MicQsenoch

NEW DEVELOPMENT! Computer freezing at start up. It always seems to hang up in the same spot IF it does happen. The desktop loads, malwarebytes and the MSE Xed out icons load in the tool bar, then a note from malwarebytes saying my trial version will expire pops up, and then the computer freezes. I can move my mouse around, but cannot click on anything and the computer is unresponsive to anything else. It seems to happen rather frequently and it just started happening this night around 9:30. After poking around a bit on the internet, it seems that other people have a similar problem somewhat frequently. The only thing i have done tonight is do the combo-fix and post the log, and also read about other people with a similar problem.

As far as the websites I am wisiting I wouldnt classify any of them as shady. ESPN Facebook Youtube Various reputable League of Legends websites (Reign of Gaming) (lolpro) (lolking) edit* (I use the word reputable because ive used these websites for years and have never had trouble with them. Basically I have no idea what im talking about.) Video Game Websites A few forums (board game geeks) (Isotropic dominion forums) (gamefaqs) MLG pro News websites Hulu I got into this entire mess cuz i did click on a very questionable link. Very stupid of me. Learned a lesson.

ComboFix 13-01-08.01 - Michael Senff 01/09/2013 18:54:10.1.4 - x86 Microsoft Windows XP Home Edition 5.1.2600.3.1252.1.1033.18.3564.2730 [GMT -6:00] Running from: c:\documents and settings\Michael Senff\Desktop\Combo-Fix.exe AV: Microsoft Security Essentials *Disabled/Updated* {EDB4FA23-53B8-4AFA-8C5D-99752CCA7095} . . ((((((((((((((((((((((((((((((((((((((( Other Deletions ))))))))))))))))))))))))))))))))))))))))))))))))) . . c:\windows\system32\Cache c:\windows\system32\Cache\0025579d476751f2.fb c:\windows\system32\Cache\272512937d9e61a4.fb c:\windows\system32\Cache\287204568329e189.fb c:\windows\system32\Cache\28bc8f716fd76a47.fb c:\windows\system32\Cache\31a0997e9a5b5eb3.fb c:\windows\system32\Cache\32c84fe32bb74d60.fb c:\windows\system32\Cache\3917078cb68ec657.fb c:\windows\system32\Cache\590ba23ce359fd0c.fb c:\windows\system32\Cache\610289e025a3ee9a.fb c:\windows\system32\Cache\651c5d3cdbfb8bd1.fb c:\windows\system32\Cache\6c59ac5e7e7a3ad0.fb c:\windows\system32\Cache\6d03dad1035885d3.fb c:\windows\system32\Cache\a8556537add6dfc5.fb c:\windows\system32\Cache\ad10a52aff5e038d.fb c:\windows\system32\Cache\c1fa887b03019701.fb c:\windows\system32\Cache\c4d28dca2e7648be.fb c:\windows\system32\Cache\d201ef9910cd39de.fb c:\windows\system32\Cache\d2e94710a5708128.fb c:\windows\system32\Cache\d79b9dfe81484ec4.fb c:\windows\system32\Cache\f998975c9cc711ee.fb . . ((((((((((((((((((((((((( Files Created from 2012-12-10 to 2013-01-10 ))))))))))))))))))))))))))))))) . . 2013-01-04 14:20 . 2013-01-06 14:48 -------- d-----w- C:\JRT 2013-01-03 00:15 . 2013-01-03 00:15 -------- d-----w- C:\_OTL 2013-01-01 17:57 . 2013-01-01 17:57 -------- d-----w- C:\rsit 2012-12-30 21:13 . 2012-12-30 21:13 -------- d-----w- C:\Riot Games 2012-12-30 20:13 . 2012-12-30 20:13 -------- d-----w- C:\NVIDIA 2012-12-30 15:38 . 2012-12-30 15:38 -------- d-----w- C:\Intel 2012-12-30 15:38 . 2012-12-30 15:38 -------- d-----w- C:\931dd4e9d3fec63017e138d3 . . . (((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))) . 2012-12-29 10:31 . 2008-04-14 00:12 4154752 ----a-w- c:\windows\system32\nv4_disp.dll 2012-12-29 08:07 . 2011-03-20 21:52 54272 ----a-w- c:\windows\system32\nvwddi.dll 2012-12-29 08:07 . 2011-03-20 21:52 157112 ----a-w- c:\windows\system32\nvsvc32.exe 2012-12-29 08:07 . 2011-03-20 21:52 15635896 ----a-w- c:\windows\system32\nvcpl.dll 2012-12-29 08:07 . 2011-03-20 21:52 108984 ----a-w- c:\windows\system32\nvmctray.dll 2012-12-29 08:07 . 2011-03-20 21:52 144312 ----a-w- c:\windows\system32\nvcolor.exe 2012-12-16 12:23 . 2004-08-04 12:00 290560 ----a-w- c:\windows\system32\atmfd.dll 2012-11-13 01:25 . 2004-08-04 12:00 1866368 ----a-w- c:\windows\system32\win32k.sys 2012-11-06 02:01 . 2008-04-14 00:12 1371648 ----a-w- c:\windows\system32\msxml6.dll 2012-11-02 02:02 . 2004-08-04 12:00 375296 ----a-w- c:\windows\system32\dpnet.dll 2012-11-01 12:17 . 2004-08-04 12:00 916992 ----a-w- c:\windows\system32\wininet.dll 2012-11-01 12:17 . 2004-08-04 12:00 43520 ----a-w- c:\windows\system32\licmgr10.dll 2012-11-01 12:17 . 2004-08-04 12:00 1469440 ----a-w- c:\windows\system32\inetcpl.cpl 2012-11-01 00:35 . 2004-08-04 12:00 385024 ----a-w- c:\windows\system32\html.iec 2012-11-29 08:27 . 2012-12-30 20:23 262112 ----a-w- c:\program files\mozilla firefox\components\browsercomps.dll . . ((((((((((((((((((((((((((((((((((((( Reg Loading Points )))))))))))))))))))))))))))))))))))))))))))))))))) . . *Note* empty entries & legit default entries are not shown REGEDIT4 . [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "Pando Media Booster"="c:\program files\Pando Networks\Media Booster\PMB.exe" [2012-12-30 3093624] . [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "RTHDCPL"="RTHDCPL.EXE" [2011-10-14 20064872] "MSC"="c:\program files\Microsoft Security Client\msseces.exe" [2012-09-12 947176] "vProt"="c:\program files\AVG Secure Search\vprot.exe" [2013-01-01 997320] "Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2012-09-24 926896] "NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2012-12-29 15635896] "NvMediaCenter"="NvMCTray.dll" [2012-12-29 108984] "nwiz"="c:\program files\NVIDIA Corporation\nview\nwiz.exe" [2012-12-29 1982312] . [HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run] "DWQueuedReporting"="c:\progra~1\COMMON~1\MICROS~1\DW\dwtrig20.exe" [2007-02-26 437160] . [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MsMpSvc] @="Service" . [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List] "%windir%\\system32\\sessmgr.exe"= "%windir%\\Network Diagnostic\\xpnetdiag.exe"= "c:\\Program Files\\NVIDIA Corporation\\NVIDIA Updatus\\daemonu.exe"= "c:\\Program Files\\Pando Networks\\Media Booster\\PMB.exe"= "c:\\Documents and Settings\\All Users\\Application Data\\Battle.net\\Agent\\Agent.1267\\Agent.exe"= "c:\\Documents and Settings\\All Users\\Application Data\\Battle.net\\Agent\\Agent.1544\\Agent.exe"= "c:\\Program Files\\StarCraft II\\StarCraft II.exe"= "c:\\Program Files\\StarCraft II\\StarCraft II Public Test.exe"= "c:\\Program Files\\NVIDIA Corporation\\NVIDIA Update Core\\daemonu.exe"= . [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List] "58358:TCP"= 58358:TCP:Pando Media Booster "58358:UDP"= 58358:UDP:Pando Media Booster . R1 AppleCharger;AppleCharger;c:\windows\system32\drivers\AppleCharger.sys [12/30/2012 9:41 AM 19056] R1 avgtp;avgtp;c:\windows\system32\drivers\avgtpx86.sys [12/31/2012 6:03 PM 26984] R2 UNS;Intel® Management and Security Application User Notification Service;c:\program files\Intel\Intel® Management Engine Components\UNS\UNS.exe [12/30/2012 9:41 AM 2655768] R2 vToolbarUpdater13.2.0;vToolbarUpdater13.2.0;c:\program files\Common Files\AVG Secure Search\vToolbarUpdater\13.2.0\ToolbarUpdater.exe [12/31/2012 6:03 PM 711112] R3 EtronHub3;Etron USB 3.0 Extensible Hub Driver;c:\windows\system32\drivers\EtronHub3.sys [8/17/2011 4:18 AM 45056] R3 EtronXHCI;Etron USB 3.0 Extensible Host Controller Driver;c:\windows\system32\drivers\EtronXHCI.sys [8/17/2011 4:18 AM 64896] R3 MEI;Intel® Management Engine Interface;c:\windows\system32\drivers\HECI.sys [12/30/2012 9:41 AM 41088] S2 MBAMScheduler;MBAMScheduler;c:\program files\Malwarebytes' Anti-Malware\mbamscheduler.exe [12/30/2012 12:58 PM 398184] S2 MBAMService;MBAMService;c:\program files\Malwarebytes' Anti-Malware\mbamservice.exe [12/30/2012 12:58 PM 682344] S3 Ambfilt;Ambfilt;c:\windows\system32\drivers\Ambfilt.sys [12/30/2012 9:39 AM 1691480] S3 AppleChargerSrv;AppleChargerSrv;system32\AppleChargerSrv.exe --> system32\AppleChargerSrv.exe [?] S3 GVTDrv;GVTDrv;c:\windows\system32\drivers\GVTDrv.sys [12/30/2012 9:44 AM 24944] S3 mbamchameleon;mbamchameleon;c:\windows\system32\drivers\mbamchameleon.sys [1/1/2013 9:43 AM 35144] S3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [12/30/2012 12:58 PM 21104] . Contents of the 'Scheduled Tasks' folder . 2013-01-09 c:\windows\Tasks\Adobe Flash Player Updater.job - c:\windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2012-12-30 02:20] . 2013-01-09 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job - c:\program files\Google\Update\GoogleUpdate.exe [2013-01-01 00:14] . 2013-01-09 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job - c:\program files\Google\Update\GoogleUpdate.exe [2013-01-01 00:14] . 2013-01-08 c:\windows\Tasks\Microsoft Antimalware Scheduled Scan.job - c:\program files\Microsoft Security Client\MpCmdRun.exe [2012-09-12 23:25] . 2013-01-09 c:\windows\Tasks\MpIdleTask.job - c:\program files\Microsoft Security Client\MpCmdRun.exe [2012-09-12 23:25] . . ------- Supplementary Scan ------- . uStart Page = hxxp://www.google.com TCP: DhcpNameServer = 192.168.1.1 FF - ProfilePath - c:\documents and settings\Michael Senff\Application Data\Mozilla\Firefox\Profiles\8v50ytho.default\ FF - ExtSQL: 2012-12-30 12:22; {20a82645-c095-46ed-80e3-08825760534b}; c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension FF - ExtSQL: 2012-12-31 18:03; avg@toolbar; c:\documents and settings\All Users\Application Data\AVG Secure Search\FireFoxExt\13.2.0.5 FF - ExtSQL: 2013-01-01 12:12; {e001c731-5e37-4538-a5cb-8168736a2360}; c:\documents and settings\Michael Senff\Application Data\Mozilla\Firefox\Profiles\8v50ytho.default\extensions\{e001c731-5e37-4538-a5cb-8168736a2360} . . ************************************************************************** . catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net Rootkit scan 2013-01-09 18:55 Windows 5.1.2600 Service Pack 3 NTFS . scanning hidden processes ... . scanning hidden autostart entries ... . scanning hidden files ... . scan completed successfully hidden files: 0 . ************************************************************************** . --------------------- LOCKED REGISTRY KEYS --------------------- . [HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}] @Denied: (A 2) (Everyone) @="FlashBroker" "LocalizedString"="@c:\\WINDOWS\\system32\\Macromed\\Flash\\FlashUtil32_11_5_502_146_ActiveX.exe,-101" . [HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation] "Enabled"=dword:00000001 . [HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32] @="c:\\WINDOWS\\system32\\Macromed\\Flash\\FlashUtil32_11_5_502_146_ActiveX.exe" . [HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib] @="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}" . [HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}] @Denied: (A 2) (Everyone) @="IFlashBroker5" . [HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32] @="{00020424-0000-0000-C000-000000000046}" . [HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib] @="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}" "Version"="1.0" . Completion time: 2013-01-09 18:57:05 ComboFix-quarantined-files.txt 2013-01-10 00:57 . Pre-Run: 45,336,084,480 bytes free Post-Run: 45,349,552,128 bytes free . WindowsXP-KB310994-SP2-Home-BootDisk-ENU.exe [boot loader] timeout=2 default=multi(0)disk(0)rdisk(0)partition(1)\WINDOWS [operating systems] c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons UnsupportedDebug="do not select this" /debug multi(0)disk(0)rdisk(0)partition(1)\WINDOWS="Microsoft Windows XP Home Edition" /noexecute=optin /fastdetect . - - End Of File - - 9745D89B75FCBA738EF8C508B39E96E5

Microsoft scanner came up with nothing. Have to go to work so ill do the rest later tonight.

# AdwCleaner v2.105 - Logfile created 01/08/2013 at 08:40:35 # Updated 08/01/2013 by Xplode # Operating system : Microsoft Windows XP Service Pack 3 (32 bits) # User : Michael Senff - DEEZGOOD-D8793A # Boot Mode : Normal # Running from : C:\Documents and Settings\Michael Senff\My Documents\Downloads\adwcleaner.exe # Option [search] ***** [services] ***** ***** [Files / Folders] ***** File Found : C:\END File Found : C:\Program Files\Mozilla Firefox\searchplugins\avg-secure-search.xml Folder Found : C:\Documents and Settings\All Users\Application Data\AVG Secure Search Folder Found : C:\Documents and Settings\Michael Senff\Application Data\AVG Secure Search Folder Found : C:\Documents and Settings\Michael Senff\Local Settings\Application Data\AVG Secure Search Folder Found : C:\Program Files\AVG Secure Search Folder Found : C:\Program Files\Common Files\AVG Secure Search ***** [Registry] ***** Key Found : HKCU\Software\AVG Secure Search Key Found : HKCU\Software\InstallCore Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{95B7759C-8C7F-4BF1-B163-73684A933233} Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{FD6D90C0-E6EE-4BC6-B9F7-9ED319698007} Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{95B7759C-8C7F-4BF1-B163-73684A933233} Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{F25AF245-4A81-40DC-92F9-E9021F207706} Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{FD6D90C0-E6EE-4BC6-B9F7-9ED319698007} Key Found : HKLM\Software\AVG Secure Search Key Found : HKLM\SOFTWARE\Classes\AppID\{1FDFF5A2-7BB1-48E1-8081-7236812B12B2} Key Found : HKLM\SOFTWARE\Classes\AppID\{BB711CB0-C70B-482E-9852-EC05EBD71DBB} Key Found : HKLM\SOFTWARE\Classes\AVG Secure Search.BrowserWndAPI Key Found : HKLM\SOFTWARE\Classes\AVG Secure Search.BrowserWndAPI.1 Key Found : HKLM\SOFTWARE\Classes\AVG Secure Search.PugiObj Key Found : HKLM\SOFTWARE\Classes\AVG Secure Search.PugiObj.1 Key Found : HKLM\SOFTWARE\Classes\CLSID\{4E92DB5F-AAD9-49D3-8EAB-B40CBE5B1FF7} Key Found : HKLM\SOFTWARE\Classes\CLSID\{B658800C-F66E-4EF3-AB85-6C0C227862A9} Key Found : HKLM\SOFTWARE\Classes\CLSID\{E7DF6BFF-55A5-4EB7-A673-4ED3E9456D39} Key Found : HKLM\SOFTWARE\Classes\CLSID\{F25AF245-4A81-40DC-92F9-E9021F207706} Key Found : HKLM\SOFTWARE\Classes\Interface\{03E2A1F3-4402-4121-8B35-733216D61217} Key Found : HKLM\SOFTWARE\Classes\Interface\{4E92DB5F-AAD9-49D3-8EAB-B40CBE5B1FF7} Key Found : HKLM\SOFTWARE\Classes\Interface\{9E3B11F6-4179-4603-A71B-A55F4BCB0BEC} Key Found : HKLM\SOFTWARE\Classes\Interface\{C401D2CE-DC27-45C7-BC0C-8E6EA7F085D6} Key Found : HKLM\SOFTWARE\Classes\TypeLib\{74FB6AFD-DD77-4CEB-83BD-AB2B63E63C93} Key Found : HKLM\SOFTWARE\Classes\TypeLib\{9C049BA6-EA47-4AC3-AED6-A66D8DC9E1D8} Key Found : HKLM\SOFTWARE\Classes\TypeLib\{C2AC8A0E-E48E-484B-A71C-C7A937FAAB94} Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\App Management\ARPCache\AVG Secure Search Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{C6FDD0C3-266A-4DC3-B459-28C697C44CDC} Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{F25AF245-4A81-40DC-92F9-E9021F207706} Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\AVG Secure Search Key Found : HKLM\SOFTWARE\MozillaPlugins\@avg.com/AVG SiteSafety plugin,version=11.0.0.1,application/x-avg-sitesafety-plugin Value Found : HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser [{E7DF6BFF-55A5-4EB7-A673-4ED3E9456D39}] Value Found : HKLM\SOFTWARE\Mozilla\Firefox\Extensions [Avg@toolbar] ***** [internet Browsers] ***** -\\ Internet Explorer v8.0.6001.18702 [OK] Registry is clean. -\\ Mozilla Firefox v17.0.1 (en-US) File : C:\Documents and Settings\Michael Senff\Application Data\Mozilla\Firefox\Profiles\8v50ytho.default\prefs.js [OK] File is clean. -\\ Google Chrome v23.0.1271.97 File : C:\Documents and Settings\Michael Senff\Local Settings\Application Data\Google\Chrome\User Data\Default\Preferences [OK] File is clean. ************************* AdwCleaner[R1].txt - [4170 octets] - [08/01/2013 08:40:35] ########## EOF - C:\AdwCleaner[R1].txt - [4230 octets] ##########

2013/01/07 00:52:01 -0600 DEEZGOOD-D8793A Michael Senff IP-BLOCK 91.188.46.140 (Type: incoming) 2013/01/07 00:52:04 -0600 DEEZGOOD-D8793A Michael Senff IP-BLOCK 91.188.46.140 (Type: incoming) 2013/01/07 00:52:11 -0600 DEEZGOOD-D8793A Michael Senff IP-BLOCK 91.188.46.140 (Type: incoming) 2013/01/07 13:44:16 -0600 DEEZGOOD-D8793A Michael Senff MESSAGE Starting protection 2013/01/07 13:44:16 -0600 DEEZGOOD-D8793A Michael Senff MESSAGE Protection started successfully 2013/01/07 13:44:16 -0600 DEEZGOOD-D8793A Michael Senff MESSAGE Starting IP protection 2013/01/07 13:44:26 -0600 DEEZGOOD-D8793A Michael Senff MESSAGE IP Protection started successfully 2013/01/07 17:55:47 -0600 DEEZGOOD-D8793A MESSAGE Starting protection 2013/01/07 17:55:47 -0600 DEEZGOOD-D8793A MESSAGE Protection started successfully 2013/01/07 17:55:47 -0600 DEEZGOOD-D8793A MESSAGE Starting IP protection 2013/01/07 17:55:58 -0600 DEEZGOOD-D8793A MESSAGE Executing scheduled update: Daily 2013/01/07 17:56:02 -0600 DEEZGOOD-D8793A Michael Senff MESSAGE IP Protection started successfully 2013/01/07 17:56:24 -0600 DEEZGOOD-D8793A Michael Senff MESSAGE Starting database refresh 2013/01/07 17:56:24 -0600 DEEZGOOD-D8793A Michael Senff MESSAGE Stopping IP protection 2013/01/07 17:56:25 -0600 DEEZGOOD-D8793A Michael Senff MESSAGE IP Protection stopped successfully 2013/01/07 17:56:24 -0600 DEEZGOOD-D8793A Michael Senff MESSAGE Scheduled update executed successfully: database updated from version v2013.01.06.03 to version v2013.01.07.11 2013/01/07 17:56:27 -0600 DEEZGOOD-D8793A Michael Senff MESSAGE Database refreshed successfully 2013/01/07 17:56:27 -0600 DEEZGOOD-D8793A Michael Senff MESSAGE Starting IP protection 2013/01/07 17:56:29 -0600 DEEZGOOD-D8793A Michael Senff MESSAGE IP Protection started successfully 2013/01/07 19:52:53 -0600 DEEZGOOD-D8793A Michael Senff IP-BLOCK 195.216.173.188 (Type: outgoing) 2013/01/07 19:52:56 -0600 DEEZGOOD-D8793A Michael Senff IP-BLOCK 195.216.173.188 (Type: outgoing) 2013/01/07 19:53:02 -0600 DEEZGOOD-D8793A Michael Senff IP-BLOCK 195.216.173.188 (Type: outgoing) 2013/01/07 21:05:43 -0600 DEEZGOOD-D8793A Michael Senff IP-BLOCK 203.93.239.76 (Type: outgoing) 2013/01/07 21:05:46 -0600 DEEZGOOD-D8793A Michael Senff IP-BLOCK 203.93.239.76 (Type: outgoing) 2013/01/07 21:05:52 -0600 DEEZGOOD-D8793A Michael Senff IP-BLOCK 203.93.239.76 (Type: outgoing) 2013/01/07 23:18:08 -0600 DEEZGOOD-D8793A Michael Senff IP-BLOCK 218.10.162.65 (Type: outgoing) 2013/01/07 23:18:11 -0600 DEEZGOOD-D8793A Michael Senff IP-BLOCK 218.10.162.65 (Type: outgoing) 2013/01/07 23:18:17 -0600 DEEZGOOD-D8793A Michael Senff IP-BLOCK 218.10.162.65 (Type: outgoing) 2013/01/07 23:40:09 -0600 DEEZGOOD-D8793A Michael Senff IP-BLOCK 89.28.24.123 (Type: incoming) 2013/01/07 23:40:12 -0600 DEEZGOOD-D8793A Michael Senff IP-BLOCK 89.28.24.123 (Type: incoming) 2013/01/07 23:40:18 -0600 DEEZGOOD-D8793A Michael Senff IP-BLOCK 89.28.24.123 (Type: incoming) 2013/01/06 08:44:02 -0600 DEEZGOOD-D8793A MESSAGE Starting protection 2013/01/06 08:44:02 -0600 DEEZGOOD-D8793A MESSAGE Protection started successfully 2013/01/06 08:44:02 -0600 DEEZGOOD-D8793A MESSAGE Starting IP protection 2013/01/06 08:44:09 -0600 DEEZGOOD-D8793A Michael Senff MESSAGE Executing scheduled update: Daily 2013/01/06 08:44:19 -0600 DEEZGOOD-D8793A Michael Senff MESSAGE IP Protection started successfully 2013/01/06 08:44:19 -0600 DEEZGOOD-D8793A Michael Senff MESSAGE Scheduled update executed successfully: database updated from version v2013.01.05.04 to version v2013.01.06.03 2013/01/06 08:44:19 -0600 DEEZGOOD-D8793A Michael Senff MESSAGE Starting database refresh 2013/01/06 08:44:20 -0600 DEEZGOOD-D8793A Michael Senff MESSAGE Stopping IP protection 2013/01/06 08:44:20 -0600 DEEZGOOD-D8793A Michael Senff MESSAGE IP Protection stopped successfully 2013/01/06 08:44:23 -0600 DEEZGOOD-D8793A Michael Senff MESSAGE Database refreshed successfully 2013/01/06 08:44:23 -0600 DEEZGOOD-D8793A Michael Senff MESSAGE Starting IP protection 2013/01/06 08:44:25 -0600 DEEZGOOD-D8793A Michael Senff MESSAGE IP Protection started successfully 2013/01/06 08:47:23 -0600 DEEZGOOD-D8793A Michael Senff MESSAGE Stopping protection 2013/01/06 08:47:23 -0600 DEEZGOOD-D8793A Michael Senff MESSAGE Protection stopped successfully 2013/01/06 08:47:23 -0600 DEEZGOOD-D8793A Michael Senff MESSAGE Stopping IP protection 2013/01/06 08:47:23 -0600 DEEZGOOD-D8793A Michael Senff MESSAGE IP Protection stopped successfully 2013/01/06 08:47:23 -0600 DEEZGOOD-D8793A Michael Senff MESSAGE Protection stopped 2013/01/06 08:52:56 -0600 DEEZGOOD-D8793A Michael Senff MESSAGE Starting protection 2013/01/06 08:52:56 -0600 DEEZGOOD-D8793A Michael Senff MESSAGE Protection started successfully 2013/01/06 08:52:56 -0600 DEEZGOOD-D8793A Michael Senff MESSAGE Starting IP protection 2013/01/06 08:52:58 -0600 DEEZGOOD-D8793A Michael Senff MESSAGE IP Protection started successfully 2013/01/06 10:57:51 -0600 DEEZGOOD-D8793A MESSAGE Starting protection 2013/01/06 10:57:51 -0600 DEEZGOOD-D8793A MESSAGE Protection started successfully 2013/01/06 10:57:51 -0600 DEEZGOOD-D8793A MESSAGE Starting IP protection 2013/01/06 10:58:03 -0600 DEEZGOOD-D8793A Michael Senff MESSAGE IP Protection started successfully 2013/01/06 23:34:51 -0600 DEEZGOOD-D8793A Michael Senff IP-BLOCK 222.70.235.87 (Type: outgoing) 2013/01/06 23:34:54 -0600 DEEZGOOD-D8793A Michael Senff IP-BLOCK 222.70.235.87 (Type: outgoing) 2013/01/06 23:35:00 -0600 DEEZGOOD-D8793A Michael Senff IP-BLOCK 222.70.235.87 (Type: outgoing) 2013/01/06 23:35:12 -0600 DEEZGOOD-D8793A Michael Senff IP-BLOCK 222.70.235.87 (Type: outgoing) 2013/01/06 23:35:15 -0600 DEEZGOOD-D8793A Michael Senff IP-BLOCK 222.70.235.87 (Type: outgoing) 2013/01/06 23:35:21 -0600 DEEZGOOD-D8793A Michael Senff IP-BLOCK 222.70.235.87 (Type: outgoing) 2013/01/06 23:35:33 -0600 DEEZGOOD-D8793A Michael Senff IP-BLOCK 222.70.235.87 (Type: outgoing) 2013/01/06 23:35:36 -0600 DEEZGOOD-D8793A Michael Senff IP-BLOCK 222.70.235.87 (Type: outgoing) 2013/01/06 23:35:42 -0600 DEEZGOOD-D8793A Michael Senff IP-BLOCK 222.70.235.87 (Type: outgoing) 2013/01/06 23:35:58 -0600 DEEZGOOD-D8793A Michael Senff IP-BLOCK 222.70.235.87 (Type: outgoing) 2013/01/06 23:36:01 -0600 DEEZGOOD-D8793A Michael Senff IP-BLOCK 222.70.235.87 (Type: outgoing) 2013/01/06 23:36:07 -0600 DEEZGOOD-D8793A Michael Senff IP-BLOCK 222.70.235.87 (Type: outgoing) 2013/01/05 08:48:11 -0600 DEEZGOOD-D8793A MESSAGE Starting protection 2013/01/05 08:48:11 -0600 DEEZGOOD-D8793A MESSAGE Protection started successfully 2013/01/05 08:48:11 -0600 DEEZGOOD-D8793A MESSAGE Starting IP protection 2013/01/05 08:48:13 -0600 DEEZGOOD-D8793A Michael Senff MESSAGE IP Protection started successfully 2013/01/05 08:54:17 -0600 DEEZGOOD-D8793A Michael Senff MESSAGE Executing scheduled update: Daily 2013/01/05 08:54:25 -0600 DEEZGOOD-D8793A Michael Senff MESSAGE Scheduled update executed successfully: database updated from version v2013.01.05.02 to version v2013.01.05.04 2013/01/05 08:54:25 -0600 DEEZGOOD-D8793A Michael Senff MESSAGE Starting database refresh 2013/01/05 08:54:26 -0600 DEEZGOOD-D8793A Michael Senff MESSAGE Stopping IP protection 2013/01/05 08:54:26 -0600 DEEZGOOD-D8793A Michael Senff MESSAGE IP Protection stopped successfully 2013/01/05 08:54:29 -0600 DEEZGOOD-D8793A Michael Senff MESSAGE Database refreshed successfully 2013/01/05 08:54:29 -0600 DEEZGOOD-D8793A Michael Senff MESSAGE Starting IP protection 2013/01/05 08:54:31 -0600 DEEZGOOD-D8793A Michael Senff MESSAGE IP Protection started successfully 2013/01/05 15:13:30 -0600 DEEZGOOD-D8793A Michael Senff IP-BLOCK 89.28.82.55 (Type: incoming) 2013/01/05 15:13:33 -0600 DEEZGOOD-D8793A Michael Senff IP-BLOCK 89.28.82.55 (Type: incoming) 2013/01/05 15:13:39 -0600 DEEZGOOD-D8793A Michael Senff IP-BLOCK 89.28.82.55 (Type: incoming) 2013/01/05 16:15:25 -0600 DEEZGOOD-D8793A Michael Senff IP-BLOCK 89.28.82.55 (Type: outgoing) 2013/01/05 16:15:28 -0600 DEEZGOOD-D8793A Michael Senff IP-BLOCK 89.28.82.55 (Type: outgoing) 2013/01/05 16:15:34 -0600 DEEZGOOD-D8793A Michael Senff IP-BLOCK 89.28.82.55 (Type: outgoing)

Malwarebytes Anti-Malware (Trial) 1.70.0.1100 www.malwarebytes.org Database version: v2013.01.06.03 Windows XP Service Pack 3 x86 NTFS Internet Explorer 8.0.6001.18702 Michael Senff :: DEEZGOOD-D8793A [administrator] Protection: Enabled 1/6/2013 9:14:27 AM mbam-log-2013-01-06 (09-14-27).txt Scan type: Full scan (C:\|D:\|) Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM Scan options disabled: P2P Objects scanned: 249617 Time elapsed: 21 minute(s), 7 second(s) Memory Processes Detected: 0 (No malicious items detected) Memory Modules Detected: 0 (No malicious items detected) Registry Keys Detected: 0 (No malicious items detected) Registry Values Detected: 0 (No malicious items detected) Registry Data Items Detected: 0 (No malicious items detected) Folders Detected: 0 (No malicious items detected) Files Detected: 0 (No malicious items detected) (end)

aswMBR version 0.9.9.1707 Copyright© 2011 AVAST Software Run date: 2013-01-06 09:10:20 ----------------------------- 09:10:20.625 OS Version: Windows 5.1.2600 Service Pack 3 09:10:20.625 Number of processors: 4 586 0x2A07 09:10:20.625 ComputerName: DEEZGOOD-D8793A UserName: Michael Senff 09:10:21.000 Initialize success 09:11:52.187 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IdeDeviceP4T0L0-b 09:11:52.187 Disk 0 Vendor: WDC_WD740GD-00FLC0 33.08F33 Size: 70910MB BusType: 3 09:11:52.187 Disk 0 MBR read successfully 09:11:52.187 Disk 0 MBR scan 09:11:52.187 Disk 0 Windows XP default MBR code 09:11:52.187 Disk 0 Partition 1 80 (A) 07 HPFS/NTFS NTFS 70896 MB offset 63 09:11:52.187 Disk 0 scanning sectors +145195470 09:11:52.218 Disk 0 scanning C:\WINDOWS\system32\drivers 09:11:59.000 Service scanning 09:12:01.046 Service MpKsl2a3864f7 c:\Documents and Settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{0BD60223-5EBA-4621-8746-38ADEA8515DE}\MpKsl2a3864f7.sys **LOCKED** 32 09:12:03.625 Modules scanning 09:12:05.828 Scan finished successfully 09:12:22.156 Disk 0 MBR has been saved successfully to "C:\Documents and Settings\Michael Senff\Desktop\MBR.dat" 09:12:22.171 The log file has been saved successfully to "C:\Documents and Settings\Michael Senff\Desktop\aswMBR.txt"

Farbar log Farbar Service Scanner Version: 05-01-2013 Ran by Michael Senff (administrator) on 06-01-2013 at 09:08:03 Running from "C:\Documents and Settings\Michael Senff\Desktop" Microsoft Windows XP Service Pack 3 (X86) Boot Mode: Normal **************************************************************** Internet Services: ============ Connection Status: ============== Localhost is accessible. LAN connected. Google IP is accessible. Google.com is accessible. Yahoo IP is accessible. Yahoo.com is accessible. Windows Firewall: ============= Firewall Disabled Policy: ================== System Restore: ============ System Restore Disabled Policy: ======================== Security Center: ============ Windows Update: ============ Windows Autoupdate Disabled Policy: ============================ File Check: ======== C:\WINDOWS\system32\dhcpcsvc.dll => MD5 is legit C:\WINDOWS\system32\Drivers\afd.sys => MD5 is legit C:\WINDOWS\system32\Drivers\netbt.sys => MD5 is legit C:\WINDOWS\system32\Drivers\tcpip.sys => MD5 is legit C:\WINDOWS\system32\Drivers\ipsec.sys => MD5 is legit C:\WINDOWS\system32\dnsrslvr.dll => MD5 is legit C:\WINDOWS\system32\ipnathlp.dll => MD5 is legit C:\WINDOWS\system32\netman.dll => MD5 is legit C:\WINDOWS\system32\wbem\WMIsvc.dll => MD5 is legit C:\WINDOWS\system32\srsvc.dll => MD5 is legit C:\WINDOWS\system32\Drivers\sr.sys => MD5 is legit C:\WINDOWS\system32\wscsvc.dll => MD5 is legit C:\WINDOWS\system32\wbem\WMIsvc.dll => MD5 is legit C:\WINDOWS\system32\wuauserv.dll => MD5 is legit C:\WINDOWS\system32\qmgr.dll => MD5 is legit C:\WINDOWS\system32\es.dll => MD5 is legit C:\WINDOWS\system32\cryptsvc.dll => MD5 is legit C:\WINDOWS\system32\svchost.exe => MD5 is legit C:\WINDOWS\system32\rpcss.dll => MD5 is legit C:\WINDOWS\system32\services.exe => MD5 is legit Extra List: ======= Gpc(3) IPSec(5) NetBT(6) PSched(7) Tcpip(4) 0x0700000005000000010000000200000003000000040000000600000007000000 IpSec Tag value is correct. **** End of log ****

What time of day does the outgoing IP blocks occur? Early morning 7am -9am, or 7pm-1am. These are the times I am on my computer if I do get on. I'm at work the rest of the day. I have noticed blocks at both times, both outgoing, and more recently ive noticed some incoming ones. Ive looked up a few of the IP adresses. One from Ukraine, one from Bosnia, one from China, and one from Washington St. What is running {of your programs} when this happens ? Firefox or League fo Legends. Do you have or use instant messenger programs? which ? Windows messenger is installed by default, but I have never used it. Are you browsing / websurfing the internet when the blocks occur? yes Does this machine have a 3rd-party firewall program? Not that have have done, so no

JRT log ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ Junkware Removal Tool (JRT) by Thisisu Version: 4.4.1 (01.06.2013:2) OS: Microsoft Windows XP x86 Ran by Michael Senff on Sun 01/06/2013 at 8:48:31.15 Blog: http://thisisudax.blogspot.com ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ ~~~ Services ~~~ Registry Values Successfully repaired: [Registry Value] hkey_local_machine\software\microsoft\internet explorer\searchscopes\{0633ee93-d776-472f-a0ff-e1416b8b2e3a}\\DisplayName Successfully repaired: [Registry Value] hkey_local_machine\software\microsoft\internet explorer\searchscopes\{0633ee93-d776-472f-a0ff-e1416b8b2e3a}\\URL ~~~ Registry Keys ~~~ Files ~~~ Folders ~~~ Chrome Successfully deleted: [Folder] C:\Documents and Settings\Michael Senff\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\licjnkifamhpbaefhdpacpmihicfbomb ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ Scan was completed on Sun 01/06/2013 at 8:50:58.53 End of JRT log ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

Having a problem with the Junkware removal tool. Everytime i try to run a scan, it gets hung up when it scans internet explorer. I let it sit for a good 6 hours before i closed it out. You said it would take awhile to run the scan, but would it really take that long just to do the IE portion of the scan? The computer seems to be running fine. I am still receiving plenty of Outgoing and Incoming IP blocks. It only seems to be during certain times of the day.

Step 3 log ESETSmartInstaller@High as CAB hook log: OnlineScanner.ocx - registred OK # version=8 # iexplore.exe=8.00.6001.18702 (longhorn_ie8_rtm(wmbla).090308-0339) # OnlineScanner.ocx=1.0.0.6844 # api_version=3.0.2 # EOSSerial=bd91ae80d2296d499eacc08e3c8655a3 # end=finished # remove_checked=false # archives_checked=true # unwanted_checked=true # unsafe_checked=true # antistealth_checked=true # utc_time=2013-01-03 12:42:54 # local_time=2013-01-02 06:42:54 (-0600, Central Standard Time) # country="United States" # lang=1033 # osver=5.1.2600 NT Service Pack 3 # compatibility_mode=5892 16777213 88 94 0 9866346 0 0 # scanned=39369 # found=0 # cleaned=0 # scan_time=682

Step 2 Log All processes killed ========== COMMANDS ========== C:\WINDOWS\System32\drivers\etc\Hosts moved successfully. HOSTS file reset successfully [EMPTYTEMP] User: All Users User: Default User ->Temp folder emptied: 0 bytes ->Temporary Internet Files folder emptied: 0 bytes User: LocalService ->Temp folder emptied: 0 bytes ->Temporary Internet Files folder emptied: 33170 bytes User: Michael Senff ->Temp folder emptied: 888333 bytes ->Temporary Internet Files folder emptied: 33170 bytes ->FireFox cache emptied: 4147952 bytes ->Google Chrome cache emptied: 0 bytes ->Flash cache emptied: 492 bytes User: NetworkService ->Temp folder emptied: 2254 bytes ->Temporary Internet Files folder emptied: 33170 bytes User: UpdatusUser ->Temp folder emptied: 0 bytes ->Temporary Internet Files folder emptied: 0 bytes %systemdrive% .tmp files removed: 0 bytes %systemroot% .tmp files removed: 0 bytes %systemroot%\System32 .tmp files removed: 0 bytes %systemroot%\System32\dllcache .tmp files removed: 0 bytes %systemroot%\System32\drivers .tmp files removed: 0 bytes Windows Temp folder emptied: 13176 bytes %systemroot%\system32\config\systemprofile\Local Settings\Temp folder emptied: 0 bytes %systemroot%\system32\config\systemprofile\Local Settings\Temporary Internet Files folder emptied: 0 bytes RecycleBin emptied: 0 bytes Total Files Cleaned = 5.00 mb Restore point Set: OTL Restore Point [EMPTYFLASH] User: All Users User: Default User User: LocalService User: Michael Senff ->Flash cache emptied: 0 bytes User: NetworkService User: UpdatusUser Total Flash Files Cleaned = 0.00 mb [EMPTYJAVA] User: All Users User: Default User User: LocalService User: Michael Senff User: NetworkService User: UpdatusUser Total Java Files Cleaned = 0.00 mb OTL by OldTimer - Version 3.2.69.0 log created on 01022013_181836 Files\Folders moved on Reboot... PendingFileRenameOperations files... Registry entries deleted on Reboot...

>C:\Documents and Settings\Michael Senff\Local Settings\Temp\8CD95628-6839BAB8-8251CD28-34F710F0\3jjqtynh.dll is BINARYRES container >>C:\Documents and Settings\Michael Senff\Local Settings\Temp\8CD95628-6839BAB8-8251CD28-34F710F0\3jjqtynh.dll\data003 - packed by BINARYRES C:\Documents and Settings\Michael Senff\Local Settings\Temp\Temporary Directory 3 for mbar-1.01.0.1011 (1).zip\mbar\License.rtf - Ok >C:\Documents and Settings\Michael Senff\Local Settings\Temp\D6FE5BC9-1415B5A2-6B4D7F65-CE33891B\3jjqtynh.dll is BINARYRES container >>C:\Documents and Settings\Michael Senff\Local Settings\Temp\8CD95628-6839BAB8-8251CD28-34F710F0\3jjqtynh.dll\data004 - packed by BINARYRES >>C:\Documents and Settings\Michael Senff\Local Settings\Temp\D6FE5BC9-1415B5A2-6B4D7F65-CE33891B\3jjqtynh.dll\data003 - packed by BINARYRES C:\Documents and Settings\Michael Senff\Local Settings\Temp\8CD95628-6839BAB8-8251CD28-34F710F0\3jjqtynh.dll - container >>C:\Documents and Settings\Michael Senff\Local Settings\Temp\D6FE5BC9-1415B5A2-6B4D7F65-CE33891B\3jjqtynh.dll\data004 - packed by BINARYRES C:\Documents and Settings\Michael Senff\Local Settings\Temp\D6FE5BC9-1415B5A2-6B4D7F65-CE33891B\3jjqtynh.dll - container >>C:\Documents and Settings\Michael Senff\Local Settings\Temp\ToolbarInstaller.exe\data002 is BINARYRES container C:\Documents and Settings\Michael Senff\Local Settings\Temp\ToolbarInstaller.exe\data002\data001 - Ok C:\Documents and Settings\Michael Senff\Local Settings\Temp\Temporary Directory 4 for mbar-1.01.0.1011 (1).zip\mbar\mbam.dll - Ok C:\Documents and Settings\Michael Senff\Local Settings\Temp\ToolbarInstaller.exe\data002\data002 - Ok C:\Documents and Settings\Michael Senff\Local Settings\Temp\WERf24b.dir00\appcompat.txt - Ok C:\Documents and Settings\Michael Senff\Local Settings\Temp\ToolbarInstaller.exe\data002\data003 - Ok C:\Documents and Settings\Michael Senff\Local Settings\Temp\ToolbarInstaller.exe\data002\data004 - Ok C:\Documents and Settings\Michael Senff\Local Settings\Temp\WERf24b.dir00\IEXPLORE.EXE.hdmp - Ok C:\Documents and Settings\Michael Senff\Local Settings\Temp\ToolbarInstaller.exe\data002\data005 - Ok C:\Documents and Settings\Michael Senff\Local Settings\Temp\ToolbarInstaller.exe\data002\data006 - Ok C:\Documents and Settings\Michael Senff\Local Settings\Temp\ToolbarInstaller.exe\data002\data007 - Ok >C:\Documents and Settings\Michael Senff\Local Settings\Temp\Temporary Directory 1 for mbar-1.01.0.1011 (1).zip\mbar\mbar.exe is BINARYRES container C:\Documents and Settings\Michael Senff\Local Settings\Temp\WERf24b.dir00\IEXPLORE.EXE.mdmp - Ok C:\Documents and Settings\Michael Senff\Local Settings\Temp\WERf24b.dir00\manifest.txt - Ok >>C:\Documents and Settings\Michael Senff\Local Settings\Temp\Temporary Directory 1 for mbar-1.01.0.1011 (1).zip\mbar\mbar.exe\data001 - packed by BINARYRES C:\Documents and Settings\Michael Senff\Local Settings\Temp\_ir_tmpfnt_1\Calibri.FON - Ok >>C:\Documents and Settings\Michael Senff\Local Settings\Temp\Temporary Directory 1 for mbar-1.01.0.1011 (1).zip\mbar\mbar.exe\data002 - packed by BINARYRES >>>C:\Documents and Settings\Michael Senff\Local Settings\Temp\ToolbarInstaller.exe\data002\data008 - packed by BINARYRES >>C:\Documents and Settings\Michael Senff\Local Settings\Temp\Temporary Directory 1 for mbar-1.01.0.1011 (1).zip\mbar\mbar.exe\data006 is ZLIB container C:\Documents and Settings\Michael Senff\Local Settings\Temp\ToolbarInstaller.exe\data002\data008 - Ok C:\Documents and Settings\Michael Senff\Local Settings\Temp\ToolbarInstaller.exe\data002 - Ok C:\Documents and Settings\Michael Senff\Local Settings\Temp\ToolbarInstaller.exe - Ok C:\Documents and Settings\Michael Senff\Local Settings\Temp\ToolbarInstaller.exe - container C:\Documents and Settings\Michael Senff\Local Settings\Temp\is754907076\1086062379.cfg - Ok C:\Documents and Settings\Michael Senff\Local Settings\Temp\Temporary Directory 1 for mbar-1.01.0.1011 (1).zip\mbar\mbar.exe - container C:\Documents and Settings\Michael Senff\Local Settings\Temp\is754907076\11592134.cfg - Ok C:\Documents and Settings\Michael Senff\Local Settings\Temp\is754907076\1356238373.cfg - Ok C:\Documents and Settings\Michael Senff\Local Settings\Temp\is754907076\2078219770.cfg - Ok C:\Documents and Settings\Michael Senff\Local Settings\Temp\_ir_tmpfnt_1\Calibri.TFT - Ok C:\Documents and Settings\Michael Senff\Local Settings\Temp\is754907076\454288769.cfg - Ok C:\Documents and Settings\Michael Senff\Local Settings\Temp\is754907076\520036212.cfg - Ok C:\Documents and Settings\Michael Senff\Local Settings\Temp\is754907076\537770292.cfg - Ok C:\Documents and Settings\Michael Senff\Local Settings\Temp\is754907076\69234_Setup.CIS - Ok C:\Documents and Settings\Michael Senff\Local Settings\Temp\is754907076\69070_Setup.CIS - Ok >C:\Documents and Settings\Michael Senff\Local Settings\Temp\Temporary Directory 5 for mbar-1.01.0.1011 (1).zip\mbar\mbamcore.dll is BINARYRES container C:\Documents and Settings\Michael Senff\Local Settings\Temp\Temporary Directory 5 for mbar-1.01.0.1011 (1).zip\mbar\mbamcore.dll - container C:\Documents and Settings\Michael Senff\Local Settings\Temp\is754907076\69286_Setup.CIS - Ok C:\Documents and Settings\Michael Senff\Local Settings\Temp\is754907076\92785961.cfg - Ok C:\Documents and Settings\Michael Senff\Local Settings\Temp\is754907076\69416_Setup.CIS - Ok C:\Documents and Settings\Michael Senff\Local Settings\Temp\isp241.tmp\_Setup.dll - Ok >C:\Documents and Settings\Michael Senff\Local Settings\Temp\oi_l9QOA1j2VI\EVrMEgeYLP.html is JS-HTML container C:\Documents and Settings\Michael Senff\Local Settings\Temp\oi_l9QOA1j2VI\EVrMEgeYLP.html - container >C:\Documents and Settings\Michael Senff\Local Settings\Temp\oi_l9QOA1j2VI\EVrMEgeYLP.mht is JS-HTML container C:\Documents and Settings\Michael Senff\Local Settings\Temp\isp195.tmp\_Setup.dll - Ok C:\Documents and Settings\Michael Senff\Local Settings\Temp\oi_l9QOA1j2VI\EVrMEgeYLP.mht - container >C:\Documents and Settings\Michael Senff\Local Settings\Temp\oi_l9QOA1j2VI\FxwJX4y5Zd.html is JS-HTML container >C:\Documents and Settings\Michael Senff\Local Settings\Temp\oi_l9QOA1j2VI\FxwJX4y5Zd.mht is JS-HTML container C:\Documents and Settings\Michael Senff\Local Settings\Temp\oi_l9QOA1j2VI\FxwJX4y5Zd.mht - container C:\Documents and Settings\Michael Senff\Local Settings\Temp\oi_l9QOA1j2VI\FxwJX4y5Zd.html - container >C:\Documents and Settings\Michael Senff\Local Settings\Temp\oi_l9QOA1j2VI\Hg6Sncsuoe.mht is JS-HTML container >C:\Documents and Settings\Michael Senff\Local Settings\Temp\oi_l9QOA1j2VI\Hg6Sncsuoe.html is JS-HTML container C:\Documents and Settings\Michael Senff\Local Settings\Temp\oi_l9QOA1j2VI\Hg6Sncsuoe.html - container C:\Documents and Settings\Michael Senff\Local Settings\Temp\oi_l9QOA1j2VI\Hg6Sncsuoe.mht - container >C:\Documents and Settings\Michael Senff\Local Settings\Temp\SUPERSetup\SupportCom_Chrome_v1.exe - packed by FLY-CODE >C:\Documents and Settings\Michael Senff\Local Settings\Temp\oi_l9QOA1j2VI\KCPab4WbLD.mht is JS-HTML container >C:\Documents and Settings\Michael Senff\Local Settings\Temp\oi_l9QOA1j2VI\KCPab4WbLD.html is JS-HTML container C:\Documents and Settings\Michael Senff\Local Settings\Temp\oi_l9QOA1j2VI\KCPab4WbLD.mht - container C:\Documents and Settings\Michael Senff\Local Settings\Temp\oi_l9QOA1j2VI\KCPab4WbLD.html - container >C:\Documents and Settings\Michael Senff\Local Settings\Temp\oi_l9QOA1j2VI\oilocal_main.min.js is JS-HTML container C:\Documents and Settings\Michael Senff\Local Settings\Temp\oi_l9QOA1j2VI\oilocal_main.min.js - container C:\Documents and Settings\Michael Senff\Local Settings\Temp\Temporary Directory 6 for mbar-1.01.0.1011 (1).zip\mbar\mbamnet.dll - Ok >C:\Documents and Settings\Michael Senff\Local Settings\Temp\oi_l9QOA1j2VI\oilocal_screen_2_4.min.js is JS-HTML container C:\Documents and Settings\Michael Senff\Local Settings\Temp\oi_l9QOA1j2VI\oilocal_screen_2_4.min.js - container C:\Documents and Settings\Michael Senff\Local Settings\Temp\oi_l9QOA1j2VI\oilocal_screen_2.min.js - Ok >>C:\Documents and Settings\Michael Senff\Local Settings\Temp\SUPERSetup\SupportCom_Chrome_v1.exe is NSIS container >C:\Documents and Settings\Michael Senff\Local Settings\Temp\oi_l9QOA1j2VI\OIAssistWTD.exe - packed by FLY-CODE >C:\Documents and Settings\Michael Senff\Local Settings\Temp\oi_l9QOA1j2VI\T1tspDjYSX.html is JS-HTML container >C:\Documents and Settings\Michael Senff\Local Settings\Temp\oi_l9QOA1j2VI\T1tspDjYSX.mht is JS-HTML container C:\Documents and Settings\Michael Senff\Local Settings\Temp\oi_l9QOA1j2VI\T1tspDjYSX.html - container C:\Documents and Settings\Michael Senff\Local Settings\Temp\oi_l9QOA1j2VI\T1tspDjYSX.mht - container >>>C:\Documents and Settings\Michael Senff\Local Settings\Temp\SUPERSetup\SupportCom_Chrome_v1.exe\GoogleUpdateSetup_1.3.21.123.exe is LZMA container >>C:\Documents and Settings\Michael Senff\Local Settings\Temp\oi_l9QOA1j2VI\OIAssistWTD.exe is LZMA container >C:\Documents and Settings\Michael Senff\Local Settings\Temp\oi_l9QOA1j2VI\wSInfVDLtW.html is JS-HTML container >C:\Documents and Settings\Michael Senff\Local Settings\Temp\oi_l9QOA1j2VI\winzip170-32.msi is OLE container C:\Documents and Settings\Michael Senff\Local Settings\Temp\oi_l9QOA1j2VI\wSInfVDLtW.html - container C:\Documents and Settings\Michael Senff\Local Settings\Temp\SUPERSetup\SupportCom_Chrome_v1.exe - container >C:\Documents and Settings\Michael Senff\Local Settings\Temp\oi_l9QOA1j2VI\wSInfVDLtW.mht is JS-HTML container C:\Documents and Settings\Michael Senff\Local Settings\Temp\oi_l9QOA1j2VI\wSInfVDLtW.mht - container >C:\Documents and Settings\Michael Senff\Local Settings\Temp\{457D7505-D665-4F95-91C3-ECB8C56E9ACA}\ycc.dll is BINARYRES container C:\Documents and Settings\Michael Senff\Local Settings\Temp\{457D7505-D665-4F95-91C3-ECB8C56E9ACA}\ycc.dll - container C:\Documents and Settings\Michael Senff\Local Settings\Temp\oi_l9QOA1j2VI\OIAssistWTD.exe - container >C:\Documents and Settings\Michael Senff\Local Settings\Temp\{9D881ADB-E350-4118-8146-09BCC96D6EDE}\{92606477-9366-4D3B-8AE3-6BE4B29727AB}\Aug2008_d3dx10_39_x86.cab is CAB archive C:\Documents and Settings\Michael Senff\Local Settings\Temp\{9D881ADB-E350-4118-8146-09BCC96D6EDE}\{92606477-9366-4D3B-8AE3-6BE4B29727AB}\Aug2008_d3dx10_39_x86.cab - Ok C:\Documents and Settings\Michael Senff\Local Settings\Temp\{9D881ADB-E350-4118-8146-09BCC96D6EDE}\{92606477-9366-4D3B-8AE3-6BE4B29727AB}\Aug2008_d3dx10_39_x86.cab - archive >C:\Documents and Settings\Michael Senff\Local Settings\Temp\{668771E9-5081-4BDF-B025-C1E6722C2542}\ISSetup.dll - packed by UPX >C:\Documents and Settings\Michael Senff\Local Settings\Temp\{9D881ADB-E350-4118-8146-09BCC96D6EDE}\{92606477-9366-4D3B-8AE3-6BE4B29727AB}\Aug2008_d3dx9_39_x86.cab is CAB archive C:\Documents and Settings\Michael Senff\Local Settings\Temp\{9D881ADB-E350-4118-8146-09BCC96D6EDE}\{92606477-9366-4D3B-8AE3-6BE4B29727AB}\Aug2008_d3dx9_39_x86.cab - Ok C:\Documents and Settings\Michael Senff\Local Settings\Temp\{9D881ADB-E350-4118-8146-09BCC96D6EDE}\{92606477-9366-4D3B-8AE3-6BE4B29727AB}\Aug2008_d3dx9_39_x86.cab - archive C:\Documents and Settings\Michael Senff\Local Settings\Temp\{668771E9-5081-4BDF-B025-C1E6722C2542}\_Setup.dll - Ok >C:\Documents and Settings\Michael Senff\Local Settings\Temp\{9D881ADB-E350-4118-8146-09BCC96D6EDE}\{92606477-9366-4D3B-8AE3-6BE4B29727AB}\Aug2008_XAudio_x86.cab is CAB archive C:\Documents and Settings\Michael Senff\Local Settings\Temp\{9D881ADB-E350-4118-8146-09BCC96D6EDE}\{92606477-9366-4D3B-8AE3-6BE4B29727AB}\Aug2008_XAudio_x86.cab - Ok C:\Documents and Settings\Michael Senff\Local Settings\Temp\{9D881ADB-E350-4118-8146-09BCC96D6EDE}\{92606477-9366-4D3B-8AE3-6BE4B29727AB}\Aug2008_XAudio_x86.cab - archive C:\Documents and Settings\Michael Senff\Local Settings\Temp\{9D881ADB-E350-4118-8146-09BCC96D6EDE}\{92606477-9366-4D3B-8AE3-6BE4B29727AB}\DSETUP.dll - Ok >C:\Documents and Settings\Michael Senff\Local Settings\Temp\{9D881ADB-E350-4118-8146-09BCC96D6EDE}\{92606477-9366-4D3B-8AE3-6BE4B29727AB}\dxdllreg_x86.cab is CAB archive C:\Documents and Settings\Michael Senff\Local Settings\Temp\{9D881ADB-E350-4118-8146-09BCC96D6EDE}\{92606477-9366-4D3B-8AE3-6BE4B29727AB}\dxdllreg_x86.cab - Ok C:\Documents and Settings\Michael Senff\Local Settings\Temp\{9D881ADB-E350-4118-8146-09BCC96D6EDE}\{92606477-9366-4D3B-8AE3-6BE4B29727AB}\dxdllreg_x86.cab - archive >C:\Documents and Settings\Michael Senff\Local Settings\Temp\{9D881ADB-E350-4118-8146-09BCC96D6EDE}\{92606477-9366-4D3B-8AE3-6BE4B29727AB}\dxnt.cab is CAB archive C:\Documents and Settings\Michael Senff\Local Settings\Temp\{9D881ADB-E350-4118-8146-09BCC96D6EDE}\{92606477-9366-4D3B-8AE3-6BE4B29727AB}\dxnt.cab - Ok C:\Documents and Settings\Michael Senff\Local Settings\Temp\{9D881ADB-E350-4118-8146-09BCC96D6EDE}\{92606477-9366-4D3B-8AE3-6BE4B29727AB}\dxnt.cab - archive C:\Documents and Settings\Michael Senff\Local Settings\Temp\{668771E9-5081-4BDF-B025-C1E6722C2542}\ISSetup.dll - Ok >C:\Documents and Settings\Michael Senff\Local Settings\Temp\{9D881ADB-E350-4118-8146-09BCC96D6EDE}\{92606477-9366-4D3B-8AE3-6BE4B29727AB}\dxupdate.cab is CAB archive C:\Documents and Settings\Michael Senff\Local Settings\Temp\{9D881ADB-E350-4118-8146-09BCC96D6EDE}\{92606477-9366-4D3B-8AE3-6BE4B29727AB}\dxupdate.cab - Ok C:\Documents and Settings\Michael Senff\Local Settings\Temp\{9D881ADB-E350-4118-8146-09BCC96D6EDE}\{92606477-9366-4D3B-8AE3-6BE4B29727AB}\dxupdate.cab - archive C:\Documents and Settings\Michael Senff\Local Settings\Temp\~nsu.tmp\1 - Ok C:\Documents and Settings\Michael Senff\Local Settings\Temp\{9D881ADB-E350-4118-8146-09BCC96D6EDE}\{92606477-9366-4D3B-8AE3-6BE4B29727AB}\DXSETUP.exe - Ok C:\Documents and Settings\Michael Senff\Local Settings\Temp\{9D881ADB-E350-4118-8146-09BCC96D6EDE}\{92606477-9366-4D3B-8AE3-6BE4B29727AB}\dsetup32.dll - Ok >C:\Documents and Settings\Michael Senff\Local Settings\Temp\oi_l9QOA1j2VI\avg.exe is BINARYRES container >C:\Documents and Settings\Michael Senff\Local Settings\Temp\is754907076\69060_Setup.EXE is CAB archive C:\Documents and Settings\Michael Senff\Local Settings\Temp\is754907076\69060_Setup.EXE - Ok C:\Documents and Settings\Michael Senff\Local Settings\Temp\is754907076\69060_Setup.EXE - archive >>C:\Documents and Settings\Michael Senff\Local Settings\Temp\oi_l9QOA1j2VI\avg.exe\data001 is BINARYRES container >>>C:\Documents and Settings\Michael Senff\Local Settings\Temp\oi_l9QOA1j2VI\avg.exe\data001\data001 is ZIP archive C:\Documents and Settings\Michael Senff\Local Settings\Temp\oi_l9QOA1j2VI\avg.exe\data001\data001 - Ok >>>C:\Documents and Settings\Michael Senff\Local Settings\Temp\oi_l9QOA1j2VI\avg.exe\data001\data002 is BINARYRES container C:\Documents and Settings\Michael Senff\Local Settings\Temp\oi_l9QOA1j2VI\avg.exe\data001\data002\data001 - Ok C:\Documents and Settings\Michael Senff\Local Settings\Temp\oi_l9QOA1j2VI\avg.exe\data001\data002\data002 - Ok C:\Documents and Settings\Michael Senff\Local Settings\Temp\oi_l9QOA1j2VI\avg.exe\data001\data002\data003 - Ok C:\Documents and Settings\Michael Senff\Local Settings\Temp\oi_l9QOA1j2VI\avg.exe\data001\data002\data004 - Ok C:\Documents and Settings\Michael Senff\Local Settings\Temp\oi_l9QOA1j2VI\avg.exe\data001\data002\data005 - Ok C:\Documents and Settings\Michael Senff\Local Settings\Temp\oi_l9QOA1j2VI\avg.exe\data001\data002\data006 - Ok C:\Documents and Settings\Michael Senff\Local Settings\Temp\oi_l9QOA1j2VI\avg.exe\data001\data002\data007 - Ok >>>>C:\Documents and Settings\Michael Senff\Local Settings\Temp\oi_l9QOA1j2VI\avg.exe\data001\data002\data008 - packed by BINARYRES C:\Documents and Settings\Michael Senff\Local Settings\Temp\oi_l9QOA1j2VI\avg.exe\data001\data002\data008 - Ok C:\Documents and Settings\Michael Senff\Local Settings\Temp\oi_l9QOA1j2VI\avg.exe\data001\data002 - Ok C:\Documents and Settings\Michael Senff\Local Settings\Temp\oi_l9QOA1j2VI\avg.exe\data001 - Ok C:\Documents and Settings\Michael Senff\Local Settings\Temp\oi_l9QOA1j2VI\avg.exe\data002 - Ok C:\Documents and Settings\Michael Senff\Local Settings\Temp\oi_l9QOA1j2VI\avg.exe\data003 - Ok C:\Documents and Settings\Michael Senff\Local Settings\Temp\oi_l9QOA1j2VI\avg.exe\data004 - Ok C:\Documents and Settings\Michael Senff\Local Settings\Temp\oi_l9QOA1j2VI\avg.exe - Ok C:\Documents and Settings\Michael Senff\Local Settings\Temp\oi_l9QOA1j2VI\avg.exe - container >>C:\Documents and Settings\Michael Senff\Local Settings\Temp\oi_l9QOA1j2VI\winzip170-32.msi\stream000 is CAB archive C:\Documents and Settings\Michael Senff\Local Settings\Temp\oi_l9QOA1j2VI\winzip170-32.msi\stream000 - Ok C:\Documents and Settings\Michael Senff\Local Settings\Temp\oi_l9QOA1j2VI\winzip170-32.msi - Ok C:\Documents and Settings\Michael Senff\Local Settings\Temp\oi_l9QOA1j2VI\winzip170-32.msi - container Total 7302408788 bytes in 18053 files scanned (21586 objects) Total 18037 files (21568 objects) are clean Total 1 file are infected Total 17 files are raised error condition Scan time is 00:08:35.657 ----------------------------------------------------------------------------- Start curing ----------------------------------------------------------------------------- C:\System Volume Information\_restore{9E586582-73F2-4E86-A1A7-15BAC21717D1}\RP21\A0007646.dll - quarantined Total 7302408788 bytes in 18053 files scanned (21586 objects) Total 18037 files (21568 objects) are clean Total 1 file are infected Total 1 file are neutralized Total 17 files are raised error condition Scan time is 00:08:35.657