Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

afdll. exe constantly appearing in Task manager


  • Please log in to reply
1 reply to this topic

#1 iBullet

iBullet

  • Members
  • 6 posts
  • OFFLINE
  •  
  • Local time:05:43 PM

Posted 12 May 2012 - 11:50 PM

After looking around and finding an older post on these forums by another user, It seems the User and I both downloaded the program skyrim-online.exe which allows you to use the mod for skyrim which makes it multiplayer, I did not suspect this since it was on multiple top Skyrim sites (curse, etc) but it seems as if it has infect my computer.

I have used Mbam to remove viruses (The program found 10) but this process keeps showing itself and I think my pc is infected, able to post logs, ect.

FSS.exe
Microsoft Windows 7 Ultimate Service Pack 1 (X86)
Boot Mode: Normal
****************************************************************

Internet Services:
============

Connection Status:
==============
Localhost is accessible.
LAN connected.
Google IP is accessible.
Yahoo IP is accessible.


Windows Firewall:
=============

Firewall Disabled Policy:
==================


System Restore:
============

System Restore Disabled Policy:
========================


Action Center:
============

Windows Update:
============

Windows Autoupdate Disabled Policy:
============================


Windows Defender:
==============

File Check:
========
C:\Windows\system32\nsisvc.dll => MD5 is legit
C:\Windows\system32\Drivers\nsiproxy.sys => MD5 is legit
C:\Windows\system32\dhcpcore.dll => MD5 is legit
C:\Windows\system32\Drivers\afd.sys => MD5 is legit
C:\Windows\system32\Drivers\tdx.sys => MD5 is legit
C:\Windows\system32\Drivers\tcpip.sys
[2012-05-12 16:10] - [2012-03-30 20:23] - 1291632 ____A (Microsoft Corporation) 7FA2E0F8B072BD04B77B421480B6CC22

C:\Windows\system32\dnsrslvr.dll => MD5 is legit
C:\Windows\system32\mpssvc.dll => MD5 is legit
C:\Windows\system32\bfe.dll => MD5 is legit
C:\Windows\system32\Drivers\mpsdrv.sys => MD5 is legit
C:\Windows\system32\SDRSVC.dll => MD5 is legit
C:\Windows\system32\vssvc.exe => MD5 is legit
C:\Windows\system32\wscsvc.dll => MD5 is legit
C:\Windows\system32\wbem\WMIsvc.dll => MD5 is legit
C:\Windows\system32\wuaueng.dll => MD5 is legit
C:\Windows\system32\qmgr.dll => MD5 is legit
C:\Windows\system32\es.dll => MD5 is legit
C:\Windows\system32\cryptsvc.dll => MD5 is legit
C:\Program Files\Windows Defender\MpSvc.dll => MD5 is legit
C:\Windows\system32\svchost.exe => MD5 is legit
C:\Windows\system32\rpcss.dll => MD5 is legit


**** End of log ****



Minitoolbox.exe


Microsoft Windows 7 Ultimate Service Pack 1 (X86)
Boot Mode: Normal
***************************************************************************

========================= IE Proxy Settings: ==============================

Proxy is not enabled.
No Proxy Server is set.
========================= Hosts content: =================================



========================= IP Configuration: ================================

Atheros AR8151 PCI-E Gigabit Ethernet Controller (NDIS 6.20) = Local Area Connection (Connected)


# ----------------------------------
# IPv4 Configuration
# ----------------------------------
pushd interface ipv4

reset
set global icmpredirects=enabled


popd
# End of IPv4 configuration



Windows IP Configuration

Host Name . . . . . . . . . . . . : George-PC
Primary Dns Suffix . . . . . . . :
Node Type . . . . . . . . . . . . : Hybrid
IP Routing Enabled. . . . . . . . : No
WINS Proxy Enabled. . . . . . . . : No

Ethernet adapter Local Area Connection:

Connection-specific DNS Suffix . :
Description . . . . . . . . . . . : Atheros AR8151 PCI-E Gigabit Ethernet Controller (NDIS 6.20)
Physical Address. . . . . . . . . : 50-E5-49-CE-D6-04
DHCP Enabled. . . . . . . . . . . : Yes
Autoconfiguration Enabled . . . . : Yes
Link-local IPv6 Address . . . . . : fe80::e1be:59f7:a23d:ba8c%10(Preferred)
IPv4 Address. . . . . . . . . . . : 10.1.1.4(Preferred)
Subnet Mask . . . . . . . . . . . : 255.255.255.0
Lease Obtained. . . . . . . . . . : Sunday, May 13, 2012 3:19:50 AM
Lease Expires . . . . . . . . . . : Monday, May 14, 2012 1:28:57 PM
Default Gateway . . . . . . . . . : 10.1.1.1
DHCP Server . . . . . . . . . . . : 10.1.1.1
DHCPv6 IAID . . . . . . . . . . . : 240182601
DHCPv6 Client DUID. . . . . . . . : 00-01-00-01-17-20-88-96-50-E5-49-CE-D6-04
DNS Servers . . . . . . . . . . . : 10.1.1.1
NetBIOS over Tcpip. . . . . . . . : Enabled

Tunnel adapter isatap.{9C061376-E486-46DC-B846-16F300E15758}:

Media State . . . . . . . . . . . : Media disconnected
Connection-specific DNS Suffix . :
Description . . . . . . . . . . . : Microsoft ISATAP Adapter
Physical Address. . . . . . . . . : 00-00-00-00-00-00-00-E0
DHCP Enabled. . . . . . . . . . . : No
Autoconfiguration Enabled . . . . : Yes

Tunnel adapter Teredo Tunneling Pseudo-Interface:

Connection-specific DNS Suffix . :
Description . . . . . . . . . . . : Teredo Tunneling Pseudo-Interface
Physical Address. . . . . . . . . : 00-00-00-00-00-00-00-E0
DHCP Enabled. . . . . . . . . . . : No
Autoconfiguration Enabled . . . . : Yes
IPv6 Address. . . . . . . . . . . : 2001:0:4137:9e76:2cc2:620:2ce0:35a6(Preferred)
Link-local IPv6 Address . . . . . : fe80::2cc2:620:2ce0:35a6%12(Preferred)
Default Gateway . . . . . . . . . : ::
NetBIOS over Tcpip. . . . . . . . : Disabled
Server: UnKnown
Address: 10.1.1.1

Name: google.com
Addresses: 74.125.237.142
74.125.237.128
74.125.237.129
74.125.237.130
74.125.237.131
74.125.237.132
74.125.237.133
74.125.237.134
74.125.237.135
74.125.237.136
74.125.237.137


Pinging google.com [74.125.237.137] with 32 bytes of data:
Reply from 74.125.237.137: bytes=32 time=50ms TTL=55
Reply from 74.125.237.137: bytes=32 time=49ms TTL=55

Ping statistics for 74.125.237.137:
Packets: Sent = 2, Received = 2, Lost = 0 (0% loss),
Approximate round trip times in milli-seconds:
Minimum = 49ms, Maximum = 50ms, Average = 49ms
Server: UnKnown
Address: 10.1.1.1

Name: yahoo.com
Addresses: 72.30.38.140
98.139.183.24
209.191.122.70


Pinging yahoo.com [72.30.38.140] with 32 bytes of data:
Reply from 72.30.38.140: bytes=32 time=206ms TTL=53
Reply from 72.30.38.140: bytes=32 time=211ms TTL=53

Ping statistics for 72.30.38.140:
Packets: Sent = 2, Received = 2, Lost = 0 (0% loss),
Approximate round trip times in milli-seconds:
Minimum = 206ms, Maximum = 211ms, Average = 208ms
Server: UnKnown
Address: 10.1.1.1

Name: bleepingcomputer.com
Address: 208.43.87.2


Pinging bleepingcomputer.com [208.43.87.2] with 32 bytes of data:
Reply from 208.43.87.2: Destination host unreachable.
Reply from 208.43.87.2: Destination host unreachable.

Ping statistics for 208.43.87.2:
Packets: Sent = 2, Received = 2, Lost = 0 (0% loss),

Pinging 127.0.0.1 with 32 bytes of data:
Reply from 127.0.0.1: bytes=32 time=1ms TTL=128
Reply from 127.0.0.1: bytes=32 time=1ms TTL=128

Ping statistics for 127.0.0.1:
Packets: Sent = 2, Received = 2, Lost = 0 (0% loss),
Approximate round trip times in milli-seconds:
Minimum = 1ms, Maximum = 1ms, Average = 1ms
===========================================================================
Interface List
10...50 e5 49 ce d6 04 ......Atheros AR8151 PCI-E Gigabit Ethernet Controller (NDIS 6.20)
1...........................Software Loopback Interface 1
11...00 00 00 00 00 00 00 e0 Microsoft ISATAP Adapter
12...00 00 00 00 00 00 00 e0 Teredo Tunneling Pseudo-Interface
===========================================================================

IPv4 Route Table
===========================================================================
Active Routes:
Network Destination Netmask Gateway Interface Metric
0.0.0.0 0.0.0.0 10.1.1.1 10.1.1.4 20
10.1.1.0 255.255.255.0 On-link 10.1.1.4 276
10.1.1.4 255.255.255.255 On-link 10.1.1.4 276
10.1.1.255 255.255.255.255 On-link 10.1.1.4 276
127.0.0.0 255.0.0.0 On-link 127.0.0.1 306
127.0.0.1 255.255.255.255 On-link 127.0.0.1 306
127.255.255.255 255.255.255.255 On-link 127.0.0.1 306
224.0.0.0 240.0.0.0 On-link 127.0.0.1 306
224.0.0.0 240.0.0.0 On-link 10.1.1.4 276
255.255.255.255 255.255.255.255 On-link 127.0.0.1 306
255.255.255.255 255.255.255.255 On-link 10.1.1.4 276
===========================================================================
Persistent Routes:
None

IPv6 Route Table
===========================================================================
Active Routes:
If Metric Network Destination Gateway
12 58 ::/0 On-link
1 306 ::1/128 On-link
12 58 2001::/32 On-link
12 306 2001:0:4137:9e76:2cc2:620:2ce0:35a6/128
On-link
10 276 fe80::/64 On-link
12 306 fe80::/64 On-link
12 306 fe80::2cc2:620:2ce0:35a6/128
On-link
10 276 fe80::e1be:59f7:a23d:ba8c/128
On-link
1 306 ff00::/8 On-link
12 306 ff00::/8 On-link
10 276 ff00::/8 On-link
===========================================================================
Persistent Routes:
None
========================= Winsock entries =====================================

Catalog5 01 C:\Windows\system32\NLAapi.dll [52224] (Microsoft Corporation)
Catalog5 02 C:\Windows\system32\napinsp.dll [52224] (Microsoft Corporation)
Catalog5 03 C:\Windows\system32\pnrpnsp.dll [65024] (Microsoft Corporation)
Catalog5 04 C:\Windows\system32\pnrpnsp.dll [65024] (Microsoft Corporation)
Catalog5 05 C:\Windows\System32\mswsock.dll [232448] (Microsoft Corporation)
Catalog5 06 C:\Windows\System32\winrnr.dll [20992] (Microsoft Corporation)
Catalog9 01 C:\Windows\system32\mswsock.dll [232448] (Microsoft Corporation)
Catalog9 02 C:\Windows\system32\mswsock.dll [232448] (Microsoft Corporation)
Catalog9 03 C:\Windows\system32\mswsock.dll [232448] (Microsoft Corporation)
Catalog9 04 C:\Windows\system32\mswsock.dll [232448] (Microsoft Corporation)
Catalog9 05 C:\Windows\system32\mswsock.dll [232448] (Microsoft Corporation)
Catalog9 06 C:\Windows\system32\mswsock.dll [232448] (Microsoft Corporation)
Catalog9 07 C:\Windows\system32\mswsock.dll [232448] (Microsoft Corporation)
Catalog9 08 C:\Windows\system32\mswsock.dll [232448] (Microsoft Corporation)
Catalog9 09 C:\Windows\system32\mswsock.dll [232448] (Microsoft Corporation)
Catalog9 10 C:\Windows\system32\mswsock.dll [232448] (Microsoft Corporation)
Catalog9 11 C:\Windows\system32\mswsock.dll [232448] (Microsoft Corporation)
Catalog9 12 C:\Windows\system32\mswsock.dll [232448] (Microsoft Corporation)
Catalog9 13 C:\Windows\system32\mswsock.dll [232448] (Microsoft Corporation)
Catalog9 14 C:\Windows\system32\mswsock.dll [232448] (Microsoft Corporation)
Catalog9 15 C:\Windows\system32\mswsock.dll [232448] (Microsoft Corporation)
Catalog9 16 C:\Windows\system32\mswsock.dll [232448] (Microsoft Corporation)
Catalog9 17 C:\Windows\system32\mswsock.dll [232448] (Microsoft Corporation)
Catalog9 18 C:\Windows\system32\mswsock.dll [232448] (Microsoft Corporation)

========================= Event log errors: ===============================

Application errors:
==================
Error: (05/12/2012 09:12:00 AM) (Source: Application Error) (User: )
Description: Faulting application name: rnpjyjqo.exe, version: 6706.1095.9285.232, time stamp: 0x4f9f698c
Faulting module name: KERNELBASE.dll, version: 6.1.7601.17651, time stamp: 0x4e2111c0
Exception code: 0xe053534f
Fault offset: 0x0000d36f
Faulting process id: 0x%9
Faulting application start time: 0xrnpjyjqo.exe0
Faulting application path: rnpjyjqo.exe1
Faulting module path: rnpjyjqo.exe2
Report Id: rnpjyjqo.exe3

Error: (05/11/2012 01:45:15 AM) (Source: Application Hang) (User: )
Description: The program Wow.exe version 4.3.4.15595 stopped interacting with Windows and was closed. To see if more information about the problem is available, check the problem history in the Action Center control panel.

Process ID: 1518

Start Time: 01cd2ec3d916a21f

Termination Time: 8

Application Path: C:\Program Files\World of warcraft\Wow.exe

Report Id: 2007a816-9ab7-11e1-89d6-50e549ced604

Error: (05/09/2012 04:56:48 PM) (Source: Application Error) (User: )
Description: Faulting application name: wmplayer.exe, version: 12.0.7601.17514, time stamp: 0x4ce7a485
Faulting module name: nvd3dum.dll, version: 8.17.12.9610, time stamp: 0x4f4e54c7
Exception code: 0xc0000005
Fault offset: 0x00813b0f
Faulting process id: 0x1208
Faulting application start time: 0xwmplayer.exe0
Faulting application path: wmplayer.exe1
Faulting module path: wmplayer.exe2
Report Id: wmplayer.exe3

Error: (05/04/2012 02:48:30 PM) (Source: Application Hang) (User: )
Description: The program uTorrent.exe version 3.1.3.27060 stopped interacting with Windows and was closed. To see if more information about the problem is available, check the problem history in the Action Center control panel.

Process ID: 12d4

Start Time: 01cd29ad6e67b5fc

Termination Time: 16

Application Path: C:\Program Files\uTorrent\uTorrent.exe

Report Id: 234a2301-95a3-11e1-9d04-50e549ced604

Error: (05/03/2012 04:09:12 AM) (Source: Application Error) (User: )
Description: Faulting application name: 3redll.exe, version: 3982.6368.4354.9080, time stamp: 0x4fa16664
Faulting module name: KERNELBASE.dll, version: 6.1.7601.17651, time stamp: 0x4e2111c0
Exception code: 0xe0434f4d
Fault offset: 0x0000d36f
Faulting process id: 0xfdc
Faulting application start time: 0x3redll.exe0
Faulting application path: 3redll.exe1
Faulting module path: 3redll.exe2
Report Id: 3redll.exe3

Error: (05/01/2012 02:07:03 PM) (Source: Application Hang) (User: )
Description: The program chrome.exe version 18.0.1025.162 stopped interacting with Windows and was closed. To see if more information about the problem is available, check the problem history in the Action Center control panel.

Process ID: d9c

Start Time: 01cd274bc4b0170b

Termination Time: 5

Application Path: C:\Users\George\AppData\Local\Google\Chrome\Application\chrome.exe

Report Id: 17d48baa-9343-11e1-a17e-50e549ced604

Error: (04/30/2012 00:15:03 AM) (Source: Application Error) (User: )
Description: Faulting application name: TESV.exe, version: 1.1.21.0, time stamp: 0x4ea9b052
Faulting module name: TESV.exe, version: 1.1.21.0, time stamp: 0x4ea9b052
Exception code: 0x40000015
Fault offset: 0x00239a7a
Faulting process id: 0x1208
Faulting application start time: 0xTESV.exe0
Faulting application path: TESV.exe1
Faulting module path: TESV.exe2
Report Id: TESV.exe3

Error: (04/29/2012 06:52:53 AM) (Source: Application Error) (User: )
Description: Faulting application name: INSTALL.EXE_Razor 1911 Steam Installer, version: 0.9.0.0, time stamp: 0x2a425e19
Faulting module name: simpack.dll, version: 0.0.0.0, time stamp: 0x4ba67b90
Exception code: 0xc0000417
Fault offset: 0x000055b9
Faulting process id: 0x10e8
Faulting application start time: 0xINSTALL.EXE_Razor 1911 Steam Installer0
Faulting application path: INSTALL.EXE_Razor 1911 Steam Installer1
Faulting module path: INSTALL.EXE_Razor 1911 Steam Installer2
Report Id: INSTALL.EXE_Razor 1911 Steam Installer3

Error: (04/29/2012 06:38:32 AM) (Source: VSS) (User: )
Description: Volume Shadow Copy Service error: Unexpected error querying for the IVssWriterCallback interface. hr = 0x80070005, Access is denied.
.
This is often caused by incorrect security settings in either the writer or requestor process.


Operation:
Gathering Writer Data

Context:
Writer Class Id: {e8132975-6f93-4464-a53e-1050253ae220}
Writer Name: System Writer
Writer Instance ID: {487b1f32-d149-4bfd-8af6-6df15718fa75}

Error: (04/29/2012 03:53:18 PM) (Source: Application Error) (User: )
Description: Faulting application name: install.exe_Razor 1911 Steam Installer, version: 0.9.0.0, time stamp: 0x2a425e19
Faulting module name: simpack.dll, version: 0.0.0.0, time stamp: 0x4ba67b90
Exception code: 0xc0000417
Fault offset: 0x000055b9
Faulting process id: 0x828
Faulting application start time: 0xinstall.exe_Razor 1911 Steam Installer0
Faulting application path: install.exe_Razor 1911 Steam Installer1
Faulting module path: install.exe_Razor 1911 Steam Installer2
Report Id: install.exe_Razor 1911 Steam Installer3


System errors:
=============
Error: (05/11/2012 08:59:02 PM) (Source: EventLog) (User: )
Description: The previous system shutdown at 8:57:59 PM on ?5/?11/?2012 was unexpected.

Error: (05/11/2012 06:51:44 PM) (Source: Tcpip) (User: )
Description: The system detected an address conflict for IP address 10.1.1.2 with the system
having network hardware address A0-0B-BA-B9-D2-BD. Network operations on this system may
be disrupted as a result.

Error: (05/03/2012 04:02:45 AM) (Source: DCOM) (User: )
Description: {AB8902B4-09CA-4BB6-B78D-A8F59079A8D5}

Error: (04/29/2012 06:10:10 AM) (Source: DCOM) (User: )
Description: {AB8902B4-09CA-4BB6-B78D-A8F59079A8D5}

Error: (04/28/2012 04:27:30 AM) (Source: Service Control Manager) (User: )
Description: The following boot-start or system-start driver(s) failed to load:
cdrom

Error: (04/25/2012 08:19:07 PM) (Source: Service Control Manager) (User: )
Description: The following boot-start or system-start driver(s) failed to load:
cdrom

Error: (04/24/2012 07:02:55 PM) (Source: DCOM) (User: UpdatusUser)
Description: machine-defaultLocalActivation{D63AA156-D534-4BAC-9BF1-55359CF5EC30}{E10F6C3A-F1AE-4ADC-AA9D-2FE65525666E}George-PCUpdatusUserS-1-5-21-2224190973-3427559906-3018300989-1004LocalHost (Using LRPC)

Error: (04/24/2012 07:00:46 PM) (Source: Service Control Manager) (User: )
Description: The following boot-start or system-start driver(s) failed to load:
cdrom

Error: (04/23/2012 02:36:40 AM) (Source: Service Control Manager) (User: )
Description: The following boot-start or system-start driver(s) failed to load:
cdrom

Error: (04/22/2012 06:00:17 PM) (Source: Microsoft-Windows-Time-Service) (User: LOCAL SERVICE)
Description: The time service has detected that the system time needs to be changed by -61193 seconds. The time service will not change the system time by more than 54000 seconds. Verify that your time and time zone are correct, and that the time source time.windows.com,0x9 (ntp.m|0x9|0.0.0.0:123->65.55.21.23:123) is working properly.


Microsoft Office Sessions:
=========================
Error: (05/12/2012 09:12:00 AM) (Source: Application Error)(User: )
Description: rnpjyjqo.exe6706.1095.9285.2324f9f698cKERNELBASE.dll6.1.7601.176514e2111c0e053534f0000d36f

Error: (05/11/2012 01:45:15 AM) (Source: Application Hang)(User: )
Description: Wow.exe4.3.4.15595151801cd2ec3d916a21f8C:\Program Files\World of warcraft\Wow.exe2007a816-9ab7-11e1-89d6-50e549ced604

Error: (05/09/2012 04:56:48 PM) (Source: Application Error)(User: )
Description: wmplayer.exe12.0.7601.175144ce7a485nvd3dum.dll8.17.12.96104f4e54c7c000000500813b0f120801cd2d93562909bfC:\Program Files\Windows Media Player\wmplayer.exeC:\Windows\system32\nvd3dum.dll252424ac-99a4-11e1-89d6-50e549ced604

Error: (05/04/2012 02:48:30 PM) (Source: Application Hang)(User: )
Description: uTorrent.exe3.1.3.2706012d401cd29ad6e67b5fc16C:\Program Files\uTorrent\uTorrent.exe234a2301-95a3-11e1-9d04-50e549ced604

Error: (05/03/2012 04:09:12 AM) (Source: Application Error)(User: )
Description: 3redll.exe3982.6368.4354.90804fa16664KERNELBASE.dll6.1.7601.176514e2111c0e0434f4d0000d36ffdc01cd288e4acf50f4C:\Users\George\AppData\Roaming\3redll.exeC:\Windows\system32\KERNELBASE.dlleb2ee569-9481-11e1-9d04-50e549ced604

Error: (05/01/2012 02:07:03 PM) (Source: Application Hang)(User: )
Description: chrome.exe18.0.1025.162d9c01cd274bc4b0170b5C:\Users\George\AppData\Local\Google\Chrome\Application\chrome.exe17d48baa-9343-11e1-a17e-50e549ced604

Error: (04/30/2012 00:15:03 AM) (Source: Application Error)(User: )
Description: TESV.exe1.1.21.04ea9b052TESV.exe1.1.21.04ea9b0524000001500239a7a120801cd26119777b90bC:\Program Files\The Elder Scrolls V Skyrim\TESV.exeC:\Program Files\The Elder Scrolls V Skyrim\TESV.exeb5d96fd2-9205-11e1-a17e-50e549ced604

Error: (04/29/2012 06:52:53 AM) (Source: Application Error)(User: )
Description: INSTALL.EXE_Razor 1911 Steam Installer0.9.0.02a425e19simpack.dll0.0.0.04ba67b90c0000417000055b910e801cd257cdc9ada29E:\INSTALL.EXEE:\simpack.dll1f17c3d3-9174-11e1-a17e-50e549ced604

Error: (04/29/2012 06:38:32 AM) (Source: VSS)(User: )
Description: 0x80070005, Access is denied.


Operation:
Gathering Writer Data

Context:
Writer Class Id: {e8132975-6f93-4464-a53e-1050253ae220}
Writer Name: System Writer
Writer Instance ID: {487b1f32-d149-4bfd-8af6-6df15718fa75}

Error: (04/29/2012 03:53:18 PM) (Source: Application Error)(User: )
Description: install.exe_Razor 1911 Steam Installer0.9.0.02a425e19simpack.dll0.0.0.04ba67b90c0000417000055b982801cd25ca51d40b63E:\install.exeE:\simpack.dll9e35c5b5-91bf-11e1-8a02-50e549ced604


=========================== Installed Programs ============================

µTorrent (Version: 3.1.3)
AIM for Windows
Alarm Clock v1.0
Angry Birds Space (Version: 1.0.0)
Atheros Communications Inc.® AR81Family Gigabit/Fast Ethernet Driver (Version: 2.0.4.4)
Curse Client (Version: 4.0.1.260)
Easy Tune 6 B12.0210.2 (Version: 1.00.0000)
Fraps
Google Chrome (Version: 18.0.1025.168)
Gyazo 1.0
Intel® Management Engine Components (Version: 8.0.0.1351)
Intel® USB 3.0 eXtensible Host Controller Driver (Version: 1.0.1.209)
Intel® Trusted Connect Service Client (Version: 1.23.216.0)
Java Auto Updater (Version: 2.0.7.1)
Java™ 6 Update 31 (Version: 6.0.310)
Left 4 Dead
Malwarebytes Anti-Malware version 1.61.0.1400 (Version: 1.61.0.1400)
Microsoft .NET Framework 4 Client Profile (Version: 4.0.30319)
Microsoft Visual C++ 2010 x86 Redistributable - 10.0.30319 (Version: 10.0.30319)
Mumble 1.2.3 (Version: 1.2.3)
Nexus Mod Manager (Version: 0.17.1)
NVIDIA 3D Vision Controller Driver (Version: 280.19)
NVIDIA 3D Vision Controller Driver 296.10 (Version: 296.10)
NVIDIA 3D Vision Driver 296.10 (Version: 296.10)
NVIDIA Control Panel 296.10 (Version: 296.10)
NVIDIA Graphics Driver 296.10 (Version: 296.10)
NVIDIA HD Audio Driver 1.3.12.0 (Version: 1.3.12.0)
NVIDIA Install Application (Version: 2.1002.62.312)
NVIDIA PhysX (Version: 9.12.0213)
NVIDIA PhysX System Software 9.12.0213 (Version: 9.12.0213)
NVIDIA Stereoscopic 3D Driver (Version: 7.17.12.9610)
NVIDIA Update 1.7.11 (Version: 1.7.11)
NVIDIA Update Components (Version: 1.7.11)
ON_OFF Charge B11.1102.1 (Version: 1.00.0001)
Platform (Version: 1.39)
Raidcall (Version: 6.3.0-1.0.3244.73)
Skype Click to Call (Version: 5.11.9874)
Skype™ 5.9 (Version: 5.9.114)
Steam (Version: 1.0.0.0)
uTorrentControl2 Toolbar (Version: 6.8.5.1)
Ventrilo Client (Version: 3.0.8)
VIA Platform Device Manager (Version: 1.39)
VirtualCloneDrive
VLC media player 2.0.1 (Version: 2.0.1)
WinRAR 4.11 (32-bit) (Version: 4.11.0)
World of Warcraft Beta (Version: )

========================= Devices: ================================

Name: Microsoft PS/2 Mouse
Description: Microsoft PS/2 Mouse
Class Guid: {4d36e96f-e325-11ce-bfc1-08002be10318}
Manufacturer: Microsoft
Service: i8042prt
Problem: : This device is not present, is not working properly, or does not have all its drivers installed. (Code 24)
Resolution: The device is installed incorrectly. The problem could be a hardware failure, or a new driver might be needed.
Devices stay in this state if they have been prepared for removal.
After you remove the device, this error disappears.Remove the device, and this error should be resolved.

Name: Standard PS/2 Keyboard
Description: Standard PS/2 Keyboard
Class Guid: {4d36e96b-e325-11ce-bfc1-08002be10318}
Manufacturer: (Standard keyboards)
Service: i8042prt
Problem: : This device is not present, is not working properly, or does not have all its drivers installed. (Code 24)
Resolution: The device is installed incorrectly. The problem could be a hardware failure, or a new driver might be needed.
Devices stay in this state if they have been prepared for removal.
After you remove the device, this error disappears.Remove the device, and this error should be resolved.

Name: High Definition Audio Device
Description: High Definition Audio Device
Class Guid: {4d36e96c-e325-11ce-bfc1-08002be10318}
Manufacturer: Microsoft
Service: HdAudAddService
Problem: : This device cannot start. (Code10)
Resolution: Device failed to start. Click "Update Driver" to update the drivers for this device.
On the "General Properties" tab of the device, click "Troubleshoot" to start the troubleshooting wizard.


========================= Memory info: ===================================

Percentage of memory in use: 27%
Total physical RAM: 3561.35 MB
Available physical RAM: 2567.58 MB
Total Pagefile: 7120.98 MB
Available Pagefile: 5649.96 MB
Total Virtual: 2047.88 MB
Available Virtual: 1932.03 MB

========================= Partitions: =====================================

1 Drive c: () (Fixed) (Total:232.3 GB) (Free:61.07 GB) NTFS
4 Drive g: () (Removable) (Total:7.45 GB) (Free:3.97 GB) FAT32

========================= Users: ========================================


Securitycheck.exe

Results of screen317's Security Check version 0.99.24
Windows 7 Service Pack 1 x86 (UAC is disabled!)
Internet Explorer 9
``````````````````````````````
Antivirus/Firewall Check:

Windows Firewall Enabled!
WMI entry may not exist for antivirus; attempting automatic update.
```````````````````````````````
Anti-malware/Other Utilities Check:

Java™ 6 Update 31
````````````````````````````````
Process Check:
objlist.exe by Laurent

Malwarebytes' Anti-Malware mbamservice.exe
Malwarebytes' Anti-Malware mbamgui.exe
``````````End of Log````````````


If anything else is needed, please respond and inform me how to fix this if it's a infection.

BC AdBot (Login to Remove)

 


#2 Broni

Broni

    The Coolest BC Computer


  • BC Advisor
  • 42,707 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Daly City, CA
  • Local time:02:43 PM

Posted 13 May 2012 - 02:47 PM

That type of infection will require more advanced tools.

Please follow the instructions in ==>This Guide<== starting at Step 6. If you cannot complete a step, skip it and continue.

Once the proper logs are created, then make a NEW TOPIC and post it ==>HERE<== Please include a description of your computer issues, what you have done to resolve them, and a link to this topic.

If you can produce at least some of the logs, then please create the new topic and explain what happens when you try to create the log(s) that you couldn't get. If you cannot produce any of the logs, then still post the topic and explain that you followed the Prep. Guide, were unable to create the logs, and describe what happens when you try to create the logs.

It would be helpful if you post a note here once you have completed the steps in the guide and have started your topic in malware removal. Good luck and be patient.

If HelpBot replies to your topic, PLEASE follow Step One so it will report your topic to the team members.

My Website

p4433470.gif

My help doesn't cost a penny, but if you'd like to consider a donation, click p22001735.gif


 





0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users