PING.EXE... is that a keylogger?

[JBeau]

I manually kill the process and it returns a few minutes later. Windows and AVG Pro are both "sort of" detecting it and giving the occasional response messages, but it's not being eradicated.

From threads on this site, I ran OTL and TDSSKiller.

Extras.Txt

OTL.Txt

[JBeau]

I also ran MBAM and this is the resulting log:

Malwarebytes' Anti-Malware 1.51.2.1300

www.malwarebytes.org

Database version: 8332

Windows 5.1.2600 Service Pack 3

Internet Explorer 8.0.6001.18702

12/8/2011 2:24:42 AM

mbam-log-2011-12-08 (02-24-42).txt

Scan type: Quick scan

Objects scanned: 201843

Time elapsed: 11 minute(s), 54 second(s)

Memory Processes Infected: 0

Memory Modules Infected: 0

Registry Keys Infected: 0

Registry Values Infected: 0

Registry Data Items Infected: 4

Folders Infected: 0

Files Infected: 2

Memory Processes Infected:

(No malicious items detected)

Memory Modules Infected:

(No malicious items detected)

Registry Keys Infected:

(No malicious items detected)

Registry Values Infected:

(No malicious items detected)

Registry Data Items Infected:

HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced\StartMenuLogoff (PUM.Hijack.StartMenu) -> Bad: (1) Good: (0) -> Quarantined and deleted successfully.

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\AntiVirusDisableNotify (PUM.Disabled.SecurityCenter) -> Bad: (1) Good: (0) -> Quarantined and deleted successfully.

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\FirewallDisableNotify (PUM.Disabled.SecurityCenter) -> Bad: (1) Good: (0) -> Quarantined and deleted successfully.

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\UpdatesDisableNotify (PUM.Disabled.SecurityCenter) -> Bad: (1) Good: (0) -> Quarantined and deleted successfully.

Folders Infected:

(No malicious items detected)

Files Infected:

c:\documents and settings\Jerry\local settings\application data\rrc.exe (Trojan.Agent) -> Quarantined and deleted successfully.

c:\WINDOWS\Fonts\isifont1.dll (Spyware.OnlineGames) -> Quarantined and deleted successfully.

[MrCharlie]

Welcome to the forum.

Can you post the TDSSKiller log.

Then run it as show in the link below:

http://forums.malwarebytes.org/index.php?showtopic=100665&view=findpost&p=499595

Post that new log also.

Please don't go running any other tools unless I say so.

MrC

[JBeau]

I didn't see the original log, but I ran it again with the same settings as before as noted in that thread you referenced. This is the log:

============

03:49:21.0218 5548 TDSS rootkit removing tool 2.6.22.0 Dec 7 2011 13:21:06

03:49:21.0625 5548 ============================================================

03:49:21.0625 5548 Current date / time: 2011/12/09 03:49:21.0625

03:49:21.0625 5548 SystemInfo:

03:49:21.0625 5548

03:49:21.0625 5548 OS Version: 5.1.2600 ServicePack: 3.0

03:49:21.0625 5548 Product type: Workstation

03:49:21.0625 5548 ComputerName: PC123842826913

03:49:21.0625 5548 UserName: Jerry

03:49:21.0625 5548 Windows directory: C:\WINDOWS

03:49:21.0625 5548 System windows directory: C:\WINDOWS

03:49:21.0625 5548 Processor architecture: Intel x86

03:49:21.0625 5548 Number of processors: 2

03:49:21.0625 5548 Page size: 0x1000

03:49:21.0625 5548 Boot type: Normal boot

03:49:21.0625 5548 ============================================================

03:49:36.0796 5548 Initialize success

03:50:20.0390 5780 ============================================================

03:50:20.0390 5780 Scan started

03:50:20.0390 5780 Mode: Manual; SigCheck; TDLFS;

03:50:20.0390 5780 ============================================================

03:50:20.0812 5780 Abiosdsk - ok

03:50:20.0859 5780 abp480n5 (6abb91494fe6c59089b9336452ab2ea3) C:\WINDOWS\system32\DRIVERS\ABP480N5.SYS

03:50:21.0171 5780 abp480n5 - ok

03:50:21.0265 5780 ACPI (8fd99680a539792a30e97944fdaecf17) C:\WINDOWS\system32\DRIVERS\ACPI.sys

03:50:21.0453 5780 ACPI - ok

03:50:21.0687 5780 ACPIEC (9859c0f6936e723e4892d7141b1327d5) C:\WINDOWS\system32\DRIVERS\ACPIEC.sys

03:50:21.0828 5780 ACPIEC - ok

03:50:21.0859 5780 adpu160m (9a11864873da202c996558b2106b0bbc) C:\WINDOWS\system32\DRIVERS\adpu160m.sys

03:50:21.0984 5780 adpu160m - ok

03:50:22.0031 5780 aec (8bed39e3c35d6a489438b8141717a557) C:\WINDOWS\system32\drivers\aec.sys

03:50:22.0156 5780 aec - ok

03:50:22.0218 5780 AFD (1e44bc1e83d8fd2305f8d452db109cf9) C:\WINDOWS\System32\drivers\afd.sys

03:50:22.0234 5780 AFD - ok

03:50:22.0281 5780 agp440 (08fd04aa961bdc77fb983f328334e3d7) C:\WINDOWS\system32\DRIVERS\agp440.sys

03:50:22.0406 5780 agp440 - ok

03:50:22.0640 5780 agpCPQ (03a7e0922acfe1b07d5db2eeb0773063) C:\WINDOWS\system32\DRIVERS\agpCPQ.sys

03:50:22.0765 5780 agpCPQ - ok

03:50:22.0843 5780 Aha154x (c23ea9b5f46c7f7910db3eab648ff013) C:\WINDOWS\system32\DRIVERS\aha154x.sys

03:50:22.0921 5780 Aha154x - ok

03:50:23.0203 5780 aic78u2 (19dd0fb48b0c18892f70e2e7d61a1529) C:\WINDOWS\system32\DRIVERS\aic78u2.sys

03:50:23.0328 5780 aic78u2 - ok

03:50:23.0375 5780 aic78xx (b7fe594a7468aa0132deb03fb8e34326) C:\WINDOWS\system32\DRIVERS\aic78xx.sys

03:50:23.0515 5780 aic78xx - ok

03:50:23.0781 5780 AliIde (1140ab9938809700b46bb88e46d72a96) C:\WINDOWS\system32\DRIVERS\aliide.sys

03:50:23.0968 5780 AliIde - ok

03:50:24.0296 5780 alim1541 (cb08aed0de2dd889a8a820cd8082d83c) C:\WINDOWS\system32\DRIVERS\alim1541.sys

03:50:24.0468 5780 alim1541 - ok

03:50:24.0765 5780 amdagp (95b4fb835e28aa1336ceeb07fd5b9398) C:\WINDOWS\system32\DRIVERS\amdagp.sys

03:50:24.0906 5780 amdagp - ok

03:50:24.0953 5780 amsint (79f5add8d24bd6893f2903a3e2f3fad6) C:\WINDOWS\system32\DRIVERS\amsint.sys

03:50:25.0031 5780 amsint - ok

03:50:25.0156 5780 Arp1394 (b5b8a80875c1dededa8b02765642c32f) C:\WINDOWS\system32\DRIVERS\arp1394.sys

03:50:25.0296 5780 Arp1394 - ok

03:50:25.0453 5780 asc (62d318e9a0c8fc9b780008e724283707) C:\WINDOWS\system32\DRIVERS\asc.sys

03:50:25.0578 5780 asc - ok

03:50:25.0609 5780 asc3350p (69eb0cc7714b32896ccbfd5edcbea447) C:\WINDOWS\system32\DRIVERS\asc3350p.sys

03:50:25.0656 5780 asc3350p - ok

03:50:25.0687 5780 asc3550 (5d8de112aa0254b907861e9e9c31d597) C:\WINDOWS\system32\DRIVERS\asc3550.sys

03:50:25.0796 5780 asc3550 - ok

03:50:25.0859 5780 AsyncMac (b153affac761e7f5fcfa822b9c4e97bc) C:\WINDOWS\system32\DRIVERS\asyncmac.sys

03:50:25.0968 5780 AsyncMac - ok

03:50:26.0015 5780 atapi (9f3a2f5aa6875c72bf062c712cfa2674) C:\WINDOWS\system32\DRIVERS\atapi.sys

03:50:26.0140 5780 atapi - ok

03:50:26.0156 5780 Atdisk - ok

03:50:26.0203 5780 Atmarpc (9916c1225104ba14794209cfa8012159) C:\WINDOWS\system32\DRIVERS\atmarpc.sys

03:50:26.0312 5780 Atmarpc - ok

03:50:26.0437 5780 audstub (d9f724aa26c010a217c97606b160ed68) C:\WINDOWS\system32\DRIVERS\audstub.sys

03:50:26.0546 5780 audstub - ok

03:50:26.0609 5780 AVGIDSDriver (4fa401b33c1b50c816486f6951244a14) C:\WINDOWS\system32\DRIVERS\AVGIDSDriver.Sys

03:50:26.0671 5780 AVGIDSDriver - ok

03:50:26.0843 5780 AVGIDSEH (69578bc9d43d614c6b3455db4af19762) C:\WINDOWS\system32\DRIVERS\AVGIDSEH.Sys

03:50:27.0296 5780 AVGIDSEH - ok

03:50:27.0609 5780 AVGIDSFilter (6df528406aa22201f392b9b19121cd6f) C:\WINDOWS\system32\DRIVERS\AVGIDSFilter.Sys

03:50:27.0640 5780 AVGIDSFilter - ok

03:50:27.0937 5780 AVGIDSShim (1e01c2166b5599802bcd61b9691f7476) C:\WINDOWS\system32\DRIVERS\AVGIDSShim.Sys

03:50:27.0984 5780 AVGIDSShim - ok

03:50:28.0203 5780 Avgldx86 (bf8118cd5e2255387b715b534d64acd1) C:\WINDOWS\system32\DRIVERS\avgldx86.sys

03:50:28.0421 5780 Avgldx86 - ok

03:50:28.0718 5780 Avgmfx86 (1c77ef67f196466adc9924cb288afe87) C:\WINDOWS\system32\DRIVERS\avgmfx86.sys

03:50:28.0921 5780 Avgmfx86 - ok

03:50:29.0343 5780 Avgrkx86 (f2038ed7284b79dcef581468121192a9) C:\WINDOWS\system32\DRIVERS\avgrkx86.sys

03:50:29.0468 5780 Avgrkx86 - ok

03:50:29.0765 5780 Avgtdix (a6d562b612216d8d02a35ebeb92366bd) C:\WINDOWS\system32\DRIVERS\avgtdix.sys

03:50:30.0250 5780 Avgtdix - ok

03:50:30.0578 5780 Beep (da1f27d85e0d1525f6621372e7b685e9) C:\WINDOWS\system32\drivers\Beep.sys

03:50:30.0718 5780 Beep - ok

03:50:30.0828 5780 BrScnUsb (92a964547b96d697e5e9ed43b4297f5a) C:\WINDOWS\system32\DRIVERS\BrScnUsb.sys

03:50:30.0843 5780 BrScnUsb ( UnsignedFile.Multi.Generic ) - warning

03:50:30.0843 5780 BrScnUsb - detected UnsignedFile.Multi.Generic (1)

03:50:30.0875 5780 BrSerIf (d48c13f4a409aee8dafaddac81e34557) C:\WINDOWS\system32\Drivers\BrSerIf.sys

03:50:30.0875 5780 BrSerIf ( UnsignedFile.Multi.Generic ) - warning

03:50:30.0875 5780 BrSerIf - detected UnsignedFile.Multi.Generic (1)

03:50:30.0984 5780 BrUsbSer (8fa0ac830a8312912a3aa0c0431cba0d) C:\WINDOWS\system32\Drivers\BrUsbSer.sys

03:50:30.0984 5780 BrUsbSer ( UnsignedFile.Multi.Generic ) - warning

03:50:30.0984 5780 BrUsbSer - detected UnsignedFile.Multi.Generic (1)

03:50:31.0015 5780 BTWUSB (7024e11dab9410b31a37547575249dd7) C:\WINDOWS\system32\Drivers\btwusb.sys

03:50:31.0046 5780 BTWUSB ( UnsignedFile.Multi.Generic ) - warning

03:50:31.0046 5780 BTWUSB - detected UnsignedFile.Multi.Generic (1)

03:50:31.0281 5780 cbidf (90a673fc8e12a79afbed2576f6a7aaf9) C:\WINDOWS\system32\DRIVERS\cbidf2k.sys

03:50:31.0406 5780 cbidf - ok

03:50:31.0609 5780 cbidf2k (90a673fc8e12a79afbed2576f6a7aaf9) C:\WINDOWS\system32\drivers\cbidf2k.sys

03:50:31.0734 5780 cbidf2k - ok

03:50:31.0890 5780 CCDECODE (0be5aef125be881c4f854c554f2b025c) C:\WINDOWS\system32\DRIVERS\CCDECODE.sys

03:50:32.0000 5780 CCDECODE - ok

03:50:32.0031 5780 cd20xrnt (f3ec03299634490e97bbce94cd2954c7) C:\WINDOWS\system32\DRIVERS\cd20xrnt.sys

03:50:32.0109 5780 cd20xrnt - ok

03:50:32.0156 5780 Cdaudio (c1b486a7658353d33a10cc15211a873b) C:\WINDOWS\system32\drivers\Cdaudio.sys

03:50:32.0296 5780 Cdaudio - ok

03:50:32.0343 5780 Cdfs (c885b02847f5d2fd45a24e219ed93b32) C:\WINDOWS\system32\drivers\Cdfs.sys

03:50:32.0468 5780 Cdfs - ok

03:50:32.0640 5780 Cdrom (4b0a100eaf5c49ef3cca8c641431eacc) C:\WINDOWS\system32\DRIVERS\cdrom.sys

03:50:32.0687 5780 Cdrom - ok

03:50:32.0765 5780 Changer - ok

03:50:32.0828 5780 CmBatt (0f6c187d38d98f8df904589a5f94d411) C:\WINDOWS\system32\DRIVERS\CmBatt.sys

03:50:32.0937 5780 CmBatt - ok

03:50:32.0984 5780 CmdIde (e5dcb56c533014ecbc556a8357c929d5) C:\WINDOWS\system32\DRIVERS\cmdide.sys

03:50:33.0109 5780 CmdIde - ok

03:50:33.0203 5780 Compbatt (6e4c9f21f0fae8940661144f41b13203) C:\WINDOWS\system32\DRIVERS\compbatt.sys

03:50:33.0328 5780 Compbatt - ok

03:50:33.0500 5780 Cpqarray (3ee529119eed34cd212a215e8c40d4b6) C:\WINDOWS\system32\DRIVERS\cpqarray.sys

03:50:33.0625 5780 Cpqarray - ok

03:50:33.0734 5780 CVirtA (5c706c06c1279952d2cc1a609ca948bf) C:\WINDOWS\system32\DRIVERS\CVirtA.sys

03:50:33.0765 5780 CVirtA - ok

03:50:33.0843 5780 CVPNDRVA (5ba042bcab6246c6bba51606afd7b488) C:\WINDOWS\system32\Drivers\CVPNDRVA.sys

03:50:33.0859 5780 CVPNDRVA ( UnsignedFile.Multi.Generic ) - warning

03:50:33.0859 5780 CVPNDRVA - detected UnsignedFile.Multi.Generic (1)

03:50:33.0890 5780 dac2w2k (e550e7418984b65a78299d248f0a7f36) C:\WINDOWS\system32\DRIVERS\dac2w2k.sys

03:50:34.0031 5780 dac2w2k - ok

03:50:34.0062 5780 dac960nt (683789caa3864eb46125ae86ff677d34) C:\WINDOWS\system32\DRIVERS\dac960nt.sys

03:50:34.0187 5780 dac960nt - ok

03:50:34.0359 5780 Disk (044452051f3e02e7963599fc8f4f3e25) C:\WINDOWS\system32\DRIVERS\disk.sys

03:50:34.0484 5780 Disk - ok

03:50:34.0625 5780 dmboot (d992fe1274bde0f84ad826acae022a41) C:\WINDOWS\system32\drivers\dmboot.sys

03:50:34.0781 5780 dmboot - ok

03:50:34.0796 5780 dmio (7c824cf7bbde77d95c08005717a95f6f) C:\WINDOWS\system32\drivers\dmio.sys

03:50:34.0921 5780 dmio - ok

03:50:34.0937 5780 dmload (e9317282a63ca4d188c0df5e09c6ac5f) C:\WINDOWS\system32\drivers\dmload.sys

03:50:35.0062 5780 dmload - ok

03:50:35.0109 5780 DMusic (8a208dfcf89792a484e76c40e5f50b45) C:\WINDOWS\system32\drivers\DMusic.sys

03:50:35.0234 5780 DMusic - ok

03:50:35.0312 5780 DNE (2eddbb3ef1dd5a28cb07c149d36e7286) C:\WINDOWS\system32\DRIVERS\dne2000.sys

03:50:35.0375 5780 DNE - ok

03:50:35.0609 5780 dpti2o (40f3b93b4e5b0126f2f5c0a7a5e22660) C:\WINDOWS\system32\DRIVERS\dpti2o.sys

03:50:35.0734 5780 dpti2o - ok

03:50:35.0796 5780 drmkaud (8f5fcff8e8848afac920905fbd9d33c8) C:\WINDOWS\system32\drivers\drmkaud.sys

03:50:35.0906 5780 drmkaud - ok

03:50:35.0953 5780 dsNcAdpt (b2c3f71b86e25c3df78339ddb40a7562) C:\WINDOWS\system32\DRIVERS\dsNcAdpt.sys

03:50:35.0984 5780 dsNcAdpt - ok

03:50:36.0062 5780 E100B (ac9cf17ee2ae003c98eb4f5336c38058) C:\WINDOWS\system32\DRIVERS\e100b325.sys

03:50:36.0093 5780 E100B - ok

03:50:36.0125 5780 eabfiltr (b5cb3084046146fd2587d8c9b219feb4) C:\WINDOWS\system32\DRIVERS\eabfiltr.sys

03:50:36.0171 5780 eabfiltr - ok

03:50:36.0203 5780 eabusb (231f4547ae1e4b3e60eca66c3a96d218) C:\WINDOWS\system32\DRIVERS\eabusb.sys

03:50:36.0234 5780 eabusb - ok

03:50:36.0515 5780 Fastfat (38d332a6d56af32635675f132548343e) C:\WINDOWS\system32\drivers\Fastfat.sys

03:50:36.0968 5780 Fastfat - ok

03:50:37.0218 5780 Fdc (92cdd60b6730b9f50f6a1a0c1f8cdc81) C:\WINDOWS\system32\drivers\Fdc.sys

03:50:37.0343 5780 Fdc - ok

03:50:37.0390 5780 Fips (d45926117eb9fa946a6af572fbe1caa3) C:\WINDOWS\system32\drivers\Fips.sys

03:50:37.0515 5780 Fips - ok

03:50:37.0593 5780 Flpydisk (9d27e7b80bfcdf1cdd9b555862d5e7f0) C:\WINDOWS\system32\drivers\Flpydisk.sys

03:50:37.0718 5780 Flpydisk - ok

03:50:37.0781 5780 FltMgr (b2cf4b0786f8212cb92ed2b50c6db6b0) C:\WINDOWS\system32\drivers\fltmgr.sys

03:50:37.0890 5780 FltMgr - ok

03:50:38.0000 5780 Fs_Rec (3e1e2bd4f39b0e2b7dc4f4d2bcc2779a) C:\WINDOWS\system32\drivers\Fs_Rec.sys

03:50:38.0125 5780 Fs_Rec - ok

03:50:38.0203 5780 Ftdisk (6ac26732762483366c3969c9e4d2259d) C:\WINDOWS\system32\DRIVERS\ftdisk.sys

03:50:38.0328 5780 Ftdisk - ok

03:50:38.0468 5780 Gpc (0a02c63c8b144bd8c86b103dee7c86a2) C:\WINDOWS\system32\DRIVERS\msgpc.sys

03:50:38.0609 5780 Gpc - ok

03:50:38.0750 5780 HBtnKey (cef316dbbd1b3845a6d53ed620eb1aeb) C:\WINDOWS\system32\DRIVERS\cpqbttn.sys

03:50:38.0765 5780 HBtnKey - ok

03:50:38.0937 5780 HdAudAddService (34af2366ae5ba06626b023c81369039e) C:\WINDOWS\system32\drivers\CHDAud.sys

03:50:39.0015 5780 HdAudAddService - ok

03:50:39.0265 5780 HDAudBus (573c7d0a32852b48f3058cfd8026f511) C:\WINDOWS\system32\DRIVERS\HDAudBus.sys

03:50:39.0406 5780 HDAudBus - ok

03:50:39.0578 5780 HidUsb (ccf82c5ec8a7326c3066de870c06daf1) C:\WINDOWS\system32\DRIVERS\hidusb.sys

03:50:39.0687 5780 HidUsb - ok

03:50:39.0828 5780 hpn (b028377dea0546a5fcfba928a8aefae0) C:\WINDOWS\system32\DRIVERS\hpn.sys

03:50:39.0953 5780 hpn - ok

03:50:40.0078 5780 HSFHWAZL (89e256c5f5346be265d9f86ac8625d4f) C:\WINDOWS\system32\DRIVERS\HSFHWAZL.sys

03:50:40.0125 5780 HSFHWAZL - ok

03:50:40.0234 5780 HSF_DPV (0e44af3828111d4c3e73c33ac95226d8) C:\WINDOWS\system32\DRIVERS\HSF_DPV.sys

03:50:40.0312 5780 HSF_DPV - ok

03:50:40.0406 5780 HTTP (f80a415ef82cd06ffaf0d971528ead38) C:\WINDOWS\system32\Drivers\HTTP.sys

03:50:40.0437 5780 HTTP - ok

03:50:40.0703 5780 i2omgmt (9368670bd426ebea5e8b18a62416ec28) C:\WINDOWS\system32\drivers\i2omgmt.sys

03:50:40.0843 5780 i2omgmt - ok

03:50:40.0906 5780 i2omp (f10863bf1ccc290babd1a09188ae49e0) C:\WINDOWS\system32\DRIVERS\i2omp.sys

03:50:41.0015 5780 i2omp - ok

03:50:41.0125 5780 i8042prt (4a0b06aa8943c1e332520f7440c0aa30) C:\WINDOWS\system32\DRIVERS\i8042prt.sys

03:50:41.0265 5780 i8042prt - ok

03:50:41.0421 5780 ialm (0f0194c4b635c10c3f785e4fee52d641) C:\WINDOWS\system32\DRIVERS\ialmnt5.sys

03:50:41.0640 5780 ialm - ok

03:50:41.0828 5780 iaStor (309c4d86d989fb1fcf64bd30dc81c51b) C:\WINDOWS\system32\DRIVERS\iaStor.sys

03:50:41.0890 5780 iaStor - ok

03:50:42.0093 5780 Imapi (083a052659f5310dd8b6a6cb05edcf8e) C:\WINDOWS\system32\DRIVERS\imapi.sys

03:50:42.0218 5780 Imapi - ok

03:50:42.0390 5780 ini910u (4a40e045faee58631fd8d91afc620719) C:\WINDOWS\system32\DRIVERS\ini910u.sys

03:50:42.0515 5780 ini910u - ok

03:50:42.0671 5780 IntelIde (b5466a9250342a7aa0cd1fba13420678) C:\WINDOWS\system32\DRIVERS\intelide.sys

03:50:42.0859 5780 IntelIde - ok

03:50:43.0078 5780 intelppm (8c953733d8f36eb2133f5bb58808b66b) C:\WINDOWS\system32\DRIVERS\intelppm.sys

03:50:43.0234 5780 intelppm - ok

03:50:43.0578 5780 Ip6Fw (3bb22519a194418d5fec05d800a19ad0) C:\WINDOWS\system32\drivers\ip6fw.sys

03:50:43.0750 5780 Ip6Fw - ok

03:50:44.0078 5780 IpFilterDriver (731f22ba402ee4b62748adaf6363c182) C:\WINDOWS\system32\DRIVERS\ipfltdrv.sys

03:50:44.0203 5780 IpFilterDriver - ok

03:50:44.0234 5780 IpInIp (b87ab476dcf76e72010632b5550955f5) C:\WINDOWS\system32\DRIVERS\ipinip.sys

03:50:44.0359 5780 IpInIp - ok

03:50:44.0500 5780 IpNat (cc748ea12c6effde940ee98098bf96bb) C:\WINDOWS\system32\DRIVERS\ipnat.sys

03:50:44.0656 5780 IpNat - ok

03:50:44.0828 5780 IPSec (4eb0d03142d98d9145d834fc32ab91b9) C:\WINDOWS\system32\DRIVERS\ipsec.sys

03:50:44.0968 5780 IPSec ( UnsignedFile.Multi.Generic ) - warning

03:50:44.0968 5780 IPSec - detected UnsignedFile.Multi.Generic (1)

03:50:45.0218 5780 IRENUM (c93c9ff7b04d772627a3646d89f7bf89) C:\WINDOWS\system32\DRIVERS\irenum.sys

03:50:45.0421 5780 IRENUM - ok

03:50:45.0500 5780 isapnp (05a299ec56e52649b1cf2fc52d20f2d7) C:\WINDOWS\system32\DRIVERS\isapnp.sys

03:50:45.0640 5780 isapnp - ok

03:50:46.0031 5780 Kbdclass (463c1ec80cd17420a542b7f36a36f128) C:\WINDOWS\system32\DRIVERS\kbdclass.sys

03:50:46.0140 5780 Kbdclass - ok

03:50:46.0265 5780 kbdhid (9ef487a186dea361aa06913a75b3fa99) C:\WINDOWS\system32\DRIVERS\kbdhid.sys

03:50:46.0390 5780 kbdhid - ok

03:50:46.0406 5780 kmixer (692bcf44383d056aed41b045a323d378) C:\WINDOWS\system32\drivers\kmixer.sys

03:50:46.0562 5780 kmixer - ok

03:50:46.0609 5780 KSecDD (b467646c54cc746128904e1654c750c1) C:\WINDOWS\system32\drivers\KSecDD.sys

03:50:46.0671 5780 KSecDD - ok

03:50:46.0812 5780 lbrtfdc - ok

03:50:46.0875 5780 mdmxsdk (74f4372af97a587ecec527ec34955712) C:\WINDOWS\system32\DRIVERS\mdmxsdk.sys

03:50:46.0890 5780 mdmxsdk - ok

03:50:46.0953 5780 mnmdd (4ae068242760a1fb6e1a44bf4e16afa6) C:\WINDOWS\system32\drivers\mnmdd.sys

03:50:47.0078 5780 mnmdd - ok

03:50:47.0187 5780 Modem (dfcbad3cec1c5f964962ae10e0bcc8e1) C:\WINDOWS\system32\drivers\Modem.sys

03:50:47.0296 5780 Modem - ok

03:50:47.0359 5780 Mouclass (35c9e97194c8cfb8430125f8dbc34d04) C:\WINDOWS\system32\DRIVERS\mouclass.sys

03:50:47.0468 5780 Mouclass - ok

03:50:47.0515 5780 mouhid (b1c303e17fb9d46e87a98e4ba6769685) C:\WINDOWS\system32\DRIVERS\mouhid.sys

03:50:47.0656 5780 mouhid - ok

03:50:47.0796 5780 MountMgr (a80b9a0bad1b73637dbcbba7df72d3fd) C:\WINDOWS\system32\drivers\MountMgr.sys

03:50:47.0921 5780 MountMgr - ok

03:50:47.0984 5780 MQAC (70c14f5cca5cf73f8a645c73a01d8726) C:\WINDOWS\system32\drivers\mqac.sys

03:50:48.0109 5780 MQAC - ok

03:50:48.0281 5780 mraid35x (3f4bb95e5a44f3be34824e8e7caf0737) C:\WINDOWS\system32\DRIVERS\mraid35x.sys

03:50:48.0421 5780 mraid35x - ok

03:50:48.0562 5780 MRxDAV (11d42bb6206f33fbb3ba0288d3ef81bd) C:\WINDOWS\system32\DRIVERS\mrxdav.sys

03:50:48.0671 5780 MRxDAV - ok

03:50:48.0875 5780 MRxSmb (7d304a5eb4344ebeeab53a2fe3ffb9f0) C:\WINDOWS\system32\DRIVERS\mrxsmb.sys

03:50:48.0921 5780 MRxSmb - ok

03:50:48.0953 5780 Msfs (c941ea2454ba8350021d774daf0f1027) C:\WINDOWS\system32\drivers\Msfs.sys

03:50:49.0078 5780 Msfs - ok

03:50:49.0140 5780 MSHUSBVideo (29e0ec2a9dc4c7913657a51dfff97856) C:\WINDOWS\system32\Drivers\nx6000.sys

03:50:49.0156 5780 MSHUSBVideo - ok

03:50:49.0250 5780 MSKSSRV (d1575e71568f4d9e14ca56b7b0453bf1) C:\WINDOWS\system32\drivers\MSKSSRV.sys

03:50:49.0375 5780 MSKSSRV - ok

03:50:49.0468 5780 MSPCLOCK (325bb26842fc7ccc1fcce2c457317f3e) C:\WINDOWS\system32\drivers\MSPCLOCK.sys

03:50:49.0578 5780 MSPCLOCK - ok

03:50:49.0703 5780 MSPQM (bad59648ba099da4a17680b39730cb3d) C:\WINDOWS\system32\drivers\MSPQM.sys

03:50:49.0875 5780 MSPQM - ok

03:50:50.0328 5780 mssmbios (af5f4f3f14a8ea2c26de30f7a1e17136) C:\WINDOWS\system32\DRIVERS\mssmbios.sys

03:50:50.0468 5780 mssmbios - ok

03:50:50.0968 5780 MSTEE (e53736a9e30c45fa9e7b5eac55056d1d) C:\WINDOWS\system32\drivers\MSTEE.sys

03:50:51.0125 5780 MSTEE - ok

03:50:51.0703 5780 Mup (de6a75f5c270e756c5508d94b6cf68f5) C:\WINDOWS\system32\drivers\Mup.sys

03:50:51.0796 5780 Mup - ok

03:50:52.0562 5780 NABTSFEC (5b50f1b2a2ed47d560577b221da734db) C:\WINDOWS\system32\DRIVERS\NABTSFEC.sys

03:50:55.0718 5780 NABTSFEC - ok

03:50:56.0437 5780 NDIS (1df7f42665c94b825322fae71721130d) C:\WINDOWS\system32\drivers\NDIS.sys

03:50:56.0671 5780 NDIS - ok

03:50:57.0265 5780 NdisIP (7ff1f1fd8609c149aa432f95a8163d97) C:\WINDOWS\system32\DRIVERS\NdisIP.sys

03:50:57.0437 5780 NdisIP - ok

03:50:58.0156 5780 NdisTapi (0109c4f3850dfbab279542515386ae22) C:\WINDOWS\system32\DRIVERS\ndistapi.sys

03:50:58.0234 5780 NdisTapi - ok

03:50:58.0812 5780 Ndisuio (f927a4434c5028758a842943ef1a3849) C:\WINDOWS\system32\DRIVERS\ndisuio.sys

03:50:59.0046 5780 Ndisuio - ok

03:50:59.0484 5780 NdisWan (edc1531a49c80614b2cfda43ca8659ab) C:\WINDOWS\system32\DRIVERS\ndiswan.sys

03:50:59.0640 5780 NdisWan - ok

03:51:00.0218 5780 NDProxy (9282bd12dfb069d3889eb3fcc1000a9b) C:\WINDOWS\system32\drivers\NDProxy.sys

03:51:00.0265 5780 NDProxy - ok

03:51:00.0656 5780 NetBIOS (5d81cf9a2f1a3a756b66cf684911cdf0) C:\WINDOWS\system32\DRIVERS\netbios.sys

03:51:00.0843 5780 NetBIOS - ok

03:51:01.0359 5780 NetBT (74b2b2f5bea5e9a3dc021d685551bd3d) C:\WINDOWS\system32\DRIVERS\netbt.sys

03:51:01.0562 5780 NetBT - ok

03:51:03.0000 5780 NETw5x32 (05743fffc2bc88cc8e426321bc6a762e) C:\WINDOWS\system32\DRIVERS\NETw5x32.sys

03:51:07.0812 5780 NETw5x32 - ok

03:51:08.0125 5780 NIC1394 (e9e47cfb2d461fa0fc75b7a74c6383ea) C:\WINDOWS\system32\DRIVERS\nic1394.sys

03:51:08.0296 5780 NIC1394 - ok

03:51:08.0656 5780 Npfs (3182d64ae053d6fb034f44b6def8034a) C:\WINDOWS\system32\drivers\Npfs.sys

03:51:08.0796 5780 Npfs - ok

03:51:08.0953 5780 Ntfs (78a08dd6a8d65e697c18e1db01c5cdca) C:\WINDOWS\system32\drivers\Ntfs.sys

03:51:09.0156 5780 Ntfs - ok

03:51:09.0312 5780 NTIDrvr - ok

03:51:09.0515 5780 Null (73c1e1f395918bc2c6dd67af7591a3ad) C:\WINDOWS\system32\drivers\Null.sys

03:51:09.0671 5780 Null - ok

03:51:09.0703 5780 NwlnkFlt (b305f3fad35083837ef46a0bbce2fc57) C:\WINDOWS\system32\DRIVERS\nwlnkflt.sys

03:51:09.0890 5780 NwlnkFlt - ok

03:51:09.0906 5780 NwlnkFwd (c99b3415198d1aab7227f2c88fd664b9) C:\WINDOWS\system32\DRIVERS\nwlnkfwd.sys

03:51:10.0031 5780 NwlnkFwd - ok

03:51:10.0093 5780 ohci1394 (ca33832df41afb202ee7aeb05145922f) C:\WINDOWS\system32\DRIVERS\ohci1394.sys

03:51:10.0234 5780 ohci1394 - ok

03:51:10.0296 5780 Parport (5575faf8f97ce5e713d108c2a58d7c7c) C:\WINDOWS\system32\drivers\Parport.sys

03:51:10.0406 5780 Parport - ok

03:51:10.0421 5780 PartMgr (beb3ba25197665d82ec7065b724171c6) C:\WINDOWS\system32\drivers\PartMgr.sys

03:51:10.0531 5780 PartMgr - ok

03:51:10.0562 5780 ParVdm (70e98b3fd8e963a6a46a2e6247e0bea1) C:\WINDOWS\system32\drivers\ParVdm.sys

03:51:10.0671 5780 ParVdm - ok

03:51:10.0687 5780 PCI (a219903ccf74233761d92bef471a07b1) C:\WINDOWS\system32\DRIVERS\pci.sys

03:51:10.0812 5780 PCI - ok

03:51:10.0812 5780 PCIDump - ok

03:51:10.0828 5780 PCIIde (ccf5f451bb1a5a2a522a76e670000ff0) C:\WINDOWS\system32\DRIVERS\pciide.sys

03:51:10.0953 5780 PCIIde - ok

03:51:10.0968 5780 Pcmcia (9e89ef60e9ee05e3f2eef2da7397f1c1) C:\WINDOWS\system32\DRIVERS\pcmcia.sys

03:51:11.0078 5780 Pcmcia - ok

03:51:11.0093 5780 PDCOMP - ok

03:51:11.0109 5780 PDFRAME - ok

03:51:11.0125 5780 PDRELI - ok

03:51:11.0140 5780 PDRFRAME - ok

03:51:11.0156 5780 perc2 (6c14b9c19ba84f73d3a86dba11133101) C:\WINDOWS\system32\DRIVERS\perc2.sys

03:51:11.0296 5780 perc2 - ok

03:51:11.0468 5780 perc2hib (f50f7c27f131afe7beba13e14a3b9416) C:\WINDOWS\system32\DRIVERS\perc2hib.sys

03:51:11.0593 5780 perc2hib - ok

03:51:11.0625 5780 PptpMiniport (efeec01b1d3cf84f16ddd24d9d9d8f99) C:\WINDOWS\system32\DRIVERS\raspptp.sys

03:51:11.0765 5780 PptpMiniport - ok

03:51:11.0781 5780 PSched (09298ec810b07e5d582cb3a3f9255424) C:\WINDOWS\system32\DRIVERS\psched.sys

03:51:11.0906 5780 PSched - ok

03:51:11.0953 5780 Ptilink (80d317bd1c3dbc5d4fe7b1678c60cadd) C:\WINDOWS\system32\DRIVERS\ptilink.sys

03:51:12.0125 5780 Ptilink - ok

03:51:12.0140 5780 PxHelp20 (86724469cd077901706854974cd13c3e) C:\WINDOWS\system32\Drivers\PxHelp20.sys

03:51:12.0140 5780 PxHelp20 ( UnsignedFile.Multi.Generic ) - warning

03:51:12.0140 5780 PxHelp20 - detected UnsignedFile.Multi.Generic (1)

03:51:12.0171 5780 ql1080 (0a63fb54039eb5662433caba3b26dba7) C:\WINDOWS\system32\DRIVERS\ql1080.sys

03:51:12.0375 5780 ql1080 - ok

03:51:12.0390 5780 Ql10wnt (6503449e1d43a0ff0201ad5cb1b8c706) C:\WINDOWS\system32\DRIVERS\ql10wnt.sys

03:51:12.0515 5780 Ql10wnt - ok

03:51:12.0531 5780 ql12160 (156ed0ef20c15114ca097a34a30d8a01) C:\WINDOWS\system32\DRIVERS\ql12160.sys

03:51:12.0656 5780 ql12160 - ok

03:51:12.0671 5780 ql1240 (70f016bebde6d29e864c1230a07cc5e6) C:\WINDOWS\system32\DRIVERS\ql1240.sys

03:51:12.0781 5780 ql1240 - ok

03:51:12.0796 5780 ql1280 (907f0aeea6bc451011611e732bd31fcf) C:\WINDOWS\system32\DRIVERS\ql1280.sys

03:51:12.0906 5780 ql1280 - ok

03:51:12.0953 5780 RasAcd (fe0d99d6f31e4fad8159f690d68ded9c) C:\WINDOWS\system32\DRIVERS\rasacd.sys

03:51:13.0062 5780 RasAcd - ok

03:51:13.0093 5780 Rasl2tp (11b4a627bc9614b885c4969bfa5ff8a6) C:\WINDOWS\system32\DRIVERS\rasl2tp.sys

03:51:13.0203 5780 Rasl2tp - ok

03:51:13.0234 5780 RasPppoe (5bc962f2654137c9909c3d4603587dee) C:\WINDOWS\system32\DRIVERS\raspppoe.sys

03:51:13.0359 5780 RasPppoe - ok

03:51:13.0359 5780 Raspti (fdbb1d60066fcfbb7452fd8f9829b242) C:\WINDOWS\system32\DRIVERS\raspti.sys

03:51:13.0484 5780 Raspti - ok

03:51:13.0531 5780 Rdbss (7ad224ad1a1437fe28d89cf22b17780a) C:\WINDOWS\system32\DRIVERS\rdbss.sys

03:51:13.0656 5780 Rdbss - ok

03:51:13.0656 5780 RDPCDD (4912d5b403614ce99c28420f75353332) C:\WINDOWS\system32\DRIVERS\RDPCDD.sys

03:51:13.0812 5780 RDPCDD - ok

03:51:14.0015 5780 rdpdr (15cabd0f7c00c47c70124907916af3f1) C:\WINDOWS\system32\DRIVERS\rdpdr.sys

03:51:14.0156 5780 rdpdr - ok

03:51:14.0203 5780 RDPWD (fc105dd312ed64eb66bff111e8ec6eac) C:\WINDOWS\system32\drivers\RDPWD.sys

03:51:14.0234 5780 RDPWD - ok

03:51:14.0281 5780 redbook (f828dd7e1419b6653894a8f97a0094c5) C:\WINDOWS\system32\DRIVERS\redbook.sys

03:51:14.0421 5780 redbook - ok

03:51:14.0500 5780 RMCAST (96f7a9a7bf0c9c0440a967440065d33c) C:\WINDOWS\system32\drivers\RMCast.sys

03:51:14.0546 5780 RMCAST - ok

03:51:14.0593 5780 rtl8139 (d507c1400284176573224903819ffda3) C:\WINDOWS\system32\DRIVERS\RTL8139.SYS

03:51:14.0765 5780 rtl8139 - ok

03:51:15.0000 5780 s616bus (ef4b5a8d53f15cb269469dd4e4bb0109) C:\WINDOWS\system32\DRIVERS\s616bus.sys

03:51:15.0015 5780 s616bus - ok

03:51:15.0062 5780 s616mdfl (96187731eefcf83e844bc1ce6617aaeb) C:\WINDOWS\system32\DRIVERS\s616mdfl.sys

03:51:15.0078 5780 s616mdfl - ok

03:51:15.0125 5780 s616mdm (d2dd87368bfecfa099e50dc120f3f513) C:\WINDOWS\system32\DRIVERS\s616mdm.sys

03:51:15.0140 5780 s616mdm - ok

03:51:15.0203 5780 s616mgmt (5f0be24e4d4fa134b0b2fef35d3a9d90) C:\WINDOWS\system32\DRIVERS\s616mgmt.sys

03:51:15.0218 5780 s616mgmt - ok

03:51:15.0281 5780 s616nd5 (b9b507fcc67e204ef38e05ffd4176345) C:\WINDOWS\system32\DRIVERS\s616nd5.sys

03:51:15.0296 5780 s616nd5 - ok

03:51:15.0375 5780 s616obex (f123a1f2a04a0e8dba80b64f0072475a) C:\WINDOWS\system32\DRIVERS\s616obex.sys

03:51:15.0406 5780 s616obex - ok

03:51:15.0640 5780 s616unic (e7e55048ebd5c17bfa791b4a6ec3d54b) C:\WINDOWS\system32\DRIVERS\s616unic.sys

03:51:15.0671 5780 s616unic - ok

03:51:15.0734 5780 sdbus (8d04819a3ce51b9eb47e5689b44d43c4) C:\WINDOWS\system32\DRIVERS\sdbus.sys

03:51:15.0984 5780 sdbus - ok

03:51:16.0062 5780 Secdrv (90a3935d05b494a5a39d37e71f09a677) C:\WINDOWS\system32\DRIVERS\secdrv.sys

03:51:16.0171 5780 Secdrv - ok

03:51:16.0234 5780 seehcri (e5b56569a9f79b70314fede6c953641e) C:\WINDOWS\system32\DRIVERS\seehcri.sys

03:51:16.0312 5780 seehcri - ok

03:51:16.0515 5780 Serial (cca207a8896d4c6a0c9ce29a4ae411a7) C:\WINDOWS\system32\drivers\Serial.sys

03:51:16.0625 5780 Serial - ok

03:51:16.0687 5780 Sfloppy (8e6b8c671615d126fdc553d1e2de5562) C:\WINDOWS\system32\drivers\Sfloppy.sys

03:51:16.0890 5780 Sfloppy - ok

03:51:16.0906 5780 Simbad - ok

03:51:16.0953 5780 sisagp (6b33d0ebd30db32e27d1d78fe946a754) C:\WINDOWS\system32\DRIVERS\sisagp.sys

03:51:17.0093 5780 sisagp - ok

03:51:17.0140 5780 SLIP (866d538ebe33709a5c9f5c62b73b7d14) C:\WINDOWS\system32\DRIVERS\SLIP.sys

03:51:17.0250 5780 SLIP - ok

03:51:17.0312 5780 Sparrow (83c0f71f86d3bdaf915685f3d568b20e) C:\WINDOWS\system32\DRIVERS\sparrow.sys

03:51:17.0375 5780 Sparrow - ok

03:51:17.0453 5780 splitter (ab8b92451ecb048a4d1de7c3ffcb4a9f) C:\WINDOWS\system32\drivers\splitter.sys

03:51:17.0562 5780 splitter - ok

03:51:17.0609 5780 sr (76bb022c2fb6902fd5bdd4f78fc13a5d) C:\WINDOWS\system32\DRIVERS\sr.sys

03:51:17.0718 5780 sr - ok

03:51:17.0796 5780 Srv (47ddfc2f003f7f9f0592c6874962a2e7) C:\WINDOWS\system32\DRIVERS\srv.sys

03:51:17.0859 5780 Srv - ok

03:51:18.0015 5780 streamip (77813007ba6265c4b6098187e6ed79d2) C:\WINDOWS\system32\DRIVERS\StreamIP.sys

03:51:18.0140 5780 streamip - ok

03:51:18.0203 5780 swenum (3941d127aef12e93addf6fe6ee027e0f) C:\WINDOWS\system32\DRIVERS\swenum.sys

03:51:18.0343 5780 swenum - ok

03:51:18.0390 5780 swmidi (8ce882bcc6cf8a62f2b2323d95cb3d01) C:\WINDOWS\system32\drivers\swmidi.sys

03:51:18.0562 5780 swmidi - ok

03:51:18.0625 5780 symc810 (1ff3217614018630d0a6758630fc698c) C:\WINDOWS\system32\DRIVERS\symc810.sys

03:51:18.0750 5780 symc810 - ok

03:51:18.0765 5780 symc8xx (070e001d95cf725186ef8b20335f933c) C:\WINDOWS\system32\DRIVERS\symc8xx.sys

03:51:18.0890 5780 symc8xx - ok

03:51:18.0984 5780 SYMIDSCO - ok

03:51:19.0046 5780 sym_hi (80ac1c4abbe2df3b738bf15517a51f2c) C:\WINDOWS\system32\DRIVERS\sym_hi.sys

03:51:19.0187 5780 sym_hi - ok

03:51:19.0328 5780 sym_u3 (bf4fab949a382a8e105f46ebb4937058) C:\WINDOWS\system32\DRIVERS\sym_u3.sys

03:51:19.0437 5780 sym_u3 - ok

03:51:19.0515 5780 SynTP (0f332c0ba9b968ebc8cbb906416f8597) C:\WINDOWS\system32\DRIVERS\SynTP.sys

03:51:19.0562 5780 SynTP - ok

03:51:19.0625 5780 sysaudio (8b83f3ed0f1688b4958f77cd6d2bf290) C:\WINDOWS\system32\drivers\sysaudio.sys

03:51:19.0750 5780 sysaudio - ok

03:51:19.0843 5780 Tcpip (9aefa14bd6b182d61e3119fa5f436d3d) C:\WINDOWS\system32\DRIVERS\tcpip.sys

03:51:19.0890 5780 Tcpip - ok

03:51:19.0953 5780 TDPIPE (6471a66807f5e104e4885f5b67349397) C:\WINDOWS\system32\drivers\TDPIPE.sys

03:51:20.0062 5780 TDPIPE - ok

03:51:20.0203 5780 TDTCP (c56b6d0402371cf3700eb322ef3aaf61) C:\WINDOWS\system32\drivers\TDTCP.sys

03:51:20.0312 5780 TDTCP - ok

03:51:20.0375 5780 TermDD (88155247177638048422893737429d9e) C:\WINDOWS\system32\DRIVERS\termdd.sys

03:51:20.0484 5780 TermDD - ok

03:51:20.0531 5780 tifm21 (9179e07503630d6fb2e4162ff0196191) C:\WINDOWS\system32\drivers\tifm21.sys

03:51:20.0562 5780 tifm21 - ok

03:51:20.0640 5780 TosIde (f2790f6af01321b172aa62f8e1e187d9) C:\WINDOWS\system32\DRIVERS\toside.sys

03:51:20.0750 5780 TosIde - ok

03:51:20.0859 5780 Udfs (5787b80c2e3c5e2f56c2a233d91fa2c9) C:\WINDOWS\system32\drivers\Udfs.sys

03:51:20.0968 5780 Udfs - ok

03:51:21.0078 5780 ultra (1b698a51cd528d8da4ffaed66dfc51b9) C:\WINDOWS\system32\DRIVERS\ultra.sys

03:51:21.0140 5780 ultra - ok

03:51:21.0250 5780 Update (402ddc88356b1bac0ee3dd1580c76a31) C:\WINDOWS\system32\DRIVERS\update.sys

03:51:21.0406 5780 Update - ok

03:51:21.0468 5780 usbaudio (e919708db44ed8543a7c017953148330) C:\WINDOWS\system32\drivers\usbaudio.sys

03:51:21.0578 5780 usbaudio - ok

03:51:21.0609 5780 usbccgp (173f317ce0db8e21322e71b7e60a27e8) C:\WINDOWS\system32\DRIVERS\usbccgp.sys

03:51:21.0718 5780 usbccgp - ok

03:51:21.0734 5780 usbehci (65dcf09d0e37d4c6b11b5b0b76d470a7) C:\WINDOWS\system32\DRIVERS\usbehci.sys

03:51:21.0843 5780 usbehci - ok

03:51:21.0921 5780 usbhub (1ab3cdde553b6e064d2e754efe20285c) C:\WINDOWS\system32\DRIVERS\usbhub.sys

03:51:22.0046 5780 usbhub - ok

03:51:22.0234 5780 usbprint (a717c8721046828520c9edf31288fc00) C:\WINDOWS\system32\DRIVERS\usbprint.sys

03:51:22.0359 5780 usbprint - ok

03:51:22.0406 5780 usbscan (a0b8cf9deb1184fbdd20784a58fa75d4) C:\WINDOWS\system32\DRIVERS\usbscan.sys

03:51:22.0562 5780 usbscan - ok

03:51:22.0640 5780 USBSTOR (a32426d9b14a089eaa1d922e0c5801a9) C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS

03:51:22.0781 5780 USBSTOR - ok

03:51:22.0875 5780 usbuhci (26496f9dee2d787fc3e61ad54821ffe6) C:\WINDOWS\system32\DRIVERS\usbuhci.sys

03:51:23.0031 5780 usbuhci - ok

03:51:23.0062 5780 usbvideo (63bbfca7f390f4c49ed4b96bfb1633e0) C:\WINDOWS\system32\Drivers\usbvideo.sys

03:51:23.0203 5780 usbvideo - ok

03:51:23.0281 5780 VgaSave (0d3a8fafceacd8b7625cd549757a7df1) C:\WINDOWS\System32\drivers\vga.sys

03:51:23.0453 5780 VgaSave - ok

03:51:23.0562 5780 viaagp (754292ce5848b3738281b4f3607eaef4) C:\WINDOWS\system32\DRIVERS\viaagp.sys

03:51:23.0703 5780 viaagp - ok

03:51:23.0750 5780 ViaIde (3b3efcda263b8ac14fdf9cbdd0791b2e) C:\WINDOWS\system32\DRIVERS\viaide.sys

03:51:23.0890 5780 ViaIde - ok

03:51:23.0937 5780 VolSnap (4c8fcb5cc53aab716d810740fe59d025) C:\WINDOWS\system32\drivers\VolSnap.sys

03:51:24.0093 5780 VolSnap - ok

03:51:24.0187 5780 vsdatant (27b3dd12a19eec50220df15b64913dda) C:\WINDOWS\system32\vsdatant.sys

03:51:24.0250 5780 vsdatant - ok

03:51:24.0484 5780 w39n51 (4e7b07653f4f9937cf62ad2869fba520) C:\WINDOWS\system32\DRIVERS\w39n51.sys

03:51:24.0671 5780 w39n51 - ok

03:51:24.0796 5780 Wanarp (e20b95baedb550f32dd489265c1da1f6) C:\WINDOWS\system32\DRIVERS\wanarp.sys

03:51:24.0968 5780 Wanarp - ok

03:51:25.0062 5780 WDICA - ok

03:51:25.0125 5780 wdmaud (6768acf64b18196494413695f0c3a00f) C:\WINDOWS\system32\drivers\wdmaud.sys

03:51:25.0234 5780 wdmaud - ok

03:51:25.0375 5780 winachsf (214bc3ad84907ad6ad655ac5465f449a) C:\WINDOWS\system32\DRIVERS\HSF_CNXT.sys

03:51:25.0453 5780 winachsf - ok

03:51:25.0578 5780 WmiAcpi (c42584fd66ce9e17403aebca199f7bdb) C:\WINDOWS\system32\DRIVERS\wmiacpi.sys

03:51:25.0750 5780 WmiAcpi - ok

03:51:25.0828 5780 WpdUsb (cf4def1bf66f06964dc0d91844239104) C:\WINDOWS\system32\DRIVERS\wpdusb.sys

03:51:25.0859 5780 WpdUsb - ok

03:51:26.0015 5780 WSTCODEC (c98b39829c2bbd34e454150633c62c78) C:\WINDOWS\system32\DRIVERS\WSTCODEC.SYS

03:51:26.0125 5780 WSTCODEC - ok

03:51:26.0187 5780 WudfPf (f15feafffbb3644ccc80c5da584e6311) C:\WINDOWS\system32\DRIVERS\WudfPf.sys

03:51:26.0234 5780 WudfPf - ok

03:51:26.0343 5780 WudfRd (28b524262bce6de1f7ef9f510ba3985b) C:\WINDOWS\system32\DRIVERS\wudfrd.sys

03:51:26.0375 5780 WudfRd - ok

03:51:26.0453 5780 MBR (0x1B8) (5ae5a393505cffd37fe98c4a7922908d) \Device\Harddisk0\DR0

03:51:26.0593 5780 \Device\Harddisk0\DR0 - ok

03:51:26.0593 5780 Boot (0x1200) (75d0b25c3ed006ca3659714f70b2609d) \Device\Harddisk0\DR0\Partition0

03:51:26.0593 5780 \Device\Harddisk0\DR0\Partition0 - ok

03:51:26.0625 5780 Boot (0x1200) (3ca684ba3d648956abe0a573915f567d) \Device\Harddisk0\DR0\Partition1

03:51:26.0625 5780 \Device\Harddisk0\DR0\Partition1 - ok

03:51:26.0625 5780 ============================================================

03:51:26.0625 5780 Scan finished

03:51:26.0625 5780 ============================================================

03:51:26.0734 5772 Detected object count: 7

03:51:26.0750 5772 Actual detected object count: 7

03:51:57.0421 5772 BrScnUsb ( UnsignedFile.Multi.Generic ) - skipped by user

03:51:57.0421 5772 BrScnUsb ( UnsignedFile.Multi.Generic ) - User select action: Skip

03:51:57.0437 5772 BrSerIf ( UnsignedFile.Multi.Generic ) - skipped by user

03:51:57.0437 5772 BrSerIf ( UnsignedFile.Multi.Generic ) - User select action: Skip

03:51:57.0437 5772 BrUsbSer ( UnsignedFile.Multi.Generic ) - skipped by user

03:51:57.0437 5772 BrUsbSer ( UnsignedFile.Multi.Generic ) - User select action: Skip

03:51:57.0437 5772 BTWUSB ( UnsignedFile.Multi.Generic ) - skipped by user

03:51:57.0437 5772 BTWUSB ( UnsignedFile.Multi.Generic ) - User select action: Skip

03:51:57.0437 5772 CVPNDRVA ( UnsignedFile.Multi.Generic ) - skipped by user

03:51:57.0437 5772 CVPNDRVA ( UnsignedFile.Multi.Generic ) - User select action: Skip

03:51:57.0437 5772 IPSec ( UnsignedFile.Multi.Generic ) - skipped by user

03:51:57.0437 5772 IPSec ( UnsignedFile.Multi.Generic ) - User select action: Skip

03:51:57.0453 5772 PxHelp20 ( UnsignedFile.Multi.Generic ) - skipped by user

03:51:57.0453 5772 PxHelp20 ( UnsignedFile.Multi.Generic ) - User select action: Skip

====================

I've even booted into SAFE MODE and see that PING.EXE manages to get itself running.

[MrCharlie]

That log looks OK.

Please visit this webpage for download links, and instructions for running ComboFix

http://www.bleepingcomputer.com/combofix/how-to-use-combofix

Ensure you have disabled all anti virus and anti malware programs so they do not interfere with the running of ComboFix.

Make sure you run ComboFix from your desktop.

Please include the C:\ComboFix.txt in your next reply for further review.

MrC

[JBeau]

OK, system is clean, it found a rootkit embedded into the TCP/IP stack and warned it was particularly difficult to remove, but I think it's done the job.

Unfortunately I have no internet access, I think the TCP is gone. My wireless seems to connect to my local network, but there is no internet. When I plug in an ethernet cable it also connects but gives me no internet throughput.

Is it safe now to do a System Restore to an earlier date?

I'm on my wife's computer now. I would send up the log from the combofix, but she took the thumb drive so no way to transfer files right now. Is there anything from that file that would be helpful? I can type it out...

[MrCharlie]

I would need the whole ComboFix log.

If you can....try system restore.

Let me know, MrC

[JBeau]

Restore to the point the ComboFix created last night before the fix, or even earlier?

[MrCharlie]

Earlier, before the problem started.

MrC

[JBeau]

I've tried 4 restore points and all failed to complete.

I'm getting an error message saying "no firewall" and when I try to enable Windows Firewall in the Control Panel it's now saying ""windows cannot start the Windows Firewall/Internet Connection Sharing (ICS) service."

I found a SD disk I can use to transfer files, here's the ComboFix.txt file.

ComboFix.txt

[MrCharlie]

ComboFix also makes a registry backup, lets try it.

Locate.....

C:\Windows\ERDNT\hiv-backup\erdnt.exe

Double click on it, that should start the registry restore process

Reboot and see how it is, MrC

[JBeau]

Reloaded the registry, same situation.

I ran the FSS.exe and got these results:

Farbar Service Scanner

Ran by Jerry (administrator) on 09-12-2011 at 08:45:57

Microsoft Windows XP Professional Service Pack 3 (X86)

********************************************************

Service Check:

==============

Dhcp Service is not running. Checking service configuration:

The start type of Dhcp service is OK.

The ImagePath of Dhcp service is OK.

The ServiceDll of Dhcp service is OK.

Dnscache Service is not running. Checking service configuration:

The start type of Dnscache service is OK.

The ImagePath of Dnscache service is OK.

The ServiceDll of Dnscache service is OK.

Tcpip Service is not running. Checking service configuration:

The start type of Tcpip service is OK.

The ImagePath of Tcpip service is OK.

File Check:

===========

C:\WINDOWS\system32\svchost.exe => MD5 is legit

C:\WINDOWS\system32\rpcss.dll => MD5 is legit

C:\WINDOWS\system32\services.exe => MD5 is legit

C:\WINDOWS\system32\dhcpcsvc.dll => MD5 is legit

C:\WINDOWS\system32\Drivers\afd.sys => MD5 is legit

C:\WINDOWS\system32\Drivers\netbt.sys => MD5 is legit

C:\WINDOWS\system32\Drivers\tcpip.sys => MD5 is legit

C:\WINDOWS\system32\Drivers\ipsec.sys

[2004-08-04 13:00] - [2008-04-13 11:19] - 0075264 ____A () 4EB0D03142D98D9145D834FC32AB91B9

C:\WINDOWS\system32\dnsrslvr.dll => MD5 is legit

Connection Status:

==================

Localhost is blocked.

There is no connection to network.

Attempt to access Google IP returned error: Other errors

Attempt to access Yahoo IP returend error: Other errors

**** End of log ****

[MrCharlie]

Please run Farbar Service Scanner.

Type the following in the edit box after "Search:".

ipsec.sys

Click Search Files button and post the log (FSS.txt) it makes to your reply

[JBeau]

Farbar Service Scanner

Ran by Jerry (administrator) on 09-12-2011 at 09:30:38

Microsoft Windows XP Service Pack 3 (X86)

************************************************

================== Search: ipsec.sys ===================

C:\WINDOWS\system32\drivers\ipsec.sys

[2004-08-04 13:00] - [2008-04-13 11:19] - 0075264 ____A () 4EB0D03142D98D9145D834FC32AB91B9

C:\WINDOWS\ServicePackFiles\i386\ipsec.sys

[2008-04-13 11:19] - [2008-04-13 11:19] - 0075264 ____N (Microsoft Corporation) 23C74D75E36E7158768DD63D92789A91

C:\WINDOWS\$NtServicePackUninstall$\ipsec.sys

[2009-11-20 18:55] - [2004-08-04 13:00] - 0074752 ____C (Microsoft Corporation) 64537AA5C003A6AFEEE1DF819062D0D1

====== End Of Search ======

[MrCharlie]

OK, Please do this:

1. Close any open browsers.

2. Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.

3. Open notepad and copy/paste the text in the quotebox below into it:

4. If ComboFix wants to update.....please allow it to.

FCopy::

C:\WINDOWS\ServicePackFiles\i386\ipsec.sys | C:\WINDOWS\system32\Drivers\ipsec.sys

Save this as CFScript.txt, in the same location as ComboFix.exe

Refering to the picture above, drag CFScript into ComboFix.exe

CAUTION: Do not mouse-click ComboFix while it is running. It may cause it to stall.

After reboot, (in case it asks to reboot)......

Please provide the contents of the ComboFix log (C:\ComboFix.txt) in your next reply.

Reboot and see how it is.

MrC

[MrCharlie]

I have to leave the forum now, be back asap.

MrC

[JBeau]

OK, ran Combo fix again, then I ran FSS again to see if any other files were noted. Here are the logs.

ComboFix.txt

FSS.txt

[JBeau]

Forgot the all-important "reboot" step. The system is now back online, it was the ipsec.sys file.

Thanks for the assist!

[MrCharlie]

Great

Please Update and run a Quick Scan with MBAM, post the report and let me know how it is, MrC

[JBeau]

Malwarebytes' Anti-Malware 1.51.2.1300

www.malwarebytes.org

Database version: 8344

Windows 5.1.2600 Service Pack 3

Internet Explorer 8.0.6001.18702

12/9/2011 12:58:44 PM

mbam-log-2011-12-09 (12-58-44).txt

Scan type: Quick scan

Objects scanned: 200902

Time elapsed: 17 minute(s), 52 second(s)

Memory Processes Infected: 0

Memory Modules Infected: 0

Registry Keys Infected: 0

Registry Values Infected: 0

Registry Data Items Infected: 1

Folders Infected: 0

Files Infected: 1

Memory Processes Infected:

(No malicious items detected)

Memory Modules Infected:

(No malicious items detected)

Registry Keys Infected:

(No malicious items detected)

Registry Values Infected:

(No malicious items detected)

Registry Data Items Infected:

HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced\StartMenuLogoff (PUM.Hijack.StartMenu) -> Bad: (1) Good: (0) -> Quarantined and deleted successfully.

Folders Infected:

(No malicious items detected)

Files Infected:

c:\WINDOWS\Fonts\isifont1.dll (Spyware.OnlineGames) -> Quarantined and deleted successfully.

[MrCharlie]

....and how is it?? MrC

[MrCharlie]

How are we doing??

Can I close this post??

MrC

[JBeau]

How are we doing??

Can I close this post??

MrC

Forgot the all-important "reboot" step. The system is now back online, it was the ipsec.sys file.

Thanks for the assist!

My apologies, I'd noted previously it was all working, thanks again for the assist!

[MrCharlie]

OK, a few things to clean up:

Java 6 Update 17

You have out of date Java on the system:

Older versions are vulnerable to malware.

Go to your control panels add/remove programs and uninstall all and any Java found.

Then download and run JavaRa to clear out any left-overs, info here

Then download and install the latest version: Version 6 Update 29

http://www.java.com/en/download/manual.jsp <---latest version

http://www.java.com/en/download/installed.jsp <---verify your Java

----------------------------

Please Uninstall ComboFix:

Go to start > run and copy and paste next command in the field:

ComboFix /uninstall

Make sure there's a space between Combofix and /

Then hit enter.

This will uninstall Combofix, delete its related folders and files, hide file extensions, hide the system/hidden files and clears System Restore cache and create new Restore point

-----------

Run OTL and hit the CleanUp button. (This will cleanup the tools and logs used including itself)

--------------

Any questions...please post back.

Take a look at My Preventive Maintenance to avoid being infected again.

Good Luck and Thanks for using the forum, MrC

Have a Good Holiday and New Year!

[LDTate]

Glad we could help.

If you need this topic reopened, please send a Private Message to any one of the moderating team members. Please include a link to this thread with your request. This applies only to the originator of this thread.

Other members who need assistance please start your own topic in a new thread. Thanks!