1. Computer problem? Tech Support Guy is completely free -- paid for by advertisers and donations. Click here to join today! If you're new to Tech Support Guy, we highly recommend that you visit our Guide for New Members.

Hijacked - Goonseach?

Discussion in 'Virus & Other Malware Removal' started by Sandy379, Jun 21, 2012.

Thread Status:
Not open for further replies.
Advertisement
  1. Sandy379

    Sandy379 Thread Starter

    Joined:
    Jun 21, 2012
    Messages:
    15
    Hi,

    My PC has been hijacked with something called 'goonsearch'. When I launch Google Chrome, the 'goonsearch' page appears. It appears that I can work around this but I feel uncomfortable with what appears to be malicious software on my machine, with little or no knowledge as to what it is doing or capable of. My resident anti virus and spyware programme (Pc Tools) has failed to pick this up and cannot remove it. Nor was the Pc Tools online support able to assist. I am running Win 7 HP SP1 on a PC.

    I would be grateful for any advice or assistance in trying to resolve this. I include hijackthis log and DDS log.

    Many thanks,

    David


    Logfile of Trend Micro HijackThis v2.0.4
    Scan saved at 10:07:31, on 21/06/2012
    Platform: Windows 7 SP1 (WinNT 6.00.3505)
    MSIE: Internet Explorer v9.00 (9.00.8112.16446)
    Boot mode: Normal

    Running processes:
    C:\Program Files (x86)\Hewlett-Packard\HP Odometer\hpsysdrv.exe
    C:\Users\DJS\AppData\Local\Google\Update\GoogleUpdate.exe
    C:\Users\DJS\AppData\Local\Google\Chrome\Application\chrome.exe
    C:\Program Files (x86)\OpenOffice.org 3\program\soffice.exe
    C:\Program Files (x86)\OpenOffice.org 3\program\soffice.bin
    C:\Program Files (x86)\Hp\HP Software Update\hpwuschd2.exe
    C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
    C:\Program Files (x86)\iTunes\iTunesHelper.exe
    C:\Program Files (x86)\Common Files\Research In Motion\USB Drivers\RIMBBLaunchAgent.exe
    C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe
    C:\Program Files (x86)\Samsung\Samsung SCX-4500 Series\SPanel\PSU\Scan2pc.exe
    C:\Windows\Samsung\PanelMgr\SSMMgr.exe
    C:\Program Files (x86)\Belkin\Router Setup and Monitor\BelkinRouterMonitor.exe
    C:\Program Files (x86)\Belkin\Router Setup and Monitor\BelkinSetup.exe
    C:\Program Files (x86)\Belkin\Router Setup and Monitor\dlnaPlugin.exe
    C:\Program Files (x86)\PC Tools\PC Tools Security\pctsGui.exe
    C:\Users\DJS\AppData\Local\Google\Chrome\Application\chrome.exe
    C:\Users\DJS\AppData\Local\Google\Chrome\Application\chrome.exe
    C:\Users\DJS\AppData\Local\Google\Chrome\Application\chrome.exe
    C:\Users\DJS\AppData\Local\Google\Chrome\Application\chrome.exe
    C:\Users\DJS\AppData\Local\Google\Chrome\Application\chrome.exe
    C:\Users\DJS\AppData\Local\Google\Chrome\Application\chrome.exe
    C:\Windows\SysWOW64\rundll32.exe
    C:\Users\DJS\AppData\Local\Google\Chrome\Application\chrome.exe
    C:\Users\DJS\AppData\Local\Google\Chrome\Application\chrome.exe
    C:\Users\DJS\AppData\Local\Google\Chrome\Application\chrome.exe
    C:\Users\DJS\AppData\Local\Google\Chrome\Application\chrome.exe
    C:\Users\DJS\AppData\Local\Google\Chrome\Application\chrome.exe
    C:\Users\DJS\Downloads\HijackThis (4).exe

    R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://g.uk.msn.com/HPDSK/2
    R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.google.co.uk/
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://g.uk.msn.com/HPDSK/2
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
    R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://g.uk.msn.com/HPDSK/2
    R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
    R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
    R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
    R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
    R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
    R3 - URLSearchHook: PC Tools Browser Guard - {472734EA-242A-422b-ADF8-83D1E48CC825} - C:\Program Files (x86)\PC Tools\PC Tools Security\BDT\PCTBrowserDefender.dll
    F2 - REG:system.ini: UserInit=userinit.exe,
    O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
    O2 - BHO: Browser Guard BHO - {2A0F3D1B-0909-4FF4-B272-609CCE6054E7} - C:\Program Files (x86)\PC Tools\PC Tools Security\BDT\PCTBrowserDefender.dll
    O2 - BHO: PlayBryte BHO - {61e0ef7a-9bc0-45ea-9b2f-f3e9f02692bd} - mscoree.dll (file missing)
    O2 - BHO: Windows Live ID Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
    O2 - BHO: SkypeIEPluginBHO - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
    O2 - BHO: File2LinkIB - {c23b756a-bd9f-4ca6-aded-17ab8ccf3e8b} - C:\Program Files (x86)\file2linkib\file2linkibX.dll
    O2 - BHO: Bing Bar Helper - {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - "C:\Program Files (x86)\Microsoft\BingBar\BingExt.dll" (file missing)
    O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll
    O2 - BHO: Yontoo Layers - {FD72061E-9FDE-484D-A58A-0BAB4151CAD8} - C:\Program Files (x86)\Yontoo\YontooIEClient.dll
    O3 - Toolbar: Bing Bar - {8dcb7100-df86-4384-8842-8fa844297b3f} - "C:\Program Files (x86)\Microsoft\BingBar\BingExt.dll" (file missing)
    O3 - Toolbar: PC Tools Browser Guard - {472734EA-242A-422B-ADF8-83D1E48CC825} - C:\Program Files (x86)\PC Tools\PC Tools Security\BDT\PCTBrowserDefender.dll
    O3 - Toolbar: File2LinkIB - {c23b756a-bd9f-4ca6-aded-17ab8ccf3e8b} - C:\Program Files (x86)\file2linkib\file2linkibX.dll
    O3 - Toolbar: (no name) - {b278d9f8-0fa9-465e-9938-0c392605d8e3} - (no file)
    O4 - HKLM\..\Run: [HP Software Update] c:\Program Files (x86)\HP\HP Software Update\HPWuSchd2.exe
    O4 - HKLM\..\Run: [Easybits Recovery] C:\Program Files (x86)\EasyBits For Kids\ezRecover.exe
    O4 - HKLM\..\Run: [PDF Complete] C:\Program Files (x86)\PDF Complete\pdfsty.exe
    O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"
    O4 - HKLM\..\Run: [APSDaemon] "C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe"
    O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files (x86)\iTunes\iTunesHelper.exe"
    O4 - HKLM\..\Run: [RIMBBLaunchAgent.exe] C:\Program Files (x86)\Common Files\Research In Motion\USB Drivers\RIMBBLaunchAgent.exe
    O4 - HKLM\..\Run: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
    O4 - HKLM\..\Run: [FileZilla Server Interface] "C:\Program Files (x86)\FileZilla Server\FileZilla Server Interface.exe"
    O4 - HKLM\..\Run: [iBryte playbryte Desktop] C:\Program Files (x86)\iBryte\playbryte\ibrytedesktop.exe
    O4 - HKLM\..\Run: [Spybot-S&D Cleaning] "C:\Program Files (x86)\Spybot - Search & Destroy 2\SDCleaner.exe" /autoclean
    O4 - HKLM\..\Run: [Logan_S2P] C:\Program Files (x86)\Samsung\Samsung SCX-4500 Series\SPanel\PSU\Scan2pc.exe
    O4 - HKLM\..\Run: [Samsung PanelMgr] C:\Windows\Samsung\PanelMgr\SSMMgr.exe /autorun
    O4 - HKLM\..\Run: [InstaLAN] "C:\Program Files (x86)\Belkin\Router Setup and Monitor\BelkinRouterMonitor.exe" startup
    O4 - HKLM\..\Run: [ISTray] "C:\Program Files (x86)\PC Tools\PC Tools Security\pctsGui.exe" /hideGUI
    O4 - HKCU\..\Run: [Google Update] "C:\Users\DJS\AppData\Local\Google\Update\GoogleUpdate.exe" /c
    O4 - HKCU\..\Run: [Sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun
    O4 - HKCU\..\Run: [093674ECE97C7DA80BFDFDC4CF032C619BDC522D._service_run] "C:\Users\DJS\AppData\Local\Google\Chrome\Application\chrome.exe" --type=service
    O4 - Startup: OpenOffice.org 3.3.lnk = C:\Program Files (x86)\OpenOffice.org 3\program\quickstart.exe
    O8 - Extra context menu item: Add to Google Photos Screensa&ver - res://C:\Windows\system32\GPhotos.scr/200
    O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~2\MICROS~1\Office12\EXCEL.EXE/3000
    O9 - Extra button: @C:\Program Files (x86)\Windows Live\Writer\WindowsLiveWriterShortcuts.dll,-1004 - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll
    O9 - Extra 'Tools' menuitem: @C:\Program Files (x86)\Windows Live\Writer\WindowsLiveWriterShortcuts.dll,-1003 - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll
    O9 - Extra button: Skype Click to Call - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
    O9 - Extra 'Tools' menuitem: Skype Click to Call - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
    O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~2\MICROS~1\Office12\REFIEBAR.DLL
    O10 - Unknown file in Winsock LSP: c:\program files (x86)\common files\microsoft shared\windows live\wlidnsp.dll
    O10 - Unknown file in Winsock LSP: c:\program files (x86)\common files\microsoft shared\windows live\wlidnsp.dll
    O11 - Options group: [ACCELERATED_GRAPHICS] Accelerated graphics
    O18 - Protocol: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
    O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~2\COMMON~1\Skype\SKYPE4~1.DLL
    O18 - Protocol: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - C:\Program Files (x86)\Windows Live\Photo Gallery\AlbumDownloadProtocolHandler.dll
    O20 - AppInit_DLLs: protector.dll
    O23 - Service: Adobe Active File Monitor V10 (AdobeActiveFileMonitor10.0) - Adobe Systems Incorporated - C:\Program Files (x86)\Adobe\Elements 10 Organizer\PhotoshopElementsFileAgent.exe
    O23 - Service: Adobe Acrobat Update Service (AdobeARMservice) - Adobe Systems Incorporated - C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
    O23 - Service: Adobe Flash Player Update Service (AdobeFlashPlayerUpdateSvc) - Adobe Systems Incorporated - C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
    O23 - Service: AffinegyService - Affinegy, Inc. - C:\Program Files (x86)\Belkin\Router Setup and Monitor\BelkinService.exe
    O23 - Service: @%SystemRoot%\system32\Alg.exe,-112 (ALG) - Unknown owner - C:\Windows\System32\alg.exe (file missing)
    O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
    O23 - Service: Belkin Local Backup Service - Unknown owner - C:\Program Files\Belkin\Belkin USB Print and Storage Center\BkBackupScheduler.exe
    O23 - Service: Belkin Network USB Helper - Unknown owner - C:\Program Files\Belkin\Belkin USB Print and Storage Center\Bkapcs.exe
    O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
    O23 - Service: Browser Defender Update Service - Unknown owner - C:\Program Files (x86)\PC Tools\PC Tools Security\BDT\BDTUpdateService.exe
    O23 - Service: @%SystemRoot%\system32\efssvc.dll,-100 (EFS) - Unknown owner - C:\Windows\System32\lsass.exe (file missing)
    O23 - Service: Easybits Services for Windows (ezSharedSvc) - EasyBits Software AS - C:\Windows\System32\ezSharedSvcHost.exe
    O23 - Service: @%systemroot%\system32\fxsresm.dll,-118 (Fax) - Unknown owner - C:\Windows\system32\fxssvc.exe (file missing)
    O23 - Service: FileZilla Server FTP server (FileZilla Server) - FileZilla Project - C:\Program Files (x86)\FileZilla Server\FileZilla Server.exe
    O23 - Service: GamesAppService - WildTangent, Inc. - C:\Program Files (x86)\WildTangent Games\App\GamesAppService.exe
    O23 - Service: Google Update Service (gupdate) (gupdate) - Google Inc. - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
    O23 - Service: Google Update Service (gupdatem) (gupdatem) - Google Inc. - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
    O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files (x86)\Google\Common\Google Updater\GoogleUpdaterService.exe
    O23 - Service: HP Support Assistant Service - Hewlett-Packard Company - C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\hpsa_service.exe
    O23 - Service: HP Client Services (HPClientSvc) - Hewlett-Packard Company - C:\Program Files\Hewlett-Packard\HP Client Services\HPClientServices.exe
    O23 - Service: HP Quick Synchronization Service (HPDrvMntSvc.exe) - Hewlett-Packard Company - C:\Program Files (x86)\Hewlett-Packard\Shared\HPDrvMntSvc.exe
    O23 - Service: HP Software Framework Service (hpqwmiex) - Hewlett-Packard Company - C:\Program Files (x86)\Hewlett-Packard\Shared\hpqWmiEx.exe
    O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
    O23 - Service: Intel(R) Identity Protection Technology Host Interface Service (jhi_service) - Intel Corporation - C:\Program Files (x86)\Intel\Services\IPT\jhi_service.exe
    O23 - Service: @keyiso.dll,-100 (KeyIso) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
    O23 - Service: Intel(R) Management and Security Application Local Management Service (LMS) - Intel Corporation - C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
    O23 - Service: @comres.dll,-2797 (MSDTC) - Unknown owner - C:\Windows\System32\msdtc.exe (file missing)
    O23 - Service: @%SystemRoot%\System32\netlogon.dll,-102 (Netlogon) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
    O23 - Service: PDF Document Manager (pdfcDispatcher) - PDF Complete Inc - C:\Program Files (x86)\PDF Complete\pdfsvc.exe
    O23 - Service: @%systemroot%\system32\psbase.dll,-300 (ProtectedStorage) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
    O23 - Service: @%systemroot%\system32\Locator.exe,-2 (RpcLocator) - Unknown owner - C:\Windows\system32\locator.exe (file missing)
    O23 - Service: @%SystemRoot%\system32\samsrv.dll,-1 (SamSs) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
    O23 - Service: Samsung UPD Service - Unknown owner - C:\Windows\System32\SUPDSvc.exe (file missing)
    O23 - Service: PC Tools Auxiliary Service (sdAuxService) - PC Tools - C:\Program Files (x86)\PC Tools\PC Tools Security\pctsAuxs.exe
    O23 - Service: PC Tools Security Service (sdCoreService) - PC Tools - C:\Program Files (x86)\PC Tools\PC Tools Security\pctsSvc.exe
    O23 - Service: Skype Updater (SkypeUpdate) - Skype Technologies - C:\Program Files (x86)\Skype\Updater\Updater.exe
    O23 - Service: @%SystemRoot%\system32\snmptrap.exe,-3 (SNMPTRAP) - Unknown owner - C:\Windows\System32\snmptrap.exe (file missing)
    O23 - Service: @%systemroot%\system32\spoolsv.exe,-1 (Spooler) - Unknown owner - C:\Windows\System32\spoolsv.exe (file missing)
    O23 - Service: @%SystemRoot%\system32\sppsvc.exe,-101 (sppsvc) - Unknown owner - C:\Windows\system32\sppsvc.exe (file missing)
    O23 - Service: ThreatFire - PC Tools - C:\Program Files (x86)\PC Tools\PC Tools Security\TFEngine\TFService.exe
    O23 - Service: @%SystemRoot%\system32\ui0detect.exe,-101 (UI0Detect) - Unknown owner - C:\Windows\system32\UI0Detect.exe (file missing)
    O23 - Service: Intel(R) Management and Security Application User Notification Service (UNS) - Intel Corporation - C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe
    O23 - Service: @%SystemRoot%\system32\vaultsvc.dll,-1003 (VaultSvc) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
    O23 - Service: @%SystemRoot%\system32\vds.exe,-100 (vds) - Unknown owner - C:\Windows\System32\vds.exe (file missing)
    O23 - Service: @%systemroot%\system32\vssvc.exe,-102 (VSS) - Unknown owner - C:\Windows\system32\vssvc.exe (file missing)
    O23 - Service: @%SystemRoot%\system32\Wat\WatUX.exe,-601 (WatAdminSvc) - Unknown owner - C:\Windows\system32\Wat\WatAdminSvc.exe (file missing)
    O23 - Service: @%systemroot%\system32\wbengine.exe,-104 (wbengine) - Unknown owner - C:\Windows\system32\wbengine.exe (file missing)
    O23 - Service: @%Systemroot%\system32\wbem\wmiapsrv.exe,-110 (wmiApSrv) - Unknown owner - C:\Windows\system32\wbem\WmiApSrv.exe (file missing)
    O23 - Service: @%PROGRAMFILES%\Windows Media Player\wmpnetwk.exe,-101 (WMPNetworkSvc) - Unknown owner - C:\Program Files (x86)\Windows Media Player\wmpnetwk.exe (file missing)

    --
    End of file - 15631 bytes

    DDS
    DDS (Ver_2011-08-26.01) - NTFSAMD64
    Internet Explorer: 9.0.8112.16421
    Run by DJS at 10:21:23 on 2012-06-21
    Microsoft Windows 7 Home Premium 6.1.7601.1.1252.44.1033.18.4001.1657 [GMT 1:00]
    .
    AV: PC Tools Spyware Doctor with AntiVirus *Enabled/Updated* {2F668A56-D5E0-2DF1-A0AE-CB1284F42AB2}
    SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
    SP: PC Tools Spyware Doctor with AntiVirus *Enabled/Updated* {94076BB2-F3DA-227F-9A1E-F060FF73600F}
    .
    ============== Running Processes ===============
    .
    C:\Windows\system32\wininit.exe
    C:\Windows\system32\lsm.exe
    C:\Windows\system32\svchost.exe -k DcomLaunch
    C:\Windows\system32\svchost.exe -k RPCSS
    C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
    C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
    C:\Windows\system32\svchost.exe -k netsvcs
    C:\Windows\system32\svchost.exe -k LocalService
    C:\Windows\system32\svchost.exe -k NetworkService
    C:\Windows\System32\spoolsv.exe
    C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
    C:\Windows\system32\Dwm.exe
    C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
    C:\Windows\Explorer.EXE
    C:\Program Files (x86)\Belkin\Router Setup and Monitor\BelkinService.exe
    C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
    C:\Program Files\Belkin\Belkin USB Print and Storage Center\BkBackupScheduler.exe
    C:\Program Files\Belkin\Belkin USB Print and Storage Center\Bkapcs.exe
    C:\Program Files\Bonjour\mDNSResponder.exe
    C:\Program Files (x86)\PC Tools\PC Tools Security\BDT\BDTUpdateService.exe
    C:\Windows\SysWOW64\ezSharedSvcHost.exe
    C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
    C:\Program Files (x86)\FileZilla Server\FileZilla Server.exe
    C:\Program Files\Hewlett-Packard\HP Client Services\HPClientServices.exe
    C:\Program Files (x86)\Hewlett-Packard\Shared\HPDrvMntSvc.exe
    C:\Program Files (x86)\Intel\Services\IPT\jhi_service.exe
    C:\Program Files (x86)\PDF Complete\pdfsvc.exe
    C:\Program Files (x86)\PC Tools\PC Tools Security\pctsAuxs.exe
    C:\Windows\system32\taskhost.exe
    C:\Program Files (x86)\PC Tools\PC Tools Security\pctsSvc.exe
    C:\Program Files (x86)\Microsoft\BingBar\SeaPort.EXE
    C:\Windows\system32\taskeng.exe
    C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
    C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
    C:\Windows\System32\igfxtray.exe
    C:\Windows\System32\hkcmd.exe
    C:\Windows\System32\igfxpers.exe
    C:\Program Files (x86)\Hewlett-Packard\HP Odometer\hpsysdrv.exe
    C:\Users\DJS\AppData\Local\Google\Update\GoogleUpdate.exe
    C:\Program Files\Windows Sidebar\sidebar.exe
    C:\Users\DJS\AppData\Local\Google\Chrome\Application\chrome.exe
    C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
    C:\Program Files (x86)\OpenOffice.org 3\program\soffice.exe
    C:\Program Files (x86)\OpenOffice.org 3\program\soffice.bin
    C:\Program Files (x86)\Hp\HP Software Update\hpwuschd2.exe
    C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
    C:\Program Files (x86)\iTunes\iTunesHelper.exe
    C:\Program Files (x86)\Common Files\Research In Motion\USB Drivers\RIMBBLaunchAgent.exe
    C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe
    C:\Program Files (x86)\Samsung\Samsung SCX-4500 Series\SPanel\PSU\Scan2pc.exe
    C:\Windows\Samsung\PanelMgr\SSMMgr.exe
    C:\Program Files (x86)\Belkin\Router Setup and Monitor\BelkinRouterMonitor.exe
    C:\Windows\Samsung\PanelMgr\caller64.exe
    C:\Program Files\Belkin\Belkin USB Print and Storage Center\connect.exe
    C:\Program Files (x86)\Belkin\Router Setup and Monitor\BelkinSetup.exe
    C:\Program Files (x86)\Belkin\Router Setup and Monitor\dlnaPlugin.exe
    C:\Program Files (x86)\PC Tools\PC Tools Security\pctsGui.exe
    C:\Program Files\iPod\bin\iPodService.exe
    C:\Windows\system32\SearchIndexer.exe
    C:\Users\DJS\AppData\Local\Google\Chrome\Application\chrome.exe
    C:\Users\DJS\AppData\Local\Google\Chrome\Application\chrome.exe
    C:\Users\DJS\AppData\Local\Google\Chrome\Application\chrome.exe
    C:\Users\DJS\AppData\Local\Google\Chrome\Application\chrome.exe
    C:\Users\DJS\AppData\Local\Google\Chrome\Application\chrome.exe
    C:\Users\DJS\AppData\Local\Google\Chrome\Application\chrome.exe
    C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
    C:\Windows\system32\WUDFHost.exe
    C:\Windows\SysWOW64\rundll32.exe
    C:\Users\DJS\AppData\Local\Google\Chrome\Application\chrome.exe
    C:\Program Files (x86)\PC Tools\PC Tools Security\TFEngine\TFService.exe
    C:\Users\DJS\AppData\Local\Google\Chrome\Application\chrome.exe
    C:\Program Files (x86)\Adobe\Elements 10 Organizer\PhotoshopElementsFileAgent.exe
    C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\hpsa_service.exe
    C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
    C:\Windows\system32\svchost.exe -k imgsvc
    C:\Program Files\Windows Media Player\wmpnetwk.exe
    C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe
    C:\Windows\system32\wuauclt.exe
    C:\Users\DJS\AppData\Local\Google\Chrome\Application\chrome.exe
    C:\Program Files (x86)\Common Files\Java\Java Update\jucheck.exe
    C:\Users\DJS\AppData\Local\Google\Chrome\Application\chrome.exe
    C:\Users\DJS\AppData\Local\Google\Chrome\Application\chrome.exe
    C:\Windows\system32\sppsvc.exe
    C:\Program Files (x86)\Mozilla Firefox\firefox.exe
    C:\Program Files (x86)\Mozilla Firefox\plugin-container.exe
    C:\Windows\system32\SearchProtocolHost.exe
    C:\Windows\system32\SearchFilterHost.exe
    C:\Windows\system32\DllHost.exe
    C:\Windows\system32\DllHost.exe
    C:\Windows\SysWOW64\cmd.exe
    C:\Windows\system32\conhost.exe
    C:\Windows\SysWOW64\cscript.exe
    C:\Windows\system32\wbem\wmiprvse.exe
    .
    ============== Pseudo HJT Report ===============
    .
    uStart Page = https://www.google.co.uk/
    uInternet Settings,ProxyOverride = *.local
    uURLSearchHooks: PC Tools Browser Guard: {472734ea-242a-422b-adf8-83d1e48cc825} - C:\Program Files (x86)\PC Tools\PC Tools Security\BDT\PCTBrowserDefender.dll
    mWinlogon: Userinit=userinit.exe,
    BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
    BHO: PC Tools Browser Guard BHO: {2a0f3d1b-0909-4ff4-b272-609cce6054e7} - C:\Program Files (x86)\PC Tools\PC Tools Security\BDT\PCTBrowserDefender.dll
    BHO: PlayBryte BHO: {61e0ef7a-9bc0-45ea-9b2f-f3e9f02692bd} - mscoree.dll
    BHO: Windows Live ID Sign-in Helper: {9030d464-4c02-4abf-8ecc-5164760863c6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
    BHO: Skype Browser Helper: {ae805869-2e5c-4ed4-8f7b-f1f7851a4497} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
    BHO: File2LinkIB: {c23b756a-bd9f-4ca6-aded-17ab8ccf3e8b} - C:\Program Files (x86)\file2linkib\file2linkibX.dll
    BHO: Bing Bar Helper: {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - "C:\Program Files (x86)\Microsoft\BingBar\BingExt.dll"
    BHO: Java(tm) Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll
    BHO: Yontoo: {fd72061e-9fde-484d-a58a-0bab4151cad8} - C:\Program Files (x86)\Yontoo\YontooIEClient.dll
    TB: Bing Bar: {8dcb7100-df86-4384-8842-8fa844297b3f} - "C:\Program Files (x86)\Microsoft\BingBar\BingExt.dll"
    TB: PC Tools Browser Guard: {472734ea-242a-422b-adf8-83d1e48cc825} - C:\Program Files (x86)\PC Tools\PC Tools Security\BDT\PCTBrowserDefender.dll
    TB: File2LinkIB: {c23b756a-bd9f-4ca6-aded-17ab8ccf3e8b} - C:\Program Files (x86)\file2linkib\file2linkibX.dll
    TB: {b278d9f8-0fa9-465e-9938-0c392605d8e3} - No File
    uRun: [Google Update] "C:\Users\DJS\AppData\Local\Google\Update\GoogleUpdate.exe" /c
    uRun: [Sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun
    uRun: [093674ECE97C7DA80BFDFDC4CF032C619BDC522D._service_run] "C:\Users\DJS\AppData\Local\Google\Chrome\Application\chrome.exe" --type=service
    mRun: [HP Software Update] c:\Program Files (x86)\HP\HP Software Update\HPWuSchd2.exe
    mRun: [Easybits Recovery] C:\Program Files (x86)\EasyBits For Kids\ezRecover.exe
    mRun: [PDF Complete] C:\Program Files (x86)\PDF Complete\pdfsty.exe
    mRun: [SunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"
    mRun: [APSDaemon] "C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe"
    mRun: [iTunesHelper] "C:\Program Files (x86)\iTunes\iTunesHelper.exe"
    mRun: [RIMBBLaunchAgent.exe] C:\Program Files (x86)\Common Files\Research In Motion\USB Drivers\RIMBBLaunchAgent.exe
    mRun: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
    mRun: [FileZilla Server Interface] "C:\Program Files (x86)\FileZilla Server\FileZilla Server Interface.exe"
    mRun: [iBryte playbryte Desktop] C:\Program Files (x86)\iBryte\playbryte\ibrytedesktop.exe
    mRun: [Spybot-S&D Cleaning] "C:\Program Files (x86)\Spybot - Search & Destroy 2\SDCleaner.exe" /autoclean
    mRun: [Logan_S2P] C:\Program Files (x86)\Samsung\Samsung SCX-4500 Series\SPanel\PSU\Scan2pc.exe
    mRun: [Samsung PanelMgr] C:\Windows\Samsung\PanelMgr\SSMMgr.exe /autorun
    mRun: [InstaLAN] "C:\Program Files (x86)\Belkin\Router Setup and Monitor\BelkinRouterMonitor.exe" startup
    mRun: [ISTray] "C:\Program Files (x86)\PC Tools\PC Tools Security\pctsGui.exe" /hideGUI
    StartupFolder: C:\Users\DJS\AppData\Roaming\MICROS~1\Windows\STARTM~1\Programs\Startup\OPENOF~1.LNK - C:\Program Files (x86)\OpenOffice.org 3\program\quickstart.exe
    mPolicies-explorer: NoActiveDesktop = 1 (0x1)
    mPolicies-explorer: EnableShellExecuteHooks = 1 (0x1)
    mPolicies-system: ConsentPromptBehaviorAdmin = 5 (0x5)
    mPolicies-system: ConsentPromptBehaviorUser = 3 (0x3)
    mPolicies-system: EnableUIADesktopToggle = 0 (0x0)
    IE: Add to Google Photos Screensa&ver - C:\Windows\system32\GPhotos.scr/200
    IE: E&xport to Microsoft Excel - C:\PROGRA~2\MICROS~1\Office12\EXCEL.EXE/3000
    IE: {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - {5F7B1267-94A9-47F5-98DB-E99415F33AEC} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll
    IE: {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
    IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - C:\PROGRA~2\MICROS~1\Office12\REFIEBAR.DLL
    LSP: C:\Program Files (x86)\Common Files\PC Tools\Lsp\PCTLsp.dll
    DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cab
    DPF: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cab
    DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cab
    TCP: DhcpNameServer = 192.168.1.254
    TCP: Interfaces\{72C438E5-8E81-4D22-9D49-C23C1B7ADD0E} : DhcpNameServer = 192.168.1.254
    Handler: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
    Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~2\COMMON~1\Skype\SKYPE4~1.DLL
    Handler: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - C:\Program Files (x86)\Windows Live\Photo Gallery\AlbumDownloadProtocolHandler.dll
    AppInit_DLLs: protector.dll
    SEH: EasyBits ShellExecute Hook: {e54729e8-bb3d-4270-9d49-7389ea579090} - C:\Windows\SysWow64\EZUPBH~1.DLL
    BHO-X64: Adobe PDF Link Helper: {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
    BHO-X64: AcroIEHelperStub - No File
    BHO-X64: PC Tools Browser Guard BHO: {2A0F3D1B-0909-4FF4-B272-609CCE6054E7} - C:\Program Files (x86)\PC Tools\PC Tools Security\BDT\PCTBrowserDefender.dll
    BHO-X64: Browser Guard BHO - No File
    BHO-X64: PlayBryte BHO: {61e0ef7a-9bc0-45ea-9b2f-f3e9f02692bd} - mscoree.dll
    BHO-X64: Windows Live ID Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
    BHO-X64: Skype Browser Helper: {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
    BHO-X64: SkypeIEPluginBHO - No File
    BHO-X64: File2LinkIB: {c23b756a-bd9f-4ca6-aded-17ab8ccf3e8b} - C:\Program Files (x86)\file2linkib\file2linkibX.dll
    BHO-X64: File2LinkIB - No File
    BHO-X64: Bing Bar Helper: {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - "C:\Program Files (x86)\Microsoft\BingBar\BingExt.dll"
    BHO-X64: Java(tm) Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll
    BHO-X64: Yontoo: {FD72061E-9FDE-484D-A58A-0BAB4151CAD8} - C:\Program Files (x86)\Yontoo\YontooIEClient.dll
    BHO-X64: Yontoo Layers - No File
    TB-X64: Bing Bar: {8dcb7100-df86-4384-8842-8fa844297b3f} - "C:\Program Files (x86)\Microsoft\BingBar\BingExt.dll"
    TB-X64: PC Tools Browser Guard: {472734EA-242A-422B-ADF8-83D1E48CC825} - C:\Program Files (x86)\PC Tools\PC Tools Security\BDT\PCTBrowserDefender.dll
    TB-X64: File2LinkIB: {c23b756a-bd9f-4ca6-aded-17ab8ccf3e8b} - C:\Program Files (x86)\file2linkib\file2linkibX.dll
    TB-X64: {b278d9f8-0fa9-465e-9938-0c392605d8e3} - No File
    mRun-x64: [HP Software Update] c:\Program Files (x86)\HP\HP Software Update\HPWuSchd2.exe
    mRun-x64: [Easybits Recovery] C:\Program Files (x86)\EasyBits For Kids\ezRecover.exe
    mRun-x64: [PDF Complete] C:\Program Files (x86)\PDF Complete\pdfsty.exe
    mRun-x64: [SunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"
    mRun-x64: [APSDaemon] "C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe"
    mRun-x64: [iTunesHelper] "C:\Program Files (x86)\iTunes\iTunesHelper.exe"
    mRun-x64: [RIMBBLaunchAgent.exe] C:\Program Files (x86)\Common Files\Research In Motion\USB Drivers\RIMBBLaunchAgent.exe
    mRun-x64: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
    mRun-x64: [FileZilla Server Interface] "C:\Program Files (x86)\FileZilla Server\FileZilla Server Interface.exe"
    mRun-x64: [iBryte playbryte Desktop] C:\Program Files (x86)\iBryte\playbryte\ibrytedesktop.exe
    mRun-x64: [Spybot-S&D Cleaning] "C:\Program Files (x86)\Spybot - Search & Destroy 2\SDCleaner.exe" /autoclean
    mRun-x64: [Logan_S2P] C:\Program Files (x86)\Samsung\Samsung SCX-4500 Series\SPanel\PSU\Scan2pc.exe
    mRun-x64: [Samsung PanelMgr] C:\Windows\Samsung\PanelMgr\SSMMgr.exe /autorun
    mRun-x64: [InstaLAN] "C:\Program Files (x86)\Belkin\Router Setup and Monitor\BelkinRouterMonitor.exe" startup
    mRun-x64: [ISTray] "C:\Program Files (x86)\PC Tools\PC Tools Security\pctsGui.exe" /hideGUI
    AppInit_DLLs-X64: protector.dll
    SEH-X64: EasyBits ShellExecute Hook: {E54729E8-BB3D-4270-9D49-7389EA579090} - C:\Windows\SysWow64\EZUPBH~1.DLL
    .
    ================= FIREFOX ===================
    .
    FF - ProfilePath - C:\Users\DJS\AppData\Roaming\Mozilla\Firefox\Profiles\r62uapco.default\
    FF - prefs.js: browser.startup.homepage - hxxps://login.yahoo.com/config/login_verify2?.intl=uk&.partner=bt-1&.done=http%3a//bt.yahoo.com/%3f
    FF - plugin: C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll
    FF - plugin: C:\Program Files (x86)\Common Files\Research In Motion\BBWebSLLauncher\NPWebSLLauncher.dll
    FF - plugin: C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll
    FF - plugin: C:\Program Files (x86)\Google\Picasa3\npPicasa3.dll
    FF - plugin: C:\Program Files (x86)\Google\Update\1.3.21.111\npGoogleUpdate3.dll
    FF - plugin: C:\Program Files (x86)\Java\jre6\bin\new_plugin\npdeployJava1.dll
    FF - plugin: c:\Program Files (x86)\Microsoft Silverlight\4.1.10329.0\npctrlui.dll
    FF - plugin: C:\Program Files (x86)\WildTangent Games\App\BrowserIntegration\Registered\1\NP_wtapp.dll
    FF - plugin: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll
    FF - plugin: C:\Users\DJS\AppData\Local\Google\Update\1.3.21.111\npGoogleUpdate3.dll
    FF - plugin: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_2_202_235.dll
    .
    ---- FIREFOX POLICIES ----
    FF - user.js: extentions.y2layers.installId - 420efbda-25ed-4ace-87e1-9a3cfb51791b
    FF - user.js: extentions.y2layers.defaultEnableAppsList - DropDownDeals,BestVideoDownloader,EzLooker,TwitTube,TopRelatedTopics,Buzzdock,
    FF - user.js: security.csp.enable - false
    FF - user.js: extensions.autoDisableScopes - 14//iBryte
    ============= SERVICES / DRIVERS ===============
    .
    R0 Lbd;Lbd;C:\Windows\system32\DRIVERS\Lbd.sys --> C:\Windows\system32\DRIVERS\Lbd.sys [?]
    R0 PCTCore;PCTools KDS;C:\Windows\system32\drivers\PCTCore64.sys --> C:\Windows\system32\drivers\PCTCore64.sys [?]
    R0 pctDS;PC Tools Data Store;C:\Windows\system32\drivers\pctDS64.sys --> C:\Windows\system32\drivers\pctDS64.sys [?]
    R0 pctEFA;PC Tools Extended File Attributes;C:\Windows\system32\drivers\pctEFA64.sys --> C:\Windows\system32\drivers\pctEFA64.sys [?]
    R0 PxHlpa64;PxHlpa64;C:\Windows\system32\Drivers\PxHlpa64.sys --> C:\Windows\system32\Drivers\PxHlpa64.sys [?]
    R0 TfFsMon;TfFsMon;C:\Windows\system32\drivers\TfFsMon.sys --> C:\Windows\system32\drivers\TfFsMon.sys [?]
    R0 TFSysMon;TFSysMon;C:\Windows\system32\drivers\TfSysMon.sys --> C:\Windows\system32\drivers\TfSysMon.sys [?]
    R1 pctgntdi;pctgntdi;\??\C:\Windows\System32\drivers\pctgntdi64.sys --> C:\Windows\System32\drivers\pctgntdi64.sys [?]
    R1 PCTSD;PC Tools Spyware Doctor Driver;C:\Windows\system32\Drivers\PCTSD64.sys --> C:\Windows\system32\Drivers\PCTSD64.sys [?]
    R2 AdobeActiveFileMonitor10.0;Adobe Active File Monitor V10;C:\Program Files (x86)\Adobe\Elements 10 Organizer\PhotoshopElementsFileAgent.exe [2011-9-1 169624]
    R2 AdobeARMservice;Adobe Acrobat Update Service;C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe [2012-1-3 63928]
    R2 Belkin Local Backup Service;Belkin Local Backup Service;C:\Program Files\Belkin\Belkin USB Print and Storage Center\BkBackupScheduler.exe [2012-4-19 181760]
    R2 Belkin Network USB Helper;Belkin Network USB Helper;C:\Program Files\Belkin\Belkin USB Print and Storage Center\Bkapcs.exe [2012-4-19 55296]
    R2 Browser Defender Update Service;Browser Defender Update Service;C:\Program Files (x86)\PC Tools\PC Tools Security\BDT\BDTUpdateService.exe [2012-1-6 575416]
    R2 ezSharedSvc;Easybits Services for Windows;C:\Windows\System32\ezSharedSvcHost.exe [2011-12-20 514232]
    R2 HP Support Assistant Service;HP Support Assistant Service;C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\HPSA_Service.exe [2011-6-9 85560]
    R2 HPClientSvc;HP Client Services;C:\Program Files\Hewlett-Packard\HP Client Services\HPClientServices.exe [2010-10-11 346168]
    R2 HPDrvMntSvc.exe;HP Quick Synchronization Service;C:\Program Files (x86)\Hewlett-Packard\Shared\HPDrvMntSvc.exe [2011-3-29 94264]
    R2 jhi_service;Intel(R) Identity Protection Technology Host Interface Service;C:\Program Files (x86)\Intel\Services\IPT\jhi_service.exe [2011-2-24 212944]
    R2 pdfcDispatcher;PDF Document Manager;C:\Program Files (x86)\PDF Complete\pdfsvc.exe [2011-12-20 1128952]
    R2 sdAuxService;PC Tools Auxiliary Service;C:\Program Files (x86)\PC Tools\PC Tools Security\pctsAuxs.exe [2012-6-20 402336]
    R2 sdCoreService;PC Tools Security Service;C:\Program Files (x86)\PC Tools\PC Tools Security\pctsSvc.exe [2012-6-20 1118648]
    R2 SSPORT;SSPORT;\??\C:\Windows\system32\Drivers\SSPORT.sys --> C:\Windows\system32\Drivers\SSPORT.sys [?]
    R2 sxuptp;SXUPTP Driver;C:\Windows\system32\DRIVERS\sxuptp.sys --> C:\Windows\system32\DRIVERS\sxuptp.sys [?]
    R2 UNS;Intel(R) Management and Security Application User Notification Service;C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe [2011-12-20 2656280]
    R3 MEIx64;Intel(R) Management Engine Interface;C:\Windows\system32\drivers\HECIx64.sys --> C:\Windows\system32\drivers\HECIx64.sys [?]
    R3 PCTBD;PC Tools Browser Defender Driver;C:\Windows\system32\Drivers\PCTBD64.sys --> C:\Windows\system32\Drivers\PCTBD64.sys [?]
    R3 pctplsg;pctplsg;\??\C:\Windows\System32\drivers\pctplsg64.sys --> C:\Windows\System32\drivers\pctplsg64.sys [?]
    R3 RTL8167;Realtek 8167 NT Driver;C:\Windows\system32\DRIVERS\Rt64win7.sys --> C:\Windows\system32\DRIVERS\Rt64win7.sys [?]
    R3 TfNetMon;TfNetMon;\??\C:\Windows\system32\drivers\TfNetMon.sys --> C:\Windows\system32\drivers\TfNetMon.sys [?]
    R3 ThreatFire;ThreatFire;C:\Program Files (x86)\PC Tools\PC Tools Security\TFEngine\TFService.exe service --> C:\Program Files (x86)\PC Tools\PC Tools Security\TFEngine\TFService.exe service [?]
    S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]
    S2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-3-18 138576]
    S2 gupdate;Google Update Service (gupdate);C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2012-3-25 116648]
    S2 SkypeUpdate;Skype Updater;C:\Program Files (x86)\Skype\Updater\Updater.exe [2012-2-29 158856]
    S3 AdobeFlashPlayerUpdateSvc;Adobe Flash Player Update Service;C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-4-13 257696]
    S3 BBSvc;Bing Bar Update Service;C:\Program Files (x86)\Microsoft\BingBar\BBSvc.EXE [2011-3-2 183560]
    S3 dg_ssudbus;SAMSUNG Mobile USB Composite Device Driver (DEVGURU Ver.);C:\Windows\system32\DRIVERS\ssudbus.sys --> C:\Windows\system32\DRIVERS\ssudbus.sys [?]
    S3 GamesAppService;GamesAppService;C:\Program Files (x86)\WildTangent Games\App\GamesAppService.exe [2010-10-12 206072]
    S3 gupdatem;Google Update Service (gupdatem);C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2012-3-25 116648]
    S3 Impcd;Impcd;C:\Windows\system32\drivers\Impcd.sys --> C:\Windows\system32\drivers\Impcd.sys [?]
    S3 pmxdrv;pmxdrv;\??\C:\Windows\system32\drivers\pmxdrv.sys --> C:\Windows\system32\drivers\pmxdrv.sys [?]
    S3 Samsung UPD Service;Samsung UPD Service;"C:\Windows\System32\SUPDSvc.exe" --> C:\Windows\System32\SUPDSvc.exe [?]
    S3 ssudmdm;SAMSUNG Mobile USB Modem Drivers (DEVGURU Ver.);C:\Windows\system32\DRIVERS\ssudmdm.sys --> C:\Windows\system32\DRIVERS\ssudmdm.sys [?]
    S3 TsUsbFlt;TsUsbFlt;C:\Windows\system32\drivers\tsusbflt.sys --> C:\Windows\system32\drivers\tsusbflt.sys [?]
    S3 TsUsbGD;Remote Desktop Generic USB Device;C:\Windows\system32\drivers\TsUsbGD.sys --> C:\Windows\system32\drivers\TsUsbGD.sys [?]
    S3 USBAAPL64;Apple Mobile USB Driver;C:\Windows\system32\Drivers\usbaapl64.sys --> C:\Windows\system32\Drivers\usbaapl64.sys [?]
    S3 WatAdminSvc;Windows Activation Technologies Service;C:\Windows\system32\Wat\WatAdminSvc.exe --> C:\Windows\system32\Wat\WatAdminSvc.exe [?]
    S3 WDC_SAM;WD SCSI Pass Thru driver;C:\Windows\system32\DRIVERS\wdcsam64.sys --> C:\Windows\system32\DRIVERS\wdcsam64.sys [?]
    S4 wlcrasvc;Windows Live Mesh remote connections service;C:\Program Files\Windows Live\Mesh\wlcrasvc.exe [2010-9-23 57184]
    .
    =============== Created Last 30 ================
    .
    2012-06-21 06:39:43 2622464 ----a-w- C:\Windows\System32\wucltux.dll
    2012-06-21 06:39:05 36864 ----a-w- C:\Windows\System32\wuapp.exe
    2012-06-21 06:39:05 186752 ----a-w- C:\Windows\System32\wuwebv.dll
    2012-06-20 17:34:24 706776 --s---w- C:\Windows\System32\drivers\TfSysMon.sys
    2012-06-20 17:34:24 65664 --s---w- C:\Windows\System32\drivers\TfFsMon.sys
    2012-06-20 17:34:24 41968 --s---w- C:\Windows\System32\drivers\TfNetMon.sys
    2012-06-20 17:33:31 341168 ----a-w- C:\Windows\System32\drivers\pctgntdi64.sys
    2012-06-20 17:33:31 145432 ----a-w- C:\Windows\System32\drivers\pctwfpfilter64.sys
    2012-06-20 17:33:29 14776 ----a-w- C:\Windows\System32\drivers\pctBTFix64.sys
    2012-06-20 17:33:28 92896 ----a-w- C:\Windows\System32\drivers\pctplsg64.sys
    2012-06-20 17:32:34 453896 ----a-w- C:\Windows\System32\drivers\pctDS64.sys
    2012-06-20 17:32:34 1096176 ----a-w- C:\Windows\System32\drivers\pctEFA64.sys
    2012-06-20 17:32:31 426616 ----a-w- C:\Windows\System32\drivers\PCTCore64.sys
    2012-06-20 17:32:31 251528 ----a-w- C:\Windows\System32\drivers\PCTSD64.sys
    2012-06-20 15:00:50 24904 ----a-w- C:\Windows\System32\drivers\mbam.sys
    2012-06-20 15:00:50 -------- d-----w- C:\Program Files (x86)\Malwarebytes' Anti-Malware
    2012-06-20 12:07:58 -------- d-----w- C:\Program Files (x86)\VideoLAN
    2012-06-15 11:43:08 53248 ----a-r- C:\Users\DJS\AppData\Roaming\Microsoft\Installer\{9064317A-39C7-40D5-8CF5-04A254747B88}\ARPPRODUCTICON.exe
    2012-06-14 02:01:59 9216 ----a-w- C:\Windows\System32\rdrmemptylst.exe
    2012-06-14 02:01:59 77312 ----a-w- C:\Windows\System32\rdpwsx.dll
    2012-06-14 02:01:59 149504 ----a-w- C:\Windows\System32\rdpcorekmts.dll
    2012-06-14 02:01:43 209920 ----a-w- C:\Windows\System32\profsvc.dll
    2012-06-14 02:01:39 5559664 ----a-w- C:\Windows\System32\ntoskrnl.exe
    2012-06-14 02:01:38 3968368 ----a-w- C:\Windows\SysWow64\ntkrnlpa.exe
    2012-06-14 02:01:38 3913072 ----a-w- C:\Windows\SysWow64\ntoskrnl.exe
    2012-06-13 04:37:14 210944 ----a-w- C:\Windows\System32\drivers\rdpwd.sys
    2012-06-13 04:37:12 3216384 ----a-w- C:\Windows\System32\msi.dll
    2012-06-13 04:37:11 2342400 ----a-w- C:\Windows\SysWow64\msi.dll
    2012-06-13 04:37:00 1462272 ----a-w- C:\Windows\System32\crypt32.dll
    2012-06-13 04:36:59 184320 ----a-w- C:\Windows\System32\cryptsvc.dll
    2012-06-13 04:36:59 140288 ----a-w- C:\Windows\SysWow64\cryptsvc.dll
    2012-06-13 04:36:59 140288 ----a-w- C:\Windows\System32\cryptnet.dll
    2012-06-13 04:36:59 1158656 ----a-w- C:\Windows\SysWow64\crypt32.dll
    2012-06-13 04:36:58 103936 ----a-w- C:\Windows\SysWow64\cryptnet.dll
    2012-06-11 19:25:09 -------- d-----w- C:\Users\DJS\AppData\Local\MetaGeek,_LLC
    2012-06-11 19:24:28 -------- d-----w- C:\Program Files (x86)\MetaGeek
    2012-06-11 15:59:40 -------- d-----w- C:\Program Files\CCleaner
    .
    ==================== Find3M ====================
    .
    2012-05-18 02:06:48 2311680 ----a-w- C:\Windows\System32\jscript9.dll
    2012-05-18 01:59:14 1392128 ----a-w- C:\Windows\System32\wininet.dll
    2012-05-18 01:58:39 1494528 ----a-w- C:\Windows\System32\inetcpl.cpl
    2012-05-18 01:55:22 173056 ----a-w- C:\Windows\System32\ieUnatt.exe
    2012-05-18 01:51:30 2382848 ----a-w- C:\Windows\System32\mshtml.tlb
    2012-05-17 22:45:37 1800192 ----a-w- C:\Windows\SysWow64\jscript9.dll
    2012-05-17 22:35:47 1129472 ----a-w- C:\Windows\SysWow64\wininet.dll
    2012-05-17 22:35:39 1427968 ----a-w- C:\Windows\SysWow64\inetcpl.cpl
    2012-05-17 22:29:45 142848 ----a-w- C:\Windows\SysWow64\ieUnatt.exe
    2012-05-17 22:24:45 2382848 ----a-w- C:\Windows\SysWow64\mshtml.tlb
    2012-05-15 01:32:33 3146752 ----a-w- C:\Windows\System32\win32k.sys
    2012-05-08 17:21:48 85192 ----a-w- C:\Windows\System32\drivers\PCTBD64.sys
    2012-05-08 17:21:44 149432 ----a-w- C:\Windows\SGDetectionTool.dll0653.old
    2012-05-08 17:21:44 149432 ----a-w- C:\Windows\SGDetectionTool.dll
    2012-05-08 17:21:42 2267064 ----a-w- C:\Windows\PCTBDCore.dll0653.old
    2012-05-08 17:21:42 2267064 ----a-w- C:\Windows\PCTBDCore.dll
    2012-05-08 17:21:42 1681336 ----a-w- C:\Windows\PCTBDRes.dll
    2012-05-08 17:21:24 767928 ----a-w- C:\Windows\BDTSupport.dll0653.old
    2012-05-08 17:21:24 767928 ----a-w- C:\Windows\BDTSupport.dll
    2012-05-05 12:35:15 70304 ----a-w- C:\Windows\SysWow64\FlashPlayerCPLApp.cpl
    2012-05-05 12:35:15 419488 ----a-w- C:\Windows\SysWow64\FlashPlayerApp.exe
    2012-05-05 12:35:13 8744608 ----a-w- C:\Windows\SysWow64\FlashPlayerInstaller.exe
    2012-03-30 11:35:47 1918320 ----a-w- C:\Windows\System32\drivers\tcpip.sys
    .
    ============= FINISH: 10:22:20.95 ===============

    Also tried Malwarebytes before doing this. No joy. Log here.
    Malwarebytes Anti-Malware 1.61.0.1400
    www.malwarebytes.org

    Database version: v2012.06.20.06

    Windows 7 Service Pack 1 x64 NTFS
    Internet Explorer 9.0.8112.16421
    DJS :: DJS-HP [administrator]

    20/06/2012 20:39:07
    mbam-log-2012-06-20 (20-39-07).txt

    Scan type: Full scan
    Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM
    Scan options disabled: P2P
    Objects scanned: 397250
    Time elapsed: 42 minute(s), 15 second(s)

    Memory Processes Detected: 0
    (No malicious items detected)

    Memory Modules Detected: 0
    (No malicious items detected)

    Registry Keys Detected: 0
    (No malicious items detected)

    Registry Values Detected: 0
    (No malicious items detected)

    Registry Data Items Detected: 0
    (No malicious items detected)

    Folders Detected: 0
    (No malicious items detected)

    Files Detected: 0
    (No malicious items detected)

    (end)
     

    Attached Files:

  2. dvk01

    dvk01 Derek Moderator Malware Specialist

    Joined:
    Dec 14, 2002
    Messages:
    47,894
  3. Sandy379

    Sandy379 Thread Starter

    Joined:
    Jun 21, 2012
    Messages:
    15
    Unfortunately it isn't. Lots about 'goonsearch' (not on google support) when you search but little of it is productive or helpful.
     
  4. dvk01

    dvk01 Derek Moderator Malware Specialist

    Joined:
    Dec 14, 2002
    Messages:
    47,894
    Delete any existing version of ComboFix you have sitting on your desktop
    Please read and follow all these instructions very carefully
    Do not edit or remove any information or user names etc, otherwise we cannot fix the problem. If you insist on editing out anything then I will close the topic & refuse to offer any help.

    Download ComboFix from Here or Hereto your Desktop.
    As you download it rename it to username123.exe


    **Note: It is important that it is saved directly to your desktop and run from the desktop and not any other folder on your computer**
    --------------------------------------------------------------------
    1. Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.

    • Very Important! Temporarily disable your anti-virus and anti-malware real-time protection and any script blocking components of them or your firewall before performing a scan. They can interfere with ComboFix or remove some of its embedded files which may cause "unpredictable results" or stop combofix running at all
    • Click on THIS LINK to see instructions on how to temporarily disable many security programs while running combofix. The list does not cover every program. If yours is not listed and you don't know how to disable it, please ask.
    • Remember to re enable the protection again after combofix has finished
    --------------------------------------------------------------------
    2. Close any open browsers and any other programs you might have running
    Double click on renamed combofix.exe & follow the prompts.​
    If you are using windows XP It might display a pop up saying that "Recovery console is not installed, do you want to install?"
    Please select yes & let it download the files it needs to do this. Once the recovery console is installed Combofix will then offer to scan for malware. Select continue or yes.
    When finished, it will produce a report for you.
    Please post the "C:\ComboFix.txt" for further review


    ****Note: Do not mouseclick combofix's window while it's running. That may cause it to stall or freeze ****

    Note: ComboFix may reset a number of Internet Explorer's settings, including making it the default browser.
    Note: Combofix prevents autorun of ALL CDs, floppies and USB devices to assist with malware removal & increase security. If this is an issue or makes it difficult for you -- please tell us when you reply. Read HERE why we disable autoruns

    Please do not install any new programs or update anything (always allow your antivirus/antispyware to update) unless told to do so while we are fixing your problem. If combofix alerts to a new version and offers to update, please let it. It is essential we always use the latest version.

    Please tell us if it has cured the problems or if there are any outstanding issues
     
  5. Sandy379

    Sandy379 Thread Starter

    Joined:
    Jun 21, 2012
    Messages:
    15
    Thanks for the help: much appreciated.

    Run combo fix. Report below. Goonsearch still appears.


    ComboFix 12-06-21.01 - DJS 21/06/2012 12:16:57.1.4 - x64
    Microsoft Windows 7 Home Premium 6.1.7601.1.1252.44.1033.18.4001.1959 [GMT 1:00]
    Running from: c:\users\DJS\Downloads\ComboFix.exe
    AV: PC Tools Spyware Doctor with AntiVirus *Enabled/Updated* {2F668A56-D5E0-2DF1-A0AE-CB1284F42AB2}
    SP: PC Tools Spyware Doctor with AntiVirus *Enabled/Updated* {94076BB2-F3DA-227F-9A1E-F060FF73600F}
    SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
    .
    .
    ((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
    .
    .
    C:\Install.exe
    c:\program files (x86)\file2linkib
    c:\program files (x86)\file2linkib\chrome\content\lib\about.xml
    c:\program files (x86)\file2linkib\chrome\content\lib\dtxpanel.xul
    c:\program files (x86)\file2linkib\chrome\content\lib\dtxpaneltransparent.xul
    c:\program files (x86)\file2linkib\chrome\content\lib\dtxpanelwin.xul
    c:\program files (x86)\file2linkib\chrome\content\lib\dtxprefwin.xul
    c:\program files (x86)\file2linkib\chrome\content\lib\dtxtransparentwin.xul
    c:\program files (x86)\file2linkib\chrome\content\lib\dtxwin.xul
    c:\program files (x86)\file2linkib\chrome\content\lib\emailnotifierproviders.xml
    c:\program files (x86)\file2linkib\chrome\content\lib\external.js
    c:\program files (x86)\file2linkib\chrome\content\lib\neterror.xhtml
    c:\program files (x86)\file2linkib\chrome\content\lib\rsspreview.html
    c:\program files (x86)\file2linkib\chrome\content\lib\rsswin.xml
    c:\program files (x86)\file2linkib\chrome\content\lib\rsswin.xsl
    c:\program files (x86)\file2linkib\chrome\content\lib\vmncode.js
    c:\program files (x86)\file2linkib\chrome\content\lib\wmpstreamer.html
    c:\program files (x86)\file2linkib\chrome\content\modules\datastore.jsm
    c:\program files (x86)\file2linkib\chrome\content\modules\nsDragAndDrop.js
    c:\program files (x86)\file2linkib\chrome\content\neterror.xhtml
    c:\program files (x86)\file2linkib\chrome\content\newtab\images\btn_search.gif
    c:\program files (x86)\file2linkib\chrome\content\newtab\images\bullet.gif
    c:\program files (x86)\file2linkib\chrome\content\newtab\images\field_bg.gif
    c:\program files (x86)\file2linkib\chrome\content\newtab\images\powered_by_yahoo.gif
    c:\program files (x86)\file2linkib\chrome\content\newtab\newtab.html
    c:\program files (x86)\file2linkib\chrome\content\newtab\newtab_mystart.html
    c:\program files (x86)\file2linkib\chrome\content\newtab\newtab_yahoo.html
    c:\program files (x86)\file2linkib\chrome\content\preferences.xml
    c:\program files (x86)\file2linkib\chrome\content\template.xml
    c:\program files (x86)\file2linkib\chrome\content\toolbar.htm
    c:\program files (x86)\file2linkib\chrome\content\toolbar.xul
    c:\program files (x86)\file2linkib\chrome\content\vmncode.js
    c:\program files (x86)\file2linkib\chrome\content\vmnrsswin.xml
    c:\program files (x86)\file2linkib\chrome\content\widgets\net.vmn.www.Coupons_v2\.#widget.xml.1.2
    c:\program files (x86)\file2linkib\chrome\content\widgets\net.vmn.www.Coupons_v2\alert_coupon.css
    c:\program files (x86)\file2linkib\chrome\content\widgets\net.vmn.www.Coupons_v2\arrow-next-off.png
    c:\program files (x86)\file2linkib\chrome\content\widgets\net.vmn.www.Coupons_v2\arrow-next.png
    c:\program files (x86)\file2linkib\chrome\content\widgets\net.vmn.www.Coupons_v2\arrow-previous-off.png
    c:\program files (x86)\file2linkib\chrome\content\widgets\net.vmn.www.Coupons_v2\arrow-previous.png
    c:\program files (x86)\file2linkib\chrome\content\widgets\net.vmn.www.Coupons_v2\bg-coupon-blue.png
    c:\program files (x86)\file2linkib\chrome\content\widgets\net.vmn.www.Coupons_v2\bg-save.png
    c:\program files (x86)\file2linkib\chrome\content\widgets\net.vmn.www.Coupons_v2\border-radius.htc
    c:\program files (x86)\file2linkib\chrome\content\widgets\net.vmn.www.Coupons_v2\btn-getcoupon.png
    c:\program files (x86)\file2linkib\chrome\content\widgets\net.vmn.www.Coupons_v2\btn-next-blue.png
    c:\program files (x86)\file2linkib\chrome\content\widgets\net.vmn.www.Coupons_v2\btn-previous-blue.png
    c:\program files (x86)\file2linkib\chrome\content\widgets\net.vmn.www.Coupons_v2\btn-wide-close-over.png
    c:\program files (x86)\file2linkib\chrome\content\widgets\net.vmn.www.Coupons_v2\btn-wide-close.png
    c:\program files (x86)\file2linkib\chrome\content\widgets\net.vmn.www.Coupons_v2\coupon-activated.png
    c:\program files (x86)\file2linkib\chrome\content\widgets\net.vmn.www.Coupons_v2\couponTooltip.js
    c:\program files (x86)\file2linkib\chrome\content\widgets\net.vmn.www.Coupons_v2\css\dialog.css
    c:\program files (x86)\file2linkib\chrome\content\widgets\net.vmn.www.Coupons_v2\css\ie7style.css
    c:\program files (x86)\file2linkib\chrome\content\widgets\net.vmn.www.Coupons_v2\css\IE7Styles.css
    c:\program files (x86)\file2linkib\chrome\content\widgets\net.vmn.www.Coupons_v2\ico-coupon.png
    c:\program files (x86)\file2linkib\chrome\content\widgets\net.vmn.www.Coupons_v2\ico-dollar.png
    c:\program files (x86)\file2linkib\chrome\content\widgets\net.vmn.www.Coupons_v2\images\arrow-grey.png
    c:\program files (x86)\file2linkib\chrome\content\widgets\net.vmn.www.Coupons_v2\images\arrows_grey-left.gif
    c:\program files (x86)\file2linkib\chrome\content\widgets\net.vmn.www.Coupons_v2\images\arrows_grey-right.gif
    c:\program files (x86)\file2linkib\chrome\content\widgets\net.vmn.www.Coupons_v2\images\bg_top.png
    c:\program files (x86)\file2linkib\chrome\content\widgets\net.vmn.www.Coupons_v2\images\btn-back.png
    c:\program files (x86)\file2linkib\chrome\content\widgets\net.vmn.www.Coupons_v2\images\btn-getcoupon.png
    c:\program files (x86)\file2linkib\chrome\content\widgets\net.vmn.www.Coupons_v2\images\btn-search.png
    c:\program files (x86)\file2linkib\chrome\content\widgets\net.vmn.www.Coupons_v2\images\coupon-activated.png
    c:\program files (x86)\file2linkib\chrome\content\widgets\net.vmn.www.Coupons_v2\images\delete.png
    c:\program files (x86)\file2linkib\chrome\content\widgets\net.vmn.www.Coupons_v2\images\loader.gif
    c:\program files (x86)\file2linkib\chrome\content\widgets\net.vmn.www.Coupons_v2\images\save.png
    c:\program files (x86)\file2linkib\chrome\content\widgets\net.vmn.www.Coupons_v2\images\scrollb-disable.png
    c:\program files (x86)\file2linkib\chrome\content\widgets\net.vmn.www.Coupons_v2\images\scrollb-down.png
    c:\program files (x86)\file2linkib\chrome\content\widgets\net.vmn.www.Coupons_v2\images\scrollb.png
    c:\program files (x86)\file2linkib\chrome\content\widgets\net.vmn.www.Coupons_v2\images\scrollt-disable.png
    c:\program files (x86)\file2linkib\chrome\content\widgets\net.vmn.www.Coupons_v2\images\scrollt-down.png
    c:\program files (x86)\file2linkib\chrome\content\widgets\net.vmn.www.Coupons_v2\images\scrollt.png
    c:\program files (x86)\file2linkib\chrome\content\widgets\net.vmn.www.Coupons_v2\images\sprite.png
    c:\program files (x86)\file2linkib\chrome\content\widgets\net.vmn.www.Coupons_v2\images\tab-arrow-hover.png
    c:\program files (x86)\file2linkib\chrome\content\widgets\net.vmn.www.Coupons_v2\images\tab-arrow.png
    c:\program files (x86)\file2linkib\chrome\content\widgets\net.vmn.www.Coupons_v2\images\tab-off-l.png
    c:\program files (x86)\file2linkib\chrome\content\widgets\net.vmn.www.Coupons_v2\images\tab-off-l_BAK.png
    c:\program files (x86)\file2linkib\chrome\content\widgets\net.vmn.www.Coupons_v2\images\tab-off-r.png
    c:\program files (x86)\file2linkib\chrome\content\widgets\net.vmn.www.Coupons_v2\images\tab-off-r_BAK.png
    c:\program files (x86)\file2linkib\chrome\content\widgets\net.vmn.www.Coupons_v2\images\tab-on-l.png
    c:\program files (x86)\file2linkib\chrome\content\widgets\net.vmn.www.Coupons_v2\images\tab-on-r.png
    c:\program files (x86)\file2linkib\chrome\content\widgets\net.vmn.www.Coupons_v2\images\tab-over-l.png
    c:\program files (x86)\file2linkib\chrome\content\widgets\net.vmn.www.Coupons_v2\images\tab-over-r.png
    c:\program files (x86)\file2linkib\chrome\content\widgets\net.vmn.www.Coupons_v2\images\tab-white-left.png
    c:\program files (x86)\file2linkib\chrome\content\widgets\net.vmn.www.Coupons_v2\images\tab-white-mdl.png
    c:\program files (x86)\file2linkib\chrome\content\widgets\net.vmn.www.Coupons_v2\images\tab-white-right.png
    c:\program files (x86)\file2linkib\chrome\content\widgets\net.vmn.www.Coupons_v2\images\vid-bg.png
    c:\program files (x86)\file2linkib\chrome\content\widgets\net.vmn.www.Coupons_v2\index.html
    c:\program files (x86)\file2linkib\chrome\content\widgets\net.vmn.www.Coupons_v2\jquery.contextMenu.css
    c:\program files (x86)\file2linkib\chrome\content\widgets\net.vmn.www.Coupons_v2\jquery.contextMenu.js
    c:\program files (x86)\file2linkib\chrome\content\widgets\net.vmn.www.Coupons_v2\js\jquery-1.4.2.min.js
    c:\program files (x86)\file2linkib\chrome\content\widgets\net.vmn.www.Coupons_v2\js\jquery.event.wheel.js
    c:\program files (x86)\file2linkib\chrome\content\widgets\net.vmn.www.Coupons_v2\js\jquery.pagination.js
    c:\program files (x86)\file2linkib\chrome\content\widgets\net.vmn.www.Coupons_v2\js\jquery.scrollTo-min.js
    c:\program files (x86)\file2linkib\chrome\content\widgets\net.vmn.www.Coupons_v2\js\JSON.js
    c:\program files (x86)\file2linkib\chrome\content\widgets\net.vmn.www.Coupons_v2\js\listnav.js
    c:\program files (x86)\file2linkib\chrome\content\widgets\net.vmn.www.Coupons_v2\js\main.js
    c:\program files (x86)\file2linkib\chrome\content\widgets\net.vmn.www.Coupons_v2\page_white_copy.gif
    c:\program files (x86)\file2linkib\chrome\content\widgets\net.vmn.www.Coupons_v2\panel.html
    c:\program files (x86)\file2linkib\chrome\content\widgets\net.vmn.www.Coupons_v2\partner.xml
    c:\program files (x86)\file2linkib\chrome\content\widgets\net.vmn.www.Coupons_v2\placeholder-logo.png
    c:\program files (x86)\file2linkib\chrome\content\widgets\net.vmn.www.Coupons_v2\skin\css\dialog.css
    c:\program files (x86)\file2linkib\chrome\content\widgets\net.vmn.www.Coupons_v2\skin\images\bg.png
    c:\program files (x86)\file2linkib\chrome\content\widgets\net.vmn.www.Coupons_v2\skin\images\btn-disablealert-over.png
    c:\program files (x86)\file2linkib\chrome\content\widgets\net.vmn.www.Coupons_v2\skin\images\btn-disablealert.png
    c:\program files (x86)\file2linkib\chrome\content\widgets\net.vmn.www.Coupons_v2\skin\images\btn-enablealert-over.png
    c:\program files (x86)\file2linkib\chrome\content\widgets\net.vmn.www.Coupons_v2\skin\images\btn-enablealert.png
    c:\program files (x86)\file2linkib\chrome\content\widgets\net.vmn.www.Coupons_v2\skin\images\btn-help-over.png
    c:\program files (x86)\file2linkib\chrome\content\widgets\net.vmn.www.Coupons_v2\skin\images\btn-help.png
    c:\program files (x86)\file2linkib\chrome\content\widgets\net.vmn.www.Coupons_v2\skin\images\btn-managealerts-over.png
    c:\program files (x86)\file2linkib\chrome\content\widgets\net.vmn.www.Coupons_v2\skin\images\btn-managealerts.png
    c:\program files (x86)\file2linkib\chrome\content\widgets\net.vmn.www.Coupons_v2\skin\images\btn-showalert-over.png
    c:\program files (x86)\file2linkib\chrome\content\widgets\net.vmn.www.Coupons_v2\skin\images\btn-showalert.png
    c:\program files (x86)\file2linkib\chrome\content\widgets\net.vmn.www.Coupons_v2\skin\images\btn-wide-close-over.png
    c:\program files (x86)\file2linkib\chrome\content\widgets\net.vmn.www.Coupons_v2\skin\images\btn-wide-close.png
    c:\program files (x86)\file2linkib\chrome\content\widgets\net.vmn.www.Coupons_v2\skin\images\default.png
    c:\program files (x86)\file2linkib\chrome\content\widgets\net.vmn.www.Coupons_v2\skin\images\power-couponcamp.png
    c:\program files (x86)\file2linkib\chrome\content\widgets\net.vmn.www.Coupons_v2\skin\images\poweredby-couponwinner.png
    c:\program files (x86)\file2linkib\chrome\content\widgets\net.vmn.www.Coupons_v2\skin\images\transparent.gif
    c:\program files (x86)\file2linkib\chrome\content\widgets\net.vmn.www.Coupons_v2\skin\images\win-btm-left.png
    c:\program files (x86)\file2linkib\chrome\content\widgets\net.vmn.www.Coupons_v2\skin\images\win-btm-left_old.png
    c:\program files (x86)\file2linkib\chrome\content\widgets\net.vmn.www.Coupons_v2\skin\images\win-btm-mdl.png
    c:\program files (x86)\file2linkib\chrome\content\widgets\net.vmn.www.Coupons_v2\skin\images\win-btm-mdl_old.png
    c:\program files (x86)\file2linkib\chrome\content\widgets\net.vmn.www.Coupons_v2\skin\images\win-btm-right-resize.png
    c:\program files (x86)\file2linkib\chrome\content\widgets\net.vmn.www.Coupons_v2\skin\images\win-btm-right.png
    c:\program files (x86)\file2linkib\chrome\content\widgets\net.vmn.www.Coupons_v2\skin\images\win-btm-right_old.png
    c:\program files (x86)\file2linkib\chrome\content\widgets\net.vmn.www.Coupons_v2\skin\main.html
    c:\program files (x86)\file2linkib\chrome\content\widgets\net.vmn.www.Coupons_v2\skin\main.html.bak
    c:\program files (x86)\file2linkib\chrome\content\widgets\net.vmn.www.Coupons_v2\skin\scripts\defscript.js
    c:\program files (x86)\file2linkib\chrome\content\widgets\net.vmn.www.Coupons_v2\tb_icon.png
    c:\program files (x86)\file2linkib\chrome\content\widgets\net.vmn.www.Coupons_v2\widget.js
    c:\program files (x86)\file2linkib\chrome\content\widgets\net.vmn.www.Coupons_v2\widget.jsw
    c:\program files (x86)\file2linkib\chrome\content\widgets\net.vmn.www.Coupons_v2\widget.xml
    c:\program files (x86)\file2linkib\chrome\content\widgets\net.vmn.www.Coupons_v2\widget_version.txt
    c:\program files (x86)\file2linkib\chrome\content\widgets\net.vmn.www.MyStartFacebook\css\dialog.css
    c:\program files (x86)\file2linkib\chrome\content\widgets\net.vmn.www.MyStartFacebook\images\arrow-grey.png
    c:\program files (x86)\file2linkib\chrome\content\widgets\net.vmn.www.MyStartFacebook\images\arrows_grey-left.gif
    c:\program files (x86)\file2linkib\chrome\content\widgets\net.vmn.www.MyStartFacebook\images\arrows_grey-right.gif
    c:\program files (x86)\file2linkib\chrome\content\widgets\net.vmn.www.MyStartFacebook\images\back.png
    c:\program files (x86)\file2linkib\chrome\content\widgets\net.vmn.www.MyStartFacebook\images\btn-search-over.png
    c:\program files (x86)\file2linkib\chrome\content\widgets\net.vmn.www.MyStartFacebook\images\btn-search.png
    c:\program files (x86)\file2linkib\chrome\content\widgets\net.vmn.www.MyStartFacebook\images\delete.png
    c:\program files (x86)\file2linkib\chrome\content\widgets\net.vmn.www.MyStartFacebook\images\scrollb-disable.png
    c:\program files (x86)\file2linkib\chrome\content\widgets\net.vmn.www.MyStartFacebook\images\scrollb-down.png
    c:\program files (x86)\file2linkib\chrome\content\widgets\net.vmn.www.MyStartFacebook\images\scrollb.png
    c:\program files (x86)\file2linkib\chrome\content\widgets\net.vmn.www.MyStartFacebook\images\scrollt-disable.png
    c:\program files (x86)\file2linkib\chrome\content\widgets\net.vmn.www.MyStartFacebook\images\scrollt-down.png
    c:\program files (x86)\file2linkib\chrome\content\widgets\net.vmn.www.MyStartFacebook\images\scrollt.png
    c:\program files (x86)\file2linkib\chrome\content\widgets\net.vmn.www.MyStartFacebook\images\tab-arrow-hover.png
    c:\program files (x86)\file2linkib\chrome\content\widgets\net.vmn.www.MyStartFacebook\images\tab-arrow.png
    c:\program files (x86)\file2linkib\chrome\content\widgets\net.vmn.www.MyStartFacebook\images\tab-off-l.png
    c:\program files (x86)\file2linkib\chrome\content\widgets\net.vmn.www.MyStartFacebook\images\tab-off-r.png
    c:\program files (x86)\file2linkib\chrome\content\widgets\net.vmn.www.MyStartFacebook\images\tab-on-l.png
    c:\program files (x86)\file2linkib\chrome\content\widgets\net.vmn.www.MyStartFacebook\images\tab-on-r.png
    c:\program files (x86)\file2linkib\chrome\content\widgets\net.vmn.www.MyStartFacebook\images\tab-over-l.png
    c:\program files (x86)\file2linkib\chrome\content\widgets\net.vmn.www.MyStartFacebook\images\tab-over-r.png
    c:\program files (x86)\file2linkib\chrome\content\widgets\net.vmn.www.MyStartFacebook\images\tab-red-left.png
    c:\program files (x86)\file2linkib\chrome\content\widgets\net.vmn.www.MyStartFacebook\images\tab-red-mdl.png
    c:\program files (x86)\file2linkib\chrome\content\widgets\net.vmn.www.MyStartFacebook\images\tab-red-right.png
    c:\program files (x86)\file2linkib\chrome\content\widgets\net.vmn.www.MyStartFacebook\images\tab-white-left.png
    c:\program files (x86)\file2linkib\chrome\content\widgets\net.vmn.www.MyStartFacebook\images\tab-white-mdl.png
    c:\program files (x86)\file2linkib\chrome\content\widgets\net.vmn.www.MyStartFacebook\images\tab-white-right.png
    c:\program files (x86)\file2linkib\chrome\content\widgets\net.vmn.www.MyStartFacebook\images\throbber.gif
    c:\program files (x86)\file2linkib\chrome\content\widgets\net.vmn.www.MyStartFacebook\images\vid-bg.png
    c:\program files (x86)\file2linkib\chrome\content\widgets\net.vmn.www.MyStartFacebook\images\youtube.png
    c:\program files (x86)\file2linkib\chrome\content\widgets\net.vmn.www.MyStartFacebook\index.html
    c:\program files (x86)\file2linkib\chrome\content\widgets\net.vmn.www.MyStartFacebook\js\function.js
    c:\program files (x86)\file2linkib\chrome\content\widgets\net.vmn.www.MyStartFacebook\js\jquery-1.4.2.min.js
    c:\program files (x86)\file2linkib\chrome\content\widgets\net.vmn.www.MyStartFacebook\js\JSON.js
    c:\program files (x86)\file2linkib\chrome\content\widgets\net.vmn.www.MyStartFacebook\skin\css\dialog.css
    c:\program files (x86)\file2linkib\chrome\content\widgets\net.vmn.www.MyStartFacebook\skin\images\bg-facebook.png
    c:\program files (x86)\file2linkib\chrome\content\widgets\net.vmn.www.MyStartFacebook\skin\images\blank.gif
    c:\program files (x86)\file2linkib\chrome\content\widgets\net.vmn.www.MyStartFacebook\skin\images\btn-wide-close-over.png
    c:\program files (x86)\file2linkib\chrome\content\widgets\net.vmn.www.MyStartFacebook\skin\images\btn-wide-close.png
    c:\program files (x86)\file2linkib\chrome\content\widgets\net.vmn.www.MyStartFacebook\skin\images\default.png
    c:\program files (x86)\file2linkib\chrome\content\widgets\net.vmn.www.MyStartFacebook\skin\images\transparent.gif
    c:\program files (x86)\file2linkib\chrome\content\widgets\net.vmn.www.MyStartFacebook\skin\images\win-btm-left.png
    c:\program files (x86)\file2linkib\chrome\content\widgets\net.vmn.www.MyStartFacebook\skin\images\win-btm-mdl.png
    c:\program files (x86)\file2linkib\chrome\content\widgets\net.vmn.www.MyStartFacebook\skin\images\win-btm-right-resize.png
    c:\program files (x86)\file2linkib\chrome\content\widgets\net.vmn.www.MyStartFacebook\skin\images\win-btm-right.png
    c:\program files (x86)\file2linkib\chrome\content\widgets\net.vmn.www.MyStartFacebook\skin\main.html
    c:\program files (x86)\file2linkib\chrome\content\widgets\net.vmn.www.MyStartFacebook\skin\scripts\defscript.js
    c:\program files (x86)\file2linkib\chrome\content\widgets\net.vmn.www.MyStartFacebook\skin\scripts\jquery-1.4.2.min.js
    c:\program files (x86)\file2linkib\chrome\content\widgets\net.vmn.www.MyStartFacebook\tb_icon.png
    c:\program files (x86)\file2linkib\chrome\content\widgets\net.vmn.www.MyStartFacebook\widget.js
    c:\program files (x86)\file2linkib\chrome\content\widgets\net.vmn.www.MyStartFacebook\widget.xml
    c:\program files (x86)\file2linkib\chrome\content\widgets\net.vmn.www.MyStartFacebook\widget_version.txt
    c:\program files (x86)\file2linkib\chrome\content\widgets\net.vmn.www.PPCBullyIbario\tb_icon.png
    c:\program files (x86)\file2linkib\chrome\content\widgets\net.vmn.www.PPCBullyIbario\widget.jsw
    c:\program files (x86)\file2linkib\chrome\content\widgets\net.vmn.www.PPCBullyIbario\widget.xml
    c:\program files (x86)\file2linkib\chrome\content\widgets\net.vmn.www.PPCBullyIbario\widget_version
    c:\program files (x86)\file2linkib\chrome\content\widgets\net.vmn.www.RadioBeta\.#widget.xml.1.1
    c:\program files (x86)\file2linkib\chrome\content\widgets\net.vmn.www.RadioBeta\radiobeta-buffering.gif
    c:\program files (x86)\file2linkib\chrome\content\widgets\net.vmn.www.RadioBeta\radiobeta-connecting.gif
    c:\program files (x86)\file2linkib\chrome\content\widgets\net.vmn.www.RadioBeta\radiobeta-ico.png
    c:\program files (x86)\file2linkib\chrome\content\widgets\net.vmn.www.RadioBeta\radiobeta-playing.gif
    c:\program files (x86)\file2linkib\chrome\content\widgets\net.vmn.www.RadioBeta\radiobeta-stopped.png
    c:\program files (x86)\file2linkib\chrome\content\widgets\net.vmn.www.RadioBeta\radiobeta.ico
    c:\program files (x86)\file2linkib\chrome\content\widgets\net.vmn.www.RadioBeta\radiobeta.png
    c:\program files (x86)\file2linkib\chrome\content\widgets\net.vmn.www.RadioBeta\tb_icon.png
    c:\program files (x86)\file2linkib\chrome\content\widgets\net.vmn.www.RadioBeta\widget.js
    c:\program files (x86)\file2linkib\chrome\content\widgets\net.vmn.www.RadioBeta\widget.jsw
    c:\program files (x86)\file2linkib\chrome\content\widgets\net.vmn.www.RadioBeta\widget.xml
    c:\program files (x86)\file2linkib\chrome\content\widgets\net.vmn.www.YouTube_v2\css\autocomplete.css
    c:\program files (x86)\file2linkib\chrome\content\widgets\net.vmn.www.YouTube_v2\css\dialog.css
    c:\program files (x86)\file2linkib\chrome\content\widgets\net.vmn.www.YouTube_v2\images\arrow-grey.png
    c:\program files (x86)\file2linkib\chrome\content\widgets\net.vmn.www.YouTube_v2\images\arrows_grey-left.gif
    c:\program files (x86)\file2linkib\chrome\content\widgets\net.vmn.www.YouTube_v2\images\arrows_grey-right.gif
    c:\program files (x86)\file2linkib\chrome\content\widgets\net.vmn.www.YouTube_v2\images\bg.gif
    c:\program files (x86)\file2linkib\chrome\content\widgets\net.vmn.www.YouTube_v2\images\btn-search-over.png
    c:\program files (x86)\file2linkib\chrome\content\widgets\net.vmn.www.YouTube_v2\images\btn-search.png
    c:\program files (x86)\file2linkib\chrome\content\widgets\net.vmn.www.YouTube_v2\images\powered-by-youtube.gif
    c:\program files (x86)\file2linkib\chrome\content\widgets\net.vmn.www.YouTube_v2\images\tab-off-l.png
    c:\program files (x86)\file2linkib\chrome\content\widgets\net.vmn.www.YouTube_v2\images\tab-off-r.png
    c:\program files (x86)\file2linkib\chrome\content\widgets\net.vmn.www.YouTube_v2\images\tab-on-l.png
    c:\program files (x86)\file2linkib\chrome\content\widgets\net.vmn.www.YouTube_v2\images\tab-on-r.png
    c:\program files (x86)\file2linkib\chrome\content\widgets\net.vmn.www.YouTube_v2\images\tab-red-left.png
    c:\program files (x86)\file2linkib\chrome\content\widgets\net.vmn.www.YouTube_v2\images\tab-red-mdl.png
    c:\program files (x86)\file2linkib\chrome\content\widgets\net.vmn.www.YouTube_v2\images\tab-red-right.png
    c:\program files (x86)\file2linkib\chrome\content\widgets\net.vmn.www.YouTube_v2\images\tab-white-left.png
    c:\program files (x86)\file2linkib\chrome\content\widgets\net.vmn.www.YouTube_v2\images\tab-white-mdl.png
    c:\program files (x86)\file2linkib\chrome\content\widgets\net.vmn.www.YouTube_v2\images\tab-white-right.png
    c:\program files (x86)\file2linkib\chrome\content\widgets\net.vmn.www.YouTube_v2\images\throbber.gif
    c:\program files (x86)\file2linkib\chrome\content\widgets\net.vmn.www.YouTube_v2\images\vid-bg.png
    c:\program files (x86)\file2linkib\chrome\content\widgets\net.vmn.www.YouTube_v2\images\youtube.png
    c:\program files (x86)\file2linkib\chrome\content\widgets\net.vmn.www.YouTube_v2\index.html
    c:\program files (x86)\file2linkib\chrome\content\widgets\net.vmn.www.YouTube_v2\js\autocomplete.js
    c:\program files (x86)\file2linkib\chrome\content\widgets\net.vmn.www.YouTube_v2\js\jquery-1.4.3.min.js
    c:\program files (x86)\file2linkib\chrome\content\widgets\net.vmn.www.YouTube_v2\js\paginator.js
    c:\program files (x86)\file2linkib\chrome\content\widgets\net.vmn.www.YouTube_v2\js\youtube.js
    c:\program files (x86)\file2linkib\chrome\content\widgets\net.vmn.www.YouTube_v2\net.vmn.www.YouTube_v2.zip
    c:\program files (x86)\file2linkib\chrome\content\widgets\net.vmn.www.YouTube_v2\skin\css\dialog.css
    c:\program files (x86)\file2linkib\chrome\content\widgets\net.vmn.www.YouTube_v2\skin\images\bg.gif
    c:\program files (x86)\file2linkib\chrome\content\widgets\net.vmn.www.YouTube_v2\skin\images\btn-search.png
    c:\program files (x86)\file2linkib\chrome\content\widgets\net.vmn.www.YouTube_v2\skin\images\btn-wide-close-over.png
    c:\program files (x86)\file2linkib\chrome\content\widgets\net.vmn.www.YouTube_v2\skin\images\btn-wide-close.png
    c:\program files (x86)\file2linkib\chrome\content\widgets\net.vmn.www.YouTube_v2\skin\images\default.png
    c:\program files (x86)\file2linkib\chrome\content\widgets\net.vmn.www.YouTube_v2\skin\images\tab-off-l.png
    c:\program files (x86)\file2linkib\chrome\content\widgets\net.vmn.www.YouTube_v2\skin\images\tab-off-r.png
    c:\program files (x86)\file2linkib\chrome\content\widgets\net.vmn.www.YouTube_v2\skin\images\tab-on-l.png
    c:\program files (x86)\file2linkib\chrome\content\widgets\net.vmn.www.YouTube_v2\skin\images\tab-on-r.png
    c:\program files (x86)\file2linkib\chrome\content\widgets\net.vmn.www.YouTube_v2\skin\images\transparent.gif
    c:\program files (x86)\file2linkib\chrome\content\widgets\net.vmn.www.YouTube_v2\skin\images\win-btm-left.png
    c:\program files (x86)\file2linkib\chrome\content\widgets\net.vmn.www.YouTube_v2\skin\images\win-btm-mdl.png
    c:\program files (x86)\file2linkib\chrome\content\widgets\net.vmn.www.YouTube_v2\skin\images\win-btm-right-resize.png
    c:\program files (x86)\file2linkib\chrome\content\widgets\net.vmn.www.YouTube_v2\skin\images\win-btm-right.png
    c:\program files (x86)\file2linkib\chrome\content\widgets\net.vmn.www.YouTube_v2\skin\main.html
    c:\program files (x86)\file2linkib\chrome\content\widgets\net.vmn.www.YouTube_v2\skin\scripts\defscript.js
    c:\program files (x86)\file2linkib\chrome\content\widgets\net.vmn.www.YouTube_v2\tb_icon.png
    c:\program files (x86)\file2linkib\chrome\content\widgets\net.vmn.www.YouTube_v2\widget.js
    c:\program files (x86)\file2linkib\chrome\content\widgets\net.vmn.www.YouTube_v2\widget.jsw
    c:\program files (x86)\file2linkib\chrome\content\widgets\net.vmn.www.YouTube_v2\widget.xml
    c:\program files (x86)\file2linkib\chrome\content\widgets\net.vmn.www.YouTube_v2\widget_version.txt
    c:\program files (x86)\file2linkib\chrome\data\dynamicElements\vmntoolbar.xsl
    c:\program files (x86)\file2linkib\chrome\data\rss\rss.xml
    c:\program files (x86)\file2linkib\chrome\data\search\engines.xml
    c:\program files (x86)\file2linkib\chrome\data\search\search.xsl
    c:\program files (x86)\file2linkib\chrome\data\weather\icons.xml
    c:\program files (x86)\file2linkib\chrome\skin\about.gif
    c:\program files (x86)\file2linkib\chrome\skin\about_logo.png
    c:\program files (x86)\file2linkib\chrome\skin\babylon_logo.png
    c:\program files (x86)\file2linkib\chrome\skin\bluelite.gif
    c:\program files (x86)\file2linkib\chrome\skin\bluesky.gif
    c:\program files (x86)\file2linkib\chrome\skin\btn-search-over.png
    c:\program files (x86)\file2linkib\chrome\skin\btn-search.png
    c:\program files (x86)\file2linkib\chrome\skin\btn-settings-over.png
    c:\program files (x86)\file2linkib\chrome\skin\btn-settings.png
    c:\program files (x86)\file2linkib\chrome\skin\btn-widgets-over.png
    c:\program files (x86)\file2linkib\chrome\skin\btn-widgets.png
    c:\program files (x86)\file2linkib\chrome\skin\btn_settings.png
    c:\program files (x86)\file2linkib\chrome\skin\ca.png
    c:\program files (x86)\file2linkib\chrome\skin\dictionary.png
    c:\program files (x86)\file2linkib\chrome\skin\divider.png
    c:\program files (x86)\file2linkib\chrome\skin\downloadcom.png
    c:\program files (x86)\file2linkib\chrome\skin\dtxlogo.png
    c:\program files (x86)\file2linkib\chrome\skin\email.png
    c:\program files (x86)\file2linkib\chrome\skin\email_on.png
    c:\program files (x86)\file2linkib\chrome\skin\facebook.png
    c:\program files (x86)\file2linkib\chrome\skin\games.png
    c:\program files (x86)\file2linkib\chrome\skin\graphna.png
    c:\program files (x86)\file2linkib\chrome\skin\graphred0.png
    c:\program files (x86)\file2linkib\chrome\skin\graphred0_5.png
    c:\program files (x86)\file2linkib\chrome\skin\graphred1.png
    c:\program files (x86)\file2linkib\chrome\skin\graphred1_5.png
    c:\program files (x86)\file2linkib\chrome\skin\graphred2.png
    c:\program files (x86)\file2linkib\chrome\skin\graphred2_5.png
    c:\program files (x86)\file2linkib\chrome\skin\graphred3.png
    c:\program files (x86)\file2linkib\chrome\skin\graphred3_5.png
    c:\program files (x86)\file2linkib\chrome\skin\graphred4.png
    c:\program files (x86)\file2linkib\chrome\skin\graphred4_5.png
    c:\program files (x86)\file2linkib\chrome\skin\graphred5.png
    c:\program files (x86)\file2linkib\chrome\skin\graphredna.png
    c:\program files (x86)\file2linkib\chrome\skin\grey.gif
    c:\program files (x86)\file2linkib\chrome\skin\ico-shield.png
    c:\program files (x86)\file2linkib\chrome\skin\images.png
    c:\program files (x86)\file2linkib\chrome\skin\lib\add.png
    c:\program files (x86)\file2linkib\chrome\skin\lib\alexabutton.css
    c:\program files (x86)\file2linkib\chrome\skin\lib\aol.png
    c:\program files (x86)\file2linkib\chrome\skin\lib\arrow-dn.gif
    c:\program files (x86)\file2linkib\chrome\skin\lib\arrow-right-disabled.gif
    c:\program files (x86)\file2linkib\chrome\skin\lib\arrow-right.gif
    c:\program files (x86)\file2linkib\chrome\skin\lib\arrow-up.gif
    c:\program files (x86)\file2linkib\chrome\skin\lib\bg-btn-divider.png
    c:\program files (x86)\file2linkib\chrome\skin\lib\bg-btn-end.png
    c:\program files (x86)\file2linkib\chrome\skin\lib\bg-btn-mdl.png
    c:\program files (x86)\file2linkib\chrome\skin\lib\bg-btn-mdl_ff.png
    c:\program files (x86)\file2linkib\chrome\skin\lib\bg-btn-start.png
    c:\program files (x86)\file2linkib\chrome\skin\lib\bg-btnover-divider.png
    c:\program files (x86)\file2linkib\chrome\skin\lib\bg-btnover-end.png
    c:\program files (x86)\file2linkib\chrome\skin\lib\bg-btnover-mdl.png
    c:\program files (x86)\file2linkib\chrome\skin\lib\bg-btnover-mdl_ff.png
    c:\program files (x86)\file2linkib\chrome\skin\lib\bg-btnover-start.png
    c:\program files (x86)\file2linkib\chrome\skin\lib\blank.gif
    c:\program files (x86)\file2linkib\chrome\skin\lib\btn-widgets-over.png
    c:\program files (x86)\file2linkib\chrome\skin\lib\btn-widgets.png
    c:\program files (x86)\file2linkib\chrome\skin\lib\btn_slider.png
    c:\program files (x86)\file2linkib\chrome\skin\lib\btnback-down-vista.png
    c:\program files (x86)\file2linkib\chrome\skin\lib\btnback-vista.png
    c:\program files (x86)\file2linkib\chrome\skin\lib\btnleft-down-vista.png
    c:\program files (x86)\file2linkib\chrome\skin\lib\btnleft-vista.png
    c:\program files (x86)\file2linkib\chrome\skin\lib\btnright-down-vista.png
    c:\program files (x86)\file2linkib\chrome\skin\lib\btnright-vista.png
    c:\program files (x86)\file2linkib\chrome\skin\lib\button-splitter-down-vista.png
    c:\program files (x86)\file2linkib\chrome\skin\lib\button-splitter-vista.png
    c:\program files (x86)\file2linkib\chrome\skin\lib\button-splitter.png
    c:\program files (x86)\file2linkib\chrome\skin\lib\checkmark.png
    c:\program files (x86)\file2linkib\chrome\skin\lib\chevron.png
    c:\program files (x86)\file2linkib\chrome\skin\lib\collapse.png
    c:\program files (x86)\file2linkib\chrome\skin\lib\comcast.png
    c:\program files (x86)\file2linkib\chrome\skin\lib\debugbar\debug.html
    c:\program files (x86)\file2linkib\chrome\skin\lib\dtx-test.css
    c:\program files (x86)\file2linkib\chrome\skin\lib\dtx.css
    c:\program files (x86)\file2linkib\chrome\skin\lib\edit-back-hot.png
    c:\program files (x86)\file2linkib\chrome\skin\lib\edit-back.png
    c:\program files (x86)\file2linkib\chrome\skin\lib\embarq.png
    c:\program files (x86)\file2linkib\chrome\skin\lib\expand.png
    c:\program files (x86)\file2linkib\chrome\skin\lib\fast.png
    c:\program files (x86)\file2linkib\chrome\skin\lib\found.png
    c:\program files (x86)\file2linkib\chrome\skin\lib\gmail.png
    c:\program files (x86)\file2linkib\chrome\skin\lib\gripper.png
    c:\program files (x86)\file2linkib\chrome\skin\lib\highlight.png
    c:\program files (x86)\file2linkib\chrome\skin\lib\highlight_blue.png
    c:\program files (x86)\file2linkib\chrome\skin\lib\highlight_cyan.png
    c:\program files (x86)\file2linkib\chrome\skin\lib\highlight_lime.png
    c:\program files (x86)\file2linkib\chrome\skin\lib\highlight_magenta.png
    c:\program files (x86)\file2linkib\chrome\skin\lib\highlight_yellow.png
    c:\program files (x86)\file2linkib\chrome\skin\lib\hotmail.png
    c:\program files (x86)\file2linkib\chrome\skin\lib\ico-check.png
    c:\program files (x86)\file2linkib\chrome\skin\lib\imap.png
    c:\program files (x86)\file2linkib\chrome\skin\lib\lastsearch-thumb-back.gif
    c:\program files (x86)\file2linkib\chrome\skin\lib\launchers.css
    c:\program files (x86)\file2linkib\chrome\skin\lib\loadingMid.gif
    c:\program files (x86)\file2linkib\chrome\skin\lib\lock.png
    c:\program files (x86)\file2linkib\chrome\skin\lib\logo-separator.png
    c:\program files (x86)\file2linkib\chrome\skin\lib\mailcom.png
    c:\program files (x86)\file2linkib\chrome\skin\lib\menu_bg-basic.png
    c:\program files (x86)\file2linkib\chrome\skin\lib\menu_separator_bar.png
    c:\program files (x86)\file2linkib\chrome\skin\lib\menu_separator_white.png
    c:\program files (x86)\file2linkib\chrome\skin\lib\menuitem-splitter.png
    c:\program files (x86)\file2linkib\chrome\skin\lib\menuitemback-down-vista.png
    c:\program files (x86)\file2linkib\chrome\skin\lib\menuitemback-vista.png
    c:\program files (x86)\file2linkib\chrome\skin\lib\menuitemleft-down-vista.png
    c:\program files (x86)\file2linkib\chrome\skin\lib\menuitemleft-vista.png
    c:\program files (x86)\file2linkib\chrome\skin\lib\menuitemleft.png
    c:\program files (x86)\file2linkib\chrome\skin\lib\menuitemright-down-vista.png
    c:\program files (x86)\file2linkib\chrome\skin\lib\menuitemright-vista.png
    c:\program files (x86)\file2linkib\chrome\skin\lib\minus.gif
    c:\program files (x86)\file2linkib\chrome\skin\lib\modify.png
    c:\program files (x86)\file2linkib\chrome\skin\lib\move.gif
    c:\program files (x86)\file2linkib\chrome\skin\lib\movetarget.png
    c:\program files (x86)\file2linkib\chrome\skin\lib\newsitem.gif
    c:\program files (x86)\file2linkib\chrome\skin\lib\panels\css\panels.css
    c:\program files (x86)\file2linkib\chrome\skin\lib\panels\css\popupAbout.css
    c:\program files (x86)\file2linkib\chrome\skin\lib\panels\css\popupGames.css
    c:\program files (x86)\file2linkib\chrome\skin\lib\panels\css\popupRSS.css
    c:\program files (x86)\file2linkib\chrome\skin\lib\panels\css\popupWidgets.css
    c:\program files (x86)\file2linkib\chrome\skin\lib\panels\default\css\dialog.css
    c:\program files (x86)\file2linkib\chrome\skin\lib\panels\default\images\bg.gif
    c:\program files (x86)\file2linkib\chrome\skin\lib\panels\default\images\btn-search.png
    c:\program files (x86)\file2linkib\chrome\skin\lib\panels\default\images\btn-wide-close-over.png
    c:\program files (x86)\file2linkib\chrome\skin\lib\panels\default\images\btn-wide-close.png
    c:\program files (x86)\file2linkib\chrome\skin\lib\panels\default\images\default.png
    c:\program files (x86)\file2linkib\chrome\skin\lib\panels\default\images\tab-off-l.png
    c:\program files (x86)\file2linkib\chrome\skin\lib\panels\default\images\tab-off-r.png
    c:\program files (x86)\file2linkib\chrome\skin\lib\panels\default\images\tab-on-l.png
    c:\program files (x86)\file2linkib\chrome\skin\lib\panels\default\images\tab-on-r.png
    c:\program files (x86)\file2linkib\chrome\skin\lib\panels\default\images\transparent.gif
    c:\program files (x86)\file2linkib\chrome\skin\lib\panels\default\images\ttlbar-left.png
    c:\program files (x86)\file2linkib\chrome\skin\lib\panels\default\images\ttlbar-mdl.png
    c:\program files (x86)\file2linkib\chrome\skin\lib\panels\default\images\ttlbar-right.png
    c:\program files (x86)\file2linkib\chrome\skin\lib\panels\default\images\win-btm-left.png
    c:\program files (x86)\file2linkib\chrome\skin\lib\panels\default\images\win-btm-mdl.png
    c:\program files (x86)\file2linkib\chrome\skin\lib\panels\default\images\win-btm-right-resize.png
    c:\program files (x86)\file2linkib\chrome\skin\lib\panels\default\images\win-btm-right.png
    c:\program files (x86)\file2linkib\chrome\skin\lib\panels\default\images\win-left.png
    c:\program files (x86)\file2linkib\chrome\skin\lib\panels\default\images\win-right.png
    c:\program files (x86)\file2linkib\chrome\skin\lib\panels\default\main.html
    c:\program files (x86)\file2linkib\chrome\skin\lib\panels\default\scripts\defscript.js
    c:\program files (x86)\file2linkib\chrome\skin\lib\panels\footer.htm
    c:\program files (x86)\file2linkib\chrome\skin\lib\panels\gamecategory.xsl
    c:\program files (x86)\file2linkib\chrome\skin\lib\panels\gameData.js
    c:\program files (x86)\file2linkib\chrome\skin\lib\panels\gameList.xsl
    c:\program files (x86)\file2linkib\chrome\skin\lib\panels\games.xsl
    c:\program files (x86)\file2linkib\chrome\skin\lib\panels\gametype.xsl
    c:\program files (x86)\file2linkib\chrome\skin\lib\panels\images\.#btn-search-pnlbtm-over.png.1.1
    c:\program files (x86)\file2linkib\chrome\skin\lib\panels\images\.#btn-search-pnlbtm.png.1.1
    c:\program files (x86)\file2linkib\chrome\skin\lib\panels\images\arrow-dn.gif
    c:\program files (x86)\file2linkib\chrome\skin\lib\panels\images\arrow-sml-drop.png
    c:\program files (x86)\file2linkib\chrome\skin\lib\panels\images\arrow-sml.png
    c:\program files (x86)\file2linkib\chrome\skin\lib\panels\images\arrow-up.gif
    c:\program files (x86)\file2linkib\chrome\skin\lib\panels\images\arrowr-bluew5.png
    c:\program files (x86)\file2linkib\chrome\skin\lib\panels\images\bg-aboutbox.png
    c:\program files (x86)\file2linkib\chrome\skin\lib\panels\images\bg-btnover.png
    c:\program files (x86)\file2linkib\chrome\skin\lib\panels\images\bg-pnl520x390.png
    c:\program files (x86)\file2linkib\chrome\skin\lib\panels\images\btn-addtoolbar-left-over.png
    c:\program files (x86)\file2linkib\chrome\skin\lib\panels\images\btn-addtoolbar-left.png
    c:\program files (x86)\file2linkib\chrome\skin\lib\panels\images\btn-addtoolbar-right.png
    c:\program files (x86)\file2linkib\chrome\skin\lib\panels\images\btn-back.png
    c:\program files (x86)\file2linkib\chrome\skin\lib\panels\images\btn-close-grey.png
    c:\program files (x86)\file2linkib\chrome\skin\lib\panels\images\btn-close-greyover.png
    c:\program files (x86)\file2linkib\chrome\skin\lib\panels\images\btn-drag.png
    c:\program files (x86)\file2linkib\chrome\skin\lib\panels\images\btn-mdl-over.png
    c:\program files (x86)\file2linkib\chrome\skin\lib\panels\images\btn-mdl.png
    c:\program files (x86)\file2linkib\chrome\skin\lib\panels\images\btn-moredetails.png
    c:\program files (x86)\file2linkib\chrome\skin\lib\panels\images\btn-next-over.png
    c:\program files (x86)\file2linkib\chrome\skin\lib\panels\images\btn-next.png
    c:\program files (x86)\file2linkib\chrome\skin\lib\panels\images\btn-play-left-over.png
    c:\program files (x86)\file2linkib\chrome\skin\lib\panels\images\btn-play-left.png
    c:\program files (x86)\file2linkib\chrome\skin\lib\panels\images\btn-previous-over.png
    c:\program files (x86)\file2linkib\chrome\skin\lib\panels\images\btn-previous.png
    c:\program files (x86)\file2linkib\chrome\skin\lib\panels\images\btn-right-over.png
    c:\program files (x86)\file2linkib\chrome\skin\lib\panels\images\btn-search-pnlbtm-over.png
    c:\program files (x86)\file2linkib\chrome\skin\lib\panels\images\btn-search-pnlbtm.png
    c:\program files (x86)\file2linkib\chrome\skin\lib\panels\images\btn-try-left-over.png
    c:\program files (x86)\file2linkib\chrome\skin\lib\panels\images\btn-try-left.png
    c:\program files (x86)\file2linkib\chrome\skin\lib\panels\images\bullet-orange.gif
    c:\program files (x86)\file2linkib\chrome\skin\lib\panels\images\gamethumb-on.png
    c:\program files (x86)\file2linkib\chrome\skin\lib\panels\images\gamethumb2-over.png
    c:\program files (x86)\file2linkib\chrome\skin\lib\panels\images\ico-calendar.png
    c:\program files (x86)\file2linkib\chrome\skin\lib\panels\images\ico-dollar.png
    c:\program files (x86)\file2linkib\chrome\skin\lib\panels\images\ico-download.png
    c:\program files (x86)\file2linkib\chrome\skin\lib\panels\images\ico-joystick24.png
    c:\program files (x86)\file2linkib\chrome\skin\lib\panels\images\ico-news24.png
    c:\program files (x86)\file2linkib\chrome\skin\lib\panels\images\ico-play.png
    c:\program files (x86)\file2linkib\chrome\skin\lib\panels\images\ico-tags.png
    c:\program files (x86)\file2linkib\chrome\skin\lib\panels\images\icon-Add.png
    c:\program files (x86)\file2linkib\chrome\skin\lib\panels\images\icon-download.png
    c:\program files (x86)\file2linkib\chrome\skin\lib\panels\images\icon-Info.png
    c:\program files (x86)\file2linkib\chrome\skin\lib\panels\images\icon-play.png
    c:\program files (x86)\file2linkib\chrome\skin\lib\panels\images\icon-shop.png
    c:\program files (x86)\file2linkib\chrome\skin\lib\panels\images\menul-bgon.png
    c:\program files (x86)\file2linkib\chrome\skin\lib\panels\images\menul-bgover.png
    c:\program files (x86)\file2linkib\chrome\skin\lib\panels\images\panel-botm-noscroll.png
    c:\program files (x86)\file2linkib\chrome\skin\lib\panels\images\scroll-bg-206.png
    c:\program files (x86)\file2linkib\chrome\skin\lib\panels\images\scroll-bg.png
    c:\program files (x86)\file2linkib\chrome\skin\lib\panels\images\scroll-topwin.png
    c:\program files (x86)\file2linkib\chrome\skin\lib\panels\images\scrollb-disable.png
    c:\program files (x86)\file2linkib\chrome\skin\lib\panels\images\scrollb-down.png
    c:\program files (x86)\file2linkib\chrome\skin\lib\panels\images\scrollb-over.png
    c:\program files (x86)\file2linkib\chrome\skin\lib\panels\images\scrollb.png
    c:\program files (x86)\file2linkib\chrome\skin\lib\panels\images\scrollt-disable.png
    c:\program files (x86)\file2linkib\chrome\skin\lib\panels\images\scrollt-down.png
    c:\program files (x86)\file2linkib\chrome\skin\lib\panels\images\scrollt-over.png
    c:\program files (x86)\file2linkib\chrome\skin\lib\panels\images\scrollt.png
    c:\program files (x86)\file2linkib\chrome\skin\lib\panels\images\searchbox-pnlbtm.png
    c:\program files (x86)\file2linkib\chrome\skin\lib\panels\images\star_x_grey.png
    c:\program files (x86)\file2linkib\chrome\skin\lib\panels\images\star_x_orange.png
    c:\program files (x86)\file2linkib\chrome\skin\lib\panels\images\TRUSTe_about.png
    c:\program files (x86)\file2linkib\chrome\skin\lib\panels\images\view-detailed-on.png
    c:\program files (x86)\file2linkib\chrome\skin\lib\panels\images\view-detailed-over.png
    c:\program files (x86)\file2linkib\chrome\skin\lib\panels\images\view-thumb-on.png
    c:\program files (x86)\file2linkib\chrome\skin\lib\panels\images\view-thumb-over.png
    c:\program files (x86)\file2linkib\chrome\skin\lib\panels\images\widgets-square-16px.png
    c:\program files (x86)\file2linkib\chrome\skin\lib\panels\images\widgets-square-24px.png
    c:\program files (x86)\file2linkib\chrome\skin\lib\panels\images\widgets.png
    c:\program files (x86)\file2linkib\chrome\skin\lib\panels\initHTML.html
    c:\program files (x86)\file2linkib\chrome\skin\lib\panels\popupGames.html
    c:\program files (x86)\file2linkib\chrome\skin\lib\panels\popupHTML.html
    c:\program files (x86)\file2linkib\chrome\skin\lib\panels\popupRSS.html
    c:\program files (x86)\file2linkib\chrome\skin\lib\panels\popupWidgets.html
    c:\program files (x86)\file2linkib\chrome\skin\lib\panels\scroll.png
    c:\program files (x86)\file2linkib\chrome\skin\lib\plus.gif
    c:\program files (x86)\file2linkib\chrome\skin\lib\pop.png
    c:\program files (x86)\file2linkib\chrome\skin\lib\radio.png
    c:\program files (x86)\file2linkib\chrome\skin\lib\radio\css\manager.css
    c:\program files (x86)\file2linkib\chrome\skin\lib\radio\css\slider.css
    c:\program files (x86)\file2linkib\chrome\skin\lib\radio\images\bg-pnl.png
    c:\program files (x86)\file2linkib\chrome\skin\lib\radio\images\btn-close-grey.png
    c:\program files (x86)\file2linkib\chrome\skin\lib\radio\images\btn-close-greyover.png
    c:\program files (x86)\file2linkib\chrome\skin\lib\radio\images\collapsed_button.gif
    c:\program files (x86)\file2linkib\chrome\skin\lib\radio\images\expanded_button.gif
    c:\program files (x86)\file2linkib\chrome\skin\lib\radio\images\ico-playstation-down.png
    c:\program files (x86)\file2linkib\chrome\skin\lib\radio\images\ico-playstation-over.png
    c:\program files (x86)\file2linkib\chrome\skin\lib\radio\images\ico-playstation.png
    c:\program files (x86)\file2linkib\chrome\skin\lib\radio\images\ico-radio.png
    c:\program files (x86)\file2linkib\chrome\skin\lib\radio\images\music-note.png
    c:\program files (x86)\file2linkib\chrome\skin\lib\radio\images\radio-btn-pause-on.png
    c:\program files (x86)\file2linkib\chrome\skin\lib\radio\images\radio-btn-pause.png
    c:\program files (x86)\file2linkib\chrome\skin\lib\radio\images\radio-btn-play-on.png
    c:\program files (x86)\file2linkib\chrome\skin\lib\radio\images\radio-btn-play.png
    c:\program files (x86)\file2linkib\chrome\skin\lib\radio\images\radio-eq-bg.png
    c:\program files (x86)\file2linkib\chrome\skin\lib\radio\images\radio-eq-buffer.gif
    c:\program files (x86)\file2linkib\chrome\skin\lib\radio\images\radio-eq-busy.gif
    c:\program files (x86)\file2linkib\chrome\skin\lib\radio\images\radio-eq-off.png
    c:\program files (x86)\file2linkib\chrome\skin\lib\radio\images\radio-eq-on.gif
    c:\program files (x86)\file2linkib\chrome\skin\lib\radio\images\radio-eq-warning.png
    c:\program files (x86)\file2linkib\chrome\skin\lib\radio\images\radio-options-design-on.png
    c:\program files (x86)\file2linkib\chrome\skin\lib\radio\images\radio-options-design.png
    c:\program files (x86)\file2linkib\chrome\skin\lib\radio\images\radio-options-on.png
    c:\program files (x86)\file2linkib\chrome\skin\lib\radio\images\radio-options.png
    c:\program files (x86)\file2linkib\chrome\skin\lib\radio\images\radio-volume-0.png
    c:\program files (x86)\file2linkib\chrome\skin\lib\radio\images\radio-volume-1.png
    c:\program files (x86)\file2linkib\chrome\skin\lib\radio\images\radio-volume-2.png
    c:\program files (x86)\file2linkib\chrome\skin\lib\radio\images\radio-volume-3.png
    c:\program files (x86)\file2linkib\chrome\skin\lib\radio\images\radio-volume-mute.png
    c:\program files (x86)\file2linkib\chrome\skin\lib\radio\images\scrollbar-handle.png
    c:\program files (x86)\file2linkib\chrome\skin\lib\radio\images\scrollbar-track.png
    c:\program files (x86)\file2linkib\chrome\skin\lib\radio\images\slider.png
    c:\program files (x86)\file2linkib\chrome\skin\lib\radio\images\slideron.png
    c:\program files (x86)\file2linkib\chrome\skin\lib\radio\images\track.png
    c:\program files (x86)\file2linkib\chrome\skin\lib\radio\managerpanel.html
    c:\program files (x86)\file2linkib\chrome\skin\lib\radio\volumeslider.html
    c:\program files (x86)\file2linkib\chrome\skin\lib\rank0.png
    c:\program files (x86)\file2linkib\chrome\skin\lib\rank0_5.png
    c:\program files (x86)\file2linkib\chrome\skin\lib\rank1.png
    c:\program files (x86)\file2linkib\chrome\skin\lib\rank1_5.png
    c:\program files (x86)\file2linkib\chrome\skin\lib\rank2.png
    c:\program files (x86)\file2linkib\chrome\skin\lib\rank2_5.png
    c:\program files (x86)\file2linkib\chrome\skin\lib\rank3.png
    c:\program files (x86)\file2linkib\chrome\skin\lib\rank3_5.png
    c:\program files (x86)\file2linkib\chrome\skin\lib\rank4.png
    c:\program files (x86)\file2linkib\chrome\skin\lib\rank4_5.png
    c:\program files (x86)\file2linkib\chrome\skin\lib\rank5.png
    c:\program files (x86)\file2linkib\chrome\skin\lib\rankna.png
    c:\program files (x86)\file2linkib\chrome\skin\lib\reload.png
    c:\program files (x86)\file2linkib\chrome\skin\lib\remove.png
    c:\program files (x86)\file2linkib\chrome\skin\lib\rename.gif
    c:\program files (x86)\file2linkib\chrome\skin\lib\resize-box.gif
    c:\program files (x86)\file2linkib\chrome\skin\lib\rss.png
    c:\program files (x86)\file2linkib\chrome\skin\lib\rsschannelback.png
    c:\program files (x86)\file2linkib\chrome\skin\lib\RSSLogo.png
    c:\program files (x86)\file2linkib\chrome\skin\lib\rsstabdivider.gif
    c:\program files (x86)\file2linkib\chrome\skin\lib\scroll-left.png
    c:\program files (x86)\file2linkib\chrome\skin\lib\scroll-right.png
    c:\program files (x86)\file2linkib\chrome\skin\lib\search-go.png
    c:\program files (x86)\file2linkib\chrome\skin\lib\search.png
    c:\program files (x86)\file2linkib\chrome\skin\lib\separator.png
    c:\program files (x86)\file2linkib\chrome\skin\lib\text-ellipsis.xml
    c:\program files (x86)\file2linkib\chrome\skin\lib\throbber.gif
    c:\program files (x86)\file2linkib\chrome\skin\lib\toolbarsplitter.gif
    c:\program files (x86)\file2linkib\chrome\skin\lib\transparent_1px.gif
    c:\program files (x86)\file2linkib\chrome\skin\lib\uwa\border_02.png
    c:\program files (x86)\file2linkib\chrome\skin\lib\uwa\border_03.png
    c:\program files (x86)\file2linkib\chrome\skin\lib\uwa\border_04.png
    c:\program files (x86)\file2linkib\chrome\skin\lib\uwa\border_06.png
    c:\program files (x86)\file2linkib\chrome\skin\lib\uwa\border_07.png
    c:\program files (x86)\file2linkib\chrome\skin\lib\uwa\border_08.png
    c:\program files (x86)\file2linkib\chrome\skin\lib\uwa\border_09.png
    c:\program files (x86)\file2linkib\chrome\skin\lib\uwa\border_10.png
    c:\program files (x86)\file2linkib\chrome\skin\lib\uwa\border_11.png
    c:\program files (x86)\file2linkib\chrome\skin\lib\uwa\border_12.png
    c:\program files (x86)\file2linkib\chrome\skin\lib\uwa\border_13.png
    c:\program files (x86)\file2linkib\chrome\skin\lib\uwa\border_14.png
    c:\program files (x86)\file2linkib\chrome\skin\lib\uwa\border_15.png
    c:\program files (x86)\file2linkib\chrome\skin\lib\uwa\border_16.png
    c:\program files (x86)\file2linkib\chrome\skin\lib\uwa\border_18.png
    c:\program files (x86)\file2linkib\chrome\skin\lib\uwa\border_19.png
    c:\program files (x86)\file2linkib\chrome\skin\lib\uwa\border_20.png
    c:\program files (x86)\file2linkib\chrome\skin\lib\uwa\border_21.png
    c:\program files (x86)\file2linkib\chrome\skin\lib\uwa\btn-close-grey.png
    c:\program files (x86)\file2linkib\chrome\skin\lib\uwa\btn-close-greyover.png
    c:\program files (x86)\file2linkib\chrome\skin\lib\uwa\close-hot.png
    c:\program files (x86)\file2linkib\chrome\skin\lib\uwa\close-normal.png
    c:\program files (x86)\file2linkib\chrome\skin\lib\uwa\loadingMid.gif
    c:\program files (x86)\file2linkib\chrome\skin\lib\uwa\paneltemplate.html
    c:\program files (x86)\file2linkib\chrome\skin\lib\uwa\proxy.html
    c:\program files (x86)\file2linkib\chrome\skin\lib\uwa\template.html
    c:\program files (x86)\file2linkib\chrome\skin\lib\uwa\template.xml
    c:\program files (x86)\file2linkib\chrome\skin\lib\uwa\templateFF.html
    c:\program files (x86)\file2linkib\chrome\skin\lib\uwa\throbber.gif
    c:\program files (x86)\file2linkib\chrome\skin\lib\weatherbutton.css
    c:\program files (x86)\file2linkib\chrome\skin\lib\weatherbutton\icons\cond999.png
    c:\program files (x86)\file2linkib\chrome\skin\lib\weatherbutton\icons\icons.xml
    c:\program files (x86)\file2linkib\chrome\skin\lib\weatherbutton\icons\na-s.png
    c:\program files (x86)\file2linkib\chrome\skin\lib\weatherbutton\icons\na-t.png
    c:\program files (x86)\file2linkib\chrome\skin\lib\weatherbutton\icons\na.png
    c:\program files (x86)\file2linkib\chrome\skin\lib\weatherbutton\icons\weather.png
    c:\program files (x86)\file2linkib\chrome\skin\lib\weatherbutton\panels\images\add.png
    c:\program files (x86)\file2linkib\chrome\skin\lib\weatherbutton\panels\images\arrowr-bluew5.png
    c:\program files (x86)\file2linkib\chrome\skin\lib\weatherbutton\panels\images\bg-pnl.png
    c:\program files (x86)\file2linkib\chrome\skin\lib\weatherbutton\panels\images\bg-pnl520x350.png
    c:\program files (x86)\file2linkib\chrome\skin\lib\weatherbutton\panels\images\bg-pnl520x350blue-whitebg.png
    c:\program files (x86)\file2linkib\chrome\skin\lib\weatherbutton\panels\images\bg-pnl520x350blue.png
    c:\program files (x86)\file2linkib\chrome\skin\lib\weatherbutton\panels\images\box-check.png
    c:\program files (x86)\file2linkib\chrome\skin\lib\weatherbutton\panels\images\box-uncheck.png
    c:\program files (x86)\file2linkib\chrome\skin\lib\weatherbutton\panels\images\btn-close-grey.png
    c:\program files (x86)\file2linkib\chrome\skin\lib\weatherbutton\panels\images\btn-close-greyover.png
    c:\program files (x86)\file2linkib\chrome\skin\lib\weatherbutton\panels\images\btn-delete.png
    c:\program files (x86)\file2linkib\chrome\skin\lib\weatherbutton\panels\images\btn-search-pnlbtm-over.png
    c:\program files (x86)\file2linkib\chrome\skin\lib\weatherbutton\panels\images\btn-search-pnlbtm.png
    c:\program files (x86)\file2linkib\chrome\skin\lib\weatherbutton\panels\images\btnarrow-next-off.png
    c:\program files (x86)\file2linkib\chrome\skin\lib\weatherbutton\panels\images\btnarrow-next.png
    c:\program files (x86)\file2linkib\chrome\skin\lib\weatherbutton\panels\images\btnarrow-previous-off.png
    c:\program files (x86)\file2linkib\chrome\skin\lib\weatherbutton\panels\images\btnarrow-previous.png
    c:\program files (x86)\file2linkib\chrome\skin\lib\weatherbutton\panels\images\ico-check.png
    c:\program files (x86)\file2linkib\chrome\skin\lib\weatherbutton\panels\images\ico-hotandhumid-s.png
    c:\program files (x86)\file2linkib\chrome\skin\lib\weatherbutton\panels\images\ico-hotandhumid.png
    c:\program files (x86)\file2linkib\chrome\skin\lib\weatherbutton\panels\images\options-weather.png
    c:\program files (x86)\file2linkib\chrome\skin\lib\weatherbutton\panels\images\over-blue.png
    c:\program files (x86)\file2linkib\chrome\skin\lib\weatherbutton\panels\images\over-orange.png
    c:\program files (x86)\file2linkib\chrome\skin\lib\weatherbutton\panels\images\powered-by-weatherbug.png
    c:\program files (x86)\file2linkib\chrome\skin\lib\weatherbutton\panels\images\powered-by-weatherbug2.png
    c:\program files (x86)\file2linkib\chrome\skin\lib\weatherbutton\panels\images\radio-checked.png
    c:\program files (x86)\file2linkib\chrome\skin\lib\weatherbutton\panels\images\radio-unchecked.png
    c:\program files (x86)\file2linkib\chrome\skin\lib\weatherbutton\panels\images\searchbox-pnlbtm.png
    c:\program files (x86)\file2linkib\chrome\skin\lib\weatherbutton\panels\images\weather-contour.png
    c:\program files (x86)\file2linkib\chrome\skin\lib\weatherbutton\panels\popupWeather.css
    c:\program files (x86)\file2linkib\chrome\skin\lib\weatherbutton\panels\popupWeather.html
    c:\program files (x86)\file2linkib\chrome\skin\lib\websiteinspector-highrisk-user.gif
    c:\program files (x86)\file2linkib\chrome\skin\lib\websiteinspector-highrisk.gif
    c:\program files (x86)\file2linkib\chrome\skin\lib\websiteinspector-lowrisk.gif
    c:\program files (x86)\file2linkib\chrome\skin\lib\websiteinspector-norating.gif
    c:\program files (x86)\file2linkib\chrome\skin\lib\websiteinspector-verified-user.gif
    c:\program files (x86)\file2linkib\chrome\skin\lib\websiteinspector-verified.gif
    c:\program files (x86)\file2linkib\chrome\skin\lib\websiteinspector-verifying.gif
    c:\program files (x86)\file2linkib\chrome\skin\lib\yahoo.png
    c:\program files (x86)\file2linkib\chrome\skin\lichen.gif
    c:\program files (x86)\file2linkib\chrome\skin\logo-about.png
    c:\program files (x86)\file2linkib\chrome\skin\logo-over.png
    c:\program files (x86)\file2linkib\chrome\skin\logo-separator.png
    c:\program files (x86)\file2linkib\chrome\skin\logo.png
    c:\program files (x86)\file2linkib\chrome\skin\mail.png
    c:\program files (x86)\file2linkib\chrome\skin\menuseparatorback.gif
    c:\program files (x86)\file2linkib\chrome\skin\modify-save.png
    c:\program files (x86)\file2linkib\chrome\skin\modify.png
    c:\program files (x86)\file2linkib\chrome\skin\modifyhot.png
    c:\program files (x86)\file2linkib\chrome\skin\music.png
    c:\program files (x86)\file2linkib\chrome\skin\namespacetoolbar.css
    c:\program files (x86)\file2linkib\chrome\skin\news.png
    c:\program files (x86)\file2linkib\chrome\skin\options-main.png
    c:\program files (x86)\file2linkib\chrome\skin\options-search.png
    c:\program files (x86)\file2linkib\chrome\skin\options\options-main.png
    c:\program files (x86)\file2linkib\chrome\skin\options\options-search.png
    c:\program files (x86)\file2linkib\chrome\skin\options\options-weather.gif
    c:\program files (x86)\file2linkib\chrome\skin\options\options-weather.png
    c:\program files (x86)\file2linkib\chrome\skin\options\options-widgets.png
    c:\program files (x86)\file2linkib\chrome\skin\orange.gif
    c:\program files (x86)\file2linkib\chrome\skin\p_yahoo.png
    c:\program files (x86)\file2linkib\chrome\skin\pixsy.png
    c:\program files (x86)\file2linkib\chrome\skin\ppcbully.png
    c:\program files (x86)\file2linkib\chrome\skin\protect-id.png
    c:\program files (x86)\file2linkib\chrome\skin\relatedlinks.png
    c:\program files (x86)\file2linkib\chrome\skin\rss-collapse.png
    c:\program files (x86)\file2linkib\chrome\skin\rss-delete.png
    c:\program files (x86)\file2linkib\chrome\skin\rss-expand.png
    c:\program files (x86)\file2linkib\chrome\skin\rss-feed.png
    c:\program files (x86)\file2linkib\chrome\skin\rss-folder-remove.png
    c:\program files (x86)\file2linkib\chrome\skin\rss-folder-rename.png
    c:\program files (x86)\file2linkib\chrome\skin\rss-folder.png
    c:\program files (x86)\file2linkib\chrome\skin\rss-found.png
    c:\program files (x86)\file2linkib\chrome\skin\rss-reload.png
    c:\program files (x86)\file2linkib\chrome\skin\rss-subscribe.png
    c:\program files (x86)\file2linkib\chrome\skin\rss.png
    c:\program files (x86)\file2linkib\chrome\skin\rssback.gif
    c:\program files (x86)\file2linkib\chrome\skin\rsstopback.gif
    c:\program files (x86)\file2linkib\chrome\skin\search-over.png
    c:\program files (x86)\file2linkib\chrome\skin\search.png
    c:\program files (x86)\file2linkib\chrome\skin\searchbar\searchbar-background-left.png
    c:\program files (x86)\file2linkib\chrome\skin\searchbar\searchbar-background-middle.png
    c:\program files (x86)\file2linkib\chrome\skin\searchbar\searchbar-background-right.png
    c:\program files (x86)\file2linkib\chrome\skin\settings.png
    c:\program files (x86)\file2linkib\chrome\skin\shopping.png
    c:\program files (x86)\file2linkib\chrome\skin\siteinfo.png
    c:\program files (x86)\file2linkib\chrome\skin\skin-bluelite.png
    c:\program files (x86)\file2linkib\chrome\skin\skin-bluesky.png
    c:\program files (x86)\file2linkib\chrome\skin\skin-grey.png
    c:\program files (x86)\file2linkib\chrome\skin\skin-lichen.png
    c:\program files (x86)\file2linkib\chrome\skin\skin-orange.png
    c:\program files (x86)\file2linkib\chrome\skin\skin-yellow.png
    c:\program files (x86)\file2linkib\chrome\skin\skin.xml
    c:\program files (x86)\file2linkib\chrome\skin\technorati.png
    c:\program files (x86)\file2linkib\chrome\skin\throbber.gif
    c:\program files (x86)\file2linkib\chrome\skin\toolbarsplitter.png
    c:\program files (x86)\file2linkib\chrome\skin\translate.png
    c:\program files (x86)\file2linkib\chrome\skin\TRUSTe_about.png
    c:\program files (x86)\file2linkib\chrome\skin\vmn.css
    c:\program files (x86)\file2linkib\chrome\skin\vmn.png
    c:\program files (x86)\file2linkib\chrome\skin\web.png
    c:\program files (x86)\file2linkib\chrome\skin\websearch.png
    c:\program files (x86)\file2linkib\chrome\skin\wikipedia.png
    c:\program files (x86)\file2linkib\chrome\skin\yahoosearch.png
    c:\program files (x86)\file2linkib\chrome\skin\yellow.gif
    c:\program files (x86)\file2linkib\chrome\skin\youtube.png
    c:\program files (x86)\file2linkib\chrome\skin\zoom.png
    c:\program files (x86)\file2linkib\components\windowmediator.js
    c:\program files (x86)\file2linkib\file2linkib.dll
    c:\program files (x86)\file2linkib\file2linkibX.dll
    c:\program files (x86)\file2linkib\install.ico
    c:\program files (x86)\file2linkib\manifest.xml
    c:\program files (x86)\file2linkib\toolbar.xml
    c:\program files (x86)\file2linkib\uninstall.exe
    c:\users\DJS\AppData\Local\Temp\1.tmp\F_IN_BOX.dll
    c:\windows\system32\drivers\etc\lmhosts
    c:\windows\SysWow64\protector.dll.tmp
    .
    .
    ((((((((((((((((((((((((( Files Created from 2012-05-21 to 2012-06-21 )))))))))))))))))))))))))))))))
    .
    .
    2012-06-21 10:58 . 2011-07-08 06:55 41272 ----a-w- c:\windows\SysWow64\drivers\mbamswissarmy.sys
    2012-06-21 06:39 . 2012-06-02 22:19 57880 ----a-w- c:\windows\system32\wuauclt.exe
    2012-06-21 06:39 . 2012-06-02 22:19 44056 ----a-w- c:\windows\system32\wups2.dll
    2012-06-21 06:39 . 2012-06-02 22:19 2428952 ----a-w- c:\windows\system32\wuaueng.dll
    2012-06-21 06:39 . 2012-06-02 22:15 2622464 ----a-w- c:\windows\system32\wucltux.dll
    2012-06-21 06:39 . 2012-06-02 14:19 186752 ----a-w- c:\windows\system32\wuwebv.dll
    2012-06-21 06:39 . 2012-06-02 14:15 36864 ----a-w- c:\windows\system32\wuapp.exe
    2012-06-20 17:34 . 2012-05-11 09:07 706776 --s---w- c:\windows\system32\drivers\TfSysMon.sys
    2012-06-20 17:34 . 2012-05-11 09:07 65664 --s---w- c:\windows\system32\drivers\TfFsMon.sys
    2012-06-20 17:34 . 2012-05-11 09:07 41968 --s---w- c:\windows\system32\drivers\TfNetMon.sys
    2012-06-20 17:33 . 2012-05-11 10:09 145432 ----a-w- c:\windows\system32\drivers\pctwfpfilter64.sys
    2012-06-20 17:33 . 2012-05-11 10:08 341168 ----a-w- c:\windows\system32\drivers\pctgntdi64.sys
    2012-06-20 17:33 . 2012-05-11 10:13 14776 ----a-w- c:\windows\system32\drivers\pctBTFix64.sys
    2012-06-20 17:33 . 2012-05-11 10:14 92896 ----a-w- c:\windows\system32\drivers\pctplsg64.sys
    2012-06-20 17:32 . 2012-02-28 10:43 1096176 ----a-w- c:\windows\system32\drivers\pctEFA64.sys
    2012-06-20 17:32 . 2012-02-28 10:43 453896 ----a-w- c:\windows\system32\drivers\pctDS64.sys
    2012-06-20 17:32 . 2012-05-11 10:14 251528 ----a-w- c:\windows\system32\drivers\PCTSD64.sys
    2012-06-20 17:32 . 2012-04-23 11:36 426616 ----a-w- c:\windows\system32\drivers\PCTCore64.sys
    2012-06-20 15:00 . 2012-06-21 10:58 -------- d-----w- c:\program files (x86)\Malwarebytes' Anti-Malware
    2012-06-20 15:00 . 2012-04-04 14:56 24904 ----a-w- c:\windows\system32\drivers\mbam.sys
    2012-06-20 12:08 . 2012-06-20 12:10 -------- d-----w- c:\users\DJS\AppData\Roaming\vlc
    2012-06-20 12:07 . 2012-06-20 12:07 -------- d-----w- c:\program files (x86)\VideoLAN
    2012-06-15 11:43 . 2012-06-15 11:43 53248 ----a-r- c:\users\DJS\AppData\Roaming\Microsoft\Installer\{9064317A-39C7-40D5-8CF5-04A254747B88}\ARPPRODUCTICON.exe
    2012-06-14 02:01 . 2012-04-26 05:41 77312 ----a-w- c:\windows\system32\rdpwsx.dll
    2012-06-14 02:01 . 2012-04-26 05:41 149504 ----a-w- c:\windows\system32\rdpcorekmts.dll
    2012-06-14 02:01 . 2012-04-26 05:34 9216 ----a-w- c:\windows\system32\rdrmemptylst.exe
    2012-06-14 02:01 . 2012-05-01 05:40 209920 ----a-w- c:\windows\system32\profsvc.dll
    2012-06-14 02:01 . 2012-05-04 11:06 5559664 ----a-w- c:\windows\system32\ntoskrnl.exe
    2012-06-14 02:01 . 2012-05-04 10:03 3968368 ----a-w- c:\windows\SysWow64\ntkrnlpa.exe
    2012-06-14 02:01 . 2012-05-04 10:03 3913072 ----a-w- c:\windows\SysWow64\ntoskrnl.exe
    2012-06-13 04:37 . 2012-04-28 03:55 210944 ----a-w- c:\windows\system32\drivers\rdpwd.sys
    2012-06-13 04:37 . 2012-04-07 12:31 3216384 ----a-w- c:\windows\system32\msi.dll
    2012-06-13 04:37 . 2012-04-07 11:26 2342400 ----a-w- c:\windows\SysWow64\msi.dll
    2012-06-13 04:37 . 2012-04-24 05:37 1462272 ----a-w- c:\windows\system32\crypt32.dll
    2012-06-13 04:36 . 2012-04-24 05:37 184320 ----a-w- c:\windows\system32\cryptsvc.dll
    2012-06-13 04:36 . 2012-04-24 05:37 140288 ----a-w- c:\windows\system32\cryptnet.dll
    2012-06-13 04:36 . 2012-04-24 04:36 140288 ----a-w- c:\windows\SysWow64\cryptsvc.dll
    2012-06-13 04:36 . 2012-04-24 04:36 1158656 ----a-w- c:\windows\SysWow64\crypt32.dll
    2012-06-13 04:36 . 2012-04-24 04:36 103936 ----a-w- c:\windows\SysWow64\cryptnet.dll
    2012-06-11 19:25 . 2012-06-11 19:25 -------- d-----w- c:\users\DJS\AppData\Local\MetaGeek,_LLC
    2012-06-11 19:24 . 2012-06-11 19:24 -------- d-----w- c:\program files (x86)\MetaGeek
    2012-06-11 15:59 . 2012-06-11 15:59 -------- d-----w- c:\program files\CCleaner
    .
    .
    .
    (((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
    .
    2012-05-08 17:21 . 2012-01-06 15:50 85192 ----a-w- c:\windows\system32\drivers\PCTBD64.sys
    2012-05-08 17:21 . 2012-01-06 15:50 149432 ----a-w- c:\windows\SGDetectionTool.dll0653.old
    2012-05-08 17:21 . 2012-01-06 15:50 149432 ----a-w- c:\windows\SGDetectionTool.dll
    2012-05-08 17:21 . 2012-01-06 15:50 2267064 ----a-w- c:\windows\PCTBDCore.dll0653.old
    2012-05-08 17:21 . 2012-01-06 15:50 2267064 ----a-w- c:\windows\PCTBDCore.dll
    2012-05-08 17:21 . 2012-01-06 15:50 1681336 ----a-w- c:\windows\PCTBDRes.dll
    2012-05-08 17:21 . 2012-01-06 15:50 767928 ----a-w- c:\windows\BDTSupport.dll0653.old
    2012-05-08 17:21 . 2012-01-06 15:50 767928 ----a-w- c:\windows\BDTSupport.dll
    2012-05-08 16:47 . 2012-01-06 15:50 3488 ----a-w- c:\windows\UDB.zip
    2012-05-08 16:47 . 2012-01-06 15:50 131 ----a-w- c:\windows\IDB.zip
    2012-05-05 12:35 . 2012-04-13 08:21 419488 ----a-w- c:\windows\SysWow64\FlashPlayerApp.exe
    2012-05-05 12:35 . 2011-12-20 16:55 70304 ----a-w- c:\windows\SysWow64\FlashPlayerCPLApp.cpl
    2012-05-05 12:35 . 2012-04-13 08:35 8744608 ----a-w- c:\windows\SysWow64\FlashPlayerInstaller.exe
    2012-04-22 11:07 . 2012-04-22 11:07 2301208 ----a-w- c:\programdata\Microsoft\eHome\Packages\MCEClientUX\UpdateableMarkup\markup.dll
    2012-04-22 11:07 . 2012-04-22 11:07 42776 ----a-w- c:\programdata\Microsoft\eHome\Packages\MCEClientUX\dSM\StartResources.dll
    2012-04-22 11:06 . 2012-04-22 11:06 710992 ----a-w- c:\programdata\Microsoft\eHome\Packages\MCESpotlight\MCESpotlight\SpotlightResources.dll
    2012-03-30 11:35 . 2012-05-09 06:41 1918320 ----a-w- c:\windows\system32\drivers\tcpip.sys
    .
    .
    ((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
    .
    .
    *Note* empty entries & legit default entries are not shown
    REGEDIT4
    .
    [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "Sidebar"="c:\program files\Windows Sidebar\sidebar.exe" [2010-11-21 1475584]
    "093674ECE97C7DA80BFDFDC4CF032C619BDC522D._service_run"="c:\users\DJS\AppData\Local\Google\Chrome\Application\chrome.exe" [2012-06-07 1239576]
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
    "HP Software Update"="c:\program files (x86)\HP\HP Software Update\HPWuSchd2.exe" [2008-12-08 54576]
    "Easybits Recovery"="c:\program files (x86)\EasyBits For Kids\ezRecover.exe" [2011-05-17 61112]
    "PDF Complete"="c:\program files (x86)\PDF Complete\pdfsty.exe" [2011-05-06 658424]
    "SunJavaUpdateSched"="c:\program files (x86)\Common Files\Java\Java Update\jusched.exe" [2010-05-14 248552]
    "APSDaemon"="c:\program files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe" [2011-11-01 59240]
    "iTunesHelper"="c:\program files (x86)\iTunes\iTunesHelper.exe" [2011-12-08 421736]
    "RIMBBLaunchAgent.exe"="c:\program files (x86)\Common Files\Research In Motion\USB Drivers\RIMBBLaunchAgent.exe" [2011-11-02 90448]
    "Adobe ARM"="c:\program files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2012-01-03 843712]
    "FileZilla Server Interface"="c:\program files (x86)\FileZilla Server\FileZilla Server Interface.exe" [2011-10-23 1044992]
    "Logan_S2P"="c:\program files (x86)\Samsung\Samsung SCX-4500 Series\SPanel\PSU\Scan2pc.exe" [2007-06-10 253952]
    "Samsung PanelMgr"="c:\windows\Samsung\PanelMgr\SSMMgr.exe" [2007-07-05 520192]
    "InstaLAN"="c:\program files (x86)\Belkin\Router Setup and Monitor\BelkinRouterMonitor.exe" [2011-05-27 2015136]
    "ISTray"="c:\program files (x86)\PC Tools\PC Tools Security\pctsGui.exe" [2012-05-11 2670520]
    .
    c:\users\DJS\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
    OpenOffice.org 3.3.lnk - c:\program files (x86)\OpenOffice.org 3\program\quickstart.exe [2010-12-13 1198592]
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
    "ConsentPromptBehaviorAdmin"= 5 (0x5)
    "ConsentPromptBehaviorUser"= 3 (0x3)
    "EnableUIADesktopToggle"= 0 (0x0)
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\explorer]
    "EnableShellExecuteHooks"= 1 (0x1)
    .
    [hkey_local_machine\software\Wow6432Node\microsoft\windows\currentversion\explorer\ShellExecuteHooks]
    .
    [HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\drivers32]
    "aux"=wdmaud.drv
    .
    [HKEY_LOCAL_MACHINE\system\currentcontrolset\control\session manager]
    BootExecute REG_MULTI_SZ autocheck autochk *\0\0sdnclean64.exe\0lsdelete
    .
    [HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
    Security Packages REG_MULTI_SZ kerberos msv1_0 schannel wdigest tspkg pku2u livessp
    .
    R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-03-18 138576]
    R2 gupdate;Google Update Service (gupdate);c:\program files (x86)\Google\Update\GoogleUpdate.exe [2012-03-25 116648]
    R2 HP Support Assistant Service;HP Support Assistant Service;c:\program files (x86)\Hewlett-Packard\HP Support Framework\hpsa_service.exe [2011-06-09 85560]
    R2 SkypeUpdate;Skype Updater;c:\program files (x86)\Skype\Updater\Updater.exe [2012-02-29 158856]
    R3 AdobeFlashPlayerUpdateSvc;Adobe Flash Player Update Service;c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-05-05 257696]
    R3 BBSvc;Bing Bar Update Service;c:\program files (x86)\Microsoft\BingBar\BBSvc.EXE [2011-03-02 183560]
    R3 dg_ssudbus;SAMSUNG Mobile USB Composite Device Driver (DEVGURU Ver.);c:\windows\system32\DRIVERS\ssudbus.sys [x]
    R3 GamesAppService;GamesAppService;c:\program files (x86)\WildTangent Games\App\GamesAppService.exe [2010-10-12 206072]
    R3 gupdatem;Google Update Service (gupdatem);c:\program files (x86)\Google\Update\GoogleUpdate.exe [2012-03-25 116648]
    R3 Impcd;Impcd;c:\windows\system32\drivers\Impcd.sys [x]
    R3 Lavasoft Kernexplorer;Lavasoft helper driver;c:\program files (x86)\Lavasoft\Ad-Aware\KernExplorer64.sys [x]
    R3 pmxdrv;pmxdrv;c:\windows\system32\drivers\pmxdrv.sys [x]
    R3 Samsung UPD Service;Samsung UPD Service;c:\windows\System32\SUPDSvc.exe [x]
    R3 ssudmdm;SAMSUNG Mobile USB Modem Drivers (DEVGURU Ver.);c:\windows\system32\DRIVERS\ssudmdm.sys [x]
    R3 TfNetMon;TfNetMon;c:\windows\system32\drivers\TfNetMon.sys [x]
    R3 ThreatFire;ThreatFire;c:\program files (x86)\PC Tools\PC Tools Security\TFEngine\TFService.exe service [x]
    R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [x]
    R3 TsUsbGD;Remote Desktop Generic USB Device;c:\windows\system32\drivers\TsUsbGD.sys [x]
    R3 USBAAPL64;Apple Mobile USB Driver;c:\windows\system32\Drivers\usbaapl64.sys [x]
    R3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\Wat\WatAdminSvc.exe [x]
    R3 WDC_SAM;WD SCSI Pass Thru driver;c:\windows\system32\DRIVERS\wdcsam64.sys [x]
    R4 wlcrasvc;Windows Live Mesh remote connections service;c:\program files\Windows Live\Mesh\wlcrasvc.exe [2010-09-23 57184]
    S0 Lbd;Lbd;c:\windows\system32\DRIVERS\Lbd.sys [x]
    S0 PCTCore;PCTools KDS;c:\windows\system32\drivers\PCTCore64.sys [x]
    S0 pctDS;PC Tools Data Store;c:\windows\system32\drivers\pctDS64.sys [x]
    S0 pctEFA;PC Tools Extended File Attributes;c:\windows\system32\drivers\pctEFA64.sys [x]
    S0 PxHlpa64;PxHlpa64;c:\windows\System32\Drivers\PxHlpa64.sys [x]
    S0 TfFsMon;TfFsMon;c:\windows\system32\drivers\TfFsMon.sys [x]
    S0 TFSysMon;TFSysMon;c:\windows\system32\drivers\TfSysMon.sys [x]
    S1 pctgntdi;pctgntdi;c:\windows\System32\drivers\pctgntdi64.sys [x]
    S1 PCTSD;PC Tools Spyware Doctor Driver;c:\windows\system32\Drivers\PCTSD64.sys [x]
    S2 AdobeActiveFileMonitor10.0;Adobe Active File Monitor V10;c:\program files (x86)\Adobe\Elements 10 Organizer\PhotoshopElementsFileAgent.exe [2011-09-01 169624]
    S2 AdobeARMservice;Adobe Acrobat Update Service;c:\program files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe [2012-01-03 63928]
    S2 Belkin Local Backup Service;Belkin Local Backup Service;c:\program files\Belkin\Belkin USB Print and Storage Center\BkBackupScheduler.exe [2011-04-19 181760]
    S2 Belkin Network USB Helper;Belkin Network USB Helper;c:\program files\Belkin\Belkin USB Print and Storage Center\Bkapcs.exe [2010-02-09 55296]
    S2 Browser Defender Update Service;Browser Defender Update Service;c:\program files (x86)\PC Tools\PC Tools Security\BDT\BDTUpdateService.exe [2012-05-08 575416]
    S2 HPClientSvc;HP Client Services;c:\program files\Hewlett-Packard\HP Client Services\HPClientServices.exe [2010-10-11 346168]
    S2 HPDrvMntSvc.exe;HP Quick Synchronization Service;c:\program files (x86)\Hewlett-Packard\Shared\HPDrvMntSvc.exe [2011-03-29 94264]
    S2 jhi_service;Intel(R) Identity Protection Technology Host Interface Service;c:\program files (x86)\Intel\Services\IPT\jhi_service.exe [2011-02-24 212944]
    S2 pdfcDispatcher;PDF Document Manager;c:\program files (x86)\PDF Complete\pdfsvc.exe [2011-05-06 1128952]
    S2 sdAuxService;PC Tools Auxiliary Service;c:\program files (x86)\PC Tools\PC Tools Security\pctsAuxs.exe [2012-05-11 402336]
    S2 SSPORT;SSPORT;c:\windows\system32\Drivers\SSPORT.sys [x]
    S2 sxuptp;SXUPTP Driver;c:\windows\system32\DRIVERS\sxuptp.sys [x]
    S2 UNS;Intel(R) Management and Security Application User Notification Service;c:\program files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe [2011-02-01 2656280]
    S3 MEIx64;Intel(R) Management Engine Interface;c:\windows\system32\drivers\HECIx64.sys [x]
    S3 PCTBD;PC Tools Browser Defender Driver;c:\windows\system32\Drivers\PCTBD64.sys [x]
    S3 pctplsg;pctplsg;c:\windows\System32\drivers\pctplsg64.sys [x]
    S3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\DRIVERS\Rt64win7.sys [x]
    .
    .
    Contents of the 'Scheduled Tasks' folder
    .
    2012-06-21 c:\windows\Tasks\Adobe Flash Player Updater.job
    - c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-04-13 12:35]
    .
    2012-06-21 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
    - c:\program files (x86)\Google\Update\GoogleUpdate.exe [2012-03-25 10:44]
    .
    2012-06-21 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
    - c:\program files (x86)\Google\Update\GoogleUpdate.exe [2012-03-25 10:44]
    .
    2012-06-20 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1482461076-1701952276-2842015750-1000Core.job
    - c:\users\DJS\AppData\Local\Google\Update\GoogleUpdate.exe [2012-01-06 15:07]
    .
    2012-06-21 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1482461076-1701952276-2842015750-1000UA.job
    - c:\users\DJS\AppData\Local\Google\Update\GoogleUpdate.exe [2012-01-06 15:07]
    .
    2012-06-19 c:\windows\Tasks\HPCeeScheduleForDJS.job
    - c:\program files (x86)\Hewlett-Packard\HP Ceement\HPCEE.exe [2010-09-14 06:15]
    .
    .
    --------- X64 Entries -----------
    .
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "IgfxTray"="c:\windows\system32\igfxtray.exe" [2011-04-25 168216]
    "HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2011-04-25 391960]
    "Persistence"="c:\windows\system32\igfxpers.exe" [2011-04-25 418584]
    "hpsysdrv"="c:\program files (x86)\hewlett-packard\HP odometer\hpsysdrv.exe" [2008-11-20 62768]
    "AdobeAAMUpdater-1.0"="c:\program files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe" [2011-06-16 499608]
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]
    "LoadAppInit_DLLs"=0x0
    .
    ------- Supplementary Scan -------
    .
    uStart Page = https://www.google.co.uk/
    uLocal Page = c:\windows\system32\blank.htm
    mLocal Page = c:\windows\SysWOW64\blank.htm
    uInternet Settings,ProxyOverride = *.local
    IE: Add to Google Photos Screensa&ver - c:\windows\system32\GPhotos.scr/200
    IE: E&xport to Microsoft Excel - c:\progra~2\MICROS~1\Office12\EXCEL.EXE/3000
    LSP: c:\program files (x86)\Common Files\PC Tools\Lsp\PCTLsp.dll
    TCP: DhcpNameServer = 192.168.1.254
    FF - ProfilePath - c:\users\DJS\AppData\Roaming\Mozilla\Firefox\Profiles\r62uapco.default\
    FF - prefs.js: browser.startup.homepage - hxxps://login.yahoo.com/config/login_verify2?.intl=uk&.partner=bt-1&.done=http%3a//bt.yahoo.com/%3f
    FF - user.js: extentions.y2layers.installId - 420efbda-25ed-4ace-87e1-9a3cfb51791b
    FF - user.js: extentions.y2layers.defaultEnableAppsList - DropDownDeals,BestVideoDownloader,EzLooker,TwitTube,TopRelatedTopics,Buzzdock,
    FF - user.js: security.csp.enable - false
    FF - user.js: extensions.autoDisableScopes - 14//iBryte
    .
    - - - - ORPHANS REMOVED - - - -
    .
    Wow6432Node-HKLM-Run-iBryte playbryte Desktop - c:\program files (x86)\iBryte\playbryte\ibrytedesktop.exe
    Wow6432Node-HKLM-Run-Spybot-S&D Cleaning - c:\program files (x86)\Spybot - Search & Destroy 2\SDCleaner.exe
    SafeBoot-Lavasoft Ad-Aware Service
    AddRemove-EasyBits Magic Desktop - c:\windows\system32\ezMDUninstall.exe
    AddRemove-file2linkib - c:\program files (x86)\file2linkib\uninstall.exe
    AddRemove-{34681D92-5958-406A-A654-1B57E7A7B3DC} - c:\program files (x86)\InstallShield Installation Information\{34681D92-5958-406A-A654-1B57E7A7B3DC}\setup.exe
    .
    .
    .
    [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\pdfcDispatcher]
    "ImagePath"="c:\program files (x86)\PDF Complete\pdfsvc.exe /startedbyscm:66B66708-40E2BE4D-pdfcService"
    .
    --------------------- LOCKED REGISTRY KEYS ---------------------
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}]
    @Denied: (A 2) (Everyone)
    @="FlashBroker"
    "LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_2_202_235_ActiveX.exe,-101"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\Elevation]
    "Enabled"=dword:00000001
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\LocalServer32]
    @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_2_202_235_ActiveX.exe"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\TypeLib]
    @="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
    @Denied: (A 2) (Everyone)
    @="Shockwave Flash Object"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]
    @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_2_202_235.ocx"
    "ThreadingModel"="Apartment"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]
    @="0"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]
    @="ShockwaveFlash.ShockwaveFlash.11"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
    @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_2_202_235.ocx, 1"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]
    @="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]
    @="1.0"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
    @="ShockwaveFlash.ShockwaveFlash"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]
    @Denied: (A 2) (Everyone)
    @="Macromedia Flash Factory Object"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]
    @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_2_202_235.ocx"
    "ThreadingModel"="Apartment"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]
    @="FlashFactory.FlashFactory.1"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
    @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_2_202_235.ocx, 1"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]
    @="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]
    @="1.0"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
    @="FlashFactory.FlashFactory"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}]
    @Denied: (A 2) (Everyone)
    @="IFlashBroker4"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\ProxyStubClsid32]
    @="{00020424-0000-0000-C000-000000000046}"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\TypeLib]
    @="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
    "Version"="1.0"
    .
    [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
    @Denied: (A) (Users)
    @Denied: (A) (Everyone)
    @Allowed: (B 1 2 3 4 5) (S-1-5-20)
    "BlindDial"=dword:00000000
    .
    [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0001\AllUserSettings]
    @Denied: (A) (Users)
    @Denied: (A) (Everyone)
    @Allowed: (B 1 2 3 4 5) (S-1-5-20)
    "BlindDial"=dword:00000000
    .
    [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0002\AllUserSettings]
    @Denied: (A) (Users)
    @Denied: (A) (Everyone)
    @Allowed: (B 1 2 3 4 5) (S-1-5-20)
    "BlindDial"=dword:00000000
    .
    [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]
    @Denied: (Full) (Everyone)
    .
    ------------------------ Other Running Processes ------------------------
    .
    c:\program files (x86)\Belkin\Router Setup and Monitor\BelkinService.exe
    c:\program files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
    c:\windows\SysWOW64\ezSharedSvcHost.exe
    c:\program files (x86)\FileZilla Server\FileZilla Server.exe
    c:\program files (x86)\PC Tools\PC Tools Security\pctsSvc.exe
    c:\program files (x86)\Microsoft\BingBar\SeaPort.EXE
    c:\program files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
    .
    **************************************************************************
    .
    Completion time: 2012-06-21 12:29:18 - machine was rebooted
    ComboFix-quarantined-files.txt 2012-06-21 11:29
    .
    Pre-Run: 704,157,933,568 bytes free
    Post-Run: 703,867,383,808 bytes free
    .
    - - End Of File - - 22DA8A657242EC1E92D7C908CCD2F519
     
  6. dvk01

    dvk01 Derek Moderator Malware Specialist

    Joined:
    Dec 14, 2002
    Messages:
    47,894
    Download the attached CFScript.txt and save it to your desktop ( click on the link underneath this post & if you are using internet explorer when the "File download" pop up comes press SAVE and choose desktop in the list of selections in that window & press save)

    Disable any antivirus/antimalware/firewall realtime protection or script blocking in the same way you did previously before running combofix & remember to re-enable it when it has finished

    Close any open browsers
    Then drag the CFScript.txt into the ComboFix.exe or renamed combofix icon as shown in the screenshot below.



    [​IMG]



    This will start ComboFix again. It may ask to reboot. Post the contents of Combofix.txt in your next reply .


    Note: these instructions and script were created specifically for this user. If you are not this user, do NOT follow these instructions or use this script as it could damage the workings of your system and will not fix your problem. If you have a similar problem start your own topic in the malware fixing forum
     

    Attached Files:

  7. Sandy379

    Sandy379 Thread Starter

    Joined:
    Jun 21, 2012
    Messages:
    15
    Done as requested. No noticable change. txt below:


    ComboFix 12-06-21.01 - DJS 21/06/2012 18:19:19.2.4 - x64
    Microsoft Windows 7 Home Premium 6.1.7601.1.1252.44.1033.18.4001.2776 [GMT 1:00]
    Running from: c:\users\DJS\Downloads\ComboFix.exe
    Command switches used :: c:\users\DJS\Desktop\CFScript (2).txt
    AV: PC Tools Spyware Doctor with AntiVirus *Disabled/Updated* {2F668A56-D5E0-2DF1-A0AE-CB1284F42AB2}
    SP: PC Tools Spyware Doctor with AntiVirus *Disabled/Updated* {94076BB2-F3DA-227F-9A1E-F060FF73600F}
    SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
    .
    .
    ((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
    .
    .
    c:\program files (x86)\iBryte
    c:\program files (x86)\Yontoo
    c:\program files (x86)\Yontoo\YontooIEClient.dll
    c:\users\DJS\AppData\Local\Temp\1.tmp\F_IN_BOX.dll
    .
    .
    ((((((((((((((((((((((((( Files Created from 2012-05-21 to 2012-06-21 )))))))))))))))))))))))))))))))
    .
    .
    2012-06-21 17:28 . 2012-06-21 17:28 -------- d-----w- C:\found.000
    2012-06-21 17:24 . 2012-06-21 17:24 -------- d-----w- c:\users\Default\AppData\Local\temp
    2012-06-21 10:58 . 2011-07-08 06:55 41272 ----a-w- c:\windows\SysWow64\drivers\mbamswissarmy.sys
    2012-06-21 06:39 . 2012-06-02 22:19 57880 ----a-w- c:\windows\system32\wuauclt.exe
    2012-06-21 06:39 . 2012-06-02 22:19 44056 ----a-w- c:\windows\system32\wups2.dll
    2012-06-21 06:39 . 2012-06-02 22:19 2428952 ----a-w- c:\windows\system32\wuaueng.dll
    2012-06-21 06:39 . 2012-06-02 22:15 2622464 ----a-w- c:\windows\system32\wucltux.dll
    2012-06-21 06:39 . 2012-06-02 14:19 186752 ----a-w- c:\windows\system32\wuwebv.dll
    2012-06-21 06:39 . 2012-06-02 14:15 36864 ----a-w- c:\windows\system32\wuapp.exe
    2012-06-20 17:34 . 2012-05-11 09:07 706776 --s---w- c:\windows\system32\drivers\TfSysMon.sys
    2012-06-20 17:34 . 2012-05-11 09:07 65664 --s---w- c:\windows\system32\drivers\TfFsMon.sys
    2012-06-20 17:34 . 2012-05-11 09:07 41968 --s---w- c:\windows\system32\drivers\TfNetMon.sys
    2012-06-20 17:33 . 2012-05-11 10:09 145432 ----a-w- c:\windows\system32\drivers\pctwfpfilter64.sys
    2012-06-20 17:33 . 2012-05-11 10:08 341168 ----a-w- c:\windows\system32\drivers\pctgntdi64.sys
    2012-06-20 17:33 . 2012-05-11 10:13 14776 ----a-w- c:\windows\system32\drivers\pctBTFix64.sys
    2012-06-20 17:33 . 2012-05-11 10:14 92896 ----a-w- c:\windows\system32\drivers\pctplsg64.sys
    2012-06-20 17:32 . 2012-02-28 10:43 1096176 ----a-w- c:\windows\system32\drivers\pctEFA64.sys
    2012-06-20 17:32 . 2012-02-28 10:43 453896 ----a-w- c:\windows\system32\drivers\pctDS64.sys
    2012-06-20 17:32 . 2012-05-11 10:14 251528 ----a-w- c:\windows\system32\drivers\PCTSD64.sys
    2012-06-20 17:32 . 2012-04-23 11:36 426616 ----a-w- c:\windows\system32\drivers\PCTCore64.sys
    2012-06-20 15:00 . 2012-06-21 10:58 -------- d-----w- c:\program files (x86)\Malwarebytes' Anti-Malware
    2012-06-20 15:00 . 2012-04-04 14:56 24904 ----a-w- c:\windows\system32\drivers\mbam.sys
    2012-06-20 12:08 . 2012-06-20 12:10 -------- d-----w- c:\users\DJS\AppData\Roaming\vlc
    2012-06-20 12:07 . 2012-06-20 12:07 -------- d-----w- c:\program files (x86)\VideoLAN
    2012-06-15 11:43 . 2012-06-15 11:43 53248 ----a-r- c:\users\DJS\AppData\Roaming\Microsoft\Installer\{9064317A-39C7-40D5-8CF5-04A254747B88}\ARPPRODUCTICON.exe
    2012-06-14 02:01 . 2012-04-26 05:41 77312 ----a-w- c:\windows\system32\rdpwsx.dll
    2012-06-14 02:01 . 2012-04-26 05:41 149504 ----a-w- c:\windows\system32\rdpcorekmts.dll
    2012-06-14 02:01 . 2012-04-26 05:34 9216 ----a-w- c:\windows\system32\rdrmemptylst.exe
    2012-06-14 02:01 . 2012-05-01 05:40 209920 ----a-w- c:\windows\system32\profsvc.dll
    2012-06-14 02:01 . 2012-05-04 11:06 5559664 ----a-w- c:\windows\system32\ntoskrnl.exe
    2012-06-14 02:01 . 2012-05-04 10:03 3968368 ----a-w- c:\windows\SysWow64\ntkrnlpa.exe
    2012-06-14 02:01 . 2012-05-04 10:03 3913072 ----a-w- c:\windows\SysWow64\ntoskrnl.exe
    2012-06-13 04:37 . 2012-04-28 03:55 210944 ----a-w- c:\windows\system32\drivers\rdpwd.sys
    2012-06-13 04:37 . 2012-04-07 12:31 3216384 ----a-w- c:\windows\system32\msi.dll
    2012-06-13 04:37 . 2012-04-07 11:26 2342400 ----a-w- c:\windows\SysWow64\msi.dll
    2012-06-13 04:37 . 2012-04-24 05:37 1462272 ----a-w- c:\windows\system32\crypt32.dll
    2012-06-13 04:36 . 2012-04-24 05:37 184320 ----a-w- c:\windows\system32\cryptsvc.dll
    2012-06-13 04:36 . 2012-04-24 05:37 140288 ----a-w- c:\windows\system32\cryptnet.dll
    2012-06-13 04:36 . 2012-04-24 04:36 140288 ----a-w- c:\windows\SysWow64\cryptsvc.dll
    2012-06-13 04:36 . 2012-04-24 04:36 1158656 ----a-w- c:\windows\SysWow64\crypt32.dll
    2012-06-13 04:36 . 2012-04-24 04:36 103936 ----a-w- c:\windows\SysWow64\cryptnet.dll
    2012-06-11 19:25 . 2012-06-11 19:25 -------- d-----w- c:\users\DJS\AppData\Local\MetaGeek,_LLC
    2012-06-11 19:24 . 2012-06-11 19:24 -------- d-----w- c:\program files (x86)\MetaGeek
    2012-06-11 15:59 . 2012-06-11 15:59 -------- d-----w- c:\program files\CCleaner
    .
    .
    .
    (((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
    .
    2012-05-08 17:21 . 2012-01-06 15:50 85192 ----a-w- c:\windows\system32\drivers\PCTBD64.sys
    2012-05-08 17:21 . 2012-01-06 15:50 149432 ----a-w- c:\windows\SGDetectionTool.dll0653.old
    2012-05-08 17:21 . 2012-01-06 15:50 149432 ----a-w- c:\windows\SGDetectionTool.dll
    2012-05-08 17:21 . 2012-01-06 15:50 2267064 ----a-w- c:\windows\PCTBDCore.dll0653.old
    2012-05-08 17:21 . 2012-01-06 15:50 2267064 ----a-w- c:\windows\PCTBDCore.dll
    2012-05-08 17:21 . 2012-01-06 15:50 1681336 ----a-w- c:\windows\PCTBDRes.dll
    2012-05-08 17:21 . 2012-01-06 15:50 767928 ----a-w- c:\windows\BDTSupport.dll0653.old
    2012-05-08 17:21 . 2012-01-06 15:50 767928 ----a-w- c:\windows\BDTSupport.dll
    2012-05-08 16:47 . 2012-01-06 15:50 3488 ----a-w- c:\windows\UDB.zip
    2012-05-08 16:47 . 2012-01-06 15:50 131 ----a-w- c:\windows\IDB.zip
    2012-05-05 12:35 . 2012-04-13 08:21 419488 ----a-w- c:\windows\SysWow64\FlashPlayerApp.exe
    2012-05-05 12:35 . 2011-12-20 16:55 70304 ----a-w- c:\windows\SysWow64\FlashPlayerCPLApp.cpl
    2012-05-05 12:35 . 2012-04-13 08:35 8744608 ----a-w- c:\windows\SysWow64\FlashPlayerInstaller.exe
    2012-04-22 11:07 . 2012-04-22 11:07 2301208 ----a-w- c:\programdata\Microsoft\eHome\Packages\MCEClientUX\UpdateableMarkup\markup.dll
    2012-04-22 11:07 . 2012-04-22 11:07 42776 ----a-w- c:\programdata\Microsoft\eHome\Packages\MCEClientUX\dSM\StartResources.dll
    2012-04-22 11:06 . 2012-04-22 11:06 710992 ----a-w- c:\programdata\Microsoft\eHome\Packages\MCESpotlight\MCESpotlight\SpotlightResources.dll
    2012-03-30 11:35 . 2012-05-09 06:41 1918320 ----a-w- c:\windows\system32\drivers\tcpip.sys
    .
    .
    ((((((((((((((((((((((((((((( SnapShot@2012-06-21_11.25.40 )))))))))))))))))))))))))))))))))))))))))
    .
    + 2009-07-14 04:54 . 2012-06-21 17:29 16384 c:\windows\SysWOW64\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
    - 2009-07-14 04:54 . 2012-06-21 11:25 16384 c:\windows\SysWOW64\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
    - 2009-07-14 04:54 . 2012-06-21 08:55 65536 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
    + 2009-07-14 04:54 . 2012-06-21 17:29 65536 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
    + 2010-11-21 03:09 . 2012-06-21 11:36 33280 c:\windows\system32\wdi\ShutdownPerformanceDiagnostics_SystemData.bin
    + 2009-07-14 05:10 . 2012-06-21 11:36 34040 c:\windows\system32\wdi\BootPerformanceDiagnostics_SystemData.bin
    + 2012-03-02 13:59 . 2012-06-21 11:33 3032 c:\windows\system32\wdi\ERCQueuedResolutions.dat
    + 2012-01-06 14:48 . 2012-06-21 11:36 8524 c:\windows\system32\wdi\{86432a0b-3c7d-4ddf-a89c-172faa90485d}\S-1-5-21-1482461076-1701952276-2842015750-1000_UserData.bin
    - 2012-06-21 11:25 . 2012-06-21 11:25 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive1.dat
    + 2012-06-21 17:29 . 2012-06-21 17:29 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive1.dat
    - 2012-06-21 11:25 . 2012-06-21 11:25 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive0.dat
    + 2012-06-21 17:29 . 2012-06-21 17:29 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive0.dat
    + 2009-07-14 04:54 . 2012-06-21 17:29 999424 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
    - 2009-07-14 04:54 . 2012-06-21 08:55 999424 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
    - 2009-07-14 05:01 . 2012-06-21 11:22 440268 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-System.dat
    + 2009-07-14 05:01 . 2012-06-21 17:25 440268 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-System.dat
    + 2012-01-06 16:37 . 2012-06-21 17:25 11954404 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-S-1-5-21-1482461076-1701952276-2842015750-1000-8192.dat
    - 2012-01-06 16:37 . 2012-06-21 11:22 11954404 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-S-1-5-21-1482461076-1701952276-2842015750-1000-8192.dat
    .
    ((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
    .
    .
    *Note* empty entries & legit default entries are not shown
    REGEDIT4
    .
    [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "Sidebar"="c:\program files\Windows Sidebar\sidebar.exe" [2010-11-21 1475584]
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
    "HP Software Update"="c:\program files (x86)\HP\HP Software Update\HPWuSchd2.exe" [2008-12-08 54576]
    "Easybits Recovery"="c:\program files (x86)\EasyBits For Kids\ezRecover.exe" [2011-05-17 61112]
    "PDF Complete"="c:\program files (x86)\PDF Complete\pdfsty.exe" [2011-05-06 658424]
    "SunJavaUpdateSched"="c:\program files (x86)\Common Files\Java\Java Update\jusched.exe" [2010-05-14 248552]
    "APSDaemon"="c:\program files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe" [2011-11-01 59240]
    "iTunesHelper"="c:\program files (x86)\iTunes\iTunesHelper.exe" [2011-12-08 421736]
    "RIMBBLaunchAgent.exe"="c:\program files (x86)\Common Files\Research In Motion\USB Drivers\RIMBBLaunchAgent.exe" [2011-11-02 90448]
    "Adobe ARM"="c:\program files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2012-01-03 843712]
    "FileZilla Server Interface"="c:\program files (x86)\FileZilla Server\FileZilla Server Interface.exe" [2011-10-23 1044992]
    "Logan_S2P"="c:\program files (x86)\Samsung\Samsung SCX-4500 Series\SPanel\PSU\Scan2pc.exe" [2007-06-10 253952]
    "Samsung PanelMgr"="c:\windows\Samsung\PanelMgr\SSMMgr.exe" [2007-07-05 520192]
    "InstaLAN"="c:\program files (x86)\Belkin\Router Setup and Monitor\BelkinRouterMonitor.exe" [2011-05-27 2015136]
    "ISTray"="c:\program files (x86)\PC Tools\PC Tools Security\pctsGui.exe" [2012-05-11 2670520]
    .
    c:\users\DJS\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
    OpenOffice.org 3.3.lnk - c:\program files (x86)\OpenOffice.org 3\program\quickstart.exe [2010-12-13 1198592]
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
    "ConsentPromptBehaviorAdmin"= 5 (0x5)
    "ConsentPromptBehaviorUser"= 3 (0x3)
    "EnableUIADesktopToggle"= 0 (0x0)
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\explorer]
    "EnableShellExecuteHooks"= 1 (0x1)
    .
    [hkey_local_machine\software\Wow6432Node\microsoft\windows\currentversion\explorer\ShellExecuteHooks]
    .
    [HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\drivers32]
    "aux"=wdmaud.drv
    .
    [HKEY_LOCAL_MACHINE\system\currentcontrolset\control\session manager]
    BootExecute REG_MULTI_SZ autocheck autochk *\0\0sdnclean64.exe\0lsdelete
    .
    [HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
    Security Packages REG_MULTI_SZ kerberos msv1_0 schannel wdigest tspkg pku2u livessp
    .
    R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-03-18 138576]
    R2 gupdate;Google Update Service (gupdate);c:\program files (x86)\Google\Update\GoogleUpdate.exe [2012-03-25 116648]
    R2 HP Support Assistant Service;HP Support Assistant Service;c:\program files (x86)\Hewlett-Packard\HP Support Framework\hpsa_service.exe [2011-06-09 85560]
    R2 SkypeUpdate;Skype Updater;c:\program files (x86)\Skype\Updater\Updater.exe [2012-02-29 158856]
    R3 AdobeFlashPlayerUpdateSvc;Adobe Flash Player Update Service;c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-05-05 257696]
    R3 BBSvc;Bing Bar Update Service;c:\program files (x86)\Microsoft\BingBar\BBSvc.EXE [2011-03-02 183560]
    R3 dg_ssudbus;SAMSUNG Mobile USB Composite Device Driver (DEVGURU Ver.);c:\windows\system32\DRIVERS\ssudbus.sys [x]
    R3 GamesAppService;GamesAppService;c:\program files (x86)\WildTangent Games\App\GamesAppService.exe [2010-10-12 206072]
    R3 gupdatem;Google Update Service (gupdatem);c:\program files (x86)\Google\Update\GoogleUpdate.exe [2012-03-25 116648]
    R3 Impcd;Impcd;c:\windows\system32\drivers\Impcd.sys [x]
    R3 Lavasoft Kernexplorer;Lavasoft helper driver;c:\program files (x86)\Lavasoft\Ad-Aware\KernExplorer64.sys [x]
    R3 pmxdrv;pmxdrv;c:\windows\system32\drivers\pmxdrv.sys [x]
    R3 Samsung UPD Service;Samsung UPD Service;c:\windows\System32\SUPDSvc.exe [x]
    R3 ssudmdm;SAMSUNG Mobile USB Modem Drivers (DEVGURU Ver.);c:\windows\system32\DRIVERS\ssudmdm.sys [x]
    R3 TfNetMon;TfNetMon;c:\windows\system32\drivers\TfNetMon.sys [x]
    R3 ThreatFire;ThreatFire;c:\program files (x86)\PC Tools\PC Tools Security\TFEngine\TFService.exe service [x]
    R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [x]
    R3 TsUsbGD;Remote Desktop Generic USB Device;c:\windows\system32\drivers\TsUsbGD.sys [x]
    R3 USBAAPL64;Apple Mobile USB Driver;c:\windows\system32\Drivers\usbaapl64.sys [x]
    R3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\Wat\WatAdminSvc.exe [x]
    R3 WDC_SAM;WD SCSI Pass Thru driver;c:\windows\system32\DRIVERS\wdcsam64.sys [x]
    R4 wlcrasvc;Windows Live Mesh remote connections service;c:\program files\Windows Live\Mesh\wlcrasvc.exe [2010-09-23 57184]
    S0 Lbd;Lbd;c:\windows\system32\DRIVERS\Lbd.sys [x]
    S0 PCTCore;PCTools KDS;c:\windows\system32\drivers\PCTCore64.sys [x]
    S0 pctDS;PC Tools Data Store;c:\windows\system32\drivers\pctDS64.sys [x]
    S0 pctEFA;PC Tools Extended File Attributes;c:\windows\system32\drivers\pctEFA64.sys [x]
    S0 PxHlpa64;PxHlpa64;c:\windows\System32\Drivers\PxHlpa64.sys [x]
    S0 TfFsMon;TfFsMon;c:\windows\system32\drivers\TfFsMon.sys [x]
    S0 TFSysMon;TFSysMon;c:\windows\system32\drivers\TfSysMon.sys [x]
    S1 pctgntdi;pctgntdi;c:\windows\System32\drivers\pctgntdi64.sys [x]
    S1 PCTSD;PC Tools Spyware Doctor Driver;c:\windows\system32\Drivers\PCTSD64.sys [x]
    S2 AdobeActiveFileMonitor10.0;Adobe Active File Monitor V10;c:\program files (x86)\Adobe\Elements 10 Organizer\PhotoshopElementsFileAgent.exe [2011-09-01 169624]
    S2 AdobeARMservice;Adobe Acrobat Update Service;c:\program files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe [2012-01-03 63928]
    S2 Belkin Local Backup Service;Belkin Local Backup Service;c:\program files\Belkin\Belkin USB Print and Storage Center\BkBackupScheduler.exe [2011-04-19 181760]
    S2 Belkin Network USB Helper;Belkin Network USB Helper;c:\program files\Belkin\Belkin USB Print and Storage Center\Bkapcs.exe [2010-02-09 55296]
    S2 Browser Defender Update Service;Browser Defender Update Service;c:\program files (x86)\PC Tools\PC Tools Security\BDT\BDTUpdateService.exe [2012-05-08 575416]
    S2 HPClientSvc;HP Client Services;c:\program files\Hewlett-Packard\HP Client Services\HPClientServices.exe [2010-10-11 346168]
    S2 HPDrvMntSvc.exe;HP Quick Synchronization Service;c:\program files (x86)\Hewlett-Packard\Shared\HPDrvMntSvc.exe [2011-03-29 94264]
    S2 jhi_service;Intel(R) Identity Protection Technology Host Interface Service;c:\program files (x86)\Intel\Services\IPT\jhi_service.exe [2011-02-24 212944]
    S2 pdfcDispatcher;PDF Document Manager;c:\program files (x86)\PDF Complete\pdfsvc.exe [2011-05-06 1128952]
    S2 sdAuxService;PC Tools Auxiliary Service;c:\program files (x86)\PC Tools\PC Tools Security\pctsAuxs.exe [2012-05-11 402336]
    S2 SSPORT;SSPORT;c:\windows\system32\Drivers\SSPORT.sys [x]
    S2 sxuptp;SXUPTP Driver;c:\windows\system32\DRIVERS\sxuptp.sys [x]
    S2 UNS;Intel(R) Management and Security Application User Notification Service;c:\program files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe [2011-02-01 2656280]
    S3 MEIx64;Intel(R) Management Engine Interface;c:\windows\system32\drivers\HECIx64.sys [x]
    S3 PCTBD;PC Tools Browser Defender Driver;c:\windows\system32\Drivers\PCTBD64.sys [x]
    S3 pctplsg;pctplsg;c:\windows\System32\drivers\pctplsg64.sys [x]
    S3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\DRIVERS\Rt64win7.sys [x]
    .
    .
    --- Other Services/Drivers In Memory ---
    .
    *Deregistered* - PCTSDInjDriver64
    .
    Contents of the 'Scheduled Tasks' folder
    .
    2012-06-21 c:\windows\Tasks\Adobe Flash Player Updater.job
    - c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-04-13 12:35]
    .
    2012-06-21 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
    - c:\program files (x86)\Google\Update\GoogleUpdate.exe [2012-03-25 10:44]
    .
    2012-06-21 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
    - c:\program files (x86)\Google\Update\GoogleUpdate.exe [2012-03-25 10:44]
    .
    2012-06-21 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1482461076-1701952276-2842015750-1000Core.job
    - c:\users\DJS\AppData\Local\Google\Update\GoogleUpdate.exe [2012-01-06 15:07]
    .
    2012-06-21 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1482461076-1701952276-2842015750-1000UA.job
    - c:\users\DJS\AppData\Local\Google\Update\GoogleUpdate.exe [2012-01-06 15:07]
    .
    2012-06-19 c:\windows\Tasks\HPCeeScheduleForDJS.job
    - c:\program files (x86)\Hewlett-Packard\HP Ceement\HPCEE.exe [2010-09-14 06:15]
    .
    .
    --------- X64 Entries -----------
    .
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "IgfxTray"="c:\windows\system32\igfxtray.exe" [2011-04-25 168216]
    "HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2011-04-25 391960]
    "Persistence"="c:\windows\system32\igfxpers.exe" [2011-04-25 418584]
    "hpsysdrv"="c:\program files (x86)\hewlett-packard\HP odometer\hpsysdrv.exe" [2008-11-20 62768]
    "AdobeAAMUpdater-1.0"="c:\program files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe" [2011-06-16 499608]
    .
    ------- Supplementary Scan -------
    .
    uStart Page = https://www.google.co.uk/
    uLocal Page = c:\windows\system32\blank.htm
    mLocal Page = c:\windows\SysWOW64\blank.htm
    uInternet Settings,ProxyOverride = *.local
    IE: Add to Google Photos Screensa&ver - c:\windows\system32\GPhotos.scr/200
    IE: E&xport to Microsoft Excel - c:\progra~2\MICROS~1\Office12\EXCEL.EXE/3000
    LSP: c:\program files (x86)\Common Files\PC Tools\Lsp\PCTLsp.dll
    TCP: DhcpNameServer = 192.168.1.254
    FF - ProfilePath - c:\users\DJS\AppData\Roaming\Mozilla\Firefox\Profiles\r62uapco.default\
    FF - prefs.js: browser.startup.homepage - hxxps://login.yahoo.com/config/login_verify2?.intl=uk&.partner=bt-1&.done=http%3a//bt.yahoo.com/%3f
    FF - user.js: extentions.y2layers.installId - 420efbda-25ed-4ace-87e1-9a3cfb51791b
    FF - user.js: extentions.y2layers.defaultEnableAppsList - DropDownDeals,BestVideoDownloader,EzLooker,TwitTube,TopRelatedTopics,Buzzdock,
    FF - user.js: security.csp.enable - false
    FF - user.js: extensions.autoDisableScopes - 14//iBryte
    .
    .
    [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\pdfcDispatcher]
    "ImagePath"="c:\program files (x86)\PDF Complete\pdfsvc.exe /startedbyscm:66B66708-40E2BE4D-pdfcService"
    .
    --------------------- LOCKED REGISTRY KEYS ---------------------
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}]
    @Denied: (A 2) (Everyone)
    @="FlashBroker"
    "LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_2_202_235_ActiveX.exe,-101"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\Elevation]
    "Enabled"=dword:00000001
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\LocalServer32]
    @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_2_202_235_ActiveX.exe"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\TypeLib]
    @="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
    @Denied: (A 2) (Everyone)
    @="Shockwave Flash Object"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]
    @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_2_202_235.ocx"
    "ThreadingModel"="Apartment"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]
    @="0"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]
    @="ShockwaveFlash.ShockwaveFlash.11"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
    @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_2_202_235.ocx, 1"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]
    @="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]
    @="1.0"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
    @="ShockwaveFlash.ShockwaveFlash"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]
    @Denied: (A 2) (Everyone)
    @="Macromedia Flash Factory Object"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]
    @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_2_202_235.ocx"
    "ThreadingModel"="Apartment"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]
    @="FlashFactory.FlashFactory.1"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
    @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_2_202_235.ocx, 1"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]
    @="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]
    @="1.0"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
    @="FlashFactory.FlashFactory"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}]
    @Denied: (A 2) (Everyone)
    @="IFlashBroker4"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\ProxyStubClsid32]
    @="{00020424-0000-0000-C000-000000000046}"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\TypeLib]
    @="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
    "Version"="1.0"
    .
    [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
    @Denied: (A) (Users)
    @Denied: (A) (Everyone)
    @Allowed: (B 1 2 3 4 5) (S-1-5-20)
    "BlindDial"=dword:00000000
    .
    [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0001\AllUserSettings]
    @Denied: (A) (Users)
    @Denied: (A) (Everyone)
    @Allowed: (B 1 2 3 4 5) (S-1-5-20)
    "BlindDial"=dword:00000000
    .
    [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0002\AllUserSettings]
    @Denied: (A) (Users)
    @Denied: (A) (Everyone)
    @Allowed: (B 1 2 3 4 5) (S-1-5-20)
    "BlindDial"=dword:00000000
    .
    [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]
    @Denied: (Full) (Everyone)
    .
    ------------------------ Other Running Processes ------------------------
    .
    c:\program files (x86)\Belkin\Router Setup and Monitor\BelkinService.exe
    c:\program files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
    c:\windows\SysWOW64\ezSharedSvcHost.exe
    c:\program files (x86)\FileZilla Server\FileZilla Server.exe
    c:\program files (x86)\PC Tools\PC Tools Security\pctsSvc.exe
    c:\program files (x86)\Microsoft\BingBar\SeaPort.EXE
    c:\program files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
    c:\windows\SysWOW64\ezScrSvr.scr
    c:\program files (x86)\Internet Explorer\IELowutil.exe
    .
    **************************************************************************
    .
    Completion time: 2012-06-21 18:33:21 - machine was rebooted
    ComboFix-quarantined-files.txt 2012-06-21 17:33
    ComboFix2.txt 2012-06-21 11:29
    .
    Pre-Run: 703,942,717,440 bytes free
    Post-Run: 703,847,362,560 bytes free
    .
    - - End Of File - - EC9EBB508C713078B7D6A6BF0D899979
     
  8. dvk01

    dvk01 Derek Moderator Malware Specialist

    Joined:
    Dec 14, 2002
    Messages:
    47,894
    there is no signs of any of the usual goonsearch entries anywhere
    is this only in chrome or in all browsers
    Download OTS.exe to your Desktop
    • Close any open browsers.
    • Double-click on OTS.exe to start the program.
    • If your Real protection or Antivirus intervenes with OTS, allow it to run.
    • In the Processes group click ALL
    • In the modules group click ALL
    • In the Services group click Safe List
    • In the Drivers group click Safe List
    • In the Registry group click ALL
    • In the Files Age drop down box click 90 days
    • Make sure use company name white list and skip Microsoft files boxes are checked
    • In the Files created and Files modified groups select whitelist/file age
      in the Additional scans sections please select Everything and make sure safe list box is checked
    • Now on the toolbar at the top select "Scan all users" then click the Run Scan button
    • The program will be scanning huge amounts of data so depending on your system it could take a long time to complete. Let it run unhindered until it finishes.
    • When the scan is complete Notepad will open with the report file loaded in it.
    • Save that notepad file
    Use the Reply button and attach the notepad file here. I will review it when it comes in.

    It will be much too big so you will need to zip the file before it will be able to be uploaded
     
  9. Sandy379

    Sandy379 Thread Starter

    Joined:
    Jun 21, 2012
    Messages:
    15
    Checked other browsers - no sign on firefox or IE. Only Chrome.

    Apologies for not following original instructions to the letter. Now run above Combofix (named differently) from desktop
    with CFS script. But no change. Will now run OTS - report to follow.


    ComboFix 12-06-21.02 - DJS 21/06/2012 18:58:35.3.4 - x64
    Microsoft Windows 7 Home Premium 6.1.7601.1.1252.44.1033.18.4001.2306 [GMT 1:00]
    Running from: c:\users\DJS\Desktop\Sandy123.exe
    Command switches used :: c:\users\DJS\Desktop\CFScript (3).txt
    AV: PC Tools Spyware Doctor with AntiVirus *Disabled/Updated* {2F668A56-D5E0-2DF1-A0AE-CB1284F42AB2}
    SP: PC Tools Spyware Doctor with AntiVirus *Disabled/Updated* {94076BB2-F3DA-227F-9A1E-F060FF73600F}
    SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
    .
    .
    ((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
    .
    .
    C:\sandy123.exe
    c:\sandy123.exe\NircmdB.exe
    c:\users\DJS\AppData\Local\Temp\1.tmp\F_IN_BOX.dll
    .
    .
    ((((((((((((((((((((((((( Files Created from 2012-05-21 to 2012-06-21 )))))))))))))))))))))))))))))))
    .
    .
    2012-06-21 18:02 . 2012-06-21 18:02 -------- d-----w- c:\users\Default\AppData\Local\temp
    2012-06-21 17:28 . 2012-06-21 17:28 -------- d-----w- C:\found.000
    2012-06-21 10:58 . 2011-07-08 06:55 41272 ----a-w- c:\windows\SysWow64\drivers\mbamswissarmy.sys
    2012-06-21 06:39 . 2012-06-02 22:19 57880 ----a-w- c:\windows\system32\wuauclt.exe
    2012-06-21 06:39 . 2012-06-02 22:19 44056 ----a-w- c:\windows\system32\wups2.dll
    2012-06-21 06:39 . 2012-06-02 22:19 2428952 ----a-w- c:\windows\system32\wuaueng.dll
    2012-06-21 06:39 . 2012-06-02 22:15 2622464 ----a-w- c:\windows\system32\wucltux.dll
    2012-06-21 06:39 . 2012-06-02 14:19 186752 ----a-w- c:\windows\system32\wuwebv.dll
    2012-06-21 06:39 . 2012-06-02 14:15 36864 ----a-w- c:\windows\system32\wuapp.exe
    2012-06-20 17:34 . 2012-05-11 09:07 706776 --s---w- c:\windows\system32\drivers\TfSysMon.sys
    2012-06-20 17:34 . 2012-05-11 09:07 65664 --s---w- c:\windows\system32\drivers\TfFsMon.sys
    2012-06-20 17:34 . 2012-05-11 09:07 41968 --s---w- c:\windows\system32\drivers\TfNetMon.sys
    2012-06-20 17:33 . 2012-05-11 10:09 145432 ----a-w- c:\windows\system32\drivers\pctwfpfilter64.sys
    2012-06-20 17:33 . 2012-05-11 10:08 341168 ----a-w- c:\windows\system32\drivers\pctgntdi64.sys
    2012-06-20 17:33 . 2012-05-11 10:13 14776 ----a-w- c:\windows\system32\drivers\pctBTFix64.sys
    2012-06-20 17:33 . 2012-05-11 10:14 92896 ----a-w- c:\windows\system32\drivers\pctplsg64.sys
    2012-06-20 17:32 . 2012-02-28 10:43 1096176 ----a-w- c:\windows\system32\drivers\pctEFA64.sys
    2012-06-20 17:32 . 2012-02-28 10:43 453896 ----a-w- c:\windows\system32\drivers\pctDS64.sys
    2012-06-20 17:32 . 2012-05-11 10:14 251528 ----a-w- c:\windows\system32\drivers\PCTSD64.sys
    2012-06-20 17:32 . 2012-04-23 11:36 426616 ----a-w- c:\windows\system32\drivers\PCTCore64.sys
    2012-06-20 15:00 . 2012-06-21 10:58 -------- d-----w- c:\program files (x86)\Malwarebytes' Anti-Malware
    2012-06-20 15:00 . 2012-04-04 14:56 24904 ----a-w- c:\windows\system32\drivers\mbam.sys
    2012-06-20 12:08 . 2012-06-20 12:10 -------- d-----w- c:\users\DJS\AppData\Roaming\vlc
    2012-06-20 12:07 . 2012-06-20 12:07 -------- d-----w- c:\program files (x86)\VideoLAN
    2012-06-15 11:43 . 2012-06-15 11:43 53248 ----a-r- c:\users\DJS\AppData\Roaming\Microsoft\Installer\{9064317A-39C7-40D5-8CF5-04A254747B88}\ARPPRODUCTICON.exe
    2012-06-14 02:01 . 2012-04-26 05:41 77312 ----a-w- c:\windows\system32\rdpwsx.dll
    2012-06-14 02:01 . 2012-04-26 05:41 149504 ----a-w- c:\windows\system32\rdpcorekmts.dll
    2012-06-14 02:01 . 2012-04-26 05:34 9216 ----a-w- c:\windows\system32\rdrmemptylst.exe
    2012-06-14 02:01 . 2012-05-01 05:40 209920 ----a-w- c:\windows\system32\profsvc.dll
    2012-06-14 02:01 . 2012-05-04 11:06 5559664 ----a-w- c:\windows\system32\ntoskrnl.exe
    2012-06-14 02:01 . 2012-05-04 10:03 3968368 ----a-w- c:\windows\SysWow64\ntkrnlpa.exe
    2012-06-14 02:01 . 2012-05-04 10:03 3913072 ----a-w- c:\windows\SysWow64\ntoskrnl.exe
    2012-06-13 04:37 . 2012-04-28 03:55 210944 ----a-w- c:\windows\system32\drivers\rdpwd.sys
    2012-06-13 04:37 . 2012-04-07 12:31 3216384 ----a-w- c:\windows\system32\msi.dll
    2012-06-13 04:37 . 2012-04-07 11:26 2342400 ----a-w- c:\windows\SysWow64\msi.dll
    2012-06-13 04:37 . 2012-04-24 05:37 1462272 ----a-w- c:\windows\system32\crypt32.dll
    2012-06-13 04:36 . 2012-04-24 05:37 184320 ----a-w- c:\windows\system32\cryptsvc.dll
    2012-06-13 04:36 . 2012-04-24 05:37 140288 ----a-w- c:\windows\system32\cryptnet.dll
    2012-06-13 04:36 . 2012-04-24 04:36 140288 ----a-w- c:\windows\SysWow64\cryptsvc.dll
    2012-06-13 04:36 . 2012-04-24 04:36 1158656 ----a-w- c:\windows\SysWow64\crypt32.dll
    2012-06-13 04:36 . 2012-04-24 04:36 103936 ----a-w- c:\windows\SysWow64\cryptnet.dll
    2012-06-11 19:25 . 2012-06-11 19:25 -------- d-----w- c:\users\DJS\AppData\Local\MetaGeek,_LLC
    2012-06-11 19:24 . 2012-06-11 19:24 -------- d-----w- c:\program files (x86)\MetaGeek
    2012-06-11 15:59 . 2012-06-11 15:59 -------- d-----w- c:\program files\CCleaner
    .
    .
    .
    (((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
    .
    2012-05-08 17:21 . 2012-01-06 15:50 85192 ----a-w- c:\windows\system32\drivers\PCTBD64.sys
    2012-05-08 17:21 . 2012-01-06 15:50 149432 ----a-w- c:\windows\SGDetectionTool.dll0653.old
    2012-05-08 17:21 . 2012-01-06 15:50 149432 ----a-w- c:\windows\SGDetectionTool.dll
    2012-05-08 17:21 . 2012-01-06 15:50 2267064 ----a-w- c:\windows\PCTBDCore.dll0653.old
    2012-05-08 17:21 . 2012-01-06 15:50 2267064 ----a-w- c:\windows\PCTBDCore.dll
    2012-05-08 17:21 . 2012-01-06 15:50 1681336 ----a-w- c:\windows\PCTBDRes.dll
    2012-05-08 17:21 . 2012-01-06 15:50 767928 ----a-w- c:\windows\BDTSupport.dll0653.old
    2012-05-08 17:21 . 2012-01-06 15:50 767928 ----a-w- c:\windows\BDTSupport.dll
    2012-05-08 16:47 . 2012-01-06 15:50 3488 ----a-w- c:\windows\UDB.zip
    2012-05-08 16:47 . 2012-01-06 15:50 131 ----a-w- c:\windows\IDB.zip
    2012-05-05 12:35 . 2012-04-13 08:21 419488 ----a-w- c:\windows\SysWow64\FlashPlayerApp.exe
    2012-05-05 12:35 . 2011-12-20 16:55 70304 ----a-w- c:\windows\SysWow64\FlashPlayerCPLApp.cpl
    2012-05-05 12:35 . 2012-04-13 08:35 8744608 ----a-w- c:\windows\SysWow64\FlashPlayerInstaller.exe
    2012-04-22 11:07 . 2012-04-22 11:07 2301208 ----a-w- c:\programdata\Microsoft\eHome\Packages\MCEClientUX\UpdateableMarkup\markup.dll
    2012-04-22 11:07 . 2012-04-22 11:07 42776 ----a-w- c:\programdata\Microsoft\eHome\Packages\MCEClientUX\dSM\StartResources.dll
    2012-04-22 11:06 . 2012-04-22 11:06 710992 ----a-w- c:\programdata\Microsoft\eHome\Packages\MCESpotlight\MCESpotlight\SpotlightResources.dll
    2012-03-30 11:35 . 2012-05-09 06:41 1918320 ----a-w- c:\windows\system32\drivers\tcpip.sys
    .
    .
    ((((((((((((((((((((((((((((( SnapShot@2012-06-21_11.25.40 )))))))))))))))))))))))))))))))))))))))))
    .
    + 2009-07-14 04:54 . 2012-06-21 18:03 16384 c:\windows\SysWOW64\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
    - 2009-07-14 04:54 . 2012-06-21 11:25 16384 c:\windows\SysWOW64\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
    - 2009-07-14 04:54 . 2012-06-21 08:55 65536 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
    + 2009-07-14 04:54 . 2012-06-21 18:03 65536 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
    + 2010-11-21 03:09 . 2012-06-21 11:36 33280 c:\windows\system32\wdi\ShutdownPerformanceDiagnostics_SystemData.bin
    + 2009-07-14 05:10 . 2012-06-21 17:37 34088 c:\windows\system32\wdi\BootPerformanceDiagnostics_SystemData.bin
    + 2012-03-02 13:59 . 2012-06-21 11:33 3032 c:\windows\system32\wdi\ERCQueuedResolutions.dat
    + 2012-01-06 14:48 . 2012-06-21 17:37 8796 c:\windows\system32\wdi\{86432a0b-3c7d-4ddf-a89c-172faa90485d}\S-1-5-21-1482461076-1701952276-2842015750-1000_UserData.bin
    - 2012-06-21 11:25 . 2012-06-21 11:25 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive1.dat
    + 2012-06-21 18:03 . 2012-06-21 18:03 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive1.dat
    - 2012-06-21 11:25 . 2012-06-21 11:25 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive0.dat
    + 2012-06-21 18:03 . 2012-06-21 18:03 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive0.dat
    + 2009-07-14 04:54 . 2012-06-21 18:03 999424 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
    - 2009-07-14 04:54 . 2012-06-21 08:55 999424 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
    - 2009-07-14 05:01 . 2012-06-21 11:22 440268 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-System.dat
    + 2009-07-14 05:01 . 2012-06-21 18:02 440268 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-System.dat
    + 2012-01-06 16:37 . 2012-06-21 18:02 11954404 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-S-1-5-21-1482461076-1701952276-2842015750-1000-8192.dat
    - 2012-01-06 16:37 . 2012-06-21 11:22 11954404 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-S-1-5-21-1482461076-1701952276-2842015750-1000-8192.dat
    .
    ((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
    .
    .
    *Note* empty entries & legit default entries are not shown
    REGEDIT4
    .
    [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "Sidebar"="c:\program files\Windows Sidebar\sidebar.exe" [2010-11-21 1475584]
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
    "HP Software Update"="c:\program files (x86)\HP\HP Software Update\HPWuSchd2.exe" [2008-12-08 54576]
    "Easybits Recovery"="c:\program files (x86)\EasyBits For Kids\ezRecover.exe" [2011-05-17 61112]
    "PDF Complete"="c:\program files (x86)\PDF Complete\pdfsty.exe" [2011-05-06 658424]
    "SunJavaUpdateSched"="c:\program files (x86)\Common Files\Java\Java Update\jusched.exe" [2010-05-14 248552]
    "APSDaemon"="c:\program files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe" [2011-11-01 59240]
    "iTunesHelper"="c:\program files (x86)\iTunes\iTunesHelper.exe" [2011-12-08 421736]
    "RIMBBLaunchAgent.exe"="c:\program files (x86)\Common Files\Research In Motion\USB Drivers\RIMBBLaunchAgent.exe" [2011-11-02 90448]
    "Adobe ARM"="c:\program files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2012-01-03 843712]
    "FileZilla Server Interface"="c:\program files (x86)\FileZilla Server\FileZilla Server Interface.exe" [2011-10-23 1044992]
    "Logan_S2P"="c:\program files (x86)\Samsung\Samsung SCX-4500 Series\SPanel\PSU\Scan2pc.exe" [2007-06-10 253952]
    "Samsung PanelMgr"="c:\windows\Samsung\PanelMgr\SSMMgr.exe" [2007-07-05 520192]
    "InstaLAN"="c:\program files (x86)\Belkin\Router Setup and Monitor\BelkinRouterMonitor.exe" [2011-05-27 2015136]
    "ISTray"="c:\program files (x86)\PC Tools\PC Tools Security\pctsGui.exe" [2012-05-11 2670520]
    .
    c:\users\DJS\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
    OpenOffice.org 3.3.lnk - c:\program files (x86)\OpenOffice.org 3\program\quickstart.exe [2010-12-13 1198592]
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
    "ConsentPromptBehaviorAdmin"= 5 (0x5)
    "ConsentPromptBehaviorUser"= 3 (0x3)
    "EnableUIADesktopToggle"= 0 (0x0)
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\explorer]
    "EnableShellExecuteHooks"= 1 (0x1)
    .
    [hkey_local_machine\software\Wow6432Node\microsoft\windows\currentversion\explorer\ShellExecuteHooks]
    .
    [HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\drivers32]
    "aux"=wdmaud.drv
    .
    [HKEY_LOCAL_MACHINE\system\currentcontrolset\control\session manager]
    BootExecute REG_MULTI_SZ autocheck autochk *\0\0sdnclean64.exe\0lsdelete
    .
    [HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
    Security Packages REG_MULTI_SZ kerberos msv1_0 schannel wdigest tspkg pku2u livessp
    .
    R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-03-18 138576]
    R2 gupdate;Google Update Service (gupdate);c:\program files (x86)\Google\Update\GoogleUpdate.exe [2012-03-25 116648]
    R2 HP Support Assistant Service;HP Support Assistant Service;c:\program files (x86)\Hewlett-Packard\HP Support Framework\hpsa_service.exe [2011-06-09 85560]
    R2 SkypeUpdate;Skype Updater;c:\program files (x86)\Skype\Updater\Updater.exe [2012-02-29 158856]
    R3 AdobeFlashPlayerUpdateSvc;Adobe Flash Player Update Service;c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-05-05 257696]
    R3 BBSvc;Bing Bar Update Service;c:\program files (x86)\Microsoft\BingBar\BBSvc.EXE [2011-03-02 183560]
    R3 dg_ssudbus;SAMSUNG Mobile USB Composite Device Driver (DEVGURU Ver.);c:\windows\system32\DRIVERS\ssudbus.sys [x]
    R3 GamesAppService;GamesAppService;c:\program files (x86)\WildTangent Games\App\GamesAppService.exe [2010-10-12 206072]
    R3 gupdatem;Google Update Service (gupdatem);c:\program files (x86)\Google\Update\GoogleUpdate.exe [2012-03-25 116648]
    R3 Impcd;Impcd;c:\windows\system32\drivers\Impcd.sys [x]
    R3 Lavasoft Kernexplorer;Lavasoft helper driver;c:\program files (x86)\Lavasoft\Ad-Aware\KernExplorer64.sys [x]
    R3 pmxdrv;pmxdrv;c:\windows\system32\drivers\pmxdrv.sys [x]
    R3 Samsung UPD Service;Samsung UPD Service;c:\windows\System32\SUPDSvc.exe [x]
    R3 ssudmdm;SAMSUNG Mobile USB Modem Drivers (DEVGURU Ver.);c:\windows\system32\DRIVERS\ssudmdm.sys [x]
    R3 TfNetMon;TfNetMon;c:\windows\system32\drivers\TfNetMon.sys [x]
    R3 ThreatFire;ThreatFire;c:\program files (x86)\PC Tools\PC Tools Security\TFEngine\TFService.exe service [x]
    R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [x]
    R3 TsUsbGD;Remote Desktop Generic USB Device;c:\windows\system32\drivers\TsUsbGD.sys [x]
    R3 USBAAPL64;Apple Mobile USB Driver;c:\windows\system32\Drivers\usbaapl64.sys [x]
    R3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\Wat\WatAdminSvc.exe [x]
    R3 WDC_SAM;WD SCSI Pass Thru driver;c:\windows\system32\DRIVERS\wdcsam64.sys [x]
    R4 wlcrasvc;Windows Live Mesh remote connections service;c:\program files\Windows Live\Mesh\wlcrasvc.exe [2010-09-23 57184]
    S0 Lbd;Lbd;c:\windows\system32\DRIVERS\Lbd.sys [x]
    S0 PCTCore;PCTools KDS;c:\windows\system32\drivers\PCTCore64.sys [x]
    S0 pctDS;PC Tools Data Store;c:\windows\system32\drivers\pctDS64.sys [x]
    S0 pctEFA;PC Tools Extended File Attributes;c:\windows\system32\drivers\pctEFA64.sys [x]
    S0 PxHlpa64;PxHlpa64;c:\windows\System32\Drivers\PxHlpa64.sys [x]
    S0 TfFsMon;TfFsMon;c:\windows\system32\drivers\TfFsMon.sys [x]
    S0 TFSysMon;TFSysMon;c:\windows\system32\drivers\TfSysMon.sys [x]
    S1 pctgntdi;pctgntdi;c:\windows\System32\drivers\pctgntdi64.sys [x]
    S1 PCTSD;PC Tools Spyware Doctor Driver;c:\windows\system32\Drivers\PCTSD64.sys [x]
    S2 AdobeActiveFileMonitor10.0;Adobe Active File Monitor V10;c:\program files (x86)\Adobe\Elements 10 Organizer\PhotoshopElementsFileAgent.exe [2011-09-01 169624]
    S2 AdobeARMservice;Adobe Acrobat Update Service;c:\program files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe [2012-01-03 63928]
    S2 Belkin Local Backup Service;Belkin Local Backup Service;c:\program files\Belkin\Belkin USB Print and Storage Center\BkBackupScheduler.exe [2011-04-19 181760]
    S2 Belkin Network USB Helper;Belkin Network USB Helper;c:\program files\Belkin\Belkin USB Print and Storage Center\Bkapcs.exe [2010-02-09 55296]
    S2 Browser Defender Update Service;Browser Defender Update Service;c:\program files (x86)\PC Tools\PC Tools Security\BDT\BDTUpdateService.exe [2012-05-08 575416]
    S2 HPClientSvc;HP Client Services;c:\program files\Hewlett-Packard\HP Client Services\HPClientServices.exe [2010-10-11 346168]
    S2 HPDrvMntSvc.exe;HP Quick Synchronization Service;c:\program files (x86)\Hewlett-Packard\Shared\HPDrvMntSvc.exe [2011-03-29 94264]
    S2 jhi_service;Intel(R) Identity Protection Technology Host Interface Service;c:\program files (x86)\Intel\Services\IPT\jhi_service.exe [2011-02-24 212944]
    S2 pdfcDispatcher;PDF Document Manager;c:\program files (x86)\PDF Complete\pdfsvc.exe [2011-05-06 1128952]
    S2 sdAuxService;PC Tools Auxiliary Service;c:\program files (x86)\PC Tools\PC Tools Security\pctsAuxs.exe [2012-05-11 402336]
    S2 SSPORT;SSPORT;c:\windows\system32\Drivers\SSPORT.sys [x]
    S2 sxuptp;SXUPTP Driver;c:\windows\system32\DRIVERS\sxuptp.sys [x]
    S2 UNS;Intel(R) Management and Security Application User Notification Service;c:\program files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe [2011-02-01 2656280]
    S3 MEIx64;Intel(R) Management Engine Interface;c:\windows\system32\drivers\HECIx64.sys [x]
    S3 PCTBD;PC Tools Browser Defender Driver;c:\windows\system32\Drivers\PCTBD64.sys [x]
    S3 pctplsg;pctplsg;c:\windows\System32\drivers\pctplsg64.sys [x]
    S3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\DRIVERS\Rt64win7.sys [x]
    .
    .
    --- Other Services/Drivers In Memory ---
    .
    *Deregistered* - PCTSDInjDriver64
    .
    Contents of the 'Scheduled Tasks' folder
    .
    2012-06-21 c:\windows\Tasks\Adobe Flash Player Updater.job
    - c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-04-13 12:35]
    .
    2012-06-21 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
    - c:\program files (x86)\Google\Update\GoogleUpdate.exe [2012-03-25 10:44]
    .
    2012-06-21 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
    - c:\program files (x86)\Google\Update\GoogleUpdate.exe [2012-03-25 10:44]
    .
    2012-06-21 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1482461076-1701952276-2842015750-1000Core.job
    - c:\users\DJS\AppData\Local\Google\Update\GoogleUpdate.exe [2012-01-06 15:07]
    .
    2012-06-21 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1482461076-1701952276-2842015750-1000UA.job
    - c:\users\DJS\AppData\Local\Google\Update\GoogleUpdate.exe [2012-01-06 15:07]
    .
    2012-06-19 c:\windows\Tasks\HPCeeScheduleForDJS.job
    - c:\program files (x86)\Hewlett-Packard\HP Ceement\HPCEE.exe [2010-09-14 06:15]
    .
    .
    --------- X64 Entries -----------
    .
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "IgfxTray"="c:\windows\system32\igfxtray.exe" [2011-04-25 168216]
    "HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2011-04-25 391960]
    "Persistence"="c:\windows\system32\igfxpers.exe" [2011-04-25 418584]
    "hpsysdrv"="c:\program files (x86)\hewlett-packard\HP odometer\hpsysdrv.exe" [2008-11-20 62768]
    "AdobeAAMUpdater-1.0"="c:\program files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe" [2011-06-16 499608]
    .
    ------- Supplementary Scan -------
    .
    uStart Page = https://www.google.co.uk/
    uLocal Page = c:\windows\system32\blank.htm
    mLocal Page = c:\windows\SysWOW64\blank.htm
    uInternet Settings,ProxyOverride = *.local
    IE: Add to Google Photos Screensa&ver - c:\windows\system32\GPhotos.scr/200
    IE: E&xport to Microsoft Excel - c:\progra~2\MICROS~1\Office12\EXCEL.EXE/3000
    LSP: c:\program files (x86)\Common Files\PC Tools\Lsp\PCTLsp.dll
    TCP: DhcpNameServer = 192.168.1.254
    FF - ProfilePath - c:\users\DJS\AppData\Roaming\Mozilla\Firefox\Profiles\r62uapco.default\
    FF - prefs.js: browser.startup.homepage - hxxps://login.yahoo.com/config/login_verify2?.intl=uk&.partner=bt-1&.done=http%3a//bt.yahoo.com/%3f
    FF - user.js: extentions.y2layers.installId - 420efbda-25ed-4ace-87e1-9a3cfb51791b
    FF - user.js: extentions.y2layers.defaultEnableAppsList - DropDownDeals,BestVideoDownloader,EzLooker,TwitTube,TopRelatedTopics,Buzzdock,
    FF - user.js: security.csp.enable - false
    FF - user.js: extensions.autoDisableScopes - 14//iBryte
    .
    .
    [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\pdfcDispatcher]
    "ImagePath"="c:\program files (x86)\PDF Complete\pdfsvc.exe /startedbyscm:66B66708-40E2BE4D-pdfcService"
    .
    --------------------- LOCKED REGISTRY KEYS ---------------------
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}]
    @Denied: (A 2) (Everyone)
    @="FlashBroker"
    "LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_2_202_235_ActiveX.exe,-101"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\Elevation]
    "Enabled"=dword:00000001
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\LocalServer32]
    @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_2_202_235_ActiveX.exe"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\TypeLib]
    @="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
    @Denied: (A 2) (Everyone)
    @="Shockwave Flash Object"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]
    @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_2_202_235.ocx"
    "ThreadingModel"="Apartment"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]
    @="0"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]
    @="ShockwaveFlash.ShockwaveFlash.11"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
    @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_2_202_235.ocx, 1"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]
    @="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]
    @="1.0"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
    @="ShockwaveFlash.ShockwaveFlash"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]
    @Denied: (A 2) (Everyone)
    @="Macromedia Flash Factory Object"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]
    @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_2_202_235.ocx"
    "ThreadingModel"="Apartment"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]
    @="FlashFactory.FlashFactory.1"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
    @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_2_202_235.ocx, 1"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]
    @="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]
    @="1.0"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
    @="FlashFactory.FlashFactory"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}]
    @Denied: (A 2) (Everyone)
    @="IFlashBroker4"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\ProxyStubClsid32]
    @="{00020424-0000-0000-C000-000000000046}"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\TypeLib]
    @="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
    "Version"="1.0"
    .
    [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
    @Denied: (A) (Users)
    @Denied: (A) (Everyone)
    @Allowed: (B 1 2 3 4 5) (S-1-5-20)
    "BlindDial"=dword:00000000
    .
    [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0001\AllUserSettings]
    @Denied: (A) (Users)
    @Denied: (A) (Everyone)
    @Allowed: (B 1 2 3 4 5) (S-1-5-20)
    "BlindDial"=dword:00000000
    .
    [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0002\AllUserSettings]
    @Denied: (A) (Users)
    @Denied: (A) (Everyone)
    @Allowed: (B 1 2 3 4 5) (S-1-5-20)
    "BlindDial"=dword:00000000
    .
    [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]
    @Denied: (Full) (Everyone)
    .
    ------------------------ Other Running Processes ------------------------
    .
    c:\program files (x86)\Belkin\Router Setup and Monitor\BelkinService.exe
    c:\program files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
    c:\windows\SysWOW64\ezSharedSvcHost.exe
    c:\program files (x86)\FileZilla Server\FileZilla Server.exe
    c:\program files (x86)\PC Tools\PC Tools Security\pctsSvc.exe
    c:\program files (x86)\Microsoft\BingBar\SeaPort.EXE
    c:\program files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
    c:\windows\SysWOW64\ezScrSvr.scr
    .
    **************************************************************************
    .
    Completion time: 2012-06-21 19:07:29 - machine was rebooted
    ComboFix-quarantined-files.txt 2012-06-21 18:07
    ComboFix2.txt 2012-06-21 17:33
    ComboFix3.txt 2012-06-21 11:29
    .
    Pre-Run: 703,700,324,352 bytes free
    Post-Run: 703,607,193,600 bytes free
    .
    - - End Of File - - 87A359C88406BB9680847B2282BEF917
     
  10. Sandy379

    Sandy379 Thread Starter

    Joined:
    Jun 21, 2012
    Messages:
    15
    OTS report attached.
     

    Attached Files:

    • OTS.zip
      File size:
      55.1 KB
      Views:
      1
  11. dvk01

    dvk01 Derek Moderator Malware Specialist

    Joined:
    Dec 14, 2002
    Messages:
    47,894
    Start OTS. Copy/Paste the information in the Code box below into the pane where it says "Paste fix here" and then click the Run Fix button.


    Code:
    [Unregister Dlls]
    [Registry - All]
    < Internet Explorer Settings [HKEY_LOCAL_MACHINE\] > -> 
    YN -> HKEY_LOCAL_MACHINE\: Main\\"bProtector Start Page" -> http://www.goonsearch.com/?source=IBR-IB-PDP-INS-HP
    < FireFox Extensions [User Folders] > -> 
    YY -> ~EmptyValue -> C:\Users\DJS\AppData\Roaming\Mozilla\Firefox\Profiles\r62uapco.default\extensions\[email protected]
    < FireFox Extensions [Program Folders] > -> 
    YY -> Yontoo -> C:\USERS\DJS\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\R62UAPCO.DEFAULT\EXTENSIONS\[email protected]
    [Registry - Additional Scans - Safe List]
    < 64bit-Uninstall List [HKEY_LOCAL_MACHINE\] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\
    YN -> {889DF117-14D1-44EE-9F31-C5FB5D47F68B} -> Yontoo 1.10.02
    < Uninstall List [HKEY_LOCAL_MACHINE\] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\
    YN -> file2linkib -> File2LinkIB
    [Files/Folders - Created Within 90 Days]
    NY ->  IBUpdaterService -> C:\ProgramData\IBUpdaterService
    [File - Lop Check]
    NY ->  OpenCandy -> C:\Users\DJS\AppData\Roaming\OpenCandy

    The fix should only take a very short time. When the fix is completed a message box will popup telling you that it is finished. CLick the Ok button and Notepad will open with a log of actions taken during the fix. Post that information back here .

    I will review the information when it comes back in.

    Also let me know of any problems you encountered performing the steps above or any continuing problems you are still having with the computer.
     
  12. Sandy379

    Sandy379 Thread Starter

    Joined:
    Jun 21, 2012
    Messages:
    15
    No problems with process but goonsearch still there when chrome is launched.

    GoogleUpdateTaskUserS-1-5-21-1482461076-1701952276-2842015750-1000UA.job -> C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-1482461076-1701952276-2842015750-1000UA.job -> [2012/06/21 21:44:27 | 000,000,900 | ---- | M] ()
    Adobe Flash Player Updater.job -> C:\Windows\tasks\Adobe Flash Player Updater.job -> [2012/06/21 21:44:27 | 000,000,830 | ---- | M] ()
    OTS.zip -> C:\Users\DJS\Desktop\OTS.zip -> [2012/06/21 20:51:02 | 000,056,372 | ---- | M] ()
    GoogleUpdateTaskMachineUA.job -> C:\Windows\tasks\GoogleUpdateTaskMachineUA.job -> [2012/06/21 20:49:04 | 000,000,892 | ---- | M] ()
    7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0 -> C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0 -> [2012/06/21 19:18:10 | 000,024,608 | -H-- | M] ()
    7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0 -> C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0 -> [2012/06/21 19:18:10 | 000,024,608 | -H-- | M] ()
    GoogleUpdateTaskMachineCore.job -> C:\Windows\tasks\GoogleUpdateTaskMachineCore.job -> [2012/06/21 19:10:51 | 000,000,888 | ---- | M] ()
    hiberfil.sys -> C:\hiberfil.sys -> [2012/06/21 19:10:47 | 3146,366,976 | -HS- | M] ()
    hosts -> C:\Windows\SysNative\drivers\etc\hosts -> [2012/06/21 19:04:12 | 000,000,027 | ---- | M] ()
    Sandy123.exe -> C:\Users\DJS\Desktop\Sandy123.exe -> [2012/06/21 18:48:24 | 004,564,664 | R--- | M] (Swearware)
    GoogleUpdateTaskUserS-1-5-21-1482461076-1701952276-2842015750-1000Core.job -> C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-1482461076-1701952276-2842015750-1000Core.job -> [2012/06/21 18:30:00 | 000,000,848 | ---- | M] ()
    Cat.DB -> C:\Windows\SysNative\drivers\Cat.DB -> [2012/06/21 18:26:06 | 001,636,353 | ---- | M] ()
    Malwarebytes Anti-Malware.lnk -> C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk -> [2012/06/21 11:58:46 | 000,001,115 | ---- | M] ()
    perfh009.dat -> C:\Windows\SysNative\perfh009.dat -> [2012/06/21 09:58:22 | 000,664,320 | ---- | M] ()
    perfc009.dat -> C:\Windows\SysNative\perfc009.dat -> [2012/06/21 09:58:22 | 000,125,056 | ---- | M] ()
    PerfStringBackup.INI -> C:\Windows\SysNative\PerfStringBackup.INI -> [2012/06/21 09:58:21 | 000,778,834 | ---- | M] ()
    defogger_reenable -> C:\Users\DJS\defogger_reenable -> [2012/06/20 20:06:28 | 000,000,000 | ---- | M] ()
    PC Tools Spyware Doctor with AntiVirus.lnk -> C:\Users\Public\Desktop\PC Tools Spyware Doctor with AntiVirus.lnk -> [2012/06/20 18:33:30 | 000,002,277 | ---- | M] ()
    Capture.JPG -> C:\Users\DJS\Desktop\Capture.JPG -> [2012/06/20 18:03:42 | 000,069,995 | ---- | M] ()
    lettertemplate-May 2011.dotx -> C:\Users\DJS\Desktop\lettertemplate-May 2011.dotx -> [2012/06/20 14:45:07 | 000,017,694 | ---- | M] ()
    VLC media player.lnk -> C:\Users\Public\Desktop\VLC media player.lnk -> [2012/06/20 13:08:10 | 000,001,072 | ---- | M] ()
    HPCeeScheduleForDJS.job -> C:\Windows\tasks\HPCeeScheduleForDJS.job -> [2012/06/19 09:12:29 | 000,000,324 | ---- | M] ()
    LoaderBackup-(2012-06-15).bbb -> C:\Users\DJS\Documents\LoaderBackup-(2012-06-15).bbb -> [2012/06/15 12:45:39 | 001,535,341 | ---- | M] ()
    FNTCACHE.DAT -> C:\Windows\SysNative\FNTCACHE.DAT -> [2012/06/15 03:18:03 | 000,443,144 | ---- | M] ()
    Google Chrome.lnk -> C:\Users\DJS\Desktop\Google Chrome.lnk -> [2012/06/12 03:36:48 | 000,002,393 | ---- | M] ()
    inSSIDer.lnk -> C:\Users\Public\Desktop\inSSIDer.lnk -> [2012/06/11 20:24:29 | 000,002,597 | ---- | M] ()
    CCleaner.lnk -> C:\Users\Public\Desktop\CCleaner.lnk -> [2012/06/11 16:59:41 | 000,000,824 | ---- | M] ()
    Picasa 3.lnk -> C:\Users\Public\Desktop\Picasa 3.lnk -> [2012/06/11 13:15:55 | 000,001,112 | ---- | M] ()
    wuauclt.exe -> C:\Windows\SysNative\wuauclt.exe -> [2012/06/02 23:19:42 | 000,057,880 | ---- | M] (Microsoft Corporation)
    wups2.dll -> C:\Windows\SysNative\wups2.dll -> [2012/06/02 23:19:42 | 000,044,056 | ---- | M] (Microsoft Corporation)
    wucltux.dll -> C:\Windows\SysNative\wucltux.dll -> [2012/06/02 23:15:31 | 002,622,464 | ---- | M] (Microsoft Corporation)
    wuwebv.dll -> C:\Windows\SysNative\wuwebv.dll -> [2012/06/02 15:19:42 | 000,186,752 | ---- | M] (Microsoft Corporation)
    wuapp.exe -> C:\Windows\SysNative\wuapp.exe -> [2012/06/02 15:15:12 | 000,036,864 | ---- | M] (Microsoft Corporation)

    [Files - No Company Name]
    OTS.zip -> C:\Users\DJS\Desktop\OTS.zip -> [2012/06/21 20:50:34 | 000,056,372 | ---- | C] ()
    PEV.exe -> C:\Windows\PEV.exe -> [2012/06/21 12:15:50 | 000,256,000 | ---- | C] ()
    MBR.exe -> C:\Windows\MBR.exe -> [2012/06/21 12:15:50 | 000,208,896 | ---- | C] ()
    sed.exe -> C:\Windows\sed.exe -> [2012/06/21 12:15:49 | 000,098,816 | ---- | C] ()
    grep.exe -> C:\Windows\grep.exe -> [2012/06/21 12:15:49 | 000,080,412 | ---- | C] ()
    zip.exe -> C:\Windows\zip.exe -> [2012/06/21 12:15:49 | 000,068,096 | ---- | C] ()
    Malwarebytes Anti-Malware.lnk -> C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk -> [2012/06/21 11:58:46 | 000,001,115 | ---- | C] ()
    defogger_reenable -> C:\Users\DJS\defogger_reenable -> [2012/06/20 20:06:28 | 000,000,000 | ---- | C] ()
    PC Tools Spyware Doctor with AntiVirus.lnk -> C:\Users\Public\Desktop\PC Tools Spyware Doctor with AntiVirus.lnk -> [2012/06/20 18:33:30 | 000,002,277 | ---- | C] ()
    Capture.JPG -> C:\Users\DJS\Desktop\Capture.JPG -> [2012/06/20 18:03:41 | 000,069,995 | ---- | C] ()
    lettertemplate-May 2011.dotx -> C:\Users\DJS\Desktop\lettertemplate-May 2011.dotx -> [2012/06/20 14:45:06 | 000,017,694 | ---- | C] ()
    VLC media player.lnk -> C:\Users\Public\Desktop\VLC media player.lnk -> [2012/06/20 13:08:10 | 000,001,072 | ---- | C] ()
    LoaderBackup-(2012-06-15).bbb -> C:\Users\DJS\Documents\LoaderBackup-(2012-06-15).bbb -> [2012/06/15 12:45:39 | 001,535,341 | ---- | C] ()
    inSSIDer.lnk -> C:\Users\Public\Desktop\inSSIDer.lnk -> [2012/06/11 20:24:29 | 000,002,597 | ---- | C] ()
    CCleaner.lnk -> C:\Users\Public\Desktop\CCleaner.lnk -> [2012/06/11 16:59:41 | 000,000,824 | ---- | C] ()
    Picasa 3.lnk -> C:\Users\Public\Desktop\Picasa 3.lnk -> [2012/06/11 13:15:55 | 000,001,112 | ---- | C] ()
    wiainst64.exe -> C:\Windows\wiainst64.exe -> [2012/04/12 16:03:07 | 000,149,880 | ---- | C] ()
    rp_stats.dat -> C:\Windows\SysWow64\rp_stats.dat -> [2012/03/09 15:15:29 | 000,000,064 | ---- | C] ()
    rp_rules.dat -> C:\Windows\SysWow64\rp_rules.dat -> [2012/03/09 15:15:29 | 000,000,044 | ---- | C] ()
    DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini -> C:\Users\DJS\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini -> [2012/01/20 13:49:36 | 000,005,632 | ---- | C] ()
    SUPDRun.exe -> C:\Windows\SUPDRun.exe -> [2012/01/16 14:07:22 | 000,258,864 | ---- | C] ()
    SmarThruOptions.xml -> C:\Users\DJS\AppData\Roaming\SmarThruOptions.xml -> [2012/01/16 11:58:00 | 000,010,262 | ---- | C] ()
    SvcMan.exe -> C:\Windows\SysWow64\SvcMan.exe -> [2012/01/16 11:57:49 | 000,036,864 | ---- | C] ()
    SecSNMP.dll -> C:\Windows\SysWow64\SecSNMP.dll -> [2012/01/16 11:57:38 | 000,172,032 | ---- | C] ()
    Readiris.ini -> C:\Windows\Readiris.ini -> [2012/01/16 11:57:32 | 000,000,136 | ---- | C] ()
    irisco32.dll -> C:\Windows\SysWow64\irisco32.dll -> [2012/01/16 11:57:30 | 000,023,040 | ---- | C] ()
    ssndii.exe -> C:\Windows\ssndii.exe -> [2012/01/16 11:56:17 | 000,471,040 | ---- | C] ()
    WiaInst.exe -> C:\Windows\WiaInst.exe -> [2012/01/16 11:55:17 | 000,086,016 | R--- | C] ()
    protector.dll -> C:\Windows\SysWow64\protector.dll -> [2012/01/06 18:43:04 | 000,748,544 | ---- | C] ()
    BDTSupport.dll0621.old -> C:\Windows\BDTSupport.dll0621.old -> [2012/01/06 16:50:38 | 000,767,952 | ---- | C] ()
    BDTSupport.dll0653.old -> C:\Windows\BDTSupport.dll0653.old -> [2012/01/06 16:50:38 | 000,767,928 | ---- | C] ()
    BDTSupport.dll -> C:\Windows\BDTSupport.dll -> [2012/01/06 16:50:38 | 000,767,928 | ---- | C] ()
    ezsidmv.dat -> C:\Windows\SysWow64\ezsidmv.dat -> [2012/01/06 15:47:33 | 000,000,048 | -H-- | C] ()
    HP SimplePass 2011 -> C:\Program Files\HP SimplePass 2011 -> [2011/12/20 18:04:00 | 000,002,792 | ---- | C] ()
    ezdigsgn.dat -> C:\Windows\SysWow64\ezdigsgn.dat -> [2011/12/20 17:55:30 | 000,000,196 | ---- | C] ()
    igkrng600.bin -> C:\Windows\SysWow64\igkrng600.bin -> [2011/12/20 17:43:32 | 000,960,940 | ---- | C] ()
    igfcg600m.bin -> C:\Windows\SysWow64\igfcg600m.bin -> [2011/12/20 17:43:31 | 000,213,332 | ---- | C] ()
    igcompkrng600.bin -> C:\Windows\SysWow64\igcompkrng600.bin -> [2011/12/20 17:43:30 | 000,145,804 | ---- | C] ()
    hpDSTRES.DLL -> C:\Windows\hpDSTRES.DLL -> [2011/06/21 09:07:00 | 000,007,736 | ---- | C] ()
    PerfStringBackup.INI -> C:\Windows\SysWow64\PerfStringBackup.INI -> [2011/02/11 18:15:43 | 000,764,302 | ---- | C] ()

    [Alternate Data Streams]
    @Alternate Data Stream - 127 bytes -> C:\ProgramData\Temp:430C6D84
    @Alternate Data Stream - 183 bytes -> C:\ProgramData\Temp:DFC5A2B2
    < End of report >
    [/code]
     
  13. dvk01

    dvk01 Derek Moderator Malware Specialist

    Joined:
    Dec 14, 2002
    Messages:
    47,894
    I can't see what is causing it
    I am going to ask a few others & see if we can find out where chrome keeps its settings, becasue I can't find out
     
  14. Sandy379

    Sandy379 Thread Starter

    Joined:
    Jun 21, 2012
    Messages:
    15
  15. dvk01

    dvk01 Derek Moderator Malware Specialist

    Joined:
    Dec 14, 2002
    Messages:
    47,894
    we can try this tool that is under development to deal with adware etc in chrome

    No guarantees but it is worth a try

    Please download AdwCleaner to your desktop.
    • Double click the adwcleaner.exe to run the tool.
    • Click Search.
    • When the scan finished, a notepad window will be opened.
    • Please post the contents here in your topic.
    • The logfile will also be saved in C:\AdwCleaner[R1].txt.


    Note: The tool will change the Start Page to google.fr.
    We will reset that after we fix it
     
  16. Sponsor

As Seen On
As Seen On...

Welcome to Tech Support Guy!

Are you looking for the solution to your computer problem? Join our site today to ask your question. This site is completely free -- paid for by advertisers and donations.

If you're not already familiar with forums, watch our Welcome Guide to get started.

Join over 733,556 other people just like you!

Loading...
Thread Status:
Not open for further replies.

Short URL to this thread: https://techguy.org/1057954