Advertisement

There's no such thing as a stupid question, but they're the easiest to answer.
Login
Search

Advertisement

Virus & Other Malware Removal Virus & Other Malware Removal
Search Search
Search for:
Tech Support Guy > > >

Hijacked - Goonseach?

(In Progress)
(!)

Sandy379's Avatar
Sandy379 Sandy379 is offline
Computer Specs
Member with 15 posts.
THREAD STARTER
 
Join Date: Jun 2012
Experience: Intermediate
21-Jun-2012, 04:26 AM #1
Hijacked - Goonseach?
Hi,

My PC has been hijacked with something called 'goonsearch'. When I launch Google Chrome, the 'goonsearch' page appears. It appears that I can work around this but I feel uncomfortable with what appears to be malicious software on my machine, with little or no knowledge as to what it is doing or capable of. My resident anti virus and spyware programme (Pc Tools) has failed to pick this up and cannot remove it. Nor was the Pc Tools online support able to assist. I am running Win 7 HP SP1 on a PC.

I would be grateful for any advice or assistance in trying to resolve this. I include hijackthis log and DDS log.

Many thanks,

David


Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 10:07:31, on 21/06/2012
Platform: Windows 7 SP1 (WinNT 6.00.3505)
MSIE: Internet Explorer v9.00 (9.00.8112.16446)
Boot mode: Normal

Running processes:
C:\Program Files (x86)\Hewlett-Packard\HP Odometer\hpsysdrv.exe
C:\Users\DJS\AppData\Local\Google\Update\GoogleUpdate.exe
C:\Users\DJS\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\OpenOffice.org 3\program\soffice.exe
C:\Program Files (x86)\OpenOffice.org 3\program\soffice.bin
C:\Program Files (x86)\Hp\HP Software Update\hpwuschd2.exe
C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
C:\Program Files (x86)\iTunes\iTunesHelper.exe
C:\Program Files (x86)\Common Files\Research In Motion\USB Drivers\RIMBBLaunchAgent.exe
C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe
C:\Program Files (x86)\Samsung\Samsung SCX-4500 Series\SPanel\PSU\Scan2pc.exe
C:\Windows\Samsung\PanelMgr\SSMMgr.exe
C:\Program Files (x86)\Belkin\Router Setup and Monitor\BelkinRouterMonitor.exe
C:\Program Files (x86)\Belkin\Router Setup and Monitor\BelkinSetup.exe
C:\Program Files (x86)\Belkin\Router Setup and Monitor\dlnaPlugin.exe
C:\Program Files (x86)\PC Tools\PC Tools Security\pctsGui.exe
C:\Users\DJS\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\DJS\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\DJS\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\DJS\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\DJS\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\DJS\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Windows\SysWOW64\rundll32.exe
C:\Users\DJS\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\DJS\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\DJS\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\DJS\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\DJS\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\DJS\Downloads\HijackThis (4).exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://g.uk.msn.com/HPDSK/2
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.google.co.uk/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://g.uk.msn.com/HPDSK/2
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://g.uk.msn.com/HPDSK/2
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
R3 - URLSearchHook: PC Tools Browser Guard - {472734EA-242A-422b-ADF8-83D1E48CC825} - C:\Program Files (x86)\PC Tools\PC Tools Security\BDT\PCTBrowserDefender.dll
F2 - REG:system.ini: UserInit=userinit.exe,
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: Browser Guard BHO - {2A0F3D1B-0909-4FF4-B272-609CCE6054E7} - C:\Program Files (x86)\PC Tools\PC Tools Security\BDT\PCTBrowserDefender.dll
O2 - BHO: PlayBryte BHO - {61e0ef7a-9bc0-45ea-9b2f-f3e9f02692bd} - mscoree.dll (file missing)
O2 - BHO: Windows Live ID Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: SkypeIEPluginBHO - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
O2 - BHO: File2LinkIB - {c23b756a-bd9f-4ca6-aded-17ab8ccf3e8b} - C:\Program Files (x86)\file2linkib\file2linkibX.dll
O2 - BHO: Bing Bar Helper - {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - "C:\Program Files (x86)\Microsoft\BingBar\BingExt.dll" (file missing)
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll
O2 - BHO: Yontoo Layers - {FD72061E-9FDE-484D-A58A-0BAB4151CAD8} - C:\Program Files (x86)\Yontoo\YontooIEClient.dll
O3 - Toolbar: Bing Bar - {8dcb7100-df86-4384-8842-8fa844297b3f} - "C:\Program Files (x86)\Microsoft\BingBar\BingExt.dll" (file missing)
O3 - Toolbar: PC Tools Browser Guard - {472734EA-242A-422B-ADF8-83D1E48CC825} - C:\Program Files (x86)\PC Tools\PC Tools Security\BDT\PCTBrowserDefender.dll
O3 - Toolbar: File2LinkIB - {c23b756a-bd9f-4ca6-aded-17ab8ccf3e8b} - C:\Program Files (x86)\file2linkib\file2linkibX.dll
O3 - Toolbar: (no name) - {b278d9f8-0fa9-465e-9938-0c392605d8e3} - (no file)
O4 - HKLM\..\Run: [HP Software Update] c:\Program Files (x86)\HP\HP Software Update\HPWuSchd2.exe
O4 - HKLM\..\Run: [Easybits Recovery] C:\Program Files (x86)\EasyBits For Kids\ezRecover.exe
O4 - HKLM\..\Run: [PDF Complete] C:\Program Files (x86)\PDF Complete\pdfsty.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"
O4 - HKLM\..\Run: [APSDaemon] "C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe"
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files (x86)\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [RIMBBLaunchAgent.exe] C:\Program Files (x86)\Common Files\Research In Motion\USB Drivers\RIMBBLaunchAgent.exe
O4 - HKLM\..\Run: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
O4 - HKLM\..\Run: [FileZilla Server Interface] "C:\Program Files (x86)\FileZilla Server\FileZilla Server Interface.exe"
O4 - HKLM\..\Run: [iBryte playbryte Desktop] C:\Program Files (x86)\iBryte\playbryte\ibrytedesktop.exe
O4 - HKLM\..\Run: [Spybot-S&D Cleaning] "C:\Program Files (x86)\Spybot - Search & Destroy 2\SDCleaner.exe" /autoclean
O4 - HKLM\..\Run: [Logan_S2P] C:\Program Files (x86)\Samsung\Samsung SCX-4500 Series\SPanel\PSU\Scan2pc.exe
O4 - HKLM\..\Run: [Samsung PanelMgr] C:\Windows\Samsung\PanelMgr\SSMMgr.exe /autorun
O4 - HKLM\..\Run: [InstaLAN] "C:\Program Files (x86)\Belkin\Router Setup and Monitor\BelkinRouterMonitor.exe" startup
O4 - HKLM\..\Run: [ISTray] "C:\Program Files (x86)\PC Tools\PC Tools Security\pctsGui.exe" /hideGUI
O4 - HKCU\..\Run: [Google Update] "C:\Users\DJS\AppData\Local\Google\Update\GoogleUpdate.exe" /c
O4 - HKCU\..\Run: [Sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun
O4 - HKCU\..\Run: [093674ECE97C7DA80BFDFDC4CF032C619BDC522D._service_run] "C:\Users\DJS\AppData\Local\Google\Chrome\Application\chrome.exe" --type=service
O4 - Startup: OpenOffice.org 3.3.lnk = C:\Program Files (x86)\OpenOffice.org 3\program\quickstart.exe
O8 - Extra context menu item: Add to Google Photos Screensa&ver - res://C:\Windows\system32\GPhotos.scr/200
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~2\MICROS~1\Office12\EXCEL.EXE/3000
O9 - Extra button: @C:\Program Files (x86)\Windows Live\Writer\WindowsLiveWriterShortcuts.dll,-1004 - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra 'Tools' menuitem: @C:\Program Files (x86)\Windows Live\Writer\WindowsLiveWriterShortcuts.dll,-1003 - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra button: Skype Click to Call - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
O9 - Extra 'Tools' menuitem: Skype Click to Call - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~2\MICROS~1\Office12\REFIEBAR.DLL
O10 - Unknown file in Winsock LSP: c:\program files (x86)\common files\microsoft shared\windows live\wlidnsp.dll
O10 - Unknown file in Winsock LSP: c:\program files (x86)\common files\microsoft shared\windows live\wlidnsp.dll
O11 - Options group: [ACCELERATED_GRAPHICS] Accelerated graphics
O18 - Protocol: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~2\COMMON~1\Skype\SKYPE4~1.DLL
O18 - Protocol: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - C:\Program Files (x86)\Windows Live\Photo Gallery\AlbumDownloadProtocolHandler.dll
O20 - AppInit_DLLs: protector.dll
O23 - Service: Adobe Active File Monitor V10 (AdobeActiveFileMonitor10.0) - Adobe Systems Incorporated - C:\Program Files (x86)\Adobe\Elements 10 Organizer\PhotoshopElementsFileAgent.exe
O23 - Service: Adobe Acrobat Update Service (AdobeARMservice) - Adobe Systems Incorporated - C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
O23 - Service: Adobe Flash Player Update Service (AdobeFlashPlayerUpdateSvc) - Adobe Systems Incorporated - C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
O23 - Service: AffinegyService - Affinegy, Inc. - C:\Program Files (x86)\Belkin\Router Setup and Monitor\BelkinService.exe
O23 - Service: @%SystemRoot%\system32\Alg.exe,-112 (ALG) - Unknown owner - C:\Windows\System32\alg.exe (file missing)
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
O23 - Service: Belkin Local Backup Service - Unknown owner - C:\Program Files\Belkin\Belkin USB Print and Storage Center\BkBackupScheduler.exe
O23 - Service: Belkin Network USB Helper - Unknown owner - C:\Program Files\Belkin\Belkin USB Print and Storage Center\Bkapcs.exe
O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: Browser Defender Update Service - Unknown owner - C:\Program Files (x86)\PC Tools\PC Tools Security\BDT\BDTUpdateService.exe
O23 - Service: @%SystemRoot%\system32\efssvc.dll,-100 (EFS) - Unknown owner - C:\Windows\System32\lsass.exe (file missing)
O23 - Service: Easybits Services for Windows (ezSharedSvc) - EasyBits Software AS - C:\Windows\System32\ezSharedSvcHost.exe
O23 - Service: @%systemroot%\system32\fxsresm.dll,-118 (Fax) - Unknown owner - C:\Windows\system32\fxssvc.exe (file missing)
O23 - Service: FileZilla Server FTP server (FileZilla Server) - FileZilla Project - C:\Program Files (x86)\FileZilla Server\FileZilla Server.exe
O23 - Service: GamesAppService - WildTangent, Inc. - C:\Program Files (x86)\WildTangent Games\App\GamesAppService.exe
O23 - Service: Google Update Service (gupdate) (gupdate) - Google Inc. - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
O23 - Service: Google Update Service (gupdatem) (gupdatem) - Google Inc. - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files (x86)\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: HP Support Assistant Service - Hewlett-Packard Company - C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\hpsa_service.exe
O23 - Service: HP Client Services (HPClientSvc) - Hewlett-Packard Company - C:\Program Files\Hewlett-Packard\HP Client Services\HPClientServices.exe
O23 - Service: HP Quick Synchronization Service (HPDrvMntSvc.exe) - Hewlett-Packard Company - C:\Program Files (x86)\Hewlett-Packard\Shared\HPDrvMntSvc.exe
O23 - Service: HP Software Framework Service (hpqwmiex) - Hewlett-Packard Company - C:\Program Files (x86)\Hewlett-Packard\Shared\hpqWmiEx.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Intel(R) Identity Protection Technology Host Interface Service (jhi_service) - Intel Corporation - C:\Program Files (x86)\Intel\Services\IPT\jhi_service.exe
O23 - Service: @keyiso.dll,-100 (KeyIso) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: Intel(R) Management and Security Application Local Management Service (LMS) - Intel Corporation - C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
O23 - Service: @comres.dll,-2797 (MSDTC) - Unknown owner - C:\Windows\System32\msdtc.exe (file missing)
O23 - Service: @%SystemRoot%\System32\netlogon.dll,-102 (Netlogon) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: PDF Document Manager (pdfcDispatcher) - PDF Complete Inc - C:\Program Files (x86)\PDF Complete\pdfsvc.exe
O23 - Service: @%systemroot%\system32\psbase.dll,-300 (ProtectedStorage) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: @%systemroot%\system32\Locator.exe,-2 (RpcLocator) - Unknown owner - C:\Windows\system32\locator.exe (file missing)
O23 - Service: @%SystemRoot%\system32\samsrv.dll,-1 (SamSs) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: Samsung UPD Service - Unknown owner - C:\Windows\System32\SUPDSvc.exe (file missing)
O23 - Service: PC Tools Auxiliary Service (sdAuxService) - PC Tools - C:\Program Files (x86)\PC Tools\PC Tools Security\pctsAuxs.exe
O23 - Service: PC Tools Security Service (sdCoreService) - PC Tools - C:\Program Files (x86)\PC Tools\PC Tools Security\pctsSvc.exe
O23 - Service: Skype Updater (SkypeUpdate) - Skype Technologies - C:\Program Files (x86)\Skype\Updater\Updater.exe
O23 - Service: @%SystemRoot%\system32\snmptrap.exe,-3 (SNMPTRAP) - Unknown owner - C:\Windows\System32\snmptrap.exe (file missing)
O23 - Service: @%systemroot%\system32\spoolsv.exe,-1 (Spooler) - Unknown owner - C:\Windows\System32\spoolsv.exe (file missing)
O23 - Service: @%SystemRoot%\system32\sppsvc.exe,-101 (sppsvc) - Unknown owner - C:\Windows\system32\sppsvc.exe (file missing)
O23 - Service: ThreatFire - PC Tools - C:\Program Files (x86)\PC Tools\PC Tools Security\TFEngine\TFService.exe
O23 - Service: @%SystemRoot%\system32\ui0detect.exe,-101 (UI0Detect) - Unknown owner - C:\Windows\system32\UI0Detect.exe (file missing)
O23 - Service: Intel(R) Management and Security Application User Notification Service (UNS) - Intel Corporation - C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe
O23 - Service: @%SystemRoot%\system32\vaultsvc.dll,-1003 (VaultSvc) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: @%SystemRoot%\system32\vds.exe,-100 (vds) - Unknown owner - C:\Windows\System32\vds.exe (file missing)
O23 - Service: @%systemroot%\system32\vssvc.exe,-102 (VSS) - Unknown owner - C:\Windows\system32\vssvc.exe (file missing)
O23 - Service: @%SystemRoot%\system32\Wat\WatUX.exe,-601 (WatAdminSvc) - Unknown owner - C:\Windows\system32\Wat\WatAdminSvc.exe (file missing)
O23 - Service: @%systemroot%\system32\wbengine.exe,-104 (wbengine) - Unknown owner - C:\Windows\system32\wbengine.exe (file missing)
O23 - Service: @%Systemroot%\system32\wbem\wmiapsrv.exe,-110 (wmiApSrv) - Unknown owner - C:\Windows\system32\wbem\WmiApSrv.exe (file missing)
O23 - Service: @%PROGRAMFILES%\Windows Media Player\wmpnetwk.exe,-101 (WMPNetworkSvc) - Unknown owner - C:\Program Files (x86)\Windows Media Player\wmpnetwk.exe (file missing)

--
End of file - 15631 bytes

DDS
DDS (Ver_2011-08-26.01) - NTFSAMD64
Internet Explorer: 9.0.8112.16421
Run by DJS at 10:21:23 on 2012-06-21
Microsoft Windows 7 Home Premium 6.1.7601.1.1252.44.1033.18.4001.1657 [GMT 1:00]
.
AV: PC Tools Spyware Doctor with AntiVirus *Enabled/Updated* {2F668A56-D5E0-2DF1-A0AE-CB1284F42AB2}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
SP: PC Tools Spyware Doctor with AntiVirus *Enabled/Updated* {94076BB2-F3DA-227F-9A1E-F060FF73600F}
.
============== Running Processes ===============
.
C:\Windows\system32\wininit.exe
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\svchost.exe -k RPCSS
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\svchost.exe -k NetworkService
C:\Windows\System32\spoolsv.exe
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Windows\system32\Dwm.exe
C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
C:\Windows\Explorer.EXE
C:\Program Files (x86)\Belkin\Router Setup and Monitor\BelkinService.exe
C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
C:\Program Files\Belkin\Belkin USB Print and Storage Center\BkBackupScheduler.exe
C:\Program Files\Belkin\Belkin USB Print and Storage Center\Bkapcs.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files (x86)\PC Tools\PC Tools Security\BDT\BDTUpdateService.exe
C:\Windows\SysWOW64\ezSharedSvcHost.exe
C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
C:\Program Files (x86)\FileZilla Server\FileZilla Server.exe
C:\Program Files\Hewlett-Packard\HP Client Services\HPClientServices.exe
C:\Program Files (x86)\Hewlett-Packard\Shared\HPDrvMntSvc.exe
C:\Program Files (x86)\Intel\Services\IPT\jhi_service.exe
C:\Program Files (x86)\PDF Complete\pdfsvc.exe
C:\Program Files (x86)\PC Tools\PC Tools Security\pctsAuxs.exe
C:\Windows\system32\taskhost.exe
C:\Program Files (x86)\PC Tools\PC Tools Security\pctsSvc.exe
C:\Program Files (x86)\Microsoft\BingBar\SeaPort.EXE
C:\Windows\system32\taskeng.exe
C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
C:\Windows\System32\igfxtray.exe
C:\Windows\System32\hkcmd.exe
C:\Windows\System32\igfxpers.exe
C:\Program Files (x86)\Hewlett-Packard\HP Odometer\hpsysdrv.exe
C:\Users\DJS\AppData\Local\Google\Update\GoogleUpdate.exe
C:\Program Files\Windows Sidebar\sidebar.exe
C:\Users\DJS\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
C:\Program Files (x86)\OpenOffice.org 3\program\soffice.exe
C:\Program Files (x86)\OpenOffice.org 3\program\soffice.bin
C:\Program Files (x86)\Hp\HP Software Update\hpwuschd2.exe
C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
C:\Program Files (x86)\iTunes\iTunesHelper.exe
C:\Program Files (x86)\Common Files\Research In Motion\USB Drivers\RIMBBLaunchAgent.exe
C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe
C:\Program Files (x86)\Samsung\Samsung SCX-4500 Series\SPanel\PSU\Scan2pc.exe
C:\Windows\Samsung\PanelMgr\SSMMgr.exe
C:\Program Files (x86)\Belkin\Router Setup and Monitor\BelkinRouterMonitor.exe
C:\Windows\Samsung\PanelMgr\caller64.exe
C:\Program Files\Belkin\Belkin USB Print and Storage Center\connect.exe
C:\Program Files (x86)\Belkin\Router Setup and Monitor\BelkinSetup.exe
C:\Program Files (x86)\Belkin\Router Setup and Monitor\dlnaPlugin.exe
C:\Program Files (x86)\PC Tools\PC Tools Security\pctsGui.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Windows\system32\SearchIndexer.exe
C:\Users\DJS\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\DJS\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\DJS\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\DJS\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\DJS\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\DJS\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
C:\Windows\system32\WUDFHost.exe
C:\Windows\SysWOW64\rundll32.exe
C:\Users\DJS\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\PC Tools\PC Tools Security\TFEngine\TFService.exe
C:\Users\DJS\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Adobe\Elements 10 Organizer\PhotoshopElementsFileAgent.exe
C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\hpsa_service.exe
C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
C:\Windows\system32\svchost.exe -k imgsvc
C:\Program Files\Windows Media Player\wmpnetwk.exe
C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe
C:\Windows\system32\wuauclt.exe
C:\Users\DJS\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Common Files\Java\Java Update\jucheck.exe
C:\Users\DJS\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\DJS\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Windows\system32\sppsvc.exe
C:\Program Files (x86)\Mozilla Firefox\firefox.exe
C:\Program Files (x86)\Mozilla Firefox\plugin-container.exe
C:\Windows\system32\SearchProtocolHost.exe
C:\Windows\system32\SearchFilterHost.exe
C:\Windows\system32\DllHost.exe
C:\Windows\system32\DllHost.exe
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\conhost.exe
C:\Windows\SysWOW64\cscript.exe
C:\Windows\system32\wbem\wmiprvse.exe
.
============== Pseudo HJT Report ===============
.
uStart Page = https://www.google.co.uk/
uInternet Settings,ProxyOverride = *.local
uURLSearchHooks: PC Tools Browser Guard: {472734ea-242a-422b-adf8-83d1e48cc825} - C:\Program Files (x86)\PC Tools\PC Tools Security\BDT\PCTBrowserDefender.dll
mWinlogon: Userinit=userinit.exe,
BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
BHO: PC Tools Browser Guard BHO: {2a0f3d1b-0909-4ff4-b272-609cce6054e7} - C:\Program Files (x86)\PC Tools\PC Tools Security\BDT\PCTBrowserDefender.dll
BHO: PlayBryte BHO: {61e0ef7a-9bc0-45ea-9b2f-f3e9f02692bd} - mscoree.dll
BHO: Windows Live ID Sign-in Helper: {9030d464-4c02-4abf-8ecc-5164760863c6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
BHO: Skype Browser Helper: {ae805869-2e5c-4ed4-8f7b-f1f7851a4497} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
BHO: File2LinkIB: {c23b756a-bd9f-4ca6-aded-17ab8ccf3e8b} - C:\Program Files (x86)\file2linkib\file2linkibX.dll
BHO: Bing Bar Helper: {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - "C:\Program Files (x86)\Microsoft\BingBar\BingExt.dll"
BHO: Java(tm) Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll
BHO: Yontoo: {fd72061e-9fde-484d-a58a-0bab4151cad8} - C:\Program Files (x86)\Yontoo\YontooIEClient.dll
TB: Bing Bar: {8dcb7100-df86-4384-8842-8fa844297b3f} - "C:\Program Files (x86)\Microsoft\BingBar\BingExt.dll"
TB: PC Tools Browser Guard: {472734ea-242a-422b-adf8-83d1e48cc825} - C:\Program Files (x86)\PC Tools\PC Tools Security\BDT\PCTBrowserDefender.dll
TB: File2LinkIB: {c23b756a-bd9f-4ca6-aded-17ab8ccf3e8b} - C:\Program Files (x86)\file2linkib\file2linkibX.dll
TB: {b278d9f8-0fa9-465e-9938-0c392605d8e3} - No File
uRun: [Google Update] "C:\Users\DJS\AppData\Local\Google\Update\GoogleUpdate.exe" /c
uRun: [Sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun
uRun: [093674ECE97C7DA80BFDFDC4CF032C619BDC522D._service_run] "C:\Users\DJS\AppData\Local\Google\Chrome\Application\chrome.exe" --type=service
mRun: [HP Software Update] c:\Program Files (x86)\HP\HP Software Update\HPWuSchd2.exe
mRun: [Easybits Recovery] C:\Program Files (x86)\EasyBits For Kids\ezRecover.exe
mRun: [PDF Complete] C:\Program Files (x86)\PDF Complete\pdfsty.exe
mRun: [SunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"
mRun: [APSDaemon] "C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe"
mRun: [iTunesHelper] "C:\Program Files (x86)\iTunes\iTunesHelper.exe"
mRun: [RIMBBLaunchAgent.exe] C:\Program Files (x86)\Common Files\Research In Motion\USB Drivers\RIMBBLaunchAgent.exe
mRun: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
mRun: [FileZilla Server Interface] "C:\Program Files (x86)\FileZilla Server\FileZilla Server Interface.exe"
mRun: [iBryte playbryte Desktop] C:\Program Files (x86)\iBryte\playbryte\ibrytedesktop.exe
mRun: [Spybot-S&D Cleaning] "C:\Program Files (x86)\Spybot - Search & Destroy 2\SDCleaner.exe" /autoclean
mRun: [Logan_S2P] C:\Program Files (x86)\Samsung\Samsung SCX-4500 Series\SPanel\PSU\Scan2pc.exe
mRun: [Samsung PanelMgr] C:\Windows\Samsung\PanelMgr\SSMMgr.exe /autorun
mRun: [InstaLAN] "C:\Program Files (x86)\Belkin\Router Setup and Monitor\BelkinRouterMonitor.exe" startup
mRun: [ISTray] "C:\Program Files (x86)\PC Tools\PC Tools Security\pctsGui.exe" /hideGUI
StartupFolder: C:\Users\DJS\AppData\Roaming\MICROS~1\Windows\STARTM~1\Programs\Startup\OPE NOF~1.LNK - C:\Program Files (x86)\OpenOffice.org 3\program\quickstart.exe
mPolicies-explorer: NoActiveDesktop = 1 (0x1)
mPolicies-explorer: EnableShellExecuteHooks = 1 (0x1)
mPolicies-system: ConsentPromptBehaviorAdmin = 5 (0x5)
mPolicies-system: ConsentPromptBehaviorUser = 3 (0x3)
mPolicies-system: EnableUIADesktopToggle = 0 (0x0)
IE: Add to Google Photos Screensa&ver - C:\Windows\system32\GPhotos.scr/200
IE: E&xport to Microsoft Excel - C:\PROGRA~2\MICROS~1\Office12\EXCEL.EXE/3000
IE: {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - {5F7B1267-94A9-47F5-98DB-E99415F33AEC} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll
IE: {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - C:\PROGRA~2\MICROS~1\Office12\REFIEBAR.DLL
LSP: C:\Program Files (x86)\Common Files\PC Tools\Lsp\PCTLsp.dll
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cab
TCP: DhcpNameServer = 192.168.1.254
TCP: Interfaces\{72C438E5-8E81-4D22-9D49-C23C1B7ADD0E} : DhcpNameServer = 192.168.1.254
Handler: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~2\COMMON~1\Skype\SKYPE4~1.DLL
Handler: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - C:\Program Files (x86)\Windows Live\Photo Gallery\AlbumDownloadProtocolHandler.dll
AppInit_DLLs: protector.dll
SEH: EasyBits ShellExecute Hook: {e54729e8-bb3d-4270-9d49-7389ea579090} - C:\Windows\SysWow64\EZUPBH~1.DLL
BHO-X64: Adobe PDF Link Helper: {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
BHO-X64: AcroIEHelperStub - No File
BHO-X64: PC Tools Browser Guard BHO: {2A0F3D1B-0909-4FF4-B272-609CCE6054E7} - C:\Program Files (x86)\PC Tools\PC Tools Security\BDT\PCTBrowserDefender.dll
BHO-X64: Browser Guard BHO - No File
BHO-X64: PlayBryte BHO: {61e0ef7a-9bc0-45ea-9b2f-f3e9f02692bd} - mscoree.dll
BHO-X64: Windows Live ID Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
BHO-X64: Skype Browser Helper: {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
BHO-X64: SkypeIEPluginBHO - No File
BHO-X64: File2LinkIB: {c23b756a-bd9f-4ca6-aded-17ab8ccf3e8b} - C:\Program Files (x86)\file2linkib\file2linkibX.dll
BHO-X64: File2LinkIB - No File
BHO-X64: Bing Bar Helper: {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - "C:\Program Files (x86)\Microsoft\BingBar\BingExt.dll"
BHO-X64: Java(tm) Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll
BHO-X64: Yontoo: {FD72061E-9FDE-484D-A58A-0BAB4151CAD8} - C:\Program Files (x86)\Yontoo\YontooIEClient.dll
BHO-X64: Yontoo Layers - No File
TB-X64: Bing Bar: {8dcb7100-df86-4384-8842-8fa844297b3f} - "C:\Program Files (x86)\Microsoft\BingBar\BingExt.dll"
TB-X64: PC Tools Browser Guard: {472734EA-242A-422B-ADF8-83D1E48CC825} - C:\Program Files (x86)\PC Tools\PC Tools Security\BDT\PCTBrowserDefender.dll
TB-X64: File2LinkIB: {c23b756a-bd9f-4ca6-aded-17ab8ccf3e8b} - C:\Program Files (x86)\file2linkib\file2linkibX.dll
TB-X64: {b278d9f8-0fa9-465e-9938-0c392605d8e3} - No File
mRun-x64: [HP Software Update] c:\Program Files (x86)\HP\HP Software Update\HPWuSchd2.exe
mRun-x64: [Easybits Recovery] C:\Program Files (x86)\EasyBits For Kids\ezRecover.exe
mRun-x64: [PDF Complete] C:\Program Files (x86)\PDF Complete\pdfsty.exe
mRun-x64: [SunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"
mRun-x64: [APSDaemon] "C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe"
mRun-x64: [iTunesHelper] "C:\Program Files (x86)\iTunes\iTunesHelper.exe"
mRun-x64: [RIMBBLaunchAgent.exe] C:\Program Files (x86)\Common Files\Research In Motion\USB Drivers\RIMBBLaunchAgent.exe
mRun-x64: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
mRun-x64: [FileZilla Server Interface] "C:\Program Files (x86)\FileZilla Server\FileZilla Server Interface.exe"
mRun-x64: [iBryte playbryte Desktop] C:\Program Files (x86)\iBryte\playbryte\ibrytedesktop.exe
mRun-x64: [Spybot-S&D Cleaning] "C:\Program Files (x86)\Spybot - Search & Destroy 2\SDCleaner.exe" /autoclean
mRun-x64: [Logan_S2P] C:\Program Files (x86)\Samsung\Samsung SCX-4500 Series\SPanel\PSU\Scan2pc.exe
mRun-x64: [Samsung PanelMgr] C:\Windows\Samsung\PanelMgr\SSMMgr.exe /autorun
mRun-x64: [InstaLAN] "C:\Program Files (x86)\Belkin\Router Setup and Monitor\BelkinRouterMonitor.exe" startup
mRun-x64: [ISTray] "C:\Program Files (x86)\PC Tools\PC Tools Security\pctsGui.exe" /hideGUI
AppInit_DLLs-X64: protector.dll
SEH-X64: EasyBits ShellExecute Hook: {E54729E8-BB3D-4270-9D49-7389EA579090} - C:\Windows\SysWow64\EZUPBH~1.DLL
.
================= FIREFOX ===================
.
FF - ProfilePath - C:\Users\DJS\AppData\Roaming\Mozilla\Firefox\Profiles\r62uapco.default\
FF - prefs.js: browser.startup.homepage - hxxps://login.yahoo.com/config/login_verify2?.intl=uk&.partner=bt-1&.done=http%3a//bt.yahoo.com/%3f
FF - plugin: C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll
FF - plugin: C:\Program Files (x86)\Common Files\Research In Motion\BBWebSLLauncher\NPWebSLLauncher.dll
FF - plugin: C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll
FF - plugin: C:\Program Files (x86)\Google\Picasa3\npPicasa3.dll
FF - plugin: C:\Program Files (x86)\Google\Update\1.3.21.111\npGoogleUpdate3.dll
FF - plugin: C:\Program Files (x86)\Java\jre6\bin\new_plugin\npdeployJava1.dll
FF - plugin: c:\Program Files (x86)\Microsoft Silverlight\4.1.10329.0\npctrlui.dll
FF - plugin: C:\Program Files (x86)\WildTangent Games\App\BrowserIntegration\Registered\1\NP_wtapp.dll
FF - plugin: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll
FF - plugin: C:\Users\DJS\AppData\Local\Google\Update\1.3.21.111\npGoogleUpdate3.dll
FF - plugin: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_2_202_235.dll
.
---- FIREFOX POLICIES ----
FF - user.js: extentions.y2layers.installId - 420efbda-25ed-4ace-87e1-9a3cfb51791b
FF - user.js: extentions.y2layers.defaultEnableAppsList - DropDownDeals,BestVideoDownloader,EzLooker,TwitTube,TopRelatedTopics,Buzzdo ck,
FF - user.js: security.csp.enable - false
FF - user.js: extensions.autoDisableScopes - 14//iBryte
============= SERVICES / DRIVERS ===============
.
R0 Lbd;Lbd;C:\Windows\system32\DRIVERS\Lbd.sys --> C:\Windows\system32\DRIVERS\Lbd.sys [?]
R0 PCTCore;PCTools KDS;C:\Windows\system32\drivers\PCTCore64.sys --> C:\Windows\system32\drivers\PCTCore64.sys [?]
R0 pctDS;PC Tools Data Store;C:\Windows\system32\drivers\pctDS64.sys --> C:\Windows\system32\drivers\pctDS64.sys [?]
R0 pctEFA;PC Tools Extended File Attributes;C:\Windows\system32\drivers\pctEFA64.sys --> C:\Windows\system32\drivers\pctEFA64.sys [?]
R0 PxHlpa64;PxHlpa64;C:\Windows\system32\Drivers\PxHlpa64.sys --> C:\Windows\system32\Drivers\PxHlpa64.sys [?]
R0 TfFsMon;TfFsMon;C:\Windows\system32\drivers\TfFsMon.sys --> C:\Windows\system32\drivers\TfFsMon.sys [?]
R0 TFSysMon;TFSysMon;C:\Windows\system32\drivers\TfSysMon.sys --> C:\Windows\system32\drivers\TfSysMon.sys [?]
R1 pctgntdi;pctgntdi;\??\C:\Windows\System32\drivers\pctgntdi64.sys --> C:\Windows\System32\drivers\pctgntdi64.sys [?]
R1 PCTSD;PC Tools Spyware Doctor Driver;C:\Windows\system32\Drivers\PCTSD64.sys --> C:\Windows\system32\Drivers\PCTSD64.sys [?]
R2 AdobeActiveFileMonitor10.0;Adobe Active File Monitor V10;C:\Program Files (x86)\Adobe\Elements 10 Organizer\PhotoshopElementsFileAgent.exe [2011-9-1 169624]
R2 AdobeARMservice;Adobe Acrobat Update Service;C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe [2012-1-3 63928]
R2 Belkin Local Backup Service;Belkin Local Backup Service;C:\Program Files\Belkin\Belkin USB Print and Storage Center\BkBackupScheduler.exe [2012-4-19 181760]
R2 Belkin Network USB Helper;Belkin Network USB Helper;C:\Program Files\Belkin\Belkin USB Print and Storage Center\Bkapcs.exe [2012-4-19 55296]
R2 Browser Defender Update Service;Browser Defender Update Service;C:\Program Files (x86)\PC Tools\PC Tools Security\BDT\BDTUpdateService.exe [2012-1-6 575416]
R2 ezSharedSvc;Easybits Services for Windows;C:\Windows\System32\ezSharedSvcHost.exe [2011-12-20 514232]
R2 HP Support Assistant Service;HP Support Assistant Service;C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\HPSA_Service.exe [2011-6-9 85560]
R2 HPClientSvc;HP Client Services;C:\Program Files\Hewlett-Packard\HP Client Services\HPClientServices.exe [2010-10-11 346168]
R2 HPDrvMntSvc.exe;HP Quick Synchronization Service;C:\Program Files (x86)\Hewlett-Packard\Shared\HPDrvMntSvc.exe [2011-3-29 94264]
R2 jhi_service;Intel(R) Identity Protection Technology Host Interface Service;C:\Program Files (x86)\Intel\Services\IPT\jhi_service.exe [2011-2-24 212944]
R2 pdfcDispatcher;PDF Document Manager;C:\Program Files (x86)\PDF Complete\pdfsvc.exe [2011-12-20 1128952]
R2 sdAuxService;PC Tools Auxiliary Service;C:\Program Files (x86)\PC Tools\PC Tools Security\pctsAuxs.exe [2012-6-20 402336]
R2 sdCoreService;PC Tools Security Service;C:\Program Files (x86)\PC Tools\PC Tools Security\pctsSvc.exe [2012-6-20 1118648]
R2 SSPORT;SSPORT;\??\C:\Windows\system32\Drivers\SSPORT.sys --> C:\Windows\system32\Drivers\SSPORT.sys [?]
R2 sxuptp;SXUPTP Driver;C:\Windows\system32\DRIVERS\sxuptp.sys --> C:\Windows\system32\DRIVERS\sxuptp.sys [?]
R2 UNS;Intel(R) Management and Security Application User Notification Service;C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe [2011-12-20 2656280]
R3 MEIx64;Intel(R) Management Engine Interface;C:\Windows\system32\drivers\HECIx64.sys --> C:\Windows\system32\drivers\HECIx64.sys [?]
R3 PCTBD;PC Tools Browser Defender Driver;C:\Windows\system32\Drivers\PCTBD64.sys --> C:\Windows\system32\Drivers\PCTBD64.sys [?]
R3 pctplsg;pctplsg;\??\C:\Windows\System32\drivers\pctplsg64.sys --> C:\Windows\System32\drivers\pctplsg64.sys [?]
R3 RTL8167;Realtek 8167 NT Driver;C:\Windows\system32\DRIVERS\Rt64win7.sys --> C:\Windows\system32\DRIVERS\Rt64win7.sys [?]
R3 TfNetMon;TfNetMon;\??\C:\Windows\system32\drivers\TfNetMon.sys --> C:\Windows\system32\drivers\TfNetMon.sys [?]
R3 ThreatFire;ThreatFire;C:\Program Files (x86)\PC Tools\PC Tools Security\TFEngine\TFService.exe service --> C:\Program Files (x86)\PC Tools\PC Tools Security\TFEngine\TFService.exe service [?]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]
S2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-3-18 138576]
S2 gupdate;Google Update Service (gupdate);C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2012-3-25 116648]
S2 SkypeUpdate;Skype Updater;C:\Program Files (x86)\Skype\Updater\Updater.exe [2012-2-29 158856]
S3 AdobeFlashPlayerUpdateSvc;Adobe Flash Player Update Service;C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-4-13 257696]
S3 BBSvc;Bing Bar Update Service;C:\Program Files (x86)\Microsoft\BingBar\BBSvc.EXE [2011-3-2 183560]
S3 dg_ssudbus;SAMSUNG Mobile USB Composite Device Driver (DEVGURU Ver.);C:\Windows\system32\DRIVERS\ssudbus.sys --> C:\Windows\system32\DRIVERS\ssudbus.sys [?]
S3 GamesAppService;GamesAppService;C:\Program Files (x86)\WildTangent Games\App\GamesAppService.exe [2010-10-12 206072]
S3 gupdatem;Google Update Service (gupdatem);C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2012-3-25 116648]
S3 Impcd;Impcd;C:\Windows\system32\drivers\Impcd.sys --> C:\Windows\system32\drivers\Impcd.sys [?]
S3 pmxdrv;pmxdrv;\??\C:\Windows\system32\drivers\pmxdrv.sys --> C:\Windows\system32\drivers\pmxdrv.sys [?]
S3 Samsung UPD Service;Samsung UPD Service;"C:\Windows\System32\SUPDSvc.exe" --> C:\Windows\System32\SUPDSvc.exe [?]
S3 ssudmdm;SAMSUNG Mobile USB Modem Drivers (DEVGURU Ver.);C:\Windows\system32\DRIVERS\ssudmdm.sys --> C:\Windows\system32\DRIVERS\ssudmdm.sys [?]
S3 TsUsbFlt;TsUsbFlt;C:\Windows\system32\drivers\tsusbflt.sys --> C:\Windows\system32\drivers\tsusbflt.sys [?]
S3 TsUsbGD;Remote Desktop Generic USB Device;C:\Windows\system32\drivers\TsUsbGD.sys --> C:\Windows\system32\drivers\TsUsbGD.sys [?]
S3 USBAAPL64;Apple Mobile USB Driver;C:\Windows\system32\Drivers\usbaapl64.sys --> C:\Windows\system32\Drivers\usbaapl64.sys [?]
S3 WatAdminSvc;Windows Activation Technologies Service;C:\Windows\system32\Wat\WatAdminSvc.exe --> C:\Windows\system32\Wat\WatAdminSvc.exe [?]
S3 WDC_SAM;WD SCSI Pass Thru driver;C:\Windows\system32\DRIVERS\wdcsam64.sys --> C:\Windows\system32\DRIVERS\wdcsam64.sys [?]
S4 wlcrasvc;Windows Live Mesh remote connections service;C:\Program Files\Windows Live\Mesh\wlcrasvc.exe [2010-9-23 57184]
.
=============== Created Last 30 ================
.
2012-06-21 06:39:43 2622464 ----a-w- C:\Windows\System32\wucltux.dll
2012-06-21 06:39:05 36864 ----a-w- C:\Windows\System32\wuapp.exe
2012-06-21 06:39:05 186752 ----a-w- C:\Windows\System32\wuwebv.dll
2012-06-20 17:34:24 706776 --s---w- C:\Windows\System32\drivers\TfSysMon.sys
2012-06-20 17:34:24 65664 --s---w- C:\Windows\System32\drivers\TfFsMon.sys
2012-06-20 17:34:24 41968 --s---w- C:\Windows\System32\drivers\TfNetMon.sys
2012-06-20 17:33:31 341168 ----a-w- C:\Windows\System32\drivers\pctgntdi64.sys
2012-06-20 17:33:31 145432 ----a-w- C:\Windows\System32\drivers\pctwfpfilter64.sys
2012-06-20 17:33:29 14776 ----a-w- C:\Windows\System32\drivers\pctBTFix64.sys
2012-06-20 17:33:28 92896 ----a-w- C:\Windows\System32\drivers\pctplsg64.sys
2012-06-20 17:32:34 453896 ----a-w- C:\Windows\System32\drivers\pctDS64.sys
2012-06-20 17:32:34 1096176 ----a-w- C:\Windows\System32\drivers\pctEFA64.sys
2012-06-20 17:32:31 426616 ----a-w- C:\Windows\System32\drivers\PCTCore64.sys
2012-06-20 17:32:31 251528 ----a-w- C:\Windows\System32\drivers\PCTSD64.sys
2012-06-20 15:00:50 24904 ----a-w- C:\Windows\System32\drivers\mbam.sys
2012-06-20 15:00:50 -------- d-----w- C:\Program Files (x86)\Malwarebytes' Anti-Malware
2012-06-20 12:07:58 -------- d-----w- C:\Program Files (x86)\VideoLAN
2012-06-15 11:43:08 53248 ----a-r- C:\Users\DJS\AppData\Roaming\Microsoft\Installer\{9064317A-39C7-40D5-8CF5-04A254747B88}\ARPPRODUCTICON.exe
2012-06-14 02:01:59 9216 ----a-w- C:\Windows\System32\rdrmemptylst.exe
2012-06-14 02:01:59 77312 ----a-w- C:\Windows\System32\rdpwsx.dll
2012-06-14 02:01:59 149504 ----a-w- C:\Windows\System32\rdpcorekmts.dll
2012-06-14 02:01:43 209920 ----a-w- C:\Windows\System32\profsvc.dll
2012-06-14 02:01:39 5559664 ----a-w- C:\Windows\System32\ntoskrnl.exe
2012-06-14 02:01:38 3968368 ----a-w- C:\Windows\SysWow64\ntkrnlpa.exe
2012-06-14 02:01:38 3913072 ----a-w- C:\Windows\SysWow64\ntoskrnl.exe
2012-06-13 04:37:14 210944 ----a-w- C:\Windows\System32\drivers\rdpwd.sys
2012-06-13 04:37:12 3216384 ----a-w- C:\Windows\System32\msi.dll
2012-06-13 04:37:11 2342400 ----a-w- C:\Windows\SysWow64\msi.dll
2012-06-13 04:37:00 1462272 ----a-w- C:\Windows\System32\crypt32.dll
2012-06-13 04:36:59 184320 ----a-w- C:\Windows\System32\cryptsvc.dll
2012-06-13 04:36:59 140288 ----a-w- C:\Windows\SysWow64\cryptsvc.dll
2012-06-13 04:36:59 140288 ----a-w- C:\Windows\System32\cryptnet.dll
2012-06-13 04:36:59 1158656 ----a-w- C:\Windows\SysWow64\crypt32.dll
2012-06-13 04:36:58 103936 ----a-w- C:\Windows\SysWow64\cryptnet.dll
2012-06-11 19:25:09 -------- d-----w- C:\Users\DJS\AppData\Local\MetaGeek,_LLC
2012-06-11 19:24:28 -------- d-----w- C:\Program Files (x86)\MetaGeek
2012-06-11 15:59:40 -------- d-----w- C:\Program Files\CCleaner
.
==================== Find3M ====================
.
2012-05-18 02:06:48 2311680 ----a-w- C:\Windows\System32\jscript9.dll
2012-05-18 01:59:14 1392128 ----a-w- C:\Windows\System32\wininet.dll
2012-05-18 01:58:39 1494528 ----a-w- C:\Windows\System32\inetcpl.cpl
2012-05-18 01:55:22 173056 ----a-w- C:\Windows\System32\ieUnatt.exe
2012-05-18 01:51:30 2382848 ----a-w- C:\Windows\System32\mshtml.tlb
2012-05-17 22:45:37 1800192 ----a-w- C:\Windows\SysWow64\jscript9.dll
2012-05-17 22:35:47 1129472 ----a-w- C:\Windows\SysWow64\wininet.dll
2012-05-17 22:35:39 1427968 ----a-w- C:\Windows\SysWow64\inetcpl.cpl
2012-05-17 22:29:45 142848 ----a-w- C:\Windows\SysWow64\ieUnatt.exe
2012-05-17 22:24:45 2382848 ----a-w- C:\Windows\SysWow64\mshtml.tlb
2012-05-15 01:32:33 3146752 ----a-w- C:\Windows\System32\win32k.sys
2012-05-08 17:21:48 85192 ----a-w- C:\Windows\System32\drivers\PCTBD64.sys
2012-05-08 17:21:44 149432 ----a-w- C:\Windows\SGDetectionTool.dll0653.old
2012-05-08 17:21:44 149432 ----a-w- C:\Windows\SGDetectionTool.dll
2012-05-08 17:21:42 2267064 ----a-w- C:\Windows\PCTBDCore.dll0653.old
2012-05-08 17:21:42 2267064 ----a-w- C:\Windows\PCTBDCore.dll
2012-05-08 17:21:42 1681336 ----a-w- C:\Windows\PCTBDRes.dll
2012-05-08 17:21:24 767928 ----a-w- C:\Windows\BDTSupport.dll0653.old
2012-05-08 17:21:24 767928 ----a-w- C:\Windows\BDTSupport.dll
2012-05-05 12:35:15 70304 ----a-w- C:\Windows\SysWow64\FlashPlayerCPLApp.cpl
2012-05-05 12:35:15 419488 ----a-w- C:\Windows\SysWow64\FlashPlayerApp.exe
2012-05-05 12:35:13 8744608 ----a-w- C:\Windows\SysWow64\FlashPlayerInstaller.exe
2012-03-30 11:35:47 1918320 ----a-w- C:\Windows\System32\drivers\tcpip.sys
.
============= FINISH: 10:22:20.95 ===============

Also tried Malwarebytes before doing this. No joy. Log here.
Malwarebytes Anti-Malware 1.61.0.1400
www.malwarebytes.org

Database version: v2012.06.20.06

Windows 7 Service Pack 1 x64 NTFS
Internet Explorer 9.0.8112.16421
DJS :: DJS-HP [administrator]

20/06/2012 20:39:07
mbam-log-2012-06-20 (20-39-07).txt

Scan type: Full scan
Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM
Scan options disabled: P2P
Objects scanned: 397250
Time elapsed: 42 minute(s), 15 second(s)

Memory Processes Detected: 0
(No malicious items detected)

Memory Modules Detected: 0
(No malicious items detected)

Registry Keys Detected: 0
(No malicious items detected)

Registry Values Detected: 0
(No malicious items detected)

Registry Data Items Detected: 0
(No malicious items detected)

Folders Detected: 0
(No malicious items detected)

Files Detected: 0
(No malicious items detected)

(end)
Attachment Blocked
Attachments in the HJT forum are often designed to solve a specific issue and not meant to be used without instructions specific to your computer. If you want help specific to your computer, please post a HiJackThis Log. If you started this thread, please make sure you are logged in to be able to view attachments.

Last edited by Sandy379; 21-Jun-2012 at 04:48 AM.. Reason: Add attaxch file
dvk01's Avatar
dvk01   (Derek) dvk01 is online now dvk01 is authorized to help remove malware.
Moderator & Malware Removal Specialist with 45,906 posts.
 
Join Date: Dec 2002
Location: Loughton, Essex, UK
21-Jun-2012, 05:18 AM #2
first try
http://support.google.com/chrome/bin...&answer=113907

see if goonsearch is listed there
Sandy379's Avatar
Sandy379 Sandy379 is offline
Computer Specs
Member with 15 posts.
THREAD STARTER
 
Join Date: Jun 2012
Experience: Intermediate
21-Jun-2012, 05:33 AM #3
Unfortunately it isn't. Lots about 'goonsearch' (not on google support) when you search but little of it is productive or helpful.
dvk01's Avatar
dvk01   (Derek) dvk01 is online now dvk01 is authorized to help remove malware.
Moderator & Malware Removal Specialist with 45,906 posts.
 
Join Date: Dec 2002
Location: Loughton, Essex, UK
21-Jun-2012, 05:56 AM #4
Delete any existing version of ComboFix you have sitting on your desktop
Please read and follow all these instructions very carefully
Do not edit or remove any information or user names etc, otherwise we cannot fix the problem. If you insist on editing out anything then I will close the topic & refuse to offer any help.

Download ComboFix from Here or Hereto your Desktop.
As you download it rename it to username123.exe


**Note: It is important that it is saved directly to your desktop and run from the desktop and not any other folder on your computer**
--------------------------------------------------------------------
1. Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.
  • Very Important! Temporarily disable your anti-virus and anti-malware real-time protection and any script blocking components of them or your firewall before performing a scan. They can interfere with ComboFix or remove some of its embedded files which may cause "unpredictable results" or stop combofix running at all
  • Click on THIS LINK to see instructions on how to temporarily disable many security programs while running combofix. The list does not cover every program. If yours is not listed and you don't know how to disable it, please ask.
  • Remember to re enable the protection again after combofix has finished
--------------------------------------------------------------------
2. Close any open browsers and any other programs you might have running
Double click on renamed combofix.exe & follow the prompts.
If you are using windows XP It might display a pop up saying that "Recovery console is not installed, do you want to install?"
Please select yes & let it download the files it needs to do this. Once the recovery console is installed Combofix will then offer to scan for malware. Select continue or yes.
When finished, it will produce a report for you.
Please post the "C:\ComboFix.txt" for further review


****Note: Do not mouseclick combofix's window while it's running. That may cause it to stall or freeze ****

Note: ComboFix may reset a number of Internet Explorer's settings, including making it the default browser.
Note: Combofix prevents autorun of ALL CDs, floppies and USB devices to assist with malware removal & increase security. If this is an issue or makes it difficult for you -- please tell us when you reply. Read HERE why we disable autoruns

Please do not install any new programs or update anything (always allow your antivirus/antispyware to update) unless told to do so while we are fixing your problem. If combofix alerts to a new version and offers to update, please let it. It is essential we always use the latest version.

Please tell us if it has cured the problems or if there are any outstanding issues
__________________
Derek Microsoft MVP/Windows - Security | Thespykiller | How to protect yourself and other Security Advice
Find out all about the European Wild Hedgehog, what you can do to save it from extinction Hedgehog Rescue
Sandy379's Avatar
Sandy379 Sandy379 is offline
Computer Specs
Member with 15 posts.
THREAD STARTER
 
Join Date: Jun 2012
Experience: Intermediate
21-Jun-2012, 06:36 AM #5
Thanks for the help: much appreciated.

Run combo fix. Report below. Goonsearch still appears.


ComboFix 12-06-21.01 - DJS 21/06/2012 12:16:57.1.4 - x64
Microsoft Windows 7 Home Premium 6.1.7601.1.1252.44.1033.18.4001.1959 [GMT 1:00]
Running from: c:\users\DJS\Downloads\ComboFix.exe
AV: PC Tools Spyware Doctor with AntiVirus *Enabled/Updated* {2F668A56-D5E0-2DF1-A0AE-CB1284F42AB2}
SP: PC Tools Spyware Doctor with AntiVirus *Enabled/Updated* {94076BB2-F3DA-227F-9A1E-F060FF73600F}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
C:\Install.exe
c:\program files (x86)\file2linkib
c:\program files (x86)\file2linkib\chrome\content\lib\about.xml
c:\program files (x86)\file2linkib\chrome\content\lib\dtxpanel.xul
c:\program files (x86)\file2linkib\chrome\content\lib\dtxpaneltransparent.xul
c:\program files (x86)\file2linkib\chrome\content\lib\dtxpanelwin.xul
c:\program files (x86)\file2linkib\chrome\content\lib\dtxprefwin.xul
c:\program files (x86)\file2linkib\chrome\content\lib\dtxtransparentwin.xul
c:\program files (x86)\file2linkib\chrome\content\lib\dtxwin.xul
c:\program files (x86)\file2linkib\chrome\content\lib\emailnotifierproviders.xml
c:\program files (x86)\file2linkib\chrome\content\lib\external.js
c:\program files (x86)\file2linkib\chrome\content\lib\neterror.xhtml
c:\program files (x86)\file2linkib\chrome\content\lib\rsspreview.html
c:\program files (x86)\file2linkib\chrome\content\lib\rsswin.xml
c:\program files (x86)\file2linkib\chrome\content\lib\rsswin.xsl
c:\program files (x86)\file2linkib\chrome\content\lib\vmncode.js
c:\program files (x86)\file2linkib\chrome\content\lib\wmpstreamer.html
c:\program files (x86)\file2linkib\chrome\content\modules\datastore.jsm
c:\program files (x86)\file2linkib\chrome\content\modules\nsDragAndDrop.js
c:\program files (x86)\file2linkib\chrome\content\neterror.xhtml
c:\program files (x86)\file2linkib\chrome\content\newtab\images\btn_search.gif
c:\program files (x86)\file2linkib\chrome\content\newtab\images\bullet.gif
c:\program files (x86)\file2linkib\chrome\content\newtab\images\field_bg.gif
c:\program files (x86)\file2linkib\chrome\content\newtab\images\powered_by_yahoo.gif
c:\program files (x86)\file2linkib\chrome\content\newtab\newtab.html
c:\program files (x86)\file2linkib\chrome\content\newtab\newtab_mystart.html
c:\program files (x86)\file2linkib\chrome\content\newtab\newtab_yahoo.html
c:\program files (x86)\file2linkib\chrome\content\preferences.xml
c:\program files (x86)\file2linkib\chrome\content\template.xml
c:\program files (x86)\file2linkib\chrome\content\toolbar.htm
c:\program files (x86)\file2linkib\chrome\content\toolbar.xul
c:\program files (x86)\file2linkib\chrome\content\vmncode.js
c:\program files (x86)\file2linkib\chrome\content\vmnrsswin.xml
c:\program files (x86)\file2linkib\chrome\content\widgets\net.vmn.www.Coupons_v2\.#widget.xml.1.2
c:\program files (x86)\file2linkib\chrome\content\widgets\net.vmn.www.Coupons_v2\alert_coupon.css
c:\program files (x86)\file2linkib\chrome\content\widgets\net.vmn.www.Coupons_v2\arrow-next-off.png
c:\program files (x86)\file2linkib\chrome\content\widgets\net.vmn.www.Coupons_v2\arrow-next.png
c:\program files (x86)\file2linkib\chrome\content\widgets\net.vmn.www.Coupons_v2\arrow-previous-off.png
c:\program files (x86)\file2linkib\chrome\content\widgets\net.vmn.www.Coupons_v2\arrow-previous.png
c:\program files (x86)\file2linkib\chrome\content\widgets\net.vmn.www.Coupons_v2\bg-coupon-blue.png
c:\program files (x86)\file2linkib\chrome\content\widgets\net.vmn.www.Coupons_v2\bg-save.png
c:\program files (x86)\file2linkib\chrome\content\widgets\net.vmn.www.Coupons_v2\border-radius.htc
c:\program files (x86)\file2linkib\chrome\content\widgets\net.vmn.www.Coupons_v2\btn-getcoupon.png
c:\program files (x86)\file2linkib\chrome\content\widgets\net.vmn.www.Coupons_v2\btn-next-blue.png
c:\program files (x86)\file2linkib\chrome\content\widgets\net.vmn.www.Coupons_v2\btn-previous-blue.png
c:\program files (x86)\file2linkib\chrome\content\widgets\net.vmn.www.Coupons_v2\btn-wide-close-over.png
c:\program files (x86)\file2linkib\chrome\content\widgets\net.vmn.www.Coupons_v2\btn-wide-close.png
c:\program files (x86)\file2linkib\chrome\content\widgets\net.vmn.www.Coupons_v2\coupon-activated.png
c:\program files (x86)\file2linkib\chrome\content\widgets\net.vmn.www.Coupons_v2\couponTooltip.js
c:\program files (x86)\file2linkib\chrome\content\widgets\net.vmn.www.Coupons_v2\css\dialog.css
c:\program files (x86)\file2linkib\chrome\content\widgets\net.vmn.www.Coupons_v2\css\ie7style.css
c:\program files (x86)\file2linkib\chrome\content\widgets\net.vmn.www.Coupons_v2\css\IE7Styles.css
c:\program files (x86)\file2linkib\chrome\content\widgets\net.vmn.www.Coupons_v2\ico-coupon.png
c:\program files (x86)\file2linkib\chrome\content\widgets\net.vmn.www.Coupons_v2\ico-dollar.png
c:\program files (x86)\file2linkib\chrome\content\widgets\net.vmn.www.Coupons_v2\images\arrow-grey.png
c:\program files (x86)\file2linkib\chrome\content\widgets\net.vmn.www.Coupons_v2\images\arrows_grey-left.gif
c:\program files (x86)\file2linkib\chrome\content\widgets\net.vmn.www.Coupons_v2\images\arrows_grey-right.gif
c:\program files (x86)\file2linkib\chrome\content\widgets\net.vmn.www.Coupons_v2\images\bg_top.png
c:\program files (x86)\file2linkib\chrome\content\widgets\net.vmn.www.Coupons_v2\images\btn-back.png
c:\program files (x86)\file2linkib\chrome\content\widgets\net.vmn.www.Coupons_v2\images\btn-getcoupon.png
c:\program files (x86)\file2linkib\chrome\content\widgets\net.vmn.www.Coupons_v2\images\btn-search.png
c:\program files (x86)\file2linkib\chrome\content\widgets\net.vmn.www.Coupons_v2\images\coupon-activated.png
c:\program files (x86)\file2linkib\chrome\content\widgets\net.vmn.www.Coupons_v2\images\delete.png
c:\program files (x86)\file2linkib\chrome\content\widgets\net.vmn.www.Coupons_v2\images\loader.gif
c:\program files (x86)\file2linkib\chrome\content\widgets\net.vmn.www.Coupons_v2\images\save.png
c:\program files (x86)\file2linkib\chrome\content\widgets\net.vmn.www.Coupons_v2\images\scrollb-disable.png
c:\program files (x86)\file2linkib\chrome\content\widgets\net.vmn.www.Coupons_v2\images\scrollb-down.png
c:\program files (x86)\file2linkib\chrome\content\widgets\net.vmn.www.Coupons_v2\images\scrollb.png
c:\program files (x86)\file2linkib\chrome\content\widgets\net.vmn.www.Coupons_v2\images\scrollt-disable.png
c:\program files (x86)\file2linkib\chrome\content\widgets\net.vmn.www.Coupons_v2\images\scrollt-down.png
c:\program files (x86)\file2linkib\chrome\content\widgets\net.vmn.www.Coupons_v2\images\scrollt.png
c:\program files (x86)\file2linkib\chrome\content\widgets\net.vmn.www.Coupons_v2\images\sprite.png
c:\program files (x86)\file2linkib\chrome\content\widgets\net.vmn.www.Coupons_v2\images\tab-arrow-hover.png
c:\program files (x86)\file2linkib\chrome\content\widgets\net.vmn.www.Coupons_v2\images\tab-arrow.png
c:\program files (x86)\file2linkib\chrome\content\widgets\net.vmn.www.Coupons_v2\images\tab-off-l.png
c:\program files (x86)\file2linkib\chrome\content\widgets\net.vmn.www.Coupons_v2\images\tab-off-l_BAK.png
c:\program files (x86)\file2linkib\chrome\content\widgets\net.vmn.www.Coupons_v2\images\tab-off-r.png
c:\program files (x86)\file2linkib\chrome\content\widgets\net.vmn.www.Coupons_v2\images\tab-off-r_BAK.png
c:\program files (x86)\file2linkib\chrome\content\widgets\net.vmn.www.Coupons_v2\images\tab-on-l.png
c:\program files (x86)\file2linkib\chrome\content\widgets\net.vmn.www.Coupons_v2\images\tab-on-r.png
c:\program files (x86)\file2linkib\chrome\content\widgets\net.vmn.www.Coupons_v2\images\tab-over-l.png
c:\program files (x86)\file2linkib\chrome\content\widgets\net.vmn.www.Coupons_v2\images\tab-over-r.png
c:\program files (x86)\file2linkib\chrome\content\widgets\net.vmn.www.Coupons_v2\images\tab-white-left.png
c:\program files (x86)\file2linkib\chrome\content\widgets\net.vmn.www.Coupons_v2\images\tab-white-mdl.png
c:\program files (x86)\file2linkib\chrome\content\widgets\net.vmn.www.Coupons_v2\images\tab-white-right.png
c:\program files (x86)\file2linkib\chrome\content\widgets\net.vmn.www.Coupons_v2\images\vid-bg.png
c:\program files (x86)\file2linkib\chrome\content\widgets\net.vmn.www.Coupons_v2\index.html
c:\program files (x86)\file2linkib\chrome\content\widgets\net.vmn.www.Coupons_v2\jquery.contextMenu.css
c:\program files (x86)\file2linkib\chrome\content\widgets\net.vmn.www.Coupons_v2\jquery.contextMenu.js
c:\program files (x86)\file2linkib\chrome\content\widgets\net.vmn.www.Coupons_v2\js\jquery-1.4.2.min.js
c:\program files (x86)\file2linkib\chrome\content\widgets\net.vmn.www.Coupons_v2\js\jquery.event.wheel.js
c:\program files (x86)\file2linkib\chrome\content\widgets\net.vmn.www.Coupons_v2\js\jquery.pagination.js
c:\program files (x86)\file2linkib\chrome\content\widgets\net.vmn.www.Coupons_v2\js\jquery.scrollTo-min.js
c:\program files (x86)\file2linkib\chrome\content\widgets\net.vmn.www.Coupons_v2\js\JSON.js
c:\program files (x86)\file2linkib\chrome\content\widgets\net.vmn.www.Coupons_v2\js\listnav.js
c:\program files (x86)\file2linkib\chrome\content\widgets\net.vmn.www.Coupons_v2\js\main.js
c:\program files (x86)\file2linkib\chrome\content\widgets\net.vmn.www.Coupons_v2\page_white_copy.gif
c:\program files (x86)\file2linkib\chrome\content\widgets\net.vmn.www.Coupons_v2\panel.html
c:\program files (x86)\file2linkib\chrome\content\widgets\net.vmn.www.Coupons_v2\partner.xml
c:\program files (x86)\file2linkib\chrome\content\widgets\net.vmn.www.Coupons_v2\placeholder-logo.png
c:\program files (x86)\file2linkib\chrome\content\widgets\net.vmn.www.Coupons_v2\skin\css\dialog.css
c:\program files (x86)\file2linkib\chrome\content\widgets\net.vmn.www.Coupons_v2\skin\images\bg.png
c:\program files (x86)\file2linkib\chrome\content\widgets\net.vmn.http://www.Coupons_v2\skin\images\bt...alert-over.png
c:\program files (x86)\file2linkib\chrome\content\widgets\net.vmn.www.Coupons_v2\skin\images\btn-disablealert.png
c:\program files (x86)\file2linkib\chrome\content\widgets\net.vmn.http://www.Coupons_v2\skin\images\bt...alert-over.png
c:\program files (x86)\file2linkib\chrome\content\widgets\net.vmn.www.Coupons_v2\skin\images\btn-enablealert.png
c:\program files (x86)\file2linkib\chrome\content\widgets\net.vmn.www.Coupons_v2\skin\images\btn-help-over.png
c:\program files (x86)\file2linkib\chrome\content\widgets\net.vmn.www.Coupons_v2\skin\images\btn-help.png
c:\program files (x86)\file2linkib\chrome\content\widgets\net.vmn.http://www.Coupons_v2\skin\images\bt...lerts-over.png
c:\program files (x86)\file2linkib\chrome\content\widgets\net.vmn.www.Coupons_v2\skin\images\btn-managealerts.png
c:\program files (x86)\file2linkib\chrome\content\widgets\net.vmn.http://www.Coupons_v2\skin\images\bt...alert-over.png
c:\program files (x86)\file2linkib\chrome\content\widgets\net.vmn.www.Coupons_v2\skin\images\btn-showalert.png
c:\program files (x86)\file2linkib\chrome\content\widgets\net.vmn.http://www.Coupons_v2\skin\images\bt...close-over.png
c:\program files (x86)\file2linkib\chrome\content\widgets\net.vmn.www.Coupons_v2\skin\images\btn-wide-close.png
c:\program files (x86)\file2linkib\chrome\content\widgets\net.vmn.www.Coupons_v2\skin\images\default.png
c:\program files (x86)\file2linkib\chrome\content\widgets\net.vmn.www.Coupons_v2\skin\images\power-couponcamp.png
c:\program files (x86)\file2linkib\chrome\content\widgets\net.vmn.http://www.Coupons_v2\skin\images\po...uponwinner.png
c:\program files (x86)\file2linkib\chrome\content\widgets\net.vmn.www.Coupons_v2\skin\images\transparent.gif
c:\program files (x86)\file2linkib\chrome\content\widgets\net.vmn.www.Coupons_v2\skin\images\win-btm-left.png
c:\program files (x86)\file2linkib\chrome\content\widgets\net.vmn.www.Coupons_v2\skin\images\win-btm-left_old.png
c:\program files (x86)\file2linkib\chrome\content\widgets\net.vmn.www.Coupons_v2\skin\images\win-btm-mdl.png
c:\program files (x86)\file2linkib\chrome\content\widgets\net.vmn.www.Coupons_v2\skin\images\win-btm-mdl_old.png
c:\program files (x86)\file2linkib\chrome\content\widgets\net.vmn.http://www.Coupons_v2\skin\images\wi...ght-resize.png
c:\program files (x86)\file2linkib\chrome\content\widgets\net.vmn.www.Coupons_v2\skin\images\win-btm-right.png
c:\program files (x86)\file2linkib\chrome\content\widgets\net.vmn.www.Coupons_v2\skin\images\win-btm-right_old.png
c:\program files (x86)\file2linkib\chrome\content\widgets\net.vmn.www.Coupons_v2\skin\main.html
c:\program files (x86)\file2linkib\chrome\content\widgets\net.vmn.www.Coupons_v2\skin\main.html.bak
c:\program files (x86)\file2linkib\chrome\content\widgets\net.vmn.www.Coupons_v2\skin\scripts\defscript.js
c:\program files (x86)\file2linkib\chrome\content\widgets\net.vmn.www.Coupons_v2\tb_icon.png
c:\program files (x86)\file2linkib\chrome\content\widgets\net.vmn.www.Coupons_v2\widget.js
c:\program files (x86)\file2linkib\chrome\content\widgets\net.vmn.www.Coupons_v2\widget.jsw
c:\program files (x86)\file2linkib\chrome\content\widgets\net.vmn.www.Coupons_v2\widget.xml
c:\program files (x86)\file2linkib\chrome\content\widgets\net.vmn.www.Coupons_v2\widget_version.txt
c:\program files (x86)\file2linkib\chrome\content\widgets\net.vmn.www.MyStartFacebook\css\dialog.css
c:\program files (x86)\file2linkib\chrome\content\widgets\net.vmn.www.MyStartFacebook\images\arrow-grey.png
c:\program files (x86)\file2linkib\chrome\content\widgets\net.vmn.www.MyStartFacebook\images\arrows_grey-left.gif
c:\program files (x86)\file2linkib\chrome\content\widgets\net.vmn.www.MyStartFacebook\images\arrows_grey-right.gif
c:\program files (x86)\file2linkib\chrome\content\widgets\net.vmn.www.MyStartFacebook\images\back.png
c:\program files (x86)\file2linkib\chrome\content\widgets\net.vmn.www.MyStartFacebook\images\btn-search-over.png
c:\program files (x86)\file2linkib\chrome\content\widgets\net.vmn.www.MyStartFacebook\images\btn-search.png
c:\program files (x86)\file2linkib\chrome\content\widgets\net.vmn.www.MyStartFacebook\images\delete.png
c:\program files (x86)\file2linkib\chrome\content\widgets\net.vmn.www.MyStartFacebook\images\scrollb-disable.png
c:\program files (x86)\file2linkib\chrome\content\widgets\net.vmn.www.MyStartFacebook\images\scrollb-down.png
c:\program files (x86)\file2linkib\chrome\content\widgets\net.vmn.www.MyStartFacebook\images\scrollb.png
c:\program files (x86)\file2linkib\chrome\content\widgets\net.vmn.www.MyStartFacebook\images\scrollt-disable.png
c:\program files (x86)\file2linkib\chrome\content\widgets\net.vmn.www.MyStartFacebook\images\scrollt-down.png
c:\program files (x86)\file2linkib\chrome\content\widgets\net.vmn.www.MyStartFacebook\images\scrollt.png
c:\program files (x86)\file2linkib\chrome\content\widgets\net.vmn.www.MyStartFacebook\images\tab-arrow-hover.png
c:\program files (x86)\file2linkib\chrome\content\widgets\net.vmn.www.MyStartFacebook\images\tab-arrow.png
c:\program files (x86)\file2linkib\chrome\content\widgets\net.vmn.www.MyStartFacebook\images\tab-off-l.png
c:\program files (x86)\file2linkib\chrome\content\widgets\net.vmn.www.MyStartFacebook\images\tab-off-r.png
c:\program files (x86)\file2linkib\chrome\content\widgets\net.vmn.www.MyStartFacebook\images\tab-on-l.png
c:\program files (x86)\file2linkib\chrome\content\widgets\net.vmn.www.MyStartFacebook\images\tab-on-r.png
c:\program files (x86)\file2linkib\chrome\content\widgets\net.vmn.www.MyStartFacebook\images\tab-over-l.png
c:\program files (x86)\file2linkib\chrome\content\widgets\net.vmn.www.MyStartFacebook\images\tab-over-r.png
c:\program files (x86)\file2linkib\chrome\content\widgets\net.vmn.www.MyStartFacebook\images\tab-red-left.png
c:\program files (x86)\file2linkib\chrome\content\widgets\net.vmn.www.MyStartFacebook\images\tab-red-mdl.png
c:\program files (x86)\file2linkib\chrome\content\widgets\net.vmn.www.MyStartFacebook\images\tab-red-right.png
c:\program files (x86)\file2linkib\chrome\content\widgets\net.vmn.www.MyStartFacebook\images\tab-white-left.png
c:\program files (x86)\file2linkib\chrome\content\widgets\net.vmn.www.MyStartFacebook\images\tab-white-mdl.png
c:\program files (x86)\file2linkib\chrome\content\widgets\net.vmn.www.MyStartFacebook\images\tab-white-right.png
c:\program files (x86)\file2linkib\chrome\content\widgets\net.vmn.www.MyStartFacebook\images\throbber.gif
c:\program files (x86)\file2linkib\chrome\content\widgets\net.vmn.www.MyStartFacebook\images\vid-bg.png
c:\program files (x86)\file2linkib\chrome\content\widgets\net.vmn.www.MyStartFacebook\images\youtube.png
c:\program files (x86)\file2linkib\chrome\content\widgets\net.vmn.www.MyStartFacebook\index.html
c:\program files (x86)\file2linkib\chrome\content\widgets\net.vmn.www.MyStartFacebook\js\function.js
c:\program files (x86)\file2linkib\chrome\content\widgets\net.vmn.www.MyStartFacebook\js\jquery-1.4.2.min.js
c:\program files (x86)\file2linkib\chrome\content\widgets\net.vmn.www.MyStartFacebook\js\JSON.js
c:\program files (x86)\file2linkib\chrome\content\widgets\net.vmn.www.MyStartFacebook\skin\css\dialog.css
c:\program files (x86)\file2linkib\chrome\content\widgets\net.vmn.www.MyStartFacebook\skin\images\bg-facebook.png
c:\program files (x86)\file2linkib\chrome\content\widgets\net.vmn.www.MyStartFacebook\skin\images\blank.gif
c:\program files (x86)\file2linkib\chrome\content\widgets\net.vmn.http://www.MyStartFacebook\skin\imag...close-over.png
c:\program files (x86)\file2linkib\chrome\content\widgets\net.vmn.http://www.MyStartFacebook\skin\imag...wide-close.png
c:\program files (x86)\file2linkib\chrome\content\widgets\net.vmn.www.MyStartFacebook\skin\images\default.png
c:\program files (x86)\file2linkib\chrome\content\widgets\net.vmn.www.MyStartFacebook\skin\images\transparent.gif
c:\program files (x86)\file2linkib\chrome\content\widgets\net.vmn.www.MyStartFacebook\skin\images\win-btm-left.png
c:\program files (x86)\file2linkib\chrome\content\widgets\net.vmn.www.MyStartFacebook\skin\images\win-btm-mdl.png
c:\program files (x86)\file2linkib\chrome\content\widgets\net.vmn.http://www.MyStartFacebook\skin\imag...ght-resize.png
c:\program files (x86)\file2linkib\chrome\content\widgets\net.vmn.http://www.MyStartFacebook\skin\imag...-btm-right.png
c:\program files (x86)\file2linkib\chrome\content\widgets\net.vmn.www.MyStartFacebook\skin\main.html
c:\program files (x86)\file2linkib\chrome\content\widgets\net.vmn.www.MyStartFacebook\skin\scripts\defscript.js
c:\program files (x86)\file2linkib\chrome\content\widgets\net.vmn.http://www.MyStartFacebook\skin\scri...y-1.4.2.min.js
c:\program files (x86)\file2linkib\chrome\content\widgets\net.vmn.www.MyStartFacebook\tb_icon.png
c:\program files (x86)\file2linkib\chrome\content\widgets\net.vmn.www.MyStartFacebook\widget.js
c:\program files (x86)\file2linkib\chrome\content\widgets\net.vmn.www.MyStartFacebook\widget.xml
c:\program files (x86)\file2linkib\chrome\content\widgets\net.vmn.www.MyStartFacebook\widget_version.txt
c:\program files (x86)\file2linkib\chrome\content\widgets\net.vmn.www.PPCBullyIbario\tb_icon.png
c:\program files (x86)\file2linkib\chrome\content\widgets\net.vmn.www.PPCBullyIbario\widget.jsw
c:\program files (x86)\file2linkib\chrome\content\widgets\net.vmn.www.PPCBullyIbario\widget.xml
c:\program files (x86)\file2linkib\chrome\content\widgets\net.vmn.www.PPCBullyIbario\widget_version
c:\program files (x86)\file2linkib\chrome\content\widgets\net.vmn.www.RadioBeta\.#widget.xml.1.1
c:\program files (x86)\file2linkib\chrome\content\widgets\net.vmn.www.RadioBeta\radiobeta-buffering.gif
c:\program files (x86)\file2linkib\chrome\content\widgets\net.vmn.www.RadioBeta\radiobeta-connecting.gif
c:\program files (x86)\file2linkib\chrome\content\widgets\net.vmn.www.RadioBeta\radiobeta-ico.png
c:\program files (x86)\file2linkib\chrome\content\widgets\net.vmn.www.RadioBeta\radiobeta-playing.gif
c:\program files (x86)\file2linkib\chrome\content\widgets\net.vmn.www.RadioBeta\radiobeta-stopped.png
c:\program files (x86)\file2linkib\chrome\content\widgets\net.vmn.www.RadioBeta\radiobeta.ico
c:\program files (x86)\file2linkib\chrome\content\widgets\net.vmn.www.RadioBeta\radiobeta.png
c:\program files (x86)\file2linkib\chrome\content\widgets\net.vmn.www.RadioBeta\tb_icon.png
c:\program files (x86)\file2linkib\chrome\content\widgets\net.vmn.www.RadioBeta\widget.js
c:\program files (x86)\file2linkib\chrome\content\widgets\net.vmn.www.RadioBeta\widget.jsw
c:\program files (x86)\file2linkib\chrome\content\widgets\net.vmn.www.RadioBeta\widget.xml
c:\program files (x86)\file2linkib\chrome\content\widgets\net.vmn.www.YouTube_v2\css\autocomplete.css
c:\program files (x86)\file2linkib\chrome\content\widgets\net.vmn.www.YouTube_v2\css\dialog.css
c:\program files (x86)\file2linkib\chrome\content\widgets\net.vmn.www.YouTube_v2\images\arrow-grey.png
c:\program files (x86)\file2linkib\chrome\content\widgets\net.vmn.www.YouTube_v2\images\arrows_grey-left.gif
c:\program files (x86)\file2linkib\chrome\content\widgets\net.vmn.www.YouTube_v2\images\arrows_grey-right.gif
c:\program files (x86)\file2linkib\chrome\content\widgets\net.vmn.www.YouTube_v2\images\bg.gif
c:\program files (x86)\file2linkib\chrome\content\widgets\net.vmn.www.YouTube_v2\images\btn-search-over.png
c:\program files (x86)\file2linkib\chrome\content\widgets\net.vmn.www.YouTube_v2\images\btn-search.png
c:\program files (x86)\file2linkib\chrome\content\widgets\net.vmn.www.YouTube_v2\images\powered-by-youtube.gif
c:\program files (x86)\file2linkib\chrome\content\widgets\net.vmn.www.YouTube_v2\images\tab-off-l.png
c:\program files (x86)\file2linkib\chrome\content\widgets\net.vmn.www.YouTube_v2\images\tab-off-r.png
c:\program files (x86)\file2linkib\chrome\content\widgets\net.vmn.www.YouTube_v2\images\tab-on-l.png
c:\program files (x86)\file2linkib\chrome\content\widgets\net.vmn.www.YouTube_v2\images\tab-on-r.png
c:\program files (x86)\file2linkib\chrome\content\widgets\net.vmn.www.YouTube_v2\images\tab-red-left.png
c:\program files (x86)\file2linkib\chrome\content\widgets\net.vmn.www.YouTube_v2\images\tab-red-mdl.png
c:\program files (x86)\file2linkib\chrome\content\widgets\net.vmn.www.YouTube_v2\images\tab-red-right.png
c:\program files (x86)\file2linkib\chrome\content\widgets\net.vmn.www.YouTube_v2\images\tab-white-left.png
c:\program files (x86)\file2linkib\chrome\content\widgets\net.vmn.www.YouTube_v2\images\tab-white-mdl.png
c:\program files (x86)\file2linkib\chrome\content\widgets\net.vmn.www.YouTube_v2\images\tab-white-right.png
c:\program files (x86)\file2linkib\chrome\content\widgets\net.vmn.www.YouTube_v2\images\throbber.gif
c:\program files (x86)\file2linkib\chrome\content\widgets\net.vmn.www.YouTube_v2\images\vid-bg.png
c:\program files (x86)\file2linkib\chrome\content\widgets\net.vmn.www.YouTube_v2\images\youtube.png
c:\program files (x86)\file2linkib\chrome\content\widgets\net.vmn.www.YouTube_v2\index.html
c:\program files (x86)\file2linkib\chrome\content\widgets\net.vmn.www.YouTube_v2\js\autocomplete.js
c:\program files (x86)\file2linkib\chrome\content\widgets\net.vmn.www.YouTube_v2\js\jquery-1.4.3.min.js
c:\program files (x86)\file2linkib\chrome\content\widgets\net.vmn.www.YouTube_v2\js\paginator.js
c:\program files (x86)\file2linkib\chrome\content\widgets\net.vmn.www.YouTube_v2\js\youtube.js
c:\program files (x86)\file2linkib\chrome\content\widgets\net.vmn.www.YouTube_v2\net.vmn.www.YouTube_v2.zip
c:\program files (x86)\file2linkib\chrome\content\widgets\net.vmn.www.YouTube_v2\skin\css\dialog.css
c:\program files (x86)\file2linkib\chrome\content\widgets\net.vmn.www.YouTube_v2\skin\images\bg.gif
c:\program files (x86)\file2linkib\chrome\content\widgets\net.vmn.www.YouTube_v2\skin\images\btn-search.png
c:\program files (x86)\file2linkib\chrome\content\widgets\net.vmn.http://www.YouTube_v2\skin\images\bt...close-over.png
c:\program files (x86)\file2linkib\chrome\content\widgets\net.vmn.www.YouTube_v2\skin\images\btn-wide-close.png
c:\program files (x86)\file2linkib\chrome\content\widgets\net.vmn.www.YouTube_v2\skin\images\default.png
c:\program files (x86)\file2linkib\chrome\content\widgets\net.vmn.www.YouTube_v2\skin\images\tab-off-l.png
c:\program files (x86)\file2linkib\chrome\content\widgets\net.vmn.www.YouTube_v2\skin\images\tab-off-r.png
c:\program files (x86)\file2linkib\chrome\content\widgets\net.vmn.www.YouTube_v2\skin\images\tab-on-l.png
c:\program files (x86)\file2linkib\chrome\content\widgets\net.vmn.www.YouTube_v2\skin\images\tab-on-r.png
c:\program files (x86)\file2linkib\chrome\content\widgets\net.vmn.www.YouTube_v2\skin\images\transparent.gif
c:\program files (x86)\file2linkib\chrome\content\widgets\net.vmn.www.YouTube_v2\skin\images\win-btm-left.png
c:\program files (x86)\file2linkib\chrome\content\widgets\net.vmn.www.YouTube_v2\skin\images\win-btm-mdl.png
c:\program files (x86)\file2linkib\chrome\content\widgets\net.vmn.http://www.YouTube_v2\skin\images\wi...ght-resize.png
c:\program files (x86)\file2linkib\chrome\content\widgets\net.vmn.www.YouTube_v2\skin\images\win-btm-right.png
c:\program files (x86)\file2linkib\chrome\content\widgets\net.vmn.www.YouTube_v2\skin\main.html
c:\program files (x86)\file2linkib\chrome\content\widgets\net.vmn.www.YouTube_v2\skin\scripts\defscript.js
c:\program files (x86)\file2linkib\chrome\content\widgets\net.vmn.www.YouTube_v2\tb_icon.png
c:\program files (x86)\file2linkib\chrome\content\widgets\net.vmn.www.YouTube_v2\widget.js
c:\program files (x86)\file2linkib\chrome\content\widgets\net.vmn.www.YouTube_v2\widget.jsw
c:\program files (x86)\file2linkib\chrome\content\widgets\net.vmn.www.YouTube_v2\widget.xml
c:\program files (x86)\file2linkib\chrome\content\widgets\net.vmn.www.YouTube_v2\widget_version.txt
c:\program files (x86)\file2linkib\chrome\data\dynamicElements\vmntoolbar.xsl
c:\program files (x86)\file2linkib\chrome\data\rss\rss.xml
c:\program files (x86)\file2linkib\chrome\data\search\engines.xml
c:\program files (x86)\file2linkib\chrome\data\search\search.xsl
c:\program files (x86)\file2linkib\chrome\data\weather\icons.xml
c:\program files (x86)\file2linkib\chrome\skin\about.gif
c:\program files (x86)\file2linkib\chrome\skin\about_logo.png
c:\program files (x86)\file2linkib\chrome\skin\babylon_logo.png
c:\program files (x86)\file2linkib\chrome\skin\bluelite.gif
c:\program files (x86)\file2linkib\chrome\skin\bluesky.gif
c:\program files (x86)\file2linkib\chrome\skin\btn-search-over.png
c:\program files (x86)\file2linkib\chrome\skin\btn-search.png
c:\program files (x86)\file2linkib\chrome\skin\btn-settings-over.png
c:\program files (x86)\file2linkib\chrome\skin\btn-settings.png
c:\program files (x86)\file2linkib\chrome\skin\btn-widgets-over.png
c:\program files (x86)\file2linkib\chrome\skin\btn-widgets.png
c:\program files (x86)\file2linkib\chrome\skin\btn_settings.png
c:\program files (x86)\file2linkib\chrome\skin\ca.png
c:\program files (x86)\file2linkib\chrome\skin\dictionary.png
c:\program files (x86)\file2linkib\chrome\skin\divider.png
c:\program files (x86)\file2linkib\chrome\skin\downloadcom.png
c:\program files (x86)\file2linkib\chrome\skin\dtxlogo.png
c:\program files (x86)\file2linkib\chrome\skin\email.png
c:\program files (x86)\file2linkib\chrome\skin\email_on.png
c:\program files (x86)\file2linkib\chrome\skin\facebook.png
c:\program files (x86)\file2linkib\chrome\skin\games.png
c:\program files (x86)\file2linkib\chrome\skin\graphna.png
c:\program files (x86)\file2linkib\chrome\skin\graphred0.png
c:\program files (x86)\file2linkib\chrome\skin\graphred0_5.png
c:\program files (x86)\file2linkib\chrome\skin\graphred1.png
c:\program files (x86)\file2linkib\chrome\skin\graphred1_5.png
c:\program files (x86)\file2linkib\chrome\skin\graphred2.png
c:\program files (x86)\file2linkib\chrome\skin\graphred2_5.png
c:\program files (x86)\file2linkib\chrome\skin\graphred3.png
c:\program files (x86)\file2linkib\chrome\skin\graphred3_5.png
c:\program files (x86)\file2linkib\chrome\skin\graphred4.png
c:\program files (x86)\file2linkib\chrome\skin\graphred4_5.png
c:\program files (x86)\file2linkib\chrome\skin\graphred5.png
c:\program files (x86)\file2linkib\chrome\skin\graphredna.png
c:\program files (x86)\file2linkib\chrome\skin\grey.gif
c:\program files (x86)\file2linkib\chrome\skin\ico-shield.png
c:\program files (x86)\file2linkib\chrome\skin\images.png
c:\program files (x86)\file2linkib\chrome\skin\lib\add.png
c:\program files (x86)\file2linkib\chrome\skin\lib\alexabutton.css
c:\program files (x86)\file2linkib\chrome\skin\lib\aol.png
c:\program files (x86)\file2linkib\chrome\skin\lib\arrow-dn.gif
c:\program files (x86)\file2linkib\chrome\skin\lib\arrow-right-disabled.gif
c:\program files (x86)\file2linkib\chrome\skin\lib\arrow-right.gif
c:\program files (x86)\file2linkib\chrome\skin\lib\arrow-up.gif
c:\program files (x86)\file2linkib\chrome\skin\lib\bg-btn-divider.png
c:\program files (x86)\file2linkib\chrome\skin\lib\bg-btn-end.png
c:\program files (x86)\file2linkib\chrome\skin\lib\bg-btn-mdl.png
c:\program files (x86)\file2linkib\chrome\skin\lib\bg-btn-mdl_ff.png
c:\program files (x86)\file2linkib\chrome\skin\lib\bg-btn-start.png
c:\program files (x86)\file2linkib\chrome\skin\lib\bg-btnover-divider.png
c:\program files (x86)\file2linkib\chrome\skin\lib\bg-btnover-end.png
c:\program files (x86)\file2linkib\chrome\skin\lib\bg-btnover-mdl.png
c:\program files (x86)\file2linkib\chrome\skin\lib\bg-btnover-mdl_ff.png
c:\program files (x86)\file2linkib\chrome\skin\lib\bg-btnover-start.png
c:\program files (x86)\file2linkib\chrome\skin\lib\blank.gif
c:\program files (x86)\file2linkib\chrome\skin\lib\btn-widgets-over.png
c:\program files (x86)\file2linkib\chrome\skin\lib\btn-widgets.png
c:\program files (x86)\file2linkib\chrome\skin\lib\btn_slider.png
c:\program files (x86)\file2linkib\chrome\skin\lib\btnback-down-vista.png
c:\program files (x86)\file2linkib\chrome\skin\lib\btnback-vista.png
c:\program files (x86)\file2linkib\chrome\skin\lib\btnleft-down-vista.png
c:\program files (x86)\file2linkib\chrome\skin\lib\btnleft-vista.png
c:\program files (x86)\file2linkib\chrome\skin\lib\btnright-down-vista.png
c:\program files (x86)\file2linkib\chrome\skin\lib\btnright-vista.png
c:\program files (x86)\file2linkib\chrome\skin\lib\button-splitter-down-vista.png
c:\program files (x86)\file2linkib\chrome\skin\lib\button-splitter-vista.png
c:\program files (x86)\file2linkib\chrome\skin\lib\button-splitter.png
c:\program files (x86)\file2linkib\chrome\skin\lib\checkmark.png
c:\program files (x86)\file2linkib\chrome\skin\lib\chevron.png
c:\program files (x86)\file2linkib\chrome\skin\lib\collapse.png
c:\program files (x86)\file2linkib\chrome\skin\lib\comcast.png
c:\program files (x86)\file2linkib\chrome\skin\lib\debugbar\debug.html
c:\program files (x86)\file2linkib\chrome\skin\lib\dtx-test.css
c:\program files (x86)\file2linkib\chrome\skin\lib\dtx.css
c:\program files (x86)\file2linkib\chrome\skin\lib\edit-back-hot.png
c:\program files (x86)\file2linkib\chrome\skin\lib\edit-back.png
c:\program files (x86)\file2linkib\chrome\skin\lib\embarq.png
c:\program files (x86)\file2linkib\chrome\skin\lib\expand.png
c:\program files (x86)\file2linkib\chrome\skin\lib\fast.png
c:\program files (x86)\file2linkib\chrome\skin\lib\found.png
c:\program files (x86)\file2linkib\chrome\skin\lib\gmail.png
c:\program files (x86)\file2linkib\chrome\skin\lib\gripper.png
c:\program files (x86)\file2linkib\chrome\skin\lib\highlight.png
c:\program files (x86)\file2linkib\chrome\skin\lib\highlight_blue.png
c:\program files (x86)\file2linkib\chrome\skin\lib\highlight_cyan.png
c:\program files (x86)\file2linkib\chrome\skin\lib\highlight_lime.png
c:\program files (x86)\file2linkib\chrome\skin\lib\highlight_magenta.png
c:\program files (x86)\file2linkib\chrome\skin\lib\highlight_yellow.png
c:\program files (x86)\file2linkib\chrome\skin\lib\hotmail.png
c:\program files (x86)\file2linkib\chrome\skin\lib\ico-check.png
c:\program files (x86)\file2linkib\chrome\skin\lib\imap.png
c:\program files (x86)\file2linkib\chrome\skin\lib\lastsearch-thumb-back.gif
c:\program files (x86)\file2linkib\chrome\skin\lib\launchers.css
c:\program files (x86)\file2linkib\chrome\skin\lib\loadingMid.gif
c:\program files (x86)\file2linkib\chrome\skin\lib\lock.png
c:\program files (x86)\file2linkib\chrome\skin\lib\logo-separator.png
c:\program files (x86)\file2linkib\chrome\skin\lib\mailcom.png
c:\program files (x86)\file2linkib\chrome\skin\lib\menu_bg-basic.png
c:\program files (x86)\file2linkib\chrome\skin\lib\menu_separator_bar.png
c:\program files (x86)\file2linkib\chrome\skin\lib\menu_separator_white.png
c:\program files (x86)\file2linkib\chrome\skin\lib\menuitem-splitter.png
c:\program files (x86)\file2linkib\chrome\skin\lib\menuitemback-down-vista.png
c:\program files (x86)\file2linkib\chrome\skin\lib\menuitemback-vista.png
c:\program files (x86)\file2linkib\chrome\skin\lib\menuitemleft-down-vista.png
c:\program files (x86)\file2linkib\chrome\skin\lib\menuitemleft-vista.png
c:\program files (x86)\file2linkib\chrome\skin\lib\menuitemleft.png
c:\program files (x86)\file2linkib\chrome\skin\lib\menuitemright-down-vista.png
c:\program files (x86)\file2linkib\chrome\skin\lib\menuitemright-vista.png
c:\program files (x86)\file2linkib\chrome\skin\lib\minus.gif
c:\program files (x86)\file2linkib\chrome\skin\lib\modify.png
c:\program files (x86)\file2linkib\chrome\skin\lib\move.gif
c:\program files (x86)\file2linkib\chrome\skin\lib\movetarget.png
c:\program files (x86)\file2linkib\chrome\skin\lib\newsitem.gif
c:\program files (x86)\file2linkib\chrome\skin\lib\panels\css\panels.css
c:\program files (x86)\file2linkib\chrome\skin\lib\panels\css\popupAbout.css
c:\program files (x86)\file2linkib\chrome\skin\lib\panels\css\popupGames.css
c:\program files (x86)\file2linkib\chrome\skin\lib\panels\css\popupRSS.css
c:\program files (x86)\file2linkib\chrome\skin\lib\panels\css\popupWidgets.css
c:\program files (x86)\file2linkib\chrome\skin\lib\panels\default\css\dialog.css
c:\program files (x86)\file2linkib\chrome\skin\lib\panels\default\images\bg.gif
c:\program files (x86)\file2linkib\chrome\skin\lib\panels\default\images\btn-search.png
c:\program files (x86)\file2linkib\chrome\skin\lib\panels\default\images\btn-wide-close-over.png
c:\program files (x86)\file2linkib\chrome\skin\lib\panels\default\images\btn-wide-close.png
c:\program files (x86)\file2linkib\chrome\skin\lib\panels\default\images\default.png
c:\program files (x86)\file2linkib\chrome\skin\lib\panels\default\images\tab-off-l.png
c:\program files (x86)\file2linkib\chrome\skin\lib\panels\default\images\tab-off-r.png
c:\program files (x86)\file2linkib\chrome\skin\lib\panels\default\images\tab-on-l.png
c:\program files (x86)\file2linkib\chrome\skin\lib\panels\default\images\tab-on-r.png
c:\program files (x86)\file2linkib\chrome\skin\lib\panels\default\images\transparent.gif
c:\program files (x86)\file2linkib\chrome\skin\lib\panels\default\images\ttlbar-left.png
c:\program files (x86)\file2linkib\chrome\skin\lib\panels\default\images\ttlbar-mdl.png
c:\program files (x86)\file2linkib\chrome\skin\lib\panels\default\images\ttlbar-right.png
c:\program files (x86)\file2linkib\chrome\skin\lib\panels\default\images\win-btm-left.png
c:\program files (x86)\file2linkib\chrome\skin\lib\panels\default\images\win-btm-mdl.png
c:\program files (x86)\file2linkib\chrome\skin\lib\panels\default\images\win-btm-right-resize.png
c:\program files (x86)\file2linkib\chrome\skin\lib\panels\default\images\win-btm-right.png
c:\program files (x86)\file2linkib\chrome\skin\lib\panels\default\images\win-left.png
c:\program files (x86)\file2linkib\chrome\skin\lib\panels\default\images\win-right.png
c:\program files (x86)\file2linkib\chrome\skin\lib\panels\default\main.html
c:\program files (x86)\file2linkib\chrome\skin\lib\panels\default\scripts\defscript.js
c:\program files (x86)\file2linkib\chrome\skin\lib\panels\footer.htm
c:\program files (x86)\file2linkib\chrome\skin\lib\panels\gamecategory.xsl
c:\program files (x86)\file2linkib\chrome\skin\lib\panels\gameData.js
c:\program files (x86)\file2linkib\chrome\skin\lib\panels\gameList.xsl
c:\program files (x86)\file2linkib\chrome\skin\lib\panels\games.xsl
c:\program files (x86)\file2linkib\chrome\skin\lib\panels\gametype.xsl
c:\program files (x86)\file2linkib\chrome\skin\lib\panels\images\.#btn-search-pnlbtm-over.png.1.1
c:\program files (x86)\file2linkib\chrome\skin\lib\panels\images\.#btn-search-pnlbtm.png.1.1
c:\program files (x86)\file2linkib\chrome\skin\lib\panels\images\arrow-dn.gif
c:\program files (x86)\file2linkib\chrome\skin\lib\panels\images\arrow-sml-drop.png
c:\program files (x86)\file2linkib\chrome\skin\lib\panels\images\arrow-sml.png
c:\program files (x86)\file2linkib\chrome\skin\lib\panels\images\arrow-up.gif
c:\program files (x86)\file2linkib\chrome\skin\lib\panels\images\arrowr-bluew5.png
c:\program files (x86)\file2linkib\chrome\skin\lib\panels\images\bg-aboutbox.png
c:\program files (x86)\file2linkib\chrome\skin\lib\panels\images\bg-btnover.png
c:\program files (x86)\file2linkib\chrome\skin\lib\panels\images\bg-pnl520x390.png
c:\program files (x86)\file2linkib\chrome\skin\lib\panels\images\btn-addtoolbar-left-over.png
c:\program files (x86)\file2linkib\chrome\skin\lib\panels\images\btn-addtoolbar-left.png
c:\program files (x86)\file2linkib\chrome\skin\lib\panels\images\btn-addtoolbar-right.png
c:\program files (x86)\file2linkib\chrome\skin\lib\panels\images\btn-back.png
c:\program files (x86)\file2linkib\chrome\skin\lib\panels\images\btn-close-grey.png
c:\program files (x86)\file2linkib\chrome\skin\lib\panels\images\btn-close-greyover.png
c:\program files (x86)\file2linkib\chrome\skin\lib\panels\images\btn-drag.png
c:\program files (x86)\file2linkib\chrome\skin\lib\panels\images\btn-mdl-over.png
c:\program files (x86)\file2linkib\chrome\skin\lib\panels\images\btn-mdl.png
c:\program files (x86)\file2linkib\chrome\skin\lib\panels\images\btn-moredetails.png
c:\program files (x86)\file2linkib\chrome\skin\lib\panels\images\btn-next-over.png
c:\program files (x86)\file2linkib\chrome\skin\lib\panels\images\btn-next.png
c:\program files (x86)\file2linkib\chrome\skin\lib\panels\images\btn-play-left-over.png
c:\program files (x86)\file2linkib\chrome\skin\lib\panels\images\btn-play-left.png
c:\program files (x86)\file2linkib\chrome\skin\lib\panels\images\btn-previous-over.png
c:\program files (x86)\file2linkib\chrome\skin\lib\panels\images\btn-previous.png
c:\program files (x86)\file2linkib\chrome\skin\lib\panels\images\btn-right-over.png
c:\program files (x86)\file2linkib\chrome\skin\lib\panels\images\btn-search-pnlbtm-over.png
c:\program files (x86)\file2linkib\chrome\skin\lib\panels\images\btn-search-pnlbtm.png
c:\program files (x86)\file2linkib\chrome\skin\lib\panels\images\btn-try-left-over.png
c:\program files (x86)\file2linkib\chrome\skin\lib\panels\images\btn-try-left.png
c:\program files (x86)\file2linkib\chrome\skin\lib\panels\images\bullet-orange.gif
c:\program files (x86)\file2linkib\chrome\skin\lib\panels\images\gamethumb-on.png
c:\program files (x86)\file2linkib\chrome\skin\lib\panels\images\gamethumb2-over.png
c:\program files (x86)\file2linkib\chrome\skin\lib\panels\images\ico-calendar.png
c:\program files (x86)\file2linkib\chrome\skin\lib\panels\images\ico-dollar.png
c:\program files (x86)\file2linkib\chrome\skin\lib\panels\images\ico-download.png
c:\program files (x86)\file2linkib\chrome\skin\lib\panels\images\ico-joystick24.png
c:\program files (x86)\file2linkib\chrome\skin\lib\panels\images\ico-news24.png
c:\program files (x86)\file2linkib\chrome\skin\lib\panels\images\ico-play.png
c:\program files (x86)\file2linkib\chrome\skin\lib\panels\images\ico-tags.png
c:\program files (x86)\file2linkib\chrome\skin\lib\panels\images\icon-Add.png
c:\program files (x86)\file2linkib\chrome\skin\lib\panels\images\icon-download.png
c:\program files (x86)\file2linkib\chrome\skin\lib\panels\images\icon-Info.png
c:\program files (x86)\file2linkib\chrome\skin\lib\panels\images\icon-play.png
c:\program files (x86)\file2linkib\chrome\skin\lib\panels\images\icon-shop.png
c:\program files (x86)\file2linkib\chrome\skin\lib\panels\images\menul-bgon.png
c:\program files (x86)\file2linkib\chrome\skin\lib\panels\images\menul-bgover.png
c:\program files (x86)\file2linkib\chrome\skin\lib\panels\images\panel-botm-noscroll.png
c:\program files (x86)\file2linkib\chrome\skin\lib\panels\images\scroll-bg-206.png
c:\program files (x86)\file2linkib\chrome\skin\lib\panels\images\scroll-bg.png
c:\program files (x86)\file2linkib\chrome\skin\lib\panels\images\scroll-topwin.png
c:\program files (x86)\file2linkib\chrome\skin\lib\panels\images\scrollb-disable.png
c:\program files (x86)\file2linkib\chrome\skin\lib\panels\images\scrollb-down.png
c:\program files (x86)\file2linkib\chrome\skin\lib\panels\images\scrollb-over.png
c:\program files (x86)\file2linkib\chrome\skin\lib\panels\images\scrollb.png
c:\program files (x86)\file2linkib\chrome\skin\lib\panels\images\scrollt-disable.png
c:\program files (x86)\file2linkib\chrome\skin\lib\panels\images\scrollt-down.png
c:\program files (x86)\file2linkib\chrome\skin\lib\panels\images\scrollt-over.png
c:\program files (x86)\file2linkib\chrome\skin\lib\panels\images\scrollt.png
c:\program files (x86)\file2linkib\chrome\skin\lib\panels\images\searchbox-pnlbtm.png
c:\program files (x86)\file2linkib\chrome\skin\lib\panels\images\star_x_grey.png
c:\program files (x86)\file2linkib\chrome\skin\lib\panels\images\star_x_orange.png
c:\program files (x86)\file2linkib\chrome\skin\lib\panels\images\TRUSTe_about.png
c:\program files (x86)\file2linkib\chrome\skin\lib\panels\images\view-detailed-on.png
c:\program files (x86)\file2linkib\chrome\skin\lib\panels\images\view-detailed-over.png
c:\program files (x86)\file2linkib\chrome\skin\lib\panels\images\view-thumb-on.png
c:\program files (x86)\file2linkib\chrome\skin\lib\panels\images\view-thumb-over.png
c:\program files (x86)\file2linkib\chrome\skin\lib\panels\images\widgets-square-16px.png
c:\program files (x86)\file2linkib\chrome\skin\lib\panels\images\widgets-square-24px.png
c:\program files (x86)\file2linkib\chrome\skin\lib\panels\images\widgets.png
c:\program files (x86)\file2linkib\chrome\skin\lib\panels\initHTML.html
c:\program files (x86)\file2linkib\chrome\skin\lib\panels\popupGames.html
c:\program files (x86)\file2linkib\chrome\skin\lib\panels\popupHTML.html
c:\program files (x86)\file2linkib\chrome\skin\lib\panels\popupRSS.html
c:\program files (x86)\file2linkib\chrome\skin\lib\panels\popupWidgets.html
c:\program files (x86)\file2linkib\chrome\skin\lib\panels\scroll.png
c:\program files (x86)\file2linkib\chrome\skin\lib\plus.gif
c:\program files (x86)\file2linkib\chrome\skin\lib\pop.png
c:\program files (x86)\file2linkib\chrome\skin\lib\radio.png
c:\program files (x86)\file2linkib\chrome\skin\lib\radio\css\manager.css
c:\program files (x86)\file2linkib\chrome\skin\lib\radio\css\slider.css
c:\program files (x86)\file2linkib\chrome\skin\lib\radio\images\bg-pnl.png
c:\program files (x86)\file2linkib\chrome\skin\lib\radio\images\btn-close-grey.png
c:\program files (x86)\file2linkib\chrome\skin\lib\radio\images\btn-close-greyover.png
c:\program files (x86)\file2linkib\chrome\skin\lib\radio\images\collapsed_button.gif
c:\program files (x86)\file2linkib\chrome\skin\lib\radio\images\expanded_button.gif
c:\program files (x86)\file2linkib\chrome\skin\lib\radio\images\ico-playstation-down.png
c:\program files (x86)\file2linkib\chrome\skin\lib\radio\images\ico-playstation-over.png
c:\program files (x86)\file2linkib\chrome\skin\lib\radio\images\ico-playstation.png
c:\program files (x86)\file2linkib\chrome\skin\lib\radio\images\ico-radio.png
c:\program files (x86)\file2linkib\chrome\skin\lib\radio\images\music-note.png
c:\program files (x86)\file2linkib\chrome\skin\lib\radio\images\radio-btn-pause-on.png
c:\program files (x86)\file2linkib\chrome\skin\lib\radio\images\radio-btn-pause.png
c:\program files (x86)\file2linkib\chrome\skin\lib\radio\images\radio-btn-play-on.png
c:\program files (x86)\file2linkib\chrome\skin\lib\radio\images\radio-btn-play.png
c:\program files (x86)\file2linkib\chrome\skin\lib\radio\images\radio-eq-bg.png
c:\program files (x86)\file2linkib\chrome\skin\lib\radio\images\radio-eq-buffer.gif
c:\program files (x86)\file2linkib\chrome\skin\lib\radio\images\radio-eq-busy.gif
c:\program files (x86)\file2linkib\chrome\skin\lib\radio\images\radio-eq-off.png
c:\program files (x86)\file2linkib\chrome\skin\lib\radio\images\radio-eq-on.gif
c:\program files (x86)\file2linkib\chrome\skin\lib\radio\images\radio-eq-warning.png
c:\program files (x86)\file2linkib\chrome\skin\lib\radio\images\radio-options-design-on.png
c:\program files (x86)\file2linkib\chrome\skin\lib\radio\images\radio-options-design.png
c:\program files (x86)\file2linkib\chrome\skin\lib\radio\images\radio-options-on.png
c:\program files (x86)\file2linkib\chrome\skin\lib\radio\images\radio-options.png
c:\program files (x86)\file2linkib\chrome\skin\lib\radio\images\radio-volume-0.png
c:\program files (x86)\file2linkib\chrome\skin\lib\radio\images\radio-volume-1.png
c:\program files (x86)\file2linkib\chrome\skin\lib\radio\images\radio-volume-2.png
c:\program files (x86)\file2linkib\chrome\skin\lib\radio\images\radio-volume-3.png
c:\program files (x86)\file2linkib\chrome\skin\lib\radio\images\radio-volume-mute.png
c:\program files (x86)\file2linkib\chrome\skin\lib\radio\images\scrollbar-handle.png
c:\program files (x86)\file2linkib\chrome\skin\lib\radio\images\scrollbar-track.png
c:\program files (x86)\file2linkib\chrome\skin\lib\radio\images\slider.png
c:\program files (x86)\file2linkib\chrome\skin\lib\radio\images\slideron.png
c:\program files (x86)\file2linkib\chrome\skin\lib\radio\images\track.png
c:\program files (x86)\file2linkib\chrome\skin\lib\radio\managerpanel.html
c:\program files (x86)\file2linkib\chrome\skin\lib\radio\volumeslider.html
c:\program files (x86)\file2linkib\chrome\skin\lib\rank0.png
c:\program files (x86)\file2linkib\chrome\skin\lib\rank0_5.png
c:\program files (x86)\file2linkib\chrome\skin\lib\rank1.png
c:\program files (x86)\file2linkib\chrome\skin\lib\rank1_5.png
c:\program files (x86)\file2linkib\chrome\skin\lib\rank2.png
c:\program files (x86)\file2linkib\chrome\skin\lib\rank2_5.png
c:\program files (x86)\file2linkib\chrome\skin\lib\rank3.png
c:\program files (x86)\file2linkib\chrome\skin\lib\rank3_5.png
c:\program files (x86)\file2linkib\chrome\skin\lib\rank4.png
c:\program files (x86)\file2linkib\chrome\skin\lib\rank4_5.png
c:\program files (x86)\file2linkib\chrome\skin\lib\rank5.png
c:\program files (x86)\file2linkib\chrome\skin\lib\rankna.png
c:\program files (x86)\file2linkib\chrome\skin\lib\reload.png
c:\program files (x86)\file2linkib\chrome\skin\lib\remove.png
c:\program files (x86)\file2linkib\chrome\skin\lib\rename.gif
c:\program files (x86)\file2linkib\chrome\skin\lib\resize-box.gif
c:\program files (x86)\file2linkib\chrome\skin\lib\rss.png
c:\program files (x86)\file2linkib\chrome\skin\lib\rsschannelback.png
c:\program files (x86)\file2linkib\chrome\skin\lib\RSSLogo.png
c:\program files (x86)\file2linkib\chrome\skin\lib\rsstabdivider.gif
c:\program files (x86)\file2linkib\chrome\skin\lib\scroll-left.png
c:\program files (x86)\file2linkib\chrome\skin\lib\scroll-right.png
c:\program files (x86)\file2linkib\chrome\skin\lib\search-go.png
c:\program files (x86)\file2linkib\chrome\skin\lib\search.png
c:\program files (x86)\file2linkib\chrome\skin\lib\separator.png
c:\program files (x86)\file2linkib\chrome\skin\lib\text-ellipsis.xml
c:\program files (x86)\file2linkib\chrome\skin\lib\throbber.gif
c:\program files (x86)\file2linkib\chrome\skin\lib\toolbarsplitter.gif
c:\program files (x86)\file2linkib\chrome\skin\lib\transparent_1px.gif
c:\program files (x86)\file2linkib\chrome\skin\lib\uwa\border_02.png
c:\program files (x86)\file2linkib\chrome\skin\lib\uwa\border_03.png
c:\program files (x86)\file2linkib\chrome\skin\lib\uwa\border_04.png
c:\program files (x86)\file2linkib\chrome\skin\lib\uwa\border_06.png
c:\program files (x86)\file2linkib\chrome\skin\lib\uwa\border_07.png
c:\program files (x86)\file2linkib\chrome\skin\lib\uwa\border_08.png
c:\program files (x86)\file2linkib\chrome\skin\lib\uwa\border_09.png
c:\program files (x86)\file2linkib\chrome\skin\lib\uwa\border_10.png
c:\program files (x86)\file2linkib\chrome\skin\lib\uwa\border_11.png
c:\program files (x86)\file2linkib\chrome\skin\lib\uwa\border_12.png
c:\program files (x86)\file2linkib\chrome\skin\lib\uwa\border_13.png
c:\program files (x86)\file2linkib\chrome\skin\lib\uwa\border_14.png
c:\program files (x86)\file2linkib\chrome\skin\lib\uwa\border_15.png
c:\program files (x86)\file2linkib\chrome\skin\lib\uwa\border_16.png
c:\program files (x86)\file2linkib\chrome\skin\lib\uwa\border_18.png
c:\program files (x86)\file2linkib\chrome\skin\lib\uwa\border_19.png
c:\program files (x86)\file2linkib\chrome\skin\lib\uwa\border_20.png
c:\program files (x86)\file2linkib\chrome\skin\lib\uwa\border_21.png
c:\program files (x86)\file2linkib\chrome\skin\lib\uwa\btn-close-grey.png
c:\program files (x86)\file2linkib\chrome\skin\lib\uwa\btn-close-greyover.png
c:\program files (x86)\file2linkib\chrome\skin\lib\uwa\close-hot.png
c:\program files (x86)\file2linkib\chrome\skin\lib\uwa\close-normal.png
c:\program files (x86)\file2linkib\chrome\skin\lib\uwa\loadingMid.gif
c:\program files (x86)\file2linkib\chrome\skin\lib\uwa\paneltemplate.html
c:\program files (x86)\file2linkib\chrome\skin\lib\uwa\proxy.html
c:\program files (x86)\file2linkib\chrome\skin\lib\uwa\template.html
c:\program files (x86)\file2linkib\chrome\skin\lib\uwa\template.xml
c:\program files (x86)\file2linkib\chrome\skin\lib\uwa\templateFF.html
c:\program files (x86)\file2linkib\chrome\skin\lib\uwa\throbber.gif
c:\program files (x86)\file2linkib\chrome\skin\lib\weatherbutton.css
c:\program files (x86)\file2linkib\chrome\skin\lib\weatherbutton\icons\cond999.png
c:\program files (x86)\file2linkib\chrome\skin\lib\weatherbutton\icons\icons.xml
c:\program files (x86)\file2linkib\chrome\skin\lib\weatherbutton\icons\na-s.png
c:\program files (x86)\file2linkib\chrome\skin\lib\weatherbutton\icons\na-t.png
c:\program files (x86)\file2linkib\chrome\skin\lib\weatherbutton\icons\na.png
c:\program files (x86)\file2linkib\chrome\skin\lib\weatherbutton\icons\weather.png
c:\program files (x86)\file2linkib\chrome\skin\lib\weatherbutton\panels\images\add.png
c:\program files (x86)\file2linkib\chrome\skin\lib\weatherbutton\panels\images\arrowr-bluew5.png
c:\program files (x86)\file2linkib\chrome\skin\lib\weatherbutton\panels\images\bg-pnl.png
c:\program files (x86)\file2linkib\chrome\skin\lib\weatherbutton\panels\images\bg-pnl520x350.png
c:\program files (x86)\file2linkib\chrome\skin\lib\weatherbutton\panels\images\bg-pnl520x350blue-whitebg.png
c:\program files (x86)\file2linkib\chrome\skin\lib\weatherbutton\panels\images\bg-pnl520x350blue.png
c:\program files (x86)\file2linkib\chrome\skin\lib\weatherbutton\panels\images\box-check.png
c:\program files (x86)\file2linkib\chrome\skin\lib\weatherbutton\panels\images\box-uncheck.png
c:\program files (x86)\file2linkib\chrome\skin\lib\weatherbutton\panels\images\btn-close-grey.png
c:\program files (x86)\file2linkib\chrome\skin\lib\weatherbutton\panels\images\btn-close-greyover.png
c:\program files (x86)\file2linkib\chrome\skin\lib\weatherbutton\panels\images\btn-delete.png
c:\program files (x86)\file2linkib\chrome\skin\lib\weatherbutton\panels\images\btn-search-pnlbtm-over.png
c:\program files (x86)\file2linkib\chrome\skin\lib\weatherbutton\panels\images\btn-search-pnlbtm.png
c:\program files (x86)\file2linkib\chrome\skin\lib\weatherbutton\panels\images\btnarrow-next-off.png
c:\program files (x86)\file2linkib\chrome\skin\lib\weatherbutton\panels\images\btnarrow-next.png
c:\program files (x86)\file2linkib\chrome\skin\lib\weatherbutton\panels\images\btnarrow-previous-off.png
c:\program files (x86)\file2linkib\chrome\skin\lib\weatherbutton\panels\images\btnarrow-previous.png
c:\program files (x86)\file2linkib\chrome\skin\lib\weatherbutton\panels\images\ico-check.png
c:\program files (x86)\file2linkib\chrome\skin\lib\weatherbutton\panels\images\ico-hotandhumid-s.png
c:\program files (x86)\file2linkib\chrome\skin\lib\weatherbutton\panels\images\ico-hotandhumid.png
c:\program files (x86)\file2linkib\chrome\skin\lib\weatherbutton\panels\images\options-weather.png
c:\program files (x86)\file2linkib\chrome\skin\lib\weatherbutton\panels\images\over-blue.png
c:\program files (x86)\file2linkib\chrome\skin\lib\weatherbutton\panels\images\over-orange.png
c:\program files (x86)\file2linkib\chrome\skin\lib\weatherbutton\panels\images\powered-by-weatherbug.png
c:\program files (x86)\file2linkib\chrome\skin\lib\weatherbutton\panels\images\powered-by-weatherbug2.png
c:\program files (x86)\file2linkib\chrome\skin\lib\weatherbutton\panels\images\radio-checked.png
c:\program files (x86)\file2linkib\chrome\skin\lib\weatherbutton\panels\images\radio-unchecked.png
c:\program files (x86)\file2linkib\chrome\skin\lib\weatherbutton\panels\images\searchbox-pnlbtm.png
c:\program files (x86)\file2linkib\chrome\skin\lib\weatherbutton\panels\images\weather-contour.png
c:\program files (x86)\file2linkib\chrome\skin\lib\weatherbutton\panels\popupWeather.css
c:\program files (x86)\file2linkib\chrome\skin\lib\weatherbutton\panels\popupWeather.html
c:\program files (x86)\file2linkib\chrome\skin\lib\websiteinspector-highrisk-user.gif
c:\program files (x86)\file2linkib\chrome\skin\lib\websiteinspector-highrisk.gif
c:\program files (x86)\file2linkib\chrome\skin\lib\websiteinspector-lowrisk.gif
c:\program files (x86)\file2linkib\chrome\skin\lib\websiteinspector-norating.gif
c:\program files (x86)\file2linkib\chrome\skin\lib\websiteinspector-verified-user.gif
c:\program files (x86)\file2linkib\chrome\skin\lib\websiteinspector-verified.gif
c:\program files (x86)\file2linkib\chrome\skin\lib\websiteinspector-verifying.gif
c:\program files (x86)\file2linkib\chrome\skin\lib\yahoo.png
c:\program files (x86)\file2linkib\chrome\skin\lichen.gif
c:\program files (x86)\file2linkib\chrome\skin\logo-about.png
c:\program files (x86)\file2linkib\chrome\skin\logo-over.png
c:\program files (x86)\file2linkib\chrome\skin\logo-separator.png
c:\program files (x86)\file2linkib\chrome\skin\logo.png
c:\program files (x86)\file2linkib\chrome\skin\mail.png
c:\program files (x86)\file2linkib\chrome\skin\menuseparatorback.gif
c:\program files (x86)\file2linkib\chrome\skin\modify-save.png
c:\program files (x86)\file2linkib\chrome\skin\modify.png
c:\program files (x86)\file2linkib\chrome\skin\modifyhot.png
c:\program files (x86)\file2linkib\chrome\skin\music.png
c:\program files (x86)\file2linkib\chrome\skin\namespacetoolbar.css
c:\program files (x86)\file2linkib\chrome\skin\news.png
c:\program files (x86)\file2linkib\chrome\skin\options-main.png
c:\program files (x86)\file2linkib\chrome\skin\options-search.png
c:\program files (x86)\file2linkib\chrome\skin\options\options-main.png
c:\program files (x86)\file2linkib\chrome\skin\options\options-search.png
c:\program files (x86)\file2linkib\chrome\skin\options\options-weather.gif
c:\program files (x86)\file2linkib\chrome\skin\options\options-weather.png
c:\program files (x86)\file2linkib\chrome\skin\options\options-widgets.png
c:\program files (x86)\file2linkib\chrome\skin\orange.gif
c:\program files (x86)\file2linkib\chrome\skin\p_yahoo.png
c:\program files (x86)\file2linkib\chrome\skin\pixsy.png
c:\program files (x86)\file2linkib\chrome\skin\ppcbully.png
c:\program files (x86)\file2linkib\chrome\skin\protect-id.png
c:\program files (x86)\file2linkib\chrome\skin\relatedlinks.png
c:\program files (x86)\file2linkib\chrome\skin\rss-collapse.png
c:\program files (x86)\file2linkib\chrome\skin\rss-delete.png
c:\program files (x86)\file2linkib\chrome\skin\rss-expand.png
c:\program files (x86)\file2linkib\chrome\skin\rss-feed.png
c:\program files (x86)\file2linkib\chrome\skin\rss-folder-remove.png
c:\program files (x86)\file2linkib\chrome\skin\rss-folder-rename.png
c:\program files (x86)\file2linkib\chrome\skin\rss-folder.png
c:\program files (x86)\file2linkib\chrome\skin\rss-found.png
c:\program files (x86)\file2linkib\chrome\skin\rss-reload.png
c:\program files (x86)\file2linkib\chrome\skin\rss-subscribe.png
c:\program files (x86)\file2linkib\chrome\skin\rss.png
c:\program files (x86)\file2linkib\chrome\skin\rssback.gif
c:\program files (x86)\file2linkib\chrome\skin\rsstopback.gif
c:\program files (x86)\file2linkib\chrome\skin\search-over.png
c:\program files (x86)\file2linkib\chrome\skin\search.png
c:\program files (x86)\file2linkib\chrome\skin\searchbar\searchbar-background-left.png
c:\program files (x86)\file2linkib\chrome\skin\searchbar\searchbar-background-middle.png
c:\program files (x86)\file2linkib\chrome\skin\searchbar\searchbar-background-right.png
c:\program files (x86)\file2linkib\chrome\skin\settings.png
c:\program files (x86)\file2linkib\chrome\skin\shopping.png
c:\program files (x86)\file2linkib\chrome\skin\siteinfo.png
c:\program files (x86)\file2linkib\chrome\skin\skin-bluelite.png
c:\program files (x86)\file2linkib\chrome\skin\skin-bluesky.png
c:\program files (x86)\file2linkib\chrome\skin\skin-grey.png
c:\program files (x86)\file2linkib\chrome\skin\skin-lichen.png
c:\program files (x86)\file2linkib\chrome\skin\skin-orange.png
c:\program files (x86)\file2linkib\chrome\skin\skin-yellow.png
c:\program files (x86)\file2linkib\chrome\skin\skin.xml
c:\program files (x86)\file2linkib\chrome\skin\technorati.png
c:\program files (x86)\file2linkib\chrome\skin\throbber.gif
c:\program files (x86)\file2linkib\chrome\skin\toolbarsplitter.png
c:\program files (x86)\file2linkib\chrome\skin\translate.png
c:\program files (x86)\file2linkib\chrome\skin\TRUSTe_about.png
c:\program files (x86)\file2linkib\chrome\skin\vmn.css
c:\program files (x86)\file2linkib\chrome\skin\vmn.png
c:\program files (x86)\file2linkib\chrome\skin\web.png
c:\program files (x86)\file2linkib\chrome\skin\websearch.png
c:\program files (x86)\file2linkib\chrome\skin\wikipedia.png
c:\program files (x86)\file2linkib\chrome\skin\yahoosearch.png
c:\program files (x86)\file2linkib\chrome\skin\yellow.gif
c:\program files (x86)\file2linkib\chrome\skin\youtube.png
c:\program files (x86)\file2linkib\chrome\skin\zoom.png
c:\program files (x86)\file2linkib\components\windowmediator.js
c:\program files (x86)\file2linkib\file2linkib.dll
c:\program files (x86)\file2linkib\file2linkibX.dll
c:\program files (x86)\file2linkib\install.ico
c:\program files (x86)\file2linkib\manifest.xml
c:\program files (x86)\file2linkib\toolbar.xml
c:\program files (x86)\file2linkib\uninstall.exe
c:\users\DJS\AppData\Local\Temp\1.tmp\F_IN_BOX.dll
c:\windows\system32\drivers\etc\lmhosts
c:\windows\SysWow64\protector.dll.tmp
.
.
((((((((((((((((((((((((( Files Created from 2012-05-21 to 2012-06-21 )))))))))))))))))))))))))))))))
.
.
2012-06-21 10:58 . 2011-07-08 06:55 41272 ----a-w- c:\windows\SysWow64\drivers\mbamswissarmy.sys
2012-06-21 06:39 . 2012-06-02 22:19 57880 ----a-w- c:\windows\system32\wuauclt.exe
2012-06-21 06:39 . 2012-06-02 22:19 44056 ----a-w- c:\windows\system32\wups2.dll
2012-06-21 06:39 . 2012-06-02 22:19 2428952 ----a-w- c:\windows\system32\wuaueng.dll
2012-06-21 06:39 . 2012-06-02 22:15 2622464 ----a-w- c:\windows\system32\wucltux.dll
2012-06-21 06:39 . 2012-06-02 14:19 186752 ----a-w- c:\windows\system32\wuwebv.dll
2012-06-21 06:39 . 2012-06-02 14:15 36864 ----a-w- c:\windows\system32\wuapp.exe
2012-06-20 17:34 . 2012-05-11 09:07 706776 --s---w- c:\windows\system32\drivers\TfSysMon.sys
2012-06-20 17:34 . 2012-05-11 09:07 65664 --s---w- c:\windows\system32\drivers\TfFsMon.sys
2012-06-20 17:34 . 2012-05-11 09:07 41968 --s---w- c:\windows\system32\drivers\TfNetMon.sys
2012-06-20 17:33 . 2012-05-11 10:09 145432 ----a-w- c:\windows\system32\drivers\pctwfpfilter64.sys
2012-06-20 17:33 . 2012-05-11 10:08 341168 ----a-w- c:\windows\system32\drivers\pctgntdi64.sys
2012-06-20 17:33 . 2012-05-11 10:13 14776 ----a-w- c:\windows\system32\drivers\pctBTFix64.sys
2012-06-20 17:33 . 2012-05-11 10:14 92896 ----a-w- c:\windows\system32\drivers\pctplsg64.sys
2012-06-20 17:32 . 2012-02-28 10:43 1096176 ----a-w- c:\windows\system32\drivers\pctEFA64.sys
2012-06-20 17:32 . 2012-02-28 10:43 453896 ----a-w- c:\windows\system32\drivers\pctDS64.sys
2012-06-20 17:32 . 2012-05-11 10:14 251528 ----a-w- c:\windows\system32\drivers\PCTSD64.sys
2012-06-20 17:32 . 2012-04-23 11:36 426616 ----a-w- c:\windows\system32\drivers\PCTCore64.sys
2012-06-20 15:00 . 2012-06-21 10:58 -------- d-----w- c:\program files (x86)\Malwarebytes' Anti-Malware
2012-06-20 15:00 . 2012-04-04 14:56 24904 ----a-w- c:\windows\system32\drivers\mbam.sys
2012-06-20 12:08 . 2012-06-20 12:10 -------- d-----w- c:\users\DJS\AppData\Roaming\vlc
2012-06-20 12:07 . 2012-06-20 12:07 -------- d-----w- c:\program files (x86)\VideoLAN
2012-06-15 11:43 . 2012-06-15 11:43 53248 ----a-r- c:\users\DJS\AppData\Roaming\Microsoft\Installer\{9064317A-39C7-40D5-8CF5-04A254747B88}\ARPPRODUCTICON.exe
2012-06-14 02:01 . 2012-04-26 05:41 77312 ----a-w- c:\windows\system32\rdpwsx.dll
2012-06-14 02:01 . 2012-04-26 05:41 149504 ----a-w- c:\windows\system32\rdpcorekmts.dll
2012-06-14 02:01 . 2012-04-26 05:34 9216 ----a-w- c:\windows\system32\rdrmemptylst.exe
2012-06-14 02:01 . 2012-05-01 05:40 209920 ----a-w- c:\windows\system32\profsvc.dll
2012-06-14 02:01 . 2012-05-04 11:06 5559664 ----a-w- c:\windows\system32\ntoskrnl.exe
2012-06-14 02:01 . 2012-05-04 10:03 3968368 ----a-w- c:\windows\SysWow64\ntkrnlpa.exe
2012-06-14 02:01 . 2012-05-04 10:03 3913072 ----a-w- c:\windows\SysWow64\ntoskrnl.exe
2012-06-13 04:37 . 2012-04-28 03:55 210944 ----a-w- c:\windows\system32\drivers\rdpwd.sys
2012-06-13 04:37 . 2012-04-07 12:31 3216384 ----a-w- c:\windows\system32\msi.dll
2012-06-13 04:37 . 2012-04-07 11:26 2342400 ----a-w- c:\windows\SysWow64\msi.dll
2012-06-13 04:37 . 2012-04-24 05:37 1462272 ----a-w- c:\windows\system32\crypt32.dll
2012-06-13 04:36 . 2012-04-24 05:37 184320 ----a-w- c:\windows\system32\cryptsvc.dll
2012-06-13 04:36 . 2012-04-24 05:37 140288 ----a-w- c:\windows\system32\cryptnet.dll
2012-06-13 04:36 . 2012-04-24 04:36 140288 ----a-w- c:\windows\SysWow64\cryptsvc.dll
2012-06-13 04:36 . 2012-04-24 04:36 1158656 ----a-w- c:\windows\SysWow64\crypt32.dll
2012-06-13 04:36 . 2012-04-24 04:36 103936 ----a-w- c:\windows\SysWow64\cryptnet.dll
2012-06-11 19:25 . 2012-06-11 19:25 -------- d-----w- c:\users\DJS\AppData\Local\MetaGeek,_LLC
2012-06-11 19:24 . 2012-06-11 19:24 -------- d-----w- c:\program files (x86)\MetaGeek
2012-06-11 15:59 . 2012-06-11 15:59 -------- d-----w- c:\program files\CCleaner
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2012-05-08 17:21 . 2012-01-06 15:50 85192 ----a-w- c:\windows\system32\drivers\PCTBD64.sys
2012-05-08 17:21 . 2012-01-06 15:50 149432 ----a-w- c:\windows\SGDetectionTool.dll0653.old
2012-05-08 17:21 . 2012-01-06 15:50 149432 ----a-w- c:\windows\SGDetectionTool.dll
2012-05-08 17:21 . 2012-01-06 15:50 2267064 ----a-w- c:\windows\PCTBDCore.dll0653.old
2012-05-08 17:21 . 2012-01-06 15:50 2267064 ----a-w- c:\windows\PCTBDCore.dll
2012-05-08 17:21 . 2012-01-06 15:50 1681336 ----a-w- c:\windows\PCTBDRes.dll
2012-05-08 17:21 . 2012-01-06 15:50 767928 ----a-w- c:\windows\BDTSupport.dll0653.old
2012-05-08 17:21 . 2012-01-06 15:50 767928 ----a-w- c:\windows\BDTSupport.dll
2012-05-08 16:47 . 2012-01-06 15:50 3488 ----a-w- c:\windows\UDB.zip
2012-05-08 16:47 . 2012-01-06 15:50 131 ----a-w- c:\windows\IDB.zip
2012-05-05 12:35 . 2012-04-13 08:21 419488 ----a-w- c:\windows\SysWow64\FlashPlayerApp.exe
2012-05-05 12:35 . 2011-12-20 16:55 70304 ----a-w- c:\windows\SysWow64\FlashPlayerCPLApp.cpl
2012-05-05 12:35 . 2012-04-13 08:35 8744608 ----a-w- c:\windows\SysWow64\FlashPlayerInstaller.exe
2012-04-22 11:07 . 2012-04-22 11:07 2301208 ----a-w- c:\programdata\Microsoft\eHome\Packages\MCEClientUX\UpdateableMarkup\markup .dll
2012-04-22 11:07 . 2012-04-22 11:07 42776 ----a-w- c:\programdata\Microsoft\eHome\Packages\MCEClientUX\dSM\StartResources.dll
2012-04-22 11:06 . 2012-04-22 11:06 710992 ----a-w- c:\programdata\Microsoft\eHome\Packages\MCESpotlight\MCESpotlight\Spotlight Resources.dll
2012-03-30 11:35 . 2012-05-09 06:41 1918320 ----a-w- c:\windows\system32\drivers\tcpip.sys
.
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Sidebar"="c:\program files\Windows Sidebar\sidebar.exe" [2010-11-21 1475584]
"093674ECE97C7DA80BFDFDC4CF032C619BDC522D._service_run"="c:\users\DJS\AppDa ta\Local\Google\Chrome\Application\chrome.exe" [2012-06-07 1239576]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Ru n]
"HP Software Update"="c:\program files (x86)\HP\HP Software Update\HPWuSchd2.exe" [2008-12-08 54576]
"Easybits Recovery"="c:\program files (x86)\EasyBits For Kids\ezRecover.exe" [2011-05-17 61112]
"PDF Complete"="c:\program files (x86)\PDF Complete\pdfsty.exe" [2011-05-06 658424]
"SunJavaUpdateSched"="c:\program files (x86)\Common Files\Java\Java Update\jusched.exe" [2010-05-14 248552]
"APSDaemon"="c:\program files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe" [2011-11-01 59240]
"iTunesHelper"="c:\program files (x86)\iTunes\iTunesHelper.exe" [2011-12-08 421736]
"RIMBBLaunchAgent.exe"="c:\program files (x86)\Common Files\Research In Motion\USB Drivers\RIMBBLaunchAgent.exe" [2011-11-02 90448]
"Adobe ARM"="c:\program files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2012-01-03 843712]
"FileZilla Server Interface"="c:\program files (x86)\FileZilla Server\FileZilla Server Interface.exe" [2011-10-23 1044992]
"Logan_S2P"="c:\program files (x86)\Samsung\Samsung SCX-4500 Series\SPanel\PSU\Scan2pc.exe" [2007-06-10 253952]
"Samsung PanelMgr"="c:\windows\Samsung\PanelMgr\SSMMgr.exe" [2007-07-05 520192]
"InstaLAN"="c:\program files (x86)\Belkin\Router Setup and Monitor\BelkinRouterMonitor.exe" [2011-05-27 2015136]
"ISTray"="c:\program files (x86)\PC Tools\PC Tools Security\pctsGui.exe" [2012-05-11 2670520]
.
c:\users\DJS\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
OpenOffice.org 3.3.lnk - c:\program files (x86)\OpenOffice.org 3\program\quickstart.exe [2010-12-13 1198592]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\syste m]
"ConsentPromptBehaviorAdmin"= 5 (0x5)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableUIADesktopToggle"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\explo rer]
"EnableShellExecuteHooks"= 1 (0x1)
.
[hkey_local_machine\software\Wow6432Node\microsoft\windows\currentversion\ex plorer\ShellExecuteHooks]
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\drivers32]
"aux"=wdmaud.drv
.
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\session manager]
BootExecute REG_MULTI_SZ autocheck autochk *\0\0sdnclean64.exe\0lsdelete
.
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
Security Packages REG_MULTI_SZ kerberos msv1_0 schannel wdigest tspkg pku2u livessp
.
R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-03-18 138576]
R2 gupdate;Google Update Service (gupdate);c:\program files (x86)\Google\Update\GoogleUpdate.exe [2012-03-25 116648]
R2 HP Support Assistant Service;HP Support Assistant Service;c:\program files (x86)\Hewlett-Packard\HP Support Framework\hpsa_service.exe [2011-06-09 85560]
R2 SkypeUpdate;Skype Updater;c:\program files (x86)\Skype\Updater\Updater.exe [2012-02-29 158856]
R3 AdobeFlashPlayerUpdateSvc;Adobe Flash Player Update Service;c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-05-05 257696]
R3 BBSvc;Bing Bar Update Service;c:\program files (x86)\Microsoft\BingBar\BBSvc.EXE [2011-03-02 183560]
R3 dg_ssudbus;SAMSUNG Mobile USB Composite Device Driver (DEVGURU Ver.);c:\windows\system32\DRIVERS\ssudbus.sys [x]
R3 GamesAppService;GamesAppService;c:\program files (x86)\WildTangent Games\App\GamesAppService.exe [2010-10-12 206072]
R3 gupdatem;Google Update Service (gupdatem);c:\program files (x86)\Google\Update\GoogleUpdate.exe [2012-03-25 116648]
R3 Impcd;Impcd;c:\windows\system32\drivers\Impcd.sys [x]
R3 Lavasoft Kernexplorer;Lavasoft helper driver;c:\program files (x86)\Lavasoft\Ad-Aware\KernExplorer64.sys [x]
R3 pmxdrv;pmxdrv;c:\windows\system32\drivers\pmxdrv.sys [x]
R3 Samsung UPD Service;Samsung UPD Service;c:\windows\System32\SUPDSvc.exe [x]
R3 ssudmdm;SAMSUNG Mobile USB Modem Drivers (DEVGURU Ver.);c:\windows\system32\DRIVERS\ssudmdm.sys [x]
R3 TfNetMon;TfNetMon;c:\windows\system32\drivers\TfNetMon.sys [x]
R3 ThreatFire;ThreatFire;c:\program files (x86)\PC Tools\PC Tools Security\TFEngine\TFService.exe service [x]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [x]
R3 TsUsbGD;Remote Desktop Generic USB Device;c:\windows\system32\drivers\TsUsbGD.sys [x]
R3 USBAAPL64;Apple Mobile USB Driver;c:\windows\system32\Drivers\usbaapl64.sys [x]
R3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\Wat\WatAdminSvc.exe [x]
R3 WDC_SAM;WD SCSI Pass Thru driver;c:\windows\system32\DRIVERS\wdcsam64.sys [x]
R4 wlcrasvc;Windows Live Mesh remote connections service;c:\program files\Windows Live\Mesh\wlcrasvc.exe [2010-09-23 57184]
S0 Lbd;Lbd;c:\windows\system32\DRIVERS\Lbd.sys [x]
S0 PCTCore;PCTools KDS;c:\windows\system32\drivers\PCTCore64.sys [x]
S0 pctDS;PC Tools Data Store;c:\windows\system32\drivers\pctDS64.sys [x]
S0 pctEFA;PC Tools Extended File Attributes;c:\windows\system32\drivers\pctEFA64.sys [x]
S0 PxHlpa64;PxHlpa64;c:\windows\System32\Drivers\PxHlpa64.sys [x]
S0 TfFsMon;TfFsMon;c:\windows\system32\drivers\TfFsMon.sys [x]
S0 TFSysMon;TFSysMon;c:\windows\system32\drivers\TfSysMon.sys [x]
S1 pctgntdi;pctgntdi;c:\windows\System32\drivers\pctgntdi64.sys [x]
S1 PCTSD;PC Tools Spyware Doctor Driver;c:\windows\system32\Drivers\PCTSD64.sys [x]
S2 AdobeActiveFileMonitor10.0;Adobe Active File Monitor V10;c:\program files (x86)\Adobe\Elements 10 Organizer\PhotoshopElementsFileAgent.exe [2011-09-01 169624]
S2 AdobeARMservice;Adobe Acrobat Update Service;c:\program files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe [2012-01-03 63928]
S2 Belkin Local Backup Service;Belkin Local Backup Service;c:\program files\Belkin\Belkin USB Print and Storage Center\BkBackupScheduler.exe [2011-04-19 181760]
S2 Belkin Network USB Helper;Belkin Network USB Helper;c:\program files\Belkin\Belkin USB Print and Storage Center\Bkapcs.exe [2010-02-09 55296]
S2 Browser Defender Update Service;Browser Defender Update Service;c:\program files (x86)\PC Tools\PC Tools Security\BDT\BDTUpdateService.exe [2012-05-08 575416]
S2 HPClientSvc;HP Client Services;c:\program files\Hewlett-Packard\HP Client Services\HPClientServices.exe [2010-10-11 346168]
S2 HPDrvMntSvc.exe;HP Quick Synchronization Service;c:\program files (x86)\Hewlett-Packard\Shared\HPDrvMntSvc.exe [2011-03-29 94264]
S2 jhi_service;Intel(R) Identity Protection Technology Host Interface Service;c:\program files (x86)\Intel\Services\IPT\jhi_service.exe [2011-02-24 212944]
S2 pdfcDispatcher;PDF Document Manager;c:\program files (x86)\PDF Complete\pdfsvc.exe [2011-05-06 1128952]
S2 sdAuxService;PC Tools Auxiliary Service;c:\program files (x86)\PC Tools\PC Tools Security\pctsAuxs.exe [2012-05-11 402336]
S2 SSPORT;SSPORT;c:\windows\system32\Drivers\SSPORT.sys [x]
S2 sxuptp;SXUPTP Driver;c:\windows\system32\DRIVERS\sxuptp.sys [x]
S2 UNS;Intel(R) Management and Security Application User Notification Service;c:\program files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe [2011-02-01 2656280]
S3 MEIx64;Intel(R) Management Engine Interface;c:\windows\system32\drivers\HECIx64.sys [x]
S3 PCTBD;PC Tools Browser Defender Driver;c:\windows\system32\Drivers\PCTBD64.sys [x]
S3 pctplsg;pctplsg;c:\windows\System32\drivers\pctplsg64.sys [x]
S3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\DRIVERS\Rt64win7.sys [x]
.
.
Contents of the 'Scheduled Tasks' folder
.
2012-06-21 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-04-13 12:35]
.
2012-06-21 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2012-03-25 10:44]
.
2012-06-21 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2012-03-25 10:44]
.
2012-06-20 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1482461076-1701952276-2842015750-1000Core.job
- c:\users\DJS\AppData\Local\Google\Update\GoogleUpdate.exe [2012-01-06 15:07]
.
2012-06-21 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1482461076-1701952276-2842015750-1000UA.job
- c:\users\DJS\AppData\Local\Google\Update\GoogleUpdate.exe [2012-01-06 15:07]
.
2012-06-19 c:\windows\Tasks\HPCeeScheduleForDJS.job
- c:\program files (x86)\Hewlett-Packard\HP Ceement\HPCEE.exe [2010-09-14 06:15]
.
.
--------- X64 Entries -----------
.
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [2011-04-25 168216]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2011-04-25 391960]
"Persistence"="c:\windows\system32\igfxpers.exe" [2011-04-25 418584]
"hpsysdrv"="c:\program files (x86)\hewlett-packard\HP odometer\hpsysdrv.exe" [2008-11-20 62768]
"AdobeAAMUpdater-1.0"="c:\program files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe" [2011-06-16 499608]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]
"LoadAppInit_DLLs"=0x0
.
------- Supplementary Scan -------
.
uStart Page = https://www.google.co.uk/
uLocal Page = c:\windows\system32\blank.htm
mLocal Page = c:\windows\SysWOW64\blank.htm
uInternet Settings,ProxyOverride = *.local
IE: Add to Google Photos Screensa&ver - c:\windows\system32\GPhotos.scr/200
IE: E&xport to Microsoft Excel - c:\progra~2\MICROS~1\Office12\EXCEL.EXE/3000
LSP: c:\program files (x86)\Common Files\PC Tools\Lsp\PCTLsp.dll
TCP: DhcpNameServer = 192.168.1.254
FF - ProfilePath - c:\users\DJS\AppData\Roaming\Mozilla\Firefox\Profiles\r62uapco.default\
FF - prefs.js: browser.startup.homepage - hxxps://login.yahoo.com/config/login_verify2?.intl=uk&.partner=bt-1&.done=http%3a//bt.yahoo.com/%3f
FF - user.js: extentions.y2layers.installId - 420efbda-25ed-4ace-87e1-9a3cfb51791b
FF - user.js: extentions.y2layers.defaultEnableAppsList - DropDownDeals,BestVideoDownloader,EzLooker,TwitTube,TopRelatedTopics,Buzzdo ck,
FF - user.js: security.csp.enable - false
FF - user.js: extensions.autoDisableScopes - 14//iBryte
.
- - - - ORPHANS REMOVED - - - -
.
Wow6432Node-HKLM-Run-iBryte playbryte Desktop - c:\program files (x86)\iBryte\playbryte\ibrytedesktop.exe
Wow6432Node-HKLM-Run-Spybot-S&D Cleaning - c:\program files (x86)\Spybot - Search & Destroy 2\SDCleaner.exe
SafeBoot-Lavasoft Ad-Aware Service
AddRemove-EasyBits Magic Desktop - c:\windows\system32\ezMDUninstall.exe
AddRemove-file2linkib - c:\program files (x86)\file2linkib\uninstall.exe
AddRemove-{34681D92-5958-406A-A654-1B57E7A7B3DC} - c:\program files (x86)\InstallShield Installation Information\{34681D92-5958-406A-A654-1B57E7A7B3DC}\setup.exe
.
.
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\pdfcDispatcher]
"ImagePath"="c:\program files (x86)\PDF Complete\pdfsvc.exe /startedbyscm:66B66708-40E2BE4D-pdfcService"
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_ 2_202_235_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\LocalServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_2_202_235_ActiveX .exe"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Shockwave Flash Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_2_202_235.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]
@="0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]
@="ShockwaveFlash.ShockwaveFlash.11"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_2_202_235.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="ShockwaveFlash.ShockwaveFlash"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Macromedia Flash Factory Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_2_202_235.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]
@="FlashFactory.FlashFactory.1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_2_202_235.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="FlashFactory.FlashFactory"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}]
@Denied: (A 2) (Everyone)
@="IFlashBroker4"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0001\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0002\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
------------------------ Other Running Processes ------------------------
.
c:\program files (x86)\Belkin\Router Setup and Monitor\BelkinService.exe
c:\program files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
c:\windows\SysWOW64\ezSharedSvcHost.exe
c:\program files (x86)\FileZilla Server\FileZilla Server.exe
c:\program files (x86)\PC Tools\PC Tools Security\pctsSvc.exe
c:\program files (x86)\Microsoft\BingBar\SeaPort.EXE
c:\program files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
.
**************************************************************************
.
Completion time: 2012-06-21 12:29:18 - machine was rebooted
ComboFix-quarantined-files.txt 2012-06-21 11:29
.
Pre-Run: 704,157,933,568 bytes free
Post-Run: 703,867,383,808 bytes free
.
- - End Of File - - 22DA8A657242EC1E92D7C908CCD2F519
dvk01's Avatar
dvk01   (Derek) dvk01 is online now dvk01 is authorized to help remove malware.
Moderator & Malware Removal Specialist with 45,906 posts.
 
Join Date: Dec 2002
Location: Loughton, Essex, UK
21-Jun-2012, 11:05 AM #6
Download the attached CFScript.txt and save it to your desktop ( click on the link underneath this post & if you are using internet explorer when the "File download" pop up comes press SAVE and choose desktop in the list of selections in that window & press save)

Disable any antivirus/antimalware/firewall realtime protection or script blocking in the same way you did previously before running combofix & remember to re-enable it when it has finished

Close any open browsers
Then drag the CFScript.txt into the ComboFix.exe or renamed combofix icon as shown in the screenshot below.







This will start ComboFix again. It may ask to reboot. Post the contents of Combofix.txt in your next reply .


Note: these instructions and script were created specifically for this user. If you are not this user, do NOT follow these instructions or use this script as it could damage the workings of your system and will not fix your problem. If you have a similar problem start your own topic in the malware fixing forum
Attachment Blocked
Attachments in the HJT forum are often designed to solve a specific issue and not meant to be used without instructions specific to your computer. If you want help specific to your computer, please post a HiJackThis Log. If you started this thread, please make sure you are logged in to be able to view attachments.
Sandy379's Avatar
Sandy379 Sandy379 is offline
Computer Specs
Member with 15 posts.
THREAD STARTER
 
Join Date: Jun 2012
Experience: Intermediate
21-Jun-2012, 12:38 PM #7
Done as requested. No noticable change. txt below:


ComboFix 12-06-21.01 - DJS 21/06/2012 18:19:19.2.4 - x64
Microsoft Windows 7 Home Premium 6.1.7601.1.1252.44.1033.18.4001.2776 [GMT 1:00]
Running from: c:\users\DJS\Downloads\ComboFix.exe
Command switches used :: c:\users\DJS\Desktop\CFScript (2).txt
AV: PC Tools Spyware Doctor with AntiVirus *Disabled/Updated* {2F668A56-D5E0-2DF1-A0AE-CB1284F42AB2}
SP: PC Tools Spyware Doctor with AntiVirus *Disabled/Updated* {94076BB2-F3DA-227F-9A1E-F060FF73600F}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\program files (x86)\iBryte
c:\program files (x86)\Yontoo
c:\program files (x86)\Yontoo\YontooIEClient.dll
c:\users\DJS\AppData\Local\Temp\1.tmp\F_IN_BOX.dll
.
.
((((((((((((((((((((((((( Files Created from 2012-05-21 to 2012-06-21 )))))))))))))))))))))))))))))))
.
.
2012-06-21 17:28 . 2012-06-21 17:28 -------- d-----w- C:\found.000
2012-06-21 17:24 . 2012-06-21 17:24 -------- d-----w- c:\users\Default\AppData\Local\temp
2012-06-21 10:58 . 2011-07-08 06:55 41272 ----a-w- c:\windows\SysWow64\drivers\mbamswissarmy.sys
2012-06-21 06:39 . 2012-06-02 22:19 57880 ----a-w- c:\windows\system32\wuauclt.exe
2012-06-21 06:39 . 2012-06-02 22:19 44056 ----a-w- c:\windows\system32\wups2.dll
2012-06-21 06:39 . 2012-06-02 22:19 2428952 ----a-w- c:\windows\system32\wuaueng.dll
2012-06-21 06:39 . 2012-06-02 22:15 2622464 ----a-w- c:\windows\system32\wucltux.dll
2012-06-21 06:39 . 2012-06-02 14:19 186752 ----a-w- c:\windows\system32\wuwebv.dll
2012-06-21 06:39 . 2012-06-02 14:15 36864 ----a-w- c:\windows\system32\wuapp.exe
2012-06-20 17:34 . 2012-05-11 09:07 706776 --s---w- c:\windows\system32\drivers\TfSysMon.sys
2012-06-20 17:34 . 2012-05-11 09:07 65664 --s---w- c:\windows\system32\drivers\TfFsMon.sys
2012-06-20 17:34 . 2012-05-11 09:07 41968 --s---w- c:\windows\system32\drivers\TfNetMon.sys
2012-06-20 17:33 . 2012-05-11 10:09 145432 ----a-w- c:\windows\system32\drivers\pctwfpfilter64.sys
2012-06-20 17:33 . 2012-05-11 10:08 341168 ----a-w- c:\windows\system32\drivers\pctgntdi64.sys
2012-06-20 17:33 . 2012-05-11 10:13 14776 ----a-w- c:\windows\system32\drivers\pctBTFix64.sys
2012-06-20 17:33 . 2012-05-11 10:14 92896 ----a-w- c:\windows\system32\drivers\pctplsg64.sys
2012-06-20 17:32 . 2012-02-28 10:43 1096176 ----a-w- c:\windows\system32\drivers\pctEFA64.sys
2012-06-20 17:32 . 2012-02-28 10:43 453896 ----a-w- c:\windows\system32\drivers\pctDS64.sys
2012-06-20 17:32 . 2012-05-11 10:14 251528 ----a-w- c:\windows\system32\drivers\PCTSD64.sys
2012-06-20 17:32 . 2012-04-23 11:36 426616 ----a-w- c:\windows\system32\drivers\PCTCore64.sys
2012-06-20 15:00 . 2012-06-21 10:58 -------- d-----w- c:\program files (x86)\Malwarebytes' Anti-Malware
2012-06-20 15:00 . 2012-04-04 14:56 24904 ----a-w- c:\windows\system32\drivers\mbam.sys
2012-06-20 12:08 . 2012-06-20 12:10 -------- d-----w- c:\users\DJS\AppData\Roaming\vlc
2012-06-20 12:07 . 2012-06-20 12:07 -------- d-----w- c:\program files (x86)\VideoLAN
2012-06-15 11:43 . 2012-06-15 11:43 53248 ----a-r- c:\users\DJS\AppData\Roaming\Microsoft\Installer\{9064317A-39C7-40D5-8CF5-04A254747B88}\ARPPRODUCTICON.exe
2012-06-14 02:01 . 2012-04-26 05:41 77312 ----a-w- c:\windows\system32\rdpwsx.dll
2012-06-14 02:01 . 2012-04-26 05:41 149504 ----a-w- c:\windows\system32\rdpcorekmts.dll
2012-06-14 02:01 . 2012-04-26 05:34 9216 ----a-w- c:\windows\system32\rdrmemptylst.exe
2012-06-14 02:01 . 2012-05-01 05:40 209920 ----a-w- c:\windows\system32\profsvc.dll
2012-06-14 02:01 . 2012-05-04 11:06 5559664 ----a-w- c:\windows\system32\ntoskrnl.exe
2012-06-14 02:01 . 2012-05-04 10:03 3968368 ----a-w- c:\windows\SysWow64\ntkrnlpa.exe
2012-06-14 02:01 . 2012-05-04 10:03 3913072 ----a-w- c:\windows\SysWow64\ntoskrnl.exe
2012-06-13 04:37 . 2012-04-28 03:55 210944 ----a-w- c:\windows\system32\drivers\rdpwd.sys
2012-06-13 04:37 . 2012-04-07 12:31 3216384 ----a-w- c:\windows\system32\msi.dll
2012-06-13 04:37 . 2012-04-07 11:26 2342400 ----a-w- c:\windows\SysWow64\msi.dll
2012-06-13 04:37 . 2012-04-24 05:37 1462272 ----a-w- c:\windows\system32\crypt32.dll
2012-06-13 04:36 . 2012-04-24 05:37 184320 ----a-w- c:\windows\system32\cryptsvc.dll
2012-06-13 04:36 . 2012-04-24 05:37 140288 ----a-w- c:\windows\system32\cryptnet.dll
2012-06-13 04:36 . 2012-04-24 04:36 140288 ----a-w- c:\windows\SysWow64\cryptsvc.dll
2012-06-13 04:36 . 2012-04-24 04:36 1158656 ----a-w- c:\windows\SysWow64\crypt32.dll
2012-06-13 04:36 . 2012-04-24 04:36 103936 ----a-w- c:\windows\SysWow64\cryptnet.dll
2012-06-11 19:25 . 2012-06-11 19:25 -------- d-----w- c:\users\DJS\AppData\Local\MetaGeek,_LLC
2012-06-11 19:24 . 2012-06-11 19:24 -------- d-----w- c:\program files (x86)\MetaGeek
2012-06-11 15:59 . 2012-06-11 15:59 -------- d-----w- c:\program files\CCleaner
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2012-05-08 17:21 . 2012-01-06 15:50 85192 ----a-w- c:\windows\system32\drivers\PCTBD64.sys
2012-05-08 17:21 . 2012-01-06 15:50 149432 ----a-w- c:\windows\SGDetectionTool.dll0653.old
2012-05-08 17:21 . 2012-01-06 15:50 149432 ----a-w- c:\windows\SGDetectionTool.dll
2012-05-08 17:21 . 2012-01-06 15:50 2267064 ----a-w- c:\windows\PCTBDCore.dll0653.old
2012-05-08 17:21 . 2012-01-06 15:50 2267064 ----a-w- c:\windows\PCTBDCore.dll
2012-05-08 17:21 . 2012-01-06 15:50 1681336 ----a-w- c:\windows\PCTBDRes.dll
2012-05-08 17:21 . 2012-01-06 15:50 767928 ----a-w- c:\windows\BDTSupport.dll0653.old
2012-05-08 17:21 . 2012-01-06 15:50 767928 ----a-w- c:\windows\BDTSupport.dll
2012-05-08 16:47 . 2012-01-06 15:50 3488 ----a-w- c:\windows\UDB.zip
2012-05-08 16:47 . 2012-01-06 15:50 131 ----a-w- c:\windows\IDB.zip
2012-05-05 12:35 . 2012-04-13 08:21 419488 ----a-w- c:\windows\SysWow64\FlashPlayerApp.exe
2012-05-05 12:35 . 2011-12-20 16:55 70304 ----a-w- c:\windows\SysWow64\FlashPlayerCPLApp.cpl
2012-05-05 12:35 . 2012-04-13 08:35 8744608 ----a-w- c:\windows\SysWow64\FlashPlayerInstaller.exe
2012-04-22 11:07 . 2012-04-22 11:07 2301208 ----a-w- c:\programdata\Microsoft\eHome\Packages\MCEClientUX\UpdateableMarkup\markup .dll
2012-04-22 11:07 . 2012-04-22 11:07 42776 ----a-w- c:\programdata\Microsoft\eHome\Packages\MCEClientUX\dSM\StartResources.dll
2012-04-22 11:06 . 2012-04-22 11:06 710992 ----a-w- c:\programdata\Microsoft\eHome\Packages\MCESpotlight\MCESpotlight\Spotlight Resources.dll
2012-03-30 11:35 . 2012-05-09 06:41 1918320 ----a-w- c:\windows\system32\drivers\tcpip.sys
.
.
((((((((((((((((((((((((((((( SnapShot@2012-06-21_11.25.40 )))))))))))))))))))))))))))))))))))))))))
.
+ 2009-07-14 04:54 . 2012-06-21 17:29 16384 c:\windows\SysWOW64\config\systemprofile\AppData\Roaming\Microsoft\Windows\ Cookies\index.dat
- 2009-07-14 04:54 . 2012-06-21 11:25 16384 c:\windows\SysWOW64\config\systemprofile\AppData\Roaming\Microsoft\Windows\ Cookies\index.dat
- 2009-07-14 04:54 . 2012-06-21 08:55 65536 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\Hi story\History.IE5\index.dat
+ 2009-07-14 04:54 . 2012-06-21 17:29 65536 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\Hi story\History.IE5\index.dat
+ 2010-11-21 03:09 . 2012-06-21 11:36 33280 c:\windows\system32\wdi\ShutdownPerformanceDiagnostics_SystemData.bin
+ 2009-07-14 05:10 . 2012-06-21 11:36 34040 c:\windows\system32\wdi\BootPerformanceDiagnostics_SystemData.bin
+ 2012-03-02 13:59 . 2012-06-21 11:33 3032 c:\windows\system32\wdi\ERCQueuedResolutions.dat
+ 2012-01-06 14:48 . 2012-06-21 11:36 8524 c:\windows\system32\wdi\{86432a0b-3c7d-4ddf-a89c-172faa90485d}\S-1-5-21-1482461076-1701952276-2842015750-1000_UserData.bin
- 2012-06-21 11:25 . 2012-06-21 11:25 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive1.dat
+ 2012-06-21 17:29 . 2012-06-21 17:29 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive1.dat
- 2012-06-21 11:25 . 2012-06-21 11:25 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive0.dat
+ 2012-06-21 17:29 . 2012-06-21 17:29 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive0.dat
+ 2009-07-14 04:54 . 2012-06-21 17:29 999424 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\Te mporary Internet Files\Content.IE5\index.dat
- 2009-07-14 04:54 . 2012-06-21 08:55 999424 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\Te mporary Internet Files\Content.IE5\index.dat
- 2009-07-14 05:01 . 2012-06-21 11:22 440268 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-System.dat
+ 2009-07-14 05:01 . 2012-06-21 17:25 440268 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-System.dat
+ 2012-01-06 16:37 . 2012-06-21 17:25 11954404 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-S-1-5-21-1482461076-1701952276-2842015750-1000-8192.dat
- 2012-01-06 16:37 . 2012-06-21 11:22 11954404 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-S-1-5-21-1482461076-1701952276-2842015750-1000-8192.dat
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Sidebar"="c:\program files\Windows Sidebar\sidebar.exe" [2010-11-21 1475584]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Ru n]
"HP Software Update"="c:\program files (x86)\HP\HP Software Update\HPWuSchd2.exe" [2008-12-08 54576]
"Easybits Recovery"="c:\program files (x86)\EasyBits For Kids\ezRecover.exe" [2011-05-17 61112]
"PDF Complete"="c:\program files (x86)\PDF Complete\pdfsty.exe" [2011-05-06 658424]
"SunJavaUpdateSched"="c:\program files (x86)\Common Files\Java\Java Update\jusched.exe" [2010-05-14 248552]
"APSDaemon"="c:\program files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe" [2011-11-01 59240]
"iTunesHelper"="c:\program files (x86)\iTunes\iTunesHelper.exe" [2011-12-08 421736]
"RIMBBLaunchAgent.exe"="c:\program files (x86)\Common Files\Research In Motion\USB Drivers\RIMBBLaunchAgent.exe" [2011-11-02 90448]
"Adobe ARM"="c:\program files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2012-01-03 843712]
"FileZilla Server Interface"="c:\program files (x86)\FileZilla Server\FileZilla Server Interface.exe" [2011-10-23 1044992]
"Logan_S2P"="c:\program files (x86)\Samsung\Samsung SCX-4500 Series\SPanel\PSU\Scan2pc.exe" [2007-06-10 253952]
"Samsung PanelMgr"="c:\windows\Samsung\PanelMgr\SSMMgr.exe" [2007-07-05 520192]
"InstaLAN"="c:\program files (x86)\Belkin\Router Setup and Monitor\BelkinRouterMonitor.exe" [2011-05-27 2015136]
"ISTray"="c:\program files (x86)\PC Tools\PC Tools Security\pctsGui.exe" [2012-05-11 2670520]
.
c:\users\DJS\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
OpenOffice.org 3.3.lnk - c:\program files (x86)\OpenOffice.org 3\program\quickstart.exe [2010-12-13 1198592]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\syste m]
"ConsentPromptBehaviorAdmin"= 5 (0x5)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableUIADesktopToggle"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\explo rer]
"EnableShellExecuteHooks"= 1 (0x1)
.
[hkey_local_machine\software\Wow6432Node\microsoft\windows\currentversion\ex plorer\ShellExecuteHooks]
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\drivers32]
"aux"=wdmaud.drv
.
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\session manager]
BootExecute REG_MULTI_SZ autocheck autochk *\0\0sdnclean64.exe\0lsdelete
.
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
Security Packages REG_MULTI_SZ kerberos msv1_0 schannel wdigest tspkg pku2u livessp
.
R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-03-18 138576]
R2 gupdate;Google Update Service (gupdate);c:\program files (x86)\Google\Update\GoogleUpdate.exe [2012-03-25 116648]
R2 HP Support Assistant Service;HP Support Assistant Service;c:\program files (x86)\Hewlett-Packard\HP Support Framework\hpsa_service.exe [2011-06-09 85560]
R2 SkypeUpdate;Skype Updater;c:\program files (x86)\Skype\Updater\Updater.exe [2012-02-29 158856]
R3 AdobeFlashPlayerUpdateSvc;Adobe Flash Player Update Service;c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-05-05 257696]
R3 BBSvc;Bing Bar Update Service;c:\program files (x86)\Microsoft\BingBar\BBSvc.EXE [2011-03-02 183560]
R3 dg_ssudbus;SAMSUNG Mobile USB Composite Device Driver (DEVGURU Ver.);c:\windows\system32\DRIVERS\ssudbus.sys [x]
R3 GamesAppService;GamesAppService;c:\program files (x86)\WildTangent Games\App\GamesAppService.exe [2010-10-12 206072]
R3 gupdatem;Google Update Service (gupdatem);c:\program files (x86)\Google\Update\GoogleUpdate.exe [2012-03-25 116648]
R3 Impcd;Impcd;c:\windows\system32\drivers\Impcd.sys [x]
R3 Lavasoft Kernexplorer;Lavasoft helper driver;c:\program files (x86)\Lavasoft\Ad-Aware\KernExplorer64.sys [x]
R3 pmxdrv;pmxdrv;c:\windows\system32\drivers\pmxdrv.sys [x]
R3 Samsung UPD Service;Samsung UPD Service;c:\windows\System32\SUPDSvc.exe [x]
R3 ssudmdm;SAMSUNG Mobile USB Modem Drivers (DEVGURU Ver.);c:\windows\system32\DRIVERS\ssudmdm.sys [x]
R3 TfNetMon;TfNetMon;c:\windows\system32\drivers\TfNetMon.sys [x]
R3 ThreatFire;ThreatFire;c:\program files (x86)\PC Tools\PC Tools Security\TFEngine\TFService.exe service [x]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [x]
R3 TsUsbGD;Remote Desktop Generic USB Device;c:\windows\system32\drivers\TsUsbGD.sys [x]
R3 USBAAPL64;Apple Mobile USB Driver;c:\windows\system32\Drivers\usbaapl64.sys [x]
R3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\Wat\WatAdminSvc.exe [x]
R3 WDC_SAM;WD SCSI Pass Thru driver;c:\windows\system32\DRIVERS\wdcsam64.sys [x]
R4 wlcrasvc;Windows Live Mesh remote connections service;c:\program files\Windows Live\Mesh\wlcrasvc.exe [2010-09-23 57184]
S0 Lbd;Lbd;c:\windows\system32\DRIVERS\Lbd.sys [x]
S0 PCTCore;PCTools KDS;c:\windows\system32\drivers\PCTCore64.sys [x]
S0 pctDS;PC Tools Data Store;c:\windows\system32\drivers\pctDS64.sys [x]
S0 pctEFA;PC Tools Extended File Attributes;c:\windows\system32\drivers\pctEFA64.sys [x]
S0 PxHlpa64;PxHlpa64;c:\windows\System32\Drivers\PxHlpa64.sys [x]
S0 TfFsMon;TfFsMon;c:\windows\system32\drivers\TfFsMon.sys [x]
S0 TFSysMon;TFSysMon;c:\windows\system32\drivers\TfSysMon.sys [x]
S1 pctgntdi;pctgntdi;c:\windows\System32\drivers\pctgntdi64.sys [x]
S1 PCTSD;PC Tools Spyware Doctor Driver;c:\windows\system32\Drivers\PCTSD64.sys [x]
S2 AdobeActiveFileMonitor10.0;Adobe Active File Monitor V10;c:\program files (x86)\Adobe\Elements 10 Organizer\PhotoshopElementsFileAgent.exe [2011-09-01 169624]
S2 AdobeARMservice;Adobe Acrobat Update Service;c:\program files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe [2012-01-03 63928]
S2 Belkin Local Backup Service;Belkin Local Backup Service;c:\program files\Belkin\Belkin USB Print and Storage Center\BkBackupScheduler.exe [2011-04-19 181760]
S2 Belkin Network USB Helper;Belkin Network USB Helper;c:\program files\Belkin\Belkin USB Print and Storage Center\Bkapcs.exe [2010-02-09 55296]
S2 Browser Defender Update Service;Browser Defender Update Service;c:\program files (x86)\PC Tools\PC Tools Security\BDT\BDTUpdateService.exe [2012-05-08 575416]
S2 HPClientSvc;HP Client Services;c:\program files\Hewlett-Packard\HP Client Services\HPClientServices.exe [2010-10-11 346168]
S2 HPDrvMntSvc.exe;HP Quick Synchronization Service;c:\program files (x86)\Hewlett-Packard\Shared\HPDrvMntSvc.exe [2011-03-29 94264]
S2 jhi_service;Intel(R) Identity Protection Technology Host Interface Service;c:\program files (x86)\Intel\Services\IPT\jhi_service.exe [2011-02-24 212944]
S2 pdfcDispatcher;PDF Document Manager;c:\program files (x86)\PDF Complete\pdfsvc.exe [2011-05-06 1128952]
S2 sdAuxService;PC Tools Auxiliary Service;c:\program files (x86)\PC Tools\PC Tools Security\pctsAuxs.exe [2012-05-11 402336]
S2 SSPORT;SSPORT;c:\windows\system32\Drivers\SSPORT.sys [x]
S2 sxuptp;SXUPTP Driver;c:\windows\system32\DRIVERS\sxuptp.sys [x]
S2 UNS;Intel(R) Management and Security Application User Notification Service;c:\program files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe [2011-02-01 2656280]
S3 MEIx64;Intel(R) Management Engine Interface;c:\windows\system32\drivers\HECIx64.sys [x]
S3 PCTBD;PC Tools Browser Defender Driver;c:\windows\system32\Drivers\PCTBD64.sys [x]
S3 pctplsg;pctplsg;c:\windows\System32\drivers\pctplsg64.sys [x]
S3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\DRIVERS\Rt64win7.sys [x]
.
.
--- Other Services/Drivers In Memory ---
.
*Deregistered* - PCTSDInjDriver64
.
Contents of the 'Scheduled Tasks' folder
.
2012-06-21 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-04-13 12:35]
.
2012-06-21 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2012-03-25 10:44]
.
2012-06-21 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2012-03-25 10:44]
.
2012-06-21 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1482461076-1701952276-2842015750-1000Core.job
- c:\users\DJS\AppData\Local\Google\Update\GoogleUpdate.exe [2012-01-06 15:07]
.
2012-06-21 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1482461076-1701952276-2842015750-1000UA.job
- c:\users\DJS\AppData\Local\Google\Update\GoogleUpdate.exe [2012-01-06 15:07]
.
2012-06-19 c:\windows\Tasks\HPCeeScheduleForDJS.job
- c:\program files (x86)\Hewlett-Packard\HP Ceement\HPCEE.exe [2010-09-14 06:15]
.
.
--------- X64 Entries -----------
.
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [2011-04-25 168216]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2011-04-25 391960]
"Persistence"="c:\windows\system32\igfxpers.exe" [2011-04-25 418584]
"hpsysdrv"="c:\program files (x86)\hewlett-packard\HP odometer\hpsysdrv.exe" [2008-11-20 62768]
"AdobeAAMUpdater-1.0"="c:\program files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe" [2011-06-16 499608]
.
------- Supplementary Scan -------
.
uStart Page = https://www.google.co.uk/
uLocal Page = c:\windows\system32\blank.htm
mLocal Page = c:\windows\SysWOW64\blank.htm
uInternet Settings,ProxyOverride = *.local
IE: Add to Google Photos Screensa&ver - c:\windows\system32\GPhotos.scr/200
IE: E&xport to Microsoft Excel - c:\progra~2\MICROS~1\Office12\EXCEL.EXE/3000
LSP: c:\program files (x86)\Common Files\PC Tools\Lsp\PCTLsp.dll
TCP: DhcpNameServer = 192.168.1.254
FF - ProfilePath - c:\users\DJS\AppData\Roaming\Mozilla\Firefox\Profiles\r62uapco.default\
FF - prefs.js: browser.startup.homepage - hxxps://login.yahoo.com/config/login_verify2?.intl=uk&.partner=bt-1&.done=http%3a//bt.yahoo.com/%3f
FF - user.js: extentions.y2layers.installId - 420efbda-25ed-4ace-87e1-9a3cfb51791b
FF - user.js: extentions.y2layers.defaultEnableAppsList - DropDownDeals,BestVideoDownloader,EzLooker,TwitTube,TopRelatedTopics,Buzzdo ck,
FF - user.js: security.csp.enable - false
FF - user.js: extensions.autoDisableScopes - 14//iBryte
.
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\pdfcDispatcher]
"ImagePath"="c:\program files (x86)\PDF Complete\pdfsvc.exe /startedbyscm:66B66708-40E2BE4D-pdfcService"
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_ 2_202_235_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\LocalServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_2_202_235_ActiveX .exe"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Shockwave Flash Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_2_202_235.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]
@="0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]
@="ShockwaveFlash.ShockwaveFlash.11"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_2_202_235.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="ShockwaveFlash.ShockwaveFlash"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Macromedia Flash Factory Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_2_202_235.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]
@="FlashFactory.FlashFactory.1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_2_202_235.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="FlashFactory.FlashFactory"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}]
@Denied: (A 2) (Everyone)
@="IFlashBroker4"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0001\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0002\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
------------------------ Other Running Processes ------------------------
.
c:\program files (x86)\Belkin\Router Setup and Monitor\BelkinService.exe
c:\program files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
c:\windows\SysWOW64\ezSharedSvcHost.exe
c:\program files (x86)\FileZilla Server\FileZilla Server.exe
c:\program files (x86)\PC Tools\PC Tools Security\pctsSvc.exe
c:\program files (x86)\Microsoft\BingBar\SeaPort.EXE
c:\program files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
c:\windows\SysWOW64\ezScrSvr.scr
c:\program files (x86)\Internet Explorer\IELowutil.exe
.
**************************************************************************
.
Completion time: 2012-06-21 18:33:21 - machine was rebooted
ComboFix-quarantined-files.txt 2012-06-21 17:33
ComboFix2.txt 2012-06-21 11:29
.
Pre-Run: 703,942,717,440 bytes free
Post-Run: 703,847,362,560 bytes free
.
- - End Of File - - EC9EBB508C713078B7D6A6BF0D899979
dvk01's Avatar
dvk01   (Derek) dvk01 is online now dvk01 is authorized to help remove malware.
Moderator & Malware Removal Specialist with 45,906 posts.
 
Join Date: Dec 2002
Location: Loughton, Essex, UK
21-Jun-2012, 12:56 PM #8
there is no signs of any of the usual goonsearch entries anywhere
is this only in chrome or in all browsers
Download OTS.exe to your Desktop
  • Close any open browsers.
  • Double-click on OTS.exe to start the program.
  • If your Real protection or Antivirus intervenes with OTS, allow it to run.
  • In the Processes group click ALL
  • In the modules group click ALL
  • In the Services group click Safe List
  • In the Drivers group click Safe List
  • In the Registry group click ALL
  • In the Files Age drop down box click 90 days
  • Make sure use company name white list and skip Microsoft files boxes are checked
  • In the Files created and Files modified groups select whitelist/file age
    in the Additional scans sections please select Everything and make sure safe list box is checked
  • Now on the toolbar at the top select "Scan all users" then click the Run Scan button
  • The program will be scanning huge amounts of data so depending on your system it could take a long time to complete. Let it run unhindered until it finishes.
  • When the scan is complete Notepad will open with the report file loaded in it.
  • Save that notepad file
Use the Reply button and attach the notepad file here. I will review it when it comes in.

It will be much too big so you will need to zip the file before it will be able to be uploaded
Sandy379's Avatar
Sandy379 Sandy379 is offline
Computer Specs
Member with 15 posts.
THREAD STARTER
 
Join Date: Jun 2012
Experience: Intermediate
21-Jun-2012, 01:16 PM #9
Checked other browsers - no sign on firefox or IE. Only Chrome.

Apologies for not following original instructions to the letter. Now run above Combofix (named differently) from desktop
with CFS script. But no change. Will now run OTS - report to follow.


ComboFix 12-06-21.02 - DJS 21/06/2012 18:58:35.3.4 - x64
Microsoft Windows 7 Home Premium 6.1.7601.1.1252.44.1033.18.4001.2306 [GMT 1:00]
Running from: c:\users\DJS\Desktop\Sandy123.exe
Command switches used :: c:\users\DJS\Desktop\CFScript (3).txt
AV: PC Tools Spyware Doctor with AntiVirus *Disabled/Updated* {2F668A56-D5E0-2DF1-A0AE-CB1284F42AB2}
SP: PC Tools Spyware Doctor with AntiVirus *Disabled/Updated* {94076BB2-F3DA-227F-9A1E-F060FF73600F}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
C:\sandy123.exe
c:\sandy123.exe\NircmdB.exe
c:\users\DJS\AppData\Local\Temp\1.tmp\F_IN_BOX.dll
.
.
((((((((((((((((((((((((( Files Created from 2012-05-21 to 2012-06-21 )))))))))))))))))))))))))))))))
.
.
2012-06-21 18:02 . 2012-06-21 18:02 -------- d-----w- c:\users\Default\AppData\Local\temp
2012-06-21 17:28 . 2012-06-21 17:28 -------- d-----w- C:\found.000
2012-06-21 10:58 . 2011-07-08 06:55 41272 ----a-w- c:\windows\SysWow64\drivers\mbamswissarmy.sys
2012-06-21 06:39 . 2012-06-02 22:19 57880 ----a-w- c:\windows\system32\wuauclt.exe
2012-06-21 06:39 . 2012-06-02 22:19 44056 ----a-w- c:\windows\system32\wups2.dll
2012-06-21 06:39 . 2012-06-02 22:19 2428952 ----a-w- c:\windows\system32\wuaueng.dll
2012-06-21 06:39 . 2012-06-02 22:15 2622464 ----a-w- c:\windows\system32\wucltux.dll
2012-06-21 06:39 . 2012-06-02 14:19 186752 ----a-w- c:\windows\system32\wuwebv.dll
2012-06-21 06:39 . 2012-06-02 14:15 36864 ----a-w- c:\windows\system32\wuapp.exe
2012-06-20 17:34 . 2012-05-11 09:07 706776 --s---w- c:\windows\system32\drivers\TfSysMon.sys
2012-06-20 17:34 . 2012-05-11 09:07 65664 --s---w- c:\windows\system32\drivers\TfFsMon.sys
2012-06-20 17:34 . 2012-05-11 09:07 41968 --s---w- c:\windows\system32\drivers\TfNetMon.sys
2012-06-20 17:33 . 2012-05-11 10:09 145432 ----a-w- c:\windows\system32\drivers\pctwfpfilter64.sys
2012-06-20 17:33 . 2012-05-11 10:08 341168 ----a-w- c:\windows\system32\drivers\pctgntdi64.sys
2012-06-20 17:33 . 2012-05-11 10:13 14776 ----a-w- c:\windows\system32\drivers\pctBTFix64.sys
2012-06-20 17:33 . 2012-05-11 10:14 92896 ----a-w- c:\windows\system32\drivers\pctplsg64.sys
2012-06-20 17:32 . 2012-02-28 10:43 1096176 ----a-w- c:\windows\system32\drivers\pctEFA64.sys
2012-06-20 17:32 . 2012-02-28 10:43 453896 ----a-w- c:\windows\system32\drivers\pctDS64.sys
2012-06-20 17:32 . 2012-05-11 10:14 251528 ----a-w- c:\windows\system32\drivers\PCTSD64.sys
2012-06-20 17:32 . 2012-04-23 11:36 426616 ----a-w- c:\windows\system32\drivers\PCTCore64.sys
2012-06-20 15:00 . 2012-06-21 10:58 -------- d-----w- c:\program files (x86)\Malwarebytes' Anti-Malware
2012-06-20 15:00 . 2012-04-04 14:56 24904 ----a-w- c:\windows\system32\drivers\mbam.sys
2012-06-20 12:08 . 2012-06-20 12:10 -------- d-----w- c:\users\DJS\AppData\Roaming\vlc
2012-06-20 12:07 . 2012-06-20 12:07 -------- d-----w- c:\program files (x86)\VideoLAN
2012-06-15 11:43 . 2012-06-15 11:43 53248 ----a-r- c:\users\DJS\AppData\Roaming\Microsoft\Installer\{9064317A-39C7-40D5-8CF5-04A254747B88}\ARPPRODUCTICON.exe
2012-06-14 02:01 . 2012-04-26 05:41 77312 ----a-w- c:\windows\system32\rdpwsx.dll
2012-06-14 02:01 . 2012-04-26 05:41 149504 ----a-w- c:\windows\system32\rdpcorekmts.dll
2012-06-14 02:01 . 2012-04-26 05:34 9216 ----a-w- c:\windows\system32\rdrmemptylst.exe
2012-06-14 02:01 . 2012-05-01 05:40 209920 ----a-w- c:\windows\system32\profsvc.dll
2012-06-14 02:01 . 2012-05-04 11:06 5559664 ----a-w- c:\windows\system32\ntoskrnl.exe
2012-06-14 02:01 . 2012-05-04 10:03 3968368 ----a-w- c:\windows\SysWow64\ntkrnlpa.exe
2012-06-14 02:01 . 2012-05-04 10:03 3913072 ----a-w- c:\windows\SysWow64\ntoskrnl.exe
2012-06-13 04:37 . 2012-04-28 03:55 210944 ----a-w- c:\windows\system32\drivers\rdpwd.sys
2012-06-13 04:37 . 2012-04-07 12:31 3216384 ----a-w- c:\windows\system32\msi.dll
2012-06-13 04:37 . 2012-04-07 11:26 2342400 ----a-w- c:\windows\SysWow64\msi.dll
2012-06-13 04:37 . 2012-04-24 05:37 1462272 ----a-w- c:\windows\system32\crypt32.dll
2012-06-13 04:36 . 2012-04-24 05:37 184320 ----a-w- c:\windows\system32\cryptsvc.dll
2012-06-13 04:36 . 2012-04-24 05:37 140288 ----a-w- c:\windows\system32\cryptnet.dll
2012-06-13 04:36 . 2012-04-24 04:36 140288 ----a-w- c:\windows\SysWow64\cryptsvc.dll
2012-06-13 04:36 . 2012-04-24 04:36 1158656 ----a-w- c:\windows\SysWow64\crypt32.dll
2012-06-13 04:36 . 2012-04-24 04:36 103936 ----a-w- c:\windows\SysWow64\cryptnet.dll
2012-06-11 19:25 . 2012-06-11 19:25 -------- d-----w- c:\users\DJS\AppData\Local\MetaGeek,_LLC
2012-06-11 19:24 . 2012-06-11 19:24 -------- d-----w- c:\program files (x86)\MetaGeek
2012-06-11 15:59 . 2012-06-11 15:59 -------- d-----w- c:\program files\CCleaner
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2012-05-08 17:21 . 2012-01-06 15:50 85192 ----a-w- c:\windows\system32\drivers\PCTBD64.sys
2012-05-08 17:21 . 2012-01-06 15:50 149432 ----a-w- c:\windows\SGDetectionTool.dll0653.old
2012-05-08 17:21 . 2012-01-06 15:50 149432 ----a-w- c:\windows\SGDetectionTool.dll
2012-05-08 17:21 . 2012-01-06 15:50 2267064 ----a-w- c:\windows\PCTBDCore.dll0653.old
2012-05-08 17:21 . 2012-01-06 15:50 2267064 ----a-w- c:\windows\PCTBDCore.dll
2012-05-08 17:21 . 2012-01-06 15:50 1681336 ----a-w- c:\windows\PCTBDRes.dll
2012-05-08 17:21 . 2012-01-06 15:50 767928 ----a-w- c:\windows\BDTSupport.dll0653.old
2012-05-08 17:21 . 2012-01-06 15:50 767928 ----a-w- c:\windows\BDTSupport.dll
2012-05-08 16:47 . 2012-01-06 15:50 3488 ----a-w- c:\windows\UDB.zip
2012-05-08 16:47 . 2012-01-06 15:50 131 ----a-w- c:\windows\IDB.zip
2012-05-05 12:35 . 2012-04-13 08:21 419488 ----a-w- c:\windows\SysWow64\FlashPlayerApp.exe
2012-05-05 12:35 . 2011-12-20 16:55 70304 ----a-w- c:\windows\SysWow64\FlashPlayerCPLApp.cpl
2012-05-05 12:35 . 2012-04-13 08:35 8744608 ----a-w- c:\windows\SysWow64\FlashPlayerInstaller.exe
2012-04-22 11:07 . 2012-04-22 11:07 2301208 ----a-w- c:\programdata\Microsoft\eHome\Packages\MCEClientUX\UpdateableMarkup\markup .dll
2012-04-22 11:07 . 2012-04-22 11:07 42776 ----a-w- c:\programdata\Microsoft\eHome\Packages\MCEClientUX\dSM\StartResources.dll
2012-04-22 11:06 . 2012-04-22 11:06 710992 ----a-w- c:\programdata\Microsoft\eHome\Packages\MCESpotlight\MCESpotlight\Spotlight Resources.dll
2012-03-30 11:35 . 2012-05-09 06:41 1918320 ----a-w- c:\windows\system32\drivers\tcpip.sys
.
.
((((((((((((((((((((((((((((( SnapShot@2012-06-21_11.25.40 )))))))))))))))))))))))))))))))))))))))))
.
+ 2009-07-14 04:54 . 2012-06-21 18:03 16384 c:\windows\SysWOW64\config\systemprofile\AppData\Roaming\Microsoft\Windows\ Cookies\index.dat
- 2009-07-14 04:54 . 2012-06-21 11:25 16384 c:\windows\SysWOW64\config\systemprofile\AppData\Roaming\Microsoft\Windows\ Cookies\index.dat
- 2009-07-14 04:54 . 2012-06-21 08:55 65536 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\Hi story\History.IE5\index.dat
+ 2009-07-14 04:54 . 2012-06-21 18:03 65536 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\Hi story\History.IE5\index.dat
+ 2010-11-21 03:09 . 2012-06-21 11:36 33280 c:\windows\system32\wdi\ShutdownPerformanceDiagnostics_SystemData.bin
+ 2009-07-14 05:10 . 2012-06-21 17:37 34088 c:\windows\system32\wdi\BootPerformanceDiagnostics_SystemData.bin
+ 2012-03-02 13:59 . 2012-06-21 11:33 3032 c:\windows\system32\wdi\ERCQueuedResolutions.dat
+ 2012-01-06 14:48 . 2012-06-21 17:37 8796 c:\windows\system32\wdi\{86432a0b-3c7d-4ddf-a89c-172faa90485d}\S-1-5-21-1482461076-1701952276-2842015750-1000_UserData.bin
- 2012-06-21 11:25 . 2012-06-21 11:25 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive1.dat
+ 2012-06-21 18:03 . 2012-06-21 18:03 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive1.dat
- 2012-06-21 11:25 . 2012-06-21 11:25 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive0.dat
+ 2012-06-21 18:03 . 2012-06-21 18:03 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive0.dat
+ 2009-07-14 04:54 . 2012-06-21 18:03 999424 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\Te mporary Internet Files\Content.IE5\index.dat
- 2009-07-14 04:54 . 2012-06-21 08:55 999424 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\Te mporary Internet Files\Content.IE5\index.dat
- 2009-07-14 05:01 . 2012-06-21 11:22 440268 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-System.dat
+ 2009-07-14 05:01 . 2012-06-21 18:02 440268 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-System.dat
+ 2012-01-06 16:37 . 2012-06-21 18:02 11954404 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-S-1-5-21-1482461076-1701952276-2842015750-1000-8192.dat
- 2012-01-06 16:37 . 2012-06-21 11:22 11954404 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-S-1-5-21-1482461076-1701952276-2842015750-1000-8192.dat
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Sidebar"="c:\program files\Windows Sidebar\sidebar.exe" [2010-11-21 1475584]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Ru n]
"HP Software Update"="c:\program files (x86)\HP\HP Software Update\HPWuSchd2.exe" [2008-12-08 54576]
"Easybits Recovery"="c:\program files (x86)\EasyBits For Kids\ezRecover.exe" [2011-05-17 61112]
"PDF Complete"="c:\program files (x86)\PDF Complete\pdfsty.exe" [2011-05-06 658424]
"SunJavaUpdateSched"="c:\program files (x86)\Common Files\Java\Java Update\jusched.exe" [2010-05-14 248552]
"APSDaemon"="c:\program files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe" [2011-11-01 59240]
"iTunesHelper"="c:\program files (x86)\iTunes\iTunesHelper.exe" [2011-12-08 421736]
"RIMBBLaunchAgent.exe"="c:\program files (x86)\Common Files\Research In Motion\USB Drivers\RIMBBLaunchAgent.exe" [2011-11-02 90448]
"Adobe ARM"="c:\program files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2012-01-03 843712]
"FileZilla Server Interface"="c:\program files (x86)\FileZilla Server\FileZilla Server Interface.exe" [2011-10-23 1044992]
"Logan_S2P"="c:\program files (x86)\Samsung\Samsung SCX-4500 Series\SPanel\PSU\Scan2pc.exe" [2007-06-10 253952]
"Samsung PanelMgr"="c:\windows\Samsung\PanelMgr\SSMMgr.exe" [2007-07-05 520192]
"InstaLAN"="c:\program files (x86)\Belkin\Router Setup and Monitor\BelkinRouterMonitor.exe" [2011-05-27 2015136]
"ISTray"="c:\program files (x86)\PC Tools\PC Tools Security\pctsGui.exe" [2012-05-11 2670520]
.
c:\users\DJS\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
OpenOffice.org 3.3.lnk - c:\program files (x86)\OpenOffice.org 3\program\quickstart.exe [2010-12-13 1198592]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\syste m]
"ConsentPromptBehaviorAdmin"= 5 (0x5)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableUIADesktopToggle"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\explo rer]
"EnableShellExecuteHooks"= 1 (0x1)
.
[hkey_local_machine\software\Wow6432Node\microsoft\windows\currentversion\ex plorer\ShellExecuteHooks]
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\drivers32]
"aux"=wdmaud.drv
.
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\session manager]
BootExecute REG_MULTI_SZ autocheck autochk *\0\0sdnclean64.exe\0lsdelete
.
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
Security Packages REG_MULTI_SZ kerberos msv1_0 schannel wdigest tspkg pku2u livessp
.
R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-03-18 138576]
R2 gupdate;Google Update Service (gupdate);c:\program files (x86)\Google\Update\GoogleUpdate.exe [2012-03-25 116648]
R2 HP Support Assistant Service;HP Support Assistant Service;c:\program files (x86)\Hewlett-Packard\HP Support Framework\hpsa_service.exe [2011-06-09 85560]
R2 SkypeUpdate;Skype Updater;c:\program files (x86)\Skype\Updater\Updater.exe [2012-02-29 158856]
R3 AdobeFlashPlayerUpdateSvc;Adobe Flash Player Update Service;c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-05-05 257696]
R3 BBSvc;Bing Bar Update Service;c:\program files (x86)\Microsoft\BingBar\BBSvc.EXE [2011-03-02 183560]
R3 dg_ssudbus;SAMSUNG Mobile USB Composite Device Driver (DEVGURU Ver.);c:\windows\system32\DRIVERS\ssudbus.sys [x]
R3 GamesAppService;GamesAppService;c:\program files (x86)\WildTangent Games\App\GamesAppService.exe [2010-10-12 206072]
R3 gupdatem;Google Update Service (gupdatem);c:\program files (x86)\Google\Update\GoogleUpdate.exe [2012-03-25 116648]
R3 Impcd;Impcd;c:\windows\system32\drivers\Impcd.sys [x]
R3 Lavasoft Kernexplorer;Lavasoft helper driver;c:\program files (x86)\Lavasoft\Ad-Aware\KernExplorer64.sys [x]
R3 pmxdrv;pmxdrv;c:\windows\system32\drivers\pmxdrv.sys [x]
R3 Samsung UPD Service;Samsung UPD Service;c:\windows\System32\SUPDSvc.exe [x]
R3 ssudmdm;SAMSUNG Mobile USB Modem Drivers (DEVGURU Ver.);c:\windows\system32\DRIVERS\ssudmdm.sys [x]
R3 TfNetMon;TfNetMon;c:\windows\system32\drivers\TfNetMon.sys [x]
R3 ThreatFire;ThreatFire;c:\program files (x86)\PC Tools\PC Tools Security\TFEngine\TFService.exe service [x]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [x]
R3 TsUsbGD;Remote Desktop Generic USB Device;c:\windows\system32\drivers\TsUsbGD.sys [x]
R3 USBAAPL64;Apple Mobile USB Driver;c:\windows\system32\Drivers\usbaapl64.sys [x]
R3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\Wat\WatAdminSvc.exe [x]
R3 WDC_SAM;WD SCSI Pass Thru driver;c:\windows\system32\DRIVERS\wdcsam64.sys [x]
R4 wlcrasvc;Windows Live Mesh remote connections service;c:\program files\Windows Live\Mesh\wlcrasvc.exe [2010-09-23 57184]
S0 Lbd;Lbd;c:\windows\system32\DRIVERS\Lbd.sys [x]
S0 PCTCore;PCTools KDS;c:\windows\system32\drivers\PCTCore64.sys [x]
S0 pctDS;PC Tools Data Store;c:\windows\system32\drivers\pctDS64.sys [x]
S0 pctEFA;PC Tools Extended File Attributes;c:\windows\system32\drivers\pctEFA64.sys [x]
S0 PxHlpa64;PxHlpa64;c:\windows\System32\Drivers\PxHlpa64.sys [x]
S0 TfFsMon;TfFsMon;c:\windows\system32\drivers\TfFsMon.sys [x]
S0 TFSysMon;TFSysMon;c:\windows\system32\drivers\TfSysMon.sys [x]
S1 pctgntdi;pctgntdi;c:\windows\System32\drivers\pctgntdi64.sys [x]
S1 PCTSD;PC Tools Spyware Doctor Driver;c:\windows\system32\Drivers\PCTSD64.sys [x]
S2 AdobeActiveFileMonitor10.0;Adobe Active File Monitor V10;c:\program files (x86)\Adobe\Elements 10 Organizer\PhotoshopElementsFileAgent.exe [2011-09-01 169624]
S2 AdobeARMservice;Adobe Acrobat Update Service;c:\program files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe [2012-01-03 63928]
S2 Belkin Local Backup Service;Belkin Local Backup Service;c:\program files\Belkin\Belkin USB Print and Storage Center\BkBackupScheduler.exe [2011-04-19 181760]
S2 Belkin Network USB Helper;Belkin Network USB Helper;c:\program files\Belkin\Belkin USB Print and Storage Center\Bkapcs.exe [2010-02-09 55296]
S2 Browser Defender Update Service;Browser Defender Update Service;c:\program files (x86)\PC Tools\PC Tools Security\BDT\BDTUpdateService.exe [2012-05-08 575416]
S2 HPClientSvc;HP Client Services;c:\program files\Hewlett-Packard\HP Client Services\HPClientServices.exe [2010-10-11 346168]
S2 HPDrvMntSvc.exe;HP Quick Synchronization Service;c:\program files (x86)\Hewlett-Packard\Shared\HPDrvMntSvc.exe [2011-03-29 94264]
S2 jhi_service;Intel(R) Identity Protection Technology Host Interface Service;c:\program files (x86)\Intel\Services\IPT\jhi_service.exe [2011-02-24 212944]
S2 pdfcDispatcher;PDF Document Manager;c:\program files (x86)\PDF Complete\pdfsvc.exe [2011-05-06 1128952]
S2 sdAuxService;PC Tools Auxiliary Service;c:\program files (x86)\PC Tools\PC Tools Security\pctsAuxs.exe [2012-05-11 402336]
S2 SSPORT;SSPORT;c:\windows\system32\Drivers\SSPORT.sys [x]
S2 sxuptp;SXUPTP Driver;c:\windows\system32\DRIVERS\sxuptp.sys [x]
S2 UNS;Intel(R) Management and Security Application User Notification Service;c:\program files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe [2011-02-01 2656280]
S3 MEIx64;Intel(R) Management Engine Interface;c:\windows\system32\drivers\HECIx64.sys [x]
S3 PCTBD;PC Tools Browser Defender Driver;c:\windows\system32\Drivers\PCTBD64.sys [x]
S3 pctplsg;pctplsg;c:\windows\System32\drivers\pctplsg64.sys [x]
S3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\DRIVERS\Rt64win7.sys [x]
.
.
--- Other Services/Drivers In Memory ---
.
*Deregistered* - PCTSDInjDriver64
.
Contents of the 'Scheduled Tasks' folder
.
2012-06-21 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-04-13 12:35]
.
2012-06-21 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2012-03-25 10:44]
.
2012-06-21 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2012-03-25 10:44]
.
2012-06-21 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1482461076-1701952276-2842015750-1000Core.job
- c:\users\DJS\AppData\Local\Google\Update\GoogleUpdate.exe [2012-01-06 15:07]
.
2012-06-21 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1482461076-1701952276-2842015750-1000UA.job
- c:\users\DJS\AppData\Local\Google\Update\GoogleUpdate.exe [2012-01-06 15:07]
.
2012-06-19 c:\windows\Tasks\HPCeeScheduleForDJS.job
- c:\program files (x86)\Hewlett-Packard\HP Ceement\HPCEE.exe [2010-09-14 06:15]
.
.
--------- X64 Entries -----------
.
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [2011-04-25 168216]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2011-04-25 391960]
"Persistence"="c:\windows\system32\igfxpers.exe" [2011-04-25 418584]
"hpsysdrv"="c:\program files (x86)\hewlett-packard\HP odometer\hpsysdrv.exe" [2008-11-20 62768]
"AdobeAAMUpdater-1.0"="c:\program files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe" [2011-06-16 499608]
.
------- Supplementary Scan -------
.
uStart Page = https://www.google.co.uk/
uLocal Page = c:\windows\system32\blank.htm
mLocal Page = c:\windows\SysWOW64\blank.htm
uInternet Settings,ProxyOverride = *.local
IE: Add to Google Photos Screensa&ver - c:\windows\system32\GPhotos.scr/200
IE: E&xport to Microsoft Excel - c:\progra~2\MICROS~1\Office12\EXCEL.EXE/3000
LSP: c:\program files (x86)\Common Files\PC Tools\Lsp\PCTLsp.dll
TCP: DhcpNameServer = 192.168.1.254
FF - ProfilePath - c:\users\DJS\AppData\Roaming\Mozilla\Firefox\Profiles\r62uapco.default\
FF - prefs.js: browser.startup.homepage - hxxps://login.yahoo.com/config/login_verify2?.intl=uk&.partner=bt-1&.done=http%3a//bt.yahoo.com/%3f
FF - user.js: extentions.y2layers.installId - 420efbda-25ed-4ace-87e1-9a3cfb51791b
FF - user.js: extentions.y2layers.defaultEnableAppsList - DropDownDeals,BestVideoDownloader,EzLooker,TwitTube,TopRelatedTopics,Buzzdo ck,
FF - user.js: security.csp.enable - false
FF - user.js: extensions.autoDisableScopes - 14//iBryte
.
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\pdfcDispatcher]
"ImagePath"="c:\program files (x86)\PDF Complete\pdfsvc.exe /startedbyscm:66B66708-40E2BE4D-pdfcService"
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_ 2_202_235_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\LocalServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_2_202_235_ActiveX .exe"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Shockwave Flash Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_2_202_235.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]
@="0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]
@="ShockwaveFlash.ShockwaveFlash.11"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_2_202_235.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="ShockwaveFlash.ShockwaveFlash"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Macromedia Flash Factory Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_2_202_235.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]
@="FlashFactory.FlashFactory.1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_2_202_235.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="FlashFactory.FlashFactory"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}]
@Denied: (A 2) (Everyone)
@="IFlashBroker4"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0001\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0002\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
------------------------ Other Running Processes ------------------------
.
c:\program files (x86)\Belkin\Router Setup and Monitor\BelkinService.exe
c:\program files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
c:\windows\SysWOW64\ezSharedSvcHost.exe
c:\program files (x86)\FileZilla Server\FileZilla Server.exe
c:\program files (x86)\PC Tools\PC Tools Security\pctsSvc.exe
c:\program files (x86)\Microsoft\BingBar\SeaPort.EXE
c:\program files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
c:\windows\SysWOW64\ezScrSvr.scr
.
**************************************************************************
.
Completion time: 2012-06-21 19:07:29 - machine was rebooted
ComboFix-quarantined-files.txt 2012-06-21 18:07
ComboFix2.txt 2012-06-21 17:33
ComboFix3.txt 2012-06-21 11:29
.
Pre-Run: 703,700,324,352 bytes free
Post-Run: 703,607,193,600 bytes free
.
- - End Of File - - 87A359C88406BB9680847B2282BEF917
Sandy379's Avatar
Sandy379 Sandy379 is offline
Computer Specs
Member with 15 posts.
THREAD STARTER
 
Join Date: Jun 2012
Experience: Intermediate
21-Jun-2012, 02:52 PM #10
OTS report attached.
Attachment Blocked
Attachments in the HJT forum are often designed to solve a specific issue and not meant to be used without instructions specific to your computer. If you want help specific to your computer, please post a HiJackThis Log. If you started this thread, please make sure you are logged in to be able to view attachments.
dvk01's Avatar
dvk01   (Derek) dvk01 is online now dvk01 is authorized to help remove malware.
Moderator & Malware Removal Specialist with 45,906 posts.
 
Join Date: Dec 2002
Location: Loughton, Essex, UK
21-Jun-2012, 03:21 PM #11
Start OTS. Copy/Paste the information in the Code box below into the pane where it says "Paste fix here" and then click the Run Fix button.


Code:
[Unregister Dlls]
[Registry - All]
< Internet Explorer Settings [HKEY_LOCAL_MACHINE\] > -> 
YN -> HKEY_LOCAL_MACHINE\: Main\\"bProtector Start Page" -> http://www.goonsearch.com/?source=IBR-IB-PDP-INS-HP
< FireFox Extensions [User Folders] > -> 
YY -> ~EmptyValue -> C:\Users\DJS\AppData\Roaming\Mozilla\Firefox\Profiles\r62uapco.default\extensions\plugin@yontoo.com
< FireFox Extensions [Program Folders] > -> 
YY -> Yontoo -> C:\USERS\DJS\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\R62UAPCO.DEFAULT\EXTENSIONS\PLUGIN@YONTOO.COM
[Registry - Additional Scans - Safe List]
< 64bit-Uninstall List [HKEY_LOCAL_MACHINE\] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\
YN -> {889DF117-14D1-44EE-9F31-C5FB5D47F68B} -> Yontoo 1.10.02
< Uninstall List [HKEY_LOCAL_MACHINE\] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\
YN -> file2linkib -> File2LinkIB
[Files/Folders - Created Within 90 Days]
NY ->  IBUpdaterService -> C:\ProgramData\IBUpdaterService
[File - Lop Check]
NY ->  OpenCandy -> C:\Users\DJS\AppData\Roaming\OpenCandy

The fix should only take a very short time. When the fix is completed a message box will popup telling you that it is finished. CLick the Ok button and Notepad will open with a log of actions taken during the fix. Post that information back here .

I will review the information when it comes back in.

Also let me know of any problems you encountered performing the steps above or any continuing problems you are still having with the computer.
Sandy379's Avatar
Sandy379 Sandy379 is offline
Computer Specs
Member with 15 posts.
THREAD STARTER
 
Join Date: Jun 2012
Experience: Intermediate
21-Jun-2012, 03:50 PM #12
No problems with process but goonsearch still there when chrome is launched.

GoogleUpdateTaskUserS-1-5-21-1482461076-1701952276-2842015750-1000UA.job -> C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-1482461076-1701952276-2842015750-1000UA.job -> [2012/06/21 21:44:27 | 000,000,900 | ---- | M] ()
Adobe Flash Player Updater.job -> C:\Windows\tasks\Adobe Flash Player Updater.job -> [2012/06/21 21:44:27 | 000,000,830 | ---- | M] ()
OTS.zip -> C:\Users\DJS\Desktop\OTS.zip -> [2012/06/21 20:51:02 | 000,056,372 | ---- | M] ()
GoogleUpdateTaskMachineUA.job -> C:\Windows\tasks\GoogleUpdateTaskMachineUA.job -> [2012/06/21 20:49:04 | 000,000,892 | ---- | M] ()
7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0 -> C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0 -> [2012/06/21 19:18:10 | 000,024,608 | -H-- | M] ()
7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0 -> C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0 -> [2012/06/21 19:18:10 | 000,024,608 | -H-- | M] ()
GoogleUpdateTaskMachineCore.job -> C:\Windows\tasks\GoogleUpdateTaskMachineCore.job -> [2012/06/21 19:10:51 | 000,000,888 | ---- | M] ()
hiberfil.sys -> C:\hiberfil.sys -> [2012/06/21 19:10:47 | 3146,366,976 | -HS- | M] ()
hosts -> C:\Windows\SysNative\drivers\etc\hosts -> [2012/06/21 19:04:12 | 000,000,027 | ---- | M] ()
Sandy123.exe -> C:\Users\DJS\Desktop\Sandy123.exe -> [2012/06/21 18:48:24 | 004,564,664 | R--- | M] (Swearware)
GoogleUpdateTaskUserS-1-5-21-1482461076-1701952276-2842015750-1000Core.job -> C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-1482461076-1701952276-2842015750-1000Core.job -> [2012/06/21 18:30:00 | 000,000,848 | ---- | M] ()
Cat.DB -> C:\Windows\SysNative\drivers\Cat.DB -> [2012/06/21 18:26:06 | 001,636,353 | ---- | M] ()
Malwarebytes Anti-Malware.lnk -> C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk -> [2012/06/21 11:58:46 | 000,001,115 | ---- | M] ()
perfh009.dat -> C:\Windows\SysNative\perfh009.dat -> [2012/06/21 09:58:22 | 000,664,320 | ---- | M] ()
perfc009.dat -> C:\Windows\SysNative\perfc009.dat -> [2012/06/21 09:58:22 | 000,125,056 | ---- | M] ()
PerfStringBackup.INI -> C:\Windows\SysNative\PerfStringBackup.INI -> [2012/06/21 09:58:21 | 000,778,834 | ---- | M] ()
defogger_reenable -> C:\Users\DJS\defogger_reenable -> [2012/06/20 20:06:28 | 000,000,000 | ---- | M] ()
PC Tools Spyware Doctor with AntiVirus.lnk -> C:\Users\Public\Desktop\PC Tools Spyware Doctor with AntiVirus.lnk -> [2012/06/20 18:33:30 | 000,002,277 | ---- | M] ()
Capture.JPG -> C:\Users\DJS\Desktop\Capture.JPG -> [2012/06/20 18:03:42 | 000,069,995 | ---- | M] ()
lettertemplate-May 2011.dotx -> C:\Users\DJS\Desktop\lettertemplate-May 2011.dotx -> [2012/06/20 14:45:07 | 000,017,694 | ---- | M] ()
VLC media player.lnk -> C:\Users\Public\Desktop\VLC media player.lnk -> [2012/06/20 13:08:10 | 000,001,072 | ---- | M] ()
HPCeeScheduleForDJS.job -> C:\Windows\tasks\HPCeeScheduleForDJS.job -> [2012/06/19 09:12:29 | 000,000,324 | ---- | M] ()
LoaderBackup-(2012-06-15).bbb -> C:\Users\DJS\Documents\LoaderBackup-(2012-06-15).bbb -> [2012/06/15 12:45:39 | 001,535,341 | ---- | M] ()
FNTCACHE.DAT -> C:\Windows\SysNative\FNTCACHE.DAT -> [2012/06/15 03:18:03 | 000,443,144 | ---- | M] ()
Google Chrome.lnk -> C:\Users\DJS\Desktop\Google Chrome.lnk -> [2012/06/12 03:36:48 | 000,002,393 | ---- | M] ()
inSSIDer.lnk -> C:\Users\Public\Desktop\inSSIDer.lnk -> [2012/06/11 20:24:29 | 000,002,597 | ---- | M] ()
CCleaner.lnk -> C:\Users\Public\Desktop\CCleaner.lnk -> [2012/06/11 16:59:41 | 000,000,824 | ---- | M] ()
Picasa 3.lnk -> C:\Users\Public\Desktop\Picasa 3.lnk -> [2012/06/11 13:15:55 | 000,001,112 | ---- | M] ()
wuauclt.exe -> C:\Windows\SysNative\wuauclt.exe -> [2012/06/02 23:19:42 | 000,057,880 | ---- | M] (Microsoft Corporation)
wups2.dll -> C:\Windows\SysNative\wups2.dll -> [2012/06/02 23:19:42 | 000,044,056 | ---- | M] (Microsoft Corporation)
wucltux.dll -> C:\Windows\SysNative\wucltux.dll -> [2012/06/02 23:15:31 | 002,622,464 | ---- | M] (Microsoft Corporation)
wuwebv.dll -> C:\Windows\SysNative\wuwebv.dll -> [2012/06/02 15:19:42 | 000,186,752 | ---- | M] (Microsoft Corporation)
wuapp.exe -> C:\Windows\SysNative\wuapp.exe -> [2012/06/02 15:15:12 | 000,036,864 | ---- | M] (Microsoft Corporation)

[Files - No Company Name]
OTS.zip -> C:\Users\DJS\Desktop\OTS.zip -> [2012/06/21 20:50:34 | 000,056,372 | ---- | C] ()
PEV.exe -> C:\Windows\PEV.exe -> [2012/06/21 12:15:50 | 000,256,000 | ---- | C] ()
MBR.exe -> C:\Windows\MBR.exe -> [2012/06/21 12:15:50 | 000,208,896 | ---- | C] ()
sed.exe -> C:\Windows\sed.exe -> [2012/06/21 12:15:49 | 000,098,816 | ---- | C] ()
grep.exe -> C:\Windows\grep.exe -> [2012/06/21 12:15:49 | 000,080,412 | ---- | C] ()
zip.exe -> C:\Windows\zip.exe -> [2012/06/21 12:15:49 | 000,068,096 | ---- | C] ()
Malwarebytes Anti-Malware.lnk -> C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk -> [2012/06/21 11:58:46 | 000,001,115 | ---- | C] ()
defogger_reenable -> C:\Users\DJS\defogger_reenable -> [2012/06/20 20:06:28 | 000,000,000 | ---- | C] ()
PC Tools Spyware Doctor with AntiVirus.lnk -> C:\Users\Public\Desktop\PC Tools Spyware Doctor with AntiVirus.lnk -> [2012/06/20 18:33:30 | 000,002,277 | ---- | C] ()
Capture.JPG -> C:\Users\DJS\Desktop\Capture.JPG -> [2012/06/20 18:03:41 | 000,069,995 | ---- | C] ()
lettertemplate-May 2011.dotx -> C:\Users\DJS\Desktop\lettertemplate-May 2011.dotx -> [2012/06/20 14:45:06 | 000,017,694 | ---- | C] ()
VLC media player.lnk -> C:\Users\Public\Desktop\VLC media player.lnk -> [2012/06/20 13:08:10 | 000,001,072 | ---- | C] ()
LoaderBackup-(2012-06-15).bbb -> C:\Users\DJS\Documents\LoaderBackup-(2012-06-15).bbb -> [2012/06/15 12:45:39 | 001,535,341 | ---- | C] ()
inSSIDer.lnk -> C:\Users\Public\Desktop\inSSIDer.lnk -> [2012/06/11 20:24:29 | 000,002,597 | ---- | C] ()
CCleaner.lnk -> C:\Users\Public\Desktop\CCleaner.lnk -> [2012/06/11 16:59:41 | 000,000,824 | ---- | C] ()
Picasa 3.lnk -> C:\Users\Public\Desktop\Picasa 3.lnk -> [2012/06/11 13:15:55 | 000,001,112 | ---- | C] ()
wiainst64.exe -> C:\Windows\wiainst64.exe -> [2012/04/12 16:03:07 | 000,149,880 | ---- | C] ()
rp_stats.dat -> C:\Windows\SysWow64\rp_stats.dat -> [2012/03/09 15:15:29 | 000,000,064 | ---- | C] ()
rp_rules.dat -> C:\Windows\SysWow64\rp_rules.dat -> [2012/03/09 15:15:29 | 000,000,044 | ---- | C] ()
DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini -> C:\Users\DJS\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini -> [2012/01/20 13:49:36 | 000,005,632 | ---- | C] ()
SUPDRun.exe -> C:\Windows\SUPDRun.exe -> [2012/01/16 14:07:22 | 000,258,864 | ---- | C] ()
SmarThruOptions.xml -> C:\Users\DJS\AppData\Roaming\SmarThruOptions.xml -> [2012/01/16 11:58:00 | 000,010,262 | ---- | C] ()
SvcMan.exe -> C:\Windows\SysWow64\SvcMan.exe -> [2012/01/16 11:57:49 | 000,036,864 | ---- | C] ()
SecSNMP.dll -> C:\Windows\SysWow64\SecSNMP.dll -> [2012/01/16 11:57:38 | 000,172,032 | ---- | C] ()
Readiris.ini -> C:\Windows\Readiris.ini -> [2012/01/16 11:57:32 | 000,000,136 | ---- | C] ()
irisco32.dll -> C:\Windows\SysWow64\irisco32.dll -> [2012/01/16 11:57:30 | 000,023,040 | ---- | C] ()
ssndii.exe -> C:\Windows\ssndii.exe -> [2012/01/16 11:56:17 | 000,471,040 | ---- | C] ()
WiaInst.exe -> C:\Windows\WiaInst.exe -> [2012/01/16 11:55:17 | 000,086,016 | R--- | C] ()
protector.dll -> C:\Windows\SysWow64\protector.dll -> [2012/01/06 18:43:04 | 000,748,544 | ---- | C] ()
BDTSupport.dll0621.old -> C:\Windows\BDTSupport.dll0621.old -> [2012/01/06 16:50:38 | 000,767,952 | ---- | C] ()
BDTSupport.dll0653.old -> C:\Windows\BDTSupport.dll0653.old -> [2012/01/06 16:50:38 | 000,767,928 | ---- | C] ()
BDTSupport.dll -> C:\Windows\BDTSupport.dll -> [2012/01/06 16:50:38 | 000,767,928 | ---- | C] ()
ezsidmv.dat -> C:\Windows\SysWow64\ezsidmv.dat -> [2012/01/06 15:47:33 | 000,000,048 | -H-- | C] ()
HP SimplePass 2011 -> C:\Program Files\HP SimplePass 2011 -> [2011/12/20 18:04:00 | 000,002,792 | ---- | C] ()
ezdigsgn.dat -> C:\Windows\SysWow64\ezdigsgn.dat -> [2011/12/20 17:55:30 | 000,000,196 | ---- | C] ()
igkrng600.bin -> C:\Windows\SysWow64\igkrng600.bin -> [2011/12/20 17:43:32 | 000,960,940 | ---- | C] ()
igfcg600m.bin -> C:\Windows\SysWow64\igfcg600m.bin -> [2011/12/20 17:43:31 | 000,213,332 | ---- | C] ()
igcompkrng600.bin -> C:\Windows\SysWow64\igcompkrng600.bin -> [2011/12/20 17:43:30 | 000,145,804 | ---- | C] ()
hpDSTRES.DLL -> C:\Windows\hpDSTRES.DLL -> [2011/06/21 09:07:00 | 000,007,736 | ---- | C] ()
PerfStringBackup.INI -> C:\Windows\SysWow64\PerfStringBackup.INI -> [2011/02/11 18:15:43 | 000,764,302 | ---- | C] ()

[Alternate Data Streams]
@Alternate Data Stream - 127 bytes -> C:\ProgramData\Temp:430C6D84
@Alternate Data Stream - 183 bytes -> C:\ProgramData\TempFC5A2B2
< End of report >
[/code]
dvk01's Avatar
dvk01   (Derek) dvk01 is online now dvk01 is authorized to help remove malware.
Moderator & Malware Removal Specialist with 45,906 posts.
 
Join Date: Dec 2002
Location: Loughton, Essex, UK
21-Jun-2012, 04:29 PM #13
I can't see what is causing it
I am going to ask a few others & see if we can find out where chrome keeps its settings, becasue I can't find out
Sandy379's Avatar
Sandy379 Sandy379 is offline
Computer Specs
Member with 15 posts.
THREAD STARTER
 
Join Date: Jun 2012
Experience: Intermediate
21-Jun-2012, 04:49 PM #14
Thanks
dvk01's Avatar
dvk01   (Derek) dvk01 is online now dvk01 is authorized to help remove malware.
Moderator & Malware Removal Specialist with 45,906 posts.
 
Join Date: Dec 2002
Location: Loughton, Essex, UK
22-Jun-2012, 05:26 AM #15
we can try this tool that is under development to deal with adware etc in chrome

No guarantees but it is worth a try

Please download AdwCleaner to your desktop.
  • Double click the adwcleaner.exe to run the tool.
  • Click Search.
  • When the scan finished, a notepad window will be opened.
  • Please post the contents here in your topic.
  • The logfile will also be saved in C:\AdwCleaner[R1].txt.


Note: The tool will change the Start Page to google.fr.
We will reset that after we fix it
As Seen On

BBC, Reader's Digest, PC Magazine, Today Show, Money Magazine
WELCOME TO TECH SUPPORT GUY!

Are you looking for the solution to your computer problem? Join our site today to ask your question. This site is completely free -- paid for by advertisers and donations.

If you're not already familiar with forums, watch our Welcome Guide to get started.


(clock)
THIS THREAD HAS EXPIRED.
Are you having the same problem? We have volunteers ready to answer your question, but first you'll have to join for free. Need help getting started? Check out our Welcome Guide.

Search Tech Support Guy

Find the solution to your
computer problem!




Currently Active Users Viewing This Thread: 1 (0 members and 1 guests)
 
Thread Tools


WELCOME
You Are Using: Server ID
Trusted Website Back to the Top ↑