Page 4 of 6 FirstFirst 123456 LastLast
Results 31 to 40 of 53

Thread: ABnow.com Google redirect infection

  1. #31
    Senior Member
    Join Date
    Feb 2012
    Location
    Ireland
    Posts
    176

    Default

    This can sometimes happen if you have malwarebytes realtiime protection turned on. Try disabling realtime protection and also temporarily disable avast as before.

    Disable MBAM Real-Time protection
    • Right-click on the MBAM icon in the System Tray and uncheck Enable Protection.
    • When asked, "Are you sure you want to disable the MBAM Protection Module?", click Yes.
    • Right-click on the MBAM icon again and then uncheck Start with Windows.
    • Restart your computer for the changes to take effect.
    Proud Graduate of the MalWare Removal University

  2. #32
    Senior Member
    Join Date
    Feb 2012
    Location
    Ireland
    Posts
    176

    Default

    My apologies, I missed where you said you had disabled mbam and avast.

    Let me check though your list of installed programs to see what else may be causing it.
    Proud Graduate of the MalWare Removal University

  3. #33
    Senior Member
    Join Date
    Feb 2012
    Location
    Ireland
    Posts
    176

    Default

    Be sure to follow the above mbam instructions, then follow the below instructions and make sure to reboot the computer before attempting the OTL fix again.


    Disable Stopzilla
    • Right-click the "Stopzilla" icon in the system tray next to the clock. Click "Disable Real Time Protection" radio button under Spyware Protection.
    • Select "Disable" under Pop-up Protection. Uncheck the "Auto-enable Stopzilla whenever my computer starts".
    • Click "OK" to save the changes.
    Proud Graduate of the MalWare Removal University

  4. #34
    Member
    Join Date
    Jan 2009
    Posts
    58

    Default

    Same problem it freezes as soon as the killing processes phase starts

  5. #35
    Senior Member
    Join Date
    Feb 2012
    Location
    Ireland
    Posts
    176

    Default

    OK, we know combofix is working so we will use that. See instructions below and then follow the MiniToolBox instructions in the earlier post.

    ComboFix - CFScript
    This script is for this user and computer ONLY! Using this tool incorrectly could cause problems with your operating system... preventing it from ever starting again!
    You will not have Internet access when you execute ComboFix. All open windows will need to be closed!
    1. Please open Notepad and copy/paste all the text below... into the window:
      Code:
      file::
      C:\Documents and Settings\Chris\Local Settings\Application Data\Mozilla\Firefox\Profiles\lrp7h7bg.default\Cache(3)\3C4BBE48d01	
      C:\Documents and Settings\Chris\Local Settings\Application Data\Mozilla\Firefox\Profiles\lrp7h7bg.default\Cache(4)\8466DE95d01
    2. Save it to your desktop as CFScript.txt
    3. Please disable avast! Antivirus .
      Right Click on the Avast! icon in the System tray and select Avast Shields Control.
      Select Disable until Computer is restarted.

      Please close all open application windows.
    4. Drag the CFScript.txt (icon) into the ComboFix.exe icon... as seen in the image below:

      This will cause ComboFix to run again.
      Do Not use your keyboard or mouse click anywhere in the ComboFix window, as this may cause the program to stall or crash.
      Do Not touch your computer when ComboFix is running!
    5. When finished ComboFix will create a log file... you can save this file to a convenient place.

    Please copy/paste the ComboFix log file in your next reply.
    Proud Graduate of the MalWare Removal University

  6. #36
    Member
    Join Date
    Jan 2009
    Posts
    58

    Default

    ComboFix 12-04-09.05 - Chris 1/2012 Wed 13:37:24.3.2 - x86
    Microsoft Windows XP Home Edition 5.1.2600.3.932.81.1033.18.1012.501 [GMT -5:00]
    Running from: c:\documents and settings\Chris\Desktop\ComboFix.exe
    Command switches used :: c:\documents and settings\Chris\Desktop\CFScript.txt
    AV: avast! Antivirus *Disabled/Updated* {7591DB91-41F0-48A3-B128-1A293FD8233D}
    .
    FILE ::
    "c:\documents and settings\Chris\Local Settings\Application Data\Mozilla\Firefox\Profiles\lrp7h7bg.default\Cache(3)\3C4BBE48d01"
    "c:\documents and settings\Chris\Local Settings\Application Data\Mozilla\Firefox\Profiles\lrp7h7bg.default\Cache(4)\8466DE95d01"
    .
    Error: Cfiles.dat
    .
    ((((((((((((((((((((((((( Files Created from 2012-03-11 to 2012-04-11 )))))))))))))))))))))))))))))))
    .
    .
    2012-04-11 16:34 . 2012-04-11 16:34 -------- d-----w- C:\_OTL
    2012-04-10 12:29 . 2012-03-06 23:01 20696 ----a-w- c:\windows\system32\drivers\aswFsBlk.sys
    2012-04-10 12:29 . 2012-03-06 23:03 337880 ----a-w- c:\windows\system32\drivers\aswSP.sys
    2012-04-10 12:29 . 2012-03-06 23:02 35672 ----a-w- c:\windows\system32\drivers\aswRdr.sys
    2012-04-10 12:29 . 2012-03-06 23:01 53848 ----a-w- c:\windows\system32\drivers\aswTdi.sys
    2012-04-10 12:29 . 2012-03-06 23:03 612184 ----a-w- c:\windows\system32\drivers\aswSnx.sys
    2012-04-10 12:29 . 2012-03-06 23:01 95704 ----a-w- c:\windows\system32\drivers\aswmon2.sys
    2012-04-10 12:29 . 2012-03-06 23:01 89048 ----a-w- c:\windows\system32\drivers\aswmon.sys
    2012-04-10 12:29 . 2012-03-06 22:58 24920 ----a-w- c:\windows\system32\drivers\aavmker4.sys
    2012-04-10 12:26 . 2012-03-06 23:15 41184 ----a-w- c:\windows\avastSS.scr
    2012-04-10 12:25 . 2012-03-06 23:15 201352 ----a-w- c:\windows\system32\aswBoot.exe
    2012-04-10 12:24 . 2012-04-10 12:24 -------- d-----w- c:\program files\AVAST Software
    2012-04-10 12:24 . 2012-04-10 12:24 -------- d-----w- c:\documents and settings\All Users\Application Data\AVAST Software
    2012-04-04 21:50 . 2012-04-04 21:50 -------- d-----w- c:\program files\Common Files\Java
    2012-04-04 21:50 . 2012-04-04 21:49 73728 ----a-w- c:\windows\system32\javacpl.cpl
    2012-04-03 06:29 . 2012-01-19 15:22 42864 ----a-r- c:\windows\system32\SBBD.EXE
    2012-04-03 06:29 . 2012-01-12 14:26 101112 ----a-r- c:\windows\system32\drivers\SBREDrv.sys
    2012-04-03 06:29 . 2012-04-03 06:29 -------- d-----w- c:\program files\Common Files\iS3
    2012-04-03 06:25 . 2012-04-03 06:35 -------- d-----w- c:\program files\Common Files\PC Tools
    2012-04-03 06:25 . 2012-04-03 06:25 -------- d-----w- c:\documents and settings\All Users\Application Data\PC Tools
    2012-04-03 06:25 . 2012-04-03 06:25 -------- d-----w- c:\documents and settings\Chris\Application Data\TestApp
    2012-04-03 06:05 . 2012-04-03 06:05 -------- d-----w- C:\TDSSKiller_Quarantine
    2012-04-03 05:54 . 2012-04-03 05:54 -------- d-----w- c:\windows\system32\wbem\Repository
    2012-04-03 00:02 . 2012-04-03 05:54 -------- d-----w- c:\program files\ERUNT
    2012-04-02 21:59 . 2008-06-20 11:51 361600 -c----w- c:\windows\system32\dllcache\tcpip.sys
    2012-04-02 17:04 . 2012-04-03 05:51 -------- d-s---w- c:\documents and settings\LocalService\UserData
    2012-04-02 16:59 . 2012-04-09 21:53 -------- d-sh--w- c:\documents and settings\Chris\Local Settings\Application Data\ad7217cf
    2012-04-02 06:46 . 2012-04-02 07:11 -------- d-----w- C:\UTSUSEMI
    2012-04-02 02:31 . 2012-04-02 02:31 -------- d-----w- C:\NOMAD
    2012-04-01 19:18 . 2012-04-01 19:21 -------- d-----w- c:\program files\ぴんくはてな
    2012-04-01 19:07 . 2012-04-01 19:07 -------- d-----w- c:\program files\あかべぇそふとつぅTRY
    2012-04-01 03:46 . 2012-04-01 03:46 -------- d-----w- c:\program files\アークシェル
    2012-03-31 23:40 . 2012-03-31 23:40 -------- d-----w- c:\program files\DO
    2012-03-31 15:31 . 2012-03-31 21:53 -------- d-----w- C:\アイル
    2012-03-31 06:26 . 2012-04-03 05:48 -------- d-----w- c:\program files\教えてっ!おねてぃー
    2012-03-31 04:36 . 2012-03-31 04:36 -------- d-----w- c:\program files\Vanadis
    2012-03-31 02:58 . 2012-03-31 02:58 -------- d-----w- c:\program files\DualMage
    2012-03-31 02:22 . 2012-03-31 02:24 -------- d-----w- c:\program files\euphoria
    2012-03-31 02:17 . 2012-03-31 02:18 -------- d-----w- c:\documents and settings\Chris\Application Data\蠱惑の刻
    2012-03-31 02:13 . 2012-04-11 13:43 -------- d-----w- c:\program files\蠱惑の刻
    2012-03-30 21:46 . 2012-03-30 22:06 -------- d-----w- c:\program files\Acmeholic
    2012-03-30 21:34 . 2012-03-30 21:34 -------- d-----w- c:\program files\SPEED
    2012-03-30 20:42 . 2012-03-30 20:42 196616 ----a-w- c:\windows\system32\SARCheck.dll
    2012-03-30 20:40 . 2012-03-30 20:45 -------- d-----w- c:\program files\ドキドキ母娘レッスン
    2012-03-30 20:12 . 2012-03-30 20:12 -------- d-----w- C:\萌♂
    2012-03-30 19:53 . 2012-03-30 19:53 -------- d-----w- C:\maika
    2012-03-30 19:13 . 2012-03-31 00:04 -------- d-----w- c:\program files\touchable
    2012-03-30 04:21 . 2012-03-30 04:21 -------- d-----w- c:\program files\Guilty
    2012-03-30 02:41 . 2012-03-30 02:41 -------- d-----w- c:\program files\CLOCKUP
    2012-03-30 01:53 . 2012-03-30 01:53 -------- d-----w- c:\program files\Atheros
    2012-03-29 23:58 . 2001-08-17 17:51 58368 -c--a-w- c:\windows\system32\dllcache\smiminib.sys
    2012-03-29 23:56 . 2008-04-15 03:00 38912 -c--a-w- c:\windows\system32\dllcache\sm9aw.dll
    2012-03-29 23:55 . 2001-08-17 17:50 50432 -c--a-w- c:\windows\system32\dllcache\sisv.sys
    2012-03-29 23:55 . 2008-04-14 03:05 32768 -c--a-w- c:\windows\system32\dllcache\sisnic.sys
    2012-03-29 23:55 . 2001-08-18 03:36 238592 -c--a-w- c:\windows\system32\dllcache\sisgrv.dll
    2012-03-29 23:55 . 2001-08-17 17:50 104064 -c--a-w- c:\windows\system32\dllcache\sisgrp.sys
    2012-03-29 23:55 . 2001-08-17 19:56 150144 -c--a-w- c:\windows\system32\dllcache\sis6306v.dll
    2012-03-29 23:55 . 2001-08-17 17:50 68608 -c--a-w- c:\windows\system32\dllcache\sis6306p.sys
    2012-03-29 23:55 . 2001-08-17 19:56 252032 -c--a-w- c:\windows\system32\dllcache\sis300iv.dll
    2012-03-29 23:55 . 2001-08-17 17:50 101760 -c--a-w- c:\windows\system32\dllcache\sis300ip.sys
    2012-03-29 23:55 . 2008-04-15 03:00 3901 -c--a-w- c:\windows\system32\dllcache\siint5.dll
    2012-03-29 23:55 . 2012-04-03 00:37 -------- d-----w- C:\temp
    2012-03-29 23:55 . 2001-07-21 19:29 161568 -c--a-w- c:\windows\system32\dllcache\sgsmusb.sys
    2012-03-29 23:54 . 2001-07-21 19:29 18400 -c--a-w- c:\windows\system32\dllcache\sgsmld.sys
    2012-03-29 23:54 . 2001-08-17 17:51 98080 -c--a-w- c:\windows\system32\dllcache\sgiulnt5.sys
    2012-03-29 23:54 . 2001-08-18 03:36 386560 -c--a-w- c:\windows\system32\dllcache\sgiul50.dll
    2012-03-29 23:54 . 2001-08-17 17:19 36480 -c--a-w- c:\windows\system32\dllcache\sfmanm.sys
    2012-03-29 23:54 . 2001-08-17 18:53 6784 -c--a-w- c:\windows\system32\dllcache\serscan.sys
    2012-03-29 23:54 . 2001-08-17 18:48 17664 -c--a-w- c:\windows\system32\dllcache\sermouse.sys
    2012-03-29 23:54 . 2001-08-18 03:36 26112 -c--a-w- c:\windows\system32\dllcache\EXCH_seos.dll
    2012-03-29 23:54 . 2001-08-17 18:53 6912 -c--a-w- c:\windows\system32\dllcache\seaddsmc.sys
    2012-03-29 23:54 . 2008-04-14 05:15 11520 -c--a-w- c:\windows\system32\dllcache\scsiscan.sys
    2012-03-29 23:54 . 2001-08-17 18:52 11648 -c--a-w- c:\windows\system32\dllcache\scsiprnt.sys
    2012-03-29 23:54 . 2001-08-18 03:36 57856 -c--a-w- c:\windows\system32\dllcache\EXCH_scripto.dll
    2012-03-29 23:53 . 2001-08-17 18:51 17280 -c--a-w- c:\windows\system32\dllcache\scr111.sys
    2012-03-29 23:53 . 2001-08-17 18:51 16640 -c--a-w- c:\windows\system32\dllcache\scmstcs.sys
    2012-03-29 23:53 . 2001-08-17 18:51 23936 -c--a-w- c:\windows\system32\dllcache\sccmusbm.sys
    2012-03-29 23:53 . 2001-08-17 18:51 23936 -c--a-w- c:\windows\system32\dllcache\sccmn50m.sys
    2012-03-29 23:53 . 2008-04-15 03:00 43904 -c--a-w- c:\windows\system32\dllcache\sbp2port.sys
    2012-03-29 23:53 . 2001-08-18 03:36 495616 -c--a-w- c:\windows\system32\dllcache\sblfx.dll
    2012-03-29 23:53 . 2001-08-17 17:50 75392 -c--a-w- c:\windows\system32\dllcache\s3savmxm.sys
    2012-03-29 23:53 . 2001-08-17 19:56 245632 -c--a-w- c:\windows\system32\dllcache\s3savmx.dll
    2012-03-29 23:53 . 2001-08-17 17:50 77824 -c--a-w- c:\windows\system32\dllcache\s3sav4m.sys
    2012-03-29 23:53 . 2001-08-17 19:56 198400 -c--a-w- c:\windows\system32\dllcache\s3sav4.dll
    2012-03-29 23:52 . 2001-08-17 17:50 61504 -c--a-w- c:\windows\system32\dllcache\s3sav3dm.sys
    2012-03-29 23:52 . 2001-08-17 19:56 179264 -c--a-w- c:\windows\system32\dllcache\s3sav3d.dll
    2012-03-29 23:52 . 2001-08-17 19:56 210496 -c--a-w- c:\windows\system32\dllcache\s3mvirge.dll
    2012-03-29 23:52 . 2001-08-18 03:36 62496 -c--a-w- c:\windows\system32\dllcache\s3mtrio.dll
    2012-03-29 23:52 . 2001-08-17 17:50 41216 -c--a-w- c:\windows\system32\dllcache\s3mt3d.sys
    2012-03-29 23:52 . 2001-08-17 19:56 182272 -c--a-w- c:\windows\system32\dllcache\s3mt3d.dll
    2012-03-29 23:52 . 2001-08-17 17:50 166720 -c--a-w- c:\windows\system32\dllcache\s3m.sys
    2012-03-29 23:52 . 2001-08-17 18:57 65664 -c--a-w- c:\windows\system32\dllcache\s3legacy.sys
    2012-03-29 23:52 . 2008-04-14 03:04 166912 -c--a-w- c:\windows\system32\dllcache\s3gnbm.sys
    2012-03-29 23:52 . 2008-04-14 10:42 397056 -c--a-w- c:\windows\system32\dllcache\s3gnb.dll
    2012-03-29 23:50 . 2001-08-18 03:36 86097 -c--a-w- c:\windows\system32\dllcache\reslog32.dll
    2012-03-29 23:49 . 2001-08-17 18:28 112574 -c--a-w- c:\windows\system32\dllcache\ptserlp.sys
    2012-03-29 23:48 . 2001-08-17 19:07 19840 -c--a-w- c:\windows\system32\dllcache\philtune.sys
    2012-03-29 23:48 . 2001-08-17 19:04 92416 -c--a-w- c:\windows\system32\dllcache\phildec.sys
    2012-03-29 23:48 . 2001-08-17 19:04 173696 -c--a-w- c:\windows\system32\dllcache\philcam2.sys
    2012-03-29 23:48 . 2001-08-17 19:04 75776 -c--a-w- c:\windows\system32\dllcache\philcam1.sys
    2012-03-29 23:48 . 2001-08-18 03:36 16384 -c--a-w- c:\windows\system32\dllcache\philcam1.dll
    2012-03-29 23:48 . 2008-04-14 10:40 259328 -c--a-w- c:\windows\system32\dllcache\perm3dd.dll
    2012-03-29 23:48 . 2008-04-14 05:14 28032 -c--a-w- c:\windows\system32\dllcache\perm3.sys
    2012-03-29 23:48 . 2008-04-14 10:40 211584 -c--a-w- c:\windows\system32\dllcache\perm2dll.dll
    2012-03-29 23:48 . 2008-04-14 05:14 27904 -c--a-w- c:\windows\system32\dllcache\perm2.sys
    2012-03-29 23:48 . 2008-04-14 02:42 169984 -c--a-w- c:\windows\system32\dllcache\pcx500.sys
    2012-03-29 23:48 . 2001-08-18 03:36 86016 -c--a-w- c:\windows\system32\dllcache\pctspk.exe
    2012-03-29 23:48 . 2001-08-17 17:11 35328 -c--a-w- c:\windows\system32\dllcache\pcntpci5.sys
    2012-03-29 23:47 . 2001-08-17 17:11 29769 -c--a-w- c:\windows\system32\dllcache\pcntn5m.sys
    2012-03-29 23:47 . 2001-08-17 17:11 30282 -c--a-w- c:\windows\system32\dllcache\pcntn5hl.sys
    2012-03-29 23:47 . 2001-08-17 17:12 26153 -c--a-w- c:\windows\system32\dllcache\pcmlm56.sys
    2012-03-29 23:47 . 2008-04-14 03:05 29502 -c--a-w- c:\windows\system32\dllcache\pca200e.sys
    2012-03-29 23:47 . 2001-08-17 17:12 30495 -c--a-w- c:\windows\system32\dllcache\pc100nds.sys
    2012-03-29 23:47 . 2001-08-18 03:36 41984 -c--a-w- c:\windows\system32\dllcache\ovui2rc.dll
    2012-03-29 23:47 . 2001-08-18 03:36 44544 -c--a-w- c:\windows\system32\dllcache\ovui2.dll
    2012-03-29 23:47 . 2001-08-17 19:05 25216 -c--a-w- c:\windows\system32\dllcache\ovsound2.sys
    2012-03-29 23:47 . 2001-08-18 03:36 39424 -c--a-w- c:\windows\system32\dllcache\ovcoms.exe
    2012-03-29 23:47 . 2001-08-18 03:36 20480 -c--a-w- c:\windows\system32\dllcache\ovcomc.dll
    2012-03-29 23:46 . 2001-08-17 19:05 351616 -c--a-w- c:\windows\system32\dllcache\ovcodek2.sys
    2012-03-29 23:46 . 2001-08-18 03:36 116736 -c--a-w- c:\windows\system32\dllcache\ovcodec2.dll
    2012-03-29 23:46 . 2001-08-17 19:05 31872 -c--a-w- c:\windows\system32\dllcache\ovce.sys
    2012-03-29 23:46 . 2001-08-17 19:05 28032 -c--a-w- c:\windows\system32\dllcache\ovcd.sys
    2012-03-29 23:46 . 2001-08-17 19:05 48000 -c--a-w- c:\windows\system32\dllcache\ovcam2.sys
    2012-03-29 23:46 . 2001-08-17 19:05 25088 -c--a-w- c:\windows\system32\dllcache\ovca.sys
    2012-03-29 23:46 . 2001-08-17 18:28 54186 -c--a-w- c:\windows\system32\dllcache\otcsercb.sys
    .
    .
    (((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
    .
    2012-04-04 21:49 . 2010-10-12 20:02 472808 ----a-w- c:\windows\system32\deployJava1.dll
    2012-04-04 20:56 . 2009-02-23 14:59 22344 ----a-w- c:\windows\system32\drivers\mbam.sys
    2012-02-03 09:22 . 2008-04-15 03:00 1860096 ----a-w- c:\windows\system32\win32k.sys
    2010-06-02 10:22 . 2010-06-02 10:22 89944 ----a-w- c:\program files\DSETUP.dll
    2010-06-02 10:22 . 2010-06-02 10:22 537432 ----a-w- c:\program files\DXSETUP.exe
    2010-06-02 10:22 . 2010-06-02 10:22 1801048 ----a-w- c:\program files\dsetup32.dll
    2012-03-13 04:39 . 2012-03-25 06:16 97208 ----a-w- c:\program files\mozilla firefox\components\browsercomps.dll
    .
    .
    ((((((((((((((((((((((((((((( SnapShot@2012-04-09_22.00.11 )))))))))))))))))))))))))))))))))))))))))
    .
    + 2009-07-12 05:02 . 2009-07-12 05:02 51008 c:\windows\WinSxS\x86_Microsoft.VC90.OpenMP_1fc8b3b9a1e18e3b_9.0.30729.4148_x-ww_f0ccd4aa\vcomp90.dll
    + 2009-07-12 05:02 . 2009-07-12 05:02 59728 c:\windows\WinSxS\x86_Microsoft.VC90.MFCLOC_1fc8b3b9a1e18e3b_9.0.30729.4148_x-ww_15fc9313\mfc90rus.dll
    + 2009-07-12 05:02 . 2009-07-12 05:02 42832 c:\windows\WinSxS\x86_Microsoft.VC90.MFCLOC_1fc8b3b9a1e18e3b_9.0.30729.4148_x-ww_15fc9313\mfc90kor.dll
    + 2009-07-12 05:02 . 2009-07-12 05:02 43344 c:\windows\WinSxS\x86_Microsoft.VC90.MFCLOC_1fc8b3b9a1e18e3b_9.0.30729.4148_x-ww_15fc9313\mfc90jpn.dll
    + 2009-07-12 05:02 . 2009-07-12 05:02 61264 c:\windows\WinSxS\x86_Microsoft.VC90.MFCLOC_1fc8b3b9a1e18e3b_9.0.30729.4148_x-ww_15fc9313\mfc90ita.dll
    + 2009-07-12 05:02 . 2009-07-12 05:02 62800 c:\windows\WinSxS\x86_Microsoft.VC90.MFCLOC_1fc8b3b9a1e18e3b_9.0.30729.4148_x-ww_15fc9313\mfc90fra.dll
    + 2009-07-12 05:02 . 2009-07-12 05:02 61760 c:\windows\WinSxS\x86_Microsoft.VC90.MFCLOC_1fc8b3b9a1e18e3b_9.0.30729.4148_x-ww_15fc9313\mfc90esp.dll
    + 2009-07-12 05:02 . 2009-07-12 05:02 61776 c:\windows\WinSxS\x86_Microsoft.VC90.MFCLOC_1fc8b3b9a1e18e3b_9.0.30729.4148_x-ww_15fc9313\mfc90esn.dll
    + 2009-07-12 05:02 . 2009-07-12 05:02 53568 c:\windows\WinSxS\x86_Microsoft.VC90.MFCLOC_1fc8b3b9a1e18e3b_9.0.30729.4148_x-ww_15fc9313\mfc90enu.dll
    + 2009-07-12 05:02 . 2009-07-12 05:02 63296 c:\windows\WinSxS\x86_Microsoft.VC90.MFCLOC_1fc8b3b9a1e18e3b_9.0.30729.4148_x-ww_15fc9313\mfc90deu.dll
    + 2009-07-12 05:02 . 2009-07-12 05:02 36688 c:\windows\WinSxS\x86_Microsoft.VC90.MFCLOC_1fc8b3b9a1e18e3b_9.0.30729.4148_x-ww_15fc9313\mfc90cht.dll
    + 2009-07-12 05:02 . 2009-07-12 05:02 35648 c:\windows\WinSxS\x86_Microsoft.VC90.MFCLOC_1fc8b3b9a1e18e3b_9.0.30729.4148_x-ww_15fc9313\mfc90chs.dll
    + 2009-07-12 05:05 . 2009-07-12 05:05 59904 c:\windows\WinSxS\x86_Microsoft.VC90.MFC_1fc8b3b9a1e18e3b_9.0.30729.4148_x-ww_a57c1f53\mfcm90u.dll
    + 2009-07-12 05:05 . 2009-07-12 05:05 59904 c:\windows\WinSxS\x86_Microsoft.VC90.MFC_1fc8b3b9a1e18e3b_9.0.30729.4148_x-ww_a57c1f53\mfcm90.dll
    + 2012-04-11 17:58 . 2012-04-11 17:58 16384 c:\windows\Temp\Perflib_Perfdata_730.dat
    + 2009-07-12 05:02 . 2009-07-12 05:02 653120 c:\windows\WinSxS\x86_Microsoft.VC90.CRT_1fc8b3b9a1e18e3b_9.0.30729.4148_x-ww_d495ac4e\msvcr90.dll
    + 2009-07-12 05:02 . 2009-07-12 05:02 569664 c:\windows\WinSxS\x86_Microsoft.VC90.CRT_1fc8b3b9a1e18e3b_9.0.30729.4148_x-ww_d495ac4e\msvcp90.dll
    + 2009-07-12 05:05 . 2009-07-12 05:05 225280 c:\windows\WinSxS\x86_Microsoft.VC90.CRT_1fc8b3b9a1e18e3b_9.0.30729.4148_x-ww_d495ac4e\msvcm90.dll
    + 2012-04-10 12:27 . 2012-04-10 12:27 219648 c:\windows\Installer\f0366.msi
    + 2012-04-11 13:38 . 2012-04-11 13:38 253952 c:\windows\ERDNT\AutoBackup\4-11-2012\Users\00000002\UsrClass.dat
    + 2012-04-11 13:38 . 2005-10-20 17:02 163328 c:\windows\ERDNT\AutoBackup\4-11-2012\ERDNT.EXE
    + 2012-04-10 12:12 . 2012-04-10 12:12 253952 c:\windows\ERDNT\AutoBackup\4-10-2012\Users\00000002\UsrClass.dat
    + 2012-04-10 12:12 . 2005-10-20 17:02 163328 c:\windows\ERDNT\AutoBackup\4-10-2012\ERDNT.EXE
    + 2009-07-12 05:02 . 2009-07-12 05:02 3780424 c:\windows\WinSxS\x86_Microsoft.VC90.MFC_1fc8b3b9a1e18e3b_9.0.30729.4148_x-ww_a57c1f53\mfc90u.dll
    + 2009-07-12 05:02 . 2009-07-12 05:02 3765048 c:\windows\WinSxS\x86_Microsoft.VC90.MFC_1fc8b3b9a1e18e3b_9.0.30729.4148_x-ww_a57c1f53\mfc90.dll
    + 2012-04-11 13:38 . 2012-04-11 13:38 13766656 c:\windows\ERDNT\AutoBackup\4-11-2012\Users\00000001\ntuser.dat
    + 2012-04-10 12:12 . 2012-04-10 12:12 13766656 c:\windows\ERDNT\AutoBackup\4-10-2012\Users\00000001\ntuser.dat
    .
    ((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
    .
    .
    *Note* empty entries & legit default entries are not shown
    REGEDIT4
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\00avast]
    @="{472083B0-C522-11CF-8763-00608CC02F24}"
    [HKEY_CLASSES_ROOT\CLSID\{472083B0-C522-11CF-8763-00608CC02F24}]
    2012-03-06 23:15 123536 ----a-w- c:\program files\AVAST Software\Avast\ashShell.dll
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "LaunchApp"="Alaunch" [X]
    "IgfxTray"="c:\windows\system32\igfxtray.exe" [2008-02-28 141848]
    "HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2008-02-28 166424]
    "Persistence"="c:\windows\system32\igfxpers.exe" [2008-02-28 137752]
    "RTHDCPL"="RTHDCPL.EXE" [2008-05-16 16862720]
    "AzMixerSel"="c:\program files\Realtek\Audio\InstallShield\AzMixerSel.exe" [2006-07-17 53248]
    "SynTPEnh"="c:\program files\Synaptics\SynTP\SynTPEnh.exe" [2008-04-25 1044480]
    "IMJPMIG8.1"="c:\windows\IME\imjp8_1\IMJPMIG.EXE" [2008-04-15 208952]
    "LManager"="c:\progra~1\LAUNCH~1\QtZgAcer.EXE" [2008-05-14 821768]
    "PLFSetL"="c:\windows\PLFSetL.exe" [2007-07-05 94208]
    "eRecoveryService"="c:\acer\Empowering Technology\eRecovery\eRAgent.exe" [2008-05-22 425984]
    "Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2012-01-04 37296]
    "Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2012-01-03 843712]
    "SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2012-01-18 254696]
    "Malwarebytes' Anti-Malware"="c:\program files\Malwarebytes' Anti-Malware\mbamgui.exe" [2012-04-04 462408]
    "avast"="c:\program files\AVAST Software\Avast\avastUI.exe" [2012-03-06 4241512]
    .
    c:\documents and settings\Chris\Start Menu\Programs\Startup\
    ERUNT AutoBackup.lnk - c:\program files\ERUNT\AUTOBACK.EXE [2005-10-20 38912]
    .
    c:\documents and settings\All Users\Start Menu\Programs\Startup\
    InterVideo WinCinema Manager.lnk - c:\program files\InterVideo\Common\Bin\WinCinemaMgr.exe [2008-6-4 114688]
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\TPSvc]
    TPSvc.dll [BU]
    .
    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MCODS]
    @=""
    .
    [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
    "%windir%\\Network Diagnostic\\xpnetdiag.exe"=
    "%windir%\\system32\\sessmgr.exe"=
    "c:\\Program Files\\Microsoft Office\\Office12\\ONENOTE.EXE"=
    "c:\\Program Files\\Messenger\\msmsgs.exe"=
    "c:\\Program Files\\Java\\jre6\\bin\\javaw.exe"=
    "c:\\Program Files\\Windows Live\\Messenger\\wlcsdk.exe"=
    "c:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"=
    "c:\\Program Files\\ソ\ニア\\極楽バイパー ランジェリー 赤\\Bin\\VPLanRed.exe"=
    "c:\\Program Files\\Mozilla Firefox\\firefox.exe"=
    "c:\\Program Files\\Malwarebytes' Anti-Malware\\mbam.exe"=
    "c:\\Documents and Settings\\Chris\\My Documents\\Downloads\\STOPzilla_Setup.exe"=
    "c:\\Program Files\\Common Files\\Java\\Java Update\\jucheck.exe"=
    .
    R1 aswSnx;aswSnx;c:\windows\system32\drivers\aswSnx.sys [4/10/2012 7:29 AM 612184]
    R1 aswSP;aswSP;c:\windows\system32\drivers\aswSP.sys [4/10/2012 7:29 AM 337880]
    R2 {09BB444F-B2E2-4009-BAF2-7B727681223E};BuddyVM;c:\program files\VMLaunch\BuddyVM.sys [3/25/2009 12:56 PM 15488]
    R2 aswFsBlk;aswFsBlk;c:\windows\system32\drivers\aswFsBlk.sys [4/10/2012 7:29 AM 20696]
    R2 cpuz135;cpuz135;c:\windows\system32\drivers\cpuz135_x32.sys [1/3/2011 5:10 AM 21992]
    R2 MBAMService;MBAMService;c:\program files\Malwarebytes' Anti-Malware\mbamservice.exe [2/23/2009 9:59 AM 654408]
    R2 McAfee SiteAdvisor Service;McAfee SiteAdvisor Service;c:\program files\McAfee\SiteAdvisor\McSACore.exe [10/13/2009 8:33 PM 95200]
    R2 Viewpoint Manager Service;Viewpoint Manager Service;c:\program files\Viewpoint\Common\ViewpointService.exe [2/23/2009 9:50 AM 24652]
    R3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [2/23/2009 9:59 AM 22344]
    S3 cpudrv;cpudrv;c:\program files\SystemRequirementsLab\cpudrv.sys [12/18/2009 10:58 AM 11336]
    S3 JMCR;JMCR;c:\windows\system32\drivers\jmcr.sys [2/23/2009 1:15 AM 96856]
    .
    .
    ------- Supplementary Scan -------
    .
    uStart Page = hxxp://www.msn.com
    IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\Office12\EXCEL.EXE/3000
    TCP: DhcpNameServer = 75.75.75.75 75.75.76.76
    FF - ProfilePath - c:\documents and settings\Chris\Application Data\Mozilla\Firefox\Profiles\lrp7h7bg.default\
    FF - prefs.js: browser.startup.homepage - hxxp://en-US.start3.mozilla.com/firefox?client=firefox-a&rls=org.mozilla:en-US:official
    .
    - - - - ORPHANS REMOVED - - - -
    .
    AddRemove-UltraISO_is1 - c:\program files\UltraISO\unins000.exe
    .
    .
    .
    **************************************************************************
    .
    catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
    Rootkit scan 2012-04-11 13:50
    Windows 5.1.2600 Service Pack 3 NTFS
    .
    scanning hidden processes ...
    .
    scanning hidden autostart entries ...
    .
    scanning hidden files ...
    .
    scan completed successfully
    hidden files: 0
    .
    **************************************************************************
    .
    --------------------- LOCKED REGISTRY KEYS ---------------------
    .
    [HKEY_USERS\S-1-5-21-123947885-3055150098-3939964369-1006\Software\Microsoft\Windows\CurrentVersion\Explorer\MenuOrder\Start Menu2\Programs\EROTICA PEACH\0j00O0・n0ラS纐*0^7_6R'`竡ロcT0qN、N^]
    "Order"=hex:08,00,00,00,02,00,00,00,22,01,00,00,01,00,00,00,02,00,00,00,80,00,
    00,00,00,00,00,00,72,00,00,00,41,75,67,4d,02,00,00,00,01,00,00,00,60,00,36,\
    .
    [HKEY_LOCAL_MACHINE\software\Microsoft\Windows\CurrentVersion\App Management\ARPCache\經USヤg^F0U000ソ該e*0}vO0痂・・sYSO_0a0^]
    "SlowInfoCache"=hex:28,02,00,00,01,00,00,00,00,10,b2,29,00,00,00,00,5e,8b,83,
    cb,72,17,cd,01,05,00,00,00,43,00,3a,00,5c,00,50,00,72,00,6f,00,67,00,72,00,\
    "Changed"=dword:00000000
    .
    [HKEY_LOCAL_MACHINE\software\Microsoft\Windows\CurrentVersion\Uninstall\經USヤg^F0U000ソ該e*0}vO0痂・・sYSO_0a0^]
    "UninstallString"="c:\\WINDOWS\\IsUn0411.exe -f\"c:\\Program Files\\アークシェル\\口唇包柔\\koushin.isu\""
    "DisplayName"="口唇包柔~うさみみ調教 白く濡れる女体たち~"
    .
    [HKEY_LOCAL_MACHINE\software\S*t*u*d*i*o*ェ尻`\エ0ヒ0・]
    "InstalledFolder"="c:\\Studio邪恋\\ゴニン!?"
    .
    [HKEY_LOCAL_MACHINE\software\「0・ッ0キ0ァ0・\經USヤg^F0U000ソ該e*0}vO0痂・・sYSO_0a0^\1.00.000]
    "srcpath"="d:\\koushin\\"
    "dstpath"="c:\\Program Files\\アークシェル\\口唇包柔"
    "Version"="0"
    .
    --------------------- DLLs Loaded Under Running Processes ---------------------
    .
    - - - - - - - > 'explorer.exe'(3176)
    c:\progra~1\mcafee\SITEAD~1\saHook.dll
    c:\windows\system32\WPDShServiceObj.dll
    c:\windows\system32\PortableDeviceTypes.dll
    c:\windows\system32\PortableDeviceApi.dll
    .
    Completion time: 2012-04-11 13:54:57
    ComboFix-quarantined-files.txt 2012-04-11 18:54
    ComboFix2.txt 2012-04-10 21:29
    ComboFix3.txt 2012-04-09 22:07
    .
    Pre-Run: 20,287,537,152 bytes free
    Post-Run: 22,711,504,896 bytes free
    .
    - - End Of File - - 2035B0157BE9067833C4A41D2ABF4442

  7. #37
    Senior Member
    Join Date
    Feb 2012
    Location
    Ireland
    Posts
    176

    Default

    Please run minitoolbox now.

    MiniToolBox
    Please download MiniToolBox© by farbar and save it to your desktop. Click here.
    • Double click on MiniToolBox.exe to run it.
      Please check (tick) the following options:
      • Flush DNS
      • List IP Configuration
      • List Winsock Entries
      • List Last 10 Event Viewer Errors
      • List Devices (Only Problems)
    • Click on the GO button. A log will open.
    • Please post the contents of this log. It can also be found on the desktop as Result.txt.
    Proud Graduate of the MalWare Removal University

  8. #38
    Member
    Join Date
    Jan 2009
    Posts
    58

    Default

    MiniToolBox by Farbar Version: 18-01-2012
    Ran by Chris (administrator) on 11-04-2012 at 15:04:16
    Microsoft Windows XP Home Edition Service Pack 3 (X86)
    Boot Mode: Normal
    ***************************************************************************

    ========================= Flush DNS: ===================================


    Windows IP Configuration



    Successfully flushed the DNS Resolver Cache.

    ========================= IP Configuration: ================================

    Atheros AR5007EG Wireless Network Adapter = Wireless Network Connection (Connected)
    Realtek RTL8102E Family PCI-E Fast Ethernet NIC = Local Area Connection (Media disconnected)


    # ----------------------------------
    # Interface IP Configuration
    # ----------------------------------
    pushd interface ip


    # Interface IP Configuration for "Local Area Connection"

    set address name="Local Area Connection" source=dhcp
    set dns name="Local Area Connection" source=dhcp register=PRIMARY
    set wins name="Local Area Connection" source=dhcp

    # Interface IP Configuration for "Wireless Network Connection"

    set address name="Wireless Network Connection" source=dhcp
    set dns name="Wireless Network Connection" source=dhcp register=PRIMARY
    set wins name="Wireless Network Connection" source=dhcp


    popd
    # End of interface IP configuration




    Windows IP Configuration



    Host Name . . . . . . . . . . . . : SnowSakura

    Primary Dns Suffix . . . . . . . :

    Node Type . . . . . . . . . . . . : Unknown

    IP Routing Enabled. . . . . . . . : Yes

    WINS Proxy Enabled. . . . . . . . : Yes

    DNS Suffix Search List. . . . . . : hsd1.tn.comcast.net.



    Ethernet adapter Local Area Connection:



    Media State . . . . . . . . . . . : Media disconnected

    Description . . . . . . . . . . . : Realtek RTL8102E Family PCI-E Fast Ethernet NIC

    Physical Address. . . . . . . . . : 00-23-8B-69-F1-4D



    Ethernet adapter Wireless Network Connection:



    Connection-specific DNS Suffix . : hsd1.tn.comcast.net.

    Description . . . . . . . . . . . : Atheros AR5007EG Wireless Network Adapter

    Physical Address. . . . . . . . . : 00-24-2B-23-BC-24

    Dhcp Enabled. . . . . . . . . . . : Yes

    Autoconfiguration Enabled . . . . : Yes

    IP Address. . . . . . . . . . . . : 192.168.1.105

    Subnet Mask . . . . . . . . . . . : 255.255.255.0

    Default Gateway . . . . . . . . . : 192.168.1.1

    DHCP Server . . . . . . . . . . . : 192.168.1.1

    DNS Servers . . . . . . . . . . . : 75.75.75.75

    75.75.76.76

    Lease Obtained. . . . . . . . . . : Wednesday, April 11, 2012 1:16:00 PM

    Lease Expires . . . . . . . . . . : Thursday, April 12, 2012 1:16:00 PM

    Server: cdns01.comcast.net
    Address: 75.75.75.75

    Name: google.com
    Addresses: 74.125.159.101, 74.125.159.100, 74.125.159.139, 74.125.159.102
    74.125.159.113, 74.125.159.138



    Pinging google.com [74.125.159.102] with 32 bytes of data:



    Reply from 74.125.159.102: bytes=32 time=19ms TTL=54

    Reply from 74.125.159.102: bytes=32 time=19ms TTL=54



    Ping statistics for 74.125.159.102:

    Packets: Sent = 2, Received = 2, Lost = 0 (0% loss),

    Approximate round trip times in milli-seconds:

    Minimum = 19ms, Maximum = 19ms, Average = 19ms

    Server: cdns01.comcast.net
    Address: 75.75.75.75

    Name: yahoo.com
    Addresses: 209.191.122.70, 72.30.38.140, 98.139.183.24



    Pinging yahoo.com [72.30.38.140] with 32 bytes of data:



    Reply from 72.30.38.140: bytes=32 time=92ms TTL=51

    Reply from 72.30.38.140: bytes=32 time=166ms TTL=51



    Ping statistics for 72.30.38.140:

    Packets: Sent = 2, Received = 2, Lost = 0 (0% loss),

    Approximate round trip times in milli-seconds:

    Minimum = 92ms, Maximum = 166ms, Average = 129ms

    Server: cdns01.comcast.net
    Address: 75.75.75.75

    Name: bleepingcomputer.com
    Address: 208.43.87.2



    Pinging bleepingcomputer.com [208.43.87.2] with 32 bytes of data:



    Reply from 208.43.87.2: Destination host unreachable.

    Reply from 208.43.87.2: Destination host unreachable.



    Ping statistics for 208.43.87.2:

    Packets: Sent = 2, Received = 2, Lost = 0 (0% loss),

    Approximate round trip times in milli-seconds:

    Minimum = 0ms, Maximum = 0ms, Average = 0ms



    Pinging 127.0.0.1 with 32 bytes of data:



    Reply from 127.0.0.1: bytes=32 time<1ms TTL=128

    Reply from 127.0.0.1: bytes=32 time<1ms TTL=128



    Ping statistics for 127.0.0.1:

    Packets: Sent = 2, Received = 2, Lost = 0 (0% loss),

    Approximate round trip times in milli-seconds:

    Minimum = 0ms, Maximum = 0ms, Average = 0ms

    ===========================================================================
    Interface List
    0x1 ........................... MS TCP Loopback interface
    0x3 ...00 23 8b 69 f1 4d ...... Realtek RTL8102E Family PCI-E Fast Ethernet NIC - Packet Scheduler Miniport
    0x20002 ...00 24 2b 23 bc 24 ...... Atheros AR5007EG Wireless Network Adapter - Packet Scheduler Miniport
    ===========================================================================
    ===========================================================================
    Active Routes:
    Network Destination Netmask Gateway Interface Metric
    0.0.0.0 0.0.0.0 192.168.1.1 192.168.1.105 1
    127.0.0.0 255.0.0.0 127.0.0.1 127.0.0.1 1
    192.168.1.0 255.255.255.0 192.168.1.105 192.168.1.105 30
    192.168.1.105 255.255.255.255 127.0.0.1 127.0.0.1 30
    192.168.1.255 255.255.255.255 192.168.1.105 192.168.1.105 30
    224.0.0.0 240.0.0.0 192.168.1.105 192.168.1.105 30
    255.255.255.255 255.255.255.255 192.168.1.105 3 1
    255.255.255.255 255.255.255.255 192.168.1.105 192.168.1.105 1
    Default Gateway: 192.168.1.1
    ===========================================================================
    Persistent Routes:
    None
    ========================= Winsock entries =====================================

    Catalog5 01 C:\Windows\System32\mswsock.dll [245248] (Microsoft Corporation)
    Catalog5 02 C:\Windows\System32\winrnr.dll [16896] (Microsoft Corporation)
    Catalog5 03 C:\Windows\System32\mswsock.dll [245248] (Microsoft Corporation)
    Catalog9 01 C:\Windows\system32\mswsock.dll [245248] (Microsoft Corporation)
    Catalog9 02 C:\Windows\system32\mswsock.dll [245248] (Microsoft Corporation)
    Catalog9 03 C:\Windows\system32\mswsock.dll [245248] (Microsoft Corporation)
    Catalog9 04 C:\Windows\system32\mswsock.dll [245248] (Microsoft Corporation)
    Catalog9 05 C:\Windows\system32\mswsock.dll [245248] (Microsoft Corporation)
    Catalog9 06 C:\Windows\system32\mswsock.dll [245248] (Microsoft Corporation)
    Catalog9 07 C:\Windows\system32\mswsock.dll [245248] (Microsoft Corporation)
    Catalog9 08 C:\Windows\system32\mswsock.dll [245248] (Microsoft Corporation)
    Catalog9 09 C:\Windows\system32\mswsock.dll [245248] (Microsoft Corporation)
    Catalog9 10 C:\Windows\system32\mswsock.dll [245248] (Microsoft Corporation)
    Catalog9 11 C:\Windows\system32\mswsock.dll [245248] (Microsoft Corporation)
    Catalog9 12 C:\Windows\system32\mswsock.dll [245248] (Microsoft Corporation)
    Catalog9 13 C:\Windows\system32\mswsock.dll [245248] (Microsoft Corporation)
    Catalog9 14 C:\Windows\system32\mswsock.dll [245248] (Microsoft Corporation)
    Catalog9 15 C:\Windows\system32\mswsock.dll [245248] (Microsoft Corporation)

    ========================= Event log errors: ===============================

    Application errors:
    ==================
    Error: (04/10/2012 10:57:02 AM) (Source: Application Hang) (User: )
    Description: Hanging application SpybotSD.exe, version 1.6.2.46, hang module hungapp, version 0.0.0.0, hang address 0x00000000.

    Error: (04/09/2012 10:31:36 AM) (Source: Application Error) (User: )
    Description: Faulting application plugin-container.exe, version 11.0.0.4454, faulting module mozalloc.dll, version 11.0.0.4454, fault address 0x0000195d.
    Processing media-specific event for [plugin-container.exe!ws!]

    Error: (04/02/2012 02:10:27 AM) (Source: Application Error) (User: )
    Description: Faulting application seraph.exe, version 1.0.0.1, faulting module user32.dll, version 5.1.2600.5512, fault address 0x000187aa.
    Processing media-specific event for [seraph.exe!ws!]

    Error: (04/02/2012 02:06:43 AM) (Source: Application Error) (User: )
    Description: Faulting application seraph.exe, version 1.0.0.1, faulting module user32.dll, version 5.1.2600.5512, fault address 0x000187aa.
    Processing media-specific event for [seraph.exe!ws!]

    Error: (04/02/2012 02:04:50 AM) (Source: Application Error) (User: )
    Description: Faulting application seraph.exe, version 1.0.0.1, faulting module user32.dll, version 5.1.2600.5512, fault address 0x000187aa.
    Processing media-specific event for [seraph.exe!ws!]

    Error: (04/02/2012 02:03:12 AM) (Source: Application Error) (User: )
    Description: Faulting application seraph.exe, version 1.0.0.1, faulting module user32.dll, version 5.1.2600.5512, fault address 0x000187aa.
    Processing media-specific event for [seraph.exe!ws!]

    Error: (04/02/2012 01:58:56 AM) (Source: Application Error) (User: )
    Description: Faulting application seraph.exe, version 1.0.0.1, faulting module user32.dll, version 5.1.2600.5512, fault address 0x000187aa.
    Processing media-specific event for [seraph.exe!ws!]

    Error: (03/31/2012 09:42:32 PM) (Source: MsiInstaller) (User: Chris)Chris
    Description: ? : ???????????? -- ??? 1324? ???? ?? '????????????' ?????????????????

    Error: (03/31/2012 09:31:54 PM) (Source: MsiInstaller) (User: Chris)Chris
    Description: ? : ???????????? -- ??? 1324? ???? ?? '????????????' ?????????????????

    Error: (03/31/2012 09:28:37 PM) (Source: MsiInstaller) (User: Chris)Chris
    Description: ? : ???????????? -- ??? 1324? ???? ?? '????????????' ?????????????????


    System errors:
    =============
    Error: (04/11/2012 00:55:59 PM) (Source: Service Control Manager) (User: )
    Description: The MBAMService service terminated unexpectedly. It has done this 1 time(s).

    Error: (04/11/2012 00:55:58 PM) (Source: Service Control Manager) (User: )
    Description: The Java Quick Starter service terminated unexpectedly. It has done this 1 time(s).

    Error: (04/11/2012 00:55:58 PM) (Source: Service Control Manager) (User: )
    Description: The IviRegMgr service terminated unexpectedly. It has done this 1 time(s).

    Error: (04/11/2012 00:05:00 PM) (Source: Service Control Manager) (User: )
    Description: The MBAMService service terminated unexpectedly. It has done this 1 time(s).

    Error: (04/11/2012 00:04:59 PM) (Source: Service Control Manager) (User: )
    Description: The Java Quick Starter service terminated unexpectedly. It has done this 1 time(s).

    Error: (04/11/2012 00:04:59 PM) (Source: Service Control Manager) (User: )
    Description: The IviRegMgr service terminated unexpectedly. It has done this 1 time(s).

    Error: (04/11/2012 11:45:46 AM) (Source: Service Control Manager) (User: )
    Description: The MBAMService service terminated unexpectedly. It has done this 1 time(s).

    Error: (04/11/2012 11:45:46 AM) (Source: Service Control Manager) (User: )
    Description: The Java Quick Starter service terminated unexpectedly. It has done this 1 time(s).

    Error: (04/11/2012 11:45:46 AM) (Source: Service Control Manager) (User: )
    Description: The IviRegMgr service terminated unexpectedly. It has done this 1 time(s).

    Error: (04/11/2012 11:34:09 AM) (Source: Service Control Manager) (User: )
    Description: The MBAMService service terminated unexpectedly. It has done this 1 time(s).


    Microsoft Office Sessions:
    =========================

    ========================= Devices: ================================


    **** End of log ****

  9. #39
    Senior Member
    Join Date
    Feb 2012
    Location
    Ireland
    Posts
    176

    Default

    Minitoolbox shows no issues that would affect your wireless card. You appear to be connected to it now. Are you still having issues with it? If so, please describe.

    Also let me know if there are any other symptoms relating to the infection.

    Thanks,

    diver79.
    Proud Graduate of the MalWare Removal University

  10. #40
    Member
    Join Date
    Jan 2009
    Posts
    58

    Default

    No I'm not seeing any other problems currently, just need to remove stopzilla and defrag so it's not so slow

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •