SevLancer
-
Posts
5 -
Joined
-
Last visited
-
No need. I payed a techie to fix it for me, he was done in just under an hour. Everything is clean now, no bluescreens, no redirects, no ping.exe in task manager.
-
Just now McAfee Trojan Removed Message vanished before I could note it. Something from c:\temp files This is getting worse. I havent been doing anything but have this forum open, is someone working on this or? Its getting to the point I may just run killdisk, I dont want it to come to that though. Im freaking out cus I have work stuff on this laptop, plus the wife has all her personal stuff, like banking and such. (shes also raging at me) I just dont know what to do at this point, besides just sit here while god knows what is going on with my computer. =(
-
OK, after many bluesceens, redirects, and the page just not working, finally got it to load and analyze. File name: PING.EXE Submission date: 2011-08-11 22:06:33 (UTC) Current status: queued queued analysing finished Result: 0/ 43 (0.0%) Antivirus Version Last Update Result AhnLab-V3 2011.08.11.01 2011.08.11 - AntiVir 7.11.13.26 2011.08.11 - Antiy-AVL 2.0.3.7 2011.08.11 - Avast 4.8.1351.0 2011.08.11 - Avast5 5.0.677.0 2011.08.11 - AVG 10.0.0.1190 2011.08.11 - BitDefender 7.2 2011.08.11 - CAT-QuickHeal 11.00 2011.08.11 - ClamAV 0.97.0.0 2011.08.12 - Commtouch 5.3.2.6 2011.08.11 - Comodo 9711 2011.08.11 - DrWeb 5.0.2.03300 2011.08.12 - Emsisoft 5.1.0.8 2011.08.11 - eSafe 7.0.17.0 2011.08.10 - eTrust-Vet 36.1.8497 2011.08.11 - F-Prot 4.6.2.117 2011.08.11 - F-Secure 9.0.16440.0 2011.08.11 - Fortinet 4.2.257.0 2011.08.11 - GData 22 2011.08.11 - Ikarus T3.1.1.107.0 2011.08.11 - Jiangmin 13.0.900 2011.08.11 - K7AntiVirus 9.109.5003 2011.08.10 - Kaspersky 9.0.0.837 2011.08.11 - McAfee 5.400.0.1158 2011.08.11 - McAfee-GW-Edition 2010.1D 2011.08.11 - Microsoft 1.7104 2011.08.11 - NOD32 6370 2011.08.12 - Norman 6.07.10 2011.08.11 - nProtect 2011-08-11.01 2011.08.11 - Panda 10.0.3.5 2011.08.11 - PCTools 8.0.0.5 2011.08.11 - Prevx 3.0 2011.08.12 - Rising 23.70.03.03 2011.08.11 - Sophos 4.67.0 2011.08.11 - SUPERAntiSpyware 4.40.0.1006 2011.08.11 - Symantec 20111.2.0.82 2011.08.11 - TheHacker 6.7.0.1.276 2011.08.11 - TrendMicro 9.500.0.1008 2011.08.11 - TrendMicro-HouseCall 9.500.0.1008 2011.08.11 - VBA32 3.12.16.4 2011.08.10 - VIPRE 10140 2011.08.11 - ViRobot 2011.8.11.4617 2011.08.11 - VirusBuster 14.0.164.0 2011.08.11 - Additional informationShow all MD5 : 6242e3d67787ccbf4e06ad2982853144 SHA1 : 6ac7947207d999a65890ab25fe344955da35028e SHA256: 4ca10dba7ff487fdb3f1362a3681d7d929f5aa1262cdfd31b04c30826983fb1d ssdeep: 384:lOi8W9+0F7A3fNpl+rKOFvK/WDHlWyzo:slWE0F7gle1j File size : 15360 bytes First seen: 2009-08-15 21:26:03 Last seen : 2011-08-11 22:06:33 TrID: Win32 Executable Generic (42.3%) Win32 Dynamic Link Library (generic) (37.6%) Generic Win/DOS Executable (9.9%) DOS Executable Generic (9.9%) Autodesk FLIC Image File (extensions: flc, fli, cel) (0.0%) sigcheck: publisher....: Microsoft Corporation copyright....: © Microsoft Corporation. All rights reserved. product......: Microsoft_ Windows_ Operating System description..: TCP/IP Ping Command original name: ping.exe internal name: ping.exe file version.: 6.1.7600.16385 (win7_rtm.090713-1255) comments.....: n/a signers......: - signing date.: - verified.....: Unsigned PEInfo: PE structure information [[ basic data ]] entrypointaddress: 0x2AA7 timedatestamp....: 0x4A5BC964 (Mon Jul 13 23:55:16 2009) machinetype......: 0x14c (I386) [[ 4 section(s) ]] name, viradd, virsiz, rawdsiz, ntropy, md5 .text, 0x1000, 0x2672, 0x2800, 6.23, bfe1d27f54c79116c20b2d9c2473b795 .data, 0x4000, 0x16A0, 0x200, 1.58, edb7737499c044af4a7f9d64da9724ed .rsrc, 0x6000, 0x818, 0xA00, 3.81, bf68860ecea39893c6c8411aabcc84c7 .reloc, 0x7000, 0x2FC, 0x400, 4.29, d7e3b601d3845105ff04d0f1d91e0d84 [[ 7 import(s) ]] ADVAPI32.dll: RegQueryValueExA, RegOpenKeyExA, RegCloseKey KERNEL32.dll: InterlockedCompareExchange, FormatMessageA, UnhandledExceptionFilter, GetCurrentProcess, TerminateProcess, GetSystemTimeAsFileTime, GetCurrentProcessId, GetCurrentThreadId, GetTickCount, QueryPerformanceCounter, GetModuleHandleA, SetUnhandledExceptionFilter, InterlockedExchange, LocalFree, Sleep, SetConsoleCtrlHandler, LocalAlloc, GetLastError, HeapSetInformation, SetThreadUILanguage msvcrt.dll: __p__commode, __setusermatherr, _amsg_exit, _initterm, _XcptFilter, _exit, __p__fmode, __getmainargs, memset, isspace, exit, strtoul, __set_app_type, memcpy, _terminate@@YAXXZ, _except_handler4_common, _controlfp, _cexit, _write, _setmode IPHLPAPI.DLL: GetIpForwardTable, IcmpCreateFile, Icmp6CreateFile, IcmpSendEcho2Ex, Icmp6SendEcho2, IcmpCloseHandle, GetIpErrorString USER32.dll: CharToOemBuffA ntdll.dll: RtlIpv4StringToAddressA WS2_32.dll: freeaddrinfo, -, -, -, -, getnameinfo, getaddrinfo ExifTool: file metadata CharacterSet: Unicode CodeSize: 10240 CompanyName: Microsoft Corporation EntryPoint: 0x2aa7 FileDescription: TCP/IP Ping Command FileFlagsMask: 0x003f FileOS: Windows NT 32-bit FileSize: 15 kB FileSubtype: 0 FileType: Win32 EXE FileVersion: 6.1.7600.16385 (win7_rtm.090713-1255) FileVersionNumber: 6.1.7600.16385 ImageVersion: 6.1 InitializedDataSize: 9728 InternalName: ping.exe LanguageCode: English (U.S.) LegalCopyright: Microsoft Corporation. All rights reserved. LinkerVersion: 9.0 MIMEType: application/octet-stream MachineType: Intel 386 or later, and compatibles OSVersion: 6.1 ObjectFileType: Executable application OriginalFilename: ping.exe PEType: PE32 ProductName: Microsoft Windows Operating System ProductVersion: 6.1.7600.16385 ProductVersionNumber: 6.1.7600.16385 Subsystem: Windows command line SubsystemVersion: 6.1 TimeStamp: 2009:07:14 01:55:16+02:00 UninitializedDataSize: 0 PING.rar
-
Tried going to VirusTotal, with both IE Explorer and Firefox, both are unable to load the page. Also, the file you want me to upload is ping.exe located in C:\Windows\Syswow64, correct?
-
Hi, I have problem, may be serious,I'm unsure. My browser was getting hijacked and blue screened (Unknown hard error) so I formated, reinstalled everything though the factory dell image restore. But its still doing it, I checked my task manager and resource monitor and both have PING.exe, now in recource manager under memory its got PING.exe alternating from 60-100% every half seccond (not exagerating) followed by a mbam message "Successfully blocked access to a potentially malicious website 195.3.145.251 Type: outgoing Port: 53016 Process: ping.exe" (the website IP changes and so does the port number) I updated and ran both McAfee and MBAM and both full scans came back clean. Decided to format again, without the internet plugged in, or and external HD's, no dice, same thing happens. I really am lost as to whats going on, some help would be great. Heres the log thingy that I gather I need to post? and sorry if this is the wrong log or in the wrong forum, im kinda stressed at the moment. . DDS (Ver_2011-06-23.01) - NTFSAMD64 Internet Explorer: 8.0.7600.16385 Run by Frost at 8:12:19 on 2011-08-14 Microsoft Windows 7 Home Premium 6.1.7600.0.1252.61.1033.18.6132.3798 [GMT 10:00] . AV: McAfee VirusScan *Enabled/Updated* {86355677-4064-3EA7-ABB3-1B136EB04637} SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46} SP: McAfee VirusScan *Enabled/Updated* {3D54B793-665E-3129-9103-206115370C8A} FW: McAfee Personal Firewall *Enabled* {BE0ED752-0A0B-3FFF-80EC-B2269063014C} . ============== Running Processes =============== . C:\Windows\system32\wininit.exe C:\Windows\system32\lsm.exe C:\Windows\system32\svchost.exe -k DcomLaunch C:\Windows\system32\svchost.exe -k RPCSS C:\Windows\system32\svchost.exe -k NetworkService C:\Windows\system32\svchost.exe -k netsvcs C:\Windows\system32\svchost.exe -k LocalService C:\Windows\system32\wbem\wmiprvse.exe C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted C:\Windows\system32\WLANExt.exe C:\Windows\system32\conhost.exe C:\Windows\system32\atiesrxx.exe C:\Program Files\Alienware\Command Center\AlienSense\FAService.exe C:\Windows\System32\DriverStore\FileRepository\stwrt64.inf_amd64_neutral_ec0230c23ac63514\STacSV64.exe C:\Program Files (x86)\Stardock\MyColors\VistaSrv.exe C:\Program Files (x86)\Stardock\MyColors\WBVista.exe C:\Program Files\Dell\DW WLAN Card\WLTRYSVC.EXE C:\Program Files\Dell\DW WLAN Card\bcmwltry.exe C:\Windows\System32\spoolsv.exe C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork C:\Windows\System32\DriverStore\FileRepository\stwrt64.inf_amd64_neutral_ec0230c23ac63514\AESTSr64.exe C:\Program Files\Alienware\Command Center\AlienFusionService.exe c:\Program Files\WIDCOMM\Bluetooth Software\btwdins.exe C:\Program Files (x86)\OSD\OSD_Service.exe C:\Windows\system32\wbem\wmiprvse.exe C:\Program Files (x86)\Intel\Intel Matrix Storage Manager\IAANTMon.exe C:\Program Files (x86)\STMicroelectronics\Accelerometer\InstallFilterService.exe C:\Program Files\Common Files\mcafee\McSvcHost\McSvHost.exe C:\Program Files\Common Files\McAfee\SystemCore\mfevtps.exe C:\Program Files (x86)\Common Files\Nero\Nero BackItUp 4\NBService.exe C:\Program Files\Common Files\McAfee\SystemCore\mcshield.exe C:\Program Files\Common Files\McAfee\SystemCore\mfefire.exe C:\Windows\system32\SearchIndexer.exe C:\Windows\system32\svchost.exe -k bthsvcs C:\Windows\system32\atieclxx.exe C:\Windows\system32\taskhost.exe C:\Windows\system32\Dwm.exe C:\Windows\Explorer.EXE C:\Windows\System32\rundll32.exe C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted C:\Program Files\Synaptics\SynTP\SynTPEnh.exe C:\Program Files\IDT\WDM\sttray64.exe C:\Program Files\Alienware\Command Center\AlienwareAlienFXController.exe C:\Program Files (x86)\Intel\Intel Matrix Storage Manager\IAAnotif.exe C:\Program Files (x86)\STMicroelectronics\Accelerometer\FF_Protection.exe C:\Program Files\Dell\DW WLAN Card\WLTRAY.EXE C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe C:\Program Files\Alienware\Command Center\AlienSense\FATrayMon.exe C:\Program Files\mcafee.com\agent\mcagent.exe C:\Program Files\Synaptics\SynTP\SynTPHelper.exe C:\Program Files\Alienware\Command Center\AlienSense\FATrayAlert.exe c:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\MOM.exe c:\Program Files\WIDCOMM\Bluetooth Software\BtStackServer.exe C:\Program Files (x86)\OSD\OSD.exe C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CCC.exe c:\Program Files\WIDCOMM\Bluetooth Software\BluetoothHeadsetProxy.exe C:\Program Files\Alienware\Command Center\AlienFXHook32Mngr.exe C:\Windows\system32\conhost.exe C:\Program Files\Alienware\Command Center\AlienFXHook64Mngr.exe C:\Windows\system32\conhost.exe C:\Program Files\Alienware\Command Center\AlienFusionController.exe C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe C:\Windows\Microsoft.NET\Framework64\v2.0.50727\mscorsvw.exe C:\Windows\system32\perfmon.exe C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation C:\Program Files\Windows Media Player\wmpnetwk.exe C:\Windows\System32\svchost.exe -k LocalServicePeerNet C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe C:\Program Files (x86)\Internet Explorer\iexplore.exe C:\Program Files (x86)\Internet Explorer\iexplore.exe C:\Windows\SysWow64\Macromed\Flash\FlashUtil10d.exe C:\Windows\system32\taskhost.exe C:\Windows\Syswow64\ping.exe C:\Windows\system32\conhost.exe C:\Windows\system32\SearchProtocolHost.exe C:\Program Files (x86)\Internet Explorer\iexplore.exe C:\Windows\system32\SearchFilterHost.exe C:\Windows\system32\DllHost.exe C:\Windows\system32\DllHost.exe C:\Windows\system32\DllHost.exe C:\Windows\SysWOW64\cmd.exe C:\Windows\system32\conhost.exe C:\Windows\SysWOW64\cscript.exe . ============== Pseudo HJT Report =============== . uStart Page = hxxp://www.alienware.com/ uDefault_Page_URL = hxxp://www.alienware.com/ mWinlogon: Userinit=userinit.exe BHO: scriptproxy: {7db2d5a0-7241-4e79-b68d-6309f01c5231} - C:\Program Files (x86)\Common Files\McAfee\SystemCore\ScriptSn.20100822205930.dll BHO: SSOIEAddonBHO Class: {da5bce70-d057-4d63-943d-5f3927ec59f1} - C:\Program Files\Alienware\Command Center\AlienSense\FAIESSO.dll BHO: Java Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll mRun: [FATrayAlert] C:\Program Files\Alienware\Command Center\AlienSense\FATrayMon.exe mRun: [FAStartup] mRun: [OSD_LAUNCH] c:\Program Files (x86)\OSD\Launch_OSD.exe mRun: [startCCC] "c:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" MSRun mRun: [uCam_Menu] "c:\Program Files (x86)\CyberLink\YouCam\MUITransfer\MUIStartMenu.exe" "c:\Program Files (x86)\CyberLink\YouCam" UpdateWithCreateOnce "Software\CyberLink\YouCam\2.0" mRun: [mcui_exe] "C:\Program Files\McAfee.com\Agent\mcagent.exe" /runkey mRun: [Malwarebytes' Anti-Malware] "C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe" /starttray mRunOnce: [Malwarebytes' Anti-Malware] C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe /install /silent StartupFolder: C:\PROGRA~3\MICROS~1\Windows\STARTM~1\Programs\Startup\BLUETO~1.LNK - C:\Program Files (x86)\WIDCOMM\Bluetooth Software\BTTray.exe StartupFolder: C:\PROGRA~3\MICROS~1\Windows\STARTM~1\Programs\Startup\STARDO~1.LNK - C:\Program Files (x86)\Stardock\MyColors\SDDelayedLaunch.exe mPolicies-explorer: NoActiveDesktop = 1 (0x1) mPolicies-explorer: NoActiveDesktopChanges = 1 (0x1) mPolicies-system: ConsentPromptBehaviorAdmin = 5 (0x5) mPolicies-system: ConsentPromptBehaviorUser = 3 (0x3) mPolicies-system: EnableUIADesktopToggle = 0 (0x0) IE: Send image to &Bluetooth Device... - c:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm IE: Send page to &Bluetooth Device... - c:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm IE: {CCA281CA-C863-46ef-9331-5C8D4460577F} - c:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_20-windows-i586.cab DPF: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_20-windows-i586.cab DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_20-windows-i586.cab TCP: DhcpNameServer = 10.1.1.1 TCP: Interfaces\{E184F210-3318-4059-8A4B-12E5D7AB6161} : DhcpNameServer = 150.100.11.4 TCP: Interfaces\{FA703F53-99E8-404E-AD45-38E699180997} : DhcpNameServer = 10.1.1.1 Notify: FastAccess - C:\Program Files\Alienware\Command Center\AlienSense\FALogNot.dll LSA: Notification Packages = scecli FAPassSync BHO-X64: scriptproxy: {7DB2D5A0-7241-4E79-B68D-6309F01C5231} - C:\Program Files (x86)\Common Files\McAfee\SystemCore\ScriptSn.20100822205930.dll BHO-X64: scriptproxy - No File BHO-X64: SSOIEAddonBHO Class: {DA5BCE70-D057-4D63-943D-5F3927EC59F1} - C:\Program Files\Alienware\Command Center\AlienSense\FAIESSO.dll BHO-X64: SSOIEAddonBHO - No File BHO-X64: Java Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll mRun-x64: [FATrayAlert] C:\Program Files\Alienware\Command Center\AlienSense\FATrayMon.exe mRun-x64: [FAStartup] mRun-x64: [OSD_LAUNCH] c:\Program Files (x86)\OSD\Launch_OSD.exe mRun-x64: [startCCC] "c:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" MSRun mRun-x64: [uCam_Menu] "c:\Program Files (x86)\CyberLink\YouCam\MUITransfer\MUIStartMenu.exe" "c:\Program Files (x86)\CyberLink\YouCam" UpdateWithCreateOnce "Software\CyberLink\YouCam\2.0" mRun-x64: [mcui_exe] "C:\Program Files\McAfee.com\Agent\mcagent.exe" /runkey mRun-x64: [Malwarebytes' Anti-Malware] "C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe" /starttray mRunOnce-x64: [Malwarebytes' Anti-Malware] C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe /install /silent IE-X64: {CCA281CA-C863-46ef-9331-5C8D4460577F} - c:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm . ============= SERVICES / DRIVERS =============== . R0 ioatdma;Intel® QuickData Technology device;C:\Windows\system32\Drivers\ioatdma.sys --> C:\Windows\system32\Drivers\ioatdma.sys [?] R0 mfehidk;McAfee Inc. mfehidk;C:\Windows\system32\drivers\mfehidk.sys --> C:\Windows\system32\drivers\mfehidk.sys [?] R0 mfewfpk;McAfee Inc. mfewfpk;C:\Windows\system32\drivers\mfewfpk.sys --> C:\Windows\system32\drivers\mfewfpk.sys [?] R0 stdflt;Disk Filter Driver for Accelerometer;C:\Windows\system32\DRIVERS\stdflt.sys --> C:\Windows\system32\DRIVERS\stdflt.sys [?] R1 mfenlfk;McAfee NDIS Light Filter;C:\Windows\system32\DRIVERS\mfenlfk.sys --> C:\Windows\system32\DRIVERS\mfenlfk.sys [?] R1 vwififlt;Virtual WiFi Filter Driver;C:\Windows\system32\DRIVERS\vwififlt.sys --> C:\Windows\system32\DRIVERS\vwififlt.sys [?] R2 AESTFilters;Andrea ST Filters Service;C:\Windows\System32\DriverStore\FileRepository\stwrt64.inf_amd64_neutral_ec0230c23ac63514\AESTSr64.exe [2010-6-25 89600] R2 AlienFusionService;Alienware Fusion Service;C:\Program Files\Alienware\Command Center\AlienFusionService.exe [2010-5-22 14648] R2 AMD External Events Utility;AMD External Events Utility;C:\Windows\system32\atiesrxx.exe --> C:\Windows\system32\atiesrxx.exe [?] R2 FAService;FAService;C:\Program Files\Alienware\Command Center\AlienSense\FAService.exe [2010-4-5 2409800] R2 HappyOSD;HappyOSD;C:\Program Files (x86)\OSD\OSD_Service.exe [2009-12-30 16384] R2 InstallFilterService;FF Install Filter Service;C:\Program Files (x86)\STMicroelectronics\Accelerometer\InstallFilterService.exe [2010-8-23 59904] R2 MBAMService;MBAMService;C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe [2011-8-14 366640] R2 McMPFSvc;McAfee Personal Firewall;C:\Program Files\Common Files\mcafee\mcsvchost\McSvHost.exe [2009-12-15 355440] R2 McNaiAnn;McAfee VirusScan Announcer;C:\Program Files\Common Files\mcafee\mcsvchost\McSvHost.exe [2009-12-15 355440] R2 McOobeSv;McAfee OOBE Service;C:\Program Files\Common Files\mcafee\mcsvchost\McSvHost.exe [2009-12-15 355440] R2 McProxy;McAfee Proxy Service;C:\Program Files\Common Files\mcafee\mcsvchost\McSvHost.exe [2009-12-15 355440] R2 McShield;McShield;C:\Program Files\Common Files\mcafee\systemcore\mcshield.exe [2010-8-23 199032] R2 mfefire;McAfee Firewall Core Service;C:\Program Files\Common Files\mcafee\systemcore\mfefire.exe [2010-8-23 244840] R2 mfevtp;McAfee Validation Trust Protection Service;C:\Program Files\Common Files\mcafee\systemcore\mfevtps.exe [2010-8-23 148520] R2 rimspci;rimspci;C:\Windows\system32\DRIVERS\rimspe64.sys --> C:\Windows\system32\DRIVERS\rimspe64.sys [?] R2 risdpcie;risdpcie;C:\Windows\system32\DRIVERS\risdpe64.sys --> C:\Windows\system32\DRIVERS\risdpe64.sys [?] R2 rixdpcie;rixdpcie;C:\Windows\system32\DRIVERS\rixdpe64.sys --> C:\Windows\system32\DRIVERS\rixdpe64.sys [?] R3 Acceler;Accelerometer Service;C:\Windows\system32\DRIVERS\Acceler.sys --> C:\Windows\system32\DRIVERS\Acceler.sys [?] R3 amdkmdag;amdkmdag;C:\Windows\system32\DRIVERS\atipmdag.sys --> C:\Windows\system32\DRIVERS\atipmdag.sys [?] R3 amdkmdap;amdkmdap;C:\Windows\system32\DRIVERS\atikmpag.sys --> C:\Windows\system32\DRIVERS\atikmpag.sys [?] R3 btwl2cap;Bluetooth L2CAP Service;C:\Windows\system32\DRIVERS\btwl2cap.sys --> C:\Windows\system32\DRIVERS\btwl2cap.sys [?] R3 cfwids;McAfee Inc. cfwids;C:\Windows\system32\drivers\cfwids.sys --> C:\Windows\system32\drivers\cfwids.sys [?] R3 e1kexpress;Intel® PRO/1000 PCI Express Network Connection Driver K;C:\Windows\system32\DRIVERS\e1k62x64.sys --> C:\Windows\system32\DRIVERS\e1k62x64.sys [?] R3 itecir;ITECIR Infrared Receiver;C:\Windows\system32\DRIVERS\itecir.sys --> C:\Windows\system32\DRIVERS\itecir.sys [?] R3 MBAMProtector;MBAMProtector;\??\C:\Windows\system32\drivers\mbam.sys --> C:\Windows\system32\drivers\mbam.sys [?] R3 mfeavfk;McAfee Inc. mfeavfk;C:\Windows\system32\drivers\mfeavfk.sys --> C:\Windows\system32\drivers\mfeavfk.sys [?] R3 mfefirek;McAfee Inc. mfefirek;C:\Windows\system32\drivers\mfefirek.sys --> C:\Windows\system32\drivers\mfefirek.sys [?] S2 0143011313271400mcinstcleanup;McAfee Application Installer Cleanup (0143011313271400);C:\Windows\TEMP\014301~1.EXE C:\PROGRA~2\COMMON~1\McAfee\INSTAL~1\cleanup.ini -cleanup -nolog -service --> C:\Windows\TEMP\014301~1.EXE C:\PROGRA~2\COMMON~1\McAfee\INSTAL~1\cleanup.ini -cleanup -nolog -service [?] S3 FACAP;facap, FastAccess Video Capture;C:\Windows\system32\DRIVERS\facap.sys --> C:\Windows\system32\DRIVERS\facap.sys [?] S3 IAMTVE;Driver for Intel® Active Management Technology - KCS;C:\Windows\system32\DRIVERS\IAMTVE.sys --> C:\Windows\system32\DRIVERS\IAMTVE.sys [?] S3 IAMTXPE;Driver for Intel® Active Management Technology - KCS;C:\Windows\system32\DRIVERS\IAMTXPE.sys --> C:\Windows\system32\DRIVERS\IAMTXPE.sys [?] S3 ioatdma1;ioatdma1;C:\Windows\system32\Drivers\qd162x64.sys --> C:\Windows\system32\Drivers\qd162x64.sys [?] S3 ioatdma2;Intel® QuickData Technology device ver.2;C:\Windows\system32\Drivers\qd262x64.sys --> C:\Windows\system32\Drivers\qd262x64.sys [?] S3 iSSetup;iSSetup;C:\Windows\system32\DRIVERS\iSSetup.sys --> C:\Windows\system32\DRIVERS\iSSetup.sys [?] S3 mferkdet;McAfee Inc. mferkdet;C:\Windows\system32\drivers\mferkdet.sys --> C:\Windows\system32\drivers\mferkdet.sys [?] . =============== Created Last 30 ================ . 2011-08-13 21:41:55 -------- d-----w- C:\Users\Frost\AppData\Roaming\Malwarebytes 2011-08-13 21:41:49 41272 ----a-w- C:\Windows\SysWow64\drivers\mbamswissarmy.sys 2011-08-13 21:41:49 -------- d-----w- C:\ProgramData\Malwarebytes 2011-08-13 21:41:46 25912 ----a-w- C:\Windows\System32\drivers\mbam.sys 2011-08-13 21:41:46 -------- d-----w- C:\Program Files (x86)\Malwarebytes' Anti-Malware 2011-08-13 21:37:29 -------- d-----w- C:\Users\Frost\AppData\Local\Broadcom 2011-08-13 21:37:29 -------- d-----w- C:\Users\Frost\AppData\Local\ATI . ==================== Find3M ==================== . . ============= FINISH: 8:12:58.70 ===============