15.0868 0856 aic78xx - ok
22:28:15.0870 0856 [ 5922F4F59B7868F3D74BBBBEB7B825A3 ] ALG C:\Windows\System32\alg.exe
22:28:15.0891 0856 ALG - ok
22:28:15.0893 0856 [ 157D0898D4B73F075CE9FA26B482DF98 ] aliide C:\Windows\system32\drivers\aliide.sys
22:28:15.0898 0856 aliide - ok
22:28:15.0900 0856 [ 970FA5059E61E30D25307B99903E991E ] amdide C:\Windows\system32\drivers\amdide.sys
22:28:15.0906 0856 amdide - ok
22:28:15.0908 0856 [ CDC3632A3A5EA4DBB83E46076A3165A1 ] AmdK8 C:\Windows\system32\drivers\amdk8.sys
22:28:15.0928 0856 AmdK8 - ok
22:28:15.0931 0856 [ 9C37B3FD5615477CB9A0CD116CF43F5C ] Appinfo C:\Windows\System32\appinfo.dll
22:28:15.0938 0856 Appinfo - ok
22:28:15.0939 0856 [ BA8417D4765F3988FF921F30F630E303 ] arc C:\Windows\system32\drivers\arc.sys
22:28:15.0946 0856 arc - ok
22:28:15.0949 0856 [ 9D41C435619733B34CC16A511E644B11 ] arcsas C:\Windows\system32\drivers\arcsas.sys
22:28:15.0956 0856 arcsas - ok
22:28:15.0958 0856 [ 22D13FF3DAFEC2A80634752B1EAA2DE6 ] AsyncMac C:\Windows\system32\DRIVERS\asyncmac.sys
22:28:15.0978 0856 AsyncMac - ok
22:28:15.0980 0856 [ E68D9B3A3905619732F7FE039466A623 ] atapi C:\Windows\system32\drivers\atapi.sys
22:28:15.0985 0856 atapi - ok
22:28:15.0991 0856 [ 79318C744693EC983D20E9337A2F8196 ] AudioEndpointBuilder C:\Windows\System32\Audiosrv.dll
22:28:16.0009 0856 AudioEndpointBuilder - ok
22:28:16.0013 0856 [ 79318C744693EC983D20E9337A2F8196 ] AudioSrv C:\Windows\System32\Audiosrv.dll
22:28:16.0031 0856 AudioSrv - ok
22:28:16.0037 0856 [ FFB96C2589FFA60473EAD78B39FBDE29 ] BFE C:\Windows\System32\bfe.dll
22:28:16.0055 0856 BFE - ok
22:28:16.0064 0856 [ 6D316F4859634071CC25C4FD4589AD2C ] BITS C:\Windows\System32\qmgr.dll
22:28:16.0099 0856 BITS - ok
22:28:16.0102 0856 [ 79FEEB40056683F8F61398D81DDA65D2 ] blbdrive C:\Windows\system32\drivers\blbdrive.sys
22:28:16.0121 0856 blbdrive - ok
22:28:16.0124 0856 [ 2348447A80920B2493A9B582A23E81E1 ] bowser C:\Windows\system32\DRIVERS\bowser.sys
22:28:16.0131 0856 bowser - ok
22:28:16.0133 0856 [ F09EEE9EDC320B5E1501F749FDE686C8 ] BrFiltLo C:\Windows\system32\drivers\brfiltlo.sys
22:28:16.0147 0856 BrFiltLo - ok
22:28:16.0148 0856 [ B114D3098E9BDB8BEA8B053685831BE6 ] BrFiltUp C:\Windows\system32\drivers\brfiltup.sys
22:28:16.0162 0856 BrFiltUp - ok
22:28:16.0165 0856 [ A1B39DE453433B115B4EA69EE0343816 ] Browser C:\Windows\System32\browser.dll
22:28:16.0185 0856 Browser - ok
22:28:16.0188 0856 [ F0F0BA4D815BE446AA6A4583CA3BCA9B ] Brserid C:\Windows\system32\drivers\brserid.sys
22:28:16.0217 0856 Brserid - ok
22:28:16.0220 0856 [ A6ECA2151B08A09CACECA35C07F05B42 ] BrSerWdm C:\Windows\system32\drivers\brserwdm.sys
22:28:16.0250 0856 BrSerWdm - ok
22:28:16.0253 0856 [ B79968002C277E869CF38BD22CD61524 ] BrUsbMdm C:\Windows\system32\drivers\brusbmdm.sys
22:28:16.0282 0856 BrUsbMdm - ok
22:28:16.0284 0856 [ A87528880231C54E75EA7A44943B38BF ] BrUsbSer C:\Windows\system32\drivers\brusbser.sys
22:28:16.0315 0856 BrUsbSer - ok
22:28:16.0317 0856 [ E0777B34E05F8A82A21856EFC900C29F ] BTHMODEM C:\Windows\system32\drivers\bthmodem.sys
22:28:16.0348 0856 BTHMODEM - ok
22:28:16.0352 0856 [ B4D787DB8D30793A4D4DF9FEED18F136 ] cdfs C:\Windows\system32\DRIVERS\cdfs.sys
22:28:16.0371 0856 cdfs - ok
22:28:16.0374 0856 [ C025AA69BE3D0D25C7A2E746EF6F94FC ] cdrom C:\Windows\system32\DRIVERS\cdrom.sys
22:28:16.0388 0856 cdrom - ok
22:28:16.0391 0856 [ 5A268127633C7EE2A7FB87F39D748D56 ] CertPropSvc C:\Windows\System32\certprop.dll
22:28:16.0404 0856 CertPropSvc - ok
22:28:16.0407 0856 [ 02EA568D498BBDD4BA55BF3FCE34D456 ] circlass C:\Windows\system32\drivers\circlass.sys
22:28:16.0427 0856 circlass - ok
22:28:16.0432 0856 [ 3DCA9A18B204939CFB24BEA53E31EB48 ] CLFS C:\Windows\system32\CLFS.sys
22:28:16.0441 0856 CLFS - ok
22:28:16.0445 0856 [ 8EE772032E2FE80A924F3B8DD5082194 ] clr_optimization_v2.0.50727_32 C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe
22:28:16.0452 0856 clr_optimization_v2.0.50727_32 - ok
22:28:16.0455 0856 [ CE07A466201096F021CD09D631B21540 ] clr_optimization_v2.0.50727_64 C:\Windows\Microsoft.NET\Framework64\v2.0.50727\mscorsvw.exe
22:28:16.0461 0856 clr_optimization_v2.0.50727_64 - ok
22:28:16.0465 0856 [ C5A75EB48E2344ABDC162BDA79E16841 ] clr_optimization_v4.0.30319_32 C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe
22:28:16.0472 0856 clr_optimization_v4.0.30319_32 - ok
22:28:16.0477 0856 [ C6F9AF94DCD58122A4D7E89DB6BED29D ] clr_optimization_v4.0.30319_64 C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe
22:28:16.0482 0856 clr_optimization_v4.0.30319_64 - ok
22:28:16.0485 0856 [ E5D5499A1C50A54B5161296B6AFE6192 ] cmdide C:\Windows\system32\drivers\cmdide.sys
22:28:16.0491 0856 cmdide - ok
22:28:16.0493 0856 [ 7FB8AD01DB0EABE60C8A861531A8F431 ] Compbatt C:\Windows\system32\drivers\compbatt.sys
22:28:16.0499 0856 Compbatt - ok
22:28:16.0501 0856 COMSysApp - ok
22:28:16.0503 0856 [ A8585B6412253803CE8EFCBD6D6DC15C ] crcdisk C:\Windows\system32\drivers\crcdisk.sys
22:28:16.0509 0856 crcdisk - ok
22:28:16.0514 0856 [ 62740B9D2A137E8CED41A9E4239A7A31 ] CryptSvc C:\Windows\system32\cryptsvc.dll
22:28:16.0521 0856 CryptSvc - ok
22:28:16.0528 0856 [ CF8B9A3A5E7DC57724A89D0C3E8CF9EF ] DcomLaunch C:\Windows\system32\rpcss.dll
22:28:16.0556 0856 DcomLaunch - ok
22:28:16.0559 0856 [ 8B722BA35205C71E7951CDC4CDBADE19 ] DfsC C:\Windows\system32\Drivers\dfsc.sys
22:28:16.0565 0856 DfsC - ok
22:28:16.0588 0856 [ C647F468F7DE343DF8C143655C5557D4 ] DFSR C:\Windows\system32\DFSR.exe
22:28:16.0643 0856 DFSR - ok
22:28:16.0647 0856 [ 3ED0321127CE70ACDAABBF77E157C2A7 ] Dhcp C:\Windows\System32\dhcpcsvc.dll
22:28:16.0663 0856 Dhcp - ok
22:28:16.0666 0856 [ B0107E40ECDB5FA692EBF832F295D905 ] disk C:\Windows\system32\drivers\disk.sys
22:28:16.0673 0856 disk - ok
22:28:16.0675 0856 [ 06230F1B721494A6DF8D47FD395BB1B0 ] Dnscache C:\Windows\System32\dnsrslvr.dll
22:28:16.0683 0856 Dnscache - ok
22:28:16.0687 0856 [ 1A7156DD1E850E9914E5E991E3225B94 ] dot3svc C:\Windows\System32\dot3svc.dll
22:28:16.0701 0856 dot3svc - ok
22:28:16.0704 0856 [ 1583B39790DB3EAEC7EDB0CB0140C708 ] DPS C:\Windows\system32\dps.dll
22:28:16.0725 0856 DPS - ok
22:28:16.0728 0856 [ F1A78A98CFC2EE02144C6BEC945447E6 ] drmkaud C:\Windows\system32\drivers\drmkaud.sys
22:28:16.0741 0856 drmkaud - ok
22:28:16.0749 0856 [ B8E554E502D5123BC111F99D6A2181B4 ] DXGKrnl C:\Windows\System32\drivers\dxgkrnl.sys
22:28:16.0769 0856 DXGKrnl - ok
22:28:16.0771 0856 [ 264CEE7B031A9D6C827F3D0CB031F2FE ] E1G60 C:\Windows\system32\DRIVERS\E1G6032E.sys
22:28:16.0792 0856 E1G60 - ok
22:28:16.0795 0856 [ C2303883FD9BE49DC36A6400643002EA ] EapHost C:\Windows\System32\eapsvc.dll
22:28:16.0809 0856 EapHost - ok
22:28:16.0812 0856 [ 5F94962BE5A62DB6E447FF6470C4F48A ] Ecache C:\Windows\system32\drivers\ecache.sys
22:28:16.0819 0856 Ecache - ok
22:28:16.0823 0856 [ 14CE384D2E27B64C256BDA4DC39C312D ] ehRecvr C:\Windows\ehome\ehRecvr.exe
22:28:16.0832 0856 ehRecvr - ok
22:28:16.0835 0856 [ B93159C1313D66FDFBBE876F5189CD52 ] ehSched C:\Windows\ehome\ehsched.exe
22:28:16.0842 0856 ehSched - ok
22:28:16.0844 0856 [ F5EE2527D74449868E3C3227A59BCD28 ] ehstart C:\Windows\ehome\ehstart.dll
22:28:16.0850 0856 ehstart - ok
22:28:16.0853 0856 [ C4636D6E10469404AB5308D9FD45ED07 ] elxstor C:\Windows\system32\drivers\elxstor.sys
22:28:16.0864 0856 elxstor - ok
22:28:16.0869 0856 [ A9B18B63A4FD6BAAB83326706D857FAB ] EMDMgmt C:\Windows\system32\emdmgmt.dll
22:28:16.0880 0856 EMDMgmt - ok
22:28:16.0882 0856 [ BC3A58E938BB277E46BF4B3003B01ABD ] ErrDev C:\Windows\system32\drivers\errdev.sys
22:28:16.0900 0856 ErrDev - ok
22:28:16.0907 0856 [ E12F22B73F153DECE721CD45EC05B4AF ] EventSystem C:\Windows\system32\es.dll
22:28:16.0924 0856 EventSystem - ok
22:28:16.0928 0856 [ 486844F47B6636044A42454614ED4523 ] exfat C:\Windows\system32\drivers\exfat.sys
22:28:16.0936 0856 exfat - ok
22:28:16.0939 0856 [ 1A4BEE34277784619DDAF0422C0C6E23 ] fastfat C:\Windows\system32\drivers\fastfat.sys
22:28:16.0954 0856 fastfat - ok
22:28:16.0956 0856 [ 81B79B6DF71FA1D2C6D688D830616E39 ] fdc C:\Windows\system32\DRIVERS\fdc.sys
22:28:16.0976 0856 fdc - ok
22:28:16.0978 0856 [ BB9267ACACD8B7533DD936C34A0CBA5E ] fdPHost C:\Windows\system32\fdPHost.dll
22:28:16.0999 0856 fdPHost - ok
22:28:17.0001 0856 [ 300C80931EABBE1DB7591C516EFE8D0F ] FDResPub C:\Windows\system32\fdrespub.dll
22:28:17.0030 0856 FDResPub - ok
22:28:17.0033 0856 [ 457B7D1D533E4BD62A99AED9C7BB4C59 ] FileInfo C:\Windows\system32\drivers\fileinfo.sys
22:28:17.0039 0856 FileInfo - ok
22:28:17.0042 0856 [ D421327FD6EFCCAF884A54C58E1B0D7F ] Filetrace C:\Windows\system32\drivers\filetrace.sys
22:28:17.0061 0856 Filetrace - ok
22:28:17.0062 0856 [ 230923EA2B80F79B0F88D90F87B87EBD ] flpydisk C:\Windows\system32\DRIVERS\flpydisk.sys
22:28:17.0082 0856 flpydisk - ok
22:28:17.0086 0856 [ E3041BC26D6930D61F42AEDB79C91720 ] FltMgr C:\Windows\system32\drivers\fltmgr.sys
22:28:17.0095 0856 FltMgr - ok
22:28:17.0103 0856 [ BE1C5BD1CA7ED015BC6FA1AE67E592C8 ] FontCache C:\Windows\system32\FntCache.dll
22:28:17.0126 0856 FontCache - ok
22:28:17.0129 0856 [ BC5B0BE5AF3510B0FD8C140EE42C6D3E ] FontCache3.0.0.0 C:\Windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe
22:28:17.0134 0856 FontCache3.0.0.0 - ok
22:28:17.0137 0856 [ 5779B86CD8B32519FBECB136394D946A ] Fs_Rec C:\Windows\system32\drivers\Fs_Rec.sys
22:28:17.0143 0856 Fs_Rec - ok
22:28:17.0144 0856 [ C8E416668D3DC2BE3D4FE4C79224997F ] gagp30kx C:\Windows\system32\drivers\gagp30kx.sys
22:28:17.0151 0856 gagp30kx - ok
22:28:17.0157 0856 [ A0E1B575BA8F504968CD40C0FAEB2384 ] gpsvc C:\Windows\System32\gpsvc.dll
22:28:17.0180 0856 gpsvc - ok
22:28:17.0184 0856 [ 68E732382B32417FF61FD663259B4B09 ] HdAudAddService C:\Windows\system32\drivers\HdAudio.sys
22:28:17.0191 0856 HdAudAddService - ok
22:28:17.0199 0856 [ F942C5820205F2FB453243EDFEC82A3D ] HDAudBus C:\Windows\system32\DRIVERS\HDAudBus.sys
22:28:17.0226 0856 HDAudBus - ok
22:28:17.0227 0856 [ B4881C84A180E75B8C25DC1D726C375F ] HidBth C:\Windows\system32\drivers\hidbth.sys
22:28:17.0258 0856 HidBth - ok
22:28:17.0260 0856 [ 4E77A77E2C986E8F88F996BB3E1AD829 ] HidIr C:\Windows\system32\drivers\hidir.sys
22:28:17.0289 0856 HidIr - ok
22:28:17.0291 0856 [ 59361D38A297755D46A540E450202B2A ] hidserv C:\Windows\system32\hidserv.dll
22:28:17.0306 0856 hidserv - ok
22:28:17.0308 0856 [ 443BDD2D30BB4F00795C797E2CF99EDF ] HidUsb C:\Windows\system32\DRIVERS\hidusb.sys
22:28:17.0321 0856 HidUsb - ok
22:28:17.0324 0856 [ B12F367EA39C0795FD57E31242CE1A5A ] hkmsvc C:\Windows\system32\kmsvc.dll
22:28:17.0345 0856 hkmsvc - ok
22:28:17.0347 0856 [ D7109A1E6BD2DFDBCBA72A6BC626A13B ] HpCISSs C:\Windows\system32\drivers\hpcisss.sys
22:28:17.0352 0856 HpCISSs - ok
22:28:17.0358 0856 [ 098F1E4E5C9CB5B0063A959063631610 ] HTTP C:\Windows\system32\drivers\HTTP.sys
22:28:17.0372 0856 HTTP - ok
22:28:17.0374 0856 [ DA94C854CEA5FAC549D4E1F6E88349E8 ] i2omp C:\Windows\system32\drivers\i2omp.sys
22:28:17.0381 0856 i2omp - ok
22:28:17.0383 0856 [ CBB597659A2713CE0C9CC20C88C7591F ] i8042prt C:\Windows\system32\DRIVERS\i8042prt.sys
22:28:17.0397 0856 i8042prt - ok
22:28:17.0403 0856 [ 2FDAEC4B02729C48C0FD1B0B4695995B ] iaStor C:\Windows\system32\DRIVERS\iaStor.sys
22:28:17.0418 0856 iaStor - ok
22:28:17.0422 0856 [ D41861E56E7552C13674D7F147A02464 ] IAStorDataMgrSvc C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe
22:28:17.0427 0856 IAStorDataMgrSvc - ok
22:28:17.0431 0856 [ 3E3BF3627D886736D0B4E90054F929F6 ] iaStorV C:\Windows\system32\drivers\iastorv.sys
22:28:17.0439 0856 iaStorV - ok
22:28:17.0447 0856 [ 749F5F8CEDCA70F2A512945325FC489D ] idsvc C:\Windows\Microsoft.NET\Framework64\v3.0\Windows Communication Foundation\infocard.exe
22:28:17.0465 0856 idsvc - ok
22:28:17.0468 0856 [ 8C3951AD2FE886EF76C7B5027C3125D3 ] iirsp C:\Windows\system32\drivers\iirsp.sys
22:28:17.0474 0856 iirsp - ok
22:28:17.0478 0856 [ 0C9EA6E654E7B0471741E343A6C671AF ] IKEEXT C:\Windows\System32\ikeext.dll
22:28:17.0497 0856 IKEEXT - ok
22:28:17.0525 0856 [ C2F868881D48A568B525255F084EF063 ] IntcAzAudAddService C:\Windows\system32\drivers\RTKVHD64.sys
22:28:17.0602 0856 IntcAzAudAddService - ok
22:28:17.0604 0856 [ DF797A12176F11B2D301C5B234BB200E ] intelide C:\Windows\system32\drivers\intelide.sys
22:28:17.0611 0856 intelide - ok
22:28:17.0613 0856 [ BFD84AF32FA1BAD6231C4585CB469630 ] intelppm C:\Windows\system32\DRIVERS\intelppm.sys
22:28:17.0633 0856 intelppm - ok
22:28:17.0636 0856 [ 5624BC1BC5EEB49C0AB76A8114F05EA3 ] IPBusEnum C:\Windows\system32\ipbusenum.dll
22:28:17.0656 0856 IPBusEnum - ok
22:28:17.0659 0856 [ D8AABC341311E4780D6FCE8C73C0AD81 ] IpFilterDriver C:\Windows\system32\DRIVERS\ipfltdrv.sys
22:28:17.0673 0856 IpFilterDriver - ok
22:28:17.0677 0856 [ BF0DBFA9792C5C14FA00F61C75116C1B ] iphlpsvc C:\Windows\System32\iphlpsvc.dll
22:28:17.0684 0856 iphlpsvc - ok
22:28:17.0686 0856 IpInIp - ok
22:28:17.0689 0856 [ 9C2EE2E6E5A7203BFAE15C299475EC67 ] IPMIDRV C:\Windows\system32\drivers\ipmidrv.sys
22:28:17.0711 0856 IPMIDRV - ok
22:28:17.0713 0856 [ B7E6212F581EA5F6AB0C3A6CEEEB89BE ] IPNAT C:\Windows\system32\DRIVERS\ipnat.sys
22:28:17.0733 0856 IPNAT - ok
22:28:17.0735 0856 [ 8C42CA155343A2F11D29FECA67FAA88D ] IRENUM C:\Windows\system32\drivers\irenum.sys
22:28:17.0756 0856 IRENUM - ok
22:28:17.0758 0856 [ 0672BFCEDC6FC468A2B0500D81437F4F ] isapnp C:\Windows\system32\drivers\isapnp.sys
22:28:17.0764 0856 isapnp - ok
22:28:17.0768 0856 [ E4FDF99599F27EC25D2CF6D754243520 ] iScsiPrt C:\Windows\system32\DRIVERS\msiscsi.sys
22:28:17.0776 0856 iScsiPrt - ok
22:28:17.0778 0856 [ 63C766CDC609FF8206CB447A65ABBA4A ] iteatapi C:\Windows\system32\drivers\iteatapi.sys
22:28:17.0784 0856 iteatapi - ok
22:28:17.0786 0856 [ 1281FE73B17664631D12F643CBEA3F59 ] iteraid C:\Windows\system32\drivers\iteraid.sys
22:28:17.0793 0856 iteraid - ok
22:28:17.0795 0856 [ 423696F3BA6472DD17699209B933BC26 ] kbdclass C:\Windows\system32\DRIVERS\kbdclass.sys
22:28:17.0801 0856 kbdclass - ok
22:28:17.0803 0856 [ DBDF75D51464FBC47D0104EC3D572C05 ] kbdhid C:\Windows\system32\DRIVERS\kbdhid.sys
22:28:17.0817 0856 kbdhid - ok
22:28:17.0819 0856 [ 260BF9C43EE12C6898A9F5AAB0FB0E5D ] KeyIso C:\Windows\system32\lsass.exe
22:28:17.0826 0856 KeyIso - ok
22:28:17.0832 0856 [ 88956AD9FA510848AD176777A6C6C1F5 ] KSecDD C:\Windows\system32\Drivers\ksecdd.sys
22:28:17.0845 0856 KSecDD - ok
22:28:17.0848 0856 [ 1D419CF43DB29396ECD7113D129D94EB ] ksthunk C:\Windows\system32\drivers\ksthunk.sys
22:28:17.0867 0856 ksthunk - ok
22:28:17.0872 0856 [ 1FAF6926F3416D3DA05C5B265491BDAE ] KtmRm C:\Windows\system32\msdtckrm.dll
22:28:17.0896 0856 KtmRm - ok
22:28:17.0899 0856 [ 50C7A3CB427E9BB5ED0708A669956AB5 ] LanmanServer C:\Windows\system32\srvsvc.dll
22:28:17.0908 0856 LanmanServer - ok
22:28:17.0912 0856 [ CAF86FC1388BE1E470F1A7B43E348ADB ] LanmanWorkstation C:\Windows\System32\wkssvc.dll
22:28:17.0920 0856 LanmanWorkstation - ok
22:28:17.0923 0856 [ 96ECE2659B6654C10A0C310AE3A6D02C ] lltdio C:\Windows\system32\DRIVERS\lltdio.sys
22:28:17.0943 0856 lltdio - ok
22:28:17.0947 0856 [ 961CCBD0B1CCB5675D64976FAE37D092 ] lltdsvc C:\Windows\System32\lltdsvc.dll
22:28:17.0970 0856 lltdsvc - ok
22:28:17.0972 0856 [ A47F8080CACC23C91FE823AD19AA5612 ] lmhosts C:\Windows\System32\lmhsvc.dll
22:28:17.0991 0856 lmhosts - ok
22:28:17.0995 0856 [ ACBE1AF32D3123E330A07BFBC5EC4A9B ] LSI_FC C:\Windows\system32\drivers\lsi_fc.sys
22:28:18.0001 0856 LSI_FC - ok
22:28:18.0004 0856 [ 799FFB2FC4729FA46D2157C0065B3525 ] LSI_SAS C:\Windows\system32\drivers\lsi_sas.sys
22:28:18.0011 0856 LSI_SAS - ok
22:28:18.0013 0856 [ F445FF1DAAD8A226366BFAF42551226B ] LSI_SCSI C:\Windows\system32\drivers\lsi_scsi.sys
22:28:18.0019 0856 LSI_SCSI - ok
22:28:18.0022 0856 [ 52F87B9CC8932C2A7375C3B2A9BE5E3E ] luafv C:\Windows\system32\drivers\luafv.sys
22:28:18.0043 0856 luafv - ok
22:28:18.0045 0856 [ 76A58DF02BD4EA29F189B82D0BEF17F8 ] Mcx2Svc C:\Windows\system32\Mcx2Svc.dll
22:28:18.0052 0856 Mcx2Svc - ok
22:28:18.0054 0856 [ 5C5CD6AACED32FB26C3FB34B3DCF972F ] megasas C:\Windows\system32\drivers\megasas.sys
22:28:18.0060 0856 megasas - ok
22:28:18.0065 0856 [ 859BC2436B076C77C159ED694ACFE8F8 ] MegaSR C:\Windows\system32\drivers\megasr.sys
22:28:18.0076 0856 MegaSR - ok
22:28:18.0078 0856 [ A6518DCC42F7A6E999BB3BEA8FD87567 ] MEIx64 C:\Windows\system32\DRIVERS\HECIx64.sys
22:28:18.0083 0856 MEIx64 - ok
22:28:18.0086 0856 [ 3CBE4995E80E13CCFBC42E5DCF3AC81A ] MMCSS C:\Windows\system32\mmcss.dll
22:28:18.0105 0856 MMCSS - ok
22:28:18.0107 0856 [ 59848D5CC74606F0EE7557983BB73C2E ] Modem C:\Windows\system32\drivers\modem.sys
22:28:18.0127 0856 Modem - ok
22:28:18.0129 0856 [ C247CC2A57E0A0C8C6DCCF7807B3E9E5 ] monitor C:\Windows\system32\DRIVERS\monitor.sys
22:28:18.0149 0856 monitor - ok
22:28:18.0151 0856 [ 9367304E5E412B120CF5F4EA14E4E4F1 ] mouclass C:\Windows\system32\DRIVERS\mouclass.sys
22:28:18.0157 0856 mouclass - ok
22:28:18.0159 0856 [ C2C2BD5C5CE5AAF786DDD74B75D2AC69 ] mouhid C:\Windows\system32\DRIVERS\mouhid.sys
22:28:18.0179 0856 mouhid - ok
22:28:18.0181 0856 [ 11BC9B1E8801B01F7F6ADB9EAD30019B ] MountMgr C:\Windows\system32\drivers\mountmgr.sys
22:28:18.0187 0856 MountMgr - ok
22:28:18.0191 0856 [ 94C66EDEDCDB6A126880472F9A704D8E ] MpFilter C:\Windows\system32\DRIVERS\MpFilter.sys
22:28:18.0199 0856 MpFilter - ok
22:28:18.0202 0856 [ F8276EB8698142884498A528DFEA8478 ] mpio C:\Windows\system32\drivers\mpio.sys
22:28:18.0209 0856 mpio - ok
22:28:18.0211 0856 [ C92B9ABDB65A5991E00C28F13491DBA2 ] mpsdrv C:\Windows\system32\drivers\mpsdrv.sys
22:28:18.0225 0856 mpsdrv - ok
22:28:18.0232 0856 [ 897E3BAF68BA406A61682AE39C83900C ] MpsSvc C:\Windows\system32\mpssvc.dll
22:28:18.0254 0856 MpsSvc - ok
22:28:18.0256 0856 [ 3C200630A89EF2C0864D515B7A75802E ] Mraid35x C:\Windows\system32\drivers\mraid35x.sys
22:28:18.0262 0856 Mraid35x - ok
22:28:18.0265 0856 [ 7C1DE4AA96DC0C071611F9E7DE02A68D ] MRxDAV C:\Windows\system32\drivers\mrxdav.sys
22:28:18.0272 0856 MRxDAV - ok
22:28:18.0275 0856 [ 1485811B320FF8C7EDAD1CAEBB1C6C2B ] mrxsmb C:\Windows\system32\DRIVERS\mrxsmb.sys
22:28:18.0283 0856 mrxsmb - ok
22:28:18.0287 0856 [ 3B929A60C833FC615FD97FBA82BC7632 ] mrxsmb10 C:\Windows\system32\DRIVERS\mrxsmb10.sys
22:28:18.0295 0856 mrxsmb10 - ok
22:28:18.0298 0856 [ C64AB3E1F53B4F5B5BB6D796B2D7BEC3 ] mrxsmb20 C:\Windows\system32\DRIVERS\mrxsmb20.sys
22:28:18.0305 0856 mrxsmb20 - ok
22:28:18.0307 0856 [ 1AC860612B85D8E85EE257D372E39F4D ] msahci C:\Windows\system32\drivers\msahci.sys
22:28:18.0313 0856 msahci - ok
22:28:18.0315 0856 [ 264BBB4AAF312A485F0E44B65A6B7202 ] msdsm C:\Windows\system32\drivers\msdsm.sys
22:28:18.0322 0856 msdsm - ok
22:28:18.0325 0856 [ 7EC02CE772F068ED0BEAFA3DA341A9BC ] MSDTC C:\Windows\System32\msdtc.exe
22:28:18.0347 0856 MSDTC - ok
22:28:18.0349 0856 [ 704F59BFC4512D2BB0146AEC31B10A7C ] Msfs C:\Windows\system32\drivers\Msfs.sys
22:28:18.0370 0856 Msfs - ok
22:28:18.0372 0856 [ 00EBC952961664780D43DCA157E79B27 ] msisadrv C:\Windows\system32\drivers\msisadrv.sys
22:28:18.0379 0856 msisadrv - ok
22:28:18.0382 0856 [ 366B0C1F4478B519C181E37D43DCDA32 ] MSiSCSI C:\Windows\system32\iscsiexe.dll
22:28:18.0402 0856 MSiSCSI - ok
22:28:18.0404 0856 msiserver - ok
22:28:18.0407 0856 [ 0EA73E498F53B96D83DBFCA074AD4CF8 ] MSKSSRV C:\Windows\system32\drivers\MSKSSRV.sys
22:28:18.0426 0856 MSKSSRV - ok
22:28:18.0429 0856 [ 59FAAF2C83C8169EA20F9E335E418907 ] MsMpSvc C:\Program Files\Microsoft Security Client\MsMpEng.exe
22:28:18.0434 0856 MsMpSvc - ok
22:28:18.0436 0856 [ 52E59B7E992A58E740AA63F57EDBAE8B ] MSPCLOCK C:\Windows\system32\drivers\MSPCLOCK.sys
22:28:18.0456 0856 MSPCLOCK - ok
22:28:18.0458 0856 [ 49084A75BAE043AE02D5B44D02991BB2 ] MSPQM C:\Windows\system32\drivers\MSPQM.sys
22:28:18.0477 0856 MSPQM - ok
22:28:18.0481 0856 [ DC6CCF440CDEDE4293DB41C37A5060A5 ] MsRPC C:\Windows\system32\drivers\MsRPC.sys
22:28:18.0490 0856 MsRPC - ok
22:28:18.0493 0856 [ 855796E59DF77EA93AF46F20155BF55B ] mssmbios C:\Windows\system32\DRIVERS\mssmbios.sys
22:28:18.0499 0856 mssmbios - ok
22:28:18.0501 0856 [ 86D632D75D05D5B7C7C043FA3564AE86 ] MSTEE C:\Windows\system32\drivers\MSTEE.sys
22:28:18.0520 0856 MSTEE - ok
22:28:18.0522 0856 [ 0CC49F78D8ACA0877D885F149084E543 ] Mup C:\Windows\system32\Drivers\mup.sys
22:28:18.0529 0856 Mup - ok
22:28:18.0533 0856 [ A5B10C845E7538C60C0F5D87A57CB3F5 ] napagent C:\Windows\system32\qagentRT.dll
22:28:18.0552 0856 napagent - ok
22:28:18.0555 0856 [ 2007B826C4ACD94AE32232B41F0842B9 ] NativeWifiP C:\Windows\system32\DRIVERS\nwifi.sys
22:28:18.0563 0856 NativeWifiP - ok
22:28:18.0570 0856 [ 65950E07329FCEE8E6516B17C8D0ABB6 ] NDIS C:\Windows\system32\drivers\ndis.sys
22:28:18.0588 0856 NDIS - ok
22:28:18.0590 0856 [ 64DF698A425478E321981431AC171334 ] NdisTapi C:\Windows\system32\DRIVERS\ndistapi.sys
22:28:18.0603 0856 NdisTapi - ok
22:28:18.0606 0856 [ 8BAA43196D7B5BB972C9A6B2BBF61A19 ] Ndisuio C:\Windows\system32\DRIVERS\ndisuio.sys
22:28:18.0626 0856 Ndisuio - ok
22:28:18.0629 0856 [ F8158771905260982CE724076419EF19 ] NdisWan C:\Windows\system32\DRIVERS\ndiswan.sys
22:28:18.0643 0856 NdisWan - ok
22:28:18.0645 0856 [ 9CB77ED7CB72850253E973A2D6AFDF49 ] NDProxy C:\Windows\system32\drivers\NDProxy.sys
22:28:18.0660 0856 NDProxy - ok
22:28:18.0662 0856 [ A499294F5029A7862ADC115BDA7371CE ] NetBIOS C:\Windows\system32\DRIVERS\netbios.sys
22:28:18.0682 0856 NetBIOS - ok
22:28:18.0684 0856 [ FC2C792EBDDC8E28DF939D6A92C83D61 ] netbt C:\Windows\system32\DRIVERS\netbt.sys
22:28:18.0700 0856 netbt - ok
22:28:18.0702 0856 [ 260BF9C43EE12C6898A9F5AAB0FB0E5D ] Netlogon C:\Windows\system32\lsass.exe
22:28:18.0709 0856 Netlogon - ok
22:28:18.0713 0856 [ 9B63B29DEFC0F3115A559D2597BF5D75 ] Netman C:\Windows\System32\netman.dll
22:28:18.0736 0856 Netman - ok
22:28:18.0740 0856 [ 7846D0136CC2B264926A73047BA7688A ] netprofm C:\Windows\System32\netprofm.dll
22:28:18.0763 0856 netprofm - ok
22:28:18.0765 0856 [ 74751DDA198165947FD7454D83F49825 ] NetTcpPortSharing C:\Windows\Microsoft.NET\Framework64\v3.0\Windows Communication Foundation\SMSvcHost.exe
22:28:18.0770 0856 NetTcpPortSharing - ok
22:28:18.0773 0856 [ 4AC08BD6AF2DF42E0C3196D826C8AEA7 ] nfrd960 C:\Windows\system32\drivers\nfrd960.sys
22:28:18.0779 0856 nfrd960 - ok
22:28:18.0782 0856 [ 91B4E0273D2F6C24EF845F2B41311289 ] NisDrv C:\Windows\system32\DRIVERS\NisDrvWFP.sys
22:28:18.0788 0856 NisDrv - ok
22:28:18.0792 0856 [ 10A43829A9E606AF3EEF25A1C1665923 ] NisSrv C:\Program Files\Microsoft Security Client\NisSrv.exe
22:28:18.0801 0856 NisSrv - ok
22:28:18.0804 0856 [ F145BF4C4668E7E312069F81EF847CFC ] NlaSvc C:\Windows\System32\nlasvc.dll
22:28:18.0825 0856 NlaSvc - ok
22:28:18.0828 0856 [ B298874F8E0EA93F06EC40AA8D146478 ] Npfs C:\Windows\system32\drivers\Npfs.sys
22:28:18.0842 0856 Npfs - ok
22:28:18.0844 0856 [ ACB62BAA1C319B17752553DF3026EEEB ] nsi C:\Windows\system32\nsisvc.dll
22:28:18.0864 0856 nsi - ok
22:28:18.0866 0856 [ 1523AF19EE8B030BA682F7A53537EAEB ] nsiproxy C:\Windows\system32\drivers\nsiproxy.sys
22:28:18.0886 0856 nsiproxy - ok
22:28:18.0898 0856 [ BAC869DFB98E499BA4D9BB1FB43270E1 ] Ntfs C:\Windows\system32\drivers\Ntfs.sys
22:28:18.0930 0856 Ntfs - ok
22:28:18.0931 0856 [ DD5D684975352B85B52E3FD5347C20CB ] Null C:\Windows\system32\drivers\Null.sys
22:28:18.0951 0856 Null - ok
22:28:18.0953 0856 [ A7127E86F9FFE2A53E271B56B2C4CEDF ] nusb3hub C:\Windows\system32\DRIVERS\nusb3hub.sys
22:28:18.0960 0856 nusb3hub - ok
22:28:18.0963 0856 [ 49BBEC6F48D5F9284B03ABF3A959B19B ] nusb3xhc C:\Windows\system32\DRIVERS\nusb3xhc.sys
22:28:18.0969 0856 nusb3xhc - ok
22:28:18.0973 0856 [ 1F07B814C0BB5AABA703ABFF1F31F2E8 ] NVHDA C:\Windows\system32\drivers\nvhda64v.sys
22:28:18.0979 0856 NVHDA - ok
22:28:19.0079 0856 [ 79060E6631DC2C91DA8E601E2584A623 ] nvlddmkm C:\Windows\system32\DRIVERS\nvlddmkm.sys
22:28:19.0324 0856 nvlddmkm - ok
22:28:19.0328 0856 [ 2C040B7ADA5B06F6FACADAC8514AA034 ] nvraid C:\Windows\system32\drivers\nvraid.sys
22:28:19.0336 0856 nvraid - ok
22:28:19.0338 0856 [ F7EA0FE82842D05EDA3EFDD376DBFDBA ] nvstor C:\Windows\system32\drivers\nvstor.sys
22:28:19.0345 0856 nvstor - ok
22:28:19.0352 0856 [ BDBC8E51FF2F3B800FF7B90DCDA31B48 ] nvsvc C:\Windows\system32\nvvsvc.exe
22:28:19.0373 0856 nvsvc - ok
22:28:19.0383 0856 [ 55F03866A969A50CD1574B0F61ACEC1D ] nvUpdatusService C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe
22:28:19.0408 0856 nvUpdatusService - ok
22:28:19.0411 0856 [ 19067CA93075EF4823E3938A686F532F ] nv_agp C:\Windows\system32\drivers\nv_agp.sys
22:28:19.0419 0856 nv_agp - ok
22:28:19.0420 0856 NwlnkFlt - ok
22:28:19.0422 0856 NwlnkFwd - ok
22:28:19.0425 0856 [ 7B58953E2F263421FDBB09A192712A85 ] ohci1394 C:\Windows\system32\drivers\ohci1394.sys
22:28:19.0456 0856 ohci1394 - ok
22:28:19.0463 0856 [ 9AE31D2E1D15C10D91318E0EC149CEAC ] p2pimsvc C:\Windows\system32\p2psvc.dll
22:28:19.0479 0856 p2pimsvc - ok
22:28:19.0486 0856 [ 9AE31D2E1D15C10D91318E0EC149CEAC ] p2psvc C:\Windows\system32\p2psvc.dll
22:28:19.0502 0856 p2psvc - ok
22:28:19.0504 0856 [ AECD57F94C887F58919F307C35498EA0 ] Parport C:\Windows\system32\drivers\parport.sys
22:28:19.0535 0856 Parport - ok
22:28:19.0537 0856 [ B43751085E2ABE389DA466BC62A4B987 ] partmgr C:\Windows\system32\drivers\partmgr.sys
22:28:19.0544 0856 partmgr - ok
22:28:19.0547 0856 [ 9AB157B374192FF276C1628FBDBA2B0E ] PcaSvc C:\Windows\System32\pcasvc.dll
22:28:19.0554 0856 PcaSvc - ok
22:28:19.0558 0856 [ 47AB1E0FC9D0E12BB53BA246E3A0906D ] pci C:\Windows\system32\drivers\pci.sys
22:28:19.0566 0856 pci - ok
22:28:19.0571 0856 [ 2657F6C0B78C36D95034BE109336E382 ] pciide C:\Windows\system32\drivers\pciide.sys
22:28:19.0578 0856 pciide - ok
22:28:19.0581 0856 [ 037661F3D7C507C9993B7010CEEE6288 ] pcmcia C:\Windows\system32\drivers\pcmcia.sys
22:28:19.0589 0856 pcmcia - ok
22:28:19.0595 0856 [ 58865916F53592A61549B04941BFD80D ] PEAUTH C:\Windows\system32\drivers\peauth.sys
22:28:19.0632 0856 PEAUTH - ok
22:28:19.0641 0856 [ 0ED8727EA0172860F47258456C06CAEA ] PerfHost C:\Windows\SysWow64\perfhost.exe
22:28:19.0661 0856 PerfHost - ok
22:28:19.0677 0856 [ E9E68C1A0F25CF4A7AC966EEA74EE89E ] pla C:\Windows\system32\pla.dll
22:28:19.0707 0856 pla - ok
22:28:19.0711 0856 [ FE6B0F59215C9FD9F9D26539C58C8B82 ] PlugPlay C:\Windows\system32\umpnpmgr.dll
22:28:19.0727 0856 PlugPlay - ok
22:28:19.0734 0856 [ 9AE31D2E1D15C10D91318E0EC149CEAC ] PNRPAutoReg C:\Windows\system32\p2psvc.dll
22:28:19.0751 0856 PNRPAutoReg - ok
22:28:19.0757 0856 [ 9AE31D2E1D15C10D91318E0EC149CEAC ] PNRPsvc C:\Windows\system32\p2psvc.dll
22:28:19.0772 0856 PNRPsvc - ok
22:28:19.0777 0856 [ 89A5560671C2D8B4A4B51F3E1AA069D8 ] PolicyAgent C:\Windows\System32\ipsecsvc.dll
22:28:19.0796 0856 PolicyAgent - ok
22:28:19.0799 0856 [ 23386E9952025F5F21C368971E2E7301 ] PptpMiniport C:\Windows\system32\DRIVERS\raspptp.sys
22:28:19.0813 0856 PptpMiniport - ok
22:28:19.0816 0856 [ 5080E59ECEE0BC923F14018803AA7A01 ] Processor C:\Windows\system32\drivers\processr.sys
22:28:19.0836 0856 Processor - ok
22:28:19.0839 0856 [ E058CE4FC2449D8BFA14739C83B7FF2A ] ProfSvc C:\Windows\system32\profsvc.dll
22:28:19.0854 0856 ProfSvc - ok
22:28:19.0856 0856 [ 260BF9C43EE12C6898A9F5AAB0FB0E5D ] ProtectedStorage C:\Windows\system32\lsass.exe
22:28:19.0862 0856 ProtectedStorage - ok
22:28:19.0865 0856 [ C5AB7F0809392D0DA027F4A2A81BFA31 ] PSched C:\Windows\system32\DRIVERS\pacer.sys
22:28:19.0879 0856 PSched - ok
22:28:19.0888 0856 [ 0B83F4E681062F3839BE2EC1D98FD94A ] ql2300 C:\Windows\system32\drivers\ql2300.sys
22:28:19.0915 0856 ql2300 - ok
22:28:19.0918 0856 [ E1C80F8D4D1E39EF9595809C1369BF2A ] ql40xx C:\Windows\system32\drivers\ql40xx.sys
22:28:19.0925 0856 ql40xx - ok
22:28:19.0928 0856 [ 90574842C3DA781E279061A3EFF91F07 ] QWAVE C:\Windows\system32\qwave.dll
22:28:19.0937 0856 QWAVE - ok
22:28:19.0939 0856 [ E8D76EDAB77EC9C634C27B8EAC33ADC5 ] QWAVEdrv C:\Windows\system32\drivers\qwavedrv.sys
22:28:19.0947 0856 QWAVEdrv - ok
22:28:19.0948 0856 [ 1013B3B663A56D3DDD784F581C1BD005 ] RasAcd C:\Windows\system32\DRIVERS\rasacd.sys
22:28:19.0969 0856 RasAcd - ok
22:28:19.0970 0856 [ B2AE18F847D07F0044404DDF7CB04497 ] RasAuto C:\Windows\System32\rasauto.dll
22:28:19.0991 0856 RasAuto - ok
22:28:19.0994 0856 [ AC7BC4D42A7E558718DFDEC599BBFC2C ] Rasl2tp C:\Windows\system32\DRIVERS\rasl2tp.sys
22:28:20.0009 0856 Rasl2tp - ok
22:28:20.0012 0856 [ 3AD83E4046C43BE510DE681588ACB8AF ] RasMan C:\Windows\System32\rasmans.dll
22:28:20.0028 0856 RasMan - ok
22:28:20.0031 0856 [ 4517FBF8B42524AFE4EDE1DE102AAE3E ] RasPppoe C:\Windows\system32\DRIVERS\raspppoe.sys
22:28:20.0046 0856 RasPppoe - ok
22:28:20.0048 0856 [ C6A593B51F34C33E5474539544072527 ] RasSstp C:\Windows\system32\DRIVERS\rassstp.sys
22:28:20.0054 0856 RasSstp - ok
22:28:20.0058 0856 [ 322DB5C6B55E8D8EE8D6F358B2AAABB1 ] rdbss C:\Windows\system32\DRIVERS\rdbss.sys
22:28:20.0075 0856 rdbss - ok
22:28:20.0077 0856 [ 603900CC05F6BE65CCBF373800AF3716 ] RDPCDD C:\Windows\system32\DRIVERS\RDPCDD.sys
22:28:20.0096 0856 RDPCDD - ok
22:28:20.0101 0856 [ C045D1FB111C28DF0D1BE8D4BDA22C06 ] rdpdr C:\Windows\system32\drivers\rdpdr.sys
22:28:20.0123 0856 rdpdr - ok
22:28:20.0125 0856 [ CAB9421DAF3D97B33D0D055858E2C3AB ] RDPENCDD C:\Windows\system32\drivers\rdpencdd.sys
22:28:20.0144 0856 RDPENCDD - ok
22:28:20.0148 0856 [ AE4BD9E1C33D351D8E607FC81F15160C ] RDPWD C:\Windows\system32\drivers\RDPWD.sys
22:28:20.0156 0856 RDPWD - ok
22:28:20.0158 0856 [ C612B9557DA73F70D41F8A6FBC8E5344 ] RemoteAccess C:\Windows\System32\mprdim.dll
22:28:20.0178 0856 RemoteAccess - ok
22:28:20.0181 0856 [ 44B9D8EC2F3EF3A0EFB00857AF70D861 ] RemoteRegistry C:\Windows\system32\regsvc.dll
22:28:20.0197 0856 RemoteRegistry - ok
22:28:20.0199 0856 [ F46C457840D4B7A4DAAFEE739CE04102 ] RpcLocator C:\Windows\system32\locator.exe
22:28:20.0205 0856 RpcLocator - ok
22:28:20.0212 0856 [ CF8B9A3A5E7DC57724A89D0C3E8CF9EF ] RpcSs C:\Windows\system32\rpcss.dll
22:28:20.0233 0856 RpcSs - ok
22:28:20.0235 0856 [ 22A9CB08B1A6707C1550C6BF099AAE73 ] rspndr C:\Windows\system32\DRIVERS\rspndr.sys
22:28:20.0255 0856 rspndr - ok
22:28:20.0258 0856 [ 269C9E8B59434C700482C363952D2C38 ] RTCore64 C:\Program Files (x86)\EVGA Precision X\RTCore64.sys
22:28:20.0263 0856 RTCore64 - ok
22:28:20.0268 0856 [ A6284C8C29CCCCAD9109C4DA5CD916BD ] RTL8169 C:\Windows\system32\DRIVERS\Rtlh64.sys
22:28:20.0279 0856 RTL8169 - ok
22:28:20.0280 0856 [ 260BF9C43EE12C6898A9F5AAB0FB0E5D ] SamSs C:\Windows\system32\lsass.exe
22:28:20.0287 0856 SamSs - ok
22:28:20.0316 0856 [ 3289766038DB2CB14D07DC84392138D5 ] SASDIFSV D:\programs\SASDIFSV64.SYS
22:28:20.0321 0856 SASDIFSV - ok
22:28:20.0329 0856 [ 58A38E75F3316A83C23DF6173D41F2B5 ] SASKUTIL D:\programs\SASKUTIL64.SYS
22:28:20.0334 0856 SASKUTIL - ok
22:28:20.0337 0856 [ F444EBA4C58AD1D6D1DA9850C2B5D829 ] SbieDrv C:\Program Files\Sandboxie\SbieDrv.sys
22:28:20.0344 0856 SbieDrv - ok
22:28:20.0347 0856 [ 9E92ABAE6F6A63C4307FE7CC4AC95831 ] SbieSvc C:\Program Files\Sandboxie\SbieSvc.exe
22:28:20.0354 0856 SbieSvc - ok
22:28:20.0356 0856 [ CD9C693589C60AD59BBBCFB0E524E01B ] sbp2port C:\Windows\system32\drivers\sbp2port.sys
22:28:20.0362 0856 sbp2port - ok
22:28:20.0365 0856 [ FD1CDCF108D5EF3366F00D18B70FB89B ] SCardSvr C:\Windows\System32\SCardSvr.dll
22:28:20.0381 0856 SCardSvr - ok
22:28:20.0389 0856 [ 0F838C811AD295D2A4489B9993096C63 ] Schedule C:\Windows\system32\schedsvc.dll
22:28:20.0407 0856 Schedule - ok
22:28:20.0409 0856 [ 5A268127633C7EE2A7FB87F39D748D56 ] SCPolicySvc C:\Windows\System32\certprop.dll
22:28:20.0423 0856 SCPolicySvc - ok
22:28:20.0426 0856 [ 4FF71B076A7760FE75EA5AE2D0EE0018 ] SDRSVC C:\Windows\System32\SDRSVC.dll
22:28:20.0433 0856 SDRSVC - ok
22:28:20.0435 0856 [ 3EA8A16169C26AFBEB544E0E48421186 ] secdrv C:\Windows\system32\drivers\secdrv.sys
22:28:20.0465 0856 secdrv - ok
22:28:20.0467 0856 [ 5ACDCBC67FCF894A1815B9F96D704490 ] seclogon C:\Windows\system32\seclogon.dll
22:28:20.0486 0856 seclogon - ok
22:28:20.0489 0856 [ 90973A64B96CD647FF81C79443618EED ] SENS C:\Windows\System32\sens.dll
22:28:20.0510 0856 SENS - ok
22:28:20.0511 0856 [ 2449316316411D65BD2C761A6FFB2CE2 ] Serenum C:\Windows\system32\DRIVERS\serenum.sys
22:28:20.0531 0856 Serenum - ok
22:28:20.0533 0856 [ 4B438170BE2FC8E0BD35EE87A960F84F ] Serial C:\Windows\system32\DRIVERS\serial.sys
22:28:20.0552 0856 Serial - ok
22:28:20.0555 0856 [ A842F04833684BCEEA7336211BE478DF ] sermouse C:\Windows\system32\drivers\sermouse.sys
22:28:20.0575 0856 sermouse - ok
22:28:20.0580 0856 [ A8E4A4407A09F35DCCC3771AF590B0C4 ] SessionEnv C:\Windows\system32\sessenv.dll
22:28:20.0599 0856 SessionEnv - ok
22:28:20.0601 0856 [ 14D4B4465193A87C127933978E8C4106 ] sffdisk C:\Windows\system32\drivers\sffdisk.sys
22:28:20.0621 0856 sffdisk - ok
22:28:20.0623 0856 [ 7073AEE3F82F3D598E3825962AA98AB2 ] sffp_mmc C:\Windows\system32\drivers\sffp_mmc.sys
22:28:20.0642 0856 sffp_mmc - ok
22:28:20.0644 0856 [ 35E59EBE4A01A0532ED67975161C7B82 ] sffp_sd C:\Windows\system32\drivers\sffp_sd.sys
22:28:20.0665 0856 sffp_sd - ok
22:28:20.0667 0856 [ 6B7838C94135768BD455CBDC23E39E5F ] sfloppy C:\Windows\system32\drivers\sfloppy.sys
22:28:20.0696 0856 sfloppy - ok
22:28:20.0700 0856 [ 4C5AEE179DA7E1EE9A9CCB9DA289AF34 ] SharedAccess C:\Windows\System32\ipnathlp.dll
22:28:20.0723 0856 SharedAccess - ok
22:28:20.0727 0856 [ 56793271ECDEDD350C5ADD305603E963 ] ShellHWDetection C:\Windows\System32\shsvcs.dll
22:28:20.0735 0856 ShellHWDetection - ok
22:28:20.0737 0856 [ 7A5DE502AEB719D4594C6471060A78B3 ] SiSRaid2 C:\Windows\system32\drivers\sisraid2.sys
22:28:20.0744 0856 SiSRaid2 - ok
22:28:20.0746 0856 [ 3A2F769FAB9582BC720E11EA1DFB184D ] SiSRaid4 C:\Windows\system32\drivers\sisraid4.sys
22:28:20.0753 0856 SiSRaid4 - ok
22:28:20.0755 0856 [ F07AF60B152221472FBDB2FECEC4896D ] SkypeUpdate C:\Program Files (x86)\Skype\Updater\Updater.exe
22:28:20.0761 0856 SkypeUpdate - ok
22:28:20.0785 0856 [ A9A27A8E257B45A604FDAD4F26FE7241 ] slsvc C:\Windows\system32\SLsvc.exe
22:28:20.0836 0856 slsvc - ok
22:28:20.0838 0856 [ FD74B4B7C2088E390A30C85A896FC3AF ] SLUINotify C:\Windows\system32\SLUINotify.dll
22:28:20.0852 0856 SLUINotify - ok
22:28:20.0855 0856 [ 290B6F6A0EC4FCDFC90F5CB6D7020473 ] Smb C:\Windows\system32\DRIVERS\smb.sys
22:28:20.0869 0856 Smb - ok
22:28:20.0873 0856 [ F8F47F38909823B1AF28D60B96340CFF ] SNMPTRAP C:\Windows\System32\snmptrap.exe
22:28:20.0880 0856 SNMPTRAP - ok
22:28:20.0882 0856 [ 386C3C63F00A7040C7EC5E384217E89D ] spldr C:\Windows\system32\drivers\spldr.sys
22:28:20.0887 0856 spldr - ok
22:28:20.0891 0856 [ F66FF751E7EFC816D266977939EF5DC3 ] Spooler C:\Windows\System32\spoolsv.exe
22:28:20.0900 0856 Spooler - ok
22:28:20.0905 0856 [ 880A57FCCB571EBD063D4DD50E93E46D ] srv C:\Windows\system32\DRIVERS\srv.sys
22:28:20.0916 0856 srv - ok
22:28:20.0920 0856 [ A1AD14A6D7A37891FFFECA35EBBB0730 ] srv2 C:\Windows\system32\DRIVERS\srv2.sys
22:28:20.0926 0856 srv2 - ok
22:28:20.0929 0856 [ 4BED62F4FA4D8300973F1151F4C4D8A7 ] srvnet C:\Windows\system32\DRIVERS\srvnet.sys
22:28:20.0937 0856 srvnet - ok
22:28:20.0940 0856 [ 192C74646EC5725AEF3F80D19FF75F6A ] SSDPSRV C:\Windows\System32\ssdpsrv.dll
22:28:20.0961 0856 SSDPSRV - ok
22:28:20.0965 0856 [ 2EE3FA0308E6185BA64A9A7F2E74332B ] SstpSvc C:\Windows\system32\sstpsvc.dll
22:28:20.0971 0856 SstpSvc - ok
22:28:20.0973 0856 Steam Client Service - ok
22:28:20.0979 0856 [ 15825C1FBFB8779992CB65087F316AF5 ] stisvc C:\Windows\System32\wiaservc.dll
22:28:20.0991 0856 stisvc - ok
22:28:20.0994 0856 [ 8A851CA908B8B974F89C50D2E18D4F0C ] swenum C:\Windows\system32\DRIVERS\swenum.sys
22:28:20.0999 0856 swenum - ok
22:28:21.0004 0856 [ 6DE37F4DE19D4EFD9C48C43ADDBC949A ] swprv C:\Windows\System32\swprv.dll
22:28:21.0021 0856 swprv - ok
22:28:21.0023 0856 [ 2F26A2C6FC96B29BEFF5D8ED74E6625B ] Symc8xx C:\Windows\system32\drivers\symc8xx.sys
22:28:21.0029 0856 Symc8xx - ok
22:28:21.0031 0856 [ A909667976D3BCCD1DF813FED517D837 ] Sym_hi C:\Windows\system32\drivers\sym_hi.sys
22:28:21.0037 0856 Sym_hi - ok
22:28:21.0039 0856 [ 36887B56EC2D98B9C362F6AE4DE5B7B0 ] Sym_u3 C:\Windows\system32\drivers\sym_u3.sys
22:28:21.0045 0856 Sym_u3 - ok
22:28:21.0053 0856 [ 92D7A8B0F87B036F17D25885937897A6 ] SysMain C:\Windows\system32\sysmain.dll
22:28:21.0079 0856 SysMain - ok
22:28:21.0081 0856 [ 005CE42567F9113A3BCCB3B20073B029 ] TabletInputService C:\Windows\System32\TabSvc.dll
22:28:21.0089 0856 TabletInputService - ok
22:28:21.0092 0856 [ CC2562B4D55E0B6A4758C65407F63B79 ] TapiSrv C:\Windows\System32\tapisrv.dll
22:28:21.0108 0856 TapiSrv - ok
22:28:21.0111 0856 [ CDBE8D7C1E201B911CDC346D06617FB5 ] TBS C:\Windows\System32\tbssvc.dll
22:28:21.0131 0856 TBS - ok
22:28:21.0142 0856 [ AC8D5728E6AD6A7C4819D9A67008337A ] Tcpip C:\Windows\system32\drivers\tcpip.sys
22:28:21.0173 0856 Tcpip - ok
22:28:21.0184 0856 [ AC8D5728E6AD6A7C4819D9A67008337A ] Tcpip6 C:\Windows\system32\DRIVERS\tcpip.sys
22:28:21.0213 0856 Tcpip6 - ok
22:28:21.0216 0856 [ FD8FDE859E38E40A20085EBB0C22B416 ] tcpipreg C:\Windows\system32\drivers\tcpipreg.sys
22:28:21.0221 0856 tcpipreg - ok
22:28:21.0223 0856 [ 1D8BF4AAA5FB7A2761475781DC1195BC ] TDPIPE C:\Windows\system32\drivers\tdpipe.sys
22:28:21.0243 0856 TDPIPE - ok
22:28:21.0245 0856 [ 7F7E00CDF609DF657F4CDA02DD1C9BB1 ] TDTCP C:\Windows\system32\drivers\tdtcp.sys
22:28:21.0264 0856 TDTCP - ok
22:28:21.0266 0856 [ 458919C8C42E398DC4802178D5FFEE27 ] tdx C:\Windows\system32\DRIVERS\tdx.sys
22:28:21.0281 0856 tdx - ok
22:28:21.0283 0856 [ 8C19678D22649EC002EF2282EAE92F98 ] TermDD C:\Windows\system32\DRIVERS\termdd.sys
22:28:21.0289 0856 TermDD - ok
22:28:21.0295 0856 [ 5CDD30BC217082DAC71A9878D9BFD566 ] TermService C:\Windows\System32\termsrv.dll
22:28:21.0313 0856 TermService - ok
22:28:21.0317 0856 [ 56793271ECDEDD350C5ADD305603E963 ] Themes C:\Windows\system32\shsvcs.dll
22:28:21.0326 0856 Themes - ok
22:28:21.0328 0856 [ 3CBE4995E80E13CCFBC42E5DCF3AC81A ] THREADORDER C:\Windows\system32\mmcss.dll
22:28:21.0347 0856 THREADORDER - ok
22:28:21.0349 0856 [ F4689F05AF472A651A7B1B7B02D200E7 ] TrkWks C:\Windows\System32\trkwks.dll
22:28:21.0370 0856 TrkWks - ok
22:28:21.0372 0856 [ 66328B08EF5A9305D8EDE36B93930369 ] TrustedInstaller C:\Windows\servicing\TrustedInstaller.exe
22:28:21.0386 0856 TrustedInstaller - ok
22:28:21.0389 0856 [ 9E5409CD17C8BEF193AAD498F3BC2CB8 ] tssecsrv C:\Windows\system32\DRIVERS\tssecsrv.sys
22:28:21.0409 0856 tssecsrv - ok
22:28:21.0411 0856 [ 89EC74A9E602D16A75A4170511029B3C ] tunmp C:\Windows\system32\DRIVERS\tunmp.sys
22:28:21.0417 0856 tunmp - ok
22:28:21.0419 0856 [ 30A9B3F45AD081BFFC3BCAA9C812B609 ] tunnel C:\Windows\system32\DRIVERS\tunnel.sys
22:28:21.0425 0856 tunnel - ok
22:28:21.0427 0856 [ FEC266EF401966311744BD0F359F7F56 ] uagp35 C:\Windows\system32\drivers\uagp35.sys
22:28:21.0434 0856 uagp35 - ok
22:28:21.0437 0856 [ FAF2640A2A76ED03D449E443194C4C34 ] udfs C:\Windows\system32\DRIVERS\udfs.sys
22:28:21.0453 0856 udfs - ok
22:28:21.0457 0856 [ 060507C4113391394478F6953A79EEDC ] UI0Detect C:\Windows\system32\UI0Detect.exe
22:28:21.0476 0856 UI0Detect - ok
22:28:21.0479 0856 [ 4EC9447AC3AB462647F60E547208CA00 ] uliagpkx C:\Windows\system32\drivers\uliagpkx.sys
22:28:21.0485 0856 uliagpkx - ok
22:28:21.0489 0856 [ 697F0446134CDC8F99E69306184FBBB4 ] uliahci C:\Windows\system32\drivers\uliahci.sys
22:28:21.0498 0856 uliahci - ok
22:28:21.0501 0856 [ 31707F09846056651EA2C37858F5DDB0 ] UlSata C:\Windows\system32\drivers\ulsata.sys
22:28:21.0507 0856 UlSata - ok
22:28:21.0510 0856 [ 85E5E43ED5B48C8376281BAB519271B7 ] ulsata2 C:\Windows\system32\drivers\ulsata2.sys
22:28:21.0518 0856 ulsata2 - ok
22:28:21.0520 0856 [ 46E9A994C4FED537DD951F60B86AD3F4 ] umbus C:\Windows\system32\DRIVERS\umbus.sys
22:28:21.0541 0856 umbus - ok
22:28:21.0545 0856 [ 7093799FF80E9DECA0680D2E3535BE60 ] upnphost C:\Windows\System32\upnphost.dll
22:28:21.0568 0856 upnphost - ok
22:28:21.0571 0856 [ 07E3498FC60834219D2356293DA0FECC ] usbccgp C:\Windows\system32\DRIVERS\usbccgp.sys
22:28:21.0586 0856 usbccgp - ok
22:28:21.0589 0856 [ 9247F7E0B65852C1F6631480984D6ED2 ] usbcir C:\Windows\system32\drivers\usbcir.sys
22:28:21.0620 0856 usbcir - ok
22:28:21.0623 0856 [ 827E44DE934A736EA31E91D353EB126F ] usbehci C:\Windows\system32\DRIVERS\usbehci.sys
22:28:21.0636 0856 usbehci - ok
22:28:21.0640 0856 [ BB35CD80A2ECECFADC73569B3D70C7D1 ] usbhub C:\Windows\system32\DRIVERS\usbhub.sys
22:28:21.0657 0856 usbhub - ok
22:28:21.0659 0856 [ EBA14EF0C07CEC233F1529C698D0D154 ] usbohci C:\Windows\system32\drivers\usbohci.sys
22:28:21.0689 0856 usbohci - ok
22:28:21.0691 0856 [ ACFEE697AF477021BB3EC78C5431FED2 ] usbprint C:\Windows\system32\drivers\usbprint.sys
22:28:21.0721 0856 usbprint - ok
22:28:21.0724 0856 [ B854C1558FCA0C269A38663E8B59B581 ] USBSTOR C:\Windows\system32\DRIVERS\USBSTOR.SYS
22:28:21.0739 0856 USBSTOR - ok
22:28:21.0741 0856 [ B2872CBF9F47316ABD0E0C74A1ABA507 ] usbuhci C:\Windows\system32\DRIVERS\usbuhci.sys
22:28:21.0755 0856 usbuhci - ok
22:28:21.0757 0856 [ D76E231E4850BB3F88A3D9A78DF191E3 ] UxSms C:\Windows\System32\uxsms.dll
22:28:21.0771 0856 UxSms - ok
22:28:21.0776 0856 [ 294945381DFA7CE58CECF0A9896AF327 ] vds C:\Windows\System32\vds.exe
22:28:21.0794 0856 vds - ok
22:28:21.0796 0856 [ 916B94BCF1E09873FFF2D5FB11767BBC ] vga C:\Windows\system32\DRIVERS\vgapnp.sys
22:28:21.0815 0856 vga - ok
22:28:21.0817 0856 [ B83AB16B51FEDA65DD81B8C59D114D63 ] VgaSave C:\Windows\System32\drivers\vga.sys
22:28:21.0837 0856 VgaSave - ok
22:28:21.0839 0856 [ 8294B6C3FDB6C33F24E150DE647ECDAA ] viaide C:\Windows\system32\drivers\viaide.sys
22:28:21.0843 0856 viaide - ok
22:28:21.0846 0856 [ 2B7E885ED951519A12C450D24535DFCA ] volmgr C:\Windows\system32\drivers\volmgr.sys
22:28:21.0853 0856 volmgr - ok
22:28:21.0858 0856 [ CEC5AC15277D75D9E5DEC2E1C6EAF877 ] volmgrx C:\Windows\system32\drivers\volmgrx.sys
22:28:21.0869 0856 volmgrx - ok
22:28:21.0873 0856 [ 5280AADA24AB36B01A84A6424C475C8D ] volsnap C:\Windows\system32\drivers\volsnap.sys
22:28:21.0881 0856 volsnap - ok
22:28:21.0884 0856 [ A68F455ED2673835209318DD61BFBB0E ] vsmraid C:\Windows\system32\drivers\vsmraid.sys
22:28:21.0891 0856 vsmraid - ok
22:28:21.0905 0856 [ B75232DAD33BFD95BF6F0A3E6BFF51E1 ] VSS C:\Windows\system32\vssvc.exe
22:28:21.0939 0856 VSS - ok
22:28:21.0944 0856 [ F14A7DE2EA41883E250892E1E5230A9A ] W32Time C:\Windows\system32\w32time.dll
22:28:21.0962 0856 W32Time - ok
22:28:21.0964 0856 [ FEF8FE5923FEAD2CEE4DFABFCE3393A7 ] WacomPen C:\Windows\system32\drivers\wacompen.sys
22:28:21.0995 0856 WacomPen - ok
22:28:21.0997 0856 [ B8E7049622300D20BA6D8BE0C47C0CFD ] Wanarp C:\Windows\system32\DRIVERS\wanarp.sys
22:28:22.0011 0856 Wanarp - ok
22:28:22.0013 0856 [ B8E7049622300D20BA6D8BE0C47C0CFD ] Wanarpv6 C:\Windows\system32\DRIVERS\wanarp.sys
22:28:22.0027 0856 Wanarpv6 - ok
22:28:22.0034 0856 [ B4E4C37D0AA6100090A53213EE2BF1C1 ] wcncsvc C:\Windows\System32\wcncsvc.dll
22:28:22.0047 0856 wcncsvc - ok
22:28:22.0048 0856 [ EA4B369560E986F19D93F45A881484AC ] WcsPlugInService C:\Windows\System32\WcsPlugInService.dll
22:28:22.0063 0856 WcsPlugInService - ok
22:28:22.0065 0856 [ 0C17A0816F65B89E362E682AD5E7266E ] Wd C:\Windows\system32\drivers\wd.sys
22:28:22.0072 0856 Wd - ok
22:28:22.0080 0856 [ D02E7E4567DA1E7582FBF6A91144B0DF ] Wdf01000 C:\Windows\system32\drivers\Wdf01000.sys
22:28:22.0098 0856 Wdf01000 - ok
22:28:22.0101 0856 [ C5EFDA73EBFCA8B02A094898DE0A9276 ] WdiServiceHost C:\Windows\system32\wdi.dll
22:28:22.0123 0856 WdiServiceHost - ok
22:28:22.0125 0856 [ C5EFDA73EBFCA8B02A094898DE0A9276 ] WdiSystemHost C:\Windows\system32\wdi.dll
22:28:22.0145 0856 WdiSystemHost - ok
22:28:22.0149 0856 [ 3E6D05381CF35F75EBB055544A8ED9AC ] WebClient C:\Windows\System32\webclnt.dll
22:28:22.0158 0856 WebClient - ok
22:28:22.0161 0856 [ 8D40BC587993F876658BF9FB0F7D3462 ] Wecsvc C:\Windows\system32\wecsvc.dll
22:28:22.0170 0856 Wecsvc - ok
22:28:22.0172 0856 [ 9C980351D7E96288EA0C23AE232BD065 ] wercplsupport C:\Windows\System32\wercplsupport.dll
22:28:22.0187 0856 wercplsupport - ok
22:28:22.0189 0856 [ 66B9ECEBC46683F47EDC06333C075FEF ] WerSvc C:\Windows\System32\WerSvc.dll
22:28:22.0205 0856 WerSvc - ok
22:28:22.0207 0856 WinDefend - ok
22:28:22.0209 0856 WinHttpAutoProxySvc - ok
22:28:22.0214 0856 [ D2E7296ED1BD26D8DB2799770C077A02 ] Winmgmt C:\Windows\system32\wbem\WMIsvc.dll
22:28:22.0230 0856 Winmgmt - ok
22:28:22.0233 0856 [ 0C0195C48B6B8582FA6F6373032118DA ] WinRing0_1_2_0 C:\Users\Colin\Documents\realtemp\WinRing0x64.sys
22:28:22.0240 0856 WinRing0_1_2_0 - ok
22:28:22.0257 0856 [ 6CBB0C68F13B9C2EC1B16F5FA5E7C869 ] WinRM C:\Windows\system32\WsmSvc.dll
22:28:22.0294 0856 WinRM - ok
22:28:22.0301 0856 [ EC339C8115E91BAED835957E9A677F16 ] Wlansvc C:\Windows\System32\wlansvc.dll
22:28:22.0317 0856 Wlansvc - ok
22:28:22.0319 0856 [ E18AEBAAA5A773FE11AA2C70F65320F5 ] WmiAcpi C:\Windows\system32\DRIVERS\wmiacpi.sys
22:28:22.0334 0856 WmiAcpi - ok
22:28:22.0338 0856 [ 21FA389E65A852698B6A1341F36EE02D ] wmiApSrv C:\Windows\system32\wbem\WmiApSrv.exe
22:28:22.0354 0856 wmiApSrv - ok
22:28:22.0356 0856 WMPNetworkSvc - ok
22:28:22.0359 0856 [ CBC156C913F099E6680D1DF9307DB7A8 ] WPCSvc C:\Windows\System32\wpcsvc.dll
22:28:22.0367 0856 WPCSvc - ok
22:28:22.0370 0856 [ 490A18B4E4D53DC10879DEAA8E8B70D9 ] WPDBusEnum C:\Windows\system32\wpdbusenum.dll
22:28:22.0378 0856 WPDBusEnum - ok
22:28:22.0391 0856 [ 991E2C2CF3BC204C2BB2EE1476149E4E ] WPFFontCache_v0400 C:\Windows\Microsoft.NET\Framework64\v4.0.30319\WPF\WPFFontCache_v0400.exe
22:28:22.0412 0856 WPFFontCache_v0400 - ok
22:28:22.0414 0856 [ 8A900348370E359B6BFF6A550E4649E1 ] ws2ifsl C:\Windows\system32\drivers\ws2ifsl.sys
22:28:22.0433 0856 ws2ifsl - ok
22:28:22.0435 0856 [ 9EA3E6D0EF7A5C2B9181961052A4B01A ] wscsvc C:\Windows\System32\wscsvc.dll
22:28:22.0444 0856 wscsvc - ok
22:28:22.0445 0856 WSearch - ok
22:28:22.0463 0856 [ D9EF901DCA379CFE914E9FA13B73B4C4 ] wuauserv C:\Windows\system32\wuaueng.dll
22:28:22.0512 0856 wuauserv - ok
22:28:22.0514 0856 [ 501A65252617B495C0F1832F908D54D8 ] WUDFRd C:\Windows\system32\DRIVERS\WUDFRd.sys
22:28:22.0534 0856 WUDFRd - ok
22:28:22.0537 0856 [ 6CBD51FF913C851D56ED9DC7F2A27DDE ] wudfsvc C:\Windows\System32\WUDFSvc.dll
22:28:22.0556 0856 wudfsvc - ok
22:28:22.0558 0856 ================ Scan global ===============================
22:28:22.0560 0856 [ 060DC3A7A9A2626031EB23D90151428D ] C:\Windows\system32\basesrv.dll
22:28:22.0565 0856 [ AA137104CDFC81818A309CDE32ABB74A ] C:\Windows\system32\winsrv.dll
22:28:22.0571 0856 [ AA137104CDFC81818A309CDE32ABB74A ] C:\Windows\system32\winsrv.dll
22:28:22.0578 0856 [ 934E0B7D77FF78C18D9F8891221B6DE3 ] C:\Windows\system32\services.exe
22:28:22.0580 0856 [Global] - ok
22:28:22.0580 0856 ================ Scan MBR ==================================
22:28:22.0581 0856 [ 5C616939100B85E558DA92B899A0FC36 ] \Device\Harddisk0\DR0
22:28:22.0629 0856 \Device\Harddisk0\DR0 - ok
22:28:22.0651 0856 [ 5C616939100B85E558DA92B899A0FC36 ] \Device\Harddisk1\DR1
22:28:22.0720 0856 \Device\Harddisk1\DR1 - ok
22:28:22.0721 0856 ================ Scan VBR ==================================
22:28:22.0722 0856 [ BA23F2BCFFAB08909801710668182E90 ] \Device\Harddisk0\DR0\Partition1
22:28:22.0723 0856 \Device\Harddisk0\DR0\Partition1 - ok
22:28:22.0725 0856 [ 7DD5700C44C33ECD3FA95D58CC87C6AD ] \Device\Harddisk1\DR1\Partition1
22:28:22.0726 0856 \Device\Harddisk1\DR1\Partition1 - ok
22:28:22.0726 0856 ============================================================
22:28:22.0726 0856 Scan finished
22:28:22.0726 0856 ============================================================
22:28:22.0731 1404 Detected object count: 0
22:28:22.0731 1404 Actual detected object count: 0

aswMBR version 0.9.9.1665 Copyright© 2011 AVAST Software
Run date: 2012-09-02 23:07:39
-----------------------------
23:07:39.987 OS Version: Windows x64 6.0.6002 Service Pack 2
23:07:39.988 Number of processors: 4 586 0x2A07
23:07:39.988 ComputerName: COLIN-PC UserName: Colin
23:07:40.611 Initialize success
23:07:44.923 AVAST engine defs: 12090201
23:08:11.024 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IAAStorageDevice-1
23:08:11.025 Disk 0 Vendor: M4-CT064 000F Size: 61057MB BusType: 3
23:08:11.026 Disk 1 \Device\Harddisk1\DR1 -> \Device\Ide\IAAStorageDevice-2
23:08:11.027 Disk 1 Vendor: ST350041 CC38 Size: 476940MB BusType: 3
23:08:11.134 Disk 0 MBR read successfully
23:08:11.136 Disk 0 MBR scan
23:08:11.139 Disk 0 Windows VISTA default MBR code
23:08:11.198 Disk 0 Partition 1 80 (A) 07 HPFS/NTFS NTFS 61055 MB offset 2048
23:08:11.319 Disk 0 scanning C:\Windows\system32\drivers
23:08:31.331 Service scanning
23:08:40.066 Modules scanning
23:08:40.069 Disk 0 trace - called modules:
23:08:40.102 ntoskrnl.exe CLASSPNP.SYS disk.sys iaStor.sys hal.dll
23:08:40.129 1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0xfffffa8010b5f790]
23:08:40.131 3 CLASSPNP.SYS[fffffa60013d2c33] -> nt!IofCallDriver -> \Device\Ide\IAAStorageDevice-1[0xfffffa800d750050]
23:08:40.693 AVAST engine scan C:\Windows
23:08:55.170 AVAST engine scan C:\Windows\system32
23:12:45.496 AVAST engine scan C:\Windows\system32\drivers
23:12:53.150 AVAST engine scan C:\Users\Colin
23:13:19.694 AVAST engine scan C:\ProgramData
23:13:22.564 Scan finished successfully
23:13:40.634 Disk 0 MBR has been saved successfully to "C:\Users\Colin\Desktop\MBR.dat"
23:13:40.637 The log file has been saved successfully to "C:\Users\Colin\Desktop\aswMBR.txt"

eset didnt find anything so there was no log. Heres a minibox log from today if u dont mind looking at that.


MiniToolBox by Farbar Version: 23-07-2012
Ran by Colin (administrator) on 02-09-2012 at 23:56:42
Microsoft® Windows Vista™ Home Premium Service Pack 2 (X64)
Boot Mode: Normal
***************************************************************************

========================= IE Proxy Settings: ==============================

Proxy is not enabled.
No Proxy Server is set.
========================= Hosts content: =================================

::1 localhost

127.0.0.1 localhost

========================= IP Configuration: ================================

Realtek PCIe GBE Family Controller = Local Area Connection (Connected)


# ----------------------------------
# IPv4 Configuration
# ----------------------------------
pushd interface ipv4

reset
set global icmpredirects=enabled


popd
# End of IPv4 configuration



Windows IP Configuration

Host Name . . . . . . . . . . . . : Colin-PC
Primary Dns Suffix . . . . . . . :
Node Type . . . . . . . . . . . . : Hybrid
IP Routing Enabled. . . . . . . . : No
WINS Proxy Enabled. . . . . . . . : No
DNS Suffix Search List. . . . . . : Belkin

Ethernet adapter Local Area Connection:

Connection-specific DNS Suffix . : Belkin
Description . . . . . . . . . . . : Realtek PCIe GBE Family Controller
Physical Address. . . . . . . . . : 1C-6F-65-C5-BB-0C
DHCP Enabled. . . . . . . . . . . : Yes
Autoconfiguration Enabled . . . . : Yes
Link-local IPv6 Address . . . . . : fe80::4d7a:2061:142:2da6%10(Preferred)
IPv4 Address. . . . . . . . . . . : 192.168.2.3(Preferred)
Subnet Mask . . . . . . . . . . . : 255.255.255.0
Lease Obtained. . . . . . . . . . : Sunday, September 02, 2012 7:55:55 PM
Lease Expires . . . . . . . . . . : Wednesday, August 31, 2022 7:55:54 PM
Default Gateway . . . . . . . . . : 192.168.2.1
DHCP Server . . . . . . . . . . . : 192.168.2.1
DHCPv6 IAID . . . . . . . . . . . : 186412901
DHCPv6 Client DUID. . . . . . . . : 00-01-00-01-17-C9-DE-6A-1C-6F-65-C5-BB-0C
DNS Servers . . . . . . . . . . . : 192.168.2.1
NetBIOS over Tcpip. . . . . . . . : Enabled

Tunnel adapter Local Area Connection* 6:

Media State . . . . . . . . . . . : Media disconnected
Connection-specific DNS Suffix . : Belkin
Description . . . . . . . . . . . : isatap.Belkin
Physical Address. . . . . . . . . : 00-00-00-00-00-00-00-E0
DHCP Enabled. . . . . . . . . . . : No
Autoconfiguration Enabled . . . . : Yes

Tunnel adapter Local Area Connection* 7:

Connection-specific DNS Suffix . :
Description . . . . . . . . . . . : Teredo Tunneling Pseudo-Interface
Physical Address. . . . . . . . . : 02-00-54-55-4E-01
DHCP Enabled. . . . . . . . . . . : No
Autoconfiguration Enabled . . . . : Yes
IPv6 Address. . . . . . . . . . . : 2001:0:4137:9e76:1486:373c:3f57:fdfc(Preferred)
Link-local IPv6 Address . . . . . : fe80::1486:373c:3f57:fdfc%11(Preferred)
Default Gateway . . . . . . . . . : ::
NetBIOS over Tcpip. . . . . . . . : Disabled
Server: UnKnown
Address: 192.168.2.1

Name: google.com
Addresses: 2607:f8b0:4004:801::1001
74.125.225.129
74.125.225.134
74.125.225.128
74.125.225.132
74.125.225.137
74.125.225.131
74.125.225.135
74.125.225.133
74.125.225.136
74.125.225.142
74.125.225.130



Pinging google.com [74.125.228.39] with 32 bytes of data:

Reply from 74.125.228.39: bytes=32 time=13ms TTL=55

Reply from 74.125.228.39: bytes=32 time=30ms TTL=55



Ping statistics for 74.125.228.39:

Packets: Sent = 2, Received = 2, Lost = 0 (0% loss),

Approximate round trip times in milli-seconds:

Minimum = 13ms, Maximum = 30ms, Average = 21ms

Server: UnKnown
Address: 192.168.2.1

Name: yahoo.com
Addresses: 98.139.183.24
72.30.38.140
98.138.253.109



Pinging yahoo.com [98.139.183.24] with 32 bytes of data:

Reply from 98.139.183.24: bytes=32 time=54ms TTL=51

Reply from 98.139.183.24: bytes=32 time=57ms TTL=51



Ping statistics for 98.139.183.24:

Packets: Sent = 2, Received = 2, Lost = 0 (0% loss),

Approximate round trip times in milli-seconds:

Minimum = 54ms, Maximum = 57ms, Average = 55ms

Server: UnKnown
Address: 192.168.2.1

Name: bleepingcomputer.com
Address: 208.43.87.2



Pinging bleepingcomputer.com [208.43.87.2] with 32 bytes of data:

Reply from 208.43.87.2: Destination host unreachable.

Reply from 208.43.87.2: Destination host unreachable.



Ping statistics for 208.43.87.2:

Packets: Sent = 2, Received = 2, Lost = 0 (0% loss),



Pinging 127.0.0.1 with 32 bytes of data:

Reply from 127.0.0.1: bytes=32 time<1ms TTL=128

Reply from 127.0.0.1: bytes=32 time<1ms TTL=128



Ping statistics for 127.0.0.1:

Packets: Sent = 2, Received = 2, Lost = 0 (0% loss),

Approximate round trip times in milli-seconds:

Minimum = 0ms, Maximum = 0ms, Average = 0ms

===========================================================================
Interface List
10 ...1c 6f 65 c5 bb 0c ...... Realtek PCIe GBE Family Controller
1 ........................... Software Loopback Interface 1
12 ...00 00 00 00 00 00 00 e0 isatap.Belkin
11 ...02 00 54 55 4e 01 ...... Teredo Tunneling Pseudo-Interface
===========================================================================

IPv4 Route Table
===========================================================================
Active Routes:
Network Destination Netmask Gateway Interface Metric
0.0.0.0 0.0.0.0 192.168.2.1 192.168.2.3 20
127.0.0.0 255.0.0.0 On-link 127.0.0.1 306
127.0.0.1 255.255.255.255 On-link 127.0.0.1 306
127.255.255.255 255.255.255.255 On-link 127.0.0.1 306
192.168.2.0 255.255.255.0 On-link 192.168.2.3 276
192.168.2.3 255.255.255.255 On-link 192.168.2.3 276
192.168.2.255 255.255.255.255 On-link 192.168.2.3 276
224.0.0.0 240.0.0.0 On-link 127.0.0.1 306
224.0.0.0 240.0.0.0 On-link 192.168.2.3 276
255.255.255.255 255.255.255.255 On-link 127.0.0.1 306
255.255.255.255 255.255.255.255 On-link 192.168.2.3 276
===========================================================================
Persistent Routes:
None

IPv6 Route Table
===========================================================================
Active Routes:
If Metric Network Destination Gateway
11 18 ::/0 On-link
1 306 ::1/128 On-link
11 18 2001::/32 On-link
11 266 2001:0:4137:9e76:1486:373c:3f57:fdfc/128
On-link
10 276 fe80::/64 On-link
11 266 fe80::/64 On-link
11 266 fe80::1486:373c:3f57:fdfc/128
On-link
10 276 fe80::4d7a:2061:142:2da6/128
On-link
1 306 ff00::/8 On-link
11 266 ff00::/8 On-link
10 276 ff00::/8 On-link
===========================================================================
Persistent Routes:
None
========================= Winsock entries =====================================

Catalog5 01 C:\Windows\SysWOW64\NLAapi.dll [48128] (Microsoft Corporation)
Catalog5 02 C:\Windows\SysWOW64\napinsp.dll [50176] (Microsoft Corporation)
Catalog5 03 C:\Windows\SysWOW64\pnrpnsp.dll [62464] (Microsoft Corporation)
Catalog5 04 C:\Windows\SysWOW64\pnrpnsp.dll [62464] (Microsoft Corporation)
Catalog5 05 C:\Windows\SysWOW64\mswsock.dll [223232] (Microsoft Corporation)
Catalog5 06 C:\Windows\SysWOW64\winrnr.dll [19968] (Microsoft Corporation)
Catalog9 01 C:\Windows\SysWOW64\mswsock.dll [223232] (Microsoft Corporation)
Catalog9 02 C:\Windows\SysWOW64\mswsock.dll [223232] (Microsoft Corporation)
Catalog9 03 C:\Windows\SysWOW64\mswsock.dll [223232] (Microsoft Corporation)
Catalog9 04 C:\Windows\SysWOW64\mswsock.dll [223232] (Microsoft Corporation)
Catalog9 05 C:\Windows\SysWOW64\mswsock.dll [223232] (Microsoft Corporation)
Catalog9 06 C:\Windows\SysWOW64\mswsock.dll [223232] (Microsoft Corporation)
Catalog9 07 C:\Windows\SysWOW64\mswsock.dll [223232] (Microsoft Corporation)
Catalog9 08 C:\Windows\SysWOW64\mswsock.dll [223232] (Microsoft Corporation)
Catalog9 09 C:\Windows\SysWOW64\mswsock.dll [223232] (Microsoft Corporation)
Catalog9 10 C:\Windows\SysWOW64\mswsock.dll [223232] (Microsoft Corporation)
x64-Catalog5 01 C:\Windows\System32\NLAapi.dll [61440] (Microsoft Corporation)
x64-Catalog5 02 C:\Windows\System32\napinsp.dll [62976] (Microsoft Corporation)
x64-Catalog5 03 C:\Windows\System32\pnrpnsp.dll [78848] (Microsoft Corporation)
x64-Catalog5 04 C:\Windows\System32\pnrpnsp.dll [78848] (Microsoft Corporation)
x64-Catalog5 05 C:\Windows\System32\mswsock.dll [304128] (Microsoft Corporation)
x64-Catalog5 06 C:\Windows\System32\winrnr.dll [27648] (Microsoft Corporation)
x64-Catalog9 01 C:\Windows\System32\mswsock.dll [304128] (Microsoft Corporation)
x64-Catalog9 02 C:\Windows\System32\mswsock.dll [304128] (Microsoft Corporation)
x64-Catalog9 03 C:\Windows\System32\mswsock.dll [304128] (Microsoft Corporation)
x64-Catalog9 04 C:\Windows\System32\mswsock.dll [304128] (Microsoft Corporation)
x64-Catalog9 05 C:\Windows\System32\mswsock.dll [304128] (Microsoft Corporation)
x64-Catalog9 06 C:\Windows\System32\mswsock.dll [304128] (Microsoft Corporation)
x64-Catalog9 07 C:\Windows\System32\mswsock.dll [304128] (Microsoft Corporation)
x64-Catalog9 08 C:\Windows\System32\mswsock.dll [304128] (Microsoft Corporation)
x64-Catalog9 09 C:\Windows\System32\mswsock.dll [304128] (Microsoft Corporation)
x64-Catalog9 10 C:\Windows\System32\mswsock.dll [304128] (Microsoft Corporation)

========================= Event log errors: ===============================

Application errors:
==================
Error: (09/02/2012 11:15:01 PM) (Source: SideBySide) (User: )
Description: Activation context generation failed for "C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.6002.18305_none_1509f852f40ee5cd.manifest1".Error in manifest or policy file "C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.6002.18305_none_1509f852f40ee5cd.manifest2" on line C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.6002.18305_none_1509f852f40ee5cd.manifest3.
A component version required by the application conflicts with another component version already active.
Conflicting components are:.
Component 1: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.6002.18305_none_1509f852f40ee5cd.manifest.
Component 2: C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.6002.18305_none_5cb72f2a088b0ed3.manifest.

Error: (09/02/2012 11:14:51 PM) (Source: SideBySide) (User: )
Description: Activation context generation failed for "C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.6002.18305_none_1509f852f40ee5cd.manifest1".Error in manifest or policy file "C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.6002.18305_none_1509f852f40ee5cd.manifest2" on line C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.6002.18305_none_1509f852f40ee5cd.manifest3.
A component version required by the application conflicts with another component version already active.
Conflicting components are:.
Component 1: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.6002.18305_none_1509f852f40ee5cd.manifest.
Component 2: C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.6002.18305_none_5cb72f2a088b0ed3.manifest.

Error: (09/02/2012 11:14:51 PM) (Source: SideBySide) (User: )
Description: Activation context generation failed for "C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.6002.18305_none_1509f852f40ee5cd.manifest1".Error in manifest or policy file "C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.6002.18305_none_1509f852f40ee5cd.manifest2" on line C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.6002.18305_none_1509f852f40ee5cd.manifest3.
A component version required by the application conflicts with another component version already active.
Conflicting components are:.
Component 1: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.6002.18305_none_1509f852f40ee5cd.manifest.
Component 2: C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.6002.18305_none_5cb72f2a088b0ed3.manifest.

Error: (09/02/2012 07:57:43 PM) (Source: WinMgmt) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (09/02/2012 01:33:40 PM) (Source: WinMgmt) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (09/01/2012 06:14:10 PM) (Source: SideBySide) (User: )
Description: Activation context generation failed for "C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.6002.18305_none_1509f852f40ee5cd.manifest1".Error in manifest or policy file "C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.6002.18305_none_1509f852f40ee5cd.manifest2" on line C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.6002.18305_none_1509f852f40ee5cd.manifest3.
A component version required by the application conflicts with another component version already active.
Conflicting components are:.
Component 1: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.6002.18305_none_1509f852f40ee5cd.manifest.
Component 2: C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.6002.18305_none_5cb72f2a088b0ed3.manifest.

Error: (09/01/2012 06:14:01 PM) (Source: SideBySide) (User: )
Description: Activation context generation failed for "C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.6002.18305_none_1509f852f40ee5cd.manifest1".Error in manifest or policy file "C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.6002.18305_none_1509f852f40ee5cd.manifest2" on line C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.6002.18305_none_1509f852f40ee5cd.manifest3.
A component version required by the application conflicts with another component version already active.
Conflicting components are:.
Component 1: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.6002.18305_none_1509f852f40ee5cd.manifest.
Component 2: C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.6002.18305_none_5cb72f2a088b0ed3.manifest.

Error: (09/01/2012 02:13:51 PM) (Source: WinMgmt) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (09/01/2012 03:52:08 AM) (Source: WinMgmt) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (08/31/2012 03:45:20 PM) (Source: SideBySide) (User: )
Description: Activation context generation failed for "C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.6002.18305_none_1509f852f40ee5cd.manifest1".Error in manifest or policy file "C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.6002.18305_none_1509f852f40ee5cd.manifest2" on line C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.6002.18305_none_1509f852f40ee5cd.manifest3.
A component version required by the application conflicts with another component version already active.
Conflicting components are:.
Component 1: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.6002.18305_none_1509f852f40ee5cd.manifest.
Component 2: C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.6002.18305_none_5cb72f2a088b0ed3.manifest.


System errors:
=============
Error: (09/02/2012 07:57:43 PM) (Source: Service Control Manager) (User: )
Description: Steam Client Service%%1053

Error: (09/02/2012 07:57:43 PM) (Source: Service Control Manager) (User: )
Description: 30000Steam Client Service

Error: (09/01/2012 02:13:51 PM) (Source: Service Control Manager) (User: )
Description: Steam Client Service%%1053

Error: (09/01/2012 02:13:51 PM) (Source: Service Control Manager) (User: )
Description: 30000Steam Client Service

Error: (09/01/2012 03:52:08 AM) (Source: Service Control Manager) (User: )
Description: Steam Client Service%%1053

Error: (09/01/2012 03:52:08 AM) (Source: Service Control Manager) (User: )
Description: 30000Steam Client Service

Error: (09/01/2012 03:50:20 AM) (Source: EventLog) (User: )
Description: The previous system shutdown at 3:49:25 AM on 9/1/2012 was unexpected.

Error: (08/31/2012 02:46:20 PM) (Source: Service Control Manager) (User: )
Description: Steam Client Service%%1053

Error: (08/31/2012 02:46:20 PM) (Source: Service Control Manager) (User: )
Description: 30000Steam Client Service

Error: (08/30/2012 03:49:56 AM) (Source: Service Control Manager) (User: )
Description: Steam Client Service%%1053


Microsoft Office Sessions:
=========================
Error: (09/02/2012 11:15:01 PM) (Source: SideBySide)(User: )
Description: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.6002.18305_none_1509f852f40ee5cd.manifestC:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.6002.18305_none_5cb72f2a088b0ed3.manifestC:\Users\Colin\Documents\useful programs\esetsmartinstaller_enu.exe

Error: (09/02/2012 11:14:51 PM) (Source: SideBySide)(User: )
Description: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.6002.18305_none_1509f852f40ee5cd.manifestC:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.6002.18305_none_5cb72f2a088b0ed3.manifestC:\Users\Colin\Documents\useful programs\esetsmartinstaller_enu.exe

Error: (09/02/2012 11:14:51 PM) (Source: SideBySide)(User: )
Description: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.6002.18305_none_1509f852f40ee5cd.manifestC:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.6002.18305_none_5cb72f2a088b0ed3.manifestC:\Users\Colin\Documents\useful programs\esetsmartinstaller_enu.exe

Error: (09/02/2012 07:57:43 PM) (Source: WinMgmt)(User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (09/02/2012 01:33:40 PM) (Source: WinMgmt)(User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (09/01/2012 06:14:10 PM) (Source: SideBySide)(User: )
Description: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.6002.18305_none_1509f852f40ee5cd.manifestC:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.6002.18305_none_5cb72f2a088b0ed3.manifestC:\Users\Colin\Documents\useful programs\esetsmartinstaller_enu.exe

Error: (09/01/2012 06:14:01 PM) (Source: SideBySide)(User: )
Description: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.6002.18305_none_1509f852f40ee5cd.manifestC:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.6002.18305_none_5cb72f2a088b0ed3.manifestD:\Downloads\esetsmartinstaller_enu.exe

Error: (09/01/2012 02:13:51 PM) (Source: WinMgmt)(User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (09/01/2012 03:52:08 AM) (Source: WinMgmt)(User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (08/31/2012 03:45:20 PM) (Source: SideBySide)(User: )
Description: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.6002.18305_none_1509f852f40ee5cd.manifestC:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.6002.18305_none_5cb72f2a088b0ed3.manifestD:\Downloads\esetsmartinstaller_enu.exe


=========================== Installed Programs ============================

CCleaner (Version: 3.22)
Defraggler (Version: 2.10)
Google Chrome (Version: 21.0.1180.89)
Microsoft .NET Framework 3.5 SP1
Microsoft .NET Framework 3.5 SP1 (Version: 3.5.30729)
Microsoft .NET Framework 4 Client Profile (Version: 4.0.30319)
Microsoft Security Client (Version: 4.0.1526.0)
Microsoft Security Essentials (Version: 4.0.1526.0)
NVIDIA Control Panel 306.02 (Version: 306.02)
NVIDIA Graphics Driver 306.02 (Version: 306.02)
NVIDIA HD Audio Driver 1.3.18.0 (Version: 1.3.18.0)
NVIDIA Install Application (Version: 2.1002.82.513)
NVIDIA PhysX System Software 9.12.0604 (Version: 9.12.0604)
NVIDIA Update 1.10.8 (Version: 1.10.8)
NVIDIA Update Components (Version: 1.10.8)
PlanetSide 2 Beta
Sandboxie 3.74 (64-bit) (Version: 3.74)
Spotify (Version: 0.8.4.124.ga3559d86)
SUPERAntiSpyware (Version: 5.5.1012)

========================= Memory info: ===================================

Percentage of memory in use: 23%
Total physical RAM: 16366.33 MB
Available physical RAM: 12555.73 MB
Total Pagefile: 32875.71 MB
Available Pagefile: 29000.43 MB
Total Virtual: 4095.88 MB
Available Virtual: 3996.53 MB

========================= Partitions: =====================================

1 Drive c: (Main SSD) (Fixed) (Total:59.62 GB) (Free:33.18 GB) NTFS
2 Drive d: () (Fixed) (Total:465.76 GB) (Free:416.95 GB) NTFS

========================= Users: ========================================

User accounts for \\COLIN-PC

Administrator Colin Guest
UpdatusUser

========================= Minidump Files ==================================

No minidump file found

========================= Restore Points ==================================


**** End of log ****

Looks clean

My real worry is i used my SS number to reset my Credit card password about a week and a half prior to the possible infection on this computer . Of course i scanned my comp with Mbam, SAS, and i believe tdsskiller before entering it to reset my password. I pretty much did that daily for a week and a half after resetting my cc password. At which it found nothing at all that week+ accept some cookies in the logs. And nothing about that proxycheck.exe file popped up in Mbam for that week and a half after either. So all in all im trying to find some closure about Mbam finding the sole file in my temp/Rarsfx named proxycheck.exe, because right now im pretty much freaking out because im not sure if my SS number was exposed or not. Since i cant really find anything related to proxycheck other then its part of rkill and or winrar im not sure what to do. And im sorry im repeating myself from my first post but I just wish someone could identify exactly what this is if it were anything.

P.S. last and final question whats ur opinion on comodo firewall free is it worth the extra security?

Any help would be wonderful Boopme,

Colin

Have you ever run this tool,RKill?


Run RKill....


Download and Run RKill

• Please download RKill by Grinler from one of the 4 links below and save it to your desktop.
  
  Link 1
  Link 2
  Link 3
  Link 4
  
  
• Before we begin, you should disable your anti-malware softwares you have installed so they do not interfere RKill running as some anti-malware softwares detect RKill as malicious. Please refer to this page if you are not sure how.
  
• Double-click on Rkill on your desktop to run it. (If you are using Windows Vista, please right-click on it and select Run As Administrator)
  
• A black screen will appear and then disappear. Please do not worry, that is normal. This means that the tool has been successfully executed.
  
• If nothing happens or if the tool does not run, please let me know in your next reply

Do not reboot your computer after running rkill as the malware programs will start again. Or if rebooting is required run it again.

Have you ever run this tool,RKill?

Ya i had before a few times, since you guys recommend rkill to kill known malware process before scans during virus recovery, im sure u know about rkill. I honestly don't remember if i ran it recently particularly that week+. I don't know if u looked at the link to another thread i posted in my original post. http://www.bleepingcomputer.com/forums/topic440676.html/page__p__2582652__hl__proxycheck__fromsearch__1#entry2582652 that had one of the files i believe similar to the one i found. Obviously he finds more actual infections, but i didn't at all. This is why im so confused if its a false positive or the redirect virus/backdoor it can possibly be. Its just really weird since the day i found the one file proxycheck in Mbam my computer was fine nothing was acting out of the ordinary in anyway i could see and if i remember correctly i had already ran a scan earlier that day with Mbam/Superantispyware and it hadnt found it. But the second scan found it later that day. O.o

It appears then those files were from RKIll. They should have disappeared when you rebooted but they are not an issue.


RERUN RKILL and theb SAS


Run RKill....


Download and Run RKill

• Please download RKill by Grinler from one of the 4 links below and save it to your desktop.
  
  Link 1
  Link 2
  Link 3
  Link 4
  
  
• Before we begin, you should disable your anti-malware softwares you have installed so they do not interfere RKill running as some anti-malware softwares detect RKill as malicious. Please refer to this page if you are not sure how.
  
• Double-click on Rkill on your desktop to run it. (If you are using Windows Vista, please right-click on it and select Run As Administrator)
  
• A black screen will appear and then disappear. Please do not worry, that is normal. This means that the tool has been successfully executed.
  
• If nothing happens or if the tool does not run, please let me know in your next reply

Do not reboot your computer after running rkill as the malware programs will start again. Or if rebooting is required run it again.


If you continue having problems running rkill.com, you can download iExplore.exe or eXplorer.exe, which are renamed copies of rkill.com, and try them instead.



Next run Superantisypware (SAS):

Download and scan with SUPERAntiSpyware Free for Home Users

• Double-click SUPERAntiSpyware.exe and use the default settings for installation.
• An icon will be created on your desktop. Double-click that icon to launch the program.
• If asked to update the program definitions, click "Yes". If not, update the definitions before scanning by selecting "Check for Updates". (If you encounter any problems while downloading the updates, manually download them from here. Double-click on the hyperlink for Download Installer and save SASDEFINITIONS.EXE to your desktop. Then double-click on SASDEFINITIONS.EXE to install the definitions.)
• In the Main Menu, click the Preferences... button.
• Click the Scanning Control tab.
• Under Scanner Options make sure the following are checked (leave all others unchecked):
  • Close browsers before scanning.
  • Scan for tracking cookies.
  • Terminate memory threats before quarantining.
• Click the "Close" button to leave the control center screen.
• Back on the main screen, under "Scan for Harmful Software" click Scan your computer.
• On the left, make sure you check C:\Fixed Drive.
• On the right, under "Complete Scan", choose Perform Complete Scan.
• Click "Next" to start the scan. Please be patient while it scans your computer.
• After the scan is complete, a Scan Summary box will appear with potentially harmful items that were detected. Click "OK".
• Make sure everything has a checkmark next to it and click "Next".
• A notification will appear that "Quarantine and Removal is Complete". Click "OK" and then click the "Finish" button to return to the main menu.
• If asked if you want to reboot, click "Yes".
• To retrieve the removal information after reboot, launch SUPERAntispyware again.
  • Click Preferences, then click the Statistics/Logs tab.
  • Under Scanner Logs, double-click SUPERAntiSpyware Scan Log.
  • If there are several logs, click the current dated log and press View log. A text file will open in your default text editor.
  • Please copy and paste the Scan Log results in your next reply.
• Click Close to exit the program.

If you have a problem downloading, installing or getting SAS to run, try downloading and using the SUPERAntiSpyware Portable Scanner instead. Save the randomly named file (i.e. SAS_1710895.COM) to a usb drive or CD and transfer to the infected computer. Then double-click on it to launch and scan. The file is randomly named to help keep malware from blocking the scanner.

It appears then those files were from RKIll. They should have disappeared when you rebooted but they are not an issue.


RERUN RKILL and theb SAS


Run RKill....


Download and Run RKill

• Please download RKill by Grinler from one of the 4 links below and save it to your desktop.
  
  Link 1
  Link 2
  Link 3
  Link 4
  
  
• Before we begin, you should disable your anti-malware softwares you have installed so they do not interfere RKill running as some anti-malware softwares detect RKill as malicious. Please refer to this page if you are not sure how.
  
• Double-click on Rkill on your desktop to run it. (If you are using Windows Vista, please right-click on it and select Run As Administrator)
  
• A black screen will appear and then disappear. Please do not worry, that is normal. This means that the tool has been successfully executed.
  
• If nothing happens or if the tool does not run, please let me know in your next reply

Do not reboot your computer after running rkill as the malware programs will start again. Or if rebooting is required run it again.


If you continue having problems running rkill.com, you can download iExplore.exe or eXplorer.exe, which are renamed copies of rkill.com, and try them instead.



Next run Superantisypware (SAS):

Download and scan with SUPERAntiSpyware Free for Home Users

• Double-click SUPERAntiSpyware.exe and use the default settings for installation.
• An icon will be created on your desktop. Double-click that icon to launch the program.
• If asked to update the program definitions, click "Yes". If not, update the definitions before scanning by selecting "Check for Updates". (If you encounter any problems while downloading the updates, manually download them from here. Double-click on the hyperlink for Download Installer and save SASDEFINITIONS.EXE to your desktop. Then double-click on SASDEFINITIONS.EXE to install the definitions.)
• In the Main Menu, click the Preferences... button.
• Click the Scanning Control tab.
• Under Scanner Options make sure the following are checked (leave all others unchecked):
  • Close browsers before scanning.
  • Scan for tracking cookies.
  • Terminate memory threats before quarantining.
• Click the "Close" button to leave the control center screen.
• Back on the main screen, under "Scan for Harmful Software" click Scan your computer.
• On the left, make sure you check C:\Fixed Drive.
• On the right, under "Complete Scan", choose Perform Complete Scan.
• Click "Next" to start the scan. Please be patient while it scans your computer.
• After the scan is complete, a Scan Summary box will appear with potentially harmful items that were detected. Click "OK".
• Make sure everything has a checkmark next to it and click "Next".
• A notification will appear that "Quarantine and Removal is Complete". Click "OK" and then click the "Finish" button to return to the main menu.
• If asked if you want to reboot, click "Yes".
• To retrieve the removal information after reboot, launch SUPERAntispyware again.
  • Click Preferences, then click the Statistics/Logs tab.
  • Under Scanner Logs, double-click SUPERAntiSpyware Scan Log.
  • If there are several logs, click the current dated log and press View log. A text file will open in your default text editor.
  • Please copy and paste the Scan Log results in your next reply.
• Click Close to exit the program.

If you have a problem downloading, installing or getting SAS to run, try downloading and using the SUPERAntiSpyware Portable Scanner instead. Save the randomly named file (i.e. SAS_1710895.COM) to a usb drive or CD and transfer to the infected computer. Then double-click on it to launch and scan. The file is randomly named to help keep malware from blocking the scanner.

So you want me to try and recreate those files by running rkill again im guessing? And then run SAS to see if it picks anything up ?

May as well.. At least when you reboot after SAS we know it's all gone and you can be at ease.
Even if nothing is found we'll be good to go.