Advertisement

There's no such thing as a stupid question, but they're the easiest to answer.
Login
Search

Advertisement

Virus & Other Malware Removal Virus & Other Malware Removal
Search Search
Search for:
Tech Support Guy > > >

Solved: Need Help with Malware Win32.2YourFace.bho


(!)

Pascal1623's Avatar
Pascal1623 Pascal1623 is offline
Computer Specs
Member with 10 posts.
THREAD STARTER
 
Join Date: Jun 2010
Experience: Intermediate
23-Oct-2013, 06:59 PM #1
Need Help with Malware Win32.2YourFace.bho
I believe I am having a malware problem on my PC called: Win32.2YourFace.bho.

My PC is a x64 based Hewlett-Packard Model p6720f with an AMD Phenom(tm) II X4 840T Processor, 2900 Mhz, 4 Core(s), 4 Logical Processor(s).

My OS is Microsoft Windows 7 Ultimate with 6.1.7601 Service Pack 1 Build 7601.

I first noticed the problem when trying to watch Netflix instant streaming. A warning popped up saying that my Firefox browser (24.0) was out of date and needed to updated. This was not the way I usually was notified of a new version of Firefox. It also wanted me to download and update a new video player called Flash Player Pro. This did not look normal to me so after clicking on a new tab several times I finally got to the proper Netflix website and was able to successfully engage the instant viewing.

However the problem continued when I tried to start up Firefox and also Internet Explorer seemed completely inaccessible and had to be restarted several times. I also started getting several unwanted pop-up ads such as dating Japanese girls and that my pc was about to crash unless I downloaded a PC Cleaner.

I uninstalled Firefox (which seemed to be the most infected) with the uninstall feature of the Control Panel and reinstalled directly from the Firefox Website but problem persists. The problem seems to be with my Firefox browser and Internet Explorer browser. I usually use an Opera browser which seems unaffected.

I have the following utilities installed which I use frequently:

Norton Internet Security
RegCure Pro
Spybot Search and Destroy +AV2.1 Professonal Edition
PC Matic

Pursuant to this forums rules are the following files:

HiJackThis File:

Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 9:33:31 AM, on 10/23/2013
Platform: Windows 7 SP1 (WinNT 6.00.3505)
MSIE: Internet Explorer v10.0 (10.00.9200.16720)
Boot mode: Normal

Running processes:
C:\Program Files (x86)\Common Files\PC Tools\sMonitor\SSDMonitor.exe
C:\Program Files (x86)\PCPitstop\Info Center\InfoCenter.exe
C:\Program Files (x86)\Spybot - Search & Destroy 2\SDTray.exe
C:\Program Files (x86)\iTunes\iTunesHelper.exe
C:\Program Files (x86)\PCPitstop\SuperShield\PCMaticRT.exe
C:\Program Files (x86)\Common Files\Apple\Internet Services\ApplePhotoStreams.exe
C:\Program Files (x86)\Opera\opera.exe
C:\Program Files (x86)\Microsoft Office\Office12\WINWORD.EXE
C:\Users\Richard\Downloads\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = Preserve
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/p/?LinkId=255141
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/p/?LinkId=255141
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
R3 - URLSearchHook: PC Tools Browser Guard - {472734EA-242A-422b-ADF8-83D1E48CC825} - (no file)
R3 - URLSearchHook: InternetHelper3.1 Toolbar - {07cbf788-1359-421b-a4e3-5a8d041b90a3} - C:\Program Files (x86)\InternetHelper3.1\prxtbInte.dll
F2 - REG:system.ini: UserInit=userinit.exe,
O2 - BHO: InternetHelper3.1 - {07cbf788-1359-421b-a4e3-5a8d041b90a3} - C:\Program Files (x86)\InternetHelper3.1\prxtbInte.dll
O2 - BHO: CrossriderApp0043912 - {11111111-1111-1111-1111-110411391112} - (no file)
O2 - BHO: Browser Guard BHO - {2A0F3D1B-0909-4FF4-B272-609CCE6054E7} - (no file)
O2 - BHO: Linksicle - {2AD2D8CA-D24D-40D2-A8FC-46952409BA9A} - C:\Program Files (x86)\Linksicle\IE\LinksicleClientIE.dll
O2 - BHO: LinkSwift - {323420b6-65e5-4657-8106-a27392d4d4aa} - (no file)
O2 - BHO: Norton Identity Protection - {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} - C:\Program Files (x86)\Norton Internet Security\Engine\20.4.0.40\coIEPlg.dll
O2 - BHO: Norton Vulnerability Protection - {6D53EC84-6AAE-4787-AEEE-F4628F01010C} - C:\Program Files (x86)\Norton Internet Security\Engine\20.4.0.40\IPS\IPSBHO.DLL
O2 - BHO: RoboForm - {724d43a9-0d85-11d4-9908-00400523e39a} - C:\Program Files (x86)\Siber Systems\AI RoboForm\roboform.dll
O2 - BHO: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll
O2 - BHO: TidyNetwork.com - {7736C7FA-512D-11E2-B871-DEC36088709B} - (no file)
O2 - BHO: DefaultTabBHO - {7F6AFBF1-E065-4627-A2FD-810366367D01} - C:\Users\Richard\AppData\Roaming\DefaultTab\DefaultTab\DefaultTabBHO.dll
O2 - BHO: Windows Live ID Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Searchqu Toolbar - {99079a25-328f-4bd4-be04-00955acaa0a7} - (no file)
O2 - BHO: Word - {B78F92C8-DEB3-11E2-9A0A-FB64281D6ADE} - C:\Users\Richard\AppData\Local\WordLayers\temp.dat
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll
O2 - BHO: Fast Free Converter 4.1 - {F5580E24-8416-4DFD-90B3-078D4EDF4FCB} - C:\PROGRA~2\Fast Free Converter\FastFreeConverter\FastFreeConverter.dll
O3 - Toolbar: PC Tools Browser Guard - {472734EA-242A-422B-ADF8-83D1E48CC825} - (no file)
O3 - Toolbar: &RoboForm - {724d43a0-0d85-11d4-9908-00400523e39a} - C:\Program Files (x86)\Siber Systems\AI RoboForm\roboform.dll
O3 - Toolbar: ShopAtHome.com Toolbar - {98279C38-DE4B-4bcf-93C9-8EC26069D6F4} - (no file)
O3 - Toolbar: Searchqu Toolbar - {99079a25-328f-4bd4-be04-00955acaa0a7} - (no file)
O3 - Toolbar: Norton Toolbar - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files (x86)\Norton Internet Security\Engine\20.4.0.40\coIEPlg.dll
O3 - Toolbar: InternetHelper3.1 Toolbar - {07cbf788-1359-421b-a4e3-5a8d041b90a3} - C:\Program Files (x86)\InternetHelper3.1\prxtbInte.dll
O4 - HKLM\..\Run: [SSDMonitor] C:\Program Files (x86)\Common Files\PC Tools\sMonitor\SSDMonitor.exe
O4 - HKLM\..\Run: [PDF Complete] C:\Program Files (x86)\PDF Complete\pdfsty.exe
O4 - HKLM\..\Run: [APSDaemon] "C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe"
O4 - HKLM\..\Run: [Info Center] C:\Program Files (x86)\PCPitstop\Info Center\InfoCenter.exe
O4 - HKLM\..\Run: [SDTray] "C:\Program Files (x86)\Spybot - Search & Destroy 2\SDTray.exe"
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files (x86)\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [PC MaticRT] C:\Program Files (x86)\PCPitstop\SuperShield\PCMaticRT.exe
O4 - HKCU\..\Run: [Spybot-S&D Cleaning] "C:\Program Files (x86)\Spybot - Search & Destroy 2\SDCleaner.exe" /autoclean
O4 - HKCU\..\Run: [BackgroundContainer] "C:\Windows\SysWOW64\Rundll32.exe" "C:\Users\Richard\AppData\Local\Conduit\BackgroundContainer\BackgroundConta iner.dll",DllRun
O9 - Extra button: @C:\Program Files (x86)\Windows Live\Writer\WindowsLiveWriterShortcuts.dll,-1004 - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra 'Tools' menuitem: @C:\Program Files (x86)\Windows Live\Writer\WindowsLiveWriterShortcuts.dll,-1003 - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~2\MICROS~1\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~2\MICROS~1\Office12\ONBttnIE.dll
O9 - Extra button: Fill Forms - {320AF880-6646-11D3-ABEE-C5DBF3571F46} - file://C:\Program Files (x86)\Siber Systems\AI RoboForm\RoboFormComFillForms.html
O9 - Extra 'Tools' menuitem: Fill Forms - {320AF880-6646-11D3-ABEE-C5DBF3571F46} - file://C:\Program Files (x86)\Siber Systems\AI RoboForm\RoboFormComFillForms.html
O9 - Extra button: Save - {320AF880-6646-11D3-ABEE-C5DBF3571F49} - file://C:\Program Files (x86)\Siber Systems\AI RoboForm\RoboFormComSavePass.html
O9 - Extra 'Tools' menuitem: Save Forms - {320AF880-6646-11D3-ABEE-C5DBF3571F49} - file://C:\Program Files (x86)\Siber Systems\AI RoboForm\RoboFormComSavePass.html
O9 - Extra button: RoboForm - {724d43aa-0d85-11d4-9908-00400523e39a} - file://C:\Program Files (x86)\Siber Systems\AI RoboForm\RoboFormComShowToolbar.html
O9 - Extra 'Tools' menuitem: RoboForm Toolbar - {724d43aa-0d85-11d4-9908-00400523e39a} - file://C:\Program Files (x86)\Siber Systems\AI RoboForm\RoboFormComShowToolbar.html
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~2\MICROS~1\Office12\REFIEBAR.DLL
O10 - Unknown file in Winsock LSP: c:\program files (x86)\common files\microsoft shared\windows live\wlidnsp.dll
O10 - Unknown file in Winsock LSP: c:\program files (x86)\common files\microsoft shared\windows live\wlidnsp.dll
O11 - Options group: [ACCELERATED_GRAPHICS] Accelerated graphics
O15 - Trusted Zone: *.netflix.com
O16 - DPF: {0E5F0222-96B9-11D3-8997-00104BD12D94} (PCPitstop Utility) - http://utilities.pcpitstop.com/Nirva...ls/pcmatic.cab
O16 - DPF: {CAFEEFAC-0016-0000-0000-ABCDEFFEDCBA} (Java Plug-in 1.6.0) - http://javadl-esd.oracle.com/update/...ndows-i586.cab
O18 - Protocol: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - C:\Program Files (x86)\Windows Live\Photo Gallery\AlbumDownloadProtocolHandler.dll
O20 - AppInit_DLLs: c:\progra~2\searchqu toolbar\datamngr\datamngr.dll c:\progra~2\searchqu toolbar\datamngr\iebho.dll c:\progra~2\optimizer pro\optprocrash.dll
O20 - Winlogon Notify: SDWinLogon - SDWinLogon.dll (file missing)
O23 - Service: Optimizer Pro Crash Monitor (70e6ca8c) - Unknown owner - c:\progra~2\optimizer pro\optprocrash.exe (file missing)
O23 - Service: Adobe Flash Player Update Service (AdobeFlashPlayerUpdateSvc) - Adobe Systems Incorporated - C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
O23 - Service: @%SystemRoot%\system32\Alg.exe,-112 (ALG) - Unknown owner - C:\Windows\System32\alg.exe (file missing)
O23 - Service: AMD External Events Utility - Unknown owner - C:\Windows\system32\atiesrxx.exe (file missing)
O23 - Service: AMD FUEL Service - Advanced Micro Devices, Inc. - C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe
O23 - Service: Browser Defender Update Service - Unknown owner - C:\Program Files (x86)\PC Tools Security\BDT\BDTUpdateService.exe (file missing)
O23 - Service: CLHNServiceForPowerDVD - Unknown owner - C:\Program Files (x86)\CyberLink\PowerDVD11\Kernel\DMP\CLHNServiceForPowerDVD.exe
O23 - Service: CyberLink PowerDVD 11.0 Monitor Service - CyberLink - C:\Program Files (x86)\CyberLink\PowerDVD11\Common\MediaServer\CLMSMonitorService.exe
O23 - Service: CyberLink PowerDVD 11.0 Service - CyberLink - C:\Program Files (x86)\CyberLink\PowerDVD11\Common\MediaServer\CLMSServer.exe
O23 - Service: DefaultTabSearch - Unknown owner - C:\Program Files (x86)\DefaultTab\DefaultTabSearch.exe
O23 - Service: DefaultTabUpdate - Unknown owner - C:\Users\Richard\AppData\Roaming\defaulttab\defaulttab\dtupdate.exe
O23 - Service: PC Tools Performance Toolkit Defrag Service (DMDefragService) - PC Tools - C:\Program Files (x86)\PC Tools Utilities\Tools\Defrag\DMDefragSrv.exe
O23 - Service: PC Tools Performance Toolkit Repair Service (DMRepairService) - PC Tools - C:\Program Files (x86)\PC Tools Utilities\Tools\Repair\DMRepairSrv.exe
O23 - Service: @%SystemRoot%\system32\efssvc.dll,-100 (EFS) - Unknown owner - C:\Windows\System32\lsass.exe (file missing)
O23 - Service: FastFreeConverterUpdt - Unknown owner - C:\Program Files (x86)\Fast Free Converter\FastFreeConverterUpdt.exe
O23 - Service: @%systemroot%\system32\fxsresm.dll,-118 (Fax) - Unknown owner - C:\Windows\system32\fxssvc.exe (file missing)
O23 - Service: Google Update Service (gupdate) (gupdate) - Google Inc. - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
O23 - Service: Google Update Service (gupdatem) (gupdatem) - Google Inc. - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
O23 - Service: HP Support Assistant Service - Hewlett-Packard Company - C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\hpsa_service.exe
O23 - Service: HP Client Services (HPClientSvc) - Hewlett-Packard Company - C:\Program Files\Hewlett-Packard\HP Client Services\HPClientServices.exe
O23 - Service: HP Software Framework Service (hpqwmiex) - Unknown owner - C:\Program Files (x86)\Hewlett-Packard\Shared\hpqwmiex.exe (file missing)
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files (x86)\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: iWinTrusted - iWin Inc. - C:\Program Files (x86)\iWin Games\iWinTrusted.exe
O23 - Service: @keyiso.dll,-100 (KeyIso) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - c:\Program Files (x86)\Common Files\LightScribe\LSSrvc.exe
O23 - Service: Linksicle Client Service (lssvc) - Linksicle - C:\Program Files (x86)\Linksicle\Service\lssvc.exe
O23 - Service: Norton Management (MCLIENT) - Symantec Corporation - C:\Program Files (x86)\Norton Management\Engine\3.2.2.12\ccSvcHst.exe
O23 - Service: Mozilla Maintenance Service (MozillaMaintenance) - Mozilla Foundation - C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe
O23 - Service: @comres.dll,-2797 (MSDTC) - Unknown owner - C:\Windows\System32\msdtc.exe (file missing)
O23 - Service: @%SystemRoot%\System32\netlogon.dll,-102 (Netlogon) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: Norton Internet Security (NIS) - Symantec Corporation - C:\Program Files (x86)\Norton Internet Security\Engine\20.4.0.40\ccSvcHst.exe
O23 - Service: PCPitstop Realtime - PC Pitstop LLC - C:\Program Files (x86)\PCPitstop\SuperShield\PCPitstopRTService.exe
O23 - Service: PCPitstop Scheduling - PC Pitstop LLC - C:\Program Files (x86)\PCPitstop\PCPitstopScheduleService.exe
O23 - Service: PC Tools Startup and Shutdown Monitor service (PCToolsSSDMonitorSvc) - Unknown owner - C:\Program Files (x86)\Common Files\PC Tools\sMonitor\StartManSvc.exe
O23 - Service: PDF Document Manager (pdfcDispatcher) - PDF Complete Inc - C:\Program Files (x86)\PDF Complete\pdfsvc.exe
O23 - Service: @%systemroot%\system32\psbase.dll,-300 (ProtectedStorage) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: Cyberlink RichVideo Service(CRVS) (RichVideo) - Unknown owner - C:\Program Files (x86)\CyberLink\Shared files\RichVideo.exe
O23 - Service: @%systemroot%\system32\Locator.exe,-2 (RpcLocator) - Unknown owner - C:\Windows\system32\locator.exe (file missing)
O23 - Service: Realtek Audio Service (RtkAudioService) - Realtek Semiconductor - C:\Program Files\Realtek\Audio\HDA\RtkAudioService64.exe
O23 - Service: @%SystemRoot%\system32\samsrv.dll,-1 (SamSs) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: PC Tools Auxiliary Service (sdAuxService) - Unknown owner - C:\Program Files (x86)\PC Tools Security\pctsAuxs.exe (file missing)
O23 - Service: PC Tools Security Service (sdCoreService) - Unknown owner - C:\Program Files (x86)\PC Tools Security\pctsSvc.exe (file missing)
O23 - Service: Spybot-S&D 2 Scanner Service (SDScannerService) - Safer-Networking Ltd. - C:\Program Files (x86)\Spybot - Search & Destroy 2\SDFSSvc.exe
O23 - Service: Spybot-S&D 2 Updating Service (SDUpdateService) - Safer-Networking Ltd. - C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdSvc.exe
O23 - Service: Spybot-S&D 2 Security Center Service (SDWSCService) - Safer-Networking Ltd. - C:\Program Files (x86)\Spybot - Search & Destroy 2\SDWSCSvc.exe
O23 - Service: @%SystemRoot%\system32\snmptrap.exe,-3 (SNMPTRAP) - Unknown owner - C:\Windows\System32\snmptrap.exe (file missing)
O23 - Service: @%systemroot%\system32\spoolsv.exe,-1 (Spooler) - Unknown owner - C:\Windows\System32\spoolsv.exe (file missing)
O23 - Service: @%SystemRoot%\system32\sppsvc.exe,-101 (sppsvc) - Unknown owner - C:\Windows\system32\sppsvc.exe (file missing)
O23 - Service: ThreatFire - Unknown owner - C:\Program Files (x86)\PC Tools Security\TFEngine\TFService.exe (file missing)
O23 - Service: @%SystemRoot%\system32\ui0detect.exe,-101 (UI0Detect) - Unknown owner - C:\Windows\system32\UI0Detect.exe (file missing)
O23 - Service: Update LinkSwift - LinkSwift - C:\Program Files (x86)\LinkSwift\updateLinkSwift.exe
O23 - Service: Util LinkSwift - LinkSwift - C:\Program Files (x86)\LinkSwift\bin\utilLinkSwift.exe
O23 - Service: @%SystemRoot%\system32\vaultsvc.dll,-1003 (VaultSvc) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: @%SystemRoot%\system32\vds.exe,-100 (vds) - Unknown owner - C:\Windows\System32\vds.exe (file missing)
O23 - Service: @%systemroot%\system32\vssvc.exe,-102 (VSS) - Unknown owner - C:\Windows\system32\vssvc.exe (file missing)
O23 - Service: WajamUpdaterV2 - Unknown owner - C:\Program Files (x86)\Wajam\Updater\WajamUpdaterV2.exe (file missing)
O23 - Service: @%SystemRoot%\system32\Wat\WatUX.exe,-601 (WatAdminSvc) - Unknown owner - C:\Windows\system32\Wat\WatAdminSvc.exe (file missing)
O23 - Service: @%systemroot%\system32\wbengine.exe,-104 (wbengine) - Unknown owner - C:\Windows\system32\wbengine.exe (file missing)
O23 - Service: @%Systemroot%\system32\wbem\wmiapsrv.exe,-110 (wmiApSrv) - Unknown owner - C:\Windows\system32\wbem\WmiApSrv.exe (file missing)
O23 - Service: @%PROGRAMFILES%\Windows Media Player\wmpnetwk.exe,-101 (WMPNetworkSvc) - Unknown owner - C:\Program Files (x86)\Windows Media Player\wmpnetwk.exe (file missing)

--
End of file - 16623 bytes

dds.txt file:

DDS (Ver_2012-11-20.01) - NTFS_AMD64
Internet Explorer: 10.0.9200.16720 BrowserJavaVersion: 10.45.2
Run by Richard at 9:41:38 on 2013-10-23
Microsoft Windows 7 Ultimate 6.1.7601.1.1252.1.1033.18.5887.1486 [GMT -7:00]
.
AV: Norton Internet Security *Enabled/Updated* {63DF5164-9100-186D-2187-8DC619EFD8BF}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
SP: Spybot - Search and Destroy *Disabled/Updated* {9BC38DF1-3CCA-732D-A930-C1CA5F20A4B0}
SP: Norton Internet Security *Enabled/Updated* {D8BEB080-B73A-17E3-1B37-B6B462689202}
FW: Norton Internet Security *Enabled* {5BE4D041-DB6F-1935-0AD8-24F3E73C9FC4}
.
============== Running Processes ===============
.
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\svchost.exe -k RPCSS
C:\Windows\system32\atiesrxx.exe
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\svchost.exe -k NetworkService
C:\Windows\system32\atieclxx.exe
C:\Windows\System32\spoolsv.exe
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Windows\system32\taskhost.exe
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Windows\system32\taskeng.exe
C:\Users\Richard\AppData\Roaming\defaulttab\defaulttab\dtupdate.exe
C:\Program Files (x86)\Fast Free Converter\FastFreeConverterUpdt.exe
c:\Program Files (x86)\Common Files\LightScribe\LSSrvc.exe
C:\Program Files (x86)\Linksicle\Service\lssvc.exe
C:\Program Files (x86)\Norton Management\Engine\3.2.2.12\ccSvcHst.exe
c:\Program Files (x86)\Microsoft SQL Server\MSSQL.1\MSSQL\Binn\sqlservr.exe
C:\Program Files (x86)\Norton Internet Security\Engine\20.4.0.40\ccSvcHst.exe
C:\Program Files (x86)\PCPitstop\SuperShield\PCPitstopRTService.exe
C:\Program Files (x86)\PCPitstop\PCPitstopScheduleService.exe
C:\Program Files (x86)\Norton Internet Security\Engine\20.4.0.40\ccSvcHst.exe
C:\Program Files (x86)\Common Files\PC Tools\sMonitor\StartManSvc.exe
C:\Program Files (x86)\Microsoft Application Virtualization Client\sftvsa.exe
c:\Program Files (x86)\Microsoft SQL Server\90\Shared\sqlbrowser.exe
c:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe
C:\Program Files (x86)\Norton Management\Engine\3.2.2.12\ccSvcHst.exe
C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
C:\Program Files (x86)\Microsoft Application Virtualization Client\sftlist.exe
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
C:\Program Files (x86)\Common Files\Microsoft Shared\Virtualization Handler\CVHSVC.EXE
C:\Windows\system32\SearchIndexer.exe
C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
C:\Windows\System32\WUDFHost.exe
C:\Program Files (x86)\Common Files\PC Tools\sMonitor\SSDMonitor.exe
C:\Program Files (x86)\PCPitstop\Info Center\InfoCenter.exe
C:\Program Files (x86)\Spybot - Search & Destroy 2\SDTray.exe
C:\Program Files (x86)\iTunes\iTunesHelper.exe
C:\Program Files (x86)\PCPitstop\SuperShield\PCMaticRT.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Windows\System32\svchost.exe -k LocalServicePeerNet
C:\Program Files\Windows Media Player\wmpnetwk.exe
C:\Windows\system32\svchost.exe -k SDRSVC
C:\Program Files (x86)\Common Files\Apple\Internet Services\ApplePhotoStreams.exe
C:\Program Files (x86)\Opera\opera.exe
C:\Program Files (x86)\Microsoft Office\Office12\WINWORD.EXE
C:\Windows\splwow64.exe
C:\Users\Richard\Downloads\HijackThis.exe
C:\Windows\SysWOW64\NOTEPAD.EXE
C:\Windows\System32\svchost.exe -k WerSvcGroup
C:\Windows\system32\wbem\wmiprvse.exe
C:\Windows\System32\cscript.exe
.
============== Pseudo HJT Report ===============
.
uStart Page = about:blank
uSearch Bar = Preserve
uSearch Page = hxxp://www.google.com
uURLSearchHooks: PC Tools Browser Guard: {472734EA-242A-422b-ADF8-83D1E48CC825} - LocalServer32 - <no file>
uURLSearchHooks: InternetHelper3.1 Toolbar: {07cbf788-1359-421b-a4e3-5a8d041b90a3} - C:\Program Files (x86)\InternetHelper3.1\prxtbInte.dll
mURLSearchHooks: InternetHelper3.1 Toolbar: {07cbf788-1359-421b-a4e3-5a8d041b90a3} - C:\Program Files (x86)\InternetHelper3.1\prxtbInte.dll
mWinlogon: Userinit = userinit.exe,
BHO: InternetHelper3.1 Toolbar: {07cbf788-1359-421b-a4e3-5a8d041b90a3} - C:\Program Files (x86)\InternetHelper3.1\prxtbInte.dll
BHO: SuperLyrics-15: {11111111-1111-1111-1111-110411391112} - LocalServer32 - <no file>
BHO: PC Tools Browser Guard BHO: {2A0F3D1B-0909-4FF4-B272-609CCE6054E7} - LocalServer32 - <no file>
BHO: Linksicle: {2AD2D8CA-D24D-40D2-A8FC-46952409BA9A} - C:\Program Files (x86)\Linksicle\IE\LinksicleClientIE.dll
BHO: LinkSwift: {323420b6-65e5-4657-8106-a27392d4d4aa} - LocalServer32 - <no file>
BHO: Norton Identity Protection: {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} - C:\Program Files (x86)\Norton Internet Security\Engine\20.4.0.40\coieplg.dll
BHO: Norton Vulnerability Protection: {6D53EC84-6AAE-4787-AEEE-F4628F01010C} - C:\Program Files (x86)\Norton Internet Security\Engine\20.4.0.40\ips\ipsbho.dll
BHO: RoboForm: {724d43a9-0d85-11d4-9908-00400523e39a} - C:\Program Files (x86)\Siber Systems\AI RoboForm\roboform.dll
BHO: Java(tm) Plug-In SSV Helper: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll
BHO: {7736C7FA-512D-11E2-B871-DEC36088709B} - <orphaned>
BHO: DefaultTab Browser Helper: {7F6AFBF1-E065-4627-A2FD-810366367D01} - C:\Users\Richard\AppData\Roaming\DefaultTab\DefaultTab\DefaultTabBHO.dll
BHO: Windows Live ID Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
BHO: {99079a25-328f-4bd4-be04-00955acaa0a7} - <orphaned>
BHO: Word: {B78F92C8-DEB3-11E2-9A0A-FB64281D6ADE} - C:\Users\Richard\AppData\Local\WordLayers\temp.dat
BHO: Java(tm) Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll
BHO: Fast Free Converter 4.1: {F5580E24-8416-4DFD-90B3-078D4EDF4FCB} - C:\Program Files (x86)\Fast Free Converter\FastFreeConverter\FastFreeConverter.dll
TB: PC Tools Browser Guard: {472734EA-242A-422B-ADF8-83D1E48CC825} - LocalServer32 - <no file>
TB: &RoboForm: {724D43A0-0D85-11D4-9908-00400523E39A} - C:\Program Files (x86)\Siber Systems\AI RoboForm\roboform.dll
TB: ShopAtHome.com Toolbar: {98279C38-DE4B-4BCF-93C9-8EC26069D6F4} - LocalServer32 - <no file>
TB: Norton Toolbar: {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files (x86)\Norton Internet Security\Engine\20.4.0.40\coieplg.dll
TB: InternetHelper3.1 Toolbar: {07CBF788-1359-421B-A4E3-5A8D041B90A3} - C:\Program Files (x86)\InternetHelper3.1\prxtbInte.dll
TB: PC Tools Browser Guard: {472734EA-242A-422B-ADF8-83D1E48CC825} - LocalServer32 - <no file>
TB: &RoboForm: {724d43a0-0d85-11d4-9908-00400523e39a} - C:\Program Files (x86)\Siber Systems\AI RoboForm\roboform.dll
TB: ShopAtHome.com Toolbar: {98279C38-DE4B-4bcf-93C9-8EC26069D6F4} - LocalServer32 - <no file>
TB: Norton Toolbar: {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files (x86)\Norton Internet Security\Engine\20.4.0.40\coieplg.dll
TB: InternetHelper3.1 Toolbar: {07cbf788-1359-421b-a4e3-5a8d041b90a3} - C:\Program Files (x86)\InternetHelper3.1\prxtbInte.dll
uRun: [Spybot-S&D Cleaning] "C:\Program Files (x86)\Spybot - Search & Destroy 2\SDCleaner.exe" /autoclean
uRun: [BackgroundContainer] "C:\Windows\SysWOW64\Rundll32.exe" "C:\Users\Richard\AppData\Local\Conduit\BackgroundContainer\BackgroundConta iner.dll",DllRun
mRun: [SSDMonitor] C:\Program Files (x86)\Common Files\PC Tools\sMonitor\SSDMonitor.exe
mRun: [PDF Complete] C:\Program Files (x86)\PDF Complete\pdfsty.exe
mRun: [APSDaemon] "C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe"
mRun: [Info Center] C:\Program Files (x86)\PCPitstop\Info Center\InfoCenter.exe
mRun: [SDTray] "C:\Program Files (x86)\Spybot - Search & Destroy 2\SDTray.exe"
mRun: [iTunesHelper] "C:\Program Files (x86)\iTunes\iTunesHelper.exe"
mRun: [PC MaticRT] C:\Program Files (x86)\PCPitstop\SuperShield\PCMaticRT.exe
uPolicies-Explorer: NoDriveTypeAutoRun = dword:145
mPolicies-System: ConsentPromptBehaviorAdmin = dword:5
mPolicies-System: ConsentPromptBehaviorUser = dword:3
IE: {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - {5F7B1267-94A9-47F5-98DB-E99415F33AEC} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll
IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - C:\Program Files (x86)\Microsoft Office\Office12\ONBttnIE.dll
IE: {320AF880-6646-11D3-ABEE-C5DBF3571F46} - C:\Program Files (x86)\Siber Systems\AI RoboForm\RoboFormComFillForms.html
IE: {320AF880-6646-11D3-ABEE-C5DBF3571F49} - C:\Program Files (x86)\Siber Systems\AI RoboForm\RoboFormComSavePass.html
IE: {724d43aa-0d85-11d4-9908-00400523e39a} - C:\Program Files (x86)\Siber Systems\AI RoboForm\RoboFormComShowToolbar.html
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503}
.
INFO: HKCU has more than 50 listed domains.
If you wish to scan all of them, select the 'Force scan all domains' option.
.
.
INFO: HKLM has more than 50 listed domains.
If you wish to scan all of them, select the 'Force scan all domains' option.
.
DPF: {0E5F0222-96B9-11D3-8997-00104BD12D94} - hxxp://utilities.pcpitstop.com/Nirvana/controls/pcmatic.cab
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_24-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0000-ABCDEFFEDCBA} - hxxp://javadl-esd.oracle.com/update/1.6.0/jinstall-6u24-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_24-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_24-windows-i586.cab
TCP: NameServer = 75.75.75.75 75.75.76.76
TCP: Interfaces\{2C30AC76-AAF8-43D7-9738-48E038F87F36} : DHCPNameServer = 75.75.75.75 75.75.76.76
TCP: Interfaces\{EE9F14F0-C1EB-49B3-89F4-1250719D7D13} : DHCPNameServer = 75.75.75.75 75.75.76.76
TCP: Interfaces\{EE9F14F0-C1EB-49B3-89F4-1250719D7D13}\D697177756374703533353 : DHCPNameServer = 192.168.0.1 205.171.3.25
Handler: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - C:\Program Files (x86)\Windows Live\Photo Gallery\AlbumDownloadProtocolHandler.dll
Notify: SDWinLogon - SDWinLogon.dll
AppInit_DLLs= c:\progra~2\searchqu toolbar\datamngr\datamngr.dll c:\progra~2\searchqu toolbar\datamngr\iebho.dll c:\progra~2\optimizer pro\optprocrash.dll
SSODL: WebCheck - <orphaned>
x64-BHO: MRI_DISABLED - <orphaned>
x64-BHO: SuperLyrics-15: {11111111-1111-1111-1111-110411391112} - LocalServer32 - <no file>
x64-BHO: Linksicle: {2AD2D8CA-D24D-40D2-A8FC-46952409BA9A} - C:\Program Files\Linksicle\IE\LinksicleClientIE.dll
x64-BHO: Java(tm) Plug-In SSV Helper: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre7\bin\ssv.dll
x64-BHO: Java(tm) Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre7\bin\jp2ssv.dll
.
INFO: x64-HKLM has more than 50 listed domains.
If you wish to scan all of them, select the 'Force scan all domains' option.
.
x64-Handler: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - <orphaned>
x64-SSODL: WebCheck - <orphaned>
Hosts: 127.0.0.1 www.spywareinfo.com
.
================= FIREFOX ===================
.
FF - ProfilePath - C:\Users\Richard\AppData\Roaming\Mozilla\Firefox\Profiles\3s6870wh.default\
FF - prefs.js: browser.search.defaulturl - hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT3289663&CUI=UN59772810236617435&UM=2&SearchSource=3& q={searchTerms}
FF - prefs.js: browser.search.selectedEngine - InternetHelper3.1 Customized Web Search
FF - prefs.js: browser.startup.homepage - bing.com
FF - prefs.js: keyword.URL - hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT3289663&SearchSource=2&CUI=UN59772810236617435&UM=2& q=
FF - plugin: C:\PROGRA~2\MICROS~1\Office14\NPSPWRAP.DLL
FF - plugin: C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll
FF - plugin: C:\Program Files (x86)\Google\Update\1.3.21.135\npGoogleUpdate3.dll
FF - plugin: C:\Program Files (x86)\Java\jre7\bin\dtplugin\npdeployJava1.dll
FF - plugin: C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll
FF - plugin: c:\Program Files (x86)\Microsoft Silverlight\5.1.20913.0\npctrlui.dll
FF - plugin: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll
FF - plugin: C:\Windows\System32\Wat\npWatWeb.dll
FF - plugin: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_9_900_117.dll
FF - ExtSQL: 2013-10-04 09:15; firefox@linkswift.co; C:\Users\Richard\AppData\Roaming\Mozilla\Firefox\Profiles\3s6870wh.default\ extensions\firefox@linkswift.co.xpi
FF - ExtSQL: 2013-10-08 21:00; ugnraew@jqhljqmpngx.net; C:\Users\Richard\AppData\Roaming\Mozilla\Firefox\Profiles\3s6870wh.default\ extensions\ugnraew@jqhljqmpngx.net
FF - ExtSQL: 2013-10-11 09:50; {07cbf788-1359-421b-a4e3-5a8d041b90a3}; C:\Users\Richard\AppData\Roaming\Mozilla\Firefox\Profiles\3s6870wh.default\ extensions\{07cbf788-1359-421b-a4e3-5a8d041b90a3}
FF - ExtSQL: 2013-10-15 09:43; 9acfc440-ac2d-417a-a64c-f6f14653b712...29bdcc28c5.com; C:\Users\Richard\AppData\Roaming\Mozilla\Firefox\Profiles\3s6870wh.default\ extensions\9acfc440-ac2d-417a-a64c-f6f14653b712@09f9a966-9258-4b12-af32-da29bdcc28c5.com
FF - ExtSQL: 2013-10-15 09:43; {7f3f960e-a836-45ca-8911-0accb522246e}; C:\Users\Richard\AppData\Roaming\Mozilla\Firefox\Profiles\3s6870wh.default\ extensions\{7f3f960e-a836-45ca-8911-0accb522246e}
FF - ExtSQL: 2013-10-19 10:08; addon@defaulttab.com; C:\Users\Richard\AppData\Roaming\Mozilla\Firefox\Profiles\3s6870wh.default\ extensions\addon@defaulttab.com.xpi
FF - ExtSQL: 2013-10-19 10:09; {906000a4-88d9-4d52-b209-7a772970d91f}; C:\Users\Richard\AppData\Roaming\Mozilla\Firefox\Profiles\3s6870wh.default\ extensions\{906000a4-88d9-4d52-b209-7a772970d91f}
.
---- FIREFOX POLICIES ----
FF - user.js: general.useragent.extra.brc -
.
============= SERVICES / DRIVERS ===============
.
R0 amd_sata;amd_sata;C:\Windows\System32\drivers\amd_sata.sys [2011-3-14 75904]
R0 amd_xata;amd_xata;C:\Windows\System32\drivers\amd_xata.sys [2011-3-14 38016]
R0 PCTCore;PCTools KDS;C:\Windows\System32\drivers\PCTCore64.sys [2011-5-27 413448]
R0 pctDS;PC Tools Data Store;C:\Windows\System32\drivers\pctDS64.sys [2011-5-27 453896]
R0 pctEFA;PC Tools Extended File Attributes;C:\Windows\System32\drivers\pctEFA64.sys [2011-5-27 1096176]
R0 SymDS;Symantec Data Store;C:\Windows\System32\drivers\NISx64\1404000.028\symds64.sys [2013-6-9 493656]
R0 SymEFA;Symantec Extended File Attributes;C:\Windows\System32\drivers\NISx64\1404000.028\symefa64.sys [2013-6-9 1139800]
R0 TfFsMon;TfFsMon;C:\Windows\System32\drivers\TfFsMon.sys [2013-2-3 66344]
R0 TfSysMon;TfSysMon;C:\Windows\System32\drivers\TfSysMon.sys [2013-2-3 709552]
R1 BHDrvx64;BHDrvx64;C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_20.3.1.22\Definitions\BASHDefs\20131002.001\BHDrvx64.sys [2013-10-1 1525848]
R1 ccSet_MCLIENT;Norton Management Settings Manager;C:\Windows\System32\drivers\MCLIENTx64\0302020.00C\ccsetx64.sys [2013-8-22 168096]
R1 ccSet_NIS;Norton Internet Security Settings Manager;C:\Windows\System32\drivers\NISx64\1404000.028\ccsetx64.sys [2013-6-9 169048]
R1 IDSVia64;IDSVia64;C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_20.3.1.22\Definitions\IPSDefs\20131022.001\IDSviA64.sys [2013-10-22 521816]
R1 lsnfd;lsnfd;C:\Windows\System32\drivers\lsnfd.sys [2013-10-2 58192]
R1 pctgntdi;pctgntdi;C:\Windows\System32\drivers\pctgntdi64.sys [2011-5-27 347016]
R1 pctNdisLW64;PC Tools NDIS 6 LightWeight filter;C:\Windows\System32\drivers\pctNdisLW64.sys [2011-12-6 76952]
R1 PCTSD;PC Tools Spyware Doctor Driver;C:\Windows\System32\drivers\PCTSD64.sys [2011-5-27 253256]
R1 SymIRON;Symantec Iron Driver;C:\Windows\System32\drivers\NISx64\1404000.028\ironx64.sys [2013-6-9 224416]
R1 SymNetS;Symantec Network Security WFP Driver;C:\Windows\System32\drivers\NISx64\1404000.028\symnets.sys [2013-6-9 433752]
R2 AMD External Events Utility;AMD External Events Utility;C:\Windows\System32\atiesrxx.exe [2011-3-14 203264]
R2 AODDriver4.01;AODDriver4.01;C:\Program Files\ATI Technologies\ATI.ACE\Fuel\amd64\aoddriver2.sys [2011-6-24 55424]
R2 cvhsvc;Client Virtualization Handler;C:\Program Files (x86)\Common Files\microsoft shared\Virtualization Handler\CVHSVC.EXE [2013-4-22 822504]
R2 DefaultTabUpdate;DefaultTabUpdate;C:\Users\Richard\AppData\Roaming\defaultt ab\defaulttab\dtupdate.exe [2013-10-19 107520]
R2 FastFreeConverterUpdt;FastFreeConverterUpdt;C:\Program Files (x86)\Fast Free Converter\FastFreeConverterUpdt.exe [2013-5-22 687104]
R2 lssvc;Linksicle Client Service;C:\Program Files (x86)\Linksicle\Service\lssvc.exe [2013-10-2 272936]
R2 MCLIENT;Norton Management;C:\Program Files (x86)\Norton Management\Engine\3.2.2.12\ccsvchst.exe [2013-8-22 143928]
R2 MSSQL$ACCUCHEK360;SQL Server (ACCUCHEK360);C:\Program Files (x86)\Microsoft SQL Server\MSSQL.1\MSSQL\Binn\sqlservr.exe [2010-12-10 29293408]
R2 NIS;Norton Internet Security;C:\Program Files (x86)\Norton Internet Security\Engine\20.4.0.40\ccsvchst.exe [2013-6-9 144368]
R2 ntk_PowerDVD;ntk_PowerDVD;C:\Program Files (x86)\CyberLink\PowerDVD11\Kernel\DMP\ntk_PowerDVD_64.sys [2011-6-4 75248]
R2 PCPitstop Realtime;PCPitstop Realtime;C:\Program Files (x86)\PCPitstop\SuperShield\PCPitstopRTService.exe [2013-9-17 3866736]
R2 PCPitstop Scheduling;PCPitstop Scheduling;C:\Program Files (x86)\PCPitstop\PCPitstopScheduleService.exe [2013-5-31 86216]
R2 PCToolsSSDMonitorSvc;PC Tools Startup and Shutdown Monitor service;C:\Program Files (x86)\Common Files\PC Tools\sMonitor\StartManSvc.exe [2011-5-27 794272]
R2 sbapifs;sbapifs;C:\Windows\System32\drivers\sbapifs.sys [2013-10-14 82872]
R2 sftlist;Application Virtualization Client;C:\Program Files (x86)\Microsoft Application Virtualization Client\sftlist.exe [2013-6-26 523944]
R3 amdiox64;AMD IO Driver;C:\Windows\System32\drivers\amdiox64.sys [2011-6-4 46136]
R3 EraserUtilRebootDrv;EraserUtilRebootDrv;C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys [2013-8-26 140376]
R3 netr28x;Ralink 802.11n Extensible Wireless Driver;C:\Windows\System32\drivers\netr28x.sys [2013-2-3 1813056]
R3 RTL8167;Realtek 8167 NT Driver;C:\Windows\System32\drivers\Rt64win7.sys [2013-2-3 726160]
R3 Sftfs;Sftfs;C:\Windows\System32\drivers\Sftfslh.sys [2013-6-26 767144]
R3 Sftplay;Sftplay;C:\Windows\System32\drivers\Sftplaylh.sys [2013-6-26 273576]
R3 Sftredir;Sftredir;C:\Windows\System32\drivers\Sftredirlh.sys [2013-6-26 28840]
R3 Sftvol;Sftvol;C:\Windows\System32\drivers\Sftvollh.sys [2013-6-26 23208]
R3 sftvsa;Application Virtualization Service Agent;C:\Program Files (x86)\Microsoft Application Virtualization Client\sftvsa.exe [2013-6-26 207528]
R3 usbfilter;AMD USB Filter Driver;C:\Windows\System32\drivers\usbfilter.sys [2011-3-14 38456]
S2 70e6ca8c;Optimizer Pro Crash Monitor;"c:\progra~2\optimizer pro\optprocrash.exe" --> c:\progra~2\optimizer pro\optprocrash.exe [?]
S2 Browser Defender Update Service;Browser Defender Update Service;"C:\Program Files (x86)\PC Tools Security\BDT\BDTUpdateService.exe" --> C:\Program Files (x86)\PC Tools Security\BDT\BDTUpdateService.exe [?]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]
S2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-3-18 138576]
S2 DefaultTabSearch;DefaultTabSearch;C:\Program Files (x86)\DefaultTab\DefaultTabSearch.exe [2013-10-7 573952]
S2 WajamUpdaterV2;WajamUpdaterV2;"C:\Program Files (x86)\Wajam\Updater\WajamUpdaterV2.exe" --> C:\Program Files (x86)\Wajam\Updater\WajamUpdaterV2.exe [?]
S3 AMD FUEL Service;AMD FUEL Service;C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe [2011-10-13 361984]
S3 AtiHDAudioService;AMD Function Driver for HD Audio Service;C:\Windows\System32\drivers\AtihdW76.sys [2013-4-9 96256]
S3 CLHNServiceForPowerDVD;CLHNServiceForPowerDVD;C:\Program Files (x86)\CyberLink\PowerDVD11\Kernel\DMP\CLHNServiceForPowerDVD.exe [2011-6-4 83240]
S3 CyberLink PowerDVD 11.0 Monitor Service;CyberLink PowerDVD 11.0 Monitor Service;C:\Program Files (x86)\CyberLink\PowerDVD11\Common\MediaServer\CLMSMonitorService.exe [2011-6-4 70952]
S3 CyberLink PowerDVD 11.0 Service;CyberLink PowerDVD 11.0 Service;C:\Program Files (x86)\CyberLink\PowerDVD11\Common\MediaServer\CLMSServer.exe [2011-6-4 312616]
S3 DMDefragService;PC Tools Performance Toolkit Defrag Service;C:\Program Files (x86)\PC Tools Utilities\Tools\Defrag\DMDefragSrv.exe [2011-5-27 1147040]
S3 DMRepairService;PC Tools Performance Toolkit Repair Service;C:\Program Files (x86)\PC Tools Utilities\Tools\Repair\DMRepairSrv.exe [2011-5-27 1134240]
S3 gfiark;gfiark;C:\Windows\System32\drivers\gfiark.sys [2013-5-16 39504]
S3 HP Support Assistant Service;HP Support Assistant Service;C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\HPSA_Service.exe [2011-9-9 86072]
S3 HPClientSvc;HP Client Services;C:\Program Files\Hewlett-Packard\HP Client Services\HPClientServices.exe [2010-8-5 291896]
S3 iWinTrusted;iWinTrusted;C:\Program Files (x86)\iWin Games\iWinTrusted.exe [2011-4-8 176848]
S3 PCTBD;PC Tools Browser Defender Driver;C:\Windows\System32\drivers\PCTBD64.sys [2011-12-6 77144]
S3 PCTDMDefrag;PCTDMDefrag;C:\Windows\System32\drivers\PCTDMDefrag.sys [2011-5-27 162328]
S3 PCTDSMon;PCTDSMon;C:\Windows\System32\drivers\PCTDSMon.sys [2011-5-27 189880]
S3 PCTFW-PacketFilter;PCTools Firewall - Packet filter driver;C:\Windows\System32\drivers\pctNdis-PacketFilter64.sys [2011-5-27 125024]
S3 pctplfw;pctplfw;C:\Windows\System32\drivers\pctplfw64.sys [2011-5-27 182728]
S3 pctplsg;pctplsg;C:\Windows\System32\drivers\pctplsg64.sys [2011-5-27 93600]
S3 pctplsm;pctplsm;C:\Windows\System32\drivers\pctplsm64.sys [2013-2-3 87968]
S3 pdfcDispatcher;PDF Document Manager;C:\Program Files (x86)\PDF Complete\pdfsvc.exe [2011-3-14 1128952]
S3 RdpVideoMiniport;Remote Desktop Video Miniport Driver;C:\Windows\System32\drivers\rdpvideominiport.sys [2011-6-9 20992]
S3 RtkAudioService;Realtek Audio Service;C:\Program Files\Realtek\Audio\HDA\RtkAudioService64.exe [2013-8-26 246488]
S3 sdAuxService;PC Tools Auxiliary Service;C:\Program Files (x86)\PC Tools Security\pctsAuxs.exe --> C:\Program Files (x86)\PC Tools Security\pctsAuxs.exe [?]
S3 sdCoreService;PC Tools Security Service;C:\Program Files (x86)\PC Tools Security\pctsSvc.exe --> C:\Program Files (x86)\PC Tools Security\pctsSvc.exe [?]
S3 SDScannerService;Spybot-S&D 2 Scanner Service;C:\Program Files (x86)\Spybot - Search & Destroy 2\SDFSSvc.exe [2013-8-27 1817560]
S3 SDUpdateService;Spybot-S&D 2 Updating Service;C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdSvc.exe [2013-8-27 1033688]
S3 SDWSCService;Spybot-S&D 2 Security Center Service;C:\Program Files (x86)\Spybot - Search & Destroy 2\SDWSCSvc.exe [2013-8-27 171928]
S3 TfNetMon;TfNetMon;C:\Windows\System32\drivers\TfNetMon.sys [2013-2-3 42648]
S3 ThreatFire;ThreatFire;C:\Program Files (x86)\PC Tools Security\TFEngine\TFService.exe service --> C:\Program Files (x86)\PC Tools Security\TFEngine\TFService.exe service [?]
S3 TsUsbFlt;TsUsbFlt;C:\Windows\System32\drivers\TsUsbFlt.sys [2011-6-9 59392]
S3 Update LinkSwift;Update LinkSwift;C:\Program Files (x86)\LinkSwift\updateLinkSwift.exe [2013-10-4 65312]
S3 Util LinkSwift;Util LinkSwift;C:\Program Files (x86)\LinkSwift\bin\utilLinkSwift.exe [2013-10-11 65312]
S3 WatAdminSvc;Windows Activation Technologies Service;C:\Windows\System32\Wat\WatAdminSvc.exe [2011-5-28 1255736]
S4 wlcrasvc;Windows Live Mesh remote connections service;C:\Program Files\Windows Live\Mesh\wlcrasvc.exe [2010-9-22 57184]
.
=============== File Associations ===============
.
ShellExec: Opera.exe: open="C:\Program Files (x86)\Opera\Launcher.exe" "%1"
.
=============== Created Last 30 ================
.
2013-10-22 18:21:32 -------- d-----w- C:\Users\Richard\AppData\Roaming\Safer Networking
2013-10-22 18:18:24 -------- d-----w- C:\Program Files (x86)\Safer Networking
2013-10-19 17:09:37 -------- d-----w- C:\Program Files (x86)\File Type Helper
2013-10-19 17:09:33 -------- d-----w- C:\Program Files (x86)\Fast Free Converter
2013-10-19 17:09:07 -------- d-----w- C:\Program Files (x86)\DefaultTab
2013-10-19 17:08:57 -------- d-----w- C:\Users\Richard\AppData\Roaming\defaulttab
2013-10-19 17:07:55 -------- d-----w- C:\Program Files (x86)\Flash Player Pro
2013-10-19 17:02:45 -------- d-----w- C:\Program Files\Linksicle
2013-10-19 17:02:39 -------- d-----w- C:\Program Files (x86)\Linksicle
2013-10-17 20:50:46 108968 ----a-w- C:\Windows\System32\WindowsAccessBridge-64.dll
2013-10-17 20:49:18 96168 ----a-w- C:\Windows\SysWow64\WindowsAccessBridge-32.dll
2013-10-15 19:22:30 -------- d-----w- C:\e9069e3fe157a6b02f69
2013-10-15 19:03:47 -------- d-----w- C:\Users\Richard\AppData\Roaming\NewspaperDirect
2013-10-15 17:03:26 -------- d-----w- C:\Program Files\Uninstaller
2013-10-14 23:54:06 82872 ----a-w- C:\Windows\System32\drivers\sbapifs.sys
2013-10-12 15:12:14 -------- d-----w- C:\Users\Richard\AppData\Local\HuluDesktop
2013-10-11 16:50:38 -------- d-----w- C:\Program Files (x86)\Conduit
2013-10-11 16:50:35 -------- d-----w- C:\ProgramData\Conduit
2013-10-11 16:50:34 -------- d-----w- C:\Program Files (x86)\InternetHelper3.1
2013-10-10 09:29:26 633856 ----a-w- C:\Windows\System32\comctl32.dll
2013-10-10 09:28:59 5549504 ----a-w- C:\Windows\System32\ntoskrnl.exe
2013-10-10 00:33:02 -------- d-----w- C:\Users\Richard\AppData\Local\Real
2013-10-10 00:28:29 -------- d-----w- C:\Program Files (x86)\LinkSwift
2013-10-10 00:26:06 -------- d-----w- C:\Users\Richard\AppData\Local\WordLayers
2013-10-09 02:35:16 -------- d-----w- C:\ProgramData\34BE82C4-E596-4e99-A191-52C6199EBF69
2013-10-09 02:35:16 -------- d-----w- C:\Program Files\iPod
2013-10-09 02:35:15 -------- d-----w- C:\Program Files\iTunes
2013-10-02 21:14:52 58192 ----a-w- C:\Windows\System32\drivers\lsnfd.sys
2013-09-27 21:28:40 428408 ----a-w- C:\Windows\System32\G-Force.scr
2013-09-27 21:28:08 284536 ----a-w- C:\Program Files\Windows Media Player\Visualizations\G-Force_WMP.x64.dll
2013-09-27 21:27:48 257912 ----a-w- C:\Program Files (x86)\Windows Media Player\Visualizations\G-Force_WMP.dll
.
==================== Find3M ====================
.
2013-10-15 16:42:13 773712 ----a-w- C:\Windows\SysWow64\msvcr100.dll
2013-10-15 16:42:13 420944 ----a-w- C:\Windows\SysWow64\msvcp100.dll
2013-10-09 14:29:29 71048 ----a-w- C:\Windows\SysWow64\FlashPlayerCPLApp.cpl
2013-10-09 14:29:29 692616 ----a-w- C:\Windows\SysWow64\FlashPlayerApp.exe
2013-09-22 23:28:06 1767936 ----a-w- C:\Windows\SysWow64\wininet.dll
2013-09-22 23:27:49 2876928 ----a-w- C:\Windows\SysWow64\jscript9.dll
2013-09-22 23:27:48 61440 ----a-w- C:\Windows\SysWow64\iesetup.dll
2013-09-22 23:27:48 109056 ----a-w- C:\Windows\SysWow64\iesysprep.dll
2013-09-22 22:55:10 2241024 ----a-w- C:\Windows\System32\wininet.dll
2013-09-22 22:54:51 3959296 ----a-w- C:\Windows\System32\jscript9.dll
2013-09-22 22:54:50 67072 ----a-w- C:\Windows\System32\iesetup.dll
2013-09-22 22:54:50 136704 ----a-w- C:\Windows\System32\iesysprep.dll
2013-09-21 03:38:39 2706432 ----a-w- C:\Windows\System32\mshtml.tlb
2013-09-21 03:30:24 2706432 ----a-w- C:\Windows\SysWow64\mshtml.tlb
2013-09-21 02:48:36 89600 ----a-w- C:\Windows\System32\RegisterIEPKEYs.exe
2013-09-21 02:39:47 71680 ----a-w- C:\Windows\SysWow64\RegisterIEPKEYs.exe
2013-09-14 01:10:19 497152 ----a-w- C:\Windows\System32\drivers\afd.sys
2013-09-08 02:30:37 1903552 ----a-w- C:\Windows\System32\drivers\tcpip.sys
2013-09-08 02:27:14 327168 ----a-w- C:\Windows\System32\mswsock.dll
2013-09-08 02:03:58 231424 ----a-w- C:\Windows\SysWow64\mswsock.dll
2013-08-29 02:16:35 1732032 ----a-w- C:\Windows\System32\ntdll.dll
2013-08-29 02:16:28 243712 ----a-w- C:\Windows\System32\wow64.dll
2013-08-29 02:16:14 859648 ----a-w- C:\Windows\System32\tdh.dll
2013-08-29 02:13:28 878080 ----a-w- C:\Windows\System32\advapi32.dll
2013-08-29 01:51:45 3969472 ----a-w- C:\Windows\SysWow64\ntkrnlpa.exe
2013-08-29 01:51:45 3914176 ----a-w- C:\Windows\SysWow64\ntoskrnl.exe
2013-08-29 01:50:31 5120 ----a-w- C:\Windows\SysWow64\wow32.dll
2013-08-29 01:50:30 1292192 ----a-w- C:\Windows\SysWow64\ntdll.dll
2013-08-29 01:50:16 619520 ----a-w- C:\Windows\SysWow64\tdh.dll
2013-08-29 01:48:17 640512 ----a-w- C:\Windows\SysWow64\advapi32.dll
2013-08-29 01:48:15 44032 ----a-w- C:\Windows\apppatch\acwow64.dll
2013-08-29 00:49:53 25600 ----a-w- C:\Windows\SysWow64\setup16.exe
2013-08-29 00:49:52 7680 ----a-w- C:\Windows\SysWow64\instnm.exe
2013-08-29 00:49:52 14336 ----a-w- C:\Windows\SysWow64\ntvdm64.dll
2013-08-29 00:49:49 2048 ----a-w- C:\Windows\SysWow64\user.exe
2013-08-28 01:21:06 3155968 ----a-w- C:\Windows\System32\win32k.sys
2013-08-28 01:12:33 461312 ----a-w- C:\Windows\System32\scavengeui.dll
2013-08-05 02:25:45 155584 ----a-w- C:\Windows\System32\drivers\ataport.sys
2013-08-02 02:14:57 215040 ----a-w- C:\Windows\System32\winsrv.dll
2013-08-02 02:13:34 424448 ----a-w- C:\Windows\System32\KernelBase.dll
2013-08-02 01:50:42 274944 ----a-w- C:\Windows\SysWow64\KernelBase.dll
2013-08-02 01:09:17 338432 ----a-w- C:\Windows\System32\conhost.exe
2013-08-02 00:59:09 112640 ----a-w- C:\Windows\System32\smss.exe
2013-08-02 00:43:05 6144 ---ha-w- C:\Windows\SysWow64\api-ms-win-security-base-l1-1-0.dll
2013-08-02 00:43:05 4608 ---ha-w- C:\Windows\SysWow64\api-ms-win-core-threadpool-l1-1-0.dll
2013-08-02 00:43:05 3584 ---ha-w- C:\Windows\SysWow64\api-ms-win-core-xstate-l1-1-0.dll
2013-08-02 00:43:05 3072 ---ha-w- C:\Windows\SysWow64\api-ms-win-core-util-l1-1-0.dll
2013-08-01 12:09:36 983488 ----a-w- C:\Windows\System32\drivers\dxgkrnl.sys
.
============= FINISH: 9:42:41.50 ===============

attach.txt file:
.
UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.
IF REQUESTED, ZIP IT UP & ATTACH IT
.
DDS (Ver_2012-11-20.01)
.
Microsoft Windows 7 Ultimate
Boot Device: \Device\HarddiskVolume1
Install Date: 5/26/2011 5:09:09 PM
System Uptime: 10/23/2013 9:10:55 AM (0 hours ago)
.
Motherboard: FOXCONN | | 2AB1
Processor: AMD Phenom(tm) II X4 840T Processor | CPU 1 | 2175/200mhz
.
==== Disk Partitions =========================
.
C: is FIXED (NTFS) - 918 GiB total, 747.026 GiB free.
D: is FIXED (NTFS) - 13 GiB total, 1.651 GiB free.
E: is CDROM ()
G: is Removable
H: is Removable
I: is Removable
J: is FIXED (NTFS) - 932 GiB total, 0.007 GiB free.
K: is Removable
.
==== Disabled Device Manager Items =============
.
Class GUID: {8ECC055D-047F-11D1-A537-0000F8753ED1}
Description: PC Tools Data Store
Device ID: ROOT\LEGACY_PCTDS\0000
Manufacturer:
Name: PC Tools Data Store
PNP Device ID: ROOT\LEGACY_PCTDS\0000
Service: pctDS
.
==== System Restore Points ===================
.
RP717: 10/17/2013 1:47:23 PM - PC Pitstop Restore Point
RP718: 10/17/2013 8:23:58 PM - Windows Update
RP719: 10/19/2013 6:03:21 AM - RegCure Pro Backup
RP720: 10/19/2013 12:29:41 PM - S
RP721: 10/19/2013 2:18:05 PM - RegCure Pro Backup
RP722: 10/19/2013 3:16:42 PM - RegCure Pro Backup
RP723: 10/19/2013 5:12:40 PM - RegCure Pro Backup
RP724: 10/20/2013 9:58:55 AM - RegCure Pro Backup
RP725: 10/20/2013 7:00:43 PM - Windows Backup
.
==== Installed Programs ======================
.
Update for Microsoft Office 2007 (KB2508958)
Adobe AIR
Adobe Flash Player 11 ActiveX
Adobe Flash Player 11 Plugin
AI RoboForm (All Users)
Amazing Adventures Riddle of the Two Knights ™
Amazing Adventures: Around the World
Amazing Adventures: The Caribbean Secret
Amazing Adventures: The Forgotten Dynasty
Amazing Adventures: The Lost Tomb
AMD APP SDK Runtime
AMD Catalyst Install Manager
AMD Fuel
AMD Problem Report Wizard
AMD VISION Engine Control Center
Apple Application Support
Apple Software Update
AudibleManager
Awakening: Moonfell Wood
Awakening: The Dreamless Castle
Awakening: The Goblin Kingdom Collector's Edition
Awakening: The Skyward Castle Collector's Edition
Azada &reg;
Azkend
Azkend 2: The World Beneath
Baldur's Gate
Bejeweled 2 Deluxe
Bejeweled 3
Big Fish Games Texas Hold'Em
Big Fish Games: Game Manager
Blio
Borland Data Engine
Catalyst Control Center - Branding
Catalyst Control Center Graphics Previews Common
Catalyst Control Center InstallProxy
Catalyst Control Center Localization All
ccc-utility64
CCC Help Chinese Standard
CCC Help Chinese Traditional
CCC Help Czech
CCC Help Danish
CCC Help Dutch
CCC Help English
CCC Help Finnish
CCC Help French
CCC Help German
CCC Help Greek
CCC Help Hungarian
CCC Help Italian
CCC Help Japanese
CCC Help Korean
CCC Help Norwegian
CCC Help Polish
CCC Help Portuguese
CCC Help Russian
CCC Help Spanish
CCC Help Swedish
CCC Help Thai
CCC Help Turkish
CodeBlocks
CyberLink PowerDVD 11
D3DX10
Dark Tales: Edgar Allan Poe's The Gold Bug
Dark Tales: Edgar Allan Poe's The Premature Burial
Dark Tales: Edgar Allan Poe`s Murders in the Rue Morgue
Dark Tales: ™ Edgar Allan Poe's The Black Cat
DefaultTab
DMUninstaller
Dracula Origin
Drawn&reg;: The Painted Tower ™
Drawn: Dark Flight &reg;
Dream Chronicles
Dream Chronicles ™ 2: The Eternal Maze
Dream Chronicles: The Book of Air
Dream Chronicles: The Book of Water
Dream Chronicles: The Chosen Child
DVD-CLONER V5.40 Build 971
DVD Menu Pack for HP MediaSmart Video
Echoes of the Past: Royal House of Stone
Echoes of the Past: The Castle of Shadows Collector's Edition
Echoes of the Past: The Citadels of Time Collector's Edition
Echoes of the Past: The Revenge of the Witch Collector's Edition
Enlightenus
Enlightenus II: The Timeless Tower
Escape Rosecliff Island
Escape the Emerald Star
Escape Whisper Valley
Fable - The Lost Chapters
Fabled Legends: The Dark Piper
Fabled Legends: The Dark Piper Collector's Edition
Fast Free Converter
Fear For Sale: Mystery of McInroy Manor
Flash Player Pro V5.4
G-Force
Google Chrome
Google Earth
Google Update Helper
Hallowed Legends: Samhain
Hallowed Legends: Templar
Haunted Halls: Fears from Childhood
Haunted Halls: Green Hills Sanitarium
Haunted Halls: Revenge of Doctor Blackmore
Haunted Legends: The Bronze Horseman
Haunted Legends: The Queen of Spades
Haunted Legends: The Undertaker
Hidden Expedition &reg; - Devil's Triangle
Hidden Expedition &reg;: Amazon
Hidden Expedition &reg;: Everest
Hidden Expedition &reg;: Titanic
Hidden Expedition: The Uncharted Islands
Hidden Mysteries&reg;: The Fateful Voyage - Titanic
House of 1000 Doors: The Palm of Zoroaster Collector's Edition
HP Auto
HP Client Services
HP Customer Experience Enhancements
HP MediaSmart DVD
HP MediaSmart Music
HP MediaSmart Photo
HP MediaSmart SmartMenu
HP MediaSmart Video
HP MediaSmart/TouchSmart Netflix
HP MovieStore
HP Odometer
HP Product Detection
HP Setup
HP Setup Manager
HP Support Assistant
HP Support Information
HP Update
HP Vision Hardware Diagnostics
HydraVision
iCloud
Internet TV for Windows Media Center
InternetHelper3.1 Toolbar for IE
iTunes
Java 7 Update 45
Java 7 Update 45 (64-bit)
Java Auto Updater
Java(TM) 6 Update 24
Jewel Legends: Tree of Life
Journey to the Center of the Earth
Junk Mail filter update
Kobo
LaserTank
Legacy of the Incas
LightScribe System Software
Linksicle
LinkSwift 1.0.0
Liong: The Dragon Dance
Living Legends: Ice Rose
Lost in Time: The Clockwork Tower
Lost Realms: Legacy of the Sun Princess
Luxor 2
Luxor Adventures
Luxor Bundle Pack
Luxor Evolved
Luxor Mahjong
Luxor: Quest for the Afterlife
Mah Jong Quest (remove only)
Mah Jong Quest II
Mah Jong Quest III: Balance of Life
Mahjong Escape Ancient China
Mahjong Escape Ancient Japan
Mahjong Towers Eternity ™
Mahjongg - Ancient Egypt
Mahjongg Artifacts
Mahjongg Artifacts: Chapter 2
Mahjongg: Ancient Mayas
Microsoft .NET Framework 1.1
Microsoft .NET Framework 4 Client Profile
Microsoft .NET Framework 4 Extended
Microsoft Application Error Reporting
Microsoft Easy Assist v2
Microsoft Office 2007 Service Pack 3 (SP3)
Microsoft Office 2010
Microsoft Office Click-to-Run 2010
Microsoft Office Excel MUI (English) 2007
Microsoft Office File Validation Add-In
Microsoft Office Home and Student 2007
Microsoft Office Office 64-bit Components 2007
Microsoft Office OneNote MUI (English) 2007
Microsoft Office PowerPoint MUI (English) 2007
Microsoft Office Proof (English) 2007
Microsoft Office Proof (French) 2007
Microsoft Office Proof (Spanish) 2007
Microsoft Office Proofing (English) 2007
Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
Microsoft Office Shared 64-bit MUI (English) 2007
Microsoft Office Shared 64-bit Setup Metadata MUI (English) 2007
Microsoft Office Shared MUI (English) 2007
Microsoft Office Shared Setup Metadata MUI (English) 2007
Microsoft Office Starter 2010 - English
Microsoft Office Word MUI (English) 2007
Microsoft Silverlight
Microsoft SQL Server 2005
Microsoft SQL Server 2005 Compact Edition [ENU]
Microsoft SQL Server 2005 Express Edition (ACCUCHEK360)
Microsoft SQL Server 2005 Tools Express Edition
Microsoft SQL Server Native Client
Microsoft SQL Server Setup Support Files (English)
Microsoft SQL Server VSS Writer
Microsoft Visual C++ 2005 ATL Update kb973923 - x64 8.0.50727.4053
Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
Microsoft Visual C++ 2005 Redistributable
Microsoft Visual C++ 2005 Redistributable (x64)
Microsoft Visual C++ 2005 Redistributable (x64) - KB2467175
Microsoft Visual C++ 2008 Redistributable - KB2467174 - x64 9.0.30729.5570
Microsoft Visual C++ 2008 Redistributable - KB2467174 - x86 9.0.30729.5570
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
Microsoft Visual C++ 2010 x64 Redistributable - 10.0.30319
Microsoft Visual C++ 2010 x86 Redistributable - 10.0.30319
Microsoft WSE 3.0 Runtime
Midnight Mysteries: Devil on the Mississippi Collector's Edition
Midnight Mysteries: Haunted Houdini Deluxe
Midnight Mysteries: Salem Witch Trials
Midnight Mysteries: The Edgar Allan Poe Conspiracy
Movie Theme Pack for HP MediaSmart Video
Mozilla Firefox 24.0 (x86 en-US)
Mozilla Maintenance Service
MSVCRT
MSVCRT_amd64
MSXML 4.0 SP2 (KB954430)
MSXML 4.0 SP2 (KB973688)
Mummy Maze Deluxe
Mystery Case Files &reg;: 13th Skull ™ Collector's Edition
Mystery Case Files &reg;: Dire Grove ™
Mystery Case Files&reg;: Escape from Ravenhearst™ Collector's Edition
Mystery Case Files: Huntsville ™
Mystery Case Files: Madame Fate &reg;
Mystery Case Files: Prime Suspects ™
Mystery Case Files: Ravenhearst &reg;
Mystery Case Files: Return to Ravenhearst ™
Mystery Case Files: Return to Ravenhearst Original Soundtrack ™
Mystery Chronicles: Betrayals of Love
Mystery Chronicles: Murder Among Friends
Mystery Legends: Sleepy Hollow
Mystery Trackers: Black Isle Collector's Edition
Mystery Trackers: Raincliff Collector's Edition
Mystery Trackers: The Four Aces
Mystery Trackers: The Void Collector's Edition
Next Generation Visualisations
Norton Internet Security
Norton Management
NVIDIA PhysX v8.10.13
Oblivion
Octoshape add-in for Adobe Flash Player
Omron Health Management Software
Opera 12.16
Opera Stable 17.0.1241.45
Orbz
Outlook 2010 Toolbar
ParetoLogic Privacy Controls
PC Matic 1.1.0.50
PC Pitstop Info Center 1.0.0.16
PC Pitstop SuperShield 1.0.0.38
PDF Complete Special Edition
Peggle Nights
PlayReady PC Runtime amd64
PlayReady PC Runtime x86
PowerDirector
Ralink RT2860 Wireless LAN Card
Realtek High Definition Audio Driver
Recovery Manager
RegAlyzer
RegCure Pro
Ricochet: Infinity
Samantha Swift and the Fountains of Fate
Samantha Swift and the Golden Touch
Samantha Swift and the Hidden Roses of Athena
Samantha Swift: Mystery From Atlantis
Secrets of the Dark: Eclipse Mountain Collector's Edition
Secrets of the Dark: Temple of Night Collector's Edition
Security Update for Microsoft .NET Framework 4 Client Profile (KB2446708)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2478663)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2518870)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2539636)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2572078)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2604121)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2633870)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2656351)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2656368)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2656368v2)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2656405)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2686827)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2729449)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2736428)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2737019)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2742595)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2789642)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2804576)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2835393)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2840628)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2840628v2)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2858302v2)
Security Update for Microsoft .NET Framework 4 Extended (KB2487367)
Security Update for Microsoft .NET Framework 4 Extended (KB2736428)
Security Update for Microsoft .NET Framework 4 Extended (KB2742595)
Security Update for Microsoft .NET Framework 4 Extended (KB2858302v2)
Security Update for Microsoft Office 2007 suites (KB2596744) 32-Bit Edition
Security Update for Microsoft Office 2007 suites (KB2596754) 32-Bit Edition
Security Update for Microsoft Office 2007 suites (KB2596792) 32-Bit Edition
Security Update for Microsoft Office 2007 suites (KB2596825) 32-Bit Edition
Security Update for Microsoft Office 2007 suites (KB2596871) 32-Bit Edition
Security Update for Microsoft Office 2007 suites (KB2597969) 32-Bit Edition
Security Update for Microsoft Office 2007 suites (KB2597973) 32-Bit Edition
Security Update for Microsoft Office 2007 suites (KB2687309) 32-Bit Edition
Security Update for Microsoft Office 2007 suites (KB2760411) 32-Bit Edition
Security Update for Microsoft Office 2007 suites (KB2760585) 32-Bit Edition
Security Update for Microsoft Office 2007 suites (KB2760591) 32-Bit Edition
Security Update for Microsoft Office 2007 suites (KB2827326) 32-Bit Edition
Security Update for Microsoft Office 2007 suites (KB2827329) 32-Bit Edition
Security Update for Microsoft Office Excel 2007 (KB2827324) 32-Bit Edition
Security Update for Microsoft Office InfoPath 2007 (KB2687440) 32-Bit Edition
Security Update for Microsoft Office PowerPoint 2007 (KB2596764) 32-Bit Edition
Security Update for Microsoft Office PowerPoint 2007 (KB2596912) 32-Bit Edition
Security Update for Microsoft Office Word 2007 (KB2827330) 32-Bit Edition
SereneScreen Marine Aquarium 2 + Time
Shadow Wolf Mysteries: Curse of the Full Moon
Shaolin Mystery: Revenge of the Terracotta Warriors
Shaolin Mystery: Tale of the Jade Dragon Staff
Sherlock Holmes and the Hound of the Baskervilles Collector's Edition
Shiver: Vanishing Hitchhiker
ShopAtHome.com Toolbar
SPORE™
Spybot - Search & Destroy
Support Version MJQ
The Lord of the Rings Online™: Shadows of Angmar™ v07.12.30.54
The Lost Cases of Sherlock Holmes
The Treasures Of Montezuma
The Treasures of Montezuma 2
The Treasures of Montezuma 3
Treasure Seekers: Follow the Ghosts
Update for 2007 Microsoft Office System (KB967642)
Update for Microsoft .NET Framework 4 Client Profile (KB2468871)
Update for Microsoft .NET Framework 4 Client Profile (KB2533523)
Update for Microsoft .NET Framework 4 Client Profile (KB2600217)
Update for Microsoft .NET Framework 4 Client Profile (KB2836939)
Update for Microsoft .NET Framework 4 Client Profile (KB2836939v3)
Update for Microsoft .NET Framework 4 Extended (KB2468871)
Update for Microsoft .NET Framework 4 Extended (KB2533523)
Update for Microsoft .NET Framework 4 Extended (KB2600217)
Update for Microsoft .NET Framework 4 Extended (KB2836939v3)
Update for Microsoft Office 2007 Help for Common Features (KB963673)
Update for Microsoft Office 2007 suites (KB2596620) 32-Bit Edition
Update for Microsoft Office 2007 suites (KB2687493) 32-Bit Edition
Update for Microsoft Office 2007 suites (KB2767849) 32-Bit Edition
Update for Microsoft Office 2007 suites (KB2767916) 32-Bit Edition
Update for Microsoft Office Excel 2007 Help (KB963678)
Update for Microsoft Office OneNote 2007 Help (KB963670)
Update for Microsoft Office Powerpoint 2007 Help (KB963669)
Update for Microsoft Office Script Editor Help (KB963671)
Update for Microsoft Office Word 2007 Help (KB963665)
Vacation Quest: Australia
Vacation Quest: The Hawaiian Islands
Venice Mystery
Victorian Mysteries: Woman in White
Windows 7 Upgrade Advisor
Windows Driver Package - Advanced Micro Devices (AtiHDAudioService) MEDIA (05/11/2012 7.12.0.7708)
Windows Driver Package - Ralink Technology, Corp. (netr28x) Net (11/14/2011 3.02.07.0000)
Windows Driver Package - Realtek (RTL8167) Net (06/12/2012 7.061.0612.2012)
Windows Driver Package - Realtek Semiconductor Corp. HD Audio Driver (03/29/2013 6.0.1.6873)
Windows Driver Package - Realtek Semiconductor Corp. HD Audio Driver (06/19/2012 6.0.1.6662)
Windows Driver Package - Realtek Semiconductor Corp. HD Audio Driver (07/16/2013 6.0.1.6971)
Windows Live Communications Platform
Windows Live Essentials
Windows Live ID Sign-in Assistant
Windows Live Installer
Windows Live Language Selector
Windows Live Mail
Windows Live Messenger
Windows Live MIME IFilter
Windows Live Movie Maker
Windows Live Photo Common
Windows Live Photo Gallery
Windows Live PIMT Platform
Windows Live Remote Service
Windows Live SOXE
Windows Live SOXE Definitions
Windows Live UX Platform
Windows Live UX Platform Language Pack
Windows Live Writer
Windows Live Writer Resources
Windows Mobile Device Updater Component
Windows XP Mode
Witch Hunters: Stolen Beauty
Word Layers
Zuma Deluxe
Zune
Zune Language Pack (CHS)
Zune Language Pack (CHT)
Zune Language Pack (CSY)
Zune Language Pack (DAN)
Zune Language Pack (DEU)
Zune Language Pack (ELL)
Zune Language Pack (ESP)
Zune Language Pack (FIN)
Zune Language Pack (FRA)
Zune Language Pack (HUN)
Zune Language Pack (IND)
Zune Language Pack (ITA)
Zune Language Pack (JPN)
Zune Language Pack (KOR)
Zune Language Pack (MSL)
Zune Language Pack (NLD)
Zune Language Pack (NOR)
Zune Language Pack (PLK)
Zune Language Pack (PTB)
Zune Language Pack (PTG)
Zune Language Pack (RUS)
Zune Language Pack (SVE)
.
==== Event Viewer Messages From Past Week ========
.
10/23/2013 9:12:37 AM, Error: Service Control Manager [7034] - The DefaultTabSearch service terminated unexpectedly. It has done this 1 time(s).
10/23/2013 9:12:18 AM, Error: Service Control Manager [7000] - The WajamUpdaterV2 service failed to start due to the following error: The system cannot find the file specified.
10/20/2013 10:07:02 AM, Error: Service Control Manager [7032] - The Service Control Manager tried to take a corrective action (Restart the service) after the unexpected termination of the Windows Search service, but this action failed with the following error: An instance of the service is already running.
10/20/2013 10:06:28 AM, Error: Service Control Manager [7031] - The Windows Search service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 30000 milliseconds: Restart the service.
10/20/2013 10:06:28 AM, Error: Service Control Manager [7024] - The Windows Search service terminated with service-specific error %%-1073473535.
10/19/2013 12:23:14 PM, Error: Service Control Manager [7034] - The WajamUpdaterV2 service terminated unexpectedly. It has done this 1 time(s).
10/19/2013 10:09:35 AM, Error: Service Control Manager [7030] - The FastFreeConverterUpdt service is marked as an interactive service. However, the system is configured to not allow interactive services. This service may not function properly.
10/19/2013 10:09:09 AM, Error: Service Control Manager [7030] - The DefaultTabSearch service is marked as an interactive service. However, the system is configured to not allow interactive services. This service may not function properly.
10/18/2013 7:15:58 AM, Error: Service Control Manager [7011] - A timeout (30000 milliseconds) was reached while waiting for a transaction response from the MCLIENT service.
10/16/2013 9:37:16 PM, Error: Microsoft-Windows-WindowsUpdateClient [20] - Installation Failure: Windows failed to install the following update with error 0x80070002: Security Update for Microsoft .NET Framework 4 on XP, Server 2003, Vista, Windows 7, Server 2008, Server 2008 R2 for x64 (KB2736428).
10/16/2013 9:37:15 PM, Error: Microsoft-Windows-WindowsUpdateClient [20] - Installation Failure: Windows failed to install the following update with error 0x80070002: Security Update for Microsoft .NET Framework 4 on Windows XP, Windows Server 2003, Windows Vista, Windows 7, Windows Server 2008, Windows Server 2008 R2 for x64-based Systems (KB2487367).
10/16/2013 9:07:59 PM, Error: Disk [11] - The driver detected a controller error on \Device\Harddisk1\DR1.
.
==== End Of File ===========================

ark.txt file:

GMER 2.1.19163 - http://www.gmer.net
Rootkit scan 2013-10-23 13:04:25
Windows 6.1.7601 Service Pack 1 x64 \Device\Harddisk0\DR0 -> \Device\0000007b ST310005 rev.HP35 931.51GB
Running: qrdc24n8.exe; Driver: C:\Users\Richard\AppData\Local\Temp\ufliikow.sys


---- Kernel code sections - GMER 2.1 ----

INITKDBG C:\Windows\system32\ntoskrnl.exe!ExDeleteNPagedLookasideList + 630 fffff80003fb4066 48 bytes [65, 48, 8B, 1C, 25, 88, 01, ...]
INITKDBG C:\Windows\system32\ntoskrnl.exe!ExDeleteNPagedLookasideList + 680 fffff80003fb4098 27 bytes [48, 8B, 8C, 24, E8, 00, 00, ...]

---- User code sections - GMER 2.1 ----

.text C:\Program Files (x86)\Fast Free Converter\FastFreeConverterUpdt.exe[2068] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 69 00000000753e1465 2 bytes [3E, 75]
.text C:\Program Files (x86)\Fast Free Converter\FastFreeConverterUpdt.exe[2068] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 155 00000000753e14bb 2 bytes [3E, 75]
.text ... * 2
.text c:\Program Files (x86)\Common Files\LightScribe\LSSrvc.exe[2120] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 69 00000000753e1465 2 bytes [3E, 75]
.text c:\Program Files (x86)\Common Files\LightScribe\LSSrvc.exe[2120] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 155 00000000753e14bb 2 bytes [3E, 75]
.text ... * 2
.text C:\Program Files (x86)\PCPitstop\SuperShield\PCPitstopRTService.exe[2356] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 69 00000000753e1465 2 bytes [3E, 75]
.text C:\Program Files (x86)\PCPitstop\SuperShield\PCPitstopRTService.exe[2356] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 155 00000000753e14bb 2 bytes [3E, 75]
.text ... * 2
.text c:\Program Files (x86)\Microsoft SQL Server\90\Shared\sqlbrowser.exe[2900] C:\Windows\syswow64\psapi.dll!GetModuleInformation + 69 00000000753e1465 2 bytes [3E, 75]
.text c:\Program Files (x86)\Microsoft SQL Server\90\Shared\sqlbrowser.exe[2900] C:\Windows\syswow64\psapi.dll!GetModuleInformation + 155 00000000753e14bb 2 bytes [3E, 75]
.text ... * 2
? C:\Windows\system32\mssprxy.dll [3108] entry point in ".rdata" section 0000000074a371e6
.text C:\Program Files (x86)\Common Files\Microsoft Shared\Virtualization Handler\CVHSVC.EXE[4028] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 69 00000000753e1465 2 bytes [3E, 75]
.text C:\Program Files (x86)\Common Files\Microsoft Shared\Virtualization Handler\CVHSVC.EXE[4028] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 155 00000000753e14bb 2 bytes [3E, 75]
.text ... * 2
.text C:\Program Files (x86)\Spybot - Search & Destroy 2\SDTray.exe[3984] C:\Windows\syswow64\psapi.dll!GetModuleInformation + 69 00000000753e1465 2 bytes [3E, 75]
.text C:\Program Files (x86)\Spybot - Search & Destroy 2\SDTray.exe[3984] C:\Windows\syswow64\psapi.dll!GetModuleInformation + 155 00000000753e14bb 2 bytes [3E, 75]
.text ... * 2
.text C:\Program Files (x86)\Common Files\Apple\Internet Services\ApplePhotoStreams.exe[5068] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 69 00000000753e1465 2 bytes [3E, 75]
.text C:\Program Files (x86)\Common Files\Apple\Internet Services\ApplePhotoStreams.exe[5068] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 155 00000000753e14bb 2 bytes [3E, 75]
.text ... * 2
.text C:\Program Files (x86)\Microsoft Office\Office12\WINWORD.EXE[5912] C:\Program Files (x86)\Microsoft Office\Office12\WINWORD.EXE!wdGetApplicationObject + 166 000000002fb21afc 2 bytes [B2, 2F]
.text C:\Program Files (x86)\Microsoft Office\Office12\WINWORD.EXE[5912] C:\Program Files (x86)\Microsoft Office\Office12\WINWORD.EXE!wdGetApplicationObject + 253 000000002fb21b53 2 bytes [B2, 2F]
.text C:\Program Files (x86)\Microsoft Office\Office12\WINWORD.EXE[5912] C:\Program Files (x86)\Microsoft Office\Office12\WINWORD.EXE!wdGetApplicationObject + 320 000000002fb21b96 2 bytes [B2, 2F]
.text C:\Program Files (x86)\Microsoft Office\Office12\WINWORD.EXE[5912] C:\Program Files (x86)\Microsoft Office\Office12\WINWORD.EXE!wdGetApplicationObject + 390 000000002fb21bdc 2 bytes [B2, 2F]
.text C:\Program Files (x86)\Microsoft Office\Office12\WINWORD.EXE[5912] C:\Program Files (x86)\Microsoft Office\Office12\WINWORD.EXE!wdGetApplicationObject + 738 000000002fb21d38 2 bytes [B2, 2F]
.text C:\Program Files (x86)\Microsoft Office\Office12\WINWORD.EXE[5912] C:\Program Files (x86)\Microsoft Office\Office12\WINWORD.EXE!wdGetApplicationObject + 937 000000002fb21dff 2 bytes [B2, 2F]
.text C:\Program Files (x86)\Microsoft Office\Office12\WINWORD.EXE[5912] C:\Program Files (x86)\Microsoft Office\Office12\WINWORD.EXE!wdGetApplicationObject + 958 000000002fb21e14 2 bytes [B2, 2F]
.text C:\Program Files (x86)\Microsoft Office\Office12\WINWORD.EXE[5912] C:\Program Files (x86)\Microsoft Office\Office12\WINWORD.EXE!wdGetApplicationObject + 970 000000002fb21e20 2 bytes [B2, 2F]
.text C:\Program Files (x86)\Microsoft Office\Office12\WINWORD.EXE[5912] C:\Windows\syswow64\kernel32.dll!SetUnhandledExceptionFilter 0000000074fa8769 5 bytes JMP 000000015ff653fc
.text C:\Program Files (x86)\Microsoft Office\Office12\WINWORD.EXE[5912] C:\Windows\syswow64\ole32.dll!OleLoadFromStream 0000000076cf6143 5 bytes JMP 0000000160a2f68e
.text C:\Program Files (x86)\Microsoft Office\Office12\WINWORD.EXE[5912] C:\Windows\syswow64\OLEAUT32.dll!SysFreeString 0000000075a33e59 5 bytes JMP 000000015ff910b7
.text C:\Program Files (x86)\Microsoft Office\Office12\WINWORD.EXE[5912] C:\Windows\syswow64\OLEAUT32.dll!VariantClear 0000000075a33eae 5 bytes JMP 000000015ff9b0be
.text C:\Program Files (x86)\Microsoft Office\Office12\WINWORD.EXE[5912] C:\Windows\syswow64\OLEAUT32.dll!SysAllocStringByteLen 0000000075a34731 5 bytes JMP 000000015ffcb5dc
.text C:\Program Files (x86)\Microsoft Office\Office12\WINWORD.EXE[5912] C:\Windows\syswow64\OLEAUT32.dll!VariantChangeType 0000000075a35dee 5 bytes JMP 000000015ffcc50f
.text C:\Users\Richard\Downloads\HijackThis.exe[3292] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 69 00000000753e1465 2 bytes [3E, 75]
.text C:\Users\Richard\Downloads\HijackThis.exe[3292] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 155 00000000753e14bb 2 bytes [3E, 75]
.text ... * 2
.text C:\Windows\SysWOW64\NOTEPAD.EXE[1940] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 69 00000000753e1465 2 bytes [3E, 75]
.text C:\Windows\SysWOW64\NOTEPAD.EXE[1940] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 155 00000000753e14bb 2 bytes [3E, 75]
.text ... * 2
? C:\Windows\system32\mssprxy.dll [1940] entry point in ".rdata" section 0000000074a371e6
? C:\Windows\system32\mssprxy.dll [4492] entry point in ".rdata" section 0000000074a371e6
.text C:\Windows\SysWOW64\NOTEPAD.EXE[4492] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 69 00000000753e1465 2 bytes [3E, 75]
.text C:\Windows\SysWOW64\NOTEPAD.EXE[4492] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 155 00000000753e14bb 2 bytes [3E, 75]
.text ... * 2
? C:\Windows\system32\mssprxy.dll [828] entry point in ".rdata" section 0000000074a371e6
.text C:\Windows\SysWOW64\NOTEPAD.EXE[828] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 69 00000000753e1465 2 bytes [3E, 75]
.text C:\Windows\SysWOW64\NOTEPAD.EXE[828] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 155 00000000753e14bb 2 bytes [3E, 75]
.text ... * 2

---- Threads - GMER 2.1 ----

Thread c:\Program Files (x86)\Microsoft SQL Server\MSSQL.1\MSSQL\Binn\sqlservr.exe [2212:2252] 00000000772e2e65
Thread c:\Program Files (x86)\Microsoft SQL Server\MSSQL.1\MSSQL\Binn\sqlservr.exe [2212:2260] 00000000736b29e1
Thread c:\Program Files (x86)\Microsoft SQL Server\MSSQL.1\MSSQL\Binn\sqlservr.exe [2212:2264] 00000000736b29e1
Thread c:\Program Files (x86)\Microsoft SQL Server\MSSQL.1\MSSQL\Binn\sqlservr.exe [2212:2268] 00000000736b29e1
Thread c:\Program Files (x86)\Microsoft SQL Server\MSSQL.1\MSSQL\Binn\sqlservr.exe [2212:2272] 00000000736b29e1
Thread c:\Program Files (x86)\Microsoft SQL Server\MSSQL.1\MSSQL\Binn\sqlservr.exe [2212:2276] 00000000736b29e1
Thread c:\Program Files (x86)\Microsoft SQL Server\MSSQL.1\MSSQL\Binn\sqlservr.exe [2212:2280] 00000000736b29e1
Thread c:\Program Files (x86)\Microsoft SQL Server\MSSQL.1\MSSQL\Binn\sqlservr.exe [2212:2284] 00000000736b29e1
Thread c:\Program Files (x86)\Microsoft SQL Server\MSSQL.1\MSSQL\Binn\sqlservr.exe [2212:2292] 00000000736b29e1
Thread c:\Program Files (x86)\Microsoft SQL Server\MSSQL.1\MSSQL\Binn\sqlservr.exe [2212:2296] 00000000736b29e1
Thread c:\Program Files (x86)\Microsoft SQL Server\MSSQL.1\MSSQL\Binn\sqlservr.exe [2212:2300] 00000000736b29e1
Thread c:\Program Files (x86)\Microsoft SQL Server\MSSQL.1\MSSQL\Binn\sqlservr.exe [2212:2420] 00000000736b29e1
Thread c:\Program Files (x86)\Microsoft SQL Server\MSSQL.1\MSSQL\Binn\sqlservr.exe [2212:2424] 00000000736b29e1
Thread c:\Program Files (x86)\Microsoft SQL Server\MSSQL.1\MSSQL\Binn\sqlservr.exe [2212:2428] 00000000736b29e1
Thread c:\Program Files (x86)\Microsoft SQL Server\MSSQL.1\MSSQL\Binn\sqlservr.exe [2212:2560] 00000000736b29e1
Thread c:\Program Files (x86)\Microsoft SQL Server\MSSQL.1\MSSQL\Binn\sqlservr.exe [2212:2564] 00000000736b29e1
Thread c:\Program Files (x86)\Microsoft SQL Server\MSSQL.1\MSSQL\Binn\sqlservr.exe [2212:2576] 00000000736b29e1
Thread c:\Program Files (x86)\Microsoft SQL Server\MSSQL.1\MSSQL\Binn\sqlservr.exe [2212:2580] 00000000736b29e1
Thread c:\Program Files (x86)\Microsoft SQL Server\MSSQL.1\MSSQL\Binn\sqlservr.exe [2212:2584] 00000000736b29e1
Thread c:\Program Files (x86)\Microsoft SQL Server\MSSQL.1\MSSQL\Binn\sqlservr.exe [2212:2672] 00000000736b29e1
Thread c:\Program Files (x86)\Microsoft SQL Server\MSSQL.1\MSSQL\Binn\sqlservr.exe [2212:2676] 00000000736b29e1
Thread c:\Program Files (x86)\Microsoft SQL Server\MSSQL.1\MSSQL\Binn\sqlservr.exe [2212:2696] 00000000772e3e85
Thread c:\Program Files (x86)\Microsoft SQL Server\MSSQL.1\MSSQL\Binn\sqlservr.exe [2212:2876] 00000000736b29e1
Thread c:\Program Files (x86)\Microsoft SQL Server\MSSQL.1\MSSQL\Binn\sqlservr.exe [2212:2168] 00000000736b29e1
Thread c:\Program Files (x86)\Microsoft SQL Server\MSSQL.1\MSSQL\Binn\sqlservr.exe [2212:2316] 00000000736b29e1
Thread c:\Program Files (x86)\Microsoft SQL Server\MSSQL.1\MSSQL\Binn\sqlservr.exe [2212:2332] 00000000736b29e1
Thread c:\Program Files (x86)\Microsoft SQL Server\MSSQL.1\MSSQL\Binn\sqlservr.exe [2212:3468] 00000000736b29e1
Thread c:\Program Files (x86)\Microsoft SQL Server\MSSQL.1\MSSQL\Binn\sqlservr.exe [2212:4744] 00000000736b29e1
Thread c:\Program Files (x86)\Microsoft SQL Server\MSSQL.1\MSSQL\Binn\sqlservr.exe [2212:4748] 00000000736b29e1
Thread c:\Program Files (x86)\Microsoft SQL Server\MSSQL.1\MSSQL\Binn\sqlservr.exe [2212:4752] 00000000736b29e1
Thread c:\Program Files (x86)\Microsoft SQL Server\MSSQL.1\MSSQL\Binn\sqlservr.exe [2212:5292] 00000000772e3e85

---- Disk sectors - GMER 2.1 ----

Disk \Device\Harddisk0\DR0 unknown MBR code

---- EOF - GMER 2.1 ----

SPYBOT SCAN file:

Search results from Spybot - Search & Destroy

10/23/2013 2:05:15 PM
Scan took 00:47:12.
18 items found.

BrowseFox: [SBI $EB7ED92C] Settings (Registry Value, nothing done)
HKEY_CLASSES_ROOT\CLSID\{4AA46D49-459F-4358-B4D1-169048547C23}\id

BrowseFox: [SBI $EB7ED92C] Settings (Registry Value, nothing done)
HKEY_CLASSES_ROOT\CLSID\{4AA46D49-459F-4358-B4D1-169048547C23}\id

BrowseFox: [SBI $A65521ED] Settings (Registry Key, nothing done)
HKEY_CLASSES_ROOT\CLSID\{4AA46D49-459F-4358-B4D1-169048547C23}

BrowseFox: [SBI $A65521ED] Settings (Registry Key, nothing done)
HKEY_CLASSES_ROOT\CLSID\{4AA46D49-459F-4358-B4D1-169048547C23}

Win32.2UrFace.bho: [SBI $40F35DD4] Settings (Registry Key, nothing done)
HKEY_CLASSES_ROOT\CLSID\{431532BD-0AE1-4ABC-BE8C-919F3D1332E2}

Macromedia.FlashPlayer.Cookies: [SBI $6AA61750] Text file (File, nothing done)
C:\Users\Richard\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\TNMPFCYU\wac.edgecastcdn.net\dropdowndeals.sol
Properties.size=367
Properties.md5=C80A15D890E682B3F147A25A5C13CB4A
Properties.filedate=1382473475
Properties.filedatetext=2013-10-22 13:24:34

Macromedia.FlashPlayer.Cookies: [SBI $1EF45977] Text file (File, nothing done)
C:\Users\Richard\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\TNMPFCYU\www.ajaxcdn.org\swf.swf\dm_cookie.sol
Properties.size=415
Properties.md5=B25BD42F339E8F91716F2BE4A3540325
Properties.filedate=1382473243
Properties.filedatetext=2013-10-22 13:20:42

Macromedia.FlashPlayer.Cookies: [SBI $1EF45977] Text file (File, nothing done)
C:\Users\Richard\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\TNMPFCYU\http://www.securepaths.com\securepat...ecurepaths.sol
Properties.size=217
Properties.md5=7E07B657FDC9A67C6F831AADE63EAF0F
Properties.filedate=1382472962
Properties.filedatetext=2013-10-22 13:16:01

MS Direct3D: [SBI $C2A44980] Most recent application (Registry Change, nothing done)
HKEY_USERS\S-1-5-21-2722201346-427415054-1772057756-1000\Software\Microsoft\Direct3D\MostRecentApplication\Name

MS Office 12.0 (Word): [SBI $E357B233] Recent Document List (Registry Key, nothing done)
HKEY_USERS\S-1-5-21-2722201346-427415054-1772057756-1000\Software\Microsoft\Office\12.0\Word\File MRU

Windows Explorer: [SBI $AA0766B5] Stream history (Registry Key, nothing done)
HKEY_USERS\S-1-5-21-2722201346-427415054-1772057756-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\StreamMRU

Windows Explorer: [SBI $D20DA0AD] Recent file global history (Registry Key, nothing done)
HKEY_USERS\S-1-5-21-2722201346-427415054-1772057756-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\RecentDocs

Cookie: [SBI $49804B54] Browser: Cookie (3) (Browser: Cookie, nothing done)


Cache: [SBI $49804B54] Browser: Cache (45) (Browser: Cache, nothing done)


History: [SBI $49804B54] Browser: History (41) (Browser: History, nothing done)


Cookie: [SBI $49804B54] Browser: Cookie (1) (Browser: Cookie, nothing done)


History: [SBI $49804B54] Browser: History (71) (Browser: History, nothing done)


Cookie: [SBI $49804B54] Browser: Cookie (347) (Browser: Cookie, nothing done)



--- Spybot - Search & Destroy version: 2.1.18.131 DLL (build: 20130516) ---

2013-05-16 blindman.exe (2.1.18.151)
2013-05-16 explorer.exe (2.1.18.177)
2013-05-16 SDBootCD.exe (2.1.18.109)
2013-05-16 SDCleaner.exe (2.1.18.110)
2013-05-16 SDDelFile.exe (2.1.18.94)
2013-06-18 SDDisableProxy.exe
2013-05-16 SDFiles.exe (2.1.18.135)
2013-03-20 SDFileScanHelper.exe (2.1.16.1)
2013-05-16 SDFSSvc.exe (2.1.18.208)
2013-05-16 SDHookHelper.exe (2.1.18.2)
2013-05-16 SDHookInst32.exe (2.1.18.2)
2013-05-16 SDHookInst64.exe (2.1.18.2)
2013-05-16 SDImmunize.exe (2.1.18.130)
2013-05-16 SDLogReport.exe (2.1.18.107)
2013-05-16 SDOnAccess.exe (2.1.18.4)
2013-05-16 SDPESetup.exe (2.1.18.3)
2013-05-16 SDPEStart.exe (2.1.18.86)
2013-05-16 SDPhoneScan.exe (2.1.18.28)
2013-05-16 SDPRE.exe (2.1.18.22)
2013-05-16 SDPrepPos.exe (2.1.18.10)
2013-05-16 SDQuarantine.exe (2.1.18.103)
2013-05-16 SDRootAlyzer.exe (2.1.18.116)
2013-05-16 SDSBIEdit.exe (2.1.18.39)
2013-05-16 SDScan.exe (2.1.18.177)
2013-05-16 SDScript.exe (2.1.18.53)
2013-05-16 SDSettings.exe (2.1.18.136)
2013-05-16 SDShell.exe (2.1.18.2)
2013-05-16 SDShred.exe (2.1.18.107)
2013-05-16 SDSysRepair.exe (2.1.18.101)
2013-05-16 SDTools.exe (2.1.18.150)
2013-07-25 SDTray.exe (2.1.21.129)
2013-05-16 SDUpdate.exe (2.1.18.91)
2013-05-16 SDUpdSvc.exe (2.1.18.76)
2013-07-10 SDWelcome.exe (2.1.21.129)
2013-05-15 SDWSCSvc.exe (2.1.18.2)
2013-06-19 spybotsd2-translation-frx.exe
2013-08-27 unins000.exe (51.1052.0.0)
1999-12-02 xcacls.exe
2012-08-23 borlndmm.dll (10.0.2288.42451)
2012-09-05 DelZip190.dll (1.9.0.107)
2012-09-10 libeay32.dll (1.0.0.4)
2012-09-10 libssl32.dll (1.0.0.4)
2013-05-16 SDAdvancedCheckLibrary.dll (2.1.18.98)
2013-05-16 SDAV.dll
2013-05-16 SDECon32.dll (2.1.18.113)
2013-05-16 SDECon64.dll (2.1.18.113)
2013-04-05 SDEvents.dll (2.1.16.2)
2013-05-16 SDFileScanLibrary.dll (2.1.18.12)
2013-05-16 SDHook32.dll (2.1.18.2)
2013-05-16 SDHook64.dll (2.1.18.2)
2013-05-16 SDImmunizeLibrary.dll (2.1.18.2)
2013-05-16 SDLicense.dll (2.1.18.0)
2013-05-16 SDLists.dll (2.1.18.4)
2013-05-16 SDResources.dll (2.1.18.7)
2013-05-16 SDScanLibrary.dll (2.1.18.131)
2013-05-16 SDTasks.dll (2.1.18.15)
2013-05-16 SDWinLogon.dll (2.1.18.0)
2012-08-23 sqlite3.dll
2012-09-10 ssleay32.dll (1.0.0.4)
2013-05-16 Tools.dll (2.1.18.36)
2012-12-18 Includes\Adware.sbi (*)
2013-10-22 Includes\AdwareC.sbi (*)
2010-08-13 Includes\Cookies.sbi (*)
2012-11-14 Includes\Dialer.sbi (*)
2012-11-14 Includes\DialerC.sbi (*)
2012-11-14 Includes\HeavyDuty.sbi (*)
2012-11-14 Includes\Hijackers.sbi (*)
2012-11-14 Includes\HijackersC.sbi (*)
2013-10-16 Includes\iPhone.sbi (*)
2013-06-25 Includes\Keyloggers.sbi (*)
2012-12-18 Includes\KeyloggersC.sbi (*)
2013-05-29 Includes\Malware.sbi (*)
2013-10-22 Includes\MalwareC.sbi (*)
2012-11-14 Includes\PUPS.sbi (*)
2013-10-22 Includes\PUPSC.sbi (*)
2012-11-14 Includes\Security.sbi (*)
2012-11-14 Includes\SecurityC.sbi (*)
2013-05-22 Includes\Spyware.sbi (*)
2013-08-06 Includes\SpywareC.sbi (*)
2011-06-07 Includes\Tracks.sbi (*)
2012-11-19 Includes\Tracks.uti (*)
2013-01-16 Includes\Trojans.sbi (*)
2013-05-13 Includes\TrojansC-02.sbi (*)
2013-10-01 Includes\TrojansC-03.sbi (*)
2013-10-22 Includes\TrojansC-04.sbi (*)
2013-05-08 Includes\TrojansC-05.sbi (*)
2013-08-06 Includes\TrojansC.sbi (*)

End of File Attachments.

Any help will be greatly appreciated.
Pascal1623's Avatar
Pascal1623 Pascal1623 is offline
Computer Specs
Member with 10 posts.
THREAD STARTER
 
Join Date: Jun 2010
Experience: Intermediate
24-Oct-2013, 08:44 PM #2
Bump
Pascal1623's Avatar
Pascal1623 Pascal1623 is offline
Computer Specs
Member with 10 posts.
THREAD STARTER
 
Join Date: Jun 2010
Experience: Intermediate
25-Oct-2013, 10:16 PM #3
Bump, please.
JSntgRvr's Avatar
Moderator & Malware Removal Specialist with 17,237 posts.
 
Join Date: Jul 2003
Location: Puerto Rico
Experience: Advanced
26-Oct-2013, 08:19 PM #4
Welcome.

Lets empty the temp folders:

Download TFC by OldTimer to your desktop
  • Please double-click TFC.exe to run it. (Note: If you are running on Vista, right-click on the file and choose Run As Administrator).
  • It will close all programs when run, so make sure you have saved all your work before you begin.
  • Click the Start button to begin the process. Depending on how often you clean temp files, execution time should be anywhere from a few seconds to a minute or two. Let it run uninterrupted to completion.
  • Once it's finished it should reboot your machine. If it does not, please manually reboot the machine yourself to ensure a complete clean.

++++++++++

Please download Junkware Removal Tool to your desktop.
  • Shut down your protection software now to avoid potential conflicts.
  • Run the tool by double-clicking it. If you are using Windows Vista, 7, or 8; instead of double-clicking, right-mouse click JRT.exe and select "Run as Administrator".
  • The tool will open and start scanning your system.
  • Please be patient as this can take a while to complete depending on your system's specifications.
  • On completion, a log (JRT.txt) is saved to your desktop and will automatically open.
  • Post the contents of JRT.txt into your next message.

++++++++++

Download : ADWCleaner to your desktop.

NOTE: If using Internet Explorer and get an alert that stops the program downloading, click on the warning and allow the download to complete.

Close all programs and click on the AdwCleaner icon.



Click on Scan and follow the prompts. Let it run unhindered. When done, click on the Clean button, and follow the prompts. Allow the system to reboot. You will then be presented with the report. Copy & Paste this report on your next reply.

The report will be saved in the C:\AdwCleaner folder. as AdwCleaner[S0].txt

++++++++++

Please download Malwarebytes' Anti-Malware from Here.

Double Click mbam-setup.exe to install the application.
  • Make sure a checkmark is placed next to Update Malwarebytes' Anti-Malware and Launch Malwarebytes' Anti-Malware, then click Finish.
  • If an update is found, it will download and install the latest version.
  • Once the program has loaded, select "Perform Quick Scan", then click Scan.
  • The scan may take some time to finish,so please be patient.
  • When the scan is complete, click OK, then Show Results to view the results.
  • Make sure that everything is checked, and click Remove Selected.
  • When disinfection is completed, a log will open in Notepad and you may be prompted to Restart.(See Extra Note)
  • The log is automatically saved by MBAM and can be viewed by clicking the Logs tab in MBAM.
  • Copy&Paste the entire report in your next reply.
Extra Note:

If MBAM encounters a file that is difficult to remove,you will be presented with 1 of 2 prompts,click OK to either and let MBAM proceed with the disinfection process. If asked to restart the computer, please do so immediatly.

++++++++++

Please download Farbar Recovery Scan Tool and save it to your desktop.

Note: You need to run the version compatible with your system. If you are not sure which version applies to your system download both of them and try to run them. Only one of them will run on your system, that will be the right version.
  • Double-click to run it. When the tool opens click Yes to disclaimer.
  • Press Scan button.
  • It will make a log (FRST.txt) in the same directory the tool is run. Please copy and paste it to your reply.
  • The first time the tool is run, it makes also another log (Addition.txt). Please attach it to your reply.
__________________
Unanswered threads for 5 days will no longer be part of my subscriptions.
Pascal1623's Avatar
Pascal1623 Pascal1623 is offline
Computer Specs
Member with 10 posts.
THREAD STARTER
 
Join Date: Jun 2010
Experience: Intermediate
27-Oct-2013, 08:38 PM #5
Malware is now gone!
Thanks for responding to my malware problem JSntgRvr. I followed your suggestions to the letter and they seemed have worked perfectly. I tried posting the txt files as you requested but the entire post was apparently too long according to forum rules. Suffice it to say after running SpyBot Search & Destroy again the malware Win32.2yourface.bho was gone, and my PC seems to be running fine again.

Thank you very much JSntgRvr!
JSntgRvr's Avatar
Moderator & Malware Removal Specialist with 17,237 posts.
 
Join Date: Jul 2003
Location: Puerto Rico
Experience: Advanced
27-Oct-2013, 10:49 PM #6
I am glad it worked.

Run and uninstall AdwCleaner. Manually remove any other tool left. You can keep Malwarebytes' Anti-Malware as it is a good application.

Best wishes!
As Seen On

BBC, Reader's Digest, PC Magazine, Today Show, Money Magazine
WELCOME TO TECH SUPPORT GUY!

Are you looking for the solution to your computer problem? Join our site today to ask your question. This site is completely free -- paid for by advertisers and donations.

If you're not already familiar with forums, watch our Welcome Guide to get started.


(clock)
THIS THREAD HAS EXPIRED.
Are you having the same problem? We have volunteers ready to answer your question, but first you'll have to join for free. Need help getting started? Check out our Welcome Guide.

Search Tech Support Guy

Find the solution to your
computer problem!




Currently Active Users Viewing This Thread: 1 (0 members and 1 guests)
 
Thread Tools


WELCOME
You Are Using: Server ID
Trusted Website Back to the Top ↑