1. Computer problem? Tech Support Guy is completely free -- paid for by advertisers and donations. Click here to join today! If you're new to Tech Support Guy, we highly recommend that you visit our Guide for New Members.

Need Help with Malware Win32.2YourFace.bho

Discussion in 'Virus & Other Malware Removal' started by Pascal1623, Oct 23, 2013.

Thread Status:
Not open for further replies.
Advertisement
  1. Pascal1623

    Pascal1623 Thread Starter

    Joined:
    Jun 16, 2010
    Messages:
    10
    I believe I am having a malware problem on my PC called: Win32.2YourFace.bho.

    My PC is a x64 based Hewlett-Packard Model p6720f with an AMD Phenom(tm) II X4 840T Processor, 2900 Mhz, 4 Core(s), 4 Logical Processor(s).

    My OS is Microsoft Windows 7 Ultimate with 6.1.7601 Service Pack 1 Build 7601.

    I first noticed the problem when trying to watch Netflix instant streaming. A warning popped up saying that my Firefox browser (24.0) was out of date and needed to updated. This was not the way I usually was notified of a new version of Firefox. It also wanted me to download and update a new video player called Flash Player Pro. This did not look normal to me so after clicking on a new tab several times I finally got to the proper Netflix website and was able to successfully engage the instant viewing.

    However the problem continued when I tried to start up Firefox and also Internet Explorer seemed completely inaccessible and had to be restarted several times. I also started getting several unwanted pop-up ads such as dating Japanese girls and that my pc was about to crash unless I downloaded a PC Cleaner.

    I uninstalled Firefox (which seemed to be the most infected) with the uninstall feature of the Control Panel and reinstalled directly from the Firefox Website but problem persists. The problem seems to be with my Firefox browser and Internet Explorer browser. I usually use an Opera browser which seems unaffected.

    I have the following utilities installed which I use frequently:

    Norton Internet Security
    RegCure Pro
    Spybot Search and Destroy +AV2.1 Professonal Edition
    PC Matic

    Pursuant to this forums rules are the following files:

    HiJackThis File:

    Logfile of Trend Micro HijackThis v2.0.4
    Scan saved at 9:33:31 AM, on 10/23/2013
    Platform: Windows 7 SP1 (WinNT 6.00.3505)
    MSIE: Internet Explorer v10.0 (10.00.9200.16720)
    Boot mode: Normal

    Running processes:
    C:\Program Files (x86)\Common Files\PC Tools\sMonitor\SSDMonitor.exe
    C:\Program Files (x86)\PCPitstop\Info Center\InfoCenter.exe
    C:\Program Files (x86)\Spybot - Search & Destroy 2\SDTray.exe
    C:\Program Files (x86)\iTunes\iTunesHelper.exe
    C:\Program Files (x86)\PCPitstop\SuperShield\PCMaticRT.exe
    C:\Program Files (x86)\Common Files\Apple\Internet Services\ApplePhotoStreams.exe
    C:\Program Files (x86)\Opera\opera.exe
    C:\Program Files (x86)\Microsoft Office\Office12\WINWORD.EXE
    C:\Users\Richard\Downloads\HijackThis.exe

    R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = Preserve
    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/p/?LinkId=255141
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
    R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/p/?LinkId=255141
    R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
    R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
    R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
    R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
    R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
    R3 - URLSearchHook: PC Tools Browser Guard - {472734EA-242A-422b-ADF8-83D1E48CC825} - (no file)
    R3 - URLSearchHook: InternetHelper3.1 Toolbar - {07cbf788-1359-421b-a4e3-5a8d041b90a3} - C:\Program Files (x86)\InternetHelper3.1\prxtbInte.dll
    F2 - REG:system.ini: UserInit=userinit.exe,
    O2 - BHO: InternetHelper3.1 - {07cbf788-1359-421b-a4e3-5a8d041b90a3} - C:\Program Files (x86)\InternetHelper3.1\prxtbInte.dll
    O2 - BHO: CrossriderApp0043912 - {11111111-1111-1111-1111-110411391112} - (no file)
    O2 - BHO: Browser Guard BHO - {2A0F3D1B-0909-4FF4-B272-609CCE6054E7} - (no file)
    O2 - BHO: Linksicle - {2AD2D8CA-D24D-40D2-A8FC-46952409BA9A} - C:\Program Files (x86)\Linksicle\IE\LinksicleClientIE.dll
    O2 - BHO: LinkSwift - {323420b6-65e5-4657-8106-a27392d4d4aa} - (no file)
    O2 - BHO: Norton Identity Protection - {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} - C:\Program Files (x86)\Norton Internet Security\Engine\20.4.0.40\coIEPlg.dll
    O2 - BHO: Norton Vulnerability Protection - {6D53EC84-6AAE-4787-AEEE-F4628F01010C} - C:\Program Files (x86)\Norton Internet Security\Engine\20.4.0.40\IPS\IPSBHO.DLL
    O2 - BHO: RoboForm - {724d43a9-0d85-11d4-9908-00400523e39a} - C:\Program Files (x86)\Siber Systems\AI RoboForm\roboform.dll
    O2 - BHO: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll
    O2 - BHO: TidyNetwork.com - {7736C7FA-512D-11E2-B871-DEC36088709B} - (no file)
    O2 - BHO: DefaultTabBHO - {7F6AFBF1-E065-4627-A2FD-810366367D01} - C:\Users\Richard\AppData\Roaming\DefaultTab\DefaultTab\DefaultTabBHO.dll
    O2 - BHO: Windows Live ID Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
    O2 - BHO: Searchqu Toolbar - {99079a25-328f-4bd4-be04-00955acaa0a7} - (no file)
    O2 - BHO: Word - {B78F92C8-DEB3-11E2-9A0A-FB64281D6ADE} - C:\Users\Richard\AppData\Local\WordLayers\temp.dat
    O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll
    O2 - BHO: Fast Free Converter 4.1 - {F5580E24-8416-4DFD-90B3-078D4EDF4FCB} - C:\PROGRA~2\Fast Free Converter\FastFreeConverter\FastFreeConverter.dll
    O3 - Toolbar: PC Tools Browser Guard - {472734EA-242A-422B-ADF8-83D1E48CC825} - (no file)
    O3 - Toolbar: &RoboForm - {724d43a0-0d85-11d4-9908-00400523e39a} - C:\Program Files (x86)\Siber Systems\AI RoboForm\roboform.dll
    O3 - Toolbar: ShopAtHome.com Toolbar - {98279C38-DE4B-4bcf-93C9-8EC26069D6F4} - (no file)
    O3 - Toolbar: Searchqu Toolbar - {99079a25-328f-4bd4-be04-00955acaa0a7} - (no file)
    O3 - Toolbar: Norton Toolbar - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files (x86)\Norton Internet Security\Engine\20.4.0.40\coIEPlg.dll
    O3 - Toolbar: InternetHelper3.1 Toolbar - {07cbf788-1359-421b-a4e3-5a8d041b90a3} - C:\Program Files (x86)\InternetHelper3.1\prxtbInte.dll
    O4 - HKLM\..\Run: [SSDMonitor] C:\Program Files (x86)\Common Files\PC Tools\sMonitor\SSDMonitor.exe
    O4 - HKLM\..\Run: [PDF Complete] C:\Program Files (x86)\PDF Complete\pdfsty.exe
    O4 - HKLM\..\Run: [APSDaemon] "C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe"
    O4 - HKLM\..\Run: [Info Center] C:\Program Files (x86)\PCPitstop\Info Center\InfoCenter.exe
    O4 - HKLM\..\Run: [SDTray] "C:\Program Files (x86)\Spybot - Search & Destroy 2\SDTray.exe"
    O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files (x86)\iTunes\iTunesHelper.exe"
    O4 - HKLM\..\Run: [PC MaticRT] C:\Program Files (x86)\PCPitstop\SuperShield\PCMaticRT.exe
    O4 - HKCU\..\Run: [Spybot-S&D Cleaning] "C:\Program Files (x86)\Spybot - Search & Destroy 2\SDCleaner.exe" /autoclean
    O4 - HKCU\..\Run: [BackgroundContainer] "C:\Windows\SysWOW64\Rundll32.exe" "C:\Users\Richard\AppData\Local\Conduit\BackgroundContainer\BackgroundContainer.dll",DllRun
    O9 - Extra button: @C:\Program Files (x86)\Windows Live\Writer\WindowsLiveWriterShortcuts.dll,-1004 - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll
    O9 - Extra 'Tools' menuitem: @C:\Program Files (x86)\Windows Live\Writer\WindowsLiveWriterShortcuts.dll,-1003 - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll
    O9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~2\MICROS~1\Office12\ONBttnIE.dll
    O9 - Extra 'Tools' menuitem: S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~2\MICROS~1\Office12\ONBttnIE.dll
    O9 - Extra button: Fill Forms - {320AF880-6646-11D3-ABEE-C5DBF3571F46} - file://C:\Program Files (x86)\Siber Systems\AI RoboForm\RoboFormComFillForms.html
    O9 - Extra 'Tools' menuitem: Fill Forms - {320AF880-6646-11D3-ABEE-C5DBF3571F46} - file://C:\Program Files (x86)\Siber Systems\AI RoboForm\RoboFormComFillForms.html
    O9 - Extra button: Save - {320AF880-6646-11D3-ABEE-C5DBF3571F49} - file://C:\Program Files (x86)\Siber Systems\AI RoboForm\RoboFormComSavePass.html
    O9 - Extra 'Tools' menuitem: Save Forms - {320AF880-6646-11D3-ABEE-C5DBF3571F49} - file://C:\Program Files (x86)\Siber Systems\AI RoboForm\RoboFormComSavePass.html
    O9 - Extra button: RoboForm - {724d43aa-0d85-11d4-9908-00400523e39a} - file://C:\Program Files (x86)\Siber Systems\AI RoboForm\RoboFormComShowToolbar.html
    O9 - Extra 'Tools' menuitem: RoboForm Toolbar - {724d43aa-0d85-11d4-9908-00400523e39a} - file://C:\Program Files (x86)\Siber Systems\AI RoboForm\RoboFormComShowToolbar.html
    O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~2\MICROS~1\Office12\REFIEBAR.DLL
    O10 - Unknown file in Winsock LSP: c:\program files (x86)\common files\microsoft shared\windows live\wlidnsp.dll
    O10 - Unknown file in Winsock LSP: c:\program files (x86)\common files\microsoft shared\windows live\wlidnsp.dll
    O11 - Options group: [ACCELERATED_GRAPHICS] Accelerated graphics
    O15 - Trusted Zone: *.netflix.com
    O16 - DPF: {0E5F0222-96B9-11D3-8997-00104BD12D94} (PCPitstop Utility) - http://utilities.pcpitstop.com/Nirvana/controls/pcmatic.cab
    O16 - DPF: {CAFEEFAC-0016-0000-0000-ABCDEFFEDCBA} (Java Plug-in 1.6.0) - http://javadl-esd.oracle.com/update/1.6.0/jinstall-6u24-windows-i586.cab
    O18 - Protocol: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - C:\Program Files (x86)\Windows Live\Photo Gallery\AlbumDownloadProtocolHandler.dll
    O20 - AppInit_DLLs: c:\progra~2\searchqu toolbar\datamngr\datamngr.dll c:\progra~2\searchqu toolbar\datamngr\iebho.dll c:\progra~2\optimizer pro\optprocrash.dll
    O20 - Winlogon Notify: SDWinLogon - SDWinLogon.dll (file missing)
    O23 - Service: Optimizer Pro Crash Monitor (70e6ca8c) - Unknown owner - c:\progra~2\optimizer pro\optprocrash.exe (file missing)
    O23 - Service: Adobe Flash Player Update Service (AdobeFlashPlayerUpdateSvc) - Adobe Systems Incorporated - C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
    O23 - Service: @%SystemRoot%\system32\Alg.exe,-112 (ALG) - Unknown owner - C:\Windows\System32\alg.exe (file missing)
    O23 - Service: AMD External Events Utility - Unknown owner - C:\Windows\system32\atiesrxx.exe (file missing)
    O23 - Service: AMD FUEL Service - Advanced Micro Devices, Inc. - C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe
    O23 - Service: Browser Defender Update Service - Unknown owner - C:\Program Files (x86)\PC Tools Security\BDT\BDTUpdateService.exe (file missing)
    O23 - Service: CLHNServiceForPowerDVD - Unknown owner - C:\Program Files (x86)\CyberLink\PowerDVD11\Kernel\DMP\CLHNServiceForPowerDVD.exe
    O23 - Service: CyberLink PowerDVD 11.0 Monitor Service - CyberLink - C:\Program Files (x86)\CyberLink\PowerDVD11\Common\MediaServer\CLMSMonitorService.exe
    O23 - Service: CyberLink PowerDVD 11.0 Service - CyberLink - C:\Program Files (x86)\CyberLink\PowerDVD11\Common\MediaServer\CLMSServer.exe
    O23 - Service: DefaultTabSearch - Unknown owner - C:\Program Files (x86)\DefaultTab\DefaultTabSearch.exe
    O23 - Service: DefaultTabUpdate - Unknown owner - C:\Users\Richard\AppData\Roaming\defaulttab\defaulttab\dtupdate.exe
    O23 - Service: PC Tools Performance Toolkit Defrag Service (DMDefragService) - PC Tools - C:\Program Files (x86)\PC Tools Utilities\Tools\Defrag\DMDefragSrv.exe
    O23 - Service: PC Tools Performance Toolkit Repair Service (DMRepairService) - PC Tools - C:\Program Files (x86)\PC Tools Utilities\Tools\Repair\DMRepairSrv.exe
    O23 - Service: @%SystemRoot%\system32\efssvc.dll,-100 (EFS) - Unknown owner - C:\Windows\System32\lsass.exe (file missing)
    O23 - Service: FastFreeConverterUpdt - Unknown owner - C:\Program Files (x86)\Fast Free Converter\FastFreeConverterUpdt.exe
    O23 - Service: @%systemroot%\system32\fxsresm.dll,-118 (Fax) - Unknown owner - C:\Windows\system32\fxssvc.exe (file missing)
    O23 - Service: Google Update Service (gupdate) (gupdate) - Google Inc. - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
    O23 - Service: Google Update Service (gupdatem) (gupdatem) - Google Inc. - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
    O23 - Service: HP Support Assistant Service - Hewlett-Packard Company - C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\hpsa_service.exe
    O23 - Service: HP Client Services (HPClientSvc) - Hewlett-Packard Company - C:\Program Files\Hewlett-Packard\HP Client Services\HPClientServices.exe
    O23 - Service: HP Software Framework Service (hpqwmiex) - Unknown owner - C:\Program Files (x86)\Hewlett-Packard\Shared\hpqwmiex.exe (file missing)
    O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files (x86)\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
    O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
    O23 - Service: iWinTrusted - iWin Inc. - C:\Program Files (x86)\iWin Games\iWinTrusted.exe
    O23 - Service: @keyiso.dll,-100 (KeyIso) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
    O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - c:\Program Files (x86)\Common Files\LightScribe\LSSrvc.exe
    O23 - Service: Linksicle Client Service (lssvc) - Linksicle - C:\Program Files (x86)\Linksicle\Service\lssvc.exe
    O23 - Service: Norton Management (MCLIENT) - Symantec Corporation - C:\Program Files (x86)\Norton Management\Engine\3.2.2.12\ccSvcHst.exe
    O23 - Service: Mozilla Maintenance Service (MozillaMaintenance) - Mozilla Foundation - C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe
    O23 - Service: @comres.dll,-2797 (MSDTC) - Unknown owner - C:\Windows\System32\msdtc.exe (file missing)
    O23 - Service: @%SystemRoot%\System32\netlogon.dll,-102 (Netlogon) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
    O23 - Service: Norton Internet Security (NIS) - Symantec Corporation - C:\Program Files (x86)\Norton Internet Security\Engine\20.4.0.40\ccSvcHst.exe
    O23 - Service: PCPitstop Realtime - PC Pitstop LLC - C:\Program Files (x86)\PCPitstop\SuperShield\PCPitstopRTService.exe
    O23 - Service: PCPitstop Scheduling - PC Pitstop LLC - C:\Program Files (x86)\PCPitstop\PCPitstopScheduleService.exe
    O23 - Service: PC Tools Startup and Shutdown Monitor service (PCToolsSSDMonitorSvc) - Unknown owner - C:\Program Files (x86)\Common Files\PC Tools\sMonitor\StartManSvc.exe
    O23 - Service: PDF Document Manager (pdfcDispatcher) - PDF Complete Inc - C:\Program Files (x86)\PDF Complete\pdfsvc.exe
    O23 - Service: @%systemroot%\system32\psbase.dll,-300 (ProtectedStorage) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
    O23 - Service: Cyberlink RichVideo Service(CRVS) (RichVideo) - Unknown owner - C:\Program Files (x86)\CyberLink\Shared files\RichVideo.exe
    O23 - Service: @%systemroot%\system32\Locator.exe,-2 (RpcLocator) - Unknown owner - C:\Windows\system32\locator.exe (file missing)
    O23 - Service: Realtek Audio Service (RtkAudioService) - Realtek Semiconductor - C:\Program Files\Realtek\Audio\HDA\RtkAudioService64.exe
    O23 - Service: @%SystemRoot%\system32\samsrv.dll,-1 (SamSs) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
    O23 - Service: PC Tools Auxiliary Service (sdAuxService) - Unknown owner - C:\Program Files (x86)\PC Tools Security\pctsAuxs.exe (file missing)
    O23 - Service: PC Tools Security Service (sdCoreService) - Unknown owner - C:\Program Files (x86)\PC Tools Security\pctsSvc.exe (file missing)
    O23 - Service: Spybot-S&D 2 Scanner Service (SDScannerService) - Safer-Networking Ltd. - C:\Program Files (x86)\Spybot - Search & Destroy 2\SDFSSvc.exe
    O23 - Service: Spybot-S&D 2 Updating Service (SDUpdateService) - Safer-Networking Ltd. - C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdSvc.exe
    O23 - Service: Spybot-S&D 2 Security Center Service (SDWSCService) - Safer-Networking Ltd. - C:\Program Files (x86)\Spybot - Search & Destroy 2\SDWSCSvc.exe
    O23 - Service: @%SystemRoot%\system32\snmptrap.exe,-3 (SNMPTRAP) - Unknown owner - C:\Windows\System32\snmptrap.exe (file missing)
    O23 - Service: @%systemroot%\system32\spoolsv.exe,-1 (Spooler) - Unknown owner - C:\Windows\System32\spoolsv.exe (file missing)
    O23 - Service: @%SystemRoot%\system32\sppsvc.exe,-101 (sppsvc) - Unknown owner - C:\Windows\system32\sppsvc.exe (file missing)
    O23 - Service: ThreatFire - Unknown owner - C:\Program Files (x86)\PC Tools Security\TFEngine\TFService.exe (file missing)
    O23 - Service: @%SystemRoot%\system32\ui0detect.exe,-101 (UI0Detect) - Unknown owner - C:\Windows\system32\UI0Detect.exe (file missing)
    O23 - Service: Update LinkSwift - LinkSwift - C:\Program Files (x86)\LinkSwift\updateLinkSwift.exe
    O23 - Service: Util LinkSwift - LinkSwift - C:\Program Files (x86)\LinkSwift\bin\utilLinkSwift.exe
    O23 - Service: @%SystemRoot%\system32\vaultsvc.dll,-1003 (VaultSvc) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
    O23 - Service: @%SystemRoot%\system32\vds.exe,-100 (vds) - Unknown owner - C:\Windows\System32\vds.exe (file missing)
    O23 - Service: @%systemroot%\system32\vssvc.exe,-102 (VSS) - Unknown owner - C:\Windows\system32\vssvc.exe (file missing)
    O23 - Service: WajamUpdaterV2 - Unknown owner - C:\Program Files (x86)\Wajam\Updater\WajamUpdaterV2.exe (file missing)
    O23 - Service: @%SystemRoot%\system32\Wat\WatUX.exe,-601 (WatAdminSvc) - Unknown owner - C:\Windows\system32\Wat\WatAdminSvc.exe (file missing)
    O23 - Service: @%systemroot%\system32\wbengine.exe,-104 (wbengine) - Unknown owner - C:\Windows\system32\wbengine.exe (file missing)
    O23 - Service: @%Systemroot%\system32\wbem\wmiapsrv.exe,-110 (wmiApSrv) - Unknown owner - C:\Windows\system32\wbem\WmiApSrv.exe (file missing)
    O23 - Service: @%PROGRAMFILES%\Windows Media Player\wmpnetwk.exe,-101 (WMPNetworkSvc) - Unknown owner - C:\Program Files (x86)\Windows Media Player\wmpnetwk.exe (file missing)

    --
    End of file - 16623 bytes

    dds.txt file:

    DDS (Ver_2012-11-20.01) - NTFS_AMD64
    Internet Explorer: 10.0.9200.16720 BrowserJavaVersion: 10.45.2
    Run by Richard at 9:41:38 on 2013-10-23
    Microsoft Windows 7 Ultimate 6.1.7601.1.1252.1.1033.18.5887.1486 [GMT -7:00]
    .
    AV: Norton Internet Security *Enabled/Updated* {63DF5164-9100-186D-2187-8DC619EFD8BF}
    SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
    SP: Spybot - Search and Destroy *Disabled/Updated* {9BC38DF1-3CCA-732D-A930-C1CA5F20A4B0}
    SP: Norton Internet Security *Enabled/Updated* {D8BEB080-B73A-17E3-1B37-B6B462689202}
    FW: Norton Internet Security *Enabled* {5BE4D041-DB6F-1935-0AD8-24F3E73C9FC4}
    .
    ============== Running Processes ===============
    .
    C:\Windows\system32\lsm.exe
    C:\Windows\system32\svchost.exe -k DcomLaunch
    C:\Windows\system32\svchost.exe -k RPCSS
    C:\Windows\system32\atiesrxx.exe
    C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
    C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
    C:\Windows\system32\svchost.exe -k LocalService
    C:\Windows\system32\svchost.exe -k netsvcs
    C:\Windows\system32\svchost.exe -k NetworkService
    C:\Windows\system32\atieclxx.exe
    C:\Windows\System32\spoolsv.exe
    C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
    C:\Windows\system32\taskhost.exe
    C:\Windows\system32\Dwm.exe
    C:\Windows\Explorer.EXE
    C:\Windows\system32\taskeng.exe
    C:\Users\Richard\AppData\Roaming\defaulttab\defaulttab\dtupdate.exe
    C:\Program Files (x86)\Fast Free Converter\FastFreeConverterUpdt.exe
    c:\Program Files (x86)\Common Files\LightScribe\LSSrvc.exe
    C:\Program Files (x86)\Linksicle\Service\lssvc.exe
    C:\Program Files (x86)\Norton Management\Engine\3.2.2.12\ccSvcHst.exe
    c:\Program Files (x86)\Microsoft SQL Server\MSSQL.1\MSSQL\Binn\sqlservr.exe
    C:\Program Files (x86)\Norton Internet Security\Engine\20.4.0.40\ccSvcHst.exe
    C:\Program Files (x86)\PCPitstop\SuperShield\PCPitstopRTService.exe
    C:\Program Files (x86)\PCPitstop\PCPitstopScheduleService.exe
    C:\Program Files (x86)\Norton Internet Security\Engine\20.4.0.40\ccSvcHst.exe
    C:\Program Files (x86)\Common Files\PC Tools\sMonitor\StartManSvc.exe
    C:\Program Files (x86)\Microsoft Application Virtualization Client\sftvsa.exe
    c:\Program Files (x86)\Microsoft SQL Server\90\Shared\sqlbrowser.exe
    c:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe
    C:\Program Files (x86)\Norton Management\Engine\3.2.2.12\ccSvcHst.exe
    C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
    C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
    C:\Program Files (x86)\Microsoft Application Virtualization Client\sftlist.exe
    C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
    C:\Program Files (x86)\Common Files\Microsoft Shared\Virtualization Handler\CVHSVC.EXE
    C:\Windows\system32\SearchIndexer.exe
    C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
    C:\Windows\System32\WUDFHost.exe
    C:\Program Files (x86)\Common Files\PC Tools\sMonitor\SSDMonitor.exe
    C:\Program Files (x86)\PCPitstop\Info Center\InfoCenter.exe
    C:\Program Files (x86)\Spybot - Search & Destroy 2\SDTray.exe
    C:\Program Files (x86)\iTunes\iTunesHelper.exe
    C:\Program Files (x86)\PCPitstop\SuperShield\PCMaticRT.exe
    C:\Program Files\iPod\bin\iPodService.exe
    C:\Windows\System32\svchost.exe -k LocalServicePeerNet
    C:\Program Files\Windows Media Player\wmpnetwk.exe
    C:\Windows\system32\svchost.exe -k SDRSVC
    C:\Program Files (x86)\Common Files\Apple\Internet Services\ApplePhotoStreams.exe
    C:\Program Files (x86)\Opera\opera.exe
    C:\Program Files (x86)\Microsoft Office\Office12\WINWORD.EXE
    C:\Windows\splwow64.exe
    C:\Users\Richard\Downloads\HijackThis.exe
    C:\Windows\SysWOW64\NOTEPAD.EXE
    C:\Windows\System32\svchost.exe -k WerSvcGroup
    C:\Windows\system32\wbem\wmiprvse.exe
    C:\Windows\System32\cscript.exe
    .
    ============== Pseudo HJT Report ===============
    .
    uStart Page = about:blank
    uSearch Bar = Preserve
    uSearch Page = hxxp://www.google.com
    uURLSearchHooks: PC Tools Browser Guard: {472734EA-242A-422b-ADF8-83D1E48CC825} - LocalServer32 - <no file>
    uURLSearchHooks: InternetHelper3.1 Toolbar: {07cbf788-1359-421b-a4e3-5a8d041b90a3} - C:\Program Files (x86)\InternetHelper3.1\prxtbInte.dll
    mURLSearchHooks: InternetHelper3.1 Toolbar: {07cbf788-1359-421b-a4e3-5a8d041b90a3} - C:\Program Files (x86)\InternetHelper3.1\prxtbInte.dll
    mWinlogon: Userinit = userinit.exe,
    BHO: InternetHelper3.1 Toolbar: {07cbf788-1359-421b-a4e3-5a8d041b90a3} - C:\Program Files (x86)\InternetHelper3.1\prxtbInte.dll
    BHO: SuperLyrics-15: {11111111-1111-1111-1111-110411391112} - LocalServer32 - <no file>
    BHO: PC Tools Browser Guard BHO: {2A0F3D1B-0909-4FF4-B272-609CCE6054E7} - LocalServer32 - <no file>
    BHO: Linksicle: {2AD2D8CA-D24D-40D2-A8FC-46952409BA9A} - C:\Program Files (x86)\Linksicle\IE\LinksicleClientIE.dll
    BHO: LinkSwift: {323420b6-65e5-4657-8106-a27392d4d4aa} - LocalServer32 - <no file>
    BHO: Norton Identity Protection: {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} - C:\Program Files (x86)\Norton Internet Security\Engine\20.4.0.40\coieplg.dll
    BHO: Norton Vulnerability Protection: {6D53EC84-6AAE-4787-AEEE-F4628F01010C} - C:\Program Files (x86)\Norton Internet Security\Engine\20.4.0.40\ips\ipsbho.dll
    BHO: RoboForm: {724d43a9-0d85-11d4-9908-00400523e39a} - C:\Program Files (x86)\Siber Systems\AI RoboForm\roboform.dll
    BHO: Java(tm) Plug-In SSV Helper: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll
    BHO: {7736C7FA-512D-11E2-B871-DEC36088709B} - <orphaned>
    BHO: DefaultTab Browser Helper: {7F6AFBF1-E065-4627-A2FD-810366367D01} - C:\Users\Richard\AppData\Roaming\DefaultTab\DefaultTab\DefaultTabBHO.dll
    BHO: Windows Live ID Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
    BHO: {99079a25-328f-4bd4-be04-00955acaa0a7} - <orphaned>
    BHO: Word: {B78F92C8-DEB3-11E2-9A0A-FB64281D6ADE} - C:\Users\Richard\AppData\Local\WordLayers\temp.dat
    BHO: Java(tm) Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll
    BHO: Fast Free Converter 4.1: {F5580E24-8416-4DFD-90B3-078D4EDF4FCB} - C:\Program Files (x86)\Fast Free Converter\FastFreeConverter\FastFreeConverter.dll
    TB: PC Tools Browser Guard: {472734EA-242A-422B-ADF8-83D1E48CC825} - LocalServer32 - <no file>
    TB: &RoboForm: {724D43A0-0D85-11D4-9908-00400523E39A} - C:\Program Files (x86)\Siber Systems\AI RoboForm\roboform.dll
    TB: ShopAtHome.com Toolbar: {98279C38-DE4B-4BCF-93C9-8EC26069D6F4} - LocalServer32 - <no file>
    TB: Norton Toolbar: {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files (x86)\Norton Internet Security\Engine\20.4.0.40\coieplg.dll
    TB: InternetHelper3.1 Toolbar: {07CBF788-1359-421B-A4E3-5A8D041B90A3} - C:\Program Files (x86)\InternetHelper3.1\prxtbInte.dll
    TB: PC Tools Browser Guard: {472734EA-242A-422B-ADF8-83D1E48CC825} - LocalServer32 - <no file>
    TB: &RoboForm: {724d43a0-0d85-11d4-9908-00400523e39a} - C:\Program Files (x86)\Siber Systems\AI RoboForm\roboform.dll
    TB: ShopAtHome.com Toolbar: {98279C38-DE4B-4bcf-93C9-8EC26069D6F4} - LocalServer32 - <no file>
    TB: Norton Toolbar: {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files (x86)\Norton Internet Security\Engine\20.4.0.40\coieplg.dll
    TB: InternetHelper3.1 Toolbar: {07cbf788-1359-421b-a4e3-5a8d041b90a3} - C:\Program Files (x86)\InternetHelper3.1\prxtbInte.dll
    uRun: [Spybot-S&D Cleaning] "C:\Program Files (x86)\Spybot - Search & Destroy 2\SDCleaner.exe" /autoclean
    uRun: [BackgroundContainer] "C:\Windows\SysWOW64\Rundll32.exe" "C:\Users\Richard\AppData\Local\Conduit\BackgroundContainer\BackgroundContainer.dll",DllRun
    mRun: [SSDMonitor] C:\Program Files (x86)\Common Files\PC Tools\sMonitor\SSDMonitor.exe
    mRun: [PDF Complete] C:\Program Files (x86)\PDF Complete\pdfsty.exe
    mRun: [APSDaemon] "C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe"
    mRun: [Info Center] C:\Program Files (x86)\PCPitstop\Info Center\InfoCenter.exe
    mRun: [SDTray] "C:\Program Files (x86)\Spybot - Search & Destroy 2\SDTray.exe"
    mRun: [iTunesHelper] "C:\Program Files (x86)\iTunes\iTunesHelper.exe"
    mRun: [PC MaticRT] C:\Program Files (x86)\PCPitstop\SuperShield\PCMaticRT.exe
    uPolicies-Explorer: NoDriveTypeAutoRun = dword:145
    mPolicies-System: ConsentPromptBehaviorAdmin = dword:5
    mPolicies-System: ConsentPromptBehaviorUser = dword:3
    IE: {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - {5F7B1267-94A9-47F5-98DB-E99415F33AEC} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll
    IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - C:\Program Files (x86)\Microsoft Office\Office12\ONBttnIE.dll
    IE: {320AF880-6646-11D3-ABEE-C5DBF3571F46} - C:\Program Files (x86)\Siber Systems\AI RoboForm\RoboFormComFillForms.html
    IE: {320AF880-6646-11D3-ABEE-C5DBF3571F49} - C:\Program Files (x86)\Siber Systems\AI RoboForm\RoboFormComSavePass.html
    IE: {724d43aa-0d85-11d4-9908-00400523e39a} - C:\Program Files (x86)\Siber Systems\AI RoboForm\RoboFormComShowToolbar.html
    IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503}
    .
    INFO: HKCU has more than 50 listed domains.
    If you wish to scan all of them, select the 'Force scan all domains' option.
    .
    .
    INFO: HKLM has more than 50 listed domains.
    If you wish to scan all of them, select the 'Force scan all domains' option.
    .
    DPF: {0E5F0222-96B9-11D3-8997-00104BD12D94} - hxxp://utilities.pcpitstop.com/Nirvana/controls/pcmatic.cab
    DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_24-windows-i586.cab
    DPF: {CAFEEFAC-0016-0000-0000-ABCDEFFEDCBA} - hxxp://javadl-esd.oracle.com/update/1.6.0/jinstall-6u24-windows-i586.cab
    DPF: {CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_24-windows-i586.cab
    DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_24-windows-i586.cab
    TCP: NameServer = 75.75.75.75 75.75.76.76
    TCP: Interfaces\{2C30AC76-AAF8-43D7-9738-48E038F87F36} : DHCPNameServer = 75.75.75.75 75.75.76.76
    TCP: Interfaces\{EE9F14F0-C1EB-49B3-89F4-1250719D7D13} : DHCPNameServer = 75.75.75.75 75.75.76.76
    TCP: Interfaces\{EE9F14F0-C1EB-49B3-89F4-1250719D7D13}\D697177756374703533353 : DHCPNameServer = 192.168.0.1 205.171.3.25
    Handler: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - C:\Program Files (x86)\Windows Live\Photo Gallery\AlbumDownloadProtocolHandler.dll
    Notify: SDWinLogon - SDWinLogon.dll
    AppInit_DLLs= c:\progra~2\searchqu toolbar\datamngr\datamngr.dll c:\progra~2\searchqu toolbar\datamngr\iebho.dll c:\progra~2\optimizer pro\optprocrash.dll
    SSODL: WebCheck - <orphaned>
    x64-BHO: MRI_DISABLED - <orphaned>
    x64-BHO: SuperLyrics-15: {11111111-1111-1111-1111-110411391112} - LocalServer32 - <no file>
    x64-BHO: Linksicle: {2AD2D8CA-D24D-40D2-A8FC-46952409BA9A} - C:\Program Files\Linksicle\IE\LinksicleClientIE.dll
    x64-BHO: Java(tm) Plug-In SSV Helper: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre7\bin\ssv.dll
    x64-BHO: Java(tm) Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre7\bin\jp2ssv.dll
    .
    INFO: x64-HKLM has more than 50 listed domains.
    If you wish to scan all of them, select the 'Force scan all domains' option.
    .
    x64-Handler: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - <orphaned>
    x64-SSODL: WebCheck - <orphaned>
    Hosts: 127.0.0.1 www.spywareinfo.com
    .
    ================= FIREFOX ===================
    .
    FF - ProfilePath - C:\Users\Richard\AppData\Roaming\Mozilla\Firefox\Profiles\3s6870wh.default\
    FF - prefs.js: browser.search.defaulturl - hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT3289663&CUI=UN59772810236617435&UM=2&SearchSource=3&q={searchTerms}
    FF - prefs.js: browser.search.selectedEngine - InternetHelper3.1 Customized Web Search
    FF - prefs.js: browser.startup.homepage - bing.com
    FF - prefs.js: keyword.URL - hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT3289663&SearchSource=2&CUI=UN59772810236617435&UM=2&q=
    FF - plugin: C:\PROGRA~2\MICROS~1\Office14\NPSPWRAP.DLL
    FF - plugin: C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll
    FF - plugin: C:\Program Files (x86)\Google\Update\1.3.21.135\npGoogleUpdate3.dll
    FF - plugin: C:\Program Files (x86)\Java\jre7\bin\dtplugin\npdeployJava1.dll
    FF - plugin: C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll
    FF - plugin: c:\Program Files (x86)\Microsoft Silverlight\5.1.20913.0\npctrlui.dll
    FF - plugin: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll
    FF - plugin: C:\Windows\System32\Wat\npWatWeb.dll
    FF - plugin: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_9_900_117.dll
    FF - ExtSQL: 2013-10-04 09:15; [email protected]; C:\Users\Richard\AppData\Roaming\Mozilla\Firefox\Profiles\3s6870wh.default\extensions\[email protected]
    FF - ExtSQL: 2013-10-08 21:00; [email protected]; C:\Users\Richard\AppData\Roaming\Mozilla\Firefox\Profiles\3s6870wh.default\extensions\[email protected]
    FF - ExtSQL: 2013-10-11 09:50; {07cbf788-1359-421b-a4e3-5a8d041b90a3}; C:\Users\Richard\AppData\Roaming\Mozilla\Firefox\Profiles\3s6870wh.default\extensions\{07cbf788-1359-421b-a4e3-5a8d041b90a3}
    FF - ExtSQL: 2013-10-15 09:43; [email protected]bdcc28c5.com; C:\Users\Richard\AppData\Roaming\Mozilla\Firefox\Profiles\3s6870wh.default\extensions\[email protected]bdcc28c5.com
    FF - ExtSQL: 2013-10-15 09:43; {7f3f960e-a836-45ca-8911-0accb522246e}; C:\Users\Richard\AppData\Roaming\Mozilla\Firefox\Profiles\3s6870wh.default\extensions\{7f3f960e-a836-45ca-8911-0accb522246e}
    FF - ExtSQL: 2013-10-19 10:08; [email protected]; C:\Users\Richard\AppData\Roaming\Mozilla\Firefox\Profiles\3s6870wh.default\extensions\[email protected]
    FF - ExtSQL: 2013-10-19 10:09; {906000a4-88d9-4d52-b209-7a772970d91f}; C:\Users\Richard\AppData\Roaming\Mozilla\Firefox\Profiles\3s6870wh.default\extensions\{906000a4-88d9-4d52-b209-7a772970d91f}
    .
    ---- FIREFOX POLICIES ----
    FF - user.js: general.useragent.extra.brc -
    .
    ============= SERVICES / DRIVERS ===============
    .
    R0 amd_sata;amd_sata;C:\Windows\System32\drivers\amd_sata.sys [2011-3-14 75904]
    R0 amd_xata;amd_xata;C:\Windows\System32\drivers\amd_xata.sys [2011-3-14 38016]
    R0 PCTCore;PCTools KDS;C:\Windows\System32\drivers\PCTCore64.sys [2011-5-27 413448]
    R0 pctDS;PC Tools Data Store;C:\Windows\System32\drivers\pctDS64.sys [2011-5-27 453896]
    R0 pctEFA;PC Tools Extended File Attributes;C:\Windows\System32\drivers\pctEFA64.sys [2011-5-27 1096176]
    R0 SymDS;Symantec Data Store;C:\Windows\System32\drivers\NISx64\1404000.028\symds64.sys [2013-6-9 493656]
    R0 SymEFA;Symantec Extended File Attributes;C:\Windows\System32\drivers\NISx64\1404000.028\symefa64.sys [2013-6-9 1139800]
    R0 TfFsMon;TfFsMon;C:\Windows\System32\drivers\TfFsMon.sys [2013-2-3 66344]
    R0 TfSysMon;TfSysMon;C:\Windows\System32\drivers\TfSysMon.sys [2013-2-3 709552]
    R1 BHDrvx64;BHDrvx64;C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_20.3.1.22\Definitions\BASHDefs\20131002.001\BHDrvx64.sys [2013-10-1 1525848]
    R1 ccSet_MCLIENT;Norton Management Settings Manager;C:\Windows\System32\drivers\MCLIENTx64\0302020.00C\ccsetx64.sys [2013-8-22 168096]
    R1 ccSet_NIS;Norton Internet Security Settings Manager;C:\Windows\System32\drivers\NISx64\1404000.028\ccsetx64.sys [2013-6-9 169048]
    R1 IDSVia64;IDSVia64;C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_20.3.1.22\Definitions\IPSDefs\20131022.001\IDSviA64.sys [2013-10-22 521816]
    R1 lsnfd;lsnfd;C:\Windows\System32\drivers\lsnfd.sys [2013-10-2 58192]
    R1 pctgntdi;pctgntdi;C:\Windows\System32\drivers\pctgntdi64.sys [2011-5-27 347016]
    R1 pctNdisLW64;PC Tools NDIS 6 LightWeight filter;C:\Windows\System32\drivers\pctNdisLW64.sys [2011-12-6 76952]
    R1 PCTSD;PC Tools Spyware Doctor Driver;C:\Windows\System32\drivers\PCTSD64.sys [2011-5-27 253256]
    R1 SymIRON;Symantec Iron Driver;C:\Windows\System32\drivers\NISx64\1404000.028\ironx64.sys [2013-6-9 224416]
    R1 SymNetS;Symantec Network Security WFP Driver;C:\Windows\System32\drivers\NISx64\1404000.028\symnets.sys [2013-6-9 433752]
    R2 AMD External Events Utility;AMD External Events Utility;C:\Windows\System32\atiesrxx.exe [2011-3-14 203264]
    R2 AODDriver4.01;AODDriver4.01;C:\Program Files\ATI Technologies\ATI.ACE\Fuel\amd64\aoddriver2.sys [2011-6-24 55424]
    R2 cvhsvc;Client Virtualization Handler;C:\Program Files (x86)\Common Files\microsoft shared\Virtualization Handler\CVHSVC.EXE [2013-4-22 822504]
    R2 DefaultTabUpdate;DefaultTabUpdate;C:\Users\Richard\AppData\Roaming\defaulttab\defaulttab\dtupdate.exe [2013-10-19 107520]
    R2 FastFreeConverterUpdt;FastFreeConverterUpdt;C:\Program Files (x86)\Fast Free Converter\FastFreeConverterUpdt.exe [2013-5-22 687104]
    R2 lssvc;Linksicle Client Service;C:\Program Files (x86)\Linksicle\Service\lssvc.exe [2013-10-2 272936]
    R2 MCLIENT;Norton Management;C:\Program Files (x86)\Norton Management\Engine\3.2.2.12\ccsvchst.exe [2013-8-22 143928]
    R2 MSSQL$ACCUCHEK360;SQL Server (ACCUCHEK360);C:\Program Files (x86)\Microsoft SQL Server\MSSQL.1\MSSQL\Binn\sqlservr.exe [2010-12-10 29293408]
    R2 NIS;Norton Internet Security;C:\Program Files (x86)\Norton Internet Security\Engine\20.4.0.40\ccsvchst.exe [2013-6-9 144368]
    R2 ntk_PowerDVD;ntk_PowerDVD;C:\Program Files (x86)\CyberLink\PowerDVD11\Kernel\DMP\ntk_PowerDVD_64.sys [2011-6-4 75248]
    R2 PCPitstop Realtime;PCPitstop Realtime;C:\Program Files (x86)\PCPitstop\SuperShield\PCPitstopRTService.exe [2013-9-17 3866736]
    R2 PCPitstop Scheduling;PCPitstop Scheduling;C:\Program Files (x86)\PCPitstop\PCPitstopScheduleService.exe [2013-5-31 86216]
    R2 PCToolsSSDMonitorSvc;PC Tools Startup and Shutdown Monitor service;C:\Program Files (x86)\Common Files\PC Tools\sMonitor\StartManSvc.exe [2011-5-27 794272]
    R2 sbapifs;sbapifs;C:\Windows\System32\drivers\sbapifs.sys [2013-10-14 82872]
    R2 sftlist;Application Virtualization Client;C:\Program Files (x86)\Microsoft Application Virtualization Client\sftlist.exe [2013-6-26 523944]
    R3 amdiox64;AMD IO Driver;C:\Windows\System32\drivers\amdiox64.sys [2011-6-4 46136]
    R3 EraserUtilRebootDrv;EraserUtilRebootDrv;C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys [2013-8-26 140376]
    R3 netr28x;Ralink 802.11n Extensible Wireless Driver;C:\Windows\System32\drivers\netr28x.sys [2013-2-3 1813056]
    R3 RTL8167;Realtek 8167 NT Driver;C:\Windows\System32\drivers\Rt64win7.sys [2013-2-3 726160]
    R3 Sftfs;Sftfs;C:\Windows\System32\drivers\Sftfslh.sys [2013-6-26 767144]
    R3 Sftplay;Sftplay;C:\Windows\System32\drivers\Sftplaylh.sys [2013-6-26 273576]
    R3 Sftredir;Sftredir;C:\Windows\System32\drivers\Sftredirlh.sys [2013-6-26 28840]
    R3 Sftvol;Sftvol;C:\Windows\System32\drivers\Sftvollh.sys [2013-6-26 23208]
    R3 sftvsa;Application Virtualization Service Agent;C:\Program Files (x86)\Microsoft Application Virtualization Client\sftvsa.exe [2013-6-26 207528]
    R3 usbfilter;AMD USB Filter Driver;C:\Windows\System32\drivers\usbfilter.sys [2011-3-14 38456]
    S2 70e6ca8c;Optimizer Pro Crash Monitor;"c:\progra~2\optimizer pro\optprocrash.exe" --> c:\progra~2\optimizer pro\optprocrash.exe [?]
    S2 Browser Defender Update Service;Browser Defender Update Service;"C:\Program Files (x86)\PC Tools Security\BDT\BDTUpdateService.exe" --> C:\Program Files (x86)\PC Tools Security\BDT\BDTUpdateService.exe [?]
    S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]
    S2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-3-18 138576]
    S2 DefaultTabSearch;DefaultTabSearch;C:\Program Files (x86)\DefaultTab\DefaultTabSearch.exe [2013-10-7 573952]
    S2 WajamUpdaterV2;WajamUpdaterV2;"C:\Program Files (x86)\Wajam\Updater\WajamUpdaterV2.exe" --> C:\Program Files (x86)\Wajam\Updater\WajamUpdaterV2.exe [?]
    S3 AMD FUEL Service;AMD FUEL Service;C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe [2011-10-13 361984]
    S3 AtiHDAudioService;AMD Function Driver for HD Audio Service;C:\Windows\System32\drivers\AtihdW76.sys [2013-4-9 96256]
    S3 CLHNServiceForPowerDVD;CLHNServiceForPowerDVD;C:\Program Files (x86)\CyberLink\PowerDVD11\Kernel\DMP\CLHNServiceForPowerDVD.exe [2011-6-4 83240]
    S3 CyberLink PowerDVD 11.0 Monitor Service;CyberLink PowerDVD 11.0 Monitor Service;C:\Program Files (x86)\CyberLink\PowerDVD11\Common\MediaServer\CLMSMonitorService.exe [2011-6-4 70952]
    S3 CyberLink PowerDVD 11.0 Service;CyberLink PowerDVD 11.0 Service;C:\Program Files (x86)\CyberLink\PowerDVD11\Common\MediaServer\CLMSServer.exe [2011-6-4 312616]
    S3 DMDefragService;PC Tools Performance Toolkit Defrag Service;C:\Program Files (x86)\PC Tools Utilities\Tools\Defrag\DMDefragSrv.exe [2011-5-27 1147040]
    S3 DMRepairService;PC Tools Performance Toolkit Repair Service;C:\Program Files (x86)\PC Tools Utilities\Tools\Repair\DMRepairSrv.exe [2011-5-27 1134240]
    S3 gfiark;gfiark;C:\Windows\System32\drivers\gfiark.sys [2013-5-16 39504]
    S3 HP Support Assistant Service;HP Support Assistant Service;C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\HPSA_Service.exe [2011-9-9 86072]
    S3 HPClientSvc;HP Client Services;C:\Program Files\Hewlett-Packard\HP Client Services\HPClientServices.exe [2010-8-5 291896]
    S3 iWinTrusted;iWinTrusted;C:\Program Files (x86)\iWin Games\iWinTrusted.exe [2011-4-8 176848]
    S3 PCTBD;PC Tools Browser Defender Driver;C:\Windows\System32\drivers\PCTBD64.sys [2011-12-6 77144]
    S3 PCTDMDefrag;PCTDMDefrag;C:\Windows\System32\drivers\PCTDMDefrag.sys [2011-5-27 162328]
    S3 PCTDSMon;PCTDSMon;C:\Windows\System32\drivers\PCTDSMon.sys [2011-5-27 189880]
    S3 PCTFW-PacketFilter;PCTools Firewall - Packet filter driver;C:\Windows\System32\drivers\pctNdis-PacketFilter64.sys [2011-5-27 125024]
    S3 pctplfw;pctplfw;C:\Windows\System32\drivers\pctplfw64.sys [2011-5-27 182728]
    S3 pctplsg;pctplsg;C:\Windows\System32\drivers\pctplsg64.sys [2011-5-27 93600]
    S3 pctplsm;pctplsm;C:\Windows\System32\drivers\pctplsm64.sys [2013-2-3 87968]
    S3 pdfcDispatcher;PDF Document Manager;C:\Program Files (x86)\PDF Complete\pdfsvc.exe [2011-3-14 1128952]
    S3 RdpVideoMiniport;Remote Desktop Video Miniport Driver;C:\Windows\System32\drivers\rdpvideominiport.sys [2011-6-9 20992]
    S3 RtkAudioService;Realtek Audio Service;C:\Program Files\Realtek\Audio\HDA\RtkAudioService64.exe [2013-8-26 246488]
    S3 sdAuxService;PC Tools Auxiliary Service;C:\Program Files (x86)\PC Tools Security\pctsAuxs.exe --> C:\Program Files (x86)\PC Tools Security\pctsAuxs.exe [?]
    S3 sdCoreService;PC Tools Security Service;C:\Program Files (x86)\PC Tools Security\pctsSvc.exe --> C:\Program Files (x86)\PC Tools Security\pctsSvc.exe [?]
    S3 SDScannerService;Spybot-S&D 2 Scanner Service;C:\Program Files (x86)\Spybot - Search & Destroy 2\SDFSSvc.exe [2013-8-27 1817560]
    S3 SDUpdateService;Spybot-S&D 2 Updating Service;C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdSvc.exe [2013-8-27 1033688]
    S3 SDWSCService;Spybot-S&D 2 Security Center Service;C:\Program Files (x86)\Spybot - Search & Destroy 2\SDWSCSvc.exe [2013-8-27 171928]
    S3 TfNetMon;TfNetMon;C:\Windows\System32\drivers\TfNetMon.sys [2013-2-3 42648]
    S3 ThreatFire;ThreatFire;C:\Program Files (x86)\PC Tools Security\TFEngine\TFService.exe service --> C:\Program Files (x86)\PC Tools Security\TFEngine\TFService.exe service [?]
    S3 TsUsbFlt;TsUsbFlt;C:\Windows\System32\drivers\TsUsbFlt.sys [2011-6-9 59392]
    S3 Update LinkSwift;Update LinkSwift;C:\Program Files (x86)\LinkSwift\updateLinkSwift.exe [2013-10-4 65312]
    S3 Util LinkSwift;Util LinkSwift;C:\Program Files (x86)\LinkSwift\bin\utilLinkSwift.exe [2013-10-11 65312]
    S3 WatAdminSvc;Windows Activation Technologies Service;C:\Windows\System32\Wat\WatAdminSvc.exe [2011-5-28 1255736]
    S4 wlcrasvc;Windows Live Mesh remote connections service;C:\Program Files\Windows Live\Mesh\wlcrasvc.exe [2010-9-22 57184]
    .
    =============== File Associations ===============
    .
    ShellExec: Opera.exe: open="C:\Program Files (x86)\Opera\Launcher.exe" "%1"
    .
    =============== Created Last 30 ================
    .
    2013-10-22 18:21:32 -------- d-----w- C:\Users\Richard\AppData\Roaming\Safer Networking
    2013-10-22 18:18:24 -------- d-----w- C:\Program Files (x86)\Safer Networking
    2013-10-19 17:09:37 -------- d-----w- C:\Program Files (x86)\File Type Helper
    2013-10-19 17:09:33 -------- d-----w- C:\Program Files (x86)\Fast Free Converter
    2013-10-19 17:09:07 -------- d-----w- C:\Program Files (x86)\DefaultTab
    2013-10-19 17:08:57 -------- d-----w- C:\Users\Richard\AppData\Roaming\defaulttab
    2013-10-19 17:07:55 -------- d-----w- C:\Program Files (x86)\Flash Player Pro
    2013-10-19 17:02:45 -------- d-----w- C:\Program Files\Linksicle
    2013-10-19 17:02:39 -------- d-----w- C:\Program Files (x86)\Linksicle
    2013-10-17 20:50:46 108968 ----a-w- C:\Windows\System32\WindowsAccessBridge-64.dll
    2013-10-17 20:49:18 96168 ----a-w- C:\Windows\SysWow64\WindowsAccessBridge-32.dll
    2013-10-15 19:22:30 -------- d-----w- C:\e9069e3fe157a6b02f69
    2013-10-15 19:03:47 -------- d-----w- C:\Users\Richard\AppData\Roaming\NewspaperDirect
    2013-10-15 17:03:26 -------- d-----w- C:\Program Files\Uninstaller
    2013-10-14 23:54:06 82872 ----a-w- C:\Windows\System32\drivers\sbapifs.sys
    2013-10-12 15:12:14 -------- d-----w- C:\Users\Richard\AppData\Local\HuluDesktop
    2013-10-11 16:50:38 -------- d-----w- C:\Program Files (x86)\Conduit
    2013-10-11 16:50:35 -------- d-----w- C:\ProgramData\Conduit
    2013-10-11 16:50:34 -------- d-----w- C:\Program Files (x86)\InternetHelper3.1
    2013-10-10 09:29:26 633856 ----a-w- C:\Windows\System32\comctl32.dll
    2013-10-10 09:28:59 5549504 ----a-w- C:\Windows\System32\ntoskrnl.exe
    2013-10-10 00:33:02 -------- d-----w- C:\Users\Richard\AppData\Local\Real
    2013-10-10 00:28:29 -------- d-----w- C:\Program Files (x86)\LinkSwift
    2013-10-10 00:26:06 -------- d-----w- C:\Users\Richard\AppData\Local\WordLayers
    2013-10-09 02:35:16 -------- d-----w- C:\ProgramData\34BE82C4-E596-4e99-A191-52C6199EBF69
    2013-10-09 02:35:16 -------- d-----w- C:\Program Files\iPod
    2013-10-09 02:35:15 -------- d-----w- C:\Program Files\iTunes
    2013-10-02 21:14:52 58192 ----a-w- C:\Windows\System32\drivers\lsnfd.sys
    2013-09-27 21:28:40 428408 ----a-w- C:\Windows\System32\G-Force.scr
    2013-09-27 21:28:08 284536 ----a-w- C:\Program Files\Windows Media Player\Visualizations\G-Force_WMP.x64.dll
    2013-09-27 21:27:48 257912 ----a-w- C:\Program Files (x86)\Windows Media Player\Visualizations\G-Force_WMP.dll
    .
    ==================== Find3M ====================
    .
    2013-10-15 16:42:13 773712 ----a-w- C:\Windows\SysWow64\msvcr100.dll
    2013-10-15 16:42:13 420944 ----a-w- C:\Windows\SysWow64\msvcp100.dll
    2013-10-09 14:29:29 71048 ----a-w- C:\Windows\SysWow64\FlashPlayerCPLApp.cpl
    2013-10-09 14:29:29 692616 ----a-w- C:\Windows\SysWow64\FlashPlayerApp.exe
    2013-09-22 23:28:06 1767936 ----a-w- C:\Windows\SysWow64\wininet.dll
    2013-09-22 23:27:49 2876928 ----a-w- C:\Windows\SysWow64\jscript9.dll
    2013-09-22 23:27:48 61440 ----a-w- C:\Windows\SysWow64\iesetup.dll
    2013-09-22 23:27:48 109056 ----a-w- C:\Windows\SysWow64\iesysprep.dll
    2013-09-22 22:55:10 2241024 ----a-w- C:\Windows\System32\wininet.dll
    2013-09-22 22:54:51 3959296 ----a-w- C:\Windows\System32\jscript9.dll
    2013-09-22 22:54:50 67072 ----a-w- C:\Windows\System32\iesetup.dll
    2013-09-22 22:54:50 136704 ----a-w- C:\Windows\System32\iesysprep.dll
    2013-09-21 03:38:39 2706432 ----a-w- C:\Windows\System32\mshtml.tlb
    2013-09-21 03:30:24 2706432 ----a-w- C:\Windows\SysWow64\mshtml.tlb
    2013-09-21 02:48:36 89600 ----a-w- C:\Windows\System32\RegisterIEPKEYs.exe
    2013-09-21 02:39:47 71680 ----a-w- C:\Windows\SysWow64\RegisterIEPKEYs.exe
    2013-09-14 01:10:19 497152 ----a-w- C:\Windows\System32\drivers\afd.sys
    2013-09-08 02:30:37 1903552 ----a-w- C:\Windows\System32\drivers\tcpip.sys
    2013-09-08 02:27:14 327168 ----a-w- C:\Windows\System32\mswsock.dll
    2013-09-08 02:03:58 231424 ----a-w- C:\Windows\SysWow64\mswsock.dll
    2013-08-29 02:16:35 1732032 ----a-w- C:\Windows\System32\ntdll.dll
    2013-08-29 02:16:28 243712 ----a-w- C:\Windows\System32\wow64.dll
    2013-08-29 02:16:14 859648 ----a-w- C:\Windows\System32\tdh.dll
    2013-08-29 02:13:28 878080 ----a-w- C:\Windows\System32\advapi32.dll
    2013-08-29 01:51:45 3969472 ----a-w- C:\Windows\SysWow64\ntkrnlpa.exe
    2013-08-29 01:51:45 3914176 ----a-w- C:\Windows\SysWow64\ntoskrnl.exe
    2013-08-29 01:50:31 5120 ----a-w- C:\Windows\SysWow64\wow32.dll
    2013-08-29 01:50:30 1292192 ----a-w- C:\Windows\SysWow64\ntdll.dll
    2013-08-29 01:50:16 619520 ----a-w- C:\Windows\SysWow64\tdh.dll
    2013-08-29 01:48:17 640512 ----a-w- C:\Windows\SysWow64\advapi32.dll
    2013-08-29 01:48:15 44032 ----a-w- C:\Windows\apppatch\acwow64.dll
    2013-08-29 00:49:53 25600 ----a-w- C:\Windows\SysWow64\setup16.exe
    2013-08-29 00:49:52 7680 ----a-w- C:\Windows\SysWow64\instnm.exe
    2013-08-29 00:49:52 14336 ----a-w- C:\Windows\SysWow64\ntvdm64.dll
    2013-08-29 00:49:49 2048 ----a-w- C:\Windows\SysWow64\user.exe
    2013-08-28 01:21:06 3155968 ----a-w- C:\Windows\System32\win32k.sys
    2013-08-28 01:12:33 461312 ----a-w- C:\Windows\System32\scavengeui.dll
    2013-08-05 02:25:45 155584 ----a-w- C:\Windows\System32\drivers\ataport.sys
    2013-08-02 02:14:57 215040 ----a-w- C:\Windows\System32\winsrv.dll
    2013-08-02 02:13:34 424448 ----a-w- C:\Windows\System32\KernelBase.dll
    2013-08-02 01:50:42 274944 ----a-w- C:\Windows\SysWow64\KernelBase.dll
    2013-08-02 01:09:17 338432 ----a-w- C:\Windows\System32\conhost.exe
    2013-08-02 00:59:09 112640 ----a-w- C:\Windows\System32\smss.exe
    2013-08-02 00:43:05 6144 ---ha-w- C:\Windows\SysWow64\api-ms-win-security-base-l1-1-0.dll
    2013-08-02 00:43:05 4608 ---ha-w- C:\Windows\SysWow64\api-ms-win-core-threadpool-l1-1-0.dll
    2013-08-02 00:43:05 3584 ---ha-w- C:\Windows\SysWow64\api-ms-win-core-xstate-l1-1-0.dll
    2013-08-02 00:43:05 3072 ---ha-w- C:\Windows\SysWow64\api-ms-win-core-util-l1-1-0.dll
    2013-08-01 12:09:36 983488 ----a-w- C:\Windows\System32\drivers\dxgkrnl.sys
    .
    ============= FINISH: 9:42:41.50 ===============

    attach.txt file:
    .
    UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.
    IF REQUESTED, ZIP IT UP & ATTACH IT
    .
    DDS (Ver_2012-11-20.01)
    .
    Microsoft Windows 7 Ultimate
    Boot Device: \Device\HarddiskVolume1
    Install Date: 5/26/2011 5:09:09 PM
    System Uptime: 10/23/2013 9:10:55 AM (0 hours ago)
    .
    Motherboard: FOXCONN | | 2AB1
    Processor: AMD Phenom(tm) II X4 840T Processor | CPU 1 | 2175/200mhz
    .
    ==== Disk Partitions =========================
    .
    C: is FIXED (NTFS) - 918 GiB total, 747.026 GiB free.
    D: is FIXED (NTFS) - 13 GiB total, 1.651 GiB free.
    E: is CDROM ()
    G: is Removable
    H: is Removable
    I: is Removable
    J: is FIXED (NTFS) - 932 GiB total, 0.007 GiB free.
    K: is Removable
    .
    ==== Disabled Device Manager Items =============
    .
    Class GUID: {8ECC055D-047F-11D1-A537-0000F8753ED1}
    Description: PC Tools Data Store
    Device ID: ROOT\LEGACY_PCTDS\0000
    Manufacturer:
    Name: PC Tools Data Store
    PNP Device ID: ROOT\LEGACY_PCTDS\0000
    Service: pctDS
    .
    ==== System Restore Points ===================
    .
    RP717: 10/17/2013 1:47:23 PM - PC Pitstop Restore Point
    RP718: 10/17/2013 8:23:58 PM - Windows Update
    RP719: 10/19/2013 6:03:21 AM - RegCure Pro Backup
    RP720: 10/19/2013 12:29:41 PM - S
    RP721: 10/19/2013 2:18:05 PM - RegCure Pro Backup
    RP722: 10/19/2013 3:16:42 PM - RegCure Pro Backup
    RP723: 10/19/2013 5:12:40 PM - RegCure Pro Backup
    RP724: 10/20/2013 9:58:55 AM - RegCure Pro Backup
    RP725: 10/20/2013 7:00:43 PM - Windows Backup
    .
    ==== Installed Programs ======================
    .
    Update for Microsoft Office 2007 (KB2508958)
    Adobe AIR
    Adobe Flash Player 11 ActiveX
    Adobe Flash Player 11 Plugin
    AI RoboForm (All Users)
    Amazing Adventures Riddle of the Two Knights ™
    Amazing Adventures: Around the World
    Amazing Adventures: The Caribbean Secret
    Amazing Adventures: The Forgotten Dynasty
    Amazing Adventures: The Lost Tomb
    AMD APP SDK Runtime
    AMD Catalyst Install Manager
    AMD Fuel
    AMD Problem Report Wizard
    AMD VISION Engine Control Center
    Apple Application Support
    Apple Software Update
    AudibleManager
    Awakening: Moonfell Wood
    Awakening: The Dreamless Castle
    Awakening: The Goblin Kingdom Collector's Edition
    Awakening: The Skyward Castle Collector's Edition
    Azada &reg;
    Azkend
    Azkend 2: The World Beneath
    Baldur's Gate
    Bejeweled 2 Deluxe
    Bejeweled 3
    Big Fish Games Texas Hold'Em
    Big Fish Games: Game Manager
    Blio
    Borland Data Engine
    Catalyst Control Center - Branding
    Catalyst Control Center Graphics Previews Common
    Catalyst Control Center InstallProxy
    Catalyst Control Center Localization All
    ccc-utility64
    CCC Help Chinese Standard
    CCC Help Chinese Traditional
    CCC Help Czech
    CCC Help Danish
    CCC Help Dutch
    CCC Help English
    CCC Help Finnish
    CCC Help French
    CCC Help German
    CCC Help Greek
    CCC Help Hungarian
    CCC Help Italian
    CCC Help Japanese
    CCC Help Korean
    CCC Help Norwegian
    CCC Help Polish
    CCC Help Portuguese
    CCC Help Russian
    CCC Help Spanish
    CCC Help Swedish
    CCC Help Thai
    CCC Help Turkish
    CodeBlocks
    CyberLink PowerDVD 11
    D3DX10
    Dark Tales: Edgar Allan Poe's The Gold Bug
    Dark Tales: Edgar Allan Poe's The Premature Burial
    Dark Tales: Edgar Allan Poe`s Murders in the Rue Morgue
    Dark Tales: ™ Edgar Allan Poe's The Black Cat
    DefaultTab
    DMUninstaller
    Dracula Origin
    Drawn&reg;: The Painted Tower ™
    Drawn: Dark Flight &reg;
    Dream Chronicles
    Dream Chronicles ™ 2: The Eternal Maze
    Dream Chronicles: The Book of Air
    Dream Chronicles: The Book of Water
    Dream Chronicles: The Chosen Child
    DVD-CLONER V5.40 Build 971
    DVD Menu Pack for HP MediaSmart Video
    Echoes of the Past: Royal House of Stone
    Echoes of the Past: The Castle of Shadows Collector's Edition
    Echoes of the Past: The Citadels of Time Collector's Edition
    Echoes of the Past: The Revenge of the Witch Collector's Edition
    Enlightenus
    Enlightenus II: The Timeless Tower
    Escape Rosecliff Island
    Escape the Emerald Star
    Escape Whisper Valley
    Fable - The Lost Chapters
    Fabled Legends: The Dark Piper
    Fabled Legends: The Dark Piper Collector's Edition
    Fast Free Converter
    Fear For Sale: Mystery of McInroy Manor
    Flash Player Pro V5.4
    G-Force
    Google Chrome
    Google Earth
    Google Update Helper
    Hallowed Legends: Samhain
    Hallowed Legends: Templar
    Haunted Halls: Fears from Childhood
    Haunted Halls: Green Hills Sanitarium
    Haunted Halls: Revenge of Doctor Blackmore
    Haunted Legends: The Bronze Horseman
    Haunted Legends: The Queen of Spades
    Haunted Legends: The Undertaker
    Hidden Expedition &reg; - Devil's Triangle
    Hidden Expedition &reg;: Amazon
    Hidden Expedition &reg;: Everest
    Hidden Expedition &reg;: Titanic
    Hidden Expedition: The Uncharted Islands
    Hidden Mysteries&reg;: The Fateful Voyage - Titanic
    House of 1000 Doors: The Palm of Zoroaster Collector's Edition
    HP Auto
    HP Client Services
    HP Customer Experience Enhancements
    HP MediaSmart DVD
    HP MediaSmart Music
    HP MediaSmart Photo
    HP MediaSmart SmartMenu
    HP MediaSmart Video
    HP MediaSmart/TouchSmart Netflix
    HP MovieStore
    HP Odometer
    HP Product Detection
    HP Setup
    HP Setup Manager
    HP Support Assistant
    HP Support Information
    HP Update
    HP Vision Hardware Diagnostics
    HydraVision
    iCloud
    Internet TV for Windows Media Center
    InternetHelper3.1 Toolbar for IE
    iTunes
    Java 7 Update 45
    Java 7 Update 45 (64-bit)
    Java Auto Updater
    Java(TM) 6 Update 24
    Jewel Legends: Tree of Life
    Journey to the Center of the Earth
    Junk Mail filter update
    Kobo
    LaserTank
    Legacy of the Incas
    LightScribe System Software
    Linksicle
    LinkSwift 1.0.0
    Liong: The Dragon Dance
    Living Legends: Ice Rose
    Lost in Time: The Clockwork Tower
    Lost Realms: Legacy of the Sun Princess
    Luxor 2
    Luxor Adventures
    Luxor Bundle Pack
    Luxor Evolved
    Luxor Mahjong
    Luxor: Quest for the Afterlife
    Mah Jong Quest (remove only)
    Mah Jong Quest II
    Mah Jong Quest III: Balance of Life
    Mahjong Escape Ancient China
    Mahjong Escape Ancient Japan
    Mahjong Towers Eternity ™
    Mahjongg - Ancient Egypt
    Mahjongg Artifacts
    Mahjongg Artifacts: Chapter 2
    Mahjongg: Ancient Mayas
    Microsoft .NET Framework 1.1
    Microsoft .NET Framework 4 Client Profile
    Microsoft .NET Framework 4 Extended
    Microsoft Application Error Reporting
    Microsoft Easy Assist v2
    Microsoft Office 2007 Service Pack 3 (SP3)
    Microsoft Office 2010
    Microsoft Office Click-to-Run 2010
    Microsoft Office Excel MUI (English) 2007
    Microsoft Office File Validation Add-In
    Microsoft Office Home and Student 2007
    Microsoft Office Office 64-bit Components 2007
    Microsoft Office OneNote MUI (English) 2007
    Microsoft Office PowerPoint MUI (English) 2007
    Microsoft Office Proof (English) 2007
    Microsoft Office Proof (French) 2007
    Microsoft Office Proof (Spanish) 2007
    Microsoft Office Proofing (English) 2007
    Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
    Microsoft Office Shared 64-bit MUI (English) 2007
    Microsoft Office Shared 64-bit Setup Metadata MUI (English) 2007
    Microsoft Office Shared MUI (English) 2007
    Microsoft Office Shared Setup Metadata MUI (English) 2007
    Microsoft Office Starter 2010 - English
    Microsoft Office Word MUI (English) 2007
    Microsoft Silverlight
    Microsoft SQL Server 2005
    Microsoft SQL Server 2005 Compact Edition [ENU]
    Microsoft SQL Server 2005 Express Edition (ACCUCHEK360)
    Microsoft SQL Server 2005 Tools Express Edition
    Microsoft SQL Server Native Client
    Microsoft SQL Server Setup Support Files (English)
    Microsoft SQL Server VSS Writer
    Microsoft Visual C++ 2005 ATL Update kb973923 - x64 8.0.50727.4053
    Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
    Microsoft Visual C++ 2005 Redistributable
    Microsoft Visual C++ 2005 Redistributable (x64)
    Microsoft Visual C++ 2005 Redistributable (x64) - KB2467175
    Microsoft Visual C++ 2008 Redistributable - KB2467174 - x64 9.0.30729.5570
    Microsoft Visual C++ 2008 Redistributable - KB2467174 - x86 9.0.30729.5570
    Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17
    Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148
    Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161
    Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
    Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
    Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
    Microsoft Visual C++ 2010 x64 Redistributable - 10.0.30319
    Microsoft Visual C++ 2010 x86 Redistributable - 10.0.30319
    Microsoft WSE 3.0 Runtime
    Midnight Mysteries: Devil on the Mississippi Collector's Edition
    Midnight Mysteries: Haunted Houdini Deluxe
    Midnight Mysteries: Salem Witch Trials
    Midnight Mysteries: The Edgar Allan Poe Conspiracy
    Movie Theme Pack for HP MediaSmart Video
    Mozilla Firefox 24.0 (x86 en-US)
    Mozilla Maintenance Service
    MSVCRT
    MSVCRT_amd64
    MSXML 4.0 SP2 (KB954430)
    MSXML 4.0 SP2 (KB973688)
    Mummy Maze Deluxe
    Mystery Case Files &reg;: 13th Skull ™ Collector's Edition
    Mystery Case Files &reg;: Dire Grove ™
    Mystery Case Files&reg;: Escape from Ravenhearst™ Collector's Edition
    Mystery Case Files: Huntsville ™
    Mystery Case Files: Madame Fate &reg;
    Mystery Case Files: Prime Suspects ™
    Mystery Case Files: Ravenhearst &reg;
    Mystery Case Files: Return to Ravenhearst ™
    Mystery Case Files: Return to Ravenhearst Original Soundtrack ™
    Mystery Chronicles: Betrayals of Love
    Mystery Chronicles: Murder Among Friends
    Mystery Legends: Sleepy Hollow
    Mystery Trackers: Black Isle Collector's Edition
    Mystery Trackers: Raincliff Collector's Edition
    Mystery Trackers: The Four Aces
    Mystery Trackers: The Void Collector's Edition
    Next Generation Visualisations
    Norton Internet Security
    Norton Management
    NVIDIA PhysX v8.10.13
    Oblivion
    Octoshape add-in for Adobe Flash Player
    Omron Health Management Software
    Opera 12.16
    Opera Stable 17.0.1241.45
    Orbz
    Outlook 2010 Toolbar
    ParetoLogic Privacy Controls
    PC Matic 1.1.0.50
    PC Pitstop Info Center 1.0.0.16
    PC Pitstop SuperShield 1.0.0.38
    PDF Complete Special Edition
    Peggle Nights
    PlayReady PC Runtime amd64
    PlayReady PC Runtime x86
    PowerDirector
    Ralink RT2860 Wireless LAN Card
    Realtek High Definition Audio Driver
    Recovery Manager
    RegAlyzer
    RegCure Pro
    Ricochet: Infinity
    Samantha Swift and the Fountains of Fate
    Samantha Swift and the Golden Touch
    Samantha Swift and the Hidden Roses of Athena
    Samantha Swift: Mystery From Atlantis
    Secrets of the Dark: Eclipse Mountain Collector's Edition
    Secrets of the Dark: Temple of Night Collector's Edition
    Security Update for Microsoft .NET Framework 4 Client Profile (KB2446708)
    Security Update for Microsoft .NET Framework 4 Client Profile (KB2478663)
    Security Update for Microsoft .NET Framework 4 Client Profile (KB2518870)
    Security Update for Microsoft .NET Framework 4 Client Profile (KB2539636)
    Security Update for Microsoft .NET Framework 4 Client Profile (KB2572078)
    Security Update for Microsoft .NET Framework 4 Client Profile (KB2604121)
    Security Update for Microsoft .NET Framework 4 Client Profile (KB2633870)
    Security Update for Microsoft .NET Framework 4 Client Profile (KB2656351)
    Security Update for Microsoft .NET Framework 4 Client Profile (KB2656368)
    Security Update for Microsoft .NET Framework 4 Client Profile (KB2656368v2)
    Security Update for Microsoft .NET Framework 4 Client Profile (KB2656405)
    Security Update for Microsoft .NET Framework 4 Client Profile (KB2686827)
    Security Update for Microsoft .NET Framework 4 Client Profile (KB2729449)
    Security Update for Microsoft .NET Framework 4 Client Profile (KB2736428)
    Security Update for Microsoft .NET Framework 4 Client Profile (KB2737019)
    Security Update for Microsoft .NET Framework 4 Client Profile (KB2742595)
    Security Update for Microsoft .NET Framework 4 Client Profile (KB2789642)
    Security Update for Microsoft .NET Framework 4 Client Profile (KB2804576)
    Security Update for Microsoft .NET Framework 4 Client Profile (KB2835393)
    Security Update for Microsoft .NET Framework 4 Client Profile (KB2840628)
    Security Update for Microsoft .NET Framework 4 Client Profile (KB2840628v2)
    Security Update for Microsoft .NET Framework 4 Client Profile (KB2858302v2)
    Security Update for Microsoft .NET Framework 4 Extended (KB2487367)
    Security Update for Microsoft .NET Framework 4 Extended (KB2736428)
    Security Update for Microsoft .NET Framework 4 Extended (KB2742595)
    Security Update for Microsoft .NET Framework 4 Extended (KB2858302v2)
    Security Update for Microsoft Office 2007 suites (KB2596744) 32-Bit Edition
    Security Update for Microsoft Office 2007 suites (KB2596754) 32-Bit Edition
    Security Update for Microsoft Office 2007 suites (KB2596792) 32-Bit Edition
    Security Update for Microsoft Office 2007 suites (KB2596825) 32-Bit Edition
    Security Update for Microsoft Office 2007 suites (KB2596871) 32-Bit Edition
    Security Update for Microsoft Office 2007 suites (KB2597969) 32-Bit Edition
    Security Update for Microsoft Office 2007 suites (KB2597973) 32-Bit Edition
    Security Update for Microsoft Office 2007 suites (KB2687309) 32-Bit Edition
    Security Update for Microsoft Office 2007 suites (KB2760411) 32-Bit Edition
    Security Update for Microsoft Office 2007 suites (KB2760585) 32-Bit Edition
    Security Update for Microsoft Office 2007 suites (KB2760591) 32-Bit Edition
    Security Update for Microsoft Office 2007 suites (KB2827326) 32-Bit Edition
    Security Update for Microsoft Office 2007 suites (KB2827329) 32-Bit Edition
    Security Update for Microsoft Office Excel 2007 (KB2827324) 32-Bit Edition
    Security Update for Microsoft Office InfoPath 2007 (KB2687440) 32-Bit Edition
    Security Update for Microsoft Office PowerPoint 2007 (KB2596764) 32-Bit Edition
    Security Update for Microsoft Office PowerPoint 2007 (KB2596912) 32-Bit Edition
    Security Update for Microsoft Office Word 2007 (KB2827330) 32-Bit Edition
    SereneScreen Marine Aquarium 2 + Time
    Shadow Wolf Mysteries: Curse of the Full Moon
    Shaolin Mystery: Revenge of the Terracotta Warriors
    Shaolin Mystery: Tale of the Jade Dragon Staff
    Sherlock Holmes and the Hound of the Baskervilles Collector's Edition
    Shiver: Vanishing Hitchhiker
    ShopAtHome.com Toolbar
    SPORE™
    Spybot - Search & Destroy
    Support Version MJQ
    The Lord of the Rings Online™: Shadows of Angmar™ v07.12.30.54
    The Lost Cases of Sherlock Holmes
    The Treasures Of Montezuma
    The Treasures of Montezuma 2
    The Treasures of Montezuma 3
    Treasure Seekers: Follow the Ghosts
    Update for 2007 Microsoft Office System (KB967642)
    Update for Microsoft .NET Framework 4 Client Profile (KB2468871)
    Update for Microsoft .NET Framework 4 Client Profile (KB2533523)
    Update for Microsoft .NET Framework 4 Client Profile (KB2600217)
    Update for Microsoft .NET Framework 4 Client Profile (KB2836939)
    Update for Microsoft .NET Framework 4 Client Profile (KB2836939v3)
    Update for Microsoft .NET Framework 4 Extended (KB2468871)
    Update for Microsoft .NET Framework 4 Extended (KB2533523)
    Update for Microsoft .NET Framework 4 Extended (KB2600217)
    Update for Microsoft .NET Framework 4 Extended (KB2836939v3)
    Update for Microsoft Office 2007 Help for Common Features (KB963673)
    Update for Microsoft Office 2007 suites (KB2596620) 32-Bit Edition
    Update for Microsoft Office 2007 suites (KB2687493) 32-Bit Edition
    Update for Microsoft Office 2007 suites (KB2767849) 32-Bit Edition
    Update for Microsoft Office 2007 suites (KB2767916) 32-Bit Edition
    Update for Microsoft Office Excel 2007 Help (KB963678)
    Update for Microsoft Office OneNote 2007 Help (KB963670)
    Update for Microsoft Office Powerpoint 2007 Help (KB963669)
    Update for Microsoft Office Script Editor Help (KB963671)
    Update for Microsoft Office Word 2007 Help (KB963665)
    Vacation Quest: Australia
    Vacation Quest: The Hawaiian Islands
    Venice Mystery
    Victorian Mysteries: Woman in White
    Windows 7 Upgrade Advisor
    Windows Driver Package - Advanced Micro Devices (AtiHDAudioService) MEDIA (05/11/2012 7.12.0.7708)
    Windows Driver Package - Ralink Technology, Corp. (netr28x) Net (11/14/2011 3.02.07.0000)
    Windows Driver Package - Realtek (RTL8167) Net (06/12/2012 7.061.0612.2012)
    Windows Driver Package - Realtek Semiconductor Corp. HD Audio Driver (03/29/2013 6.0.1.6873)
    Windows Driver Package - Realtek Semiconductor Corp. HD Audio Driver (06/19/2012 6.0.1.6662)
    Windows Driver Package - Realtek Semiconductor Corp. HD Audio Driver (07/16/2013 6.0.1.6971)
    Windows Live Communications Platform
    Windows Live Essentials
    Windows Live ID Sign-in Assistant
    Windows Live Installer
    Windows Live Language Selector
    Windows Live Mail
    Windows Live Messenger
    Windows Live MIME IFilter
    Windows Live Movie Maker
    Windows Live Photo Common
    Windows Live Photo Gallery
    Windows Live PIMT Platform
    Windows Live Remote Service
    Windows Live SOXE
    Windows Live SOXE Definitions
    Windows Live UX Platform
    Windows Live UX Platform Language Pack
    Windows Live Writer
    Windows Live Writer Resources
    Windows Mobile Device Updater Component
    Windows XP Mode
    Witch Hunters: Stolen Beauty
    Word Layers
    Zuma Deluxe
    Zune
    Zune Language Pack (CHS)
    Zune Language Pack (CHT)
    Zune Language Pack (CSY)
    Zune Language Pack (DAN)
    Zune Language Pack (DEU)
    Zune Language Pack (ELL)
    Zune Language Pack (ESP)
    Zune Language Pack (FIN)
    Zune Language Pack (FRA)
    Zune Language Pack (HUN)
    Zune Language Pack (IND)
    Zune Language Pack (ITA)
    Zune Language Pack (JPN)
    Zune Language Pack (KOR)
    Zune Language Pack (MSL)
    Zune Language Pack (NLD)
    Zune Language Pack (NOR)
    Zune Language Pack (PLK)
    Zune Language Pack (PTB)
    Zune Language Pack (PTG)
    Zune Language Pack (RUS)
    Zune Language Pack (SVE)
    .
    ==== Event Viewer Messages From Past Week ========
    .
    10/23/2013 9:12:37 AM, Error: Service Control Manager [7034] - The DefaultTabSearch service terminated unexpectedly. It has done this 1 time(s).
    10/23/2013 9:12:18 AM, Error: Service Control Manager [7000] - The WajamUpdaterV2 service failed to start due to the following error: The system cannot find the file specified.
    10/20/2013 10:07:02 AM, Error: Service Control Manager [7032] - The Service Control Manager tried to take a corrective action (Restart the service) after the unexpected termination of the Windows Search service, but this action failed with the following error: An instance of the service is already running.
    10/20/2013 10:06:28 AM, Error: Service Control Manager [7031] - The Windows Search service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 30000 milliseconds: Restart the service.
    10/20/2013 10:06:28 AM, Error: Service Control Manager [7024] - The Windows Search service terminated with service-specific error %%-1073473535.
    10/19/2013 12:23:14 PM, Error: Service Control Manager [7034] - The WajamUpdaterV2 service terminated unexpectedly. It has done this 1 time(s).
    10/19/2013 10:09:35 AM, Error: Service Control Manager [7030] - The FastFreeConverterUpdt service is marked as an interactive service. However, the system is configured to not allow interactive services. This service may not function properly.
    10/19/2013 10:09:09 AM, Error: Service Control Manager [7030] - The DefaultTabSearch service is marked as an interactive service. However, the system is configured to not allow interactive services. This service may not function properly.
    10/18/2013 7:15:58 AM, Error: Service Control Manager [7011] - A timeout (30000 milliseconds) was reached while waiting for a transaction response from the MCLIENT service.
    10/16/2013 9:37:16 PM, Error: Microsoft-Windows-WindowsUpdateClient [20] - Installation Failure: Windows failed to install the following update with error 0x80070002: Security Update for Microsoft .NET Framework 4 on XP, Server 2003, Vista, Windows 7, Server 2008, Server 2008 R2 for x64 (KB2736428).
    10/16/2013 9:37:15 PM, Error: Microsoft-Windows-WindowsUpdateClient [20] - Installation Failure: Windows failed to install the following update with error 0x80070002: Security Update for Microsoft .NET Framework 4 on Windows XP, Windows Server 2003, Windows Vista, Windows 7, Windows Server 2008, Windows Server 2008 R2 for x64-based Systems (KB2487367).
    10/16/2013 9:07:59 PM, Error: Disk [11] - The driver detected a controller error on \Device\Harddisk1\DR1.
    .
    ==== End Of File ===========================

    ark.txt file:

    GMER 2.1.19163 - http://www.gmer.net
    Rootkit scan 2013-10-23 13:04:25
    Windows 6.1.7601 Service Pack 1 x64 \Device\Harddisk0\DR0 -> \Device\0000007b ST310005 rev.HP35 931.51GB
    Running: qrdc24n8.exe; Driver: C:\Users\Richard\AppData\Local\Temp\ufliikow.sys


    ---- Kernel code sections - GMER 2.1 ----

    INITKDBG C:\Windows\system32\ntoskrnl.exe!ExDeleteNPagedLookasideList + 630 fffff80003fb4066 48 bytes [65, 48, 8B, 1C, 25, 88, 01, ...]
    INITKDBG C:\Windows\system32\ntoskrnl.exe!ExDeleteNPagedLookasideList + 680 fffff80003fb4098 27 bytes [48, 8B, 8C, 24, E8, 00, 00, ...]

    ---- User code sections - GMER 2.1 ----

    .text C:\Program Files (x86)\Fast Free Converter\FastFreeConverterUpdt.exe[2068] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 69 00000000753e1465 2 bytes [3E, 75]
    .text C:\Program Files (x86)\Fast Free Converter\FastFreeConverterUpdt.exe[2068] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 155 00000000753e14bb 2 bytes [3E, 75]
    .text ... * 2
    .text c:\Program Files (x86)\Common Files\LightScribe\LSSrvc.exe[2120] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 69 00000000753e1465 2 bytes [3E, 75]
    .text c:\Program Files (x86)\Common Files\LightScribe\LSSrvc.exe[2120] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 155 00000000753e14bb 2 bytes [3E, 75]
    .text ... * 2
    .text C:\Program Files (x86)\PCPitstop\SuperShield\PCPitstopRTService.exe[2356] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 69 00000000753e1465 2 bytes [3E, 75]
    .text C:\Program Files (x86)\PCPitstop\SuperShield\PCPitstopRTService.exe[2356] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 155 00000000753e14bb 2 bytes [3E, 75]
    .text ... * 2
    .text c:\Program Files (x86)\Microsoft SQL Server\90\Shared\sqlbrowser.exe[2900] C:\Windows\syswow64\psapi.dll!GetModuleInformation + 69 00000000753e1465 2 bytes [3E, 75]
    .text c:\Program Files (x86)\Microsoft SQL Server\90\Shared\sqlbrowser.exe[2900] C:\Windows\syswow64\psapi.dll!GetModuleInformation + 155 00000000753e14bb 2 bytes [3E, 75]
    .text ... * 2
    ? C:\Windows\system32\mssprxy.dll [3108] entry point in ".rdata" section 0000000074a371e6
    .text C:\Program Files (x86)\Common Files\Microsoft Shared\Virtualization Handler\CVHSVC.EXE[4028] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 69 00000000753e1465 2 bytes [3E, 75]
    .text C:\Program Files (x86)\Common Files\Microsoft Shared\Virtualization Handler\CVHSVC.EXE[4028] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 155 00000000753e14bb 2 bytes [3E, 75]
    .text ... * 2
    .text C:\Program Files (x86)\Spybot - Search & Destroy 2\SDTray.exe[3984] C:\Windows\syswow64\psapi.dll!GetModuleInformation + 69 00000000753e1465 2 bytes [3E, 75]
    .text C:\Program Files (x86)\Spybot - Search & Destroy 2\SDTray.exe[3984] C:\Windows\syswow64\psapi.dll!GetModuleInformation + 155 00000000753e14bb 2 bytes [3E, 75]
    .text ... * 2
    .text C:\Program Files (x86)\Common Files\Apple\Internet Services\ApplePhotoStreams.exe[5068] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 69 00000000753e1465 2 bytes [3E, 75]
    .text C:\Program Files (x86)\Common Files\Apple\Internet Services\ApplePhotoStreams.exe[5068] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 155 00000000753e14bb 2 bytes [3E, 75]
    .text ... * 2
    .text C:\Program Files (x86)\Microsoft Office\Office12\WINWORD.EXE[5912] C:\Program Files (x86)\Microsoft Office\Office12\WINWORD.EXE!wdGetApplicationObject + 166 000000002fb21afc 2 bytes [B2, 2F]
    .text C:\Program Files (x86)\Microsoft Office\Office12\WINWORD.EXE[5912] C:\Program Files (x86)\Microsoft Office\Office12\WINWORD.EXE!wdGetApplicationObject + 253 000000002fb21b53 2 bytes [B2, 2F]
    .text C:\Program Files (x86)\Microsoft Office\Office12\WINWORD.EXE[5912] C:\Program Files (x86)\Microsoft Office\Office12\WINWORD.EXE!wdGetApplicationObject + 320 000000002fb21b96 2 bytes [B2, 2F]
    .text C:\Program Files (x86)\Microsoft Office\Office12\WINWORD.EXE[5912] C:\Program Files (x86)\Microsoft Office\Office12\WINWORD.EXE!wdGetApplicationObject + 390 000000002fb21bdc 2 bytes [B2, 2F]
    .text C:\Program Files (x86)\Microsoft Office\Office12\WINWORD.EXE[5912] C:\Program Files (x86)\Microsoft Office\Office12\WINWORD.EXE!wdGetApplicationObject + 738 000000002fb21d38 2 bytes [B2, 2F]
    .text C:\Program Files (x86)\Microsoft Office\Office12\WINWORD.EXE[5912] C:\Program Files (x86)\Microsoft Office\Office12\WINWORD.EXE!wdGetApplicationObject + 937 000000002fb21dff 2 bytes [B2, 2F]
    .text C:\Program Files (x86)\Microsoft Office\Office12\WINWORD.EXE[5912] C:\Program Files (x86)\Microsoft Office\Office12\WINWORD.EXE!wdGetApplicationObject + 958 000000002fb21e14 2 bytes [B2, 2F]
    .text C:\Program Files (x86)\Microsoft Office\Office12\WINWORD.EXE[5912] C:\Program Files (x86)\Microsoft Office\Office12\WINWORD.EXE!wdGetApplicationObject + 970 000000002fb21e20 2 bytes [B2, 2F]
    .text C:\Program Files (x86)\Microsoft Office\Office12\WINWORD.EXE[5912] C:\Windows\syswow64\kernel32.dll!SetUnhandledExceptionFilter 0000000074fa8769 5 bytes JMP 000000015ff653fc
    .text C:\Program Files (x86)\Microsoft Office\Office12\WINWORD.EXE[5912] C:\Windows\syswow64\ole32.dll!OleLoadFromStream 0000000076cf6143 5 bytes JMP 0000000160a2f68e
    .text C:\Program Files (x86)\Microsoft Office\Office12\WINWORD.EXE[5912] C:\Windows\syswow64\OLEAUT32.dll!SysFreeString 0000000075a33e59 5 bytes JMP 000000015ff910b7
    .text C:\Program Files (x86)\Microsoft Office\Office12\WINWORD.EXE[5912] C:\Windows\syswow64\OLEAUT32.dll!VariantClear 0000000075a33eae 5 bytes JMP 000000015ff9b0be
    .text C:\Program Files (x86)\Microsoft Office\Office12\WINWORD.EXE[5912] C:\Windows\syswow64\OLEAUT32.dll!SysAllocStringByteLen 0000000075a34731 5 bytes JMP 000000015ffcb5dc
    .text C:\Program Files (x86)\Microsoft Office\Office12\WINWORD.EXE[5912] C:\Windows\syswow64\OLEAUT32.dll!VariantChangeType 0000000075a35dee 5 bytes JMP 000000015ffcc50f
    .text C:\Users\Richard\Downloads\HijackThis.exe[3292] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 69 00000000753e1465 2 bytes [3E, 75]
    .text C:\Users\Richard\Downloads\HijackThis.exe[3292] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 155 00000000753e14bb 2 bytes [3E, 75]
    .text ... * 2
    .text C:\Windows\SysWOW64\NOTEPAD.EXE[1940] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 69 00000000753e1465 2 bytes [3E, 75]
    .text C:\Windows\SysWOW64\NOTEPAD.EXE[1940] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 155 00000000753e14bb 2 bytes [3E, 75]
    .text ... * 2
    ? C:\Windows\system32\mssprxy.dll [1940] entry point in ".rdata" section 0000000074a371e6
    ? C:\Windows\system32\mssprxy.dll [4492] entry point in ".rdata" section 0000000074a371e6
    .text C:\Windows\SysWOW64\NOTEPAD.EXE[4492] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 69 00000000753e1465 2 bytes [3E, 75]
    .text C:\Windows\SysWOW64\NOTEPAD.EXE[4492] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 155 00000000753e14bb 2 bytes [3E, 75]
    .text ... * 2
    ? C:\Windows\system32\mssprxy.dll [828] entry point in ".rdata" section 0000000074a371e6
    .text C:\Windows\SysWOW64\NOTEPAD.EXE[828] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 69 00000000753e1465 2 bytes [3E, 75]
    .text C:\Windows\SysWOW64\NOTEPAD.EXE[828] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 155 00000000753e14bb 2 bytes [3E, 75]
    .text ... * 2

    ---- Threads - GMER 2.1 ----

    Thread c:\Program Files (x86)\Microsoft SQL Server\MSSQL.1\MSSQL\Binn\sqlservr.exe [2212:2252] 00000000772e2e65
    Thread c:\Program Files (x86)\Microsoft SQL Server\MSSQL.1\MSSQL\Binn\sqlservr.exe [2212:2260] 00000000736b29e1
    Thread c:\Program Files (x86)\Microsoft SQL Server\MSSQL.1\MSSQL\Binn\sqlservr.exe [2212:2264] 00000000736b29e1
    Thread c:\Program Files (x86)\Microsoft SQL Server\MSSQL.1\MSSQL\Binn\sqlservr.exe [2212:2268] 00000000736b29e1
    Thread c:\Program Files (x86)\Microsoft SQL Server\MSSQL.1\MSSQL\Binn\sqlservr.exe [2212:2272] 00000000736b29e1
    Thread c:\Program Files (x86)\Microsoft SQL Server\MSSQL.1\MSSQL\Binn\sqlservr.exe [2212:2276] 00000000736b29e1
    Thread c:\Program Files (x86)\Microsoft SQL Server\MSSQL.1\MSSQL\Binn\sqlservr.exe [2212:2280] 00000000736b29e1
    Thread c:\Program Files (x86)\Microsoft SQL Server\MSSQL.1\MSSQL\Binn\sqlservr.exe [2212:2284] 00000000736b29e1
    Thread c:\Program Files (x86)\Microsoft SQL Server\MSSQL.1\MSSQL\Binn\sqlservr.exe [2212:2292] 00000000736b29e1
    Thread c:\Program Files (x86)\Microsoft SQL Server\MSSQL.1\MSSQL\Binn\sqlservr.exe [2212:2296] 00000000736b29e1
    Thread c:\Program Files (x86)\Microsoft SQL Server\MSSQL.1\MSSQL\Binn\sqlservr.exe [2212:2300] 00000000736b29e1
    Thread c:\Program Files (x86)\Microsoft SQL Server\MSSQL.1\MSSQL\Binn\sqlservr.exe [2212:2420] 00000000736b29e1
    Thread c:\Program Files (x86)\Microsoft SQL Server\MSSQL.1\MSSQL\Binn\sqlservr.exe [2212:2424] 00000000736b29e1
    Thread c:\Program Files (x86)\Microsoft SQL Server\MSSQL.1\MSSQL\Binn\sqlservr.exe [2212:2428] 00000000736b29e1
    Thread c:\Program Files (x86)\Microsoft SQL Server\MSSQL.1\MSSQL\Binn\sqlservr.exe [2212:2560] 00000000736b29e1
    Thread c:\Program Files (x86)\Microsoft SQL Server\MSSQL.1\MSSQL\Binn\sqlservr.exe [2212:2564] 00000000736b29e1
    Thread c:\Program Files (x86)\Microsoft SQL Server\MSSQL.1\MSSQL\Binn\sqlservr.exe [2212:2576] 00000000736b29e1
    Thread c:\Program Files (x86)\Microsoft SQL Server\MSSQL.1\MSSQL\Binn\sqlservr.exe [2212:2580] 00000000736b29e1
    Thread c:\Program Files (x86)\Microsoft SQL Server\MSSQL.1\MSSQL\Binn\sqlservr.exe [2212:2584] 00000000736b29e1
    Thread c:\Program Files (x86)\Microsoft SQL Server\MSSQL.1\MSSQL\Binn\sqlservr.exe [2212:2672] 00000000736b29e1
    Thread c:\Program Files (x86)\Microsoft SQL Server\MSSQL.1\MSSQL\Binn\sqlservr.exe [2212:2676] 00000000736b29e1
    Thread c:\Program Files (x86)\Microsoft SQL Server\MSSQL.1\MSSQL\Binn\sqlservr.exe [2212:2696] 00000000772e3e85
    Thread c:\Program Files (x86)\Microsoft SQL Server\MSSQL.1\MSSQL\Binn\sqlservr.exe [2212:2876] 00000000736b29e1
    Thread c:\Program Files (x86)\Microsoft SQL Server\MSSQL.1\MSSQL\Binn\sqlservr.exe [2212:2168] 00000000736b29e1
    Thread c:\Program Files (x86)\Microsoft SQL Server\MSSQL.1\MSSQL\Binn\sqlservr.exe [2212:2316] 00000000736b29e1
    Thread c:\Program Files (x86)\Microsoft SQL Server\MSSQL.1\MSSQL\Binn\sqlservr.exe [2212:2332] 00000000736b29e1
    Thread c:\Program Files (x86)\Microsoft SQL Server\MSSQL.1\MSSQL\Binn\sqlservr.exe [2212:3468] 00000000736b29e1
    Thread c:\Program Files (x86)\Microsoft SQL Server\MSSQL.1\MSSQL\Binn\sqlservr.exe [2212:4744] 00000000736b29e1
    Thread c:\Program Files (x86)\Microsoft SQL Server\MSSQL.1\MSSQL\Binn\sqlservr.exe [2212:4748] 00000000736b29e1
    Thread c:\Program Files (x86)\Microsoft SQL Server\MSSQL.1\MSSQL\Binn\sqlservr.exe [2212:4752] 00000000736b29e1
    Thread c:\Program Files (x86)\Microsoft SQL Server\MSSQL.1\MSSQL\Binn\sqlservr.exe [2212:5292] 00000000772e3e85

    ---- Disk sectors - GMER 2.1 ----

    Disk \Device\Harddisk0\DR0 unknown MBR code

    ---- EOF - GMER 2.1 ----

    SPYBOT SCAN file:

    Search results from Spybot - Search & Destroy

    10/23/2013 2:05:15 PM
    Scan took 00:47:12.
    18 items found.

    BrowseFox: [SBI $EB7ED92C] Settings (Registry Value, nothing done)
    HKEY_CLASSES_ROOT\CLSID\{4AA46D49-459F-4358-B4D1-169048547C23}\id

    BrowseFox: [SBI $EB7ED92C] Settings (Registry Value, nothing done)
    HKEY_CLASSES_ROOT\CLSID\{4AA46D49-459F-4358-B4D1-169048547C23}\id

    BrowseFox: [SBI $A65521ED] Settings (Registry Key, nothing done)
    HKEY_CLASSES_ROOT\CLSID\{4AA46D49-459F-4358-B4D1-169048547C23}

    BrowseFox: [SBI $A65521ED] Settings (Registry Key, nothing done)
    HKEY_CLASSES_ROOT\CLSID\{4AA46D49-459F-4358-B4D1-169048547C23}

    Win32.2UrFace.bho: [SBI $40F35DD4] Settings (Registry Key, nothing done)
    HKEY_CLASSES_ROOT\CLSID\{431532BD-0AE1-4ABC-BE8C-919F3D1332E2}

    Macromedia.FlashPlayer.Cookies: [SBI $6AA61750] Text file (File, nothing done)
    C:\Users\Richard\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\TNMPFCYU\wac.edgecastcdn.net\dropdowndeals.sol
    Properties.size=367
    Properties.md5=C80A15D890E682B3F147A25A5C13CB4A
    Properties.filedate=1382473475
    Properties.filedatetext=2013-10-22 13:24:34

    Macromedia.FlashPlayer.Cookies: [SBI $1EF45977] Text file (File, nothing done)
    C:\Users\Richard\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\TNMPFCYU\www.ajaxcdn.org\swf.swf\dm_cookie.sol
    Properties.size=415
    Properties.md5=B25BD42F339E8F91716F2BE4A3540325
    Properties.filedate=1382473243
    Properties.filedatetext=2013-10-22 13:20:42

    Macromedia.FlashPlayer.Cookies: [SBI $1EF45977] Text file (File, nothing done)
    C:\Users\Richard\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\TNMPFCYU\www.securepaths.com\securepaths.swf\securepaths.sol
    Properties.size=217
    Properties.md5=7E07B657FDC9A67C6F831AADE63EAF0F
    Properties.filedate=1382472962
    Properties.filedatetext=2013-10-22 13:16:01

    MS Direct3D: [SBI $C2A44980] Most recent application (Registry Change, nothing done)
    HKEY_USERS\S-1-5-21-2722201346-427415054-1772057756-1000\Software\Microsoft\Direct3D\MostRecentApplication\Name

    MS Office 12.0 (Word): [SBI $E357B233] Recent Document List (Registry Key, nothing done)
    HKEY_USERS\S-1-5-21-2722201346-427415054-1772057756-1000\Software\Microsoft\Office\12.0\Word\File MRU

    Windows Explorer: [SBI $AA0766B5] Stream history (Registry Key, nothing done)
    HKEY_USERS\S-1-5-21-2722201346-427415054-1772057756-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\StreamMRU

    Windows Explorer: [SBI $D20DA0AD] Recent file global history (Registry Key, nothing done)
    HKEY_USERS\S-1-5-21-2722201346-427415054-1772057756-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\RecentDocs

    Cookie: [SBI $49804B54] Browser: Cookie (3) (Browser: Cookie, nothing done)


    Cache: [SBI $49804B54] Browser: Cache (45) (Browser: Cache, nothing done)


    History: [SBI $49804B54] Browser: History (41) (Browser: History, nothing done)


    Cookie: [SBI $49804B54] Browser: Cookie (1) (Browser: Cookie, nothing done)


    History: [SBI $49804B54] Browser: History (71) (Browser: History, nothing done)


    Cookie: [SBI $49804B54] Browser: Cookie (347) (Browser: Cookie, nothing done)



    --- Spybot - Search & Destroy version: 2.1.18.131 DLL (build: 20130516) ---

    2013-05-16 blindman.exe (2.1.18.151)
    2013-05-16 explorer.exe (2.1.18.177)
    2013-05-16 SDBootCD.exe (2.1.18.109)
    2013-05-16 SDCleaner.exe (2.1.18.110)
    2013-05-16 SDDelFile.exe (2.1.18.94)
    2013-06-18 SDDisableProxy.exe
    2013-05-16 SDFiles.exe (2.1.18.135)
    2013-03-20 SDFileScanHelper.exe (2.1.16.1)
    2013-05-16 SDFSSvc.exe (2.1.18.208)
    2013-05-16 SDHookHelper.exe (2.1.18.2)
    2013-05-16 SDHookInst32.exe (2.1.18.2)
    2013-05-16 SDHookInst64.exe (2.1.18.2)
    2013-05-16 SDImmunize.exe (2.1.18.130)
    2013-05-16 SDLogReport.exe (2.1.18.107)
    2013-05-16 SDOnAccess.exe (2.1.18.4)
    2013-05-16 SDPESetup.exe (2.1.18.3)
    2013-05-16 SDPEStart.exe (2.1.18.86)
    2013-05-16 SDPhoneScan.exe (2.1.18.28)
    2013-05-16 SDPRE.exe (2.1.18.22)
    2013-05-16 SDPrepPos.exe (2.1.18.10)
    2013-05-16 SDQuarantine.exe (2.1.18.103)
    2013-05-16 SDRootAlyzer.exe (2.1.18.116)
    2013-05-16 SDSBIEdit.exe (2.1.18.39)
    2013-05-16 SDScan.exe (2.1.18.177)
    2013-05-16 SDScript.exe (2.1.18.53)
    2013-05-16 SDSettings.exe (2.1.18.136)
    2013-05-16 SDShell.exe (2.1.18.2)
    2013-05-16 SDShred.exe (2.1.18.107)
    2013-05-16 SDSysRepair.exe (2.1.18.101)
    2013-05-16 SDTools.exe (2.1.18.150)
    2013-07-25 SDTray.exe (2.1.21.129)
    2013-05-16 SDUpdate.exe (2.1.18.91)
    2013-05-16 SDUpdSvc.exe (2.1.18.76)
    2013-07-10 SDWelcome.exe (2.1.21.129)
    2013-05-15 SDWSCSvc.exe (2.1.18.2)
    2013-06-19 spybotsd2-translation-frx.exe
    2013-08-27 unins000.exe (51.1052.0.0)
    1999-12-02 xcacls.exe
    2012-08-23 borlndmm.dll (10.0.2288.42451)
    2012-09-05 DelZip190.dll (1.9.0.107)
    2012-09-10 libeay32.dll (1.0.0.4)
    2012-09-10 libssl32.dll (1.0.0.4)
    2013-05-16 SDAdvancedCheckLibrary.dll (2.1.18.98)
    2013-05-16 SDAV.dll
    2013-05-16 SDECon32.dll (2.1.18.113)
    2013-05-16 SDECon64.dll (2.1.18.113)
    2013-04-05 SDEvents.dll (2.1.16.2)
    2013-05-16 SDFileScanLibrary.dll (2.1.18.12)
    2013-05-16 SDHook32.dll (2.1.18.2)
    2013-05-16 SDHook64.dll (2.1.18.2)
    2013-05-16 SDImmunizeLibrary.dll (2.1.18.2)
    2013-05-16 SDLicense.dll (2.1.18.0)
    2013-05-16 SDLists.dll (2.1.18.4)
    2013-05-16 SDResources.dll (2.1.18.7)
    2013-05-16 SDScanLibrary.dll (2.1.18.131)
    2013-05-16 SDTasks.dll (2.1.18.15)
    2013-05-16 SDWinLogon.dll (2.1.18.0)
    2012-08-23 sqlite3.dll
    2012-09-10 ssleay32.dll (1.0.0.4)
    2013-05-16 Tools.dll (2.1.18.36)
    2012-12-18 Includes\Adware.sbi (*)
    2013-10-22 Includes\AdwareC.sbi (*)
    2010-08-13 Includes\Cookies.sbi (*)
    2012-11-14 Includes\Dialer.sbi (*)
    2012-11-14 Includes\DialerC.sbi (*)
    2012-11-14 Includes\HeavyDuty.sbi (*)
    2012-11-14 Includes\Hijackers.sbi (*)
    2012-11-14 Includes\HijackersC.sbi (*)
    2013-10-16 Includes\iPhone.sbi (*)
    2013-06-25 Includes\Keyloggers.sbi (*)
    2012-12-18 Includes\KeyloggersC.sbi (*)
    2013-05-29 Includes\Malware.sbi (*)
    2013-10-22 Includes\MalwareC.sbi (*)
    2012-11-14 Includes\PUPS.sbi (*)
    2013-10-22 Includes\PUPSC.sbi (*)
    2012-11-14 Includes\Security.sbi (*)
    2012-11-14 Includes\SecurityC.sbi (*)
    2013-05-22 Includes\Spyware.sbi (*)
    2013-08-06 Includes\SpywareC.sbi (*)
    2011-06-07 Includes\Tracks.sbi (*)
    2012-11-19 Includes\Tracks.uti (*)
    2013-01-16 Includes\Trojans.sbi (*)
    2013-05-13 Includes\TrojansC-02.sbi (*)
    2013-10-01 Includes\TrojansC-03.sbi (*)
    2013-10-22 Includes\TrojansC-04.sbi (*)
    2013-05-08 Includes\TrojansC-05.sbi (*)
    2013-08-06 Includes\TrojansC.sbi (*)

    End of File Attachments.

    Any help will be greatly appreciated.
     
  2. Pascal1623

    Pascal1623 Thread Starter

    Joined:
    Jun 16, 2010
    Messages:
    10
  3. Pascal1623

    Pascal1623 Thread Starter

    Joined:
    Jun 16, 2010
    Messages:
    10
    Bump, please.
     
  4. JSntgRvr

    JSntgRvr José Moderator Malware Specialist

    Joined:
    Jul 1, 2003
    Messages:
    18,524
    Welcome.

    Lets empty the temp folders:

    Download TFC by OldTimer to your desktop
    • Please double-click TFC.exe to run it. (Note: If you are running on Vista, right-click on the file and choose Run As Administrator).
    • It will close all programs when run, so make sure you have saved all your work before you begin.
    • Click the Start button to begin the process. Depending on how often you clean temp files, execution time should be anywhere from a few seconds to a minute or two. Let it run uninterrupted to completion.
    • Once it's finished it should reboot your machine. If it does not, please manually reboot the machine yourself to ensure a complete clean.

    ++++++++++​

    [​IMG] Please download Junkware Removal Tool to your desktop.
    • Shut down your protection software now to avoid potential conflicts.
    • Run the tool by double-clicking it. If you are using Windows Vista, 7, or 8; instead of double-clicking, right-mouse click JRT.exe and select "Run as Administrator".
    • The tool will open and start scanning your system.
    • Please be patient as this can take a while to complete depending on your system's specifications.
    • On completion, a log (JRT.txt) is saved to your desktop and will automatically open.
    • Post the contents of JRT.txt into your next message.

    ++++++++++​

    Download : ADWCleaner to your desktop.

    NOTE: If using Internet Explorer and get an alert that stops the program downloading, click on the warning and allow the download to complete.

    Close all programs and click on the AdwCleaner icon.

    [​IMG]

    Click on Scan and follow the prompts. Let it run unhindered. When done, click on the Clean button, and follow the prompts. Allow the system to reboot. You will then be presented with the report. Copy & Paste this report on your next reply.

    The report will be saved in the C:\AdwCleaner folder. as AdwCleaner[S0].txt

    ++++++++++​

    [​IMG] Please download Malwarebytes' Anti-Malware from Here.

    Double Click mbam-setup.exe to install the application.
    • Make sure a checkmark is placed next to Update Malwarebytes' Anti-Malware and Launch Malwarebytes' Anti-Malware, then click Finish.
    • If an update is found, it will download and install the latest version.
    • Once the program has loaded, select "Perform Quick Scan", then click Scan.
    • The scan may take some time to finish,so please be patient.
    • When the scan is complete, click OK, then Show Results to view the results.
    • Make sure that everything is checked, and click Remove Selected.
    • When disinfection is completed, a log will open in Notepad and you may be prompted to Restart.(See Extra Note)
    • The log is automatically saved by MBAM and can be viewed by clicking the Logs tab in MBAM.
    • Copy&Paste the entire report in your next reply.
    Extra Note:

    If MBAM encounters a file that is difficult to remove,you will be presented with 1 of 2 prompts,click OK to either and let MBAM proceed with the disinfection process. If asked to restart the computer, please do so immediatly.

    ++++++++++​

    Please download Farbar Recovery Scan Tool and save it to your desktop.

    Note: You need to run the version compatible with your system. If you are not sure which version applies to your system download both of them and try to run them. Only one of them will run on your system, that will be the right version.
    • Double-click to run it. When the tool opens click Yes to disclaimer.
    • Press Scan button.
    • It will make a log (FRST.txt) in the same directory the tool is run. Please copy and paste it to your reply.
    • The first time the tool is run, it makes also another log (Addition.txt). Please attach it to your reply.
     
  5. Pascal1623

    Pascal1623 Thread Starter

    Joined:
    Jun 16, 2010
    Messages:
    10
    Thanks for responding to my malware problem JSntgRvr. I followed your suggestions to the letter and they seemed have worked perfectly. I tried posting the txt files as you requested but the entire post was apparently too long according to forum rules. Suffice it to say after running SpyBot Search & Destroy again the malware Win32.2yourface.bho was gone, and my PC seems to be running fine again.

    Thank you very much JSntgRvr!:):)
     
  6. JSntgRvr

    JSntgRvr José Moderator Malware Specialist

    Joined:
    Jul 1, 2003
    Messages:
    18,524
    I am glad it worked.

    Run and uninstall AdwCleaner. Manually remove any other tool left. You can keep Malwarebytes' Anti-Malware as it is a good application.

    Best wishes! [​IMG]
     
  7. Sponsor

As Seen On
As Seen On...

Welcome to Tech Support Guy!

Are you looking for the solution to your computer problem? Join our site today to ask your question. This site is completely free -- paid for by advertisers and donations.

If you're not already familiar with forums, watch our Welcome Guide to get started.

Join over 733,556 other people just like you!

Loading...
Thread Status:
Not open for further replies.

Short URL to this thread: https://techguy.org/1111369