Jump to content

Multiple Mouse-clicking Virus?


Recommended Posts

Hi there.  I'm not sure, but I believe me computer is infected.  I am running Visa Home Premium, 64-bit.  The computer boots/starts up normally, and remains normally usable for a number of hours.  At some point, however, over the past few days, it begins behaving strangely.  If I click the mouse on certain items or programs (such as the arrow to open up the hidden items on the systray), it seems to click the item a number of times (not just double-click).   Specifically with the systray, it hides/unhides the items many times in quick succession.  On once clicking a program (Lightscribe), it opened up 70 windows of the same.  If I try to ctrl-alt-delete to get to task manager, it sends me to the Windows startup screen without a password prompt (or actually - the password prompt shows up VERY quickly and disappears so I can't do anything).  If I click the Windows button in the lower left of the screen, it shuts the computer down.

 

I note that this behavior began soon after I installed Razer's Synapse 2.0 configurator, to allow me to use advanced aspects of my keyboard.  I'm not sure if they are related.

 

I appreciate your help.

 

Here is the text of FRST.log, which I just ran a few minutes ago:

 

Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 24-07-2014 01
Ran by Marcus (administrator) on MARCUS-PC on 25-07-2014 07:49:25
Running from C:\Users\Marcus\Desktop\Desktop
Platform: Windows Vista Home Premium Service Pack 2 (X64) OS Language: English (United States)
Internet Explorer Version 9
Boot Mode: Normal

The only official download link for FRST:
Download link for 32-Bit version: http://www.bleepingcomputer.com/download/farbar-recovery-scan-tool/dl/81/
Download link for 64-Bit Version: http://www.bleepingcomputer.com/download/farbar-recovery-scan-tool/dl/82/
Download link from any site other than Bleeping Computer is unpermitted or outdated.
See tutorial for FRST: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe
(Microsoft Corporation) C:\Windows\System32\SLsvc.exe
(Cisco Systems, Inc.) C:\Program Files (x86)\Cisco\Cisco AnyConnect Secure Mobility Client\vpnagent.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe
(NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe
(Google Inc.) C:\Program Files (x86)\Google\Update\1.3.24.15\GoogleCrashHandler.exe
(Google Inc.) C:\Program Files (x86)\Google\Update\1.3.24.15\GoogleCrashHandler64.exe
() C:\Program Files (x86)\ASUS\AASP\1.00.59\aaCenter.exe
(Apple Inc.) C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
(Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe
(Hewlett-Packard Company) C:\Program Files (x86)\Common Files\LightScribe\LSSrvc.exe
(McAfee, Inc.) C:\Program Files (x86)\McAfee\Common Framework\FrameworkService.exe
(McAfee, Inc.) C:\Program Files (x86)\McAfee\VirusScan Enterprise\VsTskMgr.exe
(McAfee, Inc.) C:\Windows\System32\mfevtps.exe
(McAfee, Inc.) C:\Program Files (x86)\McAfee\VirusScan Enterprise\mfeann.exe
(Motorola Mobility LLC) C:\Program Files (x86)\Motorola Mobility\Motorola Device Manager\MotoHelperService.exe
(Microsoft Corporation) C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe
() C:\Windows\SysWOW64\PnkBstrA.exe
(Motorola) C:\Program Files (x86)\Motorola\MotForwardDaemon\ForwardDaemon.exe
(McAfee, Inc.) C:\Program Files (x86)\McAfee\Common Framework\naPrdMgr.exe
(TomTom) C:\Program Files (x86)\TomTom HOME 2\TomTomHOMEService.exe
(McAfee, Inc.) C:\Program Files\Common Files\McAfee\SystemCore\mcshield.exe
(Motorola Mobility LLC) C:\Program Files (x86)\Motorola Mobility\Motorola Device Manager\MotoHelperAgent.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvtray.exe
() C:\Windows\SysWOW64\HsMgr.exe
() C:\Windows\system\HsMgr64.exe
(Valve Corporation) C:\Program Files (x86)\Steam\Steam.exe
(Microsoft Corporation) C:\Windows\ehome\ehtray.exe
(SEIKO EPSON CORPORATION) C:\Windows\System32\spool\drivers\x64\3\E_IATIAEA.EXE
(Microsoft Corporation) C:\Windows\ehome\ehmsas.exe
(Microsoft Corporation) C:\Program Files\Windows Media Player\wmpnscfg.exe
(CMedia) C:\Program Files\ASUS Xonar Essence STX Audio\Customapp\AsusAudioCenter.exe
(Cisco Systems, Inc.) C:\Program Files (x86)\Cisco\Cisco AnyConnect Secure Mobility Client\vpnui.exe
(McAfee, Inc.) C:\Program Files (x86)\McAfee\Common Framework\UdaterUI.exe
(Razer Inc.) C:\Program Files (x86)\Razer\Synapse\RzSynapse.exe
(McAfee, Inc.) C:\Program Files (x86)\McAfee\Common Framework\McTray.exe
(McAfee, Inc.) C:\Program Files (x86)\McAfee\VirusScan Enterprise\mcconsol.exe
(McAfee, Inc.) C:\Program Files (x86)\McAfee\VirusScan Enterprise\shstat.exe
(Microsoft Corporation) C:\Windows\Microsoft.NET\Framework64\v4.0.30319\WPF\WPFFontCache_v0400.exe

==================== Registry (Whitelisted) ==================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [Windows Defender] => C:\Program Files\Windows Defender\MSASCui.exe [1584184 2008-01-19] (Microsoft Corporation)
HKLM\...\Run: [RtHDVCpl] => RAVCpl64.exe
HKLM\...\Run: [Cmaudio8788] => C:\Windows\syswow64\RunDll32.exe C:\Windows\Syswow64\cmicnfgp.dll,CMICtrlWnd
HKLM\...\Run: [Cmaudio8788GX] => C:\Windows\syswow64\HsMgr.exe [200704 2008-07-11] ()
HKLM\...\Run: [Cmaudio8788GX64] => C:\Windows\system\HsMgr64.exe [282112 2008-07-11] ()
HKLM-x32\...\Run: [APSDaemon] => C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe [43848 2014-04-23] (Apple Inc.)
HKLM-x32\...\Run: [CPU Power Monitor] => C:\Program Files (x86)\ASUS\AI Suite\AiGear3\CpuPowerMonitor.exe [627200 2008-01-09] ()
HKLM-x32\...\Run: [Cpu Level Up help] => C:\Program Files (x86)\ASUS\AI Suite\CpuLevelUpHelp.exe [881152 2007-11-30] ()
HKLM-x32\...\Run: [Cisco AnyConnect Secure Mobility Agent for Windows] => C:\Program Files (x86)\Cisco\Cisco AnyConnect Secure Mobility Client\vpnui.exe [707472 2013-12-12] (Cisco Systems, Inc.)
HKLM-x32\...\Run: [QuickTime Task] => C:\Program Files (x86)\QuickTime\QTTask.exe [421888 2014-01-17] (Apple Inc.)
HKLM-x32\...\Run: [iTunesHelper] => C:\Program Files (x86)\iTunes\iTunesHelper.exe [152392 2014-05-15] (Apple Inc.)
HKLM-x32\...\Run: [McAfeeUpdaterUI] => C:\Program Files (x86)\McAfee\Common Framework\udaterui.exe [337440 2013-06-25] (McAfee, Inc.)
HKLM-x32\...\Run: [shStatEXE] => C:\Program Files (x86)\McAfee\VirusScan Enterprise\SHSTAT.EXE [243560 2014-01-15] (McAfee, Inc.)
HKLM-x32\...\Run: [] => [X]
HKLM-x32\...\Run: [Razer Synapse] => C:\Program Files (x86)\Razer\Synapse\RzSynapse.exe [585560 2014-06-23] (Razer Inc.)
HKLM\...\Policies\Explorer: [NoFolderOptions] 0
HKLM\...\Policies\Explorer: [NoControlPanel] 0
HKU\S-1-5-19\...\Run: [WindowsWelcomeCenter] => rundll32.exe oobefldr.dll,ShowWelcomeCenter
HKU\S-1-5-20\...\Run: [WindowsWelcomeCenter] => rundll32.exe oobefldr.dll,ShowWelcomeCenter
HKU\S-1-5-21-2303092546-2931844446-616707999-1000\...\Run: [steam] => C:\Program Files (x86)\Steam\steam.exe [1753280 2014-07-15] (Valve Corporation)
HKU\S-1-5-21-2303092546-2931844446-616707999-1000\...\Run: [ehTray.exe] => C:\Windows\ehome\ehTray.exe [138240 2008-01-19] (Microsoft Corporation)
HKU\S-1-5-21-2303092546-2931844446-616707999-1000\...\Run: [WMPNSCFG] => C:\Program Files (x86)\Windows Media Player\WMPNSCFG.exe
HKU\S-1-5-21-2303092546-2931844446-616707999-1000\...\Run: [EPSON Stylus CX4200 Series] => C:\Windows\system32\spool\DRIVERS\x64\3\E_IATIAEA.EXE [211968 2007-01-19] (SEIKO EPSON CORPORATION)
HKU\S-1-5-21-2303092546-2931844446-616707999-1000\...\MountPoints2: {38161702-dd5b-11e3-99ed-001bfc39ceea} - H:\MotoCastSetup.exe -a
HKU\S-1-5-21-2303092546-2931844446-616707999-1000\...\MountPoints2: {b9fa75db-09c8-11e2-ae34-806e6f6e6963} - E:\setup.exe
HKU\S-1-5-21-2303092546-2931844446-616707999-1000\...\MountPoints2: {e89840bc-05e1-11e2-9132-806e6f6e6963} - F:\.\Bin\Assetup.exe
AppInit_DLLs: C:\PROGRA~3\PERFOR~1\PERFOR~2.DLL => C:\PROGRA~3\PERFOR~1\PERFOR~2.DLL File Not Found
AppInit_DLLs-x32: c:\progra~3\perfor~1\perfor~1.dll => "c:\progra~3\perfor~1\perfor~1.dll" File Not Found

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Start Page = about:blank
StartMenuInternet: IEXPLORE.EXE - C:\Program Files (x86)\Internet Explorer\iexplore.exe
SearchScopes: HKCU - DefaultScope {4778D735-5AC1-4B53-9B8E-1805307D2F99} URL = http://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}&ie={inputEncoding}&oe={outputEncoding}&startIndex={startIndex?}&startPage={startPage}
SearchScopes: HKCU - {4778D735-5AC1-4B53-9B8E-1805307D2F99} URL = http://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}&ie={inputEncoding}&oe={outputEncoding}&startIndex={startIndex?}&startPage={startPage}
BHO: scriptproxy -> {7DB2D5A0-7241-4E79-B68D-6309F01C5231} -> C:\Program Files\Common Files\McAfee\SystemCore\ScriptSn.20140715075608.dll (McAfee, Inc.)
BHO: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files\Microsoft Office\Office14\URLREDIR.DLL (Microsoft Corporation)
BHO-x32: PodcastBHO Class -> {65134FDF-F8A5-4B3D-91D9-CDF273CFD578} -> C:\Program Files (x86)\Common Files\doubleTwist\IEPodcastPlugin.dll (doubleTwist Corporation)
BHO-x32: scriptproxy -> {7DB2D5A0-7241-4E79-B68D-6309F01C5231} -> C:\Program Files (x86)\Common Files\McAfee\SystemCore\ScriptSn.20140715075616.dll (McAfee, Inc.)
BHO-x32: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files (x86)\Microsoft Office\Office14\URLREDIR.DLL (Microsoft Corporation)
DPF: HKLM-x32 {7530BFB8-7293-4D34-9923-61A11451AFC5} http://download.eset.com/special/eos/OnlineScanner.cab
Hosts: 127.0.0.1 localhost
Tcpip\Parameters: [DhcpNameServer] 192.168.1.1

FireFox:
========
FF Plugin: @adobe.com/FlashPlayer - C:\Windows\system32\Macromed\Flash\NPSWF64_14_0_0_145.dll ()
FF Plugin: @microsoft.com/OfficeAuthz,version=14.0 - C:\PROGRA~1\MICROS~2\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF Plugin-x32: @adobe.com/FlashPlayer - C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_14_0_0_145.dll ()
FF Plugin-x32: @Apple.com/iTunes,version=1.0 - C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll ()
FF Plugin-x32: @doubletwist.com/NPPodcast - C:\Program Files (x86)\Common Files\doubleTwist\NPPodcast.dll (doubleTwist Corporation)
FF Plugin-x32: @Google.com/GoogleEarthPlugin - C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll (Google)
FF Plugin-x32: @java.com/DTPlugin,version=10.3.1 - C:\Windows\system32\npDeployJava1.dll No File
FF Plugin-x32: @microsoft.com/OfficeAuthz,version=14.0 - C:\PROGRA~2\MICROS~1\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 - C:\PROGRA~2\MICROS~1\Office14\NPSPWRAP.DLL (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WPF,version=3.5 - c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
FF Plugin-x32: @tools.google.com/Google Update;version=3 - C:\Program Files (x86)\Google\Update\1.3.24.15\npGoogleUpdate3.dll (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 - C:\Program Files (x86)\Google\Update\1.3.24.15\npGoogleUpdate3.dll (Google Inc.)
FF Plugin-x32: Adobe Reader - C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF HKLM-x32\...\Firefox\Extensions: [{20a82645-c095-46ed-80e3-08825760534b}] - c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension
FF Extension: Microsoft .NET Framework Assistant - c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension [2012-09-24]
FF HKLM-x32\...\Firefox\Extensions: [{D19CA586-DD6C-4a0a-96F8-14644F340D60}] - C:\Program Files (x86)\Common Files\McAfee\SystemCore
FF Extension: McAfee ScriptScan for Firefox - C:\Program Files (x86)\Common Files\McAfee\SystemCore [2014-03-24]

==================== Services (Whitelisted) =================

(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

S3 DAUpdaterSvc; C:\Program Files (x86)\Steam\steamapps\common\Dragon Age Ultimate Edition\bin_ship\DAUpdaterSvc.Service.exe [25832 2014-05-11] (BioWare)
R2 LightScribeService; C:\Program Files (x86)\Common Files\LightScribe\LSSrvc.exe [73728 2012-06-27] (Hewlett-Packard Company) [File not signed]
R2 McAfeeFramework; C:\Program Files (x86)\McAfee\Common Framework\FrameworkService.exe [130080 2013-06-25] (McAfee, Inc.)
R2 McShield; C:\Program Files\Common Files\McAfee\SystemCore\\mcshield.exe [242448 2014-07-15] (McAfee, Inc.)
R2 McTaskManager; C:\Program Files (x86)\McAfee\VirusScan Enterprise\VsTskMgr.exe [208416 2014-01-15] (McAfee, Inc.)
R2 mfevtp; C:\Windows\system32\mfevtps.exe [185280 2014-07-15] (McAfee, Inc.)
R2 Motorola Device Manager; C:\Program Files (x86)\Motorola Mobility\Motorola Device Manager\MotoHelperService.exe [137528 2013-11-15] (Motorola Mobility LLC)
S3 NMIndexingService; C:\Program Files (x86)\Common Files\Ahead\Lib\NMIndexingService.exe [262144 2006-12-23] (Nero AG) [File not signed]
R2 PnkBstrA; C:\Windows\SysWOW64\PnkBstrA.exe [76888 2013-04-21] ()
R2 PST Service; C:\Program Files (x86)\Motorola\MotForwardDaemon\ForwardDaemon.exe [65657 2011-09-02] (Motorola) [File not signed]
R2 W3SVC; C:\Windows\system32\inetsrv\iisw3adm.dll [427008 2010-04-21] (Microsoft Corporation)

==================== Drivers (Whitelisted) ====================

(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

S3 acsint; C:\Windows\System32\DRIVERS\acsint64.sys [49520 2013-12-12] (Cisco Systems, Inc.)
S3 acsmux; C:\Windows\System32\DRIVERS\acsmux64.sys [73584 2013-12-12] (Cisco Systems, Inc.)
R0 adp3132; C:\Windows\System32\drivers\adp3132.sys [389720 2010-10-19] (Adaptec, Inc.)
R1 AsIO; C:\Windows\SysWow64\drivers\AsIO.sys [13368 2009-04-06] ()
R3 AtcL001; C:\Windows\System32\DRIVERS\atl01v64.sys [58880 2007-03-15] (Attansic Technology corporation.)
R3 cmudaxp; C:\Windows\System32\drivers\cmudaxp.sys [2725376 2011-03-10] (C-Media Inc)
S3 hitmanpro37; C:\Windows\system32\drivers\hitmanpro37.sys [32152 2014-04-25] ()
R3 mfeapfk; C:\Windows\System32\drivers\mfeapfk.sys [180272 2014-07-15] (McAfee, Inc.)
R3 mfeavfk; C:\Windows\System32\drivers\mfeavfk.sys [311600 2014-07-15] (McAfee, Inc.)
U3 mfeavfk01; No ImagePath
R0 mfehidk; C:\Windows\System32\drivers\mfehidk.sys [782968 2014-07-15] (McAfee, Inc.)
S3 mferkdet; C:\Windows\System32\drivers\mferkdet.sys [107032 2014-07-15] (McAfee, Inc.)
R1 mfewfpk; C:\Windows\System32\drivers\mfewfpk.sys [344176 2014-07-15] (McAfee, Inc.)
R3 MTsensor; C:\Windows\System32\DRIVERS\ASACPI.sys [15680 2006-11-01] ()
R3 rzendpt; C:\Windows\System32\DRIVERS\rzendpt.sys [39080 2014-05-19] (Razer Inc)
S3 USBAAPL64; C:\Windows\System32\Drivers\usbaapl64.sys [52736 2012-07-09] (Apple, Inc.) [File not signed]
S4 blbdrive; \SystemRoot\system32\drivers\blbdrive.sys [X]
S3 IpInIp; system32\DRIVERS\ipinip.sys [X]
S3 motccgpfl; system32\DRIVERS\motccgpfl.sys [X]
S3 motusbdevice; system32\DRIVERS\motusbdevice.sys [X]
S3 NwlnkFlt; system32\DRIVERS\nwlnkflt.sys [X]
S3 NwlnkFwd; system32\DRIVERS\nwlnkfwd.sys [X]

==================== NetSvcs (Whitelisted) ===================

(If an item is included in the fixlist, it will be removed from the registry. Any associated file could be listed separately to be moved.)

==================== One Month Created Files and Folders ========

(If an entry is included in the fixlist, the file\folder will be moved.)

2014-07-24 21:04 - 2014-07-24 21:04 - 00122584 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\MBAMSwissArmy.sys
2014-07-24 21:03 - 2014-07-24 21:03 - 00000941 _____ () C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
2014-07-24 21:03 - 2014-07-24 21:03 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes Anti-Malware
2014-07-24 21:03 - 2014-07-24 21:03 - 00000000 ____D () C:\Program Files (x86)\Malwarebytes Anti-Malware
2014-07-24 21:03 - 2014-05-12 07:26 - 00091352 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbamchameleon.sys
2014-07-24 21:03 - 2014-05-12 07:26 - 00064216 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mwac.sys
2014-07-24 21:03 - 2014-05-12 07:25 - 00025816 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbam.sys
2014-07-24 21:02 - 2014-07-24 21:02 - 00000000 ____D () C:\Users\Marcus\Downloads\Malwarebytes
2014-07-22 22:23 - 2014-07-22 22:23 - 00000000 ____H () C:\Windows\system32\Drivers\Msft_Kernel_rzudd_01009.Wdf
2014-07-22 22:21 - 2014-07-22 22:21 - 00000000 ____H () C:\Windows\system32\Drivers\Msft_Kernel_rzendpt_01009.Wdf
2014-07-22 22:17 - 2014-07-22 22:23 - 00045610 _____ () C:\Windows\DPINST.LOG
2014-07-22 22:14 - 2014-07-22 22:14 - 00000000 ____D () C:\Users\Marcus\AppData\Local\Razer
2014-07-22 22:13 - 2014-07-22 22:17 - 00000000 ____D () C:\Program Files (x86)\Razer
2014-07-22 22:13 - 2014-07-22 22:13 - 00000000 ____D () C:\ProgramData\Razer
2014-07-22 22:13 - 2014-07-22 22:13 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Razer
2014-07-22 22:12 - 2014-07-22 22:12 - 00000000 ____D () C:\Users\Marcus\Downloads\Razer
2014-07-16 22:42 - 2014-07-16 22:42 - 00135080 ____H () C:\Windows\SysWOW64\mlfcache.dat
2014-07-15 07:57 - 2014-07-25 07:37 - 00262144 _____ () C:\Windows\system32\config\ELAM
2014-07-15 07:55 - 2014-07-15 07:55 - 00782968 _____ (McAfee, Inc.) C:\Windows\system32\Drivers\mfehidk.sys
2014-07-15 07:55 - 2014-07-15 07:55 - 00344176 _____ (McAfee, Inc.) C:\Windows\system32\Drivers\mfewfpk.sys
2014-07-15 07:55 - 2014-07-15 07:55 - 00311600 _____ (McAfee, Inc.) C:\Windows\system32\Drivers\mfeavfk.sys
2014-07-15 07:55 - 2014-07-15 07:55 - 00185280 _____ (McAfee, Inc.) C:\Windows\system32\mfevtps.exe
2014-07-15 07:55 - 2014-07-15 07:55 - 00180272 _____ (McAfee, Inc.) C:\Windows\system32\Drivers\mfeapfk.sys
2014-07-15 07:55 - 2014-07-15 07:55 - 00107032 _____ (McAfee, Inc.) C:\Windows\system32\Drivers\mferkdet.sys
2014-07-15 07:55 - 2014-07-15 07:55 - 00011208 _____ (McAfee, Inc.) C:\Windows\system32\Drivers\mfeclnk.sys
2014-07-15 07:55 - 2014-07-15 07:55 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\McAfee
2014-07-15 07:52 - 2014-07-15 07:56 - 00000000 ____D () C:\Users\Marcus\Downloads\McAfee
2014-07-15 07:48 - 2014-07-15 07:48 - 00000000 ____D () C:\Users\Marcus\AppData\Local\Adobe
2014-07-13 00:27 - 2014-07-15 00:58 - 00699056 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe
2014-07-13 00:27 - 2014-07-15 00:58 - 00071344 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl
2014-07-12 01:02 - 2014-06-07 00:02 - 17854464 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2014-07-12 01:02 - 2014-06-06 23:13 - 10890752 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll
2014-07-12 01:02 - 2014-06-06 22:59 - 02339328 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll
2014-07-12 01:02 - 2014-06-06 22:52 - 01348608 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll
2014-07-12 01:02 - 2014-06-06 22:51 - 01494016 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl
2014-07-12 01:02 - 2014-06-06 22:51 - 01392128 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll
2014-07-12 01:02 - 2014-06-06 22:50 - 00237056 _____ (Microsoft Corporation) C:\Windows\system32\url.dll
2014-07-12 01:02 - 2014-06-06 22:47 - 00085504 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll
2014-07-12 01:02 - 2014-06-06 22:45 - 00816640 _____ (Microsoft Corporation) C:\Windows\system32\jscript.dll
2014-07-12 01:02 - 2014-06-06 22:45 - 00599040 _____ (Microsoft Corporation) C:\Windows\system32\vbscript.dll
2014-07-12 01:02 - 2014-06-06 22:45 - 00173056 _____ (Microsoft Corporation) C:\Windows\system32\ieUnatt.exe
2014-07-12 01:02 - 2014-06-06 22:42 - 02148352 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll
2014-07-12 01:02 - 2014-06-06 22:42 - 00729088 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll
2014-07-12 01:02 - 2014-06-06 22:42 - 00453120 _____ (Microsoft Corporation) C:\Windows\system32\dxtmsft.dll
2014-07-12 01:02 - 2014-06-06 22:42 - 00282112 _____ (Microsoft Corporation) C:\Windows\system32\dxtrans.dll
2014-07-12 01:02 - 2014-06-06 22:41 - 00096768 _____ (Microsoft Corporation) C:\Windows\system32\mshtmled.dll
2014-07-12 01:02 - 2014-06-06 22:41 - 00055296 _____ (Microsoft Corporation) C:\Windows\system32\msfeedsbs.dll
2014-07-12 01:02 - 2014-06-06 22:41 - 00011264 _____ (Microsoft Corporation) C:\Windows\system32\msfeedssync.exe
2014-07-12 01:02 - 2014-06-06 22:40 - 02382848 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb
2014-07-12 01:02 - 2014-06-06 22:39 - 00012800 _____ (Microsoft Corporation) C:\Windows\system32\mshta.exe
2014-07-12 01:02 - 2014-06-06 22:35 - 00248320 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll
2014-07-12 01:02 - 2014-06-06 20:33 - 02777088 _____ (Microsoft Corporation) C:\Windows\system32\win32k.sys
2014-07-12 01:02 - 2014-06-06 20:05 - 12353024 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
2014-07-12 01:02 - 2014-06-06 19:25 - 09711616 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll
2014-07-12 01:02 - 2014-06-06 19:12 - 01810432 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll
2014-07-12 01:02 - 2014-06-06 19:04 - 01106432 _____ (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll
2014-07-12 01:02 - 2014-06-06 19:03 - 01427968 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inetcpl.cpl
2014-07-12 01:02 - 2014-06-06 19:02 - 01129472 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll
2014-07-12 01:02 - 2014-06-06 19:00 - 00231936 _____ (Microsoft Corporation) C:\Windows\SysWOW64\url.dll
2014-07-12 01:02 - 2014-06-06 18:58 - 00065024 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll
2014-07-12 01:02 - 2014-06-06 18:57 - 00142848 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieUnatt.exe
2014-07-12 01:02 - 2014-06-06 18:56 - 00717824 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript.dll
2014-07-12 01:02 - 2014-06-06 18:56 - 00421376 _____ (Microsoft Corporation) C:\Windows\SysWOW64\vbscript.dll
2014-07-12 01:02 - 2014-06-06 18:54 - 00607744 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll
2014-07-12 01:02 - 2014-06-06 18:54 - 00353792 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtmsft.dll
2014-07-12 01:02 - 2014-06-06 18:54 - 00223232 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtrans.dll
2014-07-12 01:02 - 2014-06-06 18:54 - 00041472 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeedsbs.dll
2014-07-12 01:02 - 2014-06-06 18:53 - 01796096 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll
2014-07-12 01:02 - 2014-06-06 18:53 - 00073728 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmled.dll
2014-07-12 01:02 - 2014-06-06 18:53 - 00010752 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeedssync.exe
2014-07-12 01:02 - 2014-06-06 18:52 - 02382848 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb
2014-07-12 01:02 - 2014-06-06 18:51 - 00011776 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshta.exe
2014-07-12 01:02 - 2014-06-06 18:47 - 00176640 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll
2014-07-12 01:02 - 2014-06-06 04:59 - 00506880 _____ (Microsoft Corporation) C:\Windows\SysWOW64\qedit.dll
2014-07-12 01:02 - 2014-06-06 03:13 - 00620032 _____ (Microsoft Corporation) C:\Windows\system32\qedit.dll
2014-07-12 01:00 - 2014-05-30 03:10 - 00404992 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\afd.sys
2014-07-06 16:18 - 2014-07-23 22:16 - 00000000 ____D () C:\Program Files (x86)\mIRC

==================== One Month Modified Files and Folders =======

(If an entry is included in the fixlist, the file\folder will be moved.)

2014-07-25 07:49 - 2014-05-12 07:24 - 00000000 ____D () C:\FRST
2014-07-25 07:40 - 2006-11-02 08:46 - 00843778 _____ () C:\Windows\system32\PerfStringBackup.INI
2014-07-25 07:37 - 2014-07-15 07:57 - 00262144 _____ () C:\Windows\system32\config\ELAM
2014-07-25 07:36 - 2012-09-24 18:50 - 00000000 ____D () C:\Program Files (x86)\Steam
2014-07-25 07:34 - 2013-08-10 22:12 - 00000894 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2014-07-25 07:34 - 2012-11-09 00:39 - 00000000 ____D () C:\Temp
2014-07-25 07:34 - 2006-11-02 11:42 - 00000006 ____H () C:\Windows\Tasks\SA.DAT
2014-07-25 07:34 - 2006-11-02 11:22 - 00004848 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0
2014-07-25 07:34 - 2006-11-02 11:22 - 00004848 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0
2014-07-25 07:32 - 2006-11-02 11:42 - 00032644 _____ () C:\Windows\Tasks\SCHEDLGU.TXT
2014-07-25 07:32 - 2006-11-02 11:27 - 01502755 _____ () C:\Windows\WindowsUpdate.log
2014-07-25 07:00 - 2014-03-29 09:30 - 00000000 ____D () C:\Users\Marcus\AppData\Local\CrashDumps
2014-07-25 06:51 - 2013-08-10 22:12 - 00000898 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2014-07-24 21:24 - 2012-09-28 21:29 - 00000000 ____D () C:\Users\Marcus\Documents\Outlook Files
2014-07-24 21:04 - 2014-07-24 21:04 - 00122584 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\MBAMSwissArmy.sys
2014-07-24 21:03 - 2014-07-24 21:03 - 00000941 _____ () C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
2014-07-24 21:03 - 2014-07-24 21:03 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes Anti-Malware
2014-07-24 21:03 - 2014-07-24 21:03 - 00000000 ____D () C:\Program Files (x86)\Malwarebytes Anti-Malware
2014-07-24 21:02 - 2014-07-24 21:02 - 00000000 ____D () C:\Users\Marcus\Downloads\Malwarebytes
2014-07-24 09:07 - 2013-02-05 12:35 - 00003694 _____ () C:\Windows\System32\Tasks\User_Feed_Synchronization-{98C3FDA4-2311-476E-8E0E-49787E61C174}
2014-07-24 07:21 - 2006-11-02 11:27 - 00013609 _____ () C:\Windows\setupact.log
2014-07-23 22:17 - 2012-06-24 04:28 - 00000000 ____D () C:\Users\Marcus\AppData\Roaming\mIRC
2014-07-23 22:16 - 2014-07-06 16:18 - 00000000 ____D () C:\Program Files (x86)\mIRC
2014-07-23 08:06 - 2006-11-02 11:21 - 00331152 _____ () C:\Windows\system32\FNTCACHE.DAT
2014-07-22 23:02 - 2012-10-01 18:45 - 00000000 ____D () C:\Users\Marcus\AppData\Local\Deployment
2014-07-22 22:23 - 2014-07-22 22:23 - 00000000 ____H () C:\Windows\system32\Drivers\Msft_Kernel_rzudd_01009.Wdf
2014-07-22 22:23 - 2014-07-22 22:17 - 00045610 _____ () C:\Windows\DPINST.LOG
2014-07-22 22:23 - 2012-09-23 20:42 - 00000000 ____D () C:\Users\Marcus
2014-07-22 22:21 - 2014-07-22 22:21 - 00000000 ____H () C:\Windows\system32\Drivers\Msft_Kernel_rzendpt_01009.Wdf
2014-07-22 22:17 - 2014-07-22 22:13 - 00000000 ____D () C:\Program Files (x86)\Razer
2014-07-22 22:16 - 2012-09-23 20:42 - 00077648 _____ () C:\Users\Marcus\AppData\Local\GDIPFONTCACHEV1.DAT
2014-07-22 22:14 - 2014-07-22 22:14 - 00000000 ____D () C:\Users\Marcus\AppData\Local\Razer
2014-07-22 22:13 - 2014-07-22 22:13 - 00000000 ____D () C:\ProgramData\Razer
2014-07-22 22:13 - 2014-07-22 22:13 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Razer
2014-07-22 22:12 - 2014-07-22 22:12 - 00000000 ____D () C:\Users\Marcus\Downloads\Razer
2014-07-21 01:48 - 2012-09-23 22:55 - 00100352 _____ () C:\Users\Marcus\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
2014-07-20 09:05 - 2012-09-24 23:21 - 00193532 _____ () C:\Windows\PFRO.log
2014-07-19 12:08 - 2012-09-25 21:16 - 00000000 ____D () C:\ProgramData\Skype
2014-07-16 22:42 - 2014-07-16 22:42 - 00135080 ____H () C:\Windows\SysWOW64\mlfcache.dat
2014-07-15 07:56 - 2014-07-15 07:52 - 00000000 ____D () C:\Users\Marcus\Downloads\McAfee
2014-07-15 07:55 - 2014-07-15 07:55 - 00782968 _____ (McAfee, Inc.) C:\Windows\system32\Drivers\mfehidk.sys
2014-07-15 07:55 - 2014-07-15 07:55 - 00344176 _____ (McAfee, Inc.) C:\Windows\system32\Drivers\mfewfpk.sys
2014-07-15 07:55 - 2014-07-15 07:55 - 00311600 _____ (McAfee, Inc.) C:\Windows\system32\Drivers\mfeavfk.sys
2014-07-15 07:55 - 2014-07-15 07:55 - 00185280 _____ (McAfee, Inc.) C:\Windows\system32\mfevtps.exe
2014-07-15 07:55 - 2014-07-15 07:55 - 00180272 _____ (McAfee, Inc.) C:\Windows\system32\Drivers\mfeapfk.sys
2014-07-15 07:55 - 2014-07-15 07:55 - 00107032 _____ (McAfee, Inc.) C:\Windows\system32\Drivers\mferkdet.sys
2014-07-15 07:55 - 2014-07-15 07:55 - 00011208 _____ (McAfee, Inc.) C:\Windows\system32\Drivers\mfeclnk.sys
2014-07-15 07:55 - 2014-07-15 07:55 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\McAfee
2014-07-15 07:55 - 2014-05-14 07:40 - 00121896 _____ (McAfee, Inc.) C:\Windows\system32\MfeOtlkAddin.dll
2014-07-15 07:55 - 2014-05-14 07:40 - 00094080 _____ (McAfee, Inc.) C:\Windows\SysWOW64\MfeOtlkAddin.dll
2014-07-15 07:55 - 2014-05-14 07:40 - 00025088 _____ (McAfee, Inc.) C:\Windows\SysWOW64\MFEOtlk.dll
2014-07-15 07:55 - 2012-11-09 09:02 - 00000000 ____D () C:\ProgramData\McAfee
2014-07-15 07:54 - 2014-03-24 21:28 - 00000000 ____D () C:\Program Files (x86)\McAfee
2014-07-15 07:48 - 2014-07-15 07:48 - 00000000 ____D () C:\Users\Marcus\AppData\Local\Adobe
2014-07-15 00:58 - 2014-07-13 00:27 - 00699056 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe
2014-07-15 00:58 - 2014-07-13 00:27 - 00071344 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl
2014-07-13 08:44 - 2012-07-15 03:00 - 00002032 _____ () C:\Users\Marcus\AppData\Local\d3d9caps.dat
2014-07-12 04:44 - 2006-11-02 11:07 - 00000000 ____D () C:\Program Files\Windows Journal
2014-07-12 01:05 - 2012-09-28 20:59 - 00000000 ____D () C:\ProgramData\Microsoft Help
2014-07-12 01:04 - 2006-11-02 08:35 - 96441528 _____ (Microsoft Corporation) C:\Windows\system32\mrt.exe
2014-07-10 20:42 - 2013-10-22 20:41 - 00010878 _____ () C:\Users\Marcus\Documents\Kitchen Chores.xlsx
2014-07-05 23:11 - 2014-05-31 20:12 - 00000000 ____D () C:\QUARANTINE

Some content of TEMP:
====================
C:\Users\Marcus\AppData\Local\Temp\mirc734.exe

==================== Bamital & volsnap Check =================

(There is no automatic fix for files that do not pass verification.)

C:\Windows\System32\winlogon.exe => File is digitally signed
C:\Windows\System32\wininit.exe => File is digitally signed
C:\Windows\SysWOW64\wininit.exe => File is digitally signed
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\SysWOW64\explorer.exe => File is digitally signed
C:\Windows\System32\svchost.exe => File is digitally signed
C:\Windows\SysWOW64\svchost.exe => File is digitally signed
C:\Windows\System32\services.exe => File is digitally signed
C:\Windows\System32\User32.dll => File is digitally signed
C:\Windows\SysWOW64\User32.dll => File is digitally signed
C:\Windows\System32\userinit.exe => File is digitally signed
C:\Windows\SysWOW64\userinit.exe => File is digitally signed
C:\Windows\System32\rpcss.dll => File is digitally signed
C:\Windows\System32\Drivers\volsnap.sys => File is digitally signed

LastRegBack: 2014-07-25 07:41

==================== End Of Log ============================

Link to post
Share on other sites

A bit more information - I ran malwarebytes, including rootkits detection, and it found nothing.  I also always run McAfee On-Access scanner (I have not run the on-demand scan since this behavior became evident), and it has not indicated any problem.

Link to post
Share on other sites

While I'm surprised, and a bit disappointed, that no one got back to me about my issue above, it seems to be resolved.  It appears it was an issue with the USB keyboard following installation of the Razer software.  It appears to have been resolved by unplugging and reconnecting the keyboard, in that it hasn't happened since that time (about 3 days ago).

Link to post
Share on other sites

  • Root Admin

Unfortunately the site is simply bogged down with more requests for help than we can respond to in a timely manner at this time. I'm glad you were able to resolve your issue though and thank you for the follow-up post.

 

I'll go ahead and close your topic now but if you do need further assist please let us know and I can reopen your topic.

 

Thank you

Link to post
Share on other sites

Guest
This topic is now closed to further replies.
 Share

  • Recently Browsing   0 members

    • No registered users viewing this page.
Back to top
×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.