[RESOLVED] MALWARE - Fast Clean Pro

I tried to download a CODEC pack for Windows Media Player from CNET.com, but had been tricked into downloading a file called "WECPSetup.exe". After clicking it, FastClean PRO had been installed, and a new search toolbar appeared on my IE 8.0.6001.18702 I am running Windows XP Pro on the PC.

Now, the PC is having this FastClean Pro running all the time and consuming more than 50% of the CPU, and the PC is as slow like a snail.

I have google for a good way of removing this malware, and there are many sites asking to download their 'removal tools', which I think are just more malware.

Is there a good way to getting rid of this FirstClean Pro?

I appreciate your help.

Please read the ICU forum rules.
http://discussions.virtualdr.com/sho...d-4-28-2013%29

Copy and paste the MBAM and DDS logs back here. If the logs are too long, split them across multiple posts. After that, follow Broni's instructions CAREFULLY.

============= MalwareBytes Log ======= run on March 4, 2014
=======================================================

Malwarebytes Anti-Malware 1.75.0.1300
www.malwarebytes.org

Database version: v2014.03.04.11

Windows XP Service Pack 3 x86 NTFS
Internet Explorer 8.0.6001.18702
ADMIN :: TEST-0EDA6CF69E [administrator]

3/4/2014 7:55:40 PM
mbam-log-2014-03-04 (19-55-40).txt

Scan type: Quick scan
Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM
Scan options disabled: P2P
Objects scanned: 255216
Time elapsed: 34 minute(s), 13 second(s)

Memory Processes Detected: 3
C:\Program Files\FindRight\updateFindRight.exe (PUP.Optional.FindRight.A) -> 4028 -> Delete on reboot.
C:\Program Files\FindRight\bin\utilFindRight.exe (PUP.Optional.FindRight.A) -> 4888 -> Delete on reboot.
C:\Documents and Settings\ADMIN\Application Data\Search Protection\SearchProtection.exe (PUP.Optional.SearchProtection.A) -> 3636 -> Delete on reboot.

Memory Modules Detected: 5
C:\Program Files\FindRight\FindRightBHO.dll (PUP.Optional.FindRight.A) -> Delete on reboot.
C:\Program Files\Mysearchdial\1.8.29.0\bh\mysearchdial.dll (PUP.Optional.MySearchDial.A) -> Delete on reboot.
C:\Program Files\Mysearchdial\1.8.29.0\mysearchdialApp.dll (PUP.Optional.MySearchDial.A) -> Delete on reboot.
C:\Program Files\Mysearchdial\1.8.29.0\mysearchdialEng.dll (PUP.Optional.MySearchDial.A) -> Delete on reboot.
C:\Program Files\FindRight\bin\sqlite3.dll (PUP.Optional.FindRight.A) -> Delete on reboot.

Registry Keys Detected: 47
HKLM\SYSTEM\CurrentControlSet\Services\Update FindRight (PUP.Optional.FindRight.A) -> Quarantined and deleted successfully.
HKLM\SYSTEM\CurrentControlSet\Services\Util FindRight (PUP.Optional.FindRight.A) -> Quarantined and deleted successfully.
HKCR\CLSID\{2c774641-5504-46a8-b63f-6715ae3fe376} (PUP.Optional.FindRight.A) -> Quarantined and deleted successfully.
HKCR\TypeLib\{c638abe2-47da-4351-b170-e6a673d25ca3} (PUP.Optional.FindRight.A) -> Quarantined and deleted successfully.
HKCR\Interface\{4CCADDA1-60AD-48AA-97C2-FA892D2499FB} (PUP.Optional.FindRight.A) -> Quarantined and deleted successfully.
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{2C774641-5504-46A8-B63F-6715AE3FE376} (PUP.Optional.FindRight.A) -> Quarantined and deleted successfully.
HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{2C774641-5504-46A8-B63F-6715AE3FE376} (PUP.Optional.FindRight.A) -> Quarantined and deleted successfully.
HKCR\CLSID\{EF5625A3-37AB-4BDB-9875-2A3D91CD0DFD} (PUP.Optional.MySearchDial.A) -> Quarantined and deleted successfully.
HKCR\mysearchdial.mysearchdialHlpr.1 (PUP.Optional.MySearchDial.A) -> Quarantined and deleted successfully.
HKCR\mysearchdial.mysearchdialHlpr (PUP.Optional.MySearchDial.A) -> Quarantined and deleted successfully.
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{EF5625A3-37AB-4BDB-9875-2A3D91CD0DFD} (PUP.Optional.MySearchDial.A) -> Quarantined and deleted successfully.
HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Settings\{EF5625A3-37AB-4BDB-9875-2A3D91CD0DFD} (PUP.Optional.MySearchDial.A) -> Quarantined and deleted successfully.
HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{EF5625A3-37AB-4BDB-9875-2A3D91CD0DFD} (PUP.Optional.MySearchDial.A) -> Quarantined and deleted successfully.
HKCR\CLSID\{C358B3D0-B911-41E3-A276-E7D43A6BA56D} (PUP.Optional.MySearchDial.A) -> Quarantined and deleted successfully.
HKCR\mysearchdial.mysearchdialappCore.1 (PUP.Optional.MySearchDial.A) -> Quarantined and deleted successfully.
HKCR\mysearchdial.mysearchdialappCore (PUP.Optional.MySearchDial.A) -> Quarantined and deleted successfully.
HKCR\CLSID\{4ED063C9-4A0B-4B44-A9DC-23AFF424A0D3} (PUP.Optional.MySearchDial.A) -> Quarantined and deleted successfully.
HKCR\m (PUP.Optional.MySearchDial.A) -> Quarantined and deleted successfully.
HKCR\AppID\{CA5CAA63-B27C-4963-9BEC-CB16A36D56F8} (PUP.Optional.MySearchDial.A) -> Quarantined and deleted successfully.
HKCR\CLSID\{3004627E-F8E9-4E8B-909D-316753CBA923} (PUP.Optional.MySearchDial.A) -> Quarantined and deleted successfully.
HKCR\mysearchdial.mysearchdialdskBnd.1 (PUP.Optional.MySearchDial.A) -> Quarantined and deleted successfully.
HKCR\mysearchdial.mysearchdialdskBnd (PUP.Optional.MySearchDial.A) -> Quarantined and deleted successfully.
HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Settings\{3004627E-F8E9-4E8B-909D-316753CBA923} (PUP.Optional.MySearchDial.A) -> Quarantined and deleted successfully.
HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{3004627E-F8E9-4E8B-909D-316753CBA923} (PUP.Optional.MySearchDial.A) -> Quarantined and deleted successfully.
HKCR\CLSID\{4AA46D49-459F-4358-B4D1-169048547C23} (PUP.Optional.BrowseFox.A) -> Quarantined and deleted successfully.
HKCR\CLSID\{D40753C7-8A59-4C1F-BE88-C300F4624D5B} (PUP.Optional.MySearchDial.A) -> Quarantined and deleted successfully.
HKCR\TypeLib\{C292AD0A-C11F-479B-B8DB-743E72D283B0} (PUP.Optional.MySearchDial.A) -> Quarantined and deleted successfully.
HKCR\esrv.mysearchdialESrvc.1 (PUP.Optional.MySearchDial.A) -> Quarantined and deleted successfully.
HKCR\esrv.mysearchdialESrvc (PUP.Optional.MySearchDial.A) -> Quarantined and deleted successfully.
HKCR\Typelib\{FBC322D5-407E-4854-8C0B-555B951FD8E3} (PUP.Optional.MySearchDial.A) -> Quarantined and deleted successfully.
HKCR\Interface\{0400EBCA-042C-4000-AA89-9713FBEDB671} (PUP.Optional.MySearchDial.A) -> Quarantined and deleted successfully.
HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Settings\{1881A451-F7FB-44BC-85B2-FCEA4B1403E3} (PUP.Optional.Albrechto.A) -> Quarantined and deleted successfully.
HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{1881A451-F7FB-44BC-85B2-FCEA4B1403E3} (PUP.Optional.Albrechto.A) -> Quarantined and deleted successfully.
HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{219046AE-358F-4CF1-B1FD-2B4DE83642A8} (PUP.Optional.MySearchDial.A) -> Quarantined and deleted successfully.
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\bi_uninstaller (PUP.Optional.Somoto.A) -> Quarantined and deleted successfully.
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\FindRight (PUP.Optional.FindRight.A) -> Quarantined and deleted successfully.
HKCU\Software\FindRight (PUP.Optional.FindRight.A) -> Quarantined and deleted successfully.
HKCU\Software\mysearchdial (PUP.Optional.MySearchDial.A) -> Quarantined and deleted successfully.
HKCU\Software\AppDataLow\Software\Search Protection (PUP.Optional.MyEmoticons.A) -> Quarantined and deleted successfully.
HKCU\SOFTWARE\BI (PUP.Optional.FilesFrog.A) -> Quarantined and deleted successfully.
HKCU\Software\InstallCore\1I1T1Q1S (PUP.Optional.InstallCore.A) -> Quarantined and deleted successfully.
HKCU\Software\InstallCore\mysearchdial (PUP.Optional.MySearchDial.A) -> Quarantined and deleted successfully.
HKCU\SOFTWARE\INSTALLCORE (PUP.Optional.InstallCore.A) -> Quarantined and deleted successfully.
HKLM\SOFTWARE\InstallCore\mysearchdial (PUP.Optional.MySearchDial.A) -> Quarantined and deleted successfully.
HKLM\Software\FindRight (PUP.Optional.FindRight.A) -> Quarantined and deleted successfully.
HKLM\Software\InstallIQ (PUP.Optional.InstallBrain.A) -> Quarantined and deleted successfully.
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\mysearchdial (PUP.Optional.MySearchDial.A) -> Quarantined and deleted successfully.

Registry Values Detected: 6
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run|IMJPMIG8.1 (Trojan.Agent.GN) -> Data: "C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE" /Spoil /RemAdvDef /Migration32 -> Quarantined and deleted successfully.
HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar|{3004627E-F8E9-4E8B-909D-316753CBA923} (PUP.Optional.MySearchDial.A) -> Data: mysearchdial Toolbar -> Quarantined and deleted successfully.
HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar\{3004627E-F8E9-4E8B-909D-316753CBA923} (PUP.Optional.MySearchDial.A) -> Data: -> Quarantined and deleted successfully.
HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Run|SearchProtection (PUP.Optional.SearchProtection.A) -> Data: "C:\Documents and Settings\ADMIN\Application Data\Search Protection\SearchProtection.EXE" /autostart -> Quarantined and deleted successfully.
HKCU\Software\BI|ui_path_filesfrog (PUP.Optional.FilesFrog.A) -> Data: HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\FilesFrog Update Checker -> Quarantined and deleted successfully.
HKCU\Software\InstallCore|tb (PUP.Optional.InstallCore.A) -> Data: 0B1G1O1S0V1G1F -> Quarantined and deleted successfully.

Registry Data Items Detected: 1
HKLM\SOFTWARE\Microsoft\Internet Explorer\Main|Start Page (PUP.Optional.MySearchDial.A) -> Bad: (http://start.mysearchdial.com/?f=1&a...=885997282&ir=) Good: (http://www.google.com) -> Quarantined and repaired successfully.

Folders Detected: 12
C:\Program Files\FindRight (PUP.Optional.FindRight.A) -> Delete on reboot.
C:\Program Files\FindRight\bin (PUP.Optional.FindRight.A) -> Delete on reboot.
C:\Program Files\FindRight\bin\plugins (PUP.Optional.FindRight.A) -> Quarantined and deleted successfully.
C:\Documents and Settings\ADMIN\Application Data\mysearchdial (PUP.Optional.MySearchDial.A) -> Quarantined and deleted successfully.
C:\Documents and Settings\ADMIN\Application Data\mysearchdial\icons_2.17.0.1 (PUP.Optional.MySearchDial.A) -> Quarantined and deleted successfully.
C:\Documents and Settings\ADMIN\Application Data\mysearchdial\mysearchdial (PUP.Optional.MySearchDial.A) -> Quarantined and deleted successfully.
C:\Documents and Settings\ADMIN\Application Data\mysearchdial\UpdateProc (PUP.Optional.MySearchDial.A) -> Quarantined and deleted successfully.
C:\Program Files\Mysearchdial (PUP.Optional.MySearchDial.A) -> Delete on reboot.
C:\Program Files\Mysearchdial\1.8.29.0 (PUP.Optional.MySearchDial.A) -> Delete on reboot.
C:\Program Files\Mysearchdial\1.8.29.0\bh (PUP.Optional.MySearchDial.A) -> Delete on reboot.
C:\Documents and Settings\ADMIN\Local Settings\Application Data\TNT2 (PUP.Optional.TidyNetwork.A) -> Quarantined and deleted successfully.
C:\Documents and Settings\ADMIN\Local Settings\Application Data\TNT2\2.0.0.1702 (PUP.Optional.TidyNetwork.A) -> Quarantined and deleted successfully.

Files Detected: 90
C:\Program Files\FindRight\updateFindRight.exe (PUP.Optional.FindRight.A) -> Delete on reboot.
C:\Program Files\FindRight\bin\utilFindRight.exe (PUP.Optional.FindRight.A) -> Delete on reboot.
C:\Program Files\FindRight\FindRightBHO.dll (PUP.Optional.FindRight.A) -> Delete on reboot.
C:\Program Files\Mysearchdial\1.8.29.0\bh\mysearchdial.dll (PUP.Optional.MySearchDial.A) -> Delete on reboot.
C:\Program Files\Mysearchdial\1.8.29.0\mysearchdialApp.dll (PUP.Optional.MySearchDial.A) -> Delete on reboot.
C:\Program Files\Mysearchdial\1.8.29.0\mysearchdialEng.dll (PUP.Optional.MySearchDial.A) -> Delete on reboot.
C:\WINDOWS\ime\imjp8_1\imjpmig.exe (Trojan.Agent.GN) -> Quarantined and deleted successfully.
C:\Program Files\Mysearchdial\1.8.29.0\mysearchdialTlbr.dll (PUP.Optional.MySearchDial.A) -> Quarantined and deleted successfully.
C:\Program Files\Mysearchdial\1.8.29.0\mysearchdialsrv.exe (PUP.Optional.MySearchDial.A) -> Quarantined and deleted successfully.
C:\Documents and Settings\ADMIN\Application Data\mysearchdial\UpdateProc\UpdateTask.exe (PUP.Optional.DealPly) -> Quarantined and deleted successfully.
C:\Documents and Settings\All Users\Application Data\YouTube Downloader\ytd_installer.exe (PUP.Optional.Spigot.A) -> Quarantined and deleted successfully.
C:\Documents and Settings\All Users\Application Data\YTD Video Downloader\ytd_installer.exe (PUP.Optional.Spigot.A) -> Quarantined and deleted successfully.
C:\Documents and Settings\ADMIN\My Documents\Downloads\InstallConverter_brff(1).exe (PUP.Optional.Conduit.A) -> Quarantined and deleted successfully.
C:\Documents and Settings\ADMIN\My Documents\Downloads\InstallConverter_brff.exe (PUP.Optional.Conduit.A) -> Quarantined and deleted successfully.
C:\Documents and Settings\ADMIN\My Documents\Downloads\iLividSetup-r418-n-bc.exe (PUP.Optional.Bandoo) -> Quarantined and deleted successfully.
C:\Documents and Settings\ADMIN\My Documents\Downloads\iLividSetup.exe (PUP.Optional.Bandoo) -> Quarantined and deleted successfully.
C:\Documents and Settings\ADMIN\My Documents\Downloads\iLividSetupV1.exe (PUP.Optional.Bandoo) -> Quarantined and deleted successfully.
C:\Documents and Settings\ADMIN\My Documents\Downloads\coretemp_d7632790 (1).exe (PUP.Optional.InstallIQ) -> Quarantined and deleted successfully.
C:\Documents and Settings\ADMIN\My Documents\Downloads\coretemp_d7632790.exe (PUP.Optional.InstallIQ) -> Quarantined and deleted successfully.
C:\Documents and Settings\ADMIN\My Documents\Downloads\ezlyrkaraoke_1337.exe (PUP.Optional.InstallIQ.A) -> Quarantined and deleted successfully.
C:\Documents and Settings\ADMIN\Local Settings\temp\UpdateCheckerSetup.exe (PUP.Optional.Somoto.A) -> Quarantined and deleted successfully.
C:\Documents and Settings\ADMIN\Local Settings\temp\pricepeep_130001_0101.exe (PUP.Optional.PricePeep.A) -> Quarantined and deleted successfully.
C:\Documents and Settings\ADMIN\Local Settings\temp\mconduitinstaller.exe (PUP.Optional.Conduit.A) -> Quarantined and deleted successfully.
C:\Documents and Settings\ADMIN\Local Settings\temp\OptimizerPro.exe (PUP.Optional.OptimizePro.A) -> Quarantined and deleted successfully.
C:\Documents and Settings\ADMIN\Local Settings\temp\nso2E2.tmp\OCSetupHlp.dll (PUP.Optional.OpenCandy) -> Quarantined and deleted successfully.
C:\Documents and Settings\ADMIN\Local Settings\temp\is30925921\mysearchdial.dll (PUP.Optional.MySearchDial.A) -> Quarantined and deleted successfully.
C:\Documents and Settings\ADMIN\Local Settings\temp\is349140818\30032319_stp\FindRightSetup.exe (PUP.Optional.FindRight.A) -> Quarantined and deleted successfully.
C:\Documents and Settings\ADMIN\Local Settings\Application Data\Bundled software uninstaller\biclient.exe (PUP.Optional.Somoto.A) -> Quarantined and deleted successfully.
C:\Documents and Settings\ADMIN\Local Settings\Temporary Internet Files\Content.IE5\GAMWXXHV\Setup[1].exe (PUP.Optional.FindRight.A) -> Quarantined and deleted successfully.
C:\Documents and Settings\ADMIN\Local Settings\Temporary Internet Files\Content.IE5\JB0URMBH\Setup[1].exe (PUP.Optional.Albrecto.A) -> Quarantined and deleted successfully.
C:\Program Files\FindRight\FindRight.ico (PUP.Optional.FindRight.A) -> Quarantined and deleted successfully.
C:\Program Files\FindRight\0 (PUP.Optional.FindRight.A) -> Quarantined and deleted successfully.
C:\Program Files\FindRight\7za.exe (PUP.Optional.FindRight.A) -> Quarantined and deleted successfully.
C:\Program Files\FindRight\FindRight.BrowserFilter.Helper.dll (PUP.Optional.FindRight.A) -> Quarantined and deleted successfully.
C:\Program Files\FindRight\FindRightBrowserFilter.exe (PUP.Optional.FindRight.A) -> Quarantined and deleted successfully.
C:\Program Files\FindRight\FindRightUninstall.exe (PUP.Optional.FindRight.A) -> Quarantined and deleted successfully.
C:\Program Files\FindRight\updateFindRight.InstallState (PUP.Optional.FindRight.A) -> Quarantined and deleted successfully.
C:\Program Files\FindRight\bin\FindRight.BrowserFilter.Helper.dll (PUP.Optional.FindRight.A) -> Quarantined and deleted successfully.
C:\Program Files\FindRight\bin\FindRightBrowserFilter.exe (PUP.Optional.FindRight.A) -> Quarantined and deleted successfully.
C:\Program Files\FindRight\bin\sqlite3.dll (PUP.Optional.FindRight.A) -> Delete on reboot.
C:\Program Files\FindRight\bin\utilFindRight.InstallState (PUP.Optional.FindRight.A) -> Quarantined and deleted successfully.
C:\Program Files\FindRight\bin\plugins\FindRight.BrowserFilterG.dll (PUP.Optional.FindRight.A) -> Quarantined and deleted successfully.
C:\Program Files\FindRight\bin\plugins\FindRight.CompatibilityChecker.dll (PUP.Optional.FindRight.A) -> Quarantined and deleted successfully.
C:\Program Files\FindRight\bin\plugins\FindRight.FFUpdate.dll (PUP.Optional.FindRight.A) -> Quarantined and deleted successfully.
C:\Program Files\FindRight\bin\plugins\FindRight.IEUpdate.dll (PUP.Optional.FindRight.A) -> Quarantined and deleted successfully.
C:\Documents and Settings\ADMIN\Application Data\Search Protection\SearchProtection.exe (PUP.Optional.SearchProtection.A) -> Delete on reboot.
C:\Documents and Settings\ADMIN\Application Data\mysearchdial\UpdateProc\config.dat (PUP.Optional.MySearchDial.A) -> Quarantined and deleted successfully.
C:\Documents and Settings\ADMIN\Application Data\mysearchdial\UpdateProc\STTL.DAT (PUP.Optional.MySearchDial.A) -> Quarantined and deleted successfully.
C:\Documents and Settings\ADMIN\Application Data\mysearchdial\UpdateProc\TTL.DAT (PUP.Optional.MySearchDial.A) -> Quarantined and deleted successfully.
C:\Program Files\Mysearchdial\1.8.29.0\FavIcon.ico (PUP.Optional.MySearchDial.A) -> Quarantined and deleted successfully.
C:\Program Files\Mysearchdial\1.8.29.0\Sqlite3.dll (PUP.Optional.MySearchDial.A) -> Quarantined and deleted successfully.
C:\Program Files\Mysearchdial\1.8.29.0\uninst.dat (PUP.Optional.MySearchDial.A) -> Quarantined and deleted successfully.
C:\Program Files\Mysearchdial\1.8.29.0\uninstall.exe (PUP.Optional.MySearchDial.A) -> Quarantined and deleted successfully.
C:\Documents and Settings\ADMIN\Local Settings\Application Data\TNT2\2.0.0.1702\passport.dll (PUP.Optional.TidyNetwork.A) -> Quarantined and deleted successfully.
C:\Documents and Settings\ADMIN\Local Settings\Application Data\TNT2\2.0.0.1702\TNT2UserPS.dll (PUP.Optional.TidyNetwork.A) -> Quarantined and deleted successfully.
C:\Documents and Settings\ADMIN\Local Settings\Application Data\TNT2\2.0.0.1702\Autorun.inf (PUP.Optional.TidyNetwork.A) -> Quarantined and deleted successfully.
C:\Documents and Settings\ADMIN\Local Settings\Application Data\TNT2\2.0.0.1702\crx.tar (PUP.Optional.TidyNetwork.A) -> Quarantined and deleted successfully.
C:\Documents and Settings\ADMIN\Local Settings\Application Data\TNT2\2.0.0.1702\GameApps.ini (PUP.Optional.TidyNetwork.A) -> Quarantined and deleted successfully.
C:\Documents and Settings\ADMIN\Local Settings\Application Data\TNT2\2.0.0.1702\GameConsole.exe (PUP.Optional.TidyNetwork.A) -> Quarantined and deleted successfully.
C:\Documents and Settings\ADMIN\Local Settings\Application Data\TNT2\2.0.0.1702\GameEngine.dll (PUP.Optional.TidyNetwork.A) -> Quarantined and deleted successfully.
C:\Documents and Settings\ADMIN\Local Settings\Application Data\TNT2\2.0.0.1702\GLOBALUNINSTALL.TNT (PUP.Optional.TidyNetwork.A) -> Quarantined and deleted successfully.
C:\Documents and Settings\ADMIN\Local Settings\Application Data\TNT2\2.0.0.1702\hmac.1.dll (PUP.Optional.TidyNetwork.A) -> Quarantined and deleted successfully.
C:\Documents and Settings\ADMIN\Local Settings\Application Data\TNT2\2.0.0.1702\iestage2.1.dll (PUP.Optional.TidyNetwork.A) -> Quarantined and deleted successfully.
C:\Documents and Settings\ADMIN\Local Settings\Application Data\TNT2\2.0.0.1702\IEToolbar.dll (PUP.Optional.TidyNetwork.A) -> Quarantined and deleted successfully.
C:\Documents and Settings\ADMIN\Local Settings\Application Data\TNT2\2.0.0.1702\IEToolbar64.dll (PUP.Optional.TidyNetwork.A) -> Quarantined and deleted successfully.
C:\Documents and Settings\ADMIN\Local Settings\Application Data\TNT2\2.0.0.1702\INSTALL.TNT (PUP.Optional.TidyNetwork.A) -> Quarantined and deleted successfully.
C:\Documents and Settings\ADMIN\Local Settings\Application Data\TNT2\2.0.0.1702\log.dll (PUP.Optional.TidyNetwork.A) -> Quarantined and deleted successfully.
C:\Documents and Settings\ADMIN\Local Settings\Application Data\TNT2\2.0.0.1702\MinecraftShims64.dll (PUP.Optional.TidyNetwork.A) -> Quarantined and deleted successfully.
C:\Documents and Settings\ADMIN\Local Settings\Application Data\TNT2\2.0.0.1702\npTNT2.dll (PUP.Optional.TidyNetwork.A) -> Quarantined and deleted successfully.
C:\Documents and Settings\ADMIN\Local Settings\Application Data\TNT2\2.0.0.1702\npTNT2Ghost.dll (PUP.Optional.TidyNetwork.A) -> Quarantined and deleted successfully.
C:\Documents and Settings\ADMIN\Local Settings\Application Data\TNT2\2.0.0.1702\PARTNER.TNT (PUP.Optional.TidyNetwork.A) -> Quarantined and deleted successfully.
C:\Documents and Settings\ADMIN\Local Settings\Application Data\TNT2\2.0.0.1702\passport64.dll (PUP.Optional.TidyNetwork.A) -> Quarantined and deleted successfully.
C:\Documents and Settings\ADMIN\Local Settings\Application Data\TNT2\2.0.0.1702\pinnedSearch.htm (PUP.Optional.TidyNetwork.A) -> Quarantined and deleted successfully.
C:\Documents and Settings\ADMIN\Local Settings\Application Data\TNT2\2.0.0.1702\pinnedSearch_FindWide.htm (PUP.Optional.TidyNetwork.A) -> Quarantined and deleted successfully.
C:\Documents and Settings\ADMIN\Local Settings\Application Data\TNT2\2.0.0.1702\progress.1.dll (PUP.Optional.TidyNetwork.A) -> Quarantined and deleted successfully.
C:\Documents and Settings\ADMIN\Local Settings\Application Data\TNT2\2.0.0.1702\regsvr.1.dll (PUP.Optional.TidyNetwork.A) -> Quarantined and deleted successfully.
C:\Documents and Settings\ADMIN\Local Settings\Application Data\TNT2\2.0.0.1702\RemoteSkin.wms (PUP.Optional.TidyNetwork.A) -> Quarantined and deleted successfully.
C:\Documents and Settings\ADMIN\Local Settings\Application Data\TNT2\2.0.0.1702\sqlite.1.dll (PUP.Optional.TidyNetwork.A) -> Quarantined and deleted successfully.
C:\Documents and Settings\ADMIN\Local Settings\Application Data\TNT2\2.0.0.1702\tnt2chrome.dll (PUP.Optional.TidyNetwork.A) -> Quarantined and deleted successfully.
C:\Documents and Settings\ADMIN\Local Settings\Application Data\TNT2\2.0.0.1702\TNT2User.exe (PUP.Optional.TidyNetwork.A) -> Quarantined and deleted successfully.
C:\Documents and Settings\ADMIN\Local Settings\Application Data\TNT2\2.0.0.1702\TNT2UserPS64.dll (PUP.Optional.TidyNetwork.A) -> Quarantined and deleted successfully.
C:\Documents and Settings\ADMIN\Local Settings\Application Data\TNT2\2.0.0.1702\TntMagicDel.dll (PUP.Optional.TidyNetwork.A) -> Quarantined and deleted successfully.
C:\Documents and Settings\ADMIN\Local Settings\Application Data\TNT2\2.0.0.1702\UnInjLib.dll (PUP.Optional.TidyNetwork.A) -> Quarantined and deleted successfully.
C:\Documents and Settings\ADMIN\Local Settings\Application Data\TNT2\2.0.0.1702\UnInjLib64.dll (PUP.Optional.TidyNetwork.A) -> Quarantined and deleted successfully.
C:\Documents and Settings\ADMIN\Local Settings\Application Data\TNT2\2.0.0.1702\UNINSTALL.TNT (PUP.Optional.TidyNetwork.A) -> Quarantined and deleted successfully.
C:\Documents and Settings\ADMIN\Local Settings\Application Data\TNT2\2.0.0.1702\UninstallDlg.1.dll (PUP.Optional.TidyNetwork.A) -> Quarantined and deleted successfully.
C:\Documents and Settings\ADMIN\Local Settings\Application Data\TNT2\2.0.0.1702\untar.1.dll (PUP.Optional.TidyNetwork.A) -> Quarantined and deleted successfully.
C:\Documents and Settings\ADMIN\Local Settings\Application Data\TNT2\2.0.0.1702\UPDATE.TNT (PUP.Optional.TidyNetwork.A) -> Quarantined and deleted successfully.
C:\Documents and Settings\ADMIN\Local Settings\Application Data\TNT2\2.0.0.1702\xpi.tar (PUP.Optional.TidyNetwork.A) -> Quarantined and deleted successfully.
C:\Documents and Settings\ADMIN\Local Settings\Application Data\TNT2\2.0.0.1702\zipunzip.1.dll (PUP.Optional.TidyNetwork.A) -> Quarantined and deleted successfully.

(end)


Win XP Pro SP3.

======= DDS txt - run on March 4, 2014 ======
=======================================

DDS (Ver_2012-11-20.01) - NTFS_x86
Internet Explorer: 8.0.6001.18702 BrowserJavaVersion: 10.51.2
Run by ADMIN at 20:52:27 on 2014-03-04
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.3191.2146 [GMT -5:00]
.
AV: AVG AntiVirus Free Edition 2014 *Enabled/Updated* {17DDD097-36FF-435F-9E1B-52D74245D6BF}
.
============== Running Processes ================
.
C:\Program Files\Tencent\QQPCMgr\7.3.8099.213\QQPCRtp.exe
C:\Program Files\Trusteer\Rapport\bin\RapportMgmtService.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Google\Update\1.3.22.5\GoogleCrashHandler.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
C:\Program Files\Java\jre7\bin\jqs.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\Program Files\CyberLink\Shared Files\RichVideo.exe
C:\WINDOWS\system32\hkcmd.exe
C:\WINDOWS\system32\igfxpers.exe
C:\Program Files\Linksys\Linksys Wireless Manager\LinksysWirelessManager.exe
C:\Program Files\AVG SafeGuard toolbar\vprot.exe
C:\Documents and Settings\ADMIN\Local Settings\Application Data\Sevas-S\YouTube to MP3 Converter\yt2mp3_updater.exe
C:\Program Files\Microsoft Application Virtualization Client\sftvsa.exe
C:\Documents and Settings\All Users\Application Data\Skype\Toolbars\Skype C2C Service\c2c_service.exe
C:\Program Files\Common Files\Pure Networks Shared\Platform\nmctxth.exe
C:\Documents and Settings\ADMIN\Local Settings\Application Data\Sevas-S\YouTube To MP3 Converter\yt2mp3converter.exe
C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe
C:\Program Files\Common Files\Java\Java Update\jusched.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\SogouInput\Components\AddressSearch\1.0.0.1178\SGImeGuard.exe
C:\Program Files\Western Digital\WD Drive Manager\WDBtnMgrSvc.exe
C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe
C:\Program Files\FastClean PRO\fastcleanpro.exe
C:\Program Files\Windows Media Player\WMPNetwk.exe
C:\Program Files\Microsoft Application Virtualization Client\sftlist.exe
C:\Program Files\Common Files\Ahead\Lib\NMIndexStoreSvr.exe
C:\Program Files\Canon\CAL\CALMAIN.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\Common Files\Microsoft Shared\Virtualization Handler\CVHSVC.EXE
C:\WINDOWS\system32\wuauclt.exe
C:\WINDOWS\Microsoft.NET\Framework\v4.0.30319\WPF\WPFFontCache_v0400.exe
C:\WINDOWS\System32\alg.exe
C:\Program Files\Trusteer\Rapport\bin\RapportService.exe
C:\Program Files\internet explorer\iexplore.exe
C:\Program Files\internet explorer\iexplore.exe
C:\Program Files\internet explorer\iexplore.exe
C:\WINDOWS\system32\wbem\wmiprvse.exe
C:\WINDOWS\system32\svchost.exe -k DcomLaunch
C:\WINDOWS\system32\svchost.exe -k rpcss
C:\WINDOWS\System32\svchost.exe -k netsvcs
C:\WINDOWS\system32\svchost.exe -k NetworkService
C:\WINDOWS\system32\svchost.exe -k LocalService
C:\WINDOWS\System32\svchost.exe -k HTTPFilter
C:\WINDOWS\system32\svchost.exe -k imgsvc
C:\WINDOWS\system32\svchost.exe -k netsvcs
.
============== Pseudo HJT Report ===============
.
uStart Page = hxxp://www.google.ca/
mStart Page = hxxp://www.google.com
uInternet Connection Wizard,ShellNext = iexplore
uSearchAssistant = hxxp://www.google.com/ie
uSearchURL,(Default) = hxxp://www.google.com/search?q=%s
BHO: HelperObject Class: {00C6482D-C502-44C8-8409-FCE54AD9C208} - c:\program files\techsmith\snagit 7\SnagItBHO.dll
BHO: Adobe PDF Link Helper: {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelperShim.dll
BHO: Java(tm) Plug-In SSV Helper: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - c:\program files\java\jre7\bin\ssv.dll
BHO: Google Toolbar Helper: {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\google toolbar\GoogleToolbar_32.dll
BHO: Skype Browser Helper: {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - c:\program files\skype\toolbars\internet explorer\skypeieplugin.dll
BHO: Google Toolbar Notifier BHO: {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - c:\program files\google\googletoolbarnotifier\5.7.9012.1008\swg.dll
BHO: WOT Helper: {C920E44A-7F78-4E64-BDD7-A57026E7FEB7} - c:\program files\wot\WOT.dll
BHO: Java(tm) Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - c:\program files\java\jre7\bin\jp2ssv.dll
BHO: YouTube to MP3 Converter: {E71596B0-A83B-453D-82C1-4BE99947C65F} - c:\documents and settings\admin\local settings\application data\sevas-s\youtube to mp3 converter\browserextensions\ie\YouTubeDownloaderExtension.dll
BHO: GretechBHO Class: {F0181C6E-9218-4792-9F3C-E8DF52B2F1AC} - c:\program files\gretech\gompicker\GomPickerBHO1.dll
TB: Google Toolbar: {2318C2B1-4965-11D4-9B18-009027A5CD4F} - c:\program files\google\google toolbar\GoogleToolbar_32.dll
TB: WOT: {71576546-354D-41C9-AAE8-31F2EC22BF0D} - c:\program files\wot\WOT.dll
TB: SnagIt: {8FF5E183-ABDE-46EB-B09E-D2AAB95CABE3} - c:\program files\techsmith\snagit 7\SnagItIEAddin.dll
TB: WOT: {71576546-354D-41c9-AAE8-31F2EC22BF0D} - c:\program files\wot\WOT.dll
TB: Google Toolbar: {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\google toolbar\GoogleToolbar_32.dll
uRun: [ctfmon.exe] c:\windows\system32\ctfmon.exe
uRun: [swg] "c:\program files\google\googletoolbarnotifier\GoogleToolbarNotifier.exe"
uRun: [ImeGuardCom] c:\program files\sogouinput\components\addresssearch\1.0.0.1178\SGImeGuard.exe
uRun: [Google Update] "c:\documents and settings\admin\local settings\application data\google\update\GoogleUpdate.exe" /c
uRun: [BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "c:\program files\common files\ahead\lib\NMBgMonitor.exe"
uRun: [GoogleDriveSync] "c:\program files\google\drive\googledrivesync.exe" /autostart
uRun: [AVG-Secure-Search-Update_1113a] c:\documents and settings\admin\application data\avg 1113a campaign\AVG-Secure-Search-Update-1113a.exe /PROMPT /mid=Unknown /CMPID=1113a
uRun: [fastclean] "c:\program files\fastclean pro\fastcleanpro.exe"
mRun: [IgfxTray] c:\windows\system32\igfxtray.exe
mRun: [HotKeysCmds] c:\windows\system32\hkcmd.exe
mRun: [Persistence] c:\windows\system32\igfxpers.exe
mRun: [Linksys Wireless Manager] "c:\program files\linksys\linksys wireless manager\LinksysWirelessManager.exe" /cm /min /lcid 1033
mRun: [MSPY2002] c:\windows\system32\ime\pintlgnt\ImScInst.exe /SYNC
mRun: [AVG_UI] "c:\program files\avg\avg2014\avgui.exe" /TRAYONLY
mRun: [vProt] "c:\program files\avg safeguard toolbar\vprot.exe"
mRun: [YouTube to MP3 Converter Updater] c:\documents and settings\admin\local settings\application data\sevas-s\youtube to mp3 converter\yt2mp3_updater.exe
mRun: [WD Drive Manager] c:\program files\western digital\wd drive manager\WDBtnMgrUI.exe
mRun: [PHIME2002ASync] c:\windows\system32\ime\tintlgnt\TINTSETP.EXE /SYNC
mRun: [PHIME2002A] c:\windows\system32\ime\tintlgnt\TINTSETP.EXE /IMEName
mRun: [Google Desktop Search] "c:\program files\google\google desktop search\GoogleDesktop.exe" /startup
mRun: [ QQPCTray] "c:\program files\tencent\qqpcmgr\7.3.8099.213\QQPCTray.exe" /regrun
mRun: [nmctxth] "c:\program files\common files\pure networks shared\platform\nmctxth.exe"
mRun: [QuickTime Task] "c:\program files\quicktime\qttask.exe" -atboottime
mRun: [SunJavaUpdateSched] "c:\program files\common files\java\java update\jusched.exe"
uPolicies-Explorer: NoDriveTypeAutoRun = dword:323
uPolicies-Explorer: NoDriveAutoRun = dword:67108863
uPolicies-Explorer: NoDrives = dword:0
mPolicies-Explorer: NoDriveAutoRun = dword:67108863
mPolicies-Explorer: NoDriveTypeAutoRun = dword:323
mPolicies-Explorer: NoDrives = dword:0
mPolicies-Windows\System: Allow-LogonScript-NetbiosDisabled = dword:1
mPolicies-Explorer: NoDriveTypeAutoRun = dword:323
mPolicies-Explorer: NoDriveAutoRun = dword:67108863
IE: Append Link Target to Existing PDF - c:\program files\common files\adobe\acrobat\activex\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
IE: Append to Existing PDF - c:\program files\common files\adobe\acrobat\activex\AcroIEFavClient.dll/AcroIEAppend.html
IE: Convert Link Target to Adobe PDF - c:\program files\common files\adobe\acrobat\activex\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
IE: Convert to Adobe PDF - c:\program files\common files\adobe\acrobat\activex\AcroIEFavClient.dll/AcroIECapture.html
IE: E&xport to Microsoft Excel - c:\progra~1\micros~2\office11\EXCEL.EXE/3000
IE: {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - c:\program files\skype\toolbars\internet explorer\skypeieplugin.dll
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503}
IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe
IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe
DPF: {7530BFB8-7293-4D34-9923-61A11451AFC5} - hxxp://download.eset.com/special/eos/OnlineScanner.cab
DPF: {C6B95BE9-4373-4BF8-9D18-9FCEAE5563F0} - hxxps://col0-sec.mail.live.com/mail/MailMigrationCabFileHolder.aspx?n=64163164
DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} - hxxp://download.macromedia.com/pub/shockwave/cabs/flash/swflash.cab
TCP: NameServer = 192.168.0.1
TCP: Interfaces\{ECE18B44-B075-4E67-9D65-BBC70BFDC123} : DHCPNameServer = 192.168.0.1
Handler: belarc - {6318E0AB-2E93-11D1-B8ED-00608CC9A71F} - c:\program files\belarc\advisor\system\BAVoilaX.dll
Handler: pure-go - {4746C79A-2042-4332-8650-48966E44ABA8} - c:\program files\common files\pure networks shared\platform\puresp4.dll
Handler: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - c:\program files\skype\toolbars\internet explorer\skypeieplugin.dll
Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - c:\program files\common files\skype\Skype4COM.dll
Handler: wot - {C2A44D6B-CB9F-4663-88A6-DF2F26E4D952} - c:\program files\wot\WOT.dll
Notify: igfxcui - igfxdev.dll
SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - c:\windows\system32\WPDShServiceObj.dll
mASetup: {8A69D345-D564-463c-AFF1-A69D9E530F96} - "c:\program files\google\chrome\application\33.0.1750.146\installer\chrmstp.exe" --configure-user-settings --verbose-logging --system-level --multi-install --chrome
.
================= FIREFOX ===================
.
FF - ProfilePath - c:\documents and settings\admin\application data\mozilla\firefox\profiles\1scr8ssh.default\
FF - prefs.js: browser.startup.homepage - hxxp://start.mysearchdial.com/?f=1&a=irmsd0202ie&cd=2XzuyEtN2Y1L1QzutDtDtCtCzzyD0D0E0AzzyCtA0Azy0AtCtN0D0Tzu0SyBzyyEtN1L2XzutBtFtCyBtFtDtFtCtN1L1CzutDzytDtCtG1TtN1L1G1B1V1N2Y1L1Qzu2SyEyByCzyzy0DtByDtG0EyCzz0EtG0E0B0CtDtGyCyDyCtAtGtD0Bzy0B0By
CtCtA0AzytCzy2QtN1M1F1B2Z1V1N2Y1L1Qzu2SyCtDzytDtBzy0FyCtGzztDyDyBtGtByCtAtAtG0DtA0D0DtGtDtA0FyEyDtDyDyEyC0F0BtB2Q&cr=885997282&ir=
FF - prefs.js: browser.search.selectedEngine - Yahoo!
FF - prefs.js: keyword.URL - hxxp://search.yahoo.com/search?fr=greentree_ff1&ei=utf-8&ilc=12&type=937811&p=
FF - plugin: c:\documents and settings\admin\application data\mozilla\plugins\npgoogletalk.dll
FF - plugin: c:\documents and settings\admin\application data\mozilla\plugins\npgtpo3dautoplugin.dll
FF - plugin: c:\documents and settings\admin\application data\mozilla\plugins\npo1d.dll
FF - plugin: c:\documents and settings\admin\local settings\application data\google\update\1.3.22.3\npGoogleUpdate3.dll
FF - plugin: c:\documents and settings\admin\local settings\application data\unity\webplayer\loader\npUnity3D32.dll
FF - plugin: c:\program files\common files\tencent\txsso\1.2.1.42\bin\npSSOAxCtrlForPTLogin.dll
FF - plugin: c:\program files\google\google earth\plugin\npgeplugin.dll
FF - plugin: c:\program files\google\update\1.3.22.3\npGoogleUpdate3.dll
FF - plugin: c:\program files\java\jre7\bin\dtplugin\npdeployJava1.dll
FF - plugin: c:\program files\java\jre7\bin\plugin2\npjp2.dll
FF - plugin: c:\program files\microsoft silverlight\5.1.20125.0\npctrlui.dll
FF - plugin: c:\windows\system32\macromed\flash\NPSWF32_11_9_900_170.dll
.
---- FIREFOX POLICIES ----
.
.
.
.
.
FF - user.js: extensions.mysearchdial.hmpg - true
FF - user.js: extensions.mysearchdial.hmpgUrl - hxxp://start.mysearchdial.com/?f=1&a=irmsd0202ie&cd=2XzuyEtN2Y1L1QzutDtDtCtCzzyD0D0E0AzzyCtA0Azy0AtCtN0D0Tzu0SyBzyyEtN1L2XzutBtFtCyBtFtDtFtCtN1L1CzutDzyt
DtCtG1TtN1L1G1B1V1N2Y1L1Qzu2SyEyByCzyz
y0DtByDtG0EyCzz0EtG0E0B0CtDtGyCyDyCtAtGtD0Bzy0B0ByCtCtA0AzytCzy2QtN1M1F1B2Z1V1N2Y1L1Qzu2SyCtDzytDtBzy0FyCtGzztDyDyBtGtByCtAtAtG0DtA0D0DtGtDtA0FyEyDtDyDyEyC0F0BtB2Q&cr=885997282&ir=
FF - user.js: extensions.mysearchdial.dfltSrch - true
FF - user.js: extensions.mysearchdial.srchPrvdr - Mysearchdial
FF - user.js: extensions.mysearchdial.dnsErr - true
FF - user.js: extensions.mysearchdial_i.newTab - false
FF - user.js: extensions.mysearchdial.newTabUrl - hxxp://start.mysearchdial.com/?f=2&a=irmsd0202ie&cd=2XzuyEtN2Y1L1QzutDtDtCtCzzyD0D0E0AzzyCtA0Azy0AtCtN0D0Tzu0SyBzyyEtN1L2XzutBtFtCyBtFtDtFtCtN1L1CzutDzytDtCtG1TtN1L1G1B1V1N2Y1L1Qzu2SyEyByCzyzy0DtByDtG0EyCzz0EtG0E0B0CtDtGyCyDyCtAtGtD0Bzy0B0ByCtCtA0
AzytCzy2QtN1M1F1B2Z1V1N2Y1L1Qzu2SyCtDzytDtBzy0FyCtGzztDyDyBtGtByCtAtAtG0DtA0D0DtGtDtA0FyEyDtDyDyEyC0F0BtB2Q&cr=885997282&ir=
FF - user.js: extensions.mysearchdial.tlbrSrchUrl - hxxp://start.mysearchdial.com/?f=3&a=irmsd0202ie&cd=2XzuyEtN2Y1L1QzutDtDtCtCzzyD0D0E0AzzyCtA0Azy0AtCtN0D0Tzu0SyBzyyEtN1L2XzutBtFtCyBtFtDtFtCtN1L1CzutDzytDtCtG1TtN1L1G1B1V1N2Y1L1Qzu2SyEyByCzyzy0DtByDtG0EyCzz0EtG0E0B0CtDtGyCyDyCtAtGtD0Bzy0B0ByCtCtA0
AzytCzy2QtN1M1F1B2Z1V1N2Y1L1Qzu2SyCtDzytDtBzy0FyCtGzztDyDyBtGtByCtAtAtG0DtA0D0DtGtDtA0FyEyDtDyDyEyC0F0BtB2Q&cr=885997282&ir=&q=
FF - user.js: extensions.mysearchdial.id - 001185DEA863A9A1
FF - user.js: extensions.mysearchdial.instlDay - 16133
FF - user.js: extensions.mysearchdial.vrsn - 1.8.29.0
FF - user.js: extensions.mysearchdial.vrsni - 1.8.29.0
FF - user.js: extensions.mysearchdial_i.vrsnTs - 1.8.29.015:8:37
FF - user.js: extensions.mysearchdial.prtnrId - mysearchdial
FF - user.js: extensions.mysearchdial.prdct - mysearchdial
FF - user.js: extensions.mysearchdial.aflt - irmsd0202ie
FF - user.js: extensions.mysearchdial_i.smplGrp - none
FF - user.js: extensions.mysearchdial.tlbrId - base
FF - user.js: extensions.mysearchdial.instlRef - 0901-a
FF - user.js: extensions.mysearchdial.dfltLng -
FF - user.js: extensions.mysearchdial.appId - {CA5CAA63-B27C-4963-9BEC-CB16A36D56F8}
FF - user.js: extensions.mysearchdial.excTlbr - false
FF - user.js: extensions.mysearchdial_i.hmpg - true
FF - user.js: extensions.mysearchdial.cr - 885997282
FF - user.js: extensions.mysearchdial.cd - 2XzuyEtN2Y1L1QzutDtDtCtCzzyD0D0E0AzzyCtA0Azy0AtCtN0D0Tzu0SyBzyyEtN1L2XzutBtFtCyBtFtDtFtCtN1L1CzutDzytDtCtG1TtN1L1G1B1V1N2Y1L1Qzu2SyEyByCzyzy0DtByDtG0Ey
zz0EtG0E0B0CtDtGyCyDyCtAtGtD0Bzy0B0ByCtC
tA0AzytCzy2QtN1M1F1B2Z1V1N2Y1L1Qzu2SyCtDzytDtBzy0FyCtGzztDyDyBtGtByCtAtAtG0DtA0D0DtGtDtA0FyEyDtDyDyEyC0F0BtB2Q
FF - user.js: extensions.mysearchdial.AL - 2
.
user_pref(extensions.autoDisableScopes,14);
FF - user.js: extensions.irmysearch.aflt - irmsd0202ie
FF - user.js: extensions.irmysearch.instlRef - 0901-a
FF - user.js: extensions.irmysearch.cr - 885997282
FF - user.js: extensions.irmysearch.cd - 2XzuyEtN2Y1L1QzutDtDtCtCzzyD0D0E0AzzyCtA0Azy0AtCtN0D0Tzu0SyBzyyEtN1L2XzutBtFtCyBtFtDtFtCtN1L1CzutDzytDtCtG1TtN1L1G1B1V1N2Y1L1Qzu2SyEyByCzyzy0DtByDtG0EyCzz0EtG0E0B0CtDtGyCyDyCtAtGtD0Bzy
0B0ByCtCtA0AzytCzy2QtN1M1F1B2Z1V1N2Y1L1Qzu2SyCtDzytDtBzy0FyCtGzztDyDyBtGtByCtAtAtG0DtA0D0DtGtDtA0FyEyDtDyDyEyC0F0BtB2Q
.
============= SERVICES / DRIVERS ===============
.
R0 AVGIDSHX;AVGIDSHX;c:\windows\system32\drivers\avgidshx.sys [2013-2-8 149272]
R0 Avglogx;AVG Logging Driver;c:\windows\system32\drivers\avglogx.sys [2013-2-8 222520]
R0 Avgmfx86;AVG Mini-Filter Resident Anti-Virus Shield;c:\windows\system32\drivers\avgmfx86.sys [2013-2-8 102712]
R0 Avgrkx86;AVG Anti-Rootkit Driver;c:\windows\system32\drivers\avgrkx86.sys [2013-2-8 27448]
R0 TsFltMgr;TsFltMgr;c:\windows\system32\drivers\TsFltMgr.sys [2012-11-16 73024]
R1 Avgdiskx;AVG Disk Driver;c:\windows\system32\drivers\avgdiskx.sys [2013-8-1 120600]
R1 AVGIDSDriver;AVGIDSDriver;c:\windows\system32\drivers\avgidsdriverx.sys [2013-2-26 210712]
R1 AVGIDSShim;AVGIDSShim;c:\windows\system32\drivers\avgidsshimx.sys [2013-3-1 22808]
R1 Avgldx86;AVG AVI Loader Driver;c:\windows\system32\drivers\avgldx86.sys [2013-2-8 176952]
R1 Avgtdix;AVG TDI Driver;c:\windows\system32\drivers\avgtdix.sys [2013-2-14 193848]
R1 avgtp;avgtp;c:\windows\system32\drivers\avgtpx86.sys [2013-4-11 33112]
R1 RapportCerberus_59849;RapportCerberus_59849;c:\documents and settings\all users\application data\trusteer\rapport\store\exts\rapportcerberus\baseline\RapportCerberus32_59849.sys [2014-1-2 340432]
R1 RapportEI;RapportEI;c:\program files\trusteer\rapport\bin\RapportEI.sys [2014-2-10 155704]
R1 TSDefenseBt;TSDefenseBt;c:\windows\system32\drivers\TSDefenseBt.sys [2012-11-16 60448]
R2 AVGIDSAgent;AVGIDSAgent;c:\program files\avg\avg2014\avgidsagent.exe [2014-1-22 3788816]
R2 avgwd;AVG WatchDog;c:\program files\avg\avg2014\avgwdsvc.exe [2013-9-24 348008]
R2 cvhsvc;Client Virtualization Handler;c:\program files\common files\microsoft shared\virtualization handler\CVHSVC.EXE [2013-4-22 822504]
R2 OkiPar;OkiPar;c:\windows\system32\drivers\OkiPar.sys [2011-12-23 43656]
R2 QQPCRTP;QQPCMgr RTP Service;c:\program files\tencent\qqpcmgr\7.3.8099.213\qqpcrtp.exe -r --> c:\program files\tencent\qqpcmgr\7.3.8099.213\QQPCRtp.exe -r [?]
R2 RapportMgmtService;Rapport Management Service;c:\program files\trusteer\rapport\bin\RapportMgmtService.exe [2014-2-10 1444120]
R2 sftlist;Application Virtualization Client;c:\program files\microsoft application virtualization client\sftlist.exe [2013-6-26 523944]
R2 Skype C2C Service;Skype C2C Service;c:\documents and settings\all users\application data\skype\toolbars\skype c2c service\c2c_service.exe [2013-3-19 3289208]
R2 WDBtnMgrSvc.exe;WD Drive Manager Service;c:\program files\western digital\wd drive manager\WDBtnMgrSvc.exe [2008-1-30 106496]
R3 Sftfs;Sftfs;c:\windows\system32\drivers\Sftfsxp.sys [2011-10-1 587944]
R3 Sftplay;Sftplay;c:\windows\system32\drivers\Sftplayxp.sys [2011-10-1 213288]
R3 Sftredir;Sftredir;c:\windows\system32\drivers\Sftredirxp.sys [2011-10-1 23208]
R3 Sftvol;Sftvol;c:\windows\system32\drivers\Sftvolxp.sys [2011-10-1 19112]
R3 sftvsa;Application Virtualization Service Agent;c:\program files\microsoft application virtualization client\sftvsa.exe [2013-6-26 207528]
R3 WPFFontCache_v0400;Windows Presentation Foundation Font Cache 4.0.0.0;c:\windows\microsoft.net\framework\v4.0.30319\wpf\WPFFontCache_v0400.exe [2013-7-20 754856]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\microsoft.net\framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]
S2 SkypeUpdate;Skype Updater;c:\program files\skype\updater\Updater.exe [2013-9-5 171680]
S3 AVG Security Toolbar Service;AVG Security Toolbar Service;c:\program files\avg\avg10\toolbar\ToolbarBroker.exe [2011-7-15 167264]
S3 CorelCreatorMessages;CorelCreatorMessages;"c:\windows\system32\corelcreatormessages.exe" --> c:\windows\system32\CorelCreatorMessages.exe [?]
S3 GoogleDesktopManager-110309-193829;Google Desktop Manager 5.9.911.3589;c:\program files\google\google desktop search\GoogleDesktop.exe [2009-2-3 30192]
S3 HP8207_8307;HP-HP8207_8307;c:\windows\system32\drivers\hp8207_8307.sys --> c:\windows\system32\drivers\HP8207_8307.sys [?]
S3 RapportKELL;RapportKELL;c:\windows\system32\drivers\RapportKELL.sys [2014-2-10 107256]
S3 RapportPG;RapportPG;c:\program files\trusteer\rapport\bin\RapportPG.sys [2014-2-10 228888]
S3 TcHardWare;TcHardWare;\??\c:\program files\tencent\qqpcmgr\7.3.8099.213\qqpchw.sys --> c:\program files\tencent\qqpcmgr\7.3.8099.213\QQPCHW.sys [?]
S3 WDC_SAM;WD SCSI Pass Thru driver;c:\windows\system32\drivers\wdcsam.sys [2008-5-6 11520]
S3 WUSB54GCv3;Compact Wireless-G USB Network Adapter;c:\windows\system32\drivers\WUSB54GCv3.sys [2011-1-19 627072]
.
=============== Created Last 30 ================
.
2014-03-04 20:13:28 -------- d-----w- c:\documents and settings\admin\local settings\application data\fastcleanpro
2014-03-04 20:09:21 -------- d-----w- c:\program files\FastClean PRO
2014-03-04 20:08:13 -------- d-----w- c:\program files\Essentials Codec Pack
2014-03-04 20:04:41 -------- d-----w- C:\SOFTWARE-WinMediaPlayer Codec
2014-02-25 14:57:45 -------- d-----w- C:\HP Envy 700-149 Details
2014-02-22 01:15:40 -------- d-----w- C:\SOFTWARE-OKI Drivers
2014-02-20 11:34:34 -------- d-----w- c:\program files\Microsoft CAPICOM 2.1.0.2
2014-02-19 11:27:01 275696 ----a-w- c:\windows\system32\mucltui.dll
2014-02-19 11:27:01 214256 ----a-w- c:\windows\system32\muweb.dll
2014-02-19 11:27:01 17136 ----a-w- c:\windows\system32\mucltui.dll.mui
2014-02-19 01:12:24 -------- d-----w- c:\documents and settings\admin\local settings\application data\Microsoft Help
2014-02-18 18:43:57 -------- d-----w- c:\documents and settings\all users\application data\VirtualizedApplications
2014-02-18 16:28:16 -------- d-----w- c:\documents and settings\admin\local settings\application data\SoftGrid Client
2014-02-18 16:28:14 -------- d-----w- c:\documents and settings\admin\application data\SoftGrid Client
2014-02-18 16:20:12 -------- d-----w- c:\program files\Microsoft Application Virtualization Client
2014-02-18 16:20:12 -------- d-----w- c:\documents and settings\all users\Microsoft
2014-02-18 16:15:25 -------- d-----w- c:\documents and settings\admin\application data\TP
2014-02-18 13:33:51 -------- d-----w- C:\SOFTWARE-Microsoft Office 2010 (Paid via SoftwareKing)
2014-02-15 23:18:55 -------- d-----w- C:\WIN 8 Tech Stuff
2014-02-15 15:18:20 -------- d-----w- C:\SOFTWARE-ClassicShell
2014-02-15 13:48:51 -------- d-----w- C:\SOFTWARE-PowerISO
2014-02-10 16:35:40 107256 ----a-w- c:\windows\system32\drivers\RapportKELL.sys
2014-02-10 13:36:23 -------- d-----w- c:\documents and settings\admin\application data\BHOK
2014-02-10 12:50:20 -------- d-----w- c:\program files\BHOK IT Consulting
2014-02-10 12:40:11 -------- d-----w- c:\documents and settings\all users\TaxFreeway 2013
2014-02-10 12:13:49 -------- d-----w- c:\program files\Entropy Technology Ltd
2014-02-04 12:21:41 -------- d-----w- c:\windows\system32\URTTemp
.
==================== Find3M ====================
.
2014-02-21 19:55:48 71048 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2014-02-21 19:55:48 692616 ----a-w- c:\windows\system32\FlashPlayerApp.exe
2014-02-05 23:26:52 920064 ----a-w- c:\windows\system32\wininet.dll
2014-02-05 23:26:43 43520 ------w- c:\windows\system32\licmgr10.dll
2014-02-05 23:26:42 1469440 ------w- c:\windows\system32\inetcpl.cpl
2014-02-05 23:26:37 18944 ----a-w- c:\windows\system32\corpol.dll
2014-02-05 22:24:05 385024 ------w- c:\windows\system32\html.iec
2014-01-20 02:46:54 22808 ----a-w- c:\windows\system32\drivers\avgidsshimx.sys
2014-01-07 18:11:30 143360 ----a-w- c:\windows\system32\OPDMN094.DLL
2014-01-04 03:13:05 420864 ----a-w- c:\windows\system32\vbscript.dll
2013-12-19 02:10:01 94632 ----a-w- c:\windows\system32\WindowsAccessBridge.dll
2013-12-19 01:46:50 145408 ----a-w- c:\windows\system32\javacpl.cpl
2013-12-05 11:26:06 1172992 ----a-w- c:\windows\system32\msxml3.dll
2004-10-01 19:00:16 40960 ----a-w- c:\program files\Uninstall_CDS.exe
.
============= FINISH: 20:54:28.37 ===============

============= DDS Attach.txt run on March 4, 2014 ===========
=======================================================

.
UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.
IF REQUESTED, ZIP IT UP & ATTACH IT
.
DDS (Ver_2012-11-20.01)
.
Microsoft Windows XP Professional
Boot Device: \Device\HarddiskVolume1
Install Date: 7/11/2008 4:34:14 PM
System Uptime: 3/4/2014 8:42:55 PM (0 hours ago)
.
Motherboard: Hewlett-Packard | | 0968h
Processor: Intel(R) Pentium(R) 4 CPU 3.40GHz | XU1 PROCESSOR | 3391/800mhz
.
==== Disk Partitions =========================
.
C: is FIXED (NTFS) - 75 GiB total, 16.989 GiB free.
D: is CDROM ()
E: is FIXED (NTFS) - 1863 GiB total, 778.448 GiB free.
F: is FIXED (NTFS) - 466 GiB total, 463.713 GiB free.
G: is Removable
.
==== Disabled Device Manager Items =============
.
Class GUID: {4D36E96F-E325-11CE-BFC1-08002BE10318}
Description: PS/2 Compatible Mouse
Device ID: ACPI\PNP0F13\4&1117367&0
Manufacturer: Microsoft
Name: PS/2 Compatible Mouse
PNP Device ID: ACPI\PNP0F13\4&1117367&0
Service: i8042prt
.
Class GUID: {4D36E96B-E325-11CE-BFC1-08002BE10318}
Description: Standard 101/102-Key or Microsoft Natural PS/2 Keyboard
Device ID: ACPI\PNP0303\4&1117367&0
Manufacturer: (Standard keyboards)
Name: Standard 101/102-Key or Microsoft Natural PS/2 Keyboard
PNP Device ID: ACPI\PNP0303\4&1117367&0
Service: i8042prt
.
==== System Restore Points ===================
.
RP472: 1/27/2014 6:30:34 AM - Software Distribution Service 3.0
RP473: 1/28/2014 6:07:00 AM - Software Distribution Service 3.0
RP474: 1/29/2014 5:10:52 AM - Software Distribution Service 3.0
RP475: 1/29/2014 8:08:11 PM - Software Distribution Service 3.0
RP476: 1/30/2014 5:18:11 AM - Software Distribution Service 3.0
RP477: 1/31/2014 5:41:37 AM - Software Distribution Service 3.0
RP478: 2/1/2014 7:53:19 AM - Software Distribution Service 3.0
RP479: 2/2/2014 7:21:11 AM - Software Distribution Service 3.0
RP480: 2/3/2014 10:13:49 AM - System Checkpoint
RP481: 2/4/2014 7:20:26 AM - Software Distribution Service 3.0
RP482: 2/5/2014 6:43:04 AM - Software Distribution Service 3.0
RP483: 2/6/2014 3:00:35 AM - Software Distribution Service 3.0
RP484: 2/6/2014 7:03:09 AM - Software Distribution Service 3.0
RP485: 2/7/2014 6:48:51 AM - Software Distribution Service 3.0
RP486: 2/8/2014 9:21:53 AM - System Checkpoint
RP487: 2/9/2014 8:55:42 AM - Software Distribution Service 3.0
RP488: 2/10/2014 5:35:03 AM - Software Distribution Service 3.0
RP489: 2/10/2014 7:11:43 AM - Installed MSXML 4.0 SP3 Parser
RP490: 2/10/2014 7:13:24 AM - Installed TaxFreeway 2013.
RP491: 2/10/2014 7:50:18 AM - Installed StudioTax 2013
RP492: 2/11/2014 5:43:03 AM - Software Distribution Service 3.0
RP493: 2/12/2014 6:12:16 AM - Software Distribution Service 3.0
RP494: 2/12/2014 8:34:47 AM - Installed AVG 2014
RP495: 2/13/2014 10:50:08 AM - System Checkpoint
RP496: 2/14/2014 6:01:37 AM - Software Distribution Service 3.0
RP497: 2/15/2014 6:20:24 AM - Software Distribution Service 3.0
RP498: 2/16/2014 6:23:53 AM - Software Distribution Service 3.0
RP499: 2/17/2014 3:00:15 AM - Software Distribution Service 3.0
RP500: 2/18/2014 4:36:35 AM - Software Distribution Service 3.0
RP501: 2/18/2014 11:28:43 AM - Printer Driver Send To Microsoft OneNote 2010 Driver Installed
RP502: 2/18/2014 11:49:48 AM - Removed Corel PDF Fusion Addins
RP503: 2/18/2014 11:50:54 AM - Removed Corel PDF Fusion.
RP504: 2/19/2014 9:29:37 AM - Installed Rapport
RP505: 2/20/2014 6:03:25 AM - Software Distribution Service 3.0
RP506: 2/21/2014 6:11:04 AM - Software Distribution Service 3.0
RP507: 2/21/2014 6:33:38 AM - Software Distribution Service 3.0
RP508: 2/22/2014 7:08:45 AM - Software Distribution Service 3.0
RP509: 2/22/2014 2:41:43 PM - Installed Rapport
RP510: 2/23/2014 8:05:15 AM - Software Distribution Service 3.0
RP511: 2/24/2014 6:55:06 AM - Software Distribution Service 3.0
RP512: 2/25/2014 6:15:31 AM - Software Distribution Service 3.0
RP513: 2/26/2014 7:10:04 AM - Software Distribution Service 3.0
RP514: 2/27/2014 6:57:50 AM - Software Distribution Service 3.0
RP515: 2/28/2014 6:51:10 AM - Software Distribution Service 3.0
RP516: 3/1/2014 8:29:29 AM - Software Distribution Service 3.0
RP517: 3/2/2014 8:21:45 AM - Software Distribution Service 3.0
RP518: 3/3/2014 6:34:46 AM - Software Distribution Service 3.0
RP519: 3/4/2014 6:49:26 AM - Software Distribution Service 3.0
RP520: 3/4/2014 3:08:57 PM - Installed FastClean PRO
.
==== Installed Programs ======================
.
?????
??????? 6.5???
µTorrent
7-zip v9.20
Acrobat.com
Adobe AIR
Adobe Digital Editions
Adobe Flash Player 12 ActiveX
Adobe Flash Player 12 Plugin
Adobe Reader 9
Apple Application Support
Apple Mobile Device Support
Apple Software Update
AVG 2014
AVG SafeGuard toolbar
AviSubtitler v2.02
B410 420 430 UserGuide
Belarc Advisor 7.2
Broadcom NetXtreme Ethernet Controller
Canon Camera Access Library
Canon CanoScan Toolbox 4.5
Canon DIGITAL CAMERA Solution Disk Software Guide
Canon MOV Decoder
Canon MOV Encoder
Canon MovieEdit Task for ZoomBrowser EX
Canon PowerShot A1200 Camera User Guide
Canon Utilities CameraWindow DC 8
Canon Utilities CameraWindow Launcher
Canon Utilities Movie Uploader for YouTube
Canon Utilities MyCamera
Canon Utilities PhotoStitch
Canon Utilities ZoomBrowser EX
Canon ZoomBrowser EX Memory Card Utility
CCleaner
CD+G Disc Player Plug-In for Winamp
CDRWIN
CloneCD
Compatibility Pack for the 2007 Office system
Core Temp 1.0 RC6
CoreAAC
CPUID CPU-Z 1.61.3
Dia (remove only)
doPDF 7.3 printer
DVD Solution
ESET Online Scanner v3
EvilLyrics
FastClean PRO
File Opener Pro
FLAC 1.2.1b (remove only)
FLV to MP3 Converter
Free CD Ripper 3.1
Free FLV to MP4 Converter
Free MP4 Video Converter version 5.0.20.1031
Free Sound Recorder 2010 v9.2.1
Free Studio version 5.3.3
Free Word/Doc Txt to Image Jpg/Jpeg Bmp Tiff Png Converter 5.1
FreeRIP3 3.70
GoldWave v5.14
GOM PICKER
GOM Player
GOM Video Converter
Google Chrome
Google Desktop
Google Earth
Google Talk Plugin
Google Toolbar for Internet Explorer
Google Update Helper
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB953595)
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB958484)
Hotfix for Windows Media Format 11 SDK (KB929399)
Hotfix for Windows Media Player 11 (KB939683)
Hotfix for Windows XP (KB2443685)
Hotfix for Windows XP (KB2633952)
Hotfix for Windows XP (KB2756822)
Hotfix for Windows XP (KB2779562)
Hotfix for Windows XP (KB942288-v3)
Hotfix for Windows XP (KB952287)
Hotfix for Windows XP (KB954550-v5)
Hotfix for Windows XP (KB961118)
Hotfix for Windows XP (KB979306)
Hotfix for Windows XP (KB981793)
Intel(R) Graphics Media Accelerator Driver
InterActual Player
IrfanView (remove only)
IsoBuster 2.4
iTunes
Japanese Fonts Support For Adobe Reader 9
Java 7 Update 51
Java Auto Updater
Jing
K-Lite Codec Pack 2.72 Full
Karaoke Builder Studio 3.x
Karaoke for DirectX (remove only)
LAME v3.98.3 for Audacity
Linksys Wireless Manager
Malwarebytes Anti-Malware version 1.75.0.1300
Microsoft .NET Framework 1.1
Microsoft .NET Framework 1.1 Security Update (KB2698023)
Microsoft .NET Framework 1.1 Security Update (KB2742597)
Microsoft .NET Framework 1.1 Security Update (KB979906)
Microsoft .NET Framework 2.0 Service Pack 2
Microsoft .NET Framework 3.0 Service Pack 2
Microsoft .NET Framework 3.5 SP1
Microsoft .NET Framework 4 Client Profile
Microsoft .NET Framework 4 Extended
Microsoft Compression Client Pack 1.0 for Windows XP
Microsoft Kernel-Mode Driver Framework Feature Pack 1.9
Microsoft Office 2003 Primary Interop Assemblies
Microsoft Office Click-to-Run 2010
Microsoft Office File Validation Add-In
Microsoft Office Home and Student 2010 - English
Microsoft Office Professional Edition 2003
Microsoft Office Visio Professional 2003
Microsoft Silverlight
Microsoft User-Mode Driver Framework Feature Pack 1.0
Microsoft Visual C++ 2005 Redistributable
Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219
Microsoft Visual Studio 2005 Tools for Office Runtime
Microsoft Works 6-9 Converter
Monkey's Audio
Mozilla Firefox 26.0 (x86 en-US)
Mozilla Maintenance Service
Mozilla Thunderbird 17.0.6 (x86 en-US)
MP3+G Toolz
MPEG2 Codec(libmpeg2/mad)
MSXML 4.0 SP2 (KB954430)
MSXML 4.0 SP2 (KB973688)
MSXML 4.0 SP3 Parser
MSXML 4.0 SP3 Parser (KB2758694)
MSXML 6.0 Parser (KB933579)
Multimedia Launcher
Nero 7 Premium
Nitro PDF Professional
OKI B410 Printer Menu Setup Tool
PCFriendly
PDF Form Filler 2
Picasa 2
Power CD+G Burner 2
Power CD+G to Video Karaoke Converter 2
PowerDVD
PowerProducer
Pure Networks Platform
QQ??8.5
QuickTime
QuickWordtoPDF
Rapport
Samsung_MonSetup
Search Protection
Security Update for CAPICOM (KB931906)
Security Update for Microsoft .NET Framework 3.5 SP1 (KB2604111)
Security Update for Microsoft .NET Framework 3.5 SP1 (KB2736416)
Security Update for Microsoft .NET Framework 3.5 SP1 (KB2840629)
Security Update for Microsoft .NET Framework 3.5 SP1 (KB2861697)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2604121)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2656351)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2729449)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2736428)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2737019)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2742595)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2789642)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2804576)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2832407)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2835393)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2840628v2)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2858302v2)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2861188)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2898855v2)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2901110v2)
Security Update for Microsoft .NET Framework 4 Extended (KB2487367)
Security Update for Microsoft .NET Framework 4 Extended (KB2656351)
Security Update for Microsoft .NET Framework 4 Extended (KB2736428)
Security Update for Microsoft .NET Framework 4 Extended (KB2742595)
Security Update for Microsoft .NET Framework 4 Extended (KB2858302v2)
Security Update for Microsoft .NET Framework 4 Extended (KB2901110v2)
Security Update for Microsoft Windows (KB2564958)
Security Update for Windows Internet Explorer 8 (KB2510531)
Security Update for Windows Internet Explorer 8 (KB2618444)
Security Update for Windows Internet Explorer 8 (KB2744842)
Security Update for Windows Internet Explorer 8 (KB2817183)
Security Update for Windows Internet Explorer 8 (KB2829530)
Security Update for Windows Internet Explorer 8 (KB2838727)
Security Update for Windows Internet Explorer 8 (KB2846071)
Security Update for Windows Internet Explorer 8 (KB2847204)
Security Update for Windows Internet Explorer 8 (KB2862772)
Security Update for Windows Internet Explorer 8 (KB2870699)
Security Update for Windows Internet Explorer 8 (KB2879017)
Security Update for Windows Internet Explorer 8 (KB2888505)
Security Update for Windows Internet Explorer 8 (KB2898785)
Security Update for Windows Internet Explorer 8 (KB2909210)
Security Update for Windows Internet Explorer 8 (KB2909921)
Security Update for Windows Internet Explorer 8 (KB982381)
Security Update for Windows Media Player (KB2378111)
Security Update for Windows Media Player (KB2834904-v2)
Security Update for Windows Media Player (KB2834904)
Security Update for Windows Media Player (KB2845142)
Security Update for Windows Media Player (KB952069)
Security Update for Windows Media Player (KB954155)
Security Update for Windows Media Player (KB968816)
Security Update for Windows Media Player (KB973540)
Security Update for Windows Media Player (KB975558)
Security Update for Windows Media Player (KB978695)
Security Update for Windows Media Player (KB979402)
Security Update for Windows Media Player 11 (KB954154)
Security Update for Windows XP (KB2079403)
Security Update for Windows XP (KB2115168)
Security Update for Windows XP (KB2121546)
Security Update for Windows XP (KB2229593)
Security Update for Windows XP (KB2259922)
Security Update for Windows XP (KB2296011)
Security Update for Windows XP (KB2347290)
Security Update for Windows XP (KB2360937)
Security Update for Windows XP (KB2387149)
Security Update for Windows XP (KB2393802)
Security Update for Windows XP (KB2412687)
Security Update for Windows XP (KB2419632)
Security Update for Windows XP (KB2423089)
Security Update for Windows XP (KB2440591)
Security Update for Windows XP (KB2443105)
Security Update for Windows XP (KB2476490)
Security Update for Windows XP (KB2476687)
Security Update for Windows XP (KB2478960)
Security Update for Windows XP (KB2478971)
Security Update for Windows XP (KB2479628)
Security Update for Windows XP (KB2479943)
Security Update for Windows XP (KB2481109)
Security Update for Windows XP (KB2482017)
Security Update for Windows XP (KB2483185)
Security Update for Windows XP (KB2485376)
Security Update for Windows XP (KB2485663)
Security Update for Windows XP (KB2503665)
Security Update for Windows XP (KB2506212)
Security Update for Windows XP (KB2507618)
Security Update for Windows XP (KB2507938)
Security Update for Windows XP (KB2508272)
Security Update for Windows XP (KB2508429)
Security Update for Windows XP (KB2509553)
Security Update for Windows XP (KB2524375)
Security Update for Windows XP (KB2535512)
Security Update for Windows XP (KB2536276-v2)
Security Update for Windows XP (KB2536276)
Security Update for Windows XP (KB2544893-v2)
Security Update for Windows XP (KB2544893)
Security Update for Windows XP (KB2555917)
Security Update for Windows XP (KB2566454)
Security Update for Windows XP (KB2567680)
Security Update for Windows XP (KB2570222)
Security Update for Windows XP (KB2570947)
Security Update for Windows XP (KB2584146)
Security Update for Windows XP (KB2585542)
Security Update for Windows XP (KB2592799)
Security Update for Windows XP (KB2598479)
Security Update for Windows XP (KB2603381)
Security Update for Windows XP (KB2618451)
Security Update for Windows XP (KB2619339)
Security Update for Windows XP (KB2620712)
Security Update for Windows XP (KB2621440)
Security Update for Windows XP (KB2624667)
Security Update for Windows XP (KB2631813)
Security Update for Windows XP (KB2633171)
Security Update for Windows XP (KB2639417)
Security Update for Windows XP (KB2641653)
Security Update for Windows XP (KB2646524)
Security Update for Windows XP (KB2647518)
Security Update for Windows XP (KB2653956)
Security Update for Windows XP (KB2655992)
Security Update for Windows XP (KB2659262)
Security Update for Windows XP (KB2660465)
Security Update for Windows XP (KB2661637)
Security Update for Windows XP (KB2676562)
Security Update for Windows XP (KB2685939)
Security Update for Windows XP (KB2686509)
Security Update for Windows XP (KB2691442)
Security Update for Windows XP (KB2695962)
Security Update for Windows XP (KB2698365)
Security Update for Windows XP (KB2705219)
Security Update for Windows XP (KB2707511)
Security Update for Windows XP (KB2709162)
Security Update for Windows XP (KB2712808)
Security Update for Windows XP (KB2718523)
Security Update for Windows XP (KB2719985)
Security Update for Windows XP (KB2723135)
Security Update for Windows XP (KB2724197)
Security Update for Windows XP (KB2727528)
Security Update for Windows XP (KB2731847)
Security Update for Windows XP (KB2753842-v2)
Security Update for Windows XP (KB2753842)
Security Update for Windows XP (KB2757638)
Security Update for Windows XP (KB2758857)
Security Update for Windows XP (KB2761226)
Security Update for Windows XP (KB2770660)
Security Update for Windows XP (KB2778344)
Security Update for Windows XP (KB2779030)
Security Update for Windows XP (KB2780091)
Security Update for Windows XP (KB2799494)
Security Update for Windows XP (KB2802968)
Security Update for Windows XP (KB2807986)
Security Update for Windows XP (KB2808735)
Security Update for Windows XP (KB2813170)
Security Update for Windows XP (KB2813345)
Security Update for Windows XP (KB2820197)
Security Update for Windows XP (KB2820917)
Security Update for Windows XP (KB2829361)
Security Update for Windows XP (KB2834886)
Security Update for Windows XP (KB2839229)
Security Update for Windows XP (KB2845187)
Security Update for Windows XP (KB2847311)
Security Update for Windows XP (KB2849470)
Security Update for Windows XP (KB2850851)
Security Update for Windows XP (KB2850869)
Security Update for Windows XP (KB2859537)
Security Update for Windows XP (KB2862152)
Security Update for Windows XP (KB2862330)
Security Update for Windows XP (KB2862335)
Security Update for Windows XP (KB2864063)
Security Update for Windows XP (KB2868038)
Security Update for Windows XP (KB2868626)
Security Update for Windows XP (KB2876217)
Security Update for Windows XP (KB2876315)
Security Update for Windows XP (KB2876331)
Security Update for Windows XP (KB2883150)
Security Update for Windows XP (KB2892075)
Security Update for Windows XP (KB2893294)
Security Update for Windows XP (KB2893984)
Security Update for Windows XP (KB2898715)
Security Update for Windows XP (KB2900986)
Security Update for Windows XP (KB2914368)
Security Update for Windows XP (KB2916036)
Security Update for Windows XP (KB923561)
Security Update for Windows XP (KB923689)
Security Update for Windows XP (KB923789)
Security Update for Windows XP (KB938464)
Security Update for Windows XP (KB941569)
Security Update for Windows XP (KB946648)
Security Update for Windows XP (KB950759)
Security Update for Windows XP (KB950760)
Security Update for Windows XP (KB950762)
Security Update for Windows XP (KB950974)
Security Update for Windows XP (KB951066)
Security Update for Windows XP (KB951376-v2)
Security Update for Windows XP (KB951698)
Security Update for Windows XP (KB951748)
Security Update for Windows XP (KB952004)
Security Update for Windows XP (KB952954)
Security Update for Windows XP (KB954211)
Security Update for Windows XP (KB954600)
Security Update for Windows XP (KB955069)
Security Update for Windows XP (KB956391)
Security Update for Windows XP (KB956572)
Security Update for Windows XP (KB956744)
Security Update for Windows XP (KB956802)
Security Update for Windows XP (KB956803)
Security Update for Windows XP (KB956841)
Security Update for Windows XP (KB956844)
Security Update for Windows XP (KB957095)
Security Update for Windows XP (KB957097)
Security Update for Windows XP (KB958644)
Security Update for Windows XP (KB958687)
Security Update for Windows XP (KB958690)
Security Update for Windows XP (KB958869)
Security Update for Windows XP (KB959426)
Security Update for Windows XP (KB960225)
Security Update for Windows XP (KB960715)
Security Update for Windows XP (KB960803)
Security Update for Windows XP (KB960859)
Security Update for Windows XP (KB961373)
Security Update for Windows XP (KB961501)
Security Update for Windows XP (KB963027)
Security Update for Windows XP (KB968537)
Security Update for Windows XP (KB969059)
Security Update for Windows XP (KB969897)
Security Update for Windows XP (KB969898)
Security Update for Windows XP (KB969947)
Security Update for Windows XP (KB970238)
Security Update for Windows XP (KB970430)
Security Update for Windows XP (KB971468)
Security Update for Windows XP (KB971657)
Security Update for Windows XP (KB971961)
Security Update for Windows XP (KB972270)
Security Update for Windows XP (KB973507)
Security Update for Windows XP (KB973869)
Security Update for Windows XP (KB973904)
Security Update for Windows XP (KB974112)
Security Update for Windows XP (KB974318)
Security Update for Windows XP (KB974392)
Security Update for Windows XP (KB974571)
Security Update for Windows XP (KB975467)
Security Update for Windows XP (KB975560)
Security Update for Windows XP (KB975561)
Security Update for Windows XP (KB975562)
Security Update for Windows XP (KB975713)
Security Update for Windows XP (KB977816)
Security Update for Windows XP (KB977914)
Security Update for Windows XP (KB978037)
Security Update for Windows XP (KB978262)
Security Update for Windows XP (KB978338)
Security Update for Windows XP (KB978542)
Security Update for Windows XP (KB978601)
Security Update for Windows XP (KB978706)
Security Update for Windows XP (KB979309)
Security Update for Windows XP (KB979482)
Security Update for Windows XP (KB979559)
Security Update for Windows XP (KB979683)
Security Update for Windows XP (KB979687)
Security Update for Windows XP (KB980195)
Security Update for Windows XP (KB980218)
Security Update for Windows XP (KB980232)
Security Update for Windows XP (KB980436)
Security Update for Windows XP (KB981322)
Security Update for Windows XP (KB981349)
Security Update for Windows XP (KB981997)
Security Update for Windows XP (KB982132)
Security Update for Windows XP (KB982214)
Security Update for Windows XP (KB982381)
Security Update for Windows XP (KB982665)
Siglos Karaoke Professional
Skype Click to Call
Skype™ 6.11
SnagIt 7
SoundMAX
StudioTax 2012
StudioTax 2013
TaxFreeway 2012
TaxFreeway 2013
Trusteer Endpoint Protection
Tweaking.com - Windows Repair (All in One)
Uninstall Helper
Update for Windows Internet Explorer 8 (KB2598845)
Update for Windows XP (KB2141007)
Update for Windows XP (KB2345886)
Update for Windows XP (KB2467659)
Update for Windows XP (KB2541763)
Update for Windows XP (KB2641690)
Update for Windows XP (KB2661254-v2)
Update for Windows XP (KB2718704)
Update for Windows XP (KB2736233)
Update for Windows XP (KB2749655)
Update for Windows XP (KB2863058)
Update for Windows XP (KB2904266)
Update for Windows XP (KB942763)
Update for Windows XP (KB951978)
Update for Windows XP (KB955759)
Update for Windows XP (KB955839)
Update for Windows XP (KB967715)
Update for Windows XP (KB968389)
Update for Windows XP (KB971029)
Update for Windows XP (KB971737)
Update for Windows XP (KB973687)
Update for Windows XP (KB973815)
Update for Windows XP (KB980182)
Visual Studio 2005 Tools for Office Second Edition Runtime
Visual Studio 2012 x86 Redistributables
WD Diagnostics
WD Drive Manager (x86)
WebFldrs XP
Winamp (remove only)
Windows Essentials Media Codec Pack 4.0 [32-Bit]
Windows Feature Pack for Storage (32-bit) - IMAPI update for Blu-Ray
Windows Genuine Advantage Notifications (KB905474)
Windows Genuine Advantage Validation Tool (KB892130)
Windows Imaging Component
Windows Internet Explorer 8
Windows Media Format 11 runtime
Windows Media Player 11
Windows PowerShell(TM) 1.0
Windows XP Service Pack 3
WinRAR archiver
Wisdom-soft ScreenHunter 6.0 Free
WOT for Internet Explorer
YouTube to MP3 Converter
YTD Toolbar v7.0
YTD Video Downloader 4.7.2
.
==== Event Viewer Messages From Past Week ========
.
3/4/2014 8:47:27 PM, error: Service Control Manager [7026] - The following boot-start or system-start driver(s) failed to load: i8042prt PCIIde
2/28/2014 6:48:29 AM, error: Dhcp [1002] - The IP address lease 192.168.0.109 for the Network Card with network address 001185DEA863 has been denied by the DHCP server 192.168.0.1 (The DHCP Server sent a DHCPNACK message).
2/25/2014 6:20:30 AM, error: Windows Update Agent [20] - Installation Failure: Windows failed to install the following update with error 0x80070643: Security Update for Microsoft .NET Framework 1.1 SP1 on Windows XP, Windows Vista, and Windows Server 2008 x86 (KB2833941).
2/25/2014 11:25:17 AM, error: Service Control Manager [7034] - The Pure Networks Platform Service service terminated unexpectedly. It has done this 1 time(s).
2/25/2014 11:25:01 AM, error: Service Control Manager [7000] - The TcHardWare service failed to start due to the following error: The system cannot find the file specified.
2/25/2014 11:24:58 AM, error: Service Control Manager [7026] - The following boot-start or system-start driver(s) failed to load: i8042prt
2/25/2014 11:24:58 AM, error: Service Control Manager [7022] - The Pure Networks Platform Service service hung on starting.
.
==== End Of File ===========================

You were supposed to add new POSTS, not create new threads. Merged threads.

Just paste into the Quick Reply block just below this post and click the Post Quick Reply button below it and to the right.

Please, observe following rules:

• Read all of my instructions very carefully. Your mistakes during cleaning process may have very serious consequences, like unbootable computer.
• If you're stuck, or you're not sure about certain step, always ask before doing anything else.
• Please refrain from running any tools, fixes or applying any changes to your computer other than those I suggest.
• Never run more than one scan at a time.
• Keep updating me regarding your computer behavior, good, or bad.
• The cleaning process, once started, has to be completed. Even if your computer appears to act better, it may still be infected. Once the computer is totally clean, I'll certainly let you know.
• If you leave the topic without explanation in the middle of a cleaning process, you may not be eligible to receive any more help in malware removal forum.
• I close my topics if you have not replied in 5 days. If you need more time, simply let me know. If I closed your topic and you need it to be reopened, simply PM me.

===================================

http://dev.discussions.virtualdr.forums.relay.cool/ Download RogueKiller from one of the following links and save it to your Desktop:

• Link 1
• Link 2

• Close all the running programs
• Windows Vista/7 users: right click on RogueKiller.exe, click Run as Administrator
• Otherwise just double-click on RogueKiller.exe
• Pre-scan will start. Let it finish.
• Click on SCAN button.
• Wait until the Status box shows Scan Finished
• Click on Delete.
• Wait until the Status box shows Deleting Finished.
• Click on Report and copy/paste the content of the Notepad into your next reply.
• RKreport.txt could also be found on your desktop.
• If more than one log is produced post all logs.
• If RogueKiller has been blocked, do not hesitate to try a few times more. If really won't run, rename it to winlogon.exe (or winlogon.com) and try again

http://dev.discussions.virtualdr.forums.relay.cool/ Create new restore point before proceeding with the next step....
How to: http://www.smartestcomputing.us.com/...t-all-windows/

Download Malwarebytes Anti-Rootkit (MBAR) from HERE

• Unzip downloaded file.
• Open the folder where the contents were unzipped and run mbar.exe
• Follow the instructions in the wizard to update and allow the program to scan your computer for threats.
• Click on the Cleanup button to remove any threats and reboot if prompted to do so.
• Wait while the system shuts down and the cleanup process is performed.
• Perform another scan with Malwarebytes Anti-Rootkit to verify that no threats remain. If they do, then click Cleanup once more and repeat the process.
• When done, please post the two logs produced they will be in the MBAR folder..... mbar-log-xxxxx.txt and system-log.txt

RKreport.txt
=========
RogueKiller V8.8.10 [Feb 28 2014] by Adlice Software
mail : http://www.adlice.com/contact/
Feedback : http://forum.adlice.com
Website : http://www.adlice.com/softwares/roguekiller/
Blog : http://www.adlice.com

Operating System : Windows XP (5.1.2600 Service Pack 3) 32 bits version
Started in : Normal mode
User : ADMIN [Admin rights]
Mode : Scan -- Date : 03/05/2014 07:54:53
| ARK || FAK || MBR |

¤¤¤ Bad processes : 3 ¤¤¤
[SUSP PATH][DLL] explorer.exe -- C:\Documents and Settings\ADMIN\Local Settings\Application Data\Sevas-S\YouTube to MP3 Converter\BrowserExtensions\IE\YouTubeDownloaderExtension.dll [x] -> UNLOADED
[SUSP PATH] yt2mp3_updater.exe -- C:\Documents and Settings\ADMIN\Local Settings\Application Data\Sevas-S\YouTube to MP3 Converter\yt2mp3_updater.exe [7] -> KILLED [TermProc]
[SUSP PATH] yt2mp3converter.exe -- C:\Documents and Settings\ADMIN\Local Settings\Application Data\Sevas-S\YouTube To MP3 Converter\yt2mp3converter.exe [7] -> KILLED [TermProc]

¤¤¤ Registry Entries : 3 ¤¤¤
[RUN][SUSP PATH] HKCU\[...]\Run : AVG-Secure-Search-Update_1113a (C:\Documents and Settings\ADMIN\Application Data\AVG 1113a Campaign\AVG-Secure-Search-Update-1113a.exe /PROMPT /mid=Unknown /CMPID=1113a [x][x]) -> FOUND
[RUN][SUSP PATH] HKLM\[...]\Run : YouTube to MP3 Converter Updater (C:\Documents and Settings\ADMIN\Local Settings\Application Data\Sevas-S\YouTube to MP3 Converter\yt2mp3_updater.exe [7]) -> FOUND
[RUN][SUSP PATH] HKUS\S-1-5-21-1202660629-1935655697-839522115-1003\[...]\Run : AVG-Secure-Search-Update_1113a (C:\Documents and Settings\ADMIN\Application Data\AVG 1113a Campaign\AVG-Secure-Search-Update-1113a.exe /PROMPT /mid=Unknown
/CMPID=1113a [x][x]) -> FOUND

¤¤¤ Scheduled tasks : 1 ¤¤¤
[V1][SUSP PATH] At1.job : C:\DOCUME~1\ADMIN\APPLIC~1\MYSEAR~1\UPDATE~1\UPDATE~1.EXE - /Check [x] -> FOUND

¤¤¤ Startup Entries : 0 ¤¤¤

¤¤¤ Web browsers : 0 ¤¤¤

¤¤¤ Browser Addons : 0 ¤¤¤

¤¤¤ Particular Files / Folders: ¤¤¤

¤¤¤ Driver : [LOADED] ¤¤¤
[Address] SSDT[17] : NtAllocateVirtualMemory @ 0x80570DA7 -> HOOKED (TsFltMgr.sys @ 0xF74EBAD0)
[Address] SSDT[19] : NtAssignProcessToJobObject @ 0x805E0FC1 -> HOOKED (TsFltMgr.sys @ 0xF74EB980)
[Address] SSDT[37] : NtCreateFile @ 0x80573E0B -> HOOKED (TsFltMgr.sys @ 0xF74E8F00)
[Address] SSDT[41] : NtCreateKey @ 0x80578ACE -> HOOKED (TsFltMgr.sys @ 0xF74E8630)
[Address] SSDT[50] : NtCreateSection @ 0x8056DB66 -> HOOKED (TsFltMgr.sys @ 0xF74EA470)
[Address] SSDT[52] : NtCreateSymbolicLinkObject @ 0x805DFB1A -> HOOKED (TsFltMgr.sys @ 0xF74EAB80)
[Address] SSDT[62] : NtDeleteFile @ 0x805DBFFC -> HOOKED (TsFltMgr.sys @ 0xF74EA1E0)
[Address] SSDT[63] : NtDeleteKey @ 0x8059978F -> HOOKED (TsFltMgr.sys @ 0xF74E9220)
[Address] SSDT[65] : NtDeleteValueKey @ 0x805983AE -> HOOKED (TsFltMgr.sys @ 0xF74E9360)
[Address] SSDT[66] : NtDeviceIoControlFile @ 0x80588CD6 -> HOOKED (TsFltMgr.sys @ 0xF74E9D50)
[Address] SSDT[68] : NtDuplicateObject @ 0x8057F1A9 -> HOOKED (TsFltMgr.sys @ 0xF74E9A90)
[Address] SSDT[73] : NtEnumerateValueKey @ 0x80590252 -> HOOKED (TsFltMgr.sys @ 0xF74E9780)
[Address] SSDT[83] : NtFreeVirtualMemory @ 0x805712A1 -> HOOKED (TsFltMgr.sys @ 0xF74EBC50)
[Address] SSDT[97] : NtLoadDriver @ 0x805AF8CE -> HOOKED (TsFltMgr.sys @ 0xF74E9C10)
[Address] SSDT[105] : NtMakeTemporaryObject @ 0x805DFDD7 -> HOOKED (TsFltMgr.sys @ 0xF74EBDB0)
[Address] SSDT[125] : NtOpenSection @ 0x805791AE -> HOOKED (TsFltMgr.sys @ 0xF74EA320)
[Address] SSDT[137] : NtProtectVirtualMemory @ 0x8057F587 -> HOOKED (TsFltMgr.sys @ 0xF74EAA10)
[Address] SSDT[192] : NtRenameKey @ 0x80656A4A -> HOOKED (TsFltMgr.sys @ 0xF74EAE30)
[Address] SSDT[193] : NtReplaceKey @ 0x806573A6 -> HOOKED (TsFltMgr.sys @ 0xF74EB0D0)
[Address] SSDT[200] : NtRequestWaitReplyPort @ 0x8057D153 -> HOOKED (TsFltMgr.sys @ 0xF74E94B0)
[Address] SSDT[204] : NtRestoreKey @ 0x80656F3D -> HOOKED (TsFltMgr.sys @ 0xF74EAF80)
[Address] SSDT[213] : NtSetContextThread @ 0x80636401 -> HOOKED (TsFltMgr.sys @ 0xF74EACE0)
[Address] SSDT[224] : NtSetInformationFile @ 0x805830F1 -> HOOKED (TsFltMgr.sys @ 0xF74E8900)
[Address] SSDT[240] : NtSetSystemInformation @ 0x805B1500 -> HOOKED (TsFltMgr.sys @ 0xF74EA090)
[Address] SSDT[247] : NtSetValueKey @ 0x805800A4 -> HOOKED (TsFltMgr.sys @ 0xF74E8C10)
[Address] SSDT[255] : NtSystemDebugControl @ 0x80651C71 -> HOOKED (TsFltMgr.sys @ 0xF74EA890)
[Address] SSDT[267] : NtUnmapViewOfSection @ 0x8057A7C1 -> HOOKED (TsFltMgr.sys @ 0xF74EB830)
[Address] SSDT[274] : NtWriteFile @ 0x80583375 -> HOOKED (TsFltMgr.sys @ 0xF74E8A70)
[Address] Shadow SSDT[312] : NtUserBuildHwndList -> HOOKED (TsFltMgr.sys @ 0xF74EC220)
[Address] Shadow SSDT[330] : NtUserClipCursor -> HOOKED (TsFltMgr.sys @ 0xF74ED250)
[Address] Shadow SSDT[378] : NtUserFindWindowEx -> HOOKED (TsFltMgr.sys @ 0xF74EC0B0)
[Address] Shadow SSDT[404] : NtUserGetForegroundWindow -> HOOKED (TsFltMgr.sys @ 0xF74EC4F0)
[Address] Shadow SSDT[460] : NtUserMessageCall -> HOOKED (TsFltMgr.sys @ 0xF74ED6A0)
[Address] Shadow SSDT[465] : NtUserMoveWindow -> HOOKED (TsFltMgr.sys @ 0xF74ECA10)
[Address] Shadow SSDT[475] : NtUserPostMessage -> HOOKED (TsFltMgr.sys @ 0xF74ED820)
[Address] Shadow SSDT[476] : NtUserPostThreadMessage -> HOOKED (TsFltMgr.sys @ 0xF74ED980)
[Address] Shadow SSDT[483] : NtUserQueryWindow -> HOOKED (TsFltMgr.sys @ 0xF74EC3A0)
[Address] Shadow SSDT[502] : NtUserSendInput -> HOOKED (TsFltMgr.sys @ 0xF74ED100)
[Address] Shadow SSDT[529] : NtUserSetParent -> HOOKED (TsFltMgr.sys @ 0xF74EC760)
[Address] Shadow SSDT[544] : NtUserSetWindowLong -> HOOKED (TsFltMgr.sys @ 0xF74EC8B0)
[Address] Shadow SSDT[545] : NtUserSetWindowPlacement -> HOOKED (TsFltMgr.sys @ 0xF74ECD10)
[Address] Shadow SSDT[546] : NtUserSetWindowPos -> HOOKED (TsFltMgr.sys @ 0xF74ECB90)
[Address] Shadow SSDT[552] : NtUserSetWinEventHook -> HOOKED (TsFltMgr.sys @ 0xF74ED390)
[Address] Shadow SSDT[555] : NtUserShowWindow -> HOOKED (TsFltMgr.sys @ 0xF74ECE60)
[Address] Shadow SSDT[556] : NtUserShowWindowAsync -> HOOKED (TsFltMgr.sys @ 0xF74ECFB0)
[Address] Shadow SSDT[592] : NtUserWindowFromPoint -> HOOKED (TsFltMgr.sys @ 0xF74EC610)

¤¤¤ External Hives: ¤¤¤

¤¤¤ Infection : ¤¤¤

¤¤¤ HOSTS File: ¤¤¤
--> %SystemRoot%\System32\drivers\etc\hosts


127.0.0.1 localhost


¤¤¤ MBR Check: ¤¤¤

+++++ PhysicalDrive0: (\\.\PHYSICALDRIVE0 @ IDE) SAMSUNG SP0812C +++++
--- User ---
[MBR] 47b7733e2ebb66704334197371dfeb60
[BSP] 4d1738d29bd56e11f363b58923c9ebc7 : Windows XP MBR Code
Partition table:
0 - [ACTIVE] NTFS (0x07) [VISIBLE] Offset (sectors): 63 | Size: 76316 Mo
User = LL1 ... OK!
User = LL2 ... OK!

+++++ PhysicalDrive1: (\\.\PHYSICALDRIVE1 @ IDE) ST2000DM001-9YN164 +++++
--- User ---
[MBR] 1d9d93e3957e9ad32111a8887c533393
[BSP] fc1c3f54a420a9c310c529f5a8f7f443 : Windows XP MBR Code
Partition table:
0 - [XXXXXX] LINUX-SWP (0x42) [VISIBLE] Offset (sectors): 63 | Size: 1907726 Mo
User = LL1 ... OK!
User = LL2 ... OK!

+++++ PhysicalDrive2: (\\.\PHYSICALDRIVE2 @ IDE) +++++
--- User ---
[MBR] a0804512606de9ebcd08edf18f8bee5e
[BSP] 0d5cd987dd27d007ebfb056aad1bc943 : Windows XP MBR Code
Partition table:
0 - [XXXXXX] NTFS (0x07) [VISIBLE] Offset (sectors): 63 | Size: 476929 Mo
User = LL1 ... OK!
User = LL2 ... OK!

+++++ PhysicalDrive3: (\\.\PHYSICALDRIVE3 @ USB) PNY USB 2.0 FD USB Device +++++
--- User ---
[MBR] bb393f7fd0cd5a6892b5a9ddb53646ce
[BSP] 33a07a59d299ab4ea9f4ab0156f9d86f : Windows XP MBR Code
Partition table:
0 - [ACTIVE] FAT32-LBA (0x0c) [VISIBLE] Offset (sectors): 11640 | Size: 7782 Mo
User = LL1 ... OK!
Error reading LL2 MBR! ([0x32] The request is not supported. )

Finished : << RKreport[0]_S_03052014_075453.txt >>

Malwarebytes Anti-Rootkit logs. FIRST SCAN
=================================

Malwarebytes Anti-Rootkit BETA 1.07.0.1009
www.malwarebytes.org

Database version: v2014.03.05.06

Windows XP Service Pack 3 x86 NTFS
Internet Explorer 8.0.6001.18702
ADMIN :: TEST-0EDA6CF69E [administrator]

3/5/2014 8:15:06 AM
mbar-log-2014-03-05 (08-15-06).txt

Scan type: Quick scan
Scan options enabled: Anti-Rootkit | Drivers | MBR | Physical Sectors | Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken
Scan options disabled:
Objects scanned: 234835
Time elapsed: 1 hour(s), 3 minute(s), 40 second(s)

Memory Processes Detected: 0
(No malicious items detected)

Memory Modules Detected: 0
(No malicious items detected)

Registry Keys Detected: 0
(No malicious items detected)

Registry Values Detected: 0
(No malicious items detected)

Registry Data Items Detected: 0
(No malicious items detected)

Folders Detected: 0
(No malicious items detected)

Files Detected: 0
(No malicious items detected)

Physical Sectors Detected: 0
(No malicious items detected)

(end)

========================================
Malwarebytes Anti-Rootkit Log - SECOND SCAN

Malwarebytes Anti-Rootkit BETA 1.07.0.1009
www.malwarebytes.org

Database version: v2014.03.05.07

Windows XP Service Pack 3 x86 NTFS
Internet Explorer 8.0.6001.18702
ADMIN :: TEST-0EDA6CF69E [administrator]

3/5/2014 10:56:22 AM
mbar-log-2014-03-05 (10-56-22).txt

Scan type: Quick scan
Scan options enabled: Anti-Rootkit | Drivers | MBR | Physical Sectors | Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken
Scan options disabled:
Objects scanned: 234894
Time elapsed: 40 minute(s), 7 second(s)

Memory Processes Detected: 0
(No malicious items detected)

Memory Modules Detected: 0
(No malicious items detected)

Registry Keys Detected: 0
(No malicious items detected)

Registry Values Detected: 0
(No malicious items detected)

Registry Data Items Detected: 0
(No malicious items detected)

Folders Detected: 0
(No malicious items detected)

Files Detected: 0
(No malicious items detected)

Physical Sectors Detected: 0
(No malicious items detected)

(end)

========================================
Malwarebytes - Anti-Rootkit SYSTEM LOG

---------------------------------------
Malwarebytes Anti-Rootkit BETA 1.07.0.1009

(c) Malwarebytes Corporation 2011-2012

OS version: 5.1.2600 Windows XP Service Pack 3 x86

Account is Administrative

Internet Explorer version: 8.0.6001.18702

File system is: NTFS
Disk drives: C:\ DRIVE_FIXED, E:\ DRIVE_FIXED, F:\ DRIVE_FIXED, Q:\ DRIVE_FIXED
CPU speed: 3.391000 GHz
Memory total: 3346460672, free: 2582142976

Downloaded database version: v2014.03.05.06
Downloaded database version: v2014.02.20.01
=======================================


---------------------------------------
Malwarebytes Anti-Rootkit BETA 1.07.0.1009

(c) Malwarebytes Corporation 2011-2012

OS version: 5.1.2600 Windows XP Service Pack 3 x86

Account is Administrative

Internet Explorer version: 8.0.6001.18702

File system is: NTFS
Disk drives: C:\ DRIVE_FIXED, E:\ DRIVE_FIXED, F:\ DRIVE_FIXED, Q:\ DRIVE_FIXED
CPU speed: 3.391000 GHz
Memory total: 3346460672, free: 2611314688

Initializing...
======================
------------ Kernel report ------------
03/05/2014 08:14:53
------------ Loaded modules -----------
\WINDOWS\system32\ntoskrnl.exe
\WINDOWS\system32\hal.dll
\WINDOWS\system32\KDCOM.DLL
\WINDOWS\system32\BOOTVID.dll
ACPI.sys
\WINDOWS\system32\DRIVERS\WMILIB.SYS
pci.sys
isapnp.sys
ohci1394.sys
\WINDOWS\system32\DRIVERS\1394BUS.SYS
TsFltMgr.sys
PCIIde.sys
\WINDOWS\System32\Drivers\PCIIDEX.SYS
intelide.sys
MountMgr.sys
ftdisk.sys
dmload.sys
dmio.sys
PartMgr.sys
VolSnap.sys
atapi.sys
disk.sys
\WINDOWS\system32\DRIVERS\CLASSPNP.SYS
fltmgr.sys
sr.sys
PxHelp20.sys
KSecDD.sys
Ntfs.sys
NDIS.sys
Mup.sys
avgrkx86.sys
avglogx.sys
avgmfx86.sys
avgidshx.sys
\SystemRoot\system32\DRIVERS\igxpmp32.sys
\SystemRoot\system32\DRIVERS\VIDEOPRT.SYS
\SystemRoot\system32\DRIVERS\b57xp32.sys
\SystemRoot\system32\DRIVERS\usbuhci.sys
\SystemRoot\system32\DRIVERS\USBPORT.SYS
\SystemRoot\system32\DRIVERS\usbehci.sys
\SystemRoot\system32\DRIVERS\nic1394.sys
\SystemRoot\system32\drivers\smwdm.sys
\SystemRoot\system32\drivers\portcls.sys
\SystemRoot\system32\drivers\drmk.sys
\SystemRoot\system32\drivers\ks.sys
\SystemRoot\system32\drivers\aeaudio.sys
\SystemRoot\system32\DRIVERS\mouclass.sys
\SystemRoot\system32\DRIVERS\kbdclass.sys
\SystemRoot\system32\DRIVERS\parport.sys
\SystemRoot\system32\DRIVERS\serial.sys
\SystemRoot\system32\DRIVERS\serenum.sys
\SystemRoot\system32\DRIVERS\fdc.sys
\SystemRoot\system32\DRIVERS\imapi.sys
\SystemRoot\system32\DRIVERS\cdrom.sys
\SystemRoot\system32\DRIVERS\redbook.sys
\SystemRoot\system32\DRIVERS\intelppm.sys
\SystemRoot\system32\DRIVERS\wmiacpi.sys
\SystemRoot\system32\DRIVERS\audstub.sys
\SystemRoot\system32\DRIVERS\rasl2tp.sys
\SystemRoot\system32\DRIVERS\ndistapi.sys
\SystemRoot\system32\DRIVERS\ndiswan.sys
\SystemRoot\system32\DRIVERS\raspppoe.sys
\SystemRoot\system32\DRIVERS\raspptp.sys
\SystemRoot\system32\DRIVERS\TDI.SYS
\SystemRoot\system32\DRIVERS\psched.sys
\SystemRoot\system32\DRIVERS\msgpc.sys
\SystemRoot\System32\drivers\dmboot.sys
\SystemRoot\system32\DRIVERS\ptilink.sys
\SystemRoot\system32\DRIVERS\raspti.sys
\SystemRoot\system32\DRIVERS\rdpdr.sys
\SystemRoot\system32\DRIVERS\termdd.sys
\SystemRoot\system32\DRIVERS\swenum.sys
\SystemRoot\system32\DRIVERS\update.sys
\SystemRoot\system32\DRIVERS\mssmbios.sys
\SystemRoot\System32\Drivers\NDProxy.SYS
\SystemRoot\system32\DRIVERS\usbhub.sys
\SystemRoot\system32\DRIVERS\USBD.SYS
\??\C:\Documents and Settings\All Users\Application Data\Trusteer\Rapport\store\exts\RapportCerberus\baseline\RapportCerberus32_59849.sys
\SystemRoot\System32\Drivers\Fs_Rec.SYS
\SystemRoot\System32\Drivers\Null.SYS
\SystemRoot\System32\Drivers\Beep.SYS
\??\C:\WINDOWS\system32\drivers\avgtpx86.sys
\SystemRoot\system32\DRIVERS\hidusb.sys
\SystemRoot\system32\DRIVERS\HIDCLASS.SYS
\SystemRoot\system32\DRIVERS\HIDPARSE.SYS
\SystemRoot\System32\drivers\vga.sys
\SystemRoot\System32\Drivers\mnmdd.SYS
\SystemRoot\System32\DRIVERS\RDPCDD.sys
\SystemRoot\System32\Drivers\Msfs.SYS
\SystemRoot\System32\Drivers\Npfs.SYS
\SystemRoot\system32\DRIVERS\rasacd.sys
\SystemRoot\system32\DRIVERS\ipsec.sys
\SystemRoot\system32\DRIVERS\tcpip.sys
\SystemRoot\system32\DRIVERS\avgtdix.sys
\SystemRoot\system32\DRIVERS\ipnat.sys
\SystemRoot\system32\DRIVERS\wanarp.sys
\SystemRoot\system32\DRIVERS\USBSTOR.SYS
\SystemRoot\system32\DRIVERS\netbt.sys
\SystemRoot\System32\drivers\ws2ifsl.sys
\SystemRoot\System32\drivers\afd.sys
\SystemRoot\system32\DRIVERS\netbios.sys
\SystemRoot\system32\DRIVERS\arp1394.sys
\SystemRoot\system32\DRIVERS\TSDefenseBt.sys
\SystemRoot\system32\DRIVERS\rdbss.sys
\??\C:\Program Files\Trusteer\Rapport\bin\RapportEI.sys
\SystemRoot\system32\DRIVERS\mrxsmb.sys
\SystemRoot\System32\Drivers\Fips.SYS
\SystemRoot\System32\Drivers\ElbyCDIO.sys
\SystemRoot\System32\Drivers\BANTExt.sys
\SystemRoot\system32\DRIVERS\avgldx86.sys
\SystemRoot\system32\DRIVERS\kbdhid.sys
\SystemRoot\system32\DRIVERS\mouhid.sys
\SystemRoot\system32\DRIVERS\avgidsshimx.sys
\SystemRoot\system32\DRIVERS\avgidsdriverx.sys
\SystemRoot\system32\DRIVERS\avgdiskx.sys
\SystemRoot\System32\Drivers\Fastfat.SYS
\SystemRoot\System32\Drivers\Cdfs.SYS
\SystemRoot\System32\Drivers\dump_atapi.sys
\SystemRoot\System32\Drivers\dump_WMILIB.SYS
\SystemRoot\System32\win32k.sys
\SystemRoot\System32\drivers\Dxapi.sys
\SystemRoot\System32\watchdog.sys
\SystemRoot\System32\drivers\dxg.sys
\SystemRoot\System32\drivers\dxgthk.sys
\SystemRoot\System32\igxpgd32.dll
\SystemRoot\System32\igxprd32.dll
\SystemRoot\System32\igxpdv32.DLL
\SystemRoot\System32\igxpdx32.DLL
\SystemRoot\System32\ATMFD.DLL
\SystemRoot\system32\DRIVERS\Sftvolxp.sys
\SystemRoot\system32\DRIVERS\ndisuio.sys
\SystemRoot\system32\DRIVERS\pnarp.sys
\SystemRoot\system32\DRIVERS\purendis.sys
\SystemRoot\system32\drivers\wdmaud.sys
\SystemRoot\system32\drivers\sysaudio.sys
\SystemRoot\System32\DRIVERS\OKIPAR.SYS
\SystemRoot\System32\Drivers\ParVdm.SYS
\SystemRoot\System32\Drivers\HTTP.sys
\SystemRoot\system32\DRIVERS\srv.sys
\SystemRoot\system32\DRIVERS\Sftfsxp.sys
\SystemRoot\system32\DRIVERS\Sftplayxp.sys
\SystemRoot\system32\DRIVERS\Sftredirxp.sys
\??\C:\WINDOWS\system32\drivers\mbamchameleon.sys
\??\C:\WINDOWS\system32\drivers\MBAMSwissArmy.sys
\WINDOWS\system32\ntdll.dll
----------- End -----------
Done!
<<<1>>>
Upper Device Name: \Device\Harddisk3\DR6
Upper Device Object: 0xffffffff8a36d268
Upper Device Driver Name: \Driver\Disk\
Lower Device Name: \Device\00000081\
Lower Device Object: 0xffffffff8a402ea0
Lower Device Driver Name: \Driver\USBSTOR\
<<<1>>>
Upper Device Name: \Device\Harddisk2\DR2
Upper Device Object: 0xffffffff8ae05ab8
Upper Device Driver Name: \Driver\Disk\
Lower Device Name: \Device\Ide\IdeDeviceP3T1L0-22\
Lower Device Object: 0xffffffff8ae8b4d0
Lower Device Driver Name: \Driver\atapi\
<<<1>>>
Upper Device Name: \Device\Harddisk1\DR1
Upper Device Object: 0xffffffff8ae7bab8
Upper Device Driver Name: \Driver\Disk\
Lower Device Name: \Device\Ide\IdeDeviceP3T0L0-1a\
Lower Device Object: 0xffffffff8aec63f8
Lower Device Driver Name: \Driver\atapi\
<<<1>>>
Upper Device Name: \Device\Harddisk0\DR0
Upper Device Object: 0xffffffff8ae7cab8
Upper Device Driver Name: \Driver\Disk\
Lower Device Name: \Device\Ide\IdeDeviceP2T0L0-e\
Lower Device Object: 0xffffffff8ae34940
Lower Device Driver Name: \Driver\atapi\
<<<2>>>
Physical Sector Size: 512
Drive: 0, DevicePointer: 0xffffffff8ae7cab8, DeviceName: \Device\Harddisk0\DR0\, DriverName: \Driver\Disk\
--------- Disk Stack ------
DevicePointer: 0xffffffff8ae83020, DeviceName: Unknown, DriverName: \Driver\PartMgr\
DevicePointer: 0xffffffff8ae7cab8, DeviceName: \Device\Harddisk0\DR0\, DriverName: \Driver\Disk\
DevicePointer: 0xffffffff8ae369e8, DeviceName: \Device\00000072\, DriverName: \Driver\ACPI\
DevicePointer: 0xffffffff8ae34940, DeviceName: \Device\Ide\IdeDeviceP2T0L0-e\, DriverName: \Driver\atapi\
------------ End ----------
Alternate DeviceName: \Device\Harddisk0\DR0\, DriverName: \Driver\Disk\
Upper DeviceData: 0x0, 0x0, 0x0
Lower DeviceData: 0x0, 0x0, 0x0
<<<3>>>
Volume: C:
File system type: NTFS
SectorSize = 512, ClusterSize = 4096, MFTRecordSize = 1024, MFTIndexSize = 4096 bytes
<<<2>>>
<<<3>>>
Volume: C:
File system type: NTFS
SectorSize = 512, ClusterSize = 4096, MFTRecordSize = 1024, MFTIndexSize = 4096 bytes
Scanning drivers directory: C:\WINDOWS\SYSTEM32\drivers...
<<<2>>>
<<<3>>>
Volume: C:
File system type: NTFS
SectorSize = 512, ClusterSize = 4096, MFTRecordSize = 1024, MFTIndexSize = 4096 bytes
Done!
Drive 0
Scanning MBR on drive 0...
Inspecting partition table:
MBR Signature: 55AA
Disk Signature: B881B881

Partition information:

Partition 0 type is Primary (0x7)
Partition is ACTIVE.
Partition starts at LBA: 63 Numsec = 156296322
Partition file system is NTFS
Partition is bootable

Partition 1 type is Empty (0x0)
Partition is NOT ACTIVE.
Partition starts at LBA: 0 Numsec = 0

Partition 2 type is Empty (0x0)
Partition is NOT ACTIVE.
Partition starts at LBA: 0 Numsec = 0

Partition 3 type is Empty (0x0)
Partition is NOT ACTIVE.
Partition starts at LBA: 0 Numsec = 0

Disk Size: 80026361856 bytes
Sector size: 512 bytes

Scanning physical sectors of unpartitioned space on drive 0 (1-62-156281488-156301488)...
Done!
Physical Sector Size: 512
Drive: 1, DevicePointer: 0xffffffff8ae7bab8, DeviceName: \Device\Harddisk1\DR1\, DriverName: \Driver\Disk\
--------- Disk Stack ------
DevicePointer: 0xffffffff8ae7a930, DeviceName: Unknown, DriverName: \Driver\PartMgr\
DevicePointer: 0xffffffff8ae7bab8, DeviceName: \Device\Harddisk1\DR1\, DriverName: \Driver\Disk\
DevicePointer: 0xffffffff8ae45f18, DeviceName: \Device\00000073\, DriverName: \Driver\ACPI\
DevicePointer: 0xffffffff8aec63f8, DeviceName: \Device\Ide\IdeDeviceP3T0L0-1a\, DriverName: \Driver\atapi\
------------ End ----------
Alternate DeviceName: \Device\Harddisk1\DR1\, DriverName: \Driver\Disk\
Upper DeviceData: 0x0, 0x0, 0x0
Lower DeviceData: 0x0, 0x0, 0x0
Drive 1
Scanning MBR on drive 1...
Inspecting partition table:
MBR Signature: 55AA
Disk Signature: 72622581

Partition information:

Partition 0 type is Dynamic (0x42)
Partition is NOT ACTIVE.
Partition starts at LBA: 63 Numsec = 3907024002

Partition 1 type is Empty (0x0)
Partition is NOT ACTIVE.
Partition starts at LBA: 0 Numsec = 0

Partition 2 type is Empty (0x0)
Partition is NOT ACTIVE.
Partition starts at LBA: 0 Numsec = 0

Partition 3 type is Empty (0x0)
Partition is NOT ACTIVE.
Partition starts at LBA: 0 Numsec = 0

Disk Size: 2000398934016 bytes
Sector size: 512 bytes

Done!
Physical Sector Size: 512
Drive: 2, DevicePointer: 0xffffffff8ae05ab8, DeviceName: \Device\Harddisk2\DR2\, DriverName: \Driver\Disk\
--------- Disk Stack ------
DevicePointer: 0xffffffff8ae36b70, DeviceName: Unknown, DriverName: \Driver\PartMgr\
DevicePointer: 0xffffffff8ae05ab8, DeviceName: \Device\Harddisk2\DR2\, DriverName: \Driver\Disk\
DevicePointer: 0xffffffff8ae44f18, DeviceName: \Device\00000074\, DriverName: \Driver\ACPI\
DevicePointer: 0xffffffff8ae8b4d0, DeviceName: \Device\Ide\IdeDeviceP3T1L0-22\, DriverName: \Driver\atapi\
------------ End ----------
Alternate DeviceName: \Device\Harddisk2\DR2\, DriverName: \Driver\Disk\
Upper DeviceData: 0x0, 0x0, 0x0
Lower DeviceData: 0x0, 0x0, 0x0
Drive 2
Scanning MBR on drive 2...
Inspecting partition table:
MBR Signature: 55AA
Disk Signature: B8E6B8E6

Partition information:

Partition 0 type is Primary (0x7)
Partition is NOT ACTIVE.
Partition starts at LBA: 63 Numsec = 976751937

Partition 1 type is Empty (0x0)
Partition is NOT ACTIVE.
Partition starts at LBA: 0 Numsec = 0

Partition 2 type is Empty (0x0)
Partition is NOT ACTIVE.
Partition starts at LBA: 0 Numsec = 0

Partition 3 type is Empty (0x0)
Partition is NOT ACTIVE.
Partition starts at LBA: 0 Numsec = 0

Disk Size: 500107862016 bytes
Sector size: 512 bytes

Done!
Physical Sector Size: 512
Drive: 3, DevicePointer: 0xffffffff8a36d268, DeviceName: \Device\Harddisk3\DR6\, DriverName: \Driver\Disk\
--------- Disk Stack ------
DevicePointer: 0xffffffff8a672020, DeviceName: Unknown, DriverName: \Driver\PartMgr\
DevicePointer: 0xffffffff8a36d268, DeviceName: \Device\Harddisk3\DR6\, DriverName: \Driver\Disk\
DevicePointer: 0xffffffff8a402ea0, DeviceName: \Device\00000081\, DriverName: \Driver\USBSTOR\
------------ End ----------
Alternate DeviceName: \Device\Harddisk3\DR6\, DriverName: \Driver\Disk\
Upper DeviceData: 0x0, 0x0, 0x0
Lower DeviceData: 0x0, 0x0, 0x0
Drive 3
Scanning MBR on drive 3...
Inspecting partition table:
MBR Signature: 55AA
Disk Signature: C3072E18

Partition information:

Partition 0 type is Other (0xc)
Partition is ACTIVE.
Partition starts at LBA: 11640 Numsec = 15938952
Partition file system is FAT32
Partition is not bootable

Partition 1 type is Empty (0x0)
Partition is NOT ACTIVE.
Partition starts at LBA: 0 Numsec = 0

Partition 2 type is Empty (0x0)
Partition is NOT ACTIVE.
Partition starts at LBA: 0 Numsec = 0

Partition 3 type is Empty (0x0)
Partition is NOT ACTIVE.
Partition starts at LBA: 0 Numsec = 0

Disk Size: 8166703104 bytes
Sector size: 512 bytes

Done!
Read File: File "c:\documents and settings\all users\application data\avg2014\chjw\6a0c88e10c88a9a1.dat:9d942541-daf4-4743-a253-5c00ea693820" is sparse (flags = 32768)
Infected file C:\Documents and Settings\ADMIN\Local Settings\temp\is349140818\30031943_stp\wajam_validate.exe could not be remediated because backup file is not available
Scan finished
=======================================


Removal queue found; removal started
Removing C:\Documents and Settings\All Users\Application Data\Malwarebytes' Anti-Malware (portable)\MBR-0-i.mbam...
Removing C:\Documents and Settings\All Users\Application Data\Malwarebytes' Anti-Malware (portable)\VBR-0-0-63-i.mbam...
Removing C:\Documents and Settings\All Users\Application Data\Malwarebytes' Anti-Malware (portable)\MBR-0-r.mbam...
Removing C:\Documents and Settings\All Users\Application Data\Malwarebytes' Anti-Malware (portable)\MBR-1-i.mbam...
Removing C:\Documents and Settings\All Users\Application Data\Malwarebytes' Anti-Malware (portable)\MBR-1-r.mbam...
Removing C:\Documents and Settings\All Users\Application Data\Malwarebytes' Anti-Malware (portable)\MBR-2-i.mbam...
Removing C:\Documents and Settings\All Users\Application Data\Malwarebytes' Anti-Malware (portable)\MBR-2-r.mbam...
Removing C:\Documents and Settings\All Users\Application Data\Malwarebytes' Anti-Malware (portable)\MBR-3-i.mbam...
Removing C:\Documents and Settings\All Users\Application Data\Malwarebytes' Anti-Malware (portable)\VBR-3-0-11640-i.mbam...
Removing C:\Documents and Settings\All Users\Application Data\Malwarebytes' Anti-Malware (portable)\MBR-3-r.mbam...
Removing C:\Documents and Settings\All Users\Application Data\Malwarebytes' Anti-Malware (portable)\wajam_validate.exe-k.mbam...
Removing C:\Documents and Settings\All Users\Application Data\Malwarebytes' Anti-Malware (portable)\wajam_validate.exe-u.mbam...
Removing C:\Documents and Settings\All Users\Application Data\Malwarebytes' Anti-Malware (portable)\wajam_validate.exe-r.mbam...
Removal finished
---------------------------------------
Malwarebytes Anti-Rootkit BETA 1.07.0.1009

(c) Malwarebytes Corporation 2011-2012

OS version: 5.1.2600 Windows XP Service Pack 3 x86

Account is Administrative

Internet Explorer version: 8.0.6001.18702

File system is: NTFS
Disk drives: C:\ DRIVE_FIXED, E:\ DRIVE_FIXED, F:\ DRIVE_FIXED, Q:\ DRIVE_FIXED
CPU speed: 3.391000 GHz
Memory total: 3346460672, free: 2401800192

=======================================
Initializing...
DDA Driver installation error.
Could not install driver on boot. Scan can't continue
=======================================


---------------------------------------
Malwarebytes Anti-Rootkit BETA 1.07.0.1009

(c) Malwarebytes Corporation 2011-2012

OS version: 5.1.2600 Windows XP Service Pack 3 x86

Account is Administrative

Internet Explorer version: 8.0.6001.18702

File system is: NTFS
Disk drives: C:\ DRIVE_FIXED, E:\ DRIVE_FIXED, F:\ DRIVE_FIXED, Q:\ DRIVE_FIXED
CPU speed: 3.391000 GHz
Memory total: 3346460672, free: 2526425088

Downloaded database version: v2014.03.05.07
Initializing...
======================
------------ Kernel report ------------
03/05/2014 10:56:11
------------ Loaded modules -----------
\WINDOWS\system32\ntoskrnl.exe
\WINDOWS\system32\hal.dll
\WINDOWS\system32\KDCOM.DLL
\WINDOWS\system32\BOOTVID.dll
ACPI.sys
\WINDOWS\system32\DRIVERS\WMILIB.SYS
pci.sys
isapnp.sys
ohci1394.sys
\WINDOWS\system32\DRIVERS\1394BUS.SYS
TsFltMgr.sys
PCIIde.sys
\WINDOWS\System32\Drivers\PCIIDEX.SYS
intelide.sys
MountMgr.sys
ftdisk.sys
dmload.sys
dmio.sys
PartMgr.sys
VolSnap.sys
atapi.sys
disk.sys
\WINDOWS\system32\DRIVERS\CLASSPNP.SYS
fltmgr.sys
sr.sys
PxHelp20.sys
KSecDD.sys
Ntfs.sys
NDIS.sys
Mup.sys
avgrkx86.sys
avglogx.sys
avgmfx86.sys
avgidshx.sys
\SystemRoot\system32\DRIVERS\igxpmp32.sys
\SystemRoot\system32\DRIVERS\VIDEOPRT.SYS
\SystemRoot\system32\DRIVERS\b57xp32.sys
\SystemRoot\system32\DRIVERS\usbuhci.sys
\SystemRoot\system32\DRIVERS\USBPORT.SYS
\SystemRoot\system32\DRIVERS\usbehci.sys
\SystemRoot\system32\DRIVERS\nic1394.sys
\SystemRoot\system32\drivers\smwdm.sys
\SystemRoot\system32\drivers\portcls.sys
\SystemRoot\system32\drivers\drmk.sys
\SystemRoot\system32\drivers\ks.sys
\SystemRoot\system32\drivers\aeaudio.sys
\SystemRoot\system32\DRIVERS\mouclass.sys
\SystemRoot\system32\DRIVERS\kbdclass.sys
\SystemRoot\system32\DRIVERS\parport.sys
\SystemRoot\system32\DRIVERS\serial.sys
\SystemRoot\system32\DRIVERS\serenum.sys
\SystemRoot\system32\DRIVERS\fdc.sys
\SystemRoot\system32\DRIVERS\imapi.sys
\SystemRoot\system32\DRIVERS\cdrom.sys
\SystemRoot\system32\DRIVERS\redbook.sys
\SystemRoot\system32\DRIVERS\intelppm.sys
\SystemRoot\system32\DRIVERS\wmiacpi.sys
\SystemRoot\system32\DRIVERS\audstub.sys
\SystemRoot\system32\DRIVERS\rasl2tp.sys
\SystemRoot\system32\DRIVERS\ndistapi.sys
\SystemRoot\system32\DRIVERS\ndiswan.sys
\SystemRoot\system32\DRIVERS\raspppoe.sys
\SystemRoot\system32\DRIVERS\raspptp.sys
\SystemRoot\system32\DRIVERS\TDI.SYS
\SystemRoot\system32\DRIVERS\psched.sys
\SystemRoot\system32\DRIVERS\msgpc.sys
\SystemRoot\System32\drivers\dmboot.sys
\SystemRoot\system32\DRIVERS\ptilink.sys
\SystemRoot\system32\DRIVERS\raspti.sys
\SystemRoot\system32\DRIVERS\rdpdr.sys
\SystemRoot\system32\DRIVERS\termdd.sys
\SystemRoot\system32\DRIVERS\swenum.sys
\SystemRoot\system32\DRIVERS\update.sys
\SystemRoot\system32\DRIVERS\mssmbios.sys
\SystemRoot\System32\Drivers\NDProxy.SYS
\SystemRoot\system32\DRIVERS\usbhub.sys
\SystemRoot\system32\DRIVERS\USBD.SYS
\??\C:\Documents and Settings\All Users\Application Data\Trusteer\Rapport\store\exts\RapportCerberus\baseline\RapportCerberus32_59849.sys
\SystemRoot\System32\Drivers\Fs_Rec.SYS
\SystemRoot\System32\Drivers\Null.SYS
\SystemRoot\System32\Drivers\Beep.SYS
\??\C:\WINDOWS\system32\drivers\avgtpx86.sys
\SystemRoot\system32\DRIVERS\hidusb.sys
\SystemRoot\system32\DRIVERS\HIDCLASS.SYS
\SystemRoot\system32\DRIVERS\HIDPARSE.SYS
\SystemRoot\System32\drivers\vga.sys
\SystemRoot\System32\Drivers\mnmdd.SYS
\SystemRoot\System32\DRIVERS\RDPCDD.sys
\SystemRoot\System32\Drivers\Msfs.SYS
\SystemRoot\System32\Drivers\Npfs.SYS
\SystemRoot\system32\DRIVERS\rasacd.sys
\SystemRoot\system32\DRIVERS\ipsec.sys
\SystemRoot\system32\DRIVERS\tcpip.sys
\SystemRoot\system32\DRIVERS\avgtdix.sys
\SystemRoot\system32\DRIVERS\ipnat.sys
\SystemRoot\system32\DRIVERS\wanarp.sys
\SystemRoot\system32\DRIVERS\USBSTOR.SYS
\SystemRoot\system32\DRIVERS\netbt.sys
\SystemRoot\System32\drivers\ws2ifsl.sys
\SystemRoot\System32\drivers\afd.sys
\SystemRoot\system32\DRIVERS\netbios.sys
\SystemRoot\system32\DRIVERS\TSDefenseBt.sys
\SystemRoot\system32\DRIVERS\rdbss.sys
\SystemRoot\system32\DRIVERS\arp1394.sys
\??\C:\Program Files\Trusteer\Rapport\bin\RapportEI.sys
\SystemRoot\system32\DRIVERS\mrxsmb.sys
\SystemRoot\System32\Drivers\Fips.SYS
\SystemRoot\System32\Drivers\ElbyCDIO.sys
\SystemRoot\System32\Drivers\BANTExt.sys
\SystemRoot\system32\DRIVERS\avgldx86.sys
\SystemRoot\system32\DRIVERS\kbdhid.sys
\SystemRoot\system32\DRIVERS\mouhid.sys
\SystemRoot\system32\DRIVERS\avgidsshimx.sys
\SystemRoot\system32\DRIVERS\avgidsdriverx.sys
\SystemRoot\system32\DRIVERS\avgdiskx.sys
\SystemRoot\System32\Drivers\Fastfat.SYS
\SystemRoot\System32\Drivers\Cdfs.SYS
\SystemRoot\System32\Drivers\dump_atapi.sys
\SystemRoot\System32\Drivers\dump_WMILIB.SYS
\SystemRoot\System32\win32k.sys
\SystemRoot\System32\drivers\Dxapi.sys
\SystemRoot\System32\watchdog.sys
\SystemRoot\System32\drivers\dxg.sys
\SystemRoot\System32\drivers\dxgthk.sys
\SystemRoot\System32\igxpgd32.dll
\SystemRoot\System32\igxprd32.dll
\SystemRoot\System32\igxpdv32.DLL
\SystemRoot\System32\igxpdx32.DLL
\SystemRoot\system32\DRIVERS\Sftvolxp.sys
\SystemRoot\System32\ATMFD.DLL
\SystemRoot\system32\DRIVERS\ndisuio.sys
\SystemRoot\system32\DRIVERS\pnarp.sys
\SystemRoot\system32\DRIVERS\purendis.sys
\SystemRoot\system32\drivers\wdmaud.sys
\SystemRoot\system32\drivers\sysaudio.sys
\SystemRoot\System32\DRIVERS\OKIPAR.SYS
\SystemRoot\System32\Drivers\ParVdm.SYS
\SystemRoot\System32\Drivers\HTTP.sys
\SystemRoot\system32\DRIVERS\srv.sys
\SystemRoot\system32\DRIVERS\Sftfsxp.sys
\SystemRoot\system32\DRIVERS\Sftplayxp.sys
\SystemRoot\system32\DRIVERS\Sftredirxp.sys
\??\C:\WINDOWS\system32\drivers\mbamchameleon.sys
\??\C:\WINDOWS\system32\drivers\MBAMSwissArmy.sys
\WINDOWS\system32\ntdll.dll
----------- End -----------
Done!
<<<1>>>
Upper Device Name: \Device\Harddisk3\DR6
Upper Device Object: 0xffffffff8a6a8030
Upper Device Driver Name: \Driver\Disk\
Lower Device Name: \Device\00000081\
Lower Device Object: 0xffffffff8aa8aea0
Lower Device Driver Name: \Driver\USBSTOR\
<<<1>>>
Upper Device Name: \Device\Harddisk2\DR2
Upper Device Object: 0xffffffff8ae34ab8
Upper Device Driver Name: \Driver\Disk\
Lower Device Name: \Device\Ide\IdeDeviceP3T1L0-22\
Lower Device Object: 0xffffffff8ae36d98
Lower Device Driver Name: \Driver\atapi\
<<<1>>>
Upper Device Name: \Device\Harddisk1\DR1
Upper Device Object: 0xffffffff8ae35ab8
Upper Device Driver Name: \Driver\Disk\
Lower Device Name: \Device\Ide\IdeDeviceP3T0L0-1a\
Lower Device Object: 0xffffffff8ae83d98
Lower Device Driver Name: \Driver\atapi\
<<<1>>>
Upper Device Name: \Device\Harddisk0\DR0
Upper Device Object: 0xffffffff8ae4dab8
Upper Device Driver Name: \Driver\Disk\
Lower Device Name: \Device\Ide\IdeDeviceP2T0L0-e\
Lower Device Object: 0xffffffff8ae4ed98
Lower Device Driver Name: \Driver\atapi\
<<<2>>>
Physical Sector Size: 512
Drive: 0, DevicePointer: 0xffffffff8ae4dab8, DeviceName: \Device\Harddisk0\DR0\, DriverName: \Driver\Disk\
--------- Disk Stack ------
DevicePointer: 0xffffffff8ae3de08, DeviceName: Unknown, DriverName: \Driver\PartMgr\
DevicePointer: 0xffffffff8ae4dab8, DeviceName: \Device\Harddisk0\DR0\, DriverName: \Driver\Disk\
DevicePointer: 0xffffffff8ae373b8, DeviceName: \Device\00000072\, DriverName: \Driver\ACPI\
DevicePointer: 0xffffffff8ae4ed98, DeviceName: \Device\Ide\IdeDeviceP2T0L0-e\, DriverName: \Driver\atapi\
------------ End ----------
Alternate DeviceName: \Device\Harddisk0\DR0\, DriverName: \Driver\Disk\
Upper DeviceData: 0x0, 0x0, 0x0
Lower DeviceData: 0x0, 0x0, 0x0
<<<3>>>
Volume: C:
File system type: NTFS
SectorSize = 512, ClusterSize = 4096, MFTRecordSize = 1024, MFTIndexSize = 4096 bytes
<<<2>>>
<<<3>>>
Volume: C:
File system type: NTFS
SectorSize = 512, ClusterSize = 4096, MFTRecordSize = 1024, MFTIndexSize = 4096 bytes
Scanning drivers directory: C:\WINDOWS\SYSTEM32\drivers...
<<<2>>>
<<<3>>>
Volume: C:
File system type: NTFS
SectorSize = 512, ClusterSize = 4096, MFTRecordSize = 1024, MFTIndexSize = 4096 bytes
Done!
Drive 0
Scanning MBR on drive 0...
Inspecting partition table:
MBR Signature: 55AA
Disk Signature: B881B881

Partition information:

Partition 0 type is Primary (0x7)
Partition is ACTIVE.
Partition starts at LBA: 63 Numsec = 156296322
Partition file system is NTFS
Partition is bootable

Partition 1 type is Empty (0x0)
Partition is NOT ACTIVE.
Partition starts at LBA: 0 Numsec = 0

Partition 2 type is Empty (0x0)
Partition is NOT ACTIVE.
Partition starts at LBA: 0 Numsec = 0

Partition 3 type is Empty (0x0)
Partition is NOT ACTIVE.
Partition starts at LBA: 0 Numsec = 0

Disk Size: 80026361856 bytes
Sector size: 512 bytes

Scanning physical sectors of unpartitioned space on drive 0 (1-62-156281488-156301488)...
Done!
Physical Sector Size: 512
Drive: 1, DevicePointer: 0xffffffff8ae35ab8, DeviceName: \Device\Harddisk1\DR1\, DriverName: \Driver\Disk\
--------- Disk Stack ------
DevicePointer: 0xffffffff8ae5c8e0, DeviceName: Unknown, DriverName: \Driver\PartMgr\
DevicePointer: 0xffffffff8ae35ab8, DeviceName: \Device\Harddisk1\DR1\, DriverName: \Driver\Disk\
DevicePointer: 0xffffffff8ae91030, DeviceName: \Device\00000073\, DriverName: \Driver\ACPI\
DevicePointer: 0xffffffff8ae83d98, DeviceName: \Device\Ide\IdeDeviceP3T0L0-1a\, DriverName: \Driver\atapi\
------------ End ----------
Alternate DeviceName: \Device\Harddisk1\DR1\, DriverName: \Driver\Disk\
Upper DeviceData: 0x0, 0x0, 0x0
Lower DeviceData: 0x0, 0x0, 0x0
Drive 1
Scanning MBR on drive 1...
Inspecting partition table:
MBR Signature: 55AA
Disk Signature: 72622581

Partition information:

Partition 0 type is Dynamic (0x42)
Partition is NOT ACTIVE.
Partition starts at LBA: 63 Numsec = 3907024002

Partition 1 type is Empty (0x0)
Partition is NOT ACTIVE.
Partition starts at LBA: 0 Numsec = 0

Partition 2 type is Empty (0x0)
Partition is NOT ACTIVE.
Partition starts at LBA: 0 Numsec = 0

Partition 3 type is Empty (0x0)
Partition is NOT ACTIVE.
Partition starts at LBA: 0 Numsec = 0

Disk Size: 2000398934016 bytes
Sector size: 512 bytes

Done!
Physical Sector Size: 512
Drive: 2, DevicePointer: 0xffffffff8ae34ab8, DeviceName: \Device\Harddisk2\DR2\, DriverName: \Driver\Disk\
--------- Disk Stack ------
DevicePointer: 0xffffffff8ae79c60, DeviceName: Unknown, DriverName: \Driver\PartMgr\
DevicePointer: 0xffffffff8ae34ab8, DeviceName: \Device\Harddisk2\DR2\, DriverName: \Driver\Disk\
DevicePointer: 0xffffffff8ae65928, DeviceName: \Device\00000074\, DriverName: \Driver\ACPI\
DevicePointer: 0xffffffff8ae36d98, DeviceName: \Device\Ide\IdeDeviceP3T1L0-22\, DriverName: \Driver\atapi\
------------ End ----------
Alternate DeviceName: \Device\Harddisk2\DR2\, DriverName: \Driver\Disk\
Upper DeviceData: 0x0, 0x0, 0x0
Lower DeviceData: 0x0, 0x0, 0x0
Drive 2
Scanning MBR on drive 2...
Inspecting partition table:
MBR Signature: 55AA
Disk Signature: B8E6B8E6

Partition information:

Partition 0 type is Primary (0x7)
Partition is NOT ACTIVE.
Partition starts at LBA: 63 Numsec = 976751937

Partition 1 type is Empty (0x0)
Partition is NOT ACTIVE.
Partition starts at LBA: 0 Numsec = 0

Partition 2 type is Empty (0x0)
Partition is NOT ACTIVE.
Partition starts at LBA: 0 Numsec = 0

Partition 3 type is Empty (0x0)
Partition is NOT ACTIVE.
Partition starts at LBA: 0 Numsec = 0

Disk Size: 500107862016 bytes
Sector size: 512 bytes

Done!
Physical Sector Size: 512
Drive: 3, DevicePointer: 0xffffffff8a6a8030, DeviceName: \Device\Harddisk3\DR6\, DriverName: \Driver\Disk\
--------- Disk Stack ------
DevicePointer: 0xffffffff8a62b020, DeviceName: Unknown, DriverName: \Driver\PartMgr\
DevicePointer: 0xffffffff8a6a8030, DeviceName: \Device\Harddisk3\DR6\, DriverName: \Driver\Disk\
DevicePointer: 0xffffffff8aa8aea0, DeviceName: \Device\00000081\, DriverName: \Driver\USBSTOR\
------------ End ----------
Alternate DeviceName: \Device\Harddisk3\DR6\, DriverName: \Driver\Disk\
Upper DeviceData: 0x0, 0x0, 0x0
Lower DeviceData: 0x0, 0x0, 0x0
Drive 3
Scanning MBR on drive 3...
Inspecting partition table:
MBR Signature: 55AA
Disk Signature: C3072E18

Partition information:

Partition 0 type is Other (0xc)
Partition is ACTIVE.
Partition starts at LBA: 11640 Numsec = 15938952
Partition file system is FAT32
Partition is not bootable

Partition 1 type is Empty (0x0)
Partition is NOT ACTIVE.
Partition starts at LBA: 0 Numsec = 0

Partition 2 type is Empty (0x0)
Partition is NOT ACTIVE.
Partition starts at LBA: 0 Numsec = 0

Partition 3 type is Empty (0x0)
Partition is NOT ACTIVE.
Partition starts at LBA: 0 Numsec = 0

Disk Size: 8166703104 bytes
Sector size: 512 bytes

Done!
Read File: File "c:\documents and settings\all users\application data\avg2014\chjw\6a0c88e10c88a9a1.dat:9d942541-daf4-4743-a253-5c00ea693820" is sparse (flags = 32768)
Infected file C:\Documents and Settings\ADMIN\Local Settings\temp\is349140818\30031943_stp\wajam_validate.exe could not be remediated because backup file is not available
Read File: File "C:\WINDOWS\system32\config\systemprofile\Local Settings\Application Data\Avg2014\log\avgrs.log.1" is compressed (flags = 1)
Read File: File "C:\WINDOWS\system32\config\systemprofile\Local Settings\Application Data\Avg2014\log\avgcore.log.1" is compressed (flags = 1)
Scan finished
=======================================


Removal queue found; removal started
Removing C:\Documents and Settings\All Users\Application Data\Malwarebytes' Anti-Malware (portable)\MBR-0-i.mbam...
Removing C:\Documents and Settings\All Users\Application Data\Malwarebytes' Anti-Malware (portable)\VBR-0-0-63-i.mbam...
Removing C:\Documents and Settings\All Users\Application Data\Malwarebytes' Anti-Malware (portable)\MBR-0-r.mbam...
Removing C:\Documents and Settings\All Users\Application Data\Malwarebytes' Anti-Malware (portable)\MBR-1-i.mbam...
Removing C:\Documents and Settings\All Users\Application Data\Malwarebytes' Anti-Malware (portable)\MBR-1-r.mbam...
Removing C:\Documents and Settings\All Users\Application Data\Malwarebytes' Anti-Malware (portable)\MBR-2-i.mbam...
Removing C:\Documents and Settings\All Users\Application Data\Malwarebytes' Anti-Malware (portable)\MBR-2-r.mbam...
Removing C:\Documents and Settings\All Users\Application Data\Malwarebytes' Anti-Malware (portable)\MBR-3-i.mbam...
Removing C:\Documents and Settings\All Users\Application Data\Malwarebytes' Anti-Malware (portable)\VBR-3-0-11640-i.mbam...
Removing C:\Documents and Settings\All Users\Application Data\Malwarebytes' Anti-Malware (portable)\MBR-3-r.mbam...
Removing C:\Documents and Settings\All Users\Application Data\Malwarebytes' Anti-Malware (portable)\wajam_validate.exe-k.mbam...
Removing C:\Documents and Settings\All Users\Application Data\Malwarebytes' Anti-Malware (portable)\wajam_validate.exe-u.mbam...
Removing C:\Documents and Settings\All Users\Application Data\Malwarebytes' Anti-Malware (portable)\wajam_validate.exe-r.mbam...
Removal finished

******************=============================================
Note: These scans by Malwarebytes did not result in an Clean-up.
The screen messages for the two scans are:
No clean up required.
Scan finished. No malware found.

The two scans could not detect FastClean Pro.

The FastClean PRO icon is still on my Desktop.

*********************************************************

Please download ComboFix from Here, Here or Here to your Desktop.

**Note: In the event you already have Combofix, this is a new version that I need you to download. It is important that it is saved directly to your desktop**

• Never rename Combofix unless instructed.
• Close any open browsers.
• Very Important! Temporarily disable your anti-virus and any anti-malware real-time protection before performing a scan. They can interfere with ComboFix or remove some of its embedded files which may cause "unpredictable results".
• Click on this link to see a list of programs that should be disabled. The list is not all inclusive. If yours is not listed and you don't know how to disable it, please ask.
• Close any open browsers.
• WARNING: Combofix will disconnect your machine from the Internet as soon as it starts
• Please do not attempt to re-connect your machine back to the Internet until Combofix has completely finished.
• If there is no internet connection after running Combofix, then restart your computer to restore back your connection.
  If the connection is not there use restore point you created prior to running Combofix.
• Double click on combofix.exe & follow the prompts.

• NOTE1. If Combofix asks you to install Recovery Console, please allow it.
  NOTE 2. If Combofix asks you to update the program, always do so.

• When finished, it will produce a report for you.
• Please post the "C:\ComboFix.txt"

**Note 1: Do not mouseclick combofix's window while it's running. That may cause it to stall
**Note 2 for AVG and CA Internet Security (Total Defense Internet Security) users: ComboFix will not run until AVG/CA Internet Security is uninstalled as a protective measure against the anti-virus. This is because AVG/CA Internet Security "falsely" detects ComboFix (or its embedded files) as a threat and may remove them resulting in the tool not working correctly which in turn can cause "unpredictable results". Since AVG/CA Internet Security cannot be effectively disabled before running ComboFix, the author recommends you to uninstall AVG/CA Internet Security first.
Use AppRemover to uninstall it: http://www.appremover.com/
We can reinstall it when we're done with CF.
**Note 3: If you receive an error Illegal operation attempted on a registery key that has been marked for deletion, restart computer to fix the issue.
**Note 4: Some infections may take some significant time to be cured. As long as your computer clock is running Combofix is still working. Be patient.


Make sure, you re-enable your security programs, when you're done with Combofix.

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

NOTE.
If, for some reason, Combofix refuses to run, try the following...

Delete Combofix file, download fresh one, but rename combofix.exe to your_name.exe BEFORE saving it to your desktop.
Do NOT run it yet.
Download Rkill (courtesy of BleepingComputer.com) to your desktop.
There are 2 different versions. If one of them won't run then download and try to run the other one.
You only need to get one of these to run, not all of them. You may get warnings from your antivirus about this tool, ignore them or shutdown your antivirus.

rKill.exe: http://www.bleepingcomputer.com/download/rkill/dl/10/
iExplore.exe (renamed rKill.exe): http://www.bleepingcomputer.com/download/rkill/dl/11/

Restart computer in safe mode

• Double-click on the Rkill desktop icon to run the tool.
• If using Vista or Windows 7 right-click on it and choose Run As Administrator.
• A black DOS box will briefly flash and then disappear. This is normal and indicates the tool ran successfully.
• If not, delete the file, then download and use the one provided in Link 2.
• Do not reboot until instructed.
• If the tool does not run from any of the links provided, please let me know.

When the scan is done Notepad will open with rKill.txt log.
NOTE. rKill.txt log will also be present on your desktop.

Once you've gotten one of them to run, immediately run your_name.exe by double clicking on it.

IF you had to run rKill post BOTH logs, rKill.txt and Combofix.txt.

ComboFix Log
==========

ComboFix 14-03-04.03 - ADMIN 03/05/2014 12:35:28.2.2 - x86
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.3191.2500 [GMT -5:00]
Running from: c:\documents and settings\ADMIN\Desktop\ComboFix.exe
AV: AVG AntiVirus Free Edition 2014 *Disabled/Updated* {17DDD097-36FF-435F-9E1B-52D74245D6BF}
.
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\documents and settings\ADMIN\Local Settings\Application Data\assembly\tmp
c:\documents and settings\ADMIN\Local Settings\Application Data\assembly\tmp\12VHDOMM\__AssemblyInfo__.ini
c:\documents and settings\ADMIN\Local Settings\Application Data\assembly\tmp\12VHDOMM\CorelWord2003AddIn.DLL
c:\documents and settings\ADMIN\Local Settings\Application Data\assembly\tmp\1BVRPCC2\__AssemblyInfo__.ini
c:\documents and settings\ADMIN\Local Settings\Application Data\assembly\tmp\1BVRPCC2\TranslatedOfficeAddinStringsPre2010.DLL
c:\documents and settings\ADMIN\Local Settings\Application Data\assembly\tmp\AMMKMMCT\__AssemblyInfo__.ini
c:\documents and settings\ADMIN\Local Settings\Application Data\assembly\tmp\AMMKMMCT\TranslatedOfficeAddinStringsPre2010.DLL
c:\documents and settings\ADMIN\Local Settings\Temporary Internet Files\albrechto_iels
c:\documents and settings\ADMIN\Local Settings\Temporary Internet Files\FindRight_iels
c:\documents and settings\ADMIN\My Documents\~WRL0282.tmp
c:\documents and settings\ADMIN\My Documents\~WRL2482.tmp
c:\windows\system32\Cache
c:\windows\system32\Cache\075884af680ff6dc.fb
c:\windows\system32\Cache\227113dfa1ca894d.fb
c:\windows\system32\Cache\49fbbc5a8678d502.fb
c:\windows\system32\Cache\5c54eb1a1655b076.fb
c:\windows\system32\Cache\613e8ce7ab7106af.fb
c:\windows\system32\Cache\633a76311867bd11.fb
c:\windows\system32\Cache\691f14230153a9e1.fb
c:\windows\system32\Cache\6cb409d7ac73d9f1.fb
c:\windows\system32\Cache\7614bd6cfa99e546.fb
c:\windows\system32\Cache\77664b6ccc36be9f.fb
c:\windows\system32\Cache\80935b7b193ac6bf.fb
c:\windows\system32\Cache\881b3593316772f0.fb
c:\windows\system32\Cache\98657d0579ae1930.fb
c:\windows\system32\Cache\c4e10d1be905349b.fb
c:\windows\system32\Cache\d5c0f4e7bbe35bf3.fb
c:\windows\system32\Cache\d9ca663388d21ec0.fb
c:\windows\system32\Cache\f2cda51fd108941f.fb
c:\windows\system32\Cache\f34d8db84131d925.fb
c:\windows\system32\SET1C6.tmp
c:\windows\system32\SET1C9.tmp
c:\windows\system32\SET1D7.tmp
.
.
((((((((((((((((((((((((( Files Created from 2014-02-05 to 2014-03-05 )))))))))))))))))))))))))))))))
.
.
2014-03-05 13:14 . 2014-03-05 16:37 -------- d-----w- c:\documents and settings\All Users\Application Data\Malwarebytes' Anti-Malware (portable)
2014-03-05 13:14 . 2014-03-05 15:56 107224 ----a-w- c:\windows\system32\drivers\MBAMSwissArmy.sys
2014-03-05 13:13 . 2014-03-05 15:55 52312 ----a-w- c:\windows\system32\drivers\mbamchameleon.sys
2014-03-04 20:13 . 2014-03-04 20:16 -------- d-----w- c:\documents and settings\ADMIN\Local Settings\Application Data\fastcleanpro
2014-03-04 20:09 . 2014-03-04 20:09 -------- d-----w- c:\program files\FastClean PRO
2014-03-04 20:08 . 2014-03-04 20:09 -------- d-----w- c:\program files\Essentials Codec Pack
2014-03-04 20:04 . 2014-03-04 20:06 -------- d-----w- C:\SOFTWARE-WinMediaPlayer Codec
2014-02-25 14:57 . 2014-02-26 18:42 -------- d-----w- C:\HP Envy 700-149 Details
2014-02-22 01:15 . 2014-02-22 01:15 -------- d-----w- C:\SOFTWARE-OKI Drivers
2014-02-20 11:34 . 2014-02-20 11:34 -------- d-----w- c:\program files\Microsoft CAPICOM 2.1.0.2
2014-02-19 11:27 . 2012-06-02 20:18 275696 ----a-w- c:\windows\system32\mucltui.dll
2014-02-19 11:27 . 2012-06-02 20:18 214256 ----a-w- c:\windows\system32\muweb.dll
2014-02-19 01:12 . 2014-02-19 01:12 -------- d-----w- c:\documents and settings\All Users\Application Data\Microsoft Help
2014-02-19 01:12 . 2014-02-19 01:12 -------- d-----w- c:\documents and settings\ADMIN\Local Settings\Application Data\Microsoft Help
2014-02-18 18:43 . 2014-02-18 18:43 -------- d-----w- c:\documents and settings\All Users\Application Data\VirtualizedApplications
2014-02-18 16:28 . 2014-02-18 16:28 -------- d-----w- c:\documents and settings\ADMIN\Local Settings\Application Data\SoftGrid Client
2014-02-18 16:28 . 2014-02-19 13:33 -------- d-----w- c:\documents and settings\ADMIN\Application Data\SoftGrid Client
2014-02-18 16:27 . 2014-02-18 16:27 -------- d-----w- c:\windows\system32\config\systemprofile\Application Data\{90140011-0061-0409-0000-0000000FF1CE}
2014-02-18 16:23 . 2014-03-05 14:46 -------- d-----w- c:\windows\system32\config\systemprofile\Application Data\SoftGrid Client
2014-02-18 16:22 . 2014-03-05 14:50 -------- d-----w- c:\windows\system32\config\systemprofile\Local Settings\Application Data\SoftGrid Client
2014-02-18 16:20 . 2014-02-20 11:46 -------- d-----w- c:\program files\Microsoft Application Virtualization Client
2014-02-18 16:20 . 2014-02-18 16:20 -------- d-----w- c:\documents and settings\All Users\Microsoft
2014-02-18 16:15 . 2014-02-18 16:30 -------- d-----w- c:\documents and settings\ADMIN\Application Data\TP
2014-02-18 13:33 . 2014-02-24 22:51 -------- d-----w- C:\SOFTWARE-Microsoft Office 2010 (Paid via SoftwareKing)
2014-02-15 23:18 . 2014-02-26 14:26 -------- d-----w- C:\WIN 8 Tech Stuff
2014-02-15 15:18 . 2014-02-15 20:26 -------- d-----w- C:\SOFTWARE-ClassicShell
2014-02-15 13:48 . 2014-02-17 17:02 -------- d-----w- C:\SOFTWARE-PowerISO
2014-02-10 16:35 . 2014-02-10 16:35 107256 ----a-w- c:\windows\system32\drivers\RapportKELL.sys
2014-02-10 13:36 . 2014-02-10 13:36 -------- d-----w- c:\documents and settings\ADMIN\Application Data\BHOK
2014-02-10 12:50 . 2014-02-10 12:50 -------- d-----w- c:\program files\BHOK IT Consulting
2014-02-10 12:40 . 2014-02-10 12:40 -------- d-----w- c:\documents and settings\All Users\TaxFreeway 2013
2014-02-10 12:13 . 2014-02-10 12:13 -------- d-----w- c:\program files\Entropy Technology Ltd
2014-02-04 12:21 . 2014-02-09 14:00 -------- d-----w- c:\windows\system32\URTTemp
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2014-02-21 19:55 . 2012-04-04 21:29 692616 ----a-w- c:\windows\system32\FlashPlayerApp.exe
2014-02-21 19:55 . 2012-01-07 04:17 71048 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2014-02-05 23:26 . 2004-08-04 12:00 920064 ----a-w- c:\windows\system32\wininet.dll
2014-02-05 23:26 . 2004-08-04 12:00 43520 ------w- c:\windows\system32\licmgr10.dll
2014-02-05 23:26 . 2004-08-04 12:00 1469440 ------w- c:\windows\system32\inetcpl.cpl
2014-02-05 23:26 . 2004-08-04 12:00 18944 ----a-w- c:\windows\system32\corpol.dll
2014-02-05 22:24 . 2004-08-04 12:00 385024 ------w- c:\windows\system32\html.iec
2014-01-20 02:46 . 2013-03-01 14:32 22808 ----a-w- c:\windows\system32\drivers\avgidsshimx.sys
2014-01-07 18:11 . 2011-12-23 17:47 143360 ----a-w- c:\windows\system32\OPDMN094.DLL
2014-01-04 03:13 . 2004-08-04 12:00 420864 ----a-w- c:\windows\system32\vbscript.dll
2013-12-19 02:10 . 2014-01-22 11:08 94632 ----a-w- c:\windows\system32\WindowsAccessBridge.dll
2013-12-19 01:46 . 2014-01-22 11:11 145408 ----a-w- c:\windows\system32\javacpl.cpl
2004-10-01 19:00 . 2008-07-28 18:13 40960 ----a-w- c:\program files\Uninstall_CDS.exe
.
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_LOCAL_MACHINE\SOFTWARE\~\Browser Helper Objects\{E71596B0-A83B-453D-82C1-4BE99947C65F}]
2012-03-23 08:13 107328 ----a-w- c:\documents and settings\ADMIN\Local Settings\Application Data\Sevas-S\YouTube to MP3 Converter\BrowserExtensions\IE\YouTubeDownloaderExtension.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\AAADesktopTips]
@="{4562B511-62E9-4533-B7B2-56A8BB10B482}"
[HKEY_CLASSES_ROOT\CLSID\{4562B511-62E9-4533-B7B2-56A8BB10B482}]
2012-05-30 02:56 247760 ----a-w- c:\program files\Common Files\Thunder Network\Kankan\xappex.1.1.1.38.(333).dll
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"swg"="c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2009-05-26 39408]
"ImeGuardCom"="c:\program files\SogouInput\Components\AddressSearch\1.0.0.1178\SGImeGuard.exe" [2013-06-30 319096]
"BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}"="c:\program files\Common Files\Ahead\Lib\NMBgMonitor.exe" [2006-11-16 139264]
"fastclean"="c:\program files\FastClean PRO\fastcleanpro.exe" [2014-02-26 2540168]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [2007-01-13 131072]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2007-01-13 163840]
"Persistence"="c:\windows\system32\igfxpers.exe" [2007-01-13 135168]
"Linksys Wireless Manager"="c:\program files\Linksys\Linksys Wireless Manager\LinksysWirelessManager.exe" [2009-02-16 1358384]
"MSPY2002"="c:\windows\system32\IME\PINTLGNT\ImScInst.exe" [2004-08-04 59392]
"AVG_UI"="c:\program files\AVG\AVG2014\avgui.exe" [2014-01-22 4962320]
"vProt"="c:\program files\AVG SafeGuard toolbar\vprot.exe" [2013-04-12 1151152]
"WD Drive Manager"="c:\program files\Western Digital\WD Drive Manager\WDBtnMgrUI.exe" [2008-01-30 438272]
"PHIME2002ASync"="c:\windows\system32\IME\TINTLGNT\TINTSETP.EXE" [2004-08-04 455168]
"PHIME2002A"="c:\windows\system32\IME\TINTLGNT\TINTSETP.EXE" [2004-08-04 455168]
"Google Desktop Search"="c:\program files\Google\Google Desktop Search\GoogleDesktop.exe" [2010-05-24 30192]
"QQPCTray"="c:\program files\Tencent\QQPCMgr\7.3.8099.213\QQPCTray.exe" [2012-11-16 964128]
"nmctxth"="c:\program files\Common Files\Pure Networks Shared\Platform\nmctxth.exe" [2008-12-12 642856]
"QuickTime Task"="c:\program files\QuickTime\qttask.exe" [2012-10-25 421888]
"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2013-07-02 254336]
.
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\session manager]
BootExecute REG_MULTI_SZ autocheck autochk *\0c:\progra~1\AVG\AVG2014\avgrsx.exe /sync /restart
.
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\keyboard layouts\e0200804]
Ime File REG_SZ SOGOUPY.IME
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys]
@="Driver"
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ QQPCTray]
2012-11-16 11:19 964128 ----a-w- c:\program files\Tencent\QQPCMgr\7.3.8099.213\QQPCTray.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Reader Speed Launcher]
2008-06-12 06:38 34672 ----a-w- c:\program files\Adobe\Reader 9.0\Reader\reader_sl.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\APSDaemon]
2012-10-12 01:56 59280 ----a-w- c:\program files\Common Files\Apple\Apple Application Support\APSDaemon.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\CloneCDTray]
2009-01-29 22:20 57344 ----a-w- c:\program files\SlySoft\CloneCD\CloneCDTray.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\iTunesHelper]
2011-12-08 06:36 421736 ----a-w- c:\program files\iTunes\iTunesHelper.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\LanguageShortcut]
2006-12-06 02:55 54832 ------w- c:\program files\CyberLink\PowerDVD\Language\Language.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NeroFilterCheck]
2006-01-12 19:40 155648 ----a-w- c:\program files\Common Files\Ahead\Lib\NeroCheck.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Nitro PDF Printer Monitor]
2009-03-04 21:27 209216 ----a-w- c:\program files\Nitro PDF\Professional\NitroPDFPrinterMonitor.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Picasa Media Detector]
2007-02-21 01:18 366400 ----a-w- c:\program files\Picasa2\PicasaMediaDetector.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
2012-10-25 07:12 421888 ----a-w- c:\program files\QuickTime\QTTask.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RemoteControl]
2006-11-23 19:10 56928 ------w- c:\program files\CyberLink\PowerDVD\PDVDServ.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched]
2013-07-02 14:16 254336 ----a-w- c:\program files\Common Files\Java\Java Update\jusched.exe
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Program Files\\iTunes\\iTunes.exe"=
"c:\\WINDOWS\\system32\\dpvsetup.exe"=
"c:\\Documents and Settings\\ADMIN\\Local Settings\\Application Data\\Google\\Google Talk Plugin\\googletalkplugin.exe"=
"c:\\Program Files\\uTorrent\\uTorrent.exe"=
"c:\\Program Files\\Common Files\\Tencent\\QQDownload\\121\\Tencentdl.exe"=
"c:\\Program Files\\Tencent\\QQPCMgr\\7.3.8099.213\\QQPCTray.exe"=
"c:\\Program Files\\Tencent\\QQPCMgr\\7.3.8099.213\\QQPCRTP.exe"=
"c:\\Program Files\\SogouInput\\6.5.0.9181\\PinyinUp.exe"=
"c:\\Program Files\\SogouInput\\6.5.0.9181\\SGDownload.exe"=
"c:\\Program Files\\SogouInput\\6.5.0.9181\\ImeUtil.exe"=
"c:\\Program Files\\SogouInput\\6.5.0.9181\\SGTool.exe"=
"c:\\Program Files\\SogouInput\\Components\\SogouComMgr.exe"=
"c:\\Program Files\\Common Files\\Apple\\Apple Application Support\\WebKit2WebProcess.exe"=
"c:\\Program Files\\Skype\\Phone\\Skype.exe"=
"c:\\Program Files\\AVG\\AVG2014\\avgnsx.exe"=
"c:\\Program Files\\AVG\\AVG2014\\avgdiagex.exe"=
"c:\\Program Files\\AVG\\AVG2014\\avgmfapx.exe"=
"c:\\Program Files\\AVG\\AVG2014\\avgemcx.exe"=
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"113:TCP"= 113:TCP:IdentD
"1700:TCP"= 1700:TCP:MioNet Remote Drive Access 0
"1701:TCP"= 1701:TCP:MioNet Remote Drive Access 1
"1702:TCP"= 1702:TCP:MioNet Remote Drive Access 2
"1703:TCP"= 1703:TCP:MioNet Remote Drive Access 3
"1704:TCP"= 1704:TCP:MioNet Remote Drive Access 4
"1705:TCP"= 1705:TCP:MioNet Remote Drive Access 5
"1706:TCP"= 1706:TCP:MioNet Remote Drive Access 6
"1707:TCP"= 1707:TCP:MioNet Remote Drive Access 7
"1708:TCP"= 1708:TCP:MioNet Remote Drive Access 8
"1709:TCP"= 1709:TCP:MioNet Remote Drive Access 9
"1641:TCP"= 1641:TCP:MioNet Remote Drive Verification
"1647:TCP"= 1647:TCP:MioNet Storage Device Configuration
"5432:UDP"= 5432:UDP:MioNet Storage Device Discovery
.
R0 AVGIDSHX;AVGIDSHX;c:\windows\system32\drivers\avgidshx.sys [2/8/2013 3:37 AM 149272]
R0 Avglogx;AVG Logging Driver;c:\windows\system32\drivers\avglogx.sys [2/8/2013 3:37 AM 222520]
R0 Avgrkx86;AVG Anti-Rootkit Driver;c:\windows\system32\drivers\avgrkx86.sys [2/8/2013 3:37 AM 27448]
R0 TsFltMgr;TsFltMgr;c:\windows\system32\drivers\TsFltMgr.sys [11/16/2012 6:19 AM 73024]
R1 Avgdiskx;AVG Disk Driver;c:\windows\system32\drivers\avgdiskx.sys [8/1/2013 3:06 PM 120600]
R1 AVGIDSDriver;AVGIDSDriver;c:\windows\system32\drivers\avgidsdriverx.sys [2/26/2013 10:40 PM 210712]
R1 AVGIDSShim;AVGIDSShim;c:\windows\system32\drivers\avgidsshimx.sys [3/1/2013 9:32 AM 22808]
R1 Avgldx86;AVG AVI Loader Driver;c:\windows\system32\drivers\avgldx86.sys [2/8/2013 3:37 AM 176952]
R1 Avgtdix;AVG TDI Driver;c:\windows\system32\drivers\avgtdix.sys [2/14/2013 2:52 AM 193848]
R1 avgtp;avgtp;c:\windows\system32\drivers\avgtpx86.sys [4/11/2013 8:14 AM 33112]
R1 RapportCerberus_59849;RapportCerberus_59849;c:\documents and settings\All Users\Application Data\Trusteer\Rapport\store\exts\RapportCerberus\baseline\RapportCerberus32_59849.sys [1/2/2014 5:23 AM 340432]
R1 RapportEI;RapportEI;c:\program files\Trusteer\Rapport\bin\RapportEI.sys [2/10/2014 11:35 AM 155704]
R1 TSDefenseBt;TSDefenseBt;c:\windows\system32\drivers\TSDefenseBt.sys [11/16/2012 12:35 PM 60448]
R2 avgwd;AVG WatchDog;c:\program files\AVG\AVG2014\avgwdsvc.exe [9/24/2013 1:33 AM 348008]
R2 cvhsvc;Client Virtualization Handler;c:\program files\Common Files\Microsoft Shared\Virtualization Handler\CVHSVC.EXE [4/22/2013 10:02 AM 822504]
R2 OkiPar;OkiPar;c:\windows\system32\drivers\OkiPar.sys [12/23/2011 12:47 PM 43656]
R2 QQPCRTP;QQPCMgr RTP Service;c:\program files\Tencent\QQPCMgr\7.3.8099.213\QQPCRtp.exe -r --> c:\program files\Tencent\QQPCMgr\7.3.8099.213\QQPCRtp.exe -r [?]
R2 RapportMgmtService;Rapport Management Service;c:\program files\Trusteer\Rapport\bin\RapportMgmtService.exe [2/10/2014 11:35 AM 1444120]
R2 sftlist;Application Virtualization Client;c:\program files\Microsoft Application Virtualization Client\sftlist.exe [6/26/2013 7:23 PM 523944]
R2 WDBtnMgrSvc.exe;WD Drive Manager Service;c:\program files\Western Digital\WD Drive Manager\WDBtnMgrSvc.exe [1/30/2008 4:52 AM 106496]
R3 Sftfs;Sftfs;c:\windows\system32\drivers\Sftfsxp.sys [10/1/2011 1:30 AM 587944]
R3 Sftplay;Sftplay;c:\windows\system32\drivers\Sftplayxp.sys [10/1/2011 1:30 AM 213288]
R3 Sftredir;Sftredir;c:\windows\system32\drivers\Sftredirxp.sys [10/1/2011 1:30 AM 23208]
R3 Sftvol;Sftvol;c:\windows\system32\drivers\Sftvolxp.sys [10/1/2011 1:30 AM 19112]
R3 sftvsa;Application Virtualization Service Agent;c:\program files\Microsoft Application Virtualization Client\sftvsa.exe [6/26/2013 7:23 PM 207528]
R4 mbamchameleon;mbamchameleon;c:\windows\system32\drivers\mbamchameleon.sys [3/5/2014 8:13 AM 52312]
S2 AVGIDSAgent;AVGIDSAgent;c:\program files\AVG\AVG2014\avgidsagent.exe [1/22/2014 12:19 PM 3788816]
S2 Skype C2C Service;Skype C2C Service;c:\documents and settings\All Users\Application Data\Skype\Toolbars\Skype C2C Service\c2c_service.exe [3/19/2013 9:26 PM 3289208]
S2 SkypeUpdate;Skype Updater;c:\program files\Skype\Updater\Updater.exe [9/5/2013 9:34 AM 171680]
S3 AVG Security Toolbar Service;AVG Security Toolbar Service;c:\program files\AVG\AVG10\Toolbar\ToolbarBroker.exe [7/15/2011 4:53 AM 167264]
S3 CorelCreatorMessages;CorelCreatorMessages;"c:\windows\system32\CorelCreatorMessages.exe" --> c:\windows\system32\CorelCreatorMessages.exe [?]
S3 GoogleDesktopManager-110309-193829;Google Desktop Manager 5.9.911.3589;c:\program files\Google\Google Desktop Search\GoogleDesktop.exe [2/3/2009 9:56 PM 30192]
S3 HP8207_8307;HP-HP8207_8307;c:\windows\system32\DRIVERS\HP8207_8307.sys --> c:\windows\system32\DRIVERS\HP8207_8307.sys [?]
S3 RapportKELL;RapportKELL;c:\windows\system32\drivers\RapportKELL.sys [2/10/2014 11:35 AM 107256]
S3 RapportPG;RapportPG;c:\program files\Trusteer\Rapport\bin\RapportPG.sys [2/10/2014 11:35 AM 228888]
S3 TcHardWare;TcHardWare;\??\c:\program files\Tencent\QQPCMgr\7.3.8099.213\QQPCHW.sys --> c:\program files\Tencent\QQPCMgr\7.3.8099.213\QQPCHW.sys [?]
S3 WDC_SAM;WD SCSI Pass Thru driver;c:\windows\system32\drivers\wdcsam.sys [5/6/2008 4:06 PM 11520]
S3 WUSB54GCv3;Compact Wireless-G USB Network Adapter;c:\windows\system32\drivers\WUSB54GCv3.sys [1/19/2011 1:02 PM 627072]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
XLServicePlatform REG_MULTI_SZ XLServicePlatform
.
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{8A69D345-D564-463c-AFF1-A69D9E530F96}]
2014-03-04 11:54 1150280 ----a-w- c:\program files\Google\Chrome\Application\33.0.1750.146\Installer\chrmstp.exe
.
Contents of the 'Scheduled Tasks' folder
.
2014-03-05 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2012-04-04 19:55]
.
2014-03-05 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2013-01-31 21:14]
.
2014-03-05 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2013-01-31 21:14]
.
2014-03-01 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1202660629-1935655697-839522115-1003Core.job
- c:\documents and settings\ADMIN\Local Settings\Application Data\Google\Update\GoogleUpdate.exe [2011-07-15 10:28]
.
2014-03-05 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1202660629-1935655697-839522115-1003UA.job
- c:\documents and settings\ADMIN\Local Settings\Application Data\Google\Update\GoogleUpdate.exe [2011-07-15 10:28]
.
2014-03-05 c:\windows\Tasks\SogouImeMgr.job
- c:\progra~1\SOGOUI~1\SogouExe\SogouExe.exe [2013-03-11 07:27]
.
2014-03-05 c:\windows\Tasks\Windows Codec Update Service.job
- c:\program files\Essentials Codec Pack\WECPUpdate.exe [2012-02-03 09:14]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.google.ca/
mStart Page = hxxp://www.google.com
uInternet Connection Wizard,ShellNext = iexplore
uSearchAssistant = hxxp://www.google.com/ie
uSearchURL,(Default) = hxxp://www.google.com/search?q=%s
IE: Append Link Target to Existing PDF - c:\program files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
IE: Append to Existing PDF - c:\program files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIEAppend.html
IE: Convert Link Target to Adobe PDF - c:\program files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
IE: Convert to Adobe PDF - c:\program files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIECapture.html
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
TCP: DhcpNameServer = 192.168.0.1
DPF: {C6B95BE9-4373-4BF8-9D18-9FCEAE5563F0} - hxxps://col0-sec.mail.live.com/mail/MailMigrationCabFileHolder.aspx?n=64163164
FF - ProfilePath - c:\documents and settings\ADMIN\Application Data\Mozilla\Firefox\Profiles\1scr8ssh.default\
FF - prefs.js: browser.startup.homepage - hxxp://start.mysearchdial.com/?f=1&a=irmsd0202ie&cd=2XzuyEtN2Y1L1QzutDtDtCtCzzyD0D0E0AzzyCtA0Azy0AtCtN0D0Tzu0SyBzyyEtN1L2XzutBtFtCyBtFtDtFtCtN1L1CzutDzytDtCtG1TtN1L1G1B1V1N2Y1L1Qzu2SyEyByCzyzy0DtByDtG0EyCzz0EtG0E0B0CtDtGyCyDyCtAtGtD0Bzy0B0ByCtCtA0AzytCzy2QtN1M1F1B2Z1V1N2Y
1L1Qzu2SyCtDzytDtBzy0FyCtGzztDyDyBtGtByCtAtAtG0DtA0D0DtGtDtA0FyEyDtDyDyEyC0F0BtB2Q&cr=885997282&ir=
FF - prefs.js: browser.search.selectedEngine - Yahoo!
FF - prefs.js: keyword.URL - hxxp://search.yahoo.com/search?fr=greentree_ff1&ei=utf-8&ilc=12&type=937811&p=
FF - user.js: extensions.mysearchdial.hmpg - true
FF - user.js: extensions.mysearchdial.hmpgUrl - hxxp://start.mysearchdial.com/?f=1&a=irmsd0202ie&cd=2XzuyEtN2Y1L1QzutDtDtCtCzzyD0D0E0AzzyCtA0Azy0AtCtN0D0Tzu0SyBzyyEtN1L2XzutBtFtCyBtFtDtFtCtN1L1CzutDzytDtCtG1TtN1L1G1B1V1N2Y1L1Qzu2SyEyByCzyzy0DtByDtG0EyCzz0EtG0E0B0CtDtGyCyDyCtAtGtD0Bzy0B0ByCtCtA0AzytCzy2QtN1M1F1B2Z1V
1N2Y1L1Qzu2SyCtDzytDtBzy0FyCtGzztDyDyBtGtByCtAtAtG0DtA0D0DtGtDtA0FyEyDtDyDyEyC0F0BtB2Q&cr=885997282&ir=
FF - user.js: extensions.mysearchdial.dfltSrch - true
FF - user.js: extensions.mysearchdial.srchPrvdr - Mysearchdial
FF - user.js: extensions.mysearchdial.dnsErr - true
FF - user.js: extensions.mysearchdial_i.newTab - false
FF - user.js: extensions.mysearchdial.newTabUrl - hxxp://start.mysearchdial.com/?f=2&a=irmsd0202ie&cd=2XzuyEtN2Y1L1QzutDtDtCtCzzyD0D0E0AzzyCtA0Azy0AtCtN0D0Tzu0SyBzyyEtN1L2XzutBtFtCyBtFtDtFtCtN1L1CzutDzytDtCtG1TtN1L1G1B1V1N2Y1L1Qzu2SyEyByCzyzy0DtByDtG0EyCzz0EtG0E0B0CtDtGyCyDyCtAtGtD0Bzy0B0ByCtCtA0AzytCzy2QtN1M1F1B2Z1V1N2
Y1L1Qzu2SyCtDzytDtBzy0FyCtGzztDyDyBtGtByCtAtAtG0DtA0D0DtGtDtA0FyEyDtDyDyEyC0F0BtB2Q&cr=885997282&ir=
FF - user.js: extensions.mysearchdial.tlbrSrchUrl - hxxp://start.mysearchdial.com/?f=3&a=irmsd0202ie&cd=2XzuyEtN2Y1L1QzutDtDtCtCzzyD0D0E0AzzyCtA0Azy0AtCtN0D0Tzu0SyBzyyEtN1L2XzutBtFtCyBtFtDtFtCtN1L1CzutDzytDtCtG1TtN1L1G1B1V1N2Y1L1Qzu2SyEyByCzyzy0DtByDtG0EyCzz0EtG0E0B0CtDtGyCyDyCtAtGtD0Bzy0B0ByCtCtA0AzytCzy2QtN1M1F1B2Z1V1N2Y
1L1Qzu2SyCtDzytDtBzy0FyCtGzztDyDyBtGtByCtAtAtG0DtA0D0DtGtDtA0FyEyDtDyDyEyC0F0BtB2Q&cr=885997282&ir=&q=
FF - user.js: extensions.mysearchdial.id - 001185DEA863A9A1
FF - user.js: extensions.mysearchdial.instlDay - 16133
FF - user.js: extensions.mysearchdial.vrsn - 1.8.29.0
FF - user.js: extensions.mysearchdial.vrsni - 1.8.29.0
FF - user.js: extensions.mysearchdial_i.vrsnTs - 1.8.29.015:8:37
FF - user.js: extensions.mysearchdial.prtnrId - mysearchdial
FF - user.js: extensions.mysearchdial.prdct - mysearchdial
FF - user.js: extensions.mysearchdial.aflt - irmsd0202ie
FF - user.js: extensions.mysearchdial_i.smplGrp - none
FF - user.js: extensions.mysearchdial.tlbrId - base
FF - user.js: extensions.mysearchdial.instlRef - 0901-a
FF - user.js: extensions.mysearchdial.dfltLng -
FF - user.js: extensions.mysearchdial.appId - {CA5CAA63-B27C-4963-9BEC-CB16A36D56F8}
FF - user.js: extensions.mysearchdial.excTlbr - false
FF - user.js: extensions.mysearchdial_i.hmpg - true
FF - user.js: extensions.mysearchdial.cr - 885997282
FF - user.js: extensions.mysearchdial.cd - 2XzuyEtN2Y1L1QzutDtDtCtCzzyD0D0E0AzzyCtA0Azy0AtCtN0D0Tzu0SyBzyyEtN1L2XzutBtFtCyBtFtDtFtCtN1L1CzutDzytDtCtG1TtN1L1G1B1V1N2Y1L1Qzu2SyEyByCzyzy0DtByDtG0EyCzz0EtG0E0B0CtDtGyCyDyCtAtGtD0Bzy0B0ByCtCtA0AzytCzy2QtN1M1F1B2Z1V1N2Y1
L1Qzu2SyCtDzytDtBzy0FyCtGzztDyDyBtGtByCtAtAtG0DtA0D0DtGtDtA0FyEyDtDyDyEyC0F0BtB2Q
FF - user.js: extensions.mysearchdial.AL - 2
user_pref(extensions.autoDisableScopes,14);
FF - user.js: extensions.irmysearch.aflt - irmsd0202ie
FF - user.js: extensions.irmysearch.instlRef - 0901-a
FF - user.js: extensions.irmysearch.cr - 885997282
FF - user.js: extensions.irmysearch.cd - 2XzuyEtN2Y1L1QzutDtDtCtCzzyD0D0E0AzzyCtA0Azy0AtCtN0D0Tzu0SyBzyyEtN1L2XzutBtFtCyBtFtDtFtCtN1L1CzutDzytDtCtG1TtN1L1G1B1V1N2Y1L1Qzu2SyEyByCzyzy0DtByDtG0EyCzz0EtG0E0B0CtDtGyCyDyCtAtGtD0Bzy0B0ByCtCtA0AzytCzy2QtN1M1F1B2Z1V1N2Y1
L1Qzu2SyCtDzytDtBzy0FyCtGzztDyDyBtGtByCtAtAtG0DtA0D0DtGtDtA0FyEyDtDyDyEyC0F0BtB2Q
.
- - - - ORPHANS REMOVED - - - -
.
HKCU-Run-GoogleDriveSync - c:\program files\Google\Drive\googledrivesync.exe
AddRemove-BaiduBrowser - c:\program files\baidu\BaiduBrowser\uninst.exe
AddRemove-QQMusic - c:\program files\Tencent\QQMusic\QQMusicUninst.exe
AddRemove-{501451DE-5808-4599-B544-8BD0915B6B24}_is1 - c:\program files\FreeRIP3\unins000.exe
AddRemove-?????? - c:\program files\????\XLGameBox\Uninstaller.exe
.
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2014-03-05 12:58
Windows 5.1.2600 Service Pack 3 NTFS
.
scanning hidden processes ...
.
scanning hidden autostart entries ...
.
scanning hidden files ...
.
scan completed successfully
hidden files: 0
.
**************************************************************************
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
" QQPCTray"="\"c:\\Program Files\\Tencent\\QQPCMgr\\7.3.8099.213\\QQPCTray.exe\" /regrun"
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_USERS\S-1-5-21-1202660629-1935655697-839522115-1003\Software\Microsoft\Windows\CurrentVersion\Explorer\MenuOrder\Start Menu2\Programs\~¯‹oöN\Q*Q*ó—PN]
"Order"=hex:08,00,00,00,02,00,00,00,f6,00,00,00,01,00,00,00,02,00,00,00,72,00,
00,00,00,00,00,00,64,00,00,00,41,75,67,4d,02,00,00,00,01,00,00,00,52,00,32,\
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\WINDOWS\\system32\\Macromed\\Flash\\FlashUtil32_12_0_0_70_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32]
@="c:\\WINDOWS\\system32\\Macromed\\Flash\\FlashUtil32_12_0_0_70_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="IFlashBroker5"
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
Completion time: 2014-03-05 13:03:32
ComboFix-quarantined-files.txt 2014-03-05 18:03
.
Pre-Run: 18,078,629,888 bytes free
Post-Run: 25,964,969,984 bytes free
.
- - End Of File - - 100E87AD84173193168EDACC67C7B0E6
8F558EB6672622401DA993E1E865C861


======*********=======

rKill Log
======

Rkill 2.6.5 by Lawrence Abrams (Grinler)
http://www.bleepingcomputer.com/
Copyright 2008-2014 BleepingComputer.com
More Information about Rkill can be found at this link:
http://www.bleepingcomputer.com/forums/topic308364.html

Program started at: 03/05/2014 01:24:55 PM in x86 mode. (Safe Mode)
Windows Version: Microsoft Windows XP Service Pack 3

Checking for Windows services to stop:

* No malware services found to stop.

Checking for processes to terminate:

* No malware processes found to kill.

Checking Registry for malware related settings:

* No issues found in the Registry.

Resetting .EXE, .COM, & .BAT associations in the Windows Registry.

Performing miscellaneous checks:

* Reparse Point/Junctions Found (Most likely legitimate)!

* C:\WINDOWS\Microsoft.NET\assembly\GAC_32\System.EnterpriseServices\v4.0_4.0.0.0__b03f5f7f11d50a3a => C:\WINDOWS\WinSxS\x86_System.EnterpriseServices_b03f5f7f11d50a3a_4.0.0.0_x-ww_29b51492 [Dir]
* C:\WINDOWS\Microsoft.NET\assembly\GAC_MSIL\Microsoft.Workflow.Compiler\v4.0_4.0.0.0__31bf3856ad364e35 => C:\WINDOWS\WinSxS\MSIL_Microsoft.Workflow.Compiler_31bf3856ad364e35_4.0.0.0_x-ww_97359ba5 [Dir]

Checking Windows Service Integrity:

* AFD (AFD) is not Running.
Startup Type set to: System

* DHCP Client (Dhcp) is not Running.
Startup Type set to: Automatic

* DNS Client (Dnscache) is not Running.
Startup Type set to: Automatic

* COM+ Event System (EventSystem) is not Running.
Startup Type set to: Automatic

* Network Connections (Netman) is not Running.
Startup Type set to: Manual

* Security Center (wscsvc) is not Running.
Startup Type set to: Automatic

* Automatic Updates (wuauserv) is not Running.
Startup Type set to: Automatic

* AFD (AFD) is not Running.
Startup Type set to: System

* IPSEC driver (IPSec) is not Running.
Startup Type set to: System

* NetBios over Tcpip (NetBT) is not Running.
Startup Type set to: System

* TCP/IP Protocol Driver (Tcpip) is not Running.
Startup Type set to: System

Searching for Missing Digital Signatures:

* No issues found.

Checking HOSTS File:

* HOSTS file entries found:

127.0.0.1 localhost

Program finished at: 03/05/2014 01:26:36 PM
Execution time: 0 hours(s), 1 minute(s), and 41 seconds(s)

==================

************************************************
NOTE: I can still see the FastClean PRO icon on my Desktop,
and using the Windows Task Manager, I can see
FastClean Pro running, and taking 50% of my CPU cycles.
I had to Terminate it in order to send this message out
to you successfully.
**************************************************

1. Please open Notepad (Start>All Programs>Accessories>Notepad).

2. Now copy/paste the entire content of the codebox below into the Notepad window:

Code:

---

File::

Folder::
c:\documents and settings\ADMIN\Local Settings\Application Data\fastcleanpro
c:\program files\FastClean PRO

Firefox::
FF - ProfilePath - c:\documents and settings\ADMIN\Application Data\Mozilla\Firefox\Profiles\1scr8ssh.default\
FF - prefs.js: browser.startup.homepage - hxxp://start.mysearchdial.com/?f=1&a=irmsd0202ie&cd=2XzuyEtN2Y1L1QzutDtDtCtCzzyD0D0E0AzzyCtA0Azy0AtCtN0D0Tzu0SyBzyyEtN1L2XzutBtFtCyBtFtDtFtCtN1L1CzutDzytDtCtG1TtN1L1G1B1V1N2Y1L1Qzu2SyEyByCzyzy0DtByDtG0EyCzz0EtG0E0B0CtDtGyCyDyCtAtGtD0Bzy0B0ByCtCtA0AzytCzy2QtN1M1F1B2Z1V1N2Y
1L1Qzu2SyCtDzytDtBzy0FyCtGzztDyDyBtGtByCtAtAtG0DtA0D0DtGtDtA0FyEyDtDyDyEyC0F0BtB2Q&cr=885997282&ir=
FF - user.js: extensions.mysearchdial.hmpg - true
FF - user.js: extensions.mysearchdial.hmpgUrl - hxxp://start.mysearchdial.com/?f=1&a=irmsd0202ie&cd=2XzuyEtN2Y1L1QzutDtDtCtCzzyD0D0E0AzzyCtA0Azy0AtCtN0D0Tzu0SyBzyyEtN1L2XzutBtFtCyBtFtDtFtCtN1L1CzutDzytDtCtG1TtN1L1G1B1V1N2Y1L1Qzu2SyEyByCzyzy0DtByDtG0EyCzz0EtG0E0B0CtDtGyCyDyCtAtGtD0Bzy0B0ByCtCtA0AzytCzy2QtN1M1F1B2Z1V1N
2Y1L1Qzu2SyCtDzytDtBzy0FyCtGzztDyDyBtGtByCtAtAtG0DtA0D0DtGtDtA0FyEyDtDyDyEyC0F0BtB2Q&cr=885997282&ir=
FF - user.js: extensions.mysearchdial.dfltSrch - true
FF - user.js: extensions.mysearchdial.srchPrvdr - Mysearchdial
FF - user.js: extensions.mysearchdial.dnsErr - true
FF - user.js: extensions.mysearchdial_i.newTab - false
FF - user.js: extensions.mysearchdial.newTabUrl - hxxp://start.mysearchdial.com/?f=2&a=irmsd0202ie&cd=2XzuyEtN2Y1L1QzutDtDtCtCzzyD0D0E0AzzyCtA0Azy0AtCtN0D0Tzu0SyBzyyEtN1L2XzutBtFtCyBtFtDtFtCtN1L1CzutDzytDtCtG1TtN1L1G1B1V1N2Y1L1Qzu2SyEyByCzyzy0DtByDtG0EyCzz0EtG0E0B0CtDtGyCyDyCtAtGtD0Bzy0B0ByCtCtA0AzytCzy2QtN1M1F1B2Z1V1N2Y
1L1Qzu2SyCtDzytDtBzy0FyCtGzztDyDyBtGtByCtAtAtG0DtA0D0DtGtDtA0FyEyDtDyDyEyC0F0BtB2Q&cr=885997282&ir=
FF - user.js: extensions.mysearchdial.tlbrSrchUrl - hxxp://start.mysearchdial.com/?f=3&a=irmsd0202ie&cd=2XzuyEtN2Y1L1QzutDtDtCtCzzyD0D0E0AzzyCtA0Azy0AtCtN0D0Tzu0SyBzyyEtN1L2XzutBtFtCyBtFtDtFtCtN1L1CzutDzytDtCtG1TtN1L1G1B1V1N2Y1L1Qzu2SyEyByCzyzy0DtByDtG0EyCzz0EtG0E0B0CtDtGyCyDyCtAtGtD0Bzy0B0ByCtCtA0AzytCzy2QtN1M1F1B2Z1V1N2Y
1L1Qzu2SyCtDzytDtBzy0FyCtGzztDyDyBtGtByCtAtAtG0DtA0D0DtGtDtA0FyEyDtDyDyEyC0F0BtB2Q&cr=885997282&ir=&q=
FF - user.js: extensions.mysearchdial.id - 001185DEA863A9A1
FF - user.js: extensions.mysearchdial.instlDay - 16133
FF - user.js: extensions.mysearchdial.vrsn - 1.8.29.0
FF - user.js: extensions.mysearchdial.vrsni - 1.8.29.0
FF - user.js: extensions.mysearchdial_i.vrsnTs - 1.8.29.015:8:37
FF - user.js: extensions.mysearchdial.prtnrId - mysearchdial
FF - user.js: extensions.mysearchdial.prdct - mysearchdial
FF - user.js: extensions.mysearchdial.aflt - irmsd0202ie
FF - user.js: extensions.mysearchdial_i.smplGrp - none
FF - user.js: extensions.mysearchdial.tlbrId - base
FF - user.js: extensions.mysearchdial.instlRef - 0901-a
FF - user.js: extensions.mysearchdial.dfltLng -
FF - user.js: extensions.mysearchdial.appId - {CA5CAA63-B27C-4963-9BEC-CB16A36D56F8}
FF - user.js: extensions.mysearchdial.excTlbr - false
FF - user.js: extensions.mysearchdial_i.hmpg - true
FF - user.js: extensions.mysearchdial.cr - 885997282
FF - user.js: extensions.mysearchdial.cd - 2XzuyEtN2Y1L1QzutDtDtCtCzzyD0D0E0AzzyCtA0Azy0AtCtN0D0Tzu0SyBzyyEtN1L2XzutBtFtCyBtFtDtFtCtN1L1CzutDzytDtCtG1TtN1L1G1B1V1N2Y1L1Qzu2SyEyByCzyzy0DtByDtG0EyCzz0EtG0E0B0CtDtGyCyDyCtAtGtD0Bzy0B0ByCtCtA0AzytCzy2QtN1M1F1B2Z1V1N2Y1
L1Qzu2SyCtDzytDtBzy0FyCtGzztDyDyBtGtByCtAtAtG0DtA0D0DtGtDtA0FyEyDtDyDyEyC0F0BtB2Q
FF - user.js: extensions.mysearchdial.AL - 2
user_pref(extensions.autoDisableScopes,14);
FF - user.js: extensions.irmysearch.aflt - irmsd0202ie
FF - user.js: extensions.irmysearch.instlRef - 0901-a
FF - user.js: extensions.irmysearch.cr - 885997282
FF - user.js: extensions.irmysearch.cd - 2XzuyEtN2Y1L1QzutDtDtCtCzzyD0D0E0AzzyCtA0Azy0AtCtN0D0Tzu0SyBzyyEtN1L2XzutBtFtCyBtFtDtFtCtN1L1CzutDzytDtCtG1TtN1L1G1B1V1N2Y1L1Qzu2SyEyByCzyzy0DtByDtG0EyCzz0EtG0E0B0CtDtGyCyDyCtAtGtD0Bzy0B0ByCtCtA0AzytCzy2QtN1M1F1B2Z1V1N2Y1L
1Qzu2SyCtDzytDtBzy0FyCtGzztDyDyBtGtByCtAtAtG0DtA0D0DtGtDtA0FyEyDtDyDyEyC0F0BtB2Q


Registry::
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"fastclean"=-

ClearJavaCache::

---

3. Save the above as CFScript.txt

4. Close/disable all anti virus and anti malware programs again, so they do not interfere with the running of ComboFix.

5. Then drag the CFScript.txt into ComboFix.exe as depicted in the animation below. This will start ComboFix again.

https://discussions.virtualdr.com/im.../2016/03/2.gif


6. After reboot, (in case it asks to reboot), please post the following reports/logs into your next reply:

• Combofix.txt

ComboFix log - after applying CFScript to run
=================================

ComboFix 14-03-05.01 - ADMIN 03/05/2014 15:03:35.4.2 - x86
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.3191.2544 [GMT -5:00]
Running from: c:\documents and settings\ADMIN\Desktop\ComboFix.exe
Command switches used :: c:\documents and settings\ADMIN\Desktop\CFScript.txt
AV: AVG AntiVirus Free Edition 2014 *Disabled/Updated* {17DDD097-36FF-435F-9E1B-52D74245D6BF}
.
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\documents and settings\ADMIN\Local Settings\Application Data\fastcleanpro
c:\documents and settings\ADMIN\Local Settings\Application Data\fastcleanpro\fastcleanpro.exe_Url_am2x10njtexj5pjdfqjnmisr2yg2prbx\1.0.0.0\user.config
c:\documents and settings\ADMIN\Local Settings\Application Data\fastcleanpro\Logs\Log_03 04 2014 03 16.txt
c:\documents and settings\ADMIN\Local Settings\Application Data\fastcleanpro\Logs\Log_03 04 2014 03 44.txt
c:\documents and settings\ADMIN\Local Settings\Application Data\fastcleanpro\Logs\Log_03 04 2014 08 51.txt
c:\documents and settings\ADMIN\Local Settings\Application Data\fastcleanpro\Logs\Log_03 05 2014 01 33.txt
c:\documents and settings\ADMIN\Local Settings\Application Data\fastcleanpro\Logs\Log_03 05 2014 02 55.txt
c:\documents and settings\ADMIN\Local Settings\Application Data\fastcleanpro\Logs\Log_03 05 2014 09 57.txt
c:\program files\FastClean PRO
c:\program files\FastClean PRO\fastcleanpro.exe
c:\program files\FastClean PRO\fastcleanpro.exe.config
c:\program files\FastClean PRO\fastcleanpro.InstallState
c:\program files\FastClean PRO\favicon.ico
c:\program files\FastClean PRO\GalaSoft.MvvmLight.dll
c:\program files\FastClean PRO\GalaSoft.MvvmLight.Extras.dll
c:\program files\FastClean PRO\Microsoft.Practices.ServiceLocation.dll
c:\program files\FastClean PRO\Microsoft.Practices.ServiceLocation.xml
c:\program files\FastClean PRO\System.Windows.Interactivity.dll
.
.
((((((((((((((((((((((((( Files Created from 2014-02-05 to 2014-03-05 )))))))))))))))))))))))))))))))
.
.
2014-03-05 13:14 . 2014-03-05 16:37 -------- d-----w- c:\documents and settings\All Users\Application Data\Malwarebytes' Anti-Malware (portable)
2014-03-05 13:14 . 2014-03-05 15:56 107224 ----a-w- c:\windows\system32\drivers\MBAMSwissArmy.sys
2014-03-05 13:13 . 2014-03-05 15:55 52312 ----a-w- c:\windows\system32\drivers\mbamchameleon.sys
2014-03-04 20:08 . 2014-03-04 20:09 -------- d-----w- c:\program files\Essentials Codec Pack
2014-03-04 20:04 . 2014-03-04 20:06 -------- d-----w- C:\SOFTWARE-WinMediaPlayer Codec
2014-02-25 14:57 . 2014-02-26 18:42 -------- d-----w- C:\HP Envy 700-149 Details
2014-02-22 01:15 . 2014-02-22 01:15 -------- d-----w- C:\SOFTWARE-OKI Drivers
2014-02-20 11:34 . 2014-02-20 11:34 -------- d-----w- c:\program files\Microsoft CAPICOM 2.1.0.2
2014-02-19 11:27 . 2012-06-02 20:18 275696 ----a-w- c:\windows\system32\mucltui.dll
2014-02-19 11:27 . 2012-06-02 20:18 214256 ----a-w- c:\windows\system32\muweb.dll
2014-02-19 01:12 . 2014-02-19 01:12 -------- d-----w- c:\documents and settings\All Users\Application Data\Microsoft Help
2014-02-19 01:12 . 2014-02-19 01:12 -------- d-----w- c:\documents and settings\ADMIN\Local Settings\Application Data\Microsoft Help
2014-02-18 18:43 . 2014-02-18 18:43 -------- d-----w- c:\documents and settings\All Users\Application Data\VirtualizedApplications
2014-02-18 16:28 . 2014-02-18 16:28 -------- d-----w- c:\documents and settings\ADMIN\Local Settings\Application Data\SoftGrid Client
2014-02-18 16:28 . 2014-02-19 13:33 -------- d-----w- c:\documents and settings\ADMIN\Application Data\SoftGrid Client
2014-02-18 16:27 . 2014-02-18 16:27 -------- d-----w- c:\windows\system32\config\systemprofile\Application Data\{90140011-0061-0409-0000-0000000FF1CE}
2014-02-18 16:23 . 2014-03-05 19:49 -------- d-----w- c:\windows\system32\config\systemprofile\Application Data\SoftGrid Client
2014-02-18 16:22 . 2014-03-05 19:52 -------- d-----w- c:\windows\system32\config\systemprofile\Local Settings\Application Data\SoftGrid Client
2014-02-18 16:20 . 2014-02-20 11:46 -------- d-----w- c:\program files\Microsoft Application Virtualization Client
2014-02-18 16:20 . 2014-02-18 16:20 -------- d-----w- c:\documents and settings\All Users\Microsoft
2014-02-18 16:15 . 2014-02-18 16:30 -------- d-----w- c:\documents and settings\ADMIN\Application Data\TP
2014-02-18 13:33 . 2014-02-24 22:51 -------- d-----w- C:\SOFTWARE-Microsoft Office 2010 (Paid via SoftwareKing)
2014-02-15 23:18 . 2014-02-26 14:26 -------- d-----w- C:\WIN 8 Tech Stuff
2014-02-15 15:18 . 2014-02-15 20:26 -------- d-----w- C:\SOFTWARE-ClassicShell
2014-02-15 13:48 . 2014-02-17 17:02 -------- d-----w- C:\SOFTWARE-PowerISO
2014-02-10 16:35 . 2014-02-10 16:35 107256 ----a-w- c:\windows\system32\drivers\RapportKELL.sys
2014-02-10 13:36 . 2014-02-10 13:36 -------- d-----w- c:\documents and settings\ADMIN\Application Data\BHOK
2014-02-10 12:50 . 2014-02-10 12:50 -------- d-----w- c:\program files\BHOK IT Consulting
2014-02-10 12:40 . 2014-02-10 12:40 -------- d-----w- c:\documents and settings\All Users\TaxFreeway 2013
2014-02-10 12:13 . 2014-02-10 12:13 -------- d-----w- c:\program files\Entropy Technology Ltd
2014-02-04 12:21 . 2014-02-09 14:00 -------- d-----w- c:\windows\system32\URTTemp
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2014-02-21 19:55 . 2012-04-04 21:29 692616 ----a-w- c:\windows\system32\FlashPlayerApp.exe
2014-02-21 19:55 . 2012-01-07 04:17 71048 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2014-02-05 23:26 . 2004-08-04 12:00 920064 ----a-w- c:\windows\system32\wininet.dll
2014-02-05 23:26 . 2004-08-04 12:00 43520 ------w- c:\windows\system32\licmgr10.dll
2014-02-05 23:26 . 2004-08-04 12:00 1469440 ------w- c:\windows\system32\inetcpl.cpl
2014-02-05 23:26 . 2004-08-04 12:00 18944 ----a-w- c:\windows\system32\corpol.dll
2014-02-05 22:24 . 2004-08-04 12:00 385024 ------w- c:\windows\system32\html.iec
2014-01-20 02:46 . 2013-03-01 14:32 22808 ----a-w- c:\windows\system32\drivers\avgidsshimx.sys
2014-01-07 18:11 . 2011-12-23 17:47 143360 ----a-w- c:\windows\system32\OPDMN094.DLL
2014-01-04 03:13 . 2004-08-04 12:00 420864 ----a-w- c:\windows\system32\vbscript.dll
2013-12-19 02:10 . 2014-01-22 11:08 94632 ----a-w- c:\windows\system32\WindowsAccessBridge.dll
2013-12-19 01:46 . 2014-01-22 11:11 145408 ----a-w- c:\windows\system32\javacpl.cpl
2004-10-01 19:00 . 2008-07-28 18:13 40960 ----a-w- c:\program files\Uninstall_CDS.exe
.
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_LOCAL_MACHINE\SOFTWARE\~\Browser Helper Objects\{E71596B0-A83B-453D-82C1-4BE99947C65F}]
2012-03-23 08:13 107328 ----a-w- c:\documents and settings\ADMIN\Local Settings\Application Data\Sevas-S\YouTube to MP3 Converter\BrowserExtensions\IE\YouTubeDownloaderExtension.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\AAADesktopTips]
@="{4562B511-62E9-4533-B7B2-56A8BB10B482}"
[HKEY_CLASSES_ROOT\CLSID\{4562B511-62E9-4533-B7B2-56A8BB10B482}]
2012-05-30 02:56 247760 ----a-w- c:\program files\Common Files\Thunder Network\Kankan\xappex.1.1.1.38.(333).dll
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"swg"="c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2009-05-26 39408]
"ImeGuardCom"="c:\program files\SogouInput\Components\AddressSearch\1.0.0.1178\SGImeGuard.exe" [2013-06-30 319096]
"BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}"="c:\program files\Common Files\Ahead\Lib\NMBgMonitor.exe" [2006-11-16 139264]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [2007-01-13 131072]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2007-01-13 163840]
"Persistence"="c:\windows\system32\igfxpers.exe" [2007-01-13 135168]
"Linksys Wireless Manager"="c:\program files\Linksys\Linksys Wireless Manager\LinksysWirelessManager.exe" [2009-02-16 1358384]
"MSPY2002"="c:\windows\system32\IME\PINTLGNT\ImScInst.exe" [2004-08-04 59392]
"AVG_UI"="c:\program files\AVG\AVG2014\avgui.exe" [2014-01-22 4962320]
"vProt"="c:\program files\AVG SafeGuard toolbar\vprot.exe" [2013-04-12 1151152]
"WD Drive Manager"="c:\program files\Western Digital\WD Drive Manager\WDBtnMgrUI.exe" [2008-01-30 438272]
"PHIME2002ASync"="c:\windows\system32\IME\TINTLGNT\TINTSETP.EXE" [2004-08-04 455168]
"PHIME2002A"="c:\windows\system32\IME\TINTLGNT\TINTSETP.EXE" [2004-08-04 455168]
"Google Desktop Search"="c:\program files\Google\Google Desktop Search\GoogleDesktop.exe" [2010-05-24 30192]
"QQPCTray"="c:\program files\Tencent\QQPCMgr\7.3.8099.213\QQPCTray.exe" [2012-11-16 964128]
"nmctxth"="c:\program files\Common Files\Pure Networks Shared\Platform\nmctxth.exe" [2008-12-12 642856]
"QuickTime Task"="c:\program files\QuickTime\qttask.exe" [2012-10-25 421888]
"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2013-07-02 254336]
.
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\session manager]
BootExecute REG_MULTI_SZ autocheck autochk *\0c:\progra~1\AVG\AVG2014\avgrsx.exe /sync /restart
.
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\keyboard layouts\e0200804]
Ime File REG_SZ SOGOUPY.IME
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys]
@="Driver"
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ QQPCTray]
2012-11-16 11:19 964128 ----a-w- c:\program files\Tencent\QQPCMgr\7.3.8099.213\QQPCTray.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Reader Speed Launcher]
2008-06-12 06:38 34672 ----a-w- c:\program files\Adobe\Reader 9.0\Reader\reader_sl.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\APSDaemon]
2012-10-12 01:56 59280 ----a-w- c:\program files\Common Files\Apple\Apple Application Support\APSDaemon.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\CloneCDTray]
2009-01-29 22:20 57344 ----a-w- c:\program files\SlySoft\CloneCD\CloneCDTray.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\iTunesHelper]
2011-12-08 06:36 421736 ----a-w- c:\program files\iTunes\iTunesHelper.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\LanguageShortcut]
2006-12-06 02:55 54832 ------w- c:\program files\CyberLink\PowerDVD\Language\Language.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NeroFilterCheck]
2006-01-12 19:40 155648 ----a-w- c:\program files\Common Files\Ahead\Lib\NeroCheck.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Nitro PDF Printer Monitor]
2009-03-04 21:27 209216 ----a-w- c:\program files\Nitro PDF\Professional\NitroPDFPrinterMonitor.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Picasa Media Detector]
2007-02-21 01:18 366400 ----a-w- c:\program files\Picasa2\PicasaMediaDetector.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
2012-10-25 07:12 421888 ----a-w- c:\program files\QuickTime\QTTask.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RemoteControl]
2006-11-23 19:10 56928 ------w- c:\program files\CyberLink\PowerDVD\PDVDServ.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched]
2013-07-02 14:16 254336 ----a-w- c:\program files\Common Files\Java\Java Update\jusched.exe
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Program Files\\iTunes\\iTunes.exe"=
"c:\\WINDOWS\\system32\\dpvsetup.exe"=
"c:\\Documents and Settings\\ADMIN\\Local Settings\\Application Data\\Google\\Google Talk Plugin\\googletalkplugin.exe"=
"c:\\Program Files\\uTorrent\\uTorrent.exe"=
"c:\\Program Files\\Common Files\\Tencent\\QQDownload\\121\\Tencentdl.exe"=
"c:\\Program Files\\Tencent\\QQPCMgr\\7.3.8099.213\\QQPCTray.exe"=
"c:\\Program Files\\Tencent\\QQPCMgr\\7.3.8099.213\\QQPCRTP.exe"=
"c:\\Program Files\\SogouInput\\6.5.0.9181\\PinyinUp.exe"=
"c:\\Program Files\\SogouInput\\6.5.0.9181\\SGDownload.exe"=
"c:\\Program Files\\SogouInput\\6.5.0.9181\\ImeUtil.exe"=
"c:\\Program Files\\SogouInput\\6.5.0.9181\\SGTool.exe"=
"c:\\Program Files\\SogouInput\\Components\\SogouComMgr.exe"=
"c:\\Program Files\\Common Files\\Apple\\Apple Application Support\\WebKit2WebProcess.exe"=
"c:\\Program Files\\Skype\\Phone\\Skype.exe"=
"c:\\Program Files\\AVG\\AVG2014\\avgnsx.exe"=
"c:\\Program Files\\AVG\\AVG2014\\avgdiagex.exe"=
"c:\\Program Files\\AVG\\AVG2014\\avgmfapx.exe"=
"c:\\Program Files\\AVG\\AVG2014\\avgemcx.exe"=
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"113:TCP"= 113:TCP:IdentD
"1700:TCP"= 1700:TCP:MioNet Remote Drive Access 0
"1701:TCP"= 1701:TCP:MioNet Remote Drive Access 1
"1702:TCP"= 1702:TCP:MioNet Remote Drive Access 2
"1703:TCP"= 1703:TCP:MioNet Remote Drive Access 3
"1704:TCP"= 1704:TCP:MioNet Remote Drive Access 4
"1705:TCP"= 1705:TCP:MioNet Remote Drive Access 5
"1706:TCP"= 1706:TCP:MioNet Remote Drive Access 6
"1707:TCP"= 1707:TCP:MioNet Remote Drive Access 7
"1708:TCP"= 1708:TCP:MioNet Remote Drive Access 8
"1709:TCP"= 1709:TCP:MioNet Remote Drive Access 9
"1641:TCP"= 1641:TCP:MioNet Remote Drive Verification
"1647:TCP"= 1647:TCP:MioNet Storage Device Configuration
"5432:UDP"= 5432:UDP:MioNet Storage Device Discovery
.
R0 AVGIDSHX;AVGIDSHX;c:\windows\system32\drivers\avgidshx.sys [2/8/2013 3:37 AM 149272]
R0 Avglogx;AVG Logging Driver;c:\windows\system32\drivers\avglogx.sys [2/8/2013 3:37 AM 222520]
R0 Avgrkx86;AVG Anti-Rootkit Driver;c:\windows\system32\drivers\avgrkx86.sys [2/8/2013 3:37 AM 27448]
R0 TsFltMgr;TsFltMgr;c:\windows\system32\drivers\TsFltMgr.sys [11/16/2012 6:19 AM 73024]
R1 Avgdiskx;AVG Disk Driver;c:\windows\system32\drivers\avgdiskx.sys [8/1/2013 3:06 PM 120600]
R1 AVGIDSDriver;AVGIDSDriver;c:\windows\system32\drivers\avgidsdriverx.sys [2/26/2013 10:40 PM 210712]
R1 AVGIDSShim;AVGIDSShim;c:\windows\system32\drivers\avgidsshimx.sys [3/1/2013 9:32 AM 22808]
R1 Avgldx86;AVG AVI Loader Driver;c:\windows\system32\drivers\avgldx86.sys [2/8/2013 3:37 AM 176952]
R1 Avgtdix;AVG TDI Driver;c:\windows\system32\drivers\avgtdix.sys [2/14/2013 2:52 AM 193848]
R1 avgtp;avgtp;c:\windows\system32\drivers\avgtpx86.sys [4/11/2013 8:14 AM 33112]
R1 RapportCerberus_59849;RapportCerberus_59849;c:\documents and settings\All Users\Application Data\Trusteer\Rapport\store\exts\RapportCerberus\baseline\RapportCerberus32_59849.sys [1/2/2014 5:23 AM 340432]
R1 RapportEI;RapportEI;c:\program files\Trusteer\Rapport\bin\RapportEI.sys [2/10/2014 11:35 AM 155704]
R1 TSDefenseBt;TSDefenseBt;c:\windows\system32\drivers\TSDefenseBt.sys [11/16/2012 12:35 PM 60448]
R2 avgwd;AVG WatchDog;c:\program files\AVG\AVG2014\avgwdsvc.exe [9/24/2013 1:33 AM 348008]
R2 cvhsvc;Client Virtualization Handler;c:\program files\Common Files\Microsoft Shared\Virtualization Handler\CVHSVC.EXE [4/22/2013 10:02 AM 822504]
R2 OkiPar;OkiPar;c:\windows\system32\drivers\OkiPar.sys [12/23/2011 12:47 PM 43656]
R2 QQPCRTP;QQPCMgr RTP Service;c:\program files\Tencent\QQPCMgr\7.3.8099.213\QQPCRtp.exe -r --> c:\program files\Tencent\QQPCMgr\7.3.8099.213\QQPCRtp.exe -r [?]
R2 RapportMgmtService;Rapport Management Service;c:\program files\Trusteer\Rapport\bin\RapportMgmtService.exe [2/10/2014 11:35 AM 1444120]
R2 sftlist;Application Virtualization Client;c:\program files\Microsoft Application Virtualization Client\sftlist.exe [6/26/2013 7:23 PM 523944]
R2 WDBtnMgrSvc.exe;WD Drive Manager Service;c:\program files\Western Digital\WD Drive Manager\WDBtnMgrSvc.exe [1/30/2008 4:52 AM 106496]
R3 Sftfs;Sftfs;c:\windows\system32\drivers\Sftfsxp.sys [10/1/2011 1:30 AM 587944]
R3 Sftplay;Sftplay;c:\windows\system32\drivers\Sftplayxp.sys [10/1/2011 1:30 AM 213288]
R3 Sftredir;Sftredir;c:\windows\system32\drivers\Sftredirxp.sys [10/1/2011 1:30 AM 23208]
R3 Sftvol;Sftvol;c:\windows\system32\drivers\Sftvolxp.sys [10/1/2011 1:30 AM 19112]
R3 sftvsa;Application Virtualization Service Agent;c:\program files\Microsoft Application Virtualization Client\sftvsa.exe [6/26/2013 7:23 PM 207528]
S2 AVGIDSAgent;AVGIDSAgent;c:\program files\AVG\AVG2014\avgidsagent.exe [1/22/2014 12:19 PM 3788816]
S2 Skype C2C Service;Skype C2C Service;c:\documents and settings\All Users\Application Data\Skype\Toolbars\Skype C2C Service\c2c_service.exe [3/19/2013 9:26 PM 3289208]
S2 SkypeUpdate;Skype Updater;c:\program files\Skype\Updater\Updater.exe [9/5/2013 9:34 AM 171680]
S3 AVG Security Toolbar Service;AVG Security Toolbar Service;c:\program files\AVG\AVG10\Toolbar\ToolbarBroker.exe [7/15/2011 4:53 AM 167264]
S3 CorelCreatorMessages;CorelCreatorMessages;"c:\windows\system32\CorelCreatorMessages.exe" --> c:\windows\system32\CorelCreatorMessages.exe [?]
S3 GoogleDesktopManager-110309-193829;Google Desktop Manager 5.9.911.3589;c:\program files\Google\Google Desktop Search\GoogleDesktop.exe [2/3/2009 9:56 PM 30192]
S3 HP8207_8307;HP-HP8207_8307;c:\windows\system32\DRIVERS\HP8207_8307.sys --> c:\windows\system32\DRIVERS\HP8207_8307.sys [?]
S3 RapportKELL;RapportKELL;c:\windows\system32\drivers\RapportKELL.sys [2/10/2014 11:35 AM 107256]
S3 RapportPG;RapportPG;c:\program files\Trusteer\Rapport\bin\RapportPG.sys [2/10/2014 11:35 AM 228888]
S3 TcHardWare;TcHardWare;\??\c:\program files\Tencent\QQPCMgr\7.3.8099.213\QQPCHW.sys --> c:\program files\Tencent\QQPCMgr\7.3.8099.213\QQPCHW.sys [?]
S3 WDC_SAM;WD SCSI Pass Thru driver;c:\windows\system32\drivers\wdcsam.sys [5/6/2008 4:06 PM 11520]
S3 WUSB54GCv3;Compact Wireless-G USB Network Adapter;c:\windows\system32\drivers\WUSB54GCv3.sys [1/19/2011 1:02 PM 627072]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
XLServicePlatform REG_MULTI_SZ XLServicePlatform
.
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{8A69D345-D564-463c-AFF1-A69D9E530F96}]
2014-03-04 11:54 1150280 ----a-w- c:\program files\Google\Chrome\Application\33.0.1750.146\Installer\chrmstp.exe
.
Contents of the 'Scheduled Tasks' folder
.
2014-03-05 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2012-04-04 19:55]
.
2014-03-05 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2013-01-31 21:14]
.
2014-03-05 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2013-01-31 21:14]
.
2014-03-01 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1202660629-1935655697-839522115-1003Core.job
- c:\documents and settings\ADMIN\Local Settings\Application Data\Google\Update\GoogleUpdate.exe [2011-07-15 10:28]
.
2014-03-05 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1202660629-1935655697-839522115-1003UA.job
- c:\documents and settings\ADMIN\Local Settings\Application Data\Google\Update\GoogleUpdate.exe [2011-07-15 10:28]
.
2014-03-05 c:\windows\Tasks\SogouImeMgr.job
- c:\progra~1\SOGOUI~1\SogouExe\SogouExe.exe [2013-03-11 07:27]
.
2014-03-05 c:\windows\Tasks\Windows Codec Update Service.job
- c:\program files\Essentials Codec Pack\WECPUpdate.exe [2012-02-03 09:14]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.google.ca/
mStart Page = hxxp://www.google.com
uInternet Connection Wizard,ShellNext = iexplore
uSearchAssistant = hxxp://www.google.com/ie
uSearchURL,(Default) = hxxp://www.google.com/search?q=%s
IE: Append Link Target to Existing PDF - c:\program files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
IE: Append to Existing PDF - c:\program files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIEAppend.html
IE: Convert Link Target to Adobe PDF - c:\program files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
IE: Convert to Adobe PDF - c:\program files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIECapture.html
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
TCP: DhcpNameServer = 192.168.0.1
DPF: {C6B95BE9-4373-4BF8-9D18-9FCEAE5563F0} - hxxps://col0-sec.mail.live.com/mail/MailMigrationCabFileHolder.aspx?n=64163164
FF - ProfilePath - c:\documents and settings\ADMIN\Application Data\Mozilla\Firefox\Profiles\1scr8ssh.default\
FF - prefs.js: browser.search.selectedEngine - Yahoo!
FF - prefs.js: keyword.URL - hxxp://search.yahoo.com/search?fr=greentree_ff1&ei=utf-8&ilc=12&type=937811&p=
user_pref(extensions.autoDisableScopes,14);
.
- - - - ORPHANS REMOVED - - - -
.
AddRemove-?????? - c:\program files\????\XLGameBox\Uninstaller.exe
.
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2014-03-05 15:17
Windows 5.1.2600 Service Pack 3 NTFS
.
scanning hidden processes ...
.
scanning hidden autostart entries ...
.
scanning hidden files ...
.
scan completed successfully
hidden files: 0
.
**************************************************************************
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
" QQPCTray"="\"c:\\Program Files\\Tencent\\QQPCMgr\\7.3.8099.213\\QQPCTray.exe\" /regrun"
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_USERS\S-1-5-21-1202660629-1935655697-839522115-1003\Software\Microsoft\Windows\CurrentVersion\Explorer\MenuOrder\Start Menu2\Programs\~¯‹oöN\Q*Q*ó—PN]
"Order"=hex:08,00,00,00,02,00,00,00,f6,00,00,00,01,00,00,00,02,00,00,00,72,00,
00,00,00,00,00,00,64,00,00,00,41,75,67,4d,02,00,00,00,01,00,00,00,52,00,32,\
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\WINDOWS\\system32\\Macromed\\Flash\\FlashUtil32_12_0_0_70_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32]
@="c:\\WINDOWS\\system32\\Macromed\\Flash\\FlashUtil32_12_0_0_70_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="IFlashBroker5"
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
Completion time: 2014-03-05 15:21:29
ComboFix-quarantined-files.txt 2014-03-05 20:21
ComboFix2.txt 2014-03-05 19:42
ComboFix3.txt 2014-03-05 18:03
.
Pre-Run: 25,954,115,584 bytes free
Post-Run: 25,931,739,136 bytes free
.
- - End Of File - - 1B7C8920EF3BE455AEEE601C7C8C58AA
8F558EB6672622401DA993E1E865C861


*****************************
Now I do not see in Windows Task Manager FastClean PRO running.
its shortcut icon is still on the Desktop. Can I delete it?
*****************************

Very good.

How is computer doing?

http://dev.discussions.virtualdr.forums.relay.cool/ Please download AdwCleaner by Xplode onto your desktop.

• Close all open programs and internet browsers.
• Double click on adwcleaner.exe to run the tool.
• Click on Scan button.
• When the scan has finished click on Clean button.
• Your computer will be rebooted automatically. A text file will open after the restart.
• Please post the contents of that logfile with your next reply.
• You can find the logfile at C:\AdwCleaner[S1].txt as well.

http://dev.discussions.virtualdr.forums.relay.cool/ Please download Junkware Removal Tool to your desktop.

• Shut down your protection software now to avoid potential conflicts.
• Run the tool by double-clicking it. If you are using Windows Vista, 7, or 8; instead of double-clicking, right-mouse click JRT.exe and select "Run as Administrator".
• The tool will open and start scanning your system.
• Please be patient as this can take a while to complete depending on your system's specifications.
• On completion, a log (JRT.txt) is saved to your desktop and will automatically open.
• Post the contents of JRT.txt into your next message.

http://dev.discussions.virtualdr.forums.relay.cool/ Download OTL to your Desktop.
Alternate download: http://www.itxassociates.com/OT-Tools/OTL.exe

• Double click on the icon to run it. Make sure all other windows are closed and to let it run uninterrupted.
• Click the Scan All Users checkbox.
• Click the Quick Scan button. Do not change any settings unless otherwise told to do so. The scan wont take long.
• When the scan completes, it will open two notepad windows: OTL.txt and Extras.txt. These are saved in the same location as OTL.
• Please copy (Edit->Select All, Edit->Copy) the contents of these files, one at a time, and post them back here.